10

I've been searching for days and trying new and older version of google-api-php-client along with various other examples out there, but I can't seem to get around this error. The code below is the service-account example retrieved from GitHub and I dropped in my credentials and file from the API Console. I've got a different file I'm actually building, but for use in this question, I figure this simpler file would be easier to discuss. I'm getting the same error with both files.

Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Unable to parse the p12 file. Is this a .p12 file? Is the password correct? OpenSSL error: ' in /google-api-php-client/src/Google/Signer/P12.php on line 52

I'm completely stumped about why it is throwing this error.

I've verified "file_get_contents" is actually getting the contents of the file and my "notasecret" password is getting pulled properly. I was hoping this recent commit might help, but unfortunately, it didn't solve this error for me.

Any idea what is going wrong here? Thank you for any suggestions!

<?php

session_start();
include_once "templates/base.php";

set_include_path("../src/" . PATH_SEPARATOR . get_include_path());
require_once 'Google/Client.php';
require_once 'Google/Service/Books.php';


$client_id = 'xxxx.apps.googleusercontent.com';
$service_account_name = 'xxxx@developer.gserviceaccount.com';
$key_file_location = 'xxxx-privatekey.p12';

echo pageHeader("Service Account Access");
if ($client_id == 'xxxx.apps.googleusercontent.com'
    || !strlen($service_account_name)
    || !strlen($key_file_location)) {
  echo missingServiceAccountDetailsWarning();
}

$client = new Google_Client();
$client->setApplicationName("Client_Library_Examples");
$service = new Google_Service_Books($client);

if (isset($_SESSION['service_token'])) {
  $client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);
$cred = new Google_Auth_AssertionCredentials(
    $service_account_name,
    array('https://www.googleapis.com/auth/books'),
    $key
);
$client->setAssertionCredentials($cred);
if($client->getAuth()->isAccessTokenExpired()) {
  $client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();


$optParams = array('filter' => 'free-ebooks');
$results = $service->volumes->listVolumes('Henry David Thoreau', $optParams);
echo "<h3>Results Of Call:</h3>";
foreach ($results as $item) {
  echo $item['volumeInfo']['title'], "<br /> \n";
}

echo pageFooter(__FILE__);
theonlynewts
  • 121
  • 1
  • 1
  • 6
  • And where is the p12 file ? Isn't this the important part ? – Lorenz Meyer Feb 27 '14 at 20:09
  • 1
    It's the p12 file Google provides when I create a Service Account Client ID. It's possible, I suppose, there is something wrong with the file, but that would seem to be a much more widespread problem if Google were generating bad p12 files. – theonlynewts Feb 27 '14 at 20:13

6 Answers6

3

I suffered this error too, in my case the problem was the .p12 file had read permission only for the owner and no access for group and others. I spent 2 days of my life for this...

Now I get the error "User does not have sufficient permissions for this profile" but at least is something new!!

lightbyte
  • 566
  • 4
  • 10
3

I just stumbled into the same problem. Converting the p12 file to .pem (as theonlynewts suggested) didn't work for me. There was no "---BEGIN RSA PRIVATE KEY---" section within the .pem file

But strange enough, while this doesn't work (original code from Google's P12.php):

if (!openssl_pkcs12_read( $p12, $certs, $password)) { ...

This DOES work:

$pkcs12 = file_get_contents( $p12 );
if (!openssl_pkcs12_read( $pkcs12, $certs, $password)) { ...

(Tested on PHP 5.5.9 on Kubuntu 14.04)

PaulS
  • 145
  • 1
  • 5
  • Worked for me on CentOS 6 and PHP 5.3 +1 – Hsnbrg Apr 08 '15 at 15:32
  • Worked! I used the store-receipt-validator. There is no need to change the P12.php file though. You can already call the API with the contents instead of the path. – Salim May 16 '16 at 18:06
1

Got it! This commit got me thinking that maybe openssl didn't like our file either. I converted my file from a p12 to a pem using these instructions. Then I edited the file to remove some text before the "-----BEGIN RSA PRIVATE KEY-----" so the code from the new commit would recognize it properly. Dropped that file in and got results like magic.

That was it! I'm still not sure what would cause the auto-generated p12 file to not cooperate, so let me know if anyone has any ideas.

theonlynewts
  • 121
  • 1
  • 1
  • 6
  • 1
    Google now offers "Generate new P12 key" from the credential page, so there's no need for conversion. – user2768 May 15 '15 at 09:11
0

I'm pretty sure you need to write the phrase 'notasecret' somewhere in this section of code:

$key = file_get_contents($key_file_location);
$cred = new Google_Auth_AssertionCredentials(
    $service_account_name,
    array('https://www.googleapis.com/auth/books'),
    $key
);

'Where?', is the question...

This looks like it has the correct code: https://github.com/google/google-api-php-client/blob/master/src/Google/Auth/AssertionCredentials.php

I will update my answer to confirm this works once I have tested it.

:)

josh.thomson
  • 905
  • 9
  • 25
  • Using Google's PHP API (https://github.com/google/google-api-php-client), I did not need to specify "notasecret" anywhere. The fix for me was to ensure that the webserver could read the file. – rinogo Feb 27 '15 at 05:52
0

It's usually just a file permissions issue. make sure that the user running apache has permissions to read the p12 file.

Zohar.Babin
  • 265
  • 1
  • 2
  • 8
0

I was also stumbled while parsing p12 file. It always showed error like "Undefined function openssl_pkcs12_read()". To get Rid of this error, first you must check php.ini file. open php.ini fine then search for openssl and then uncomment the line. Now save and restart all wamp services.

And your function is working.

sudhanshu
  • 21
  • 5