3

In my ruby application, I am creating Apple wallet passes. The application actually works well, but when I try to start it as a service (/etc/systemd/system), it is failing. I can see that almost everything is working, but it fails when I want to parse the p12 certificate.

My function to sign the manifest file

def sign_manifest(serial_number)
    temporary_path = "./passes/#{CUSTOMER}_#{serial_number}"
    certificate_path = "./certs/Zertifikate.p12"
    wwdr_path = "./certs/WWDR.pem"
    manifest_path = "./passes/#{CUSTOMER}_#{serial_number}/manifest.json"
    
  puts "Signing the manifest"
  # Import the certificates
  p12_certificate = OpenSSL::PKCS12::new(File.read(certificate_path), "")
  wwdr_certificate = OpenSSL::X509::Certificate.new(File.read(wwdr_path))
  
  # Sign the data
  flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED
  signed = OpenSSL::PKCS7::sign(p12_certificate.certificate, p12_certificate.key, File.read(manifest_path), [wwdr_certificate], flag)
  
  # Create an output path for the signed data
  signature_url = temporary_path + "/signature"
  
  # Write out the data
  File.open(signature_url, "w") do |f|
    f.syswrite signed.to_der
  end
end

Manually start with the command line

When I start the application manually with the command

ruby passGenerator.rb -p 20001 -o 0.0.0.0

on my server, it is working well, no issues.

Start as a service

The service itself looks like:

# wallet.service

[Unit]
Description = Apple Wallet Pass Generator
After = network.target

[Service]
WorkingDirectory = /var/www/html/passGenerator
ExecStart = ruby /var/www/html/passGenerator/passGenerator.rb -p 20001 -o 0.0.0.0

[Install]
WantedBy = multi-user.target

and start it with:

systemctl start wallet

I can start the service, and the server is running, but as soon as I want to create a new pass and come to this function, it crashes with the error:

PKCS12_parse: unsupported in the line of p12_certificate = OpenSSL::PKCS12::new(File.read(certificate_path), "“)

(In the code snippet line 9)

I first thought about the relative paths, but everything else works with the relative paths. Can anybody explain why that is happening?

Sebastian Fox
  • 1,324
  • 1
  • 10
  • 20
  • 1
    Sounds like the version of `OpenSSL` you are using does not support PKCS12. Do you have more than one version of Ruby installed on the system? Try logging the `OpenSSL::VERSION`, and make sure `OpenSSL::PKCS12` is defined? – Jared Beck Jan 02 '23 at 20:09
  • @JaredBeck thank you, that's it. When I started the application manually, it was ruby 2.7.x and when I used ExecStart, it was ruby 3.0.x which does not support this function. Thank you! – Sebastian Fox Jan 03 '23 at 14:09
  • I'am with this problem too. My Ruby is `3.2.0` ``` irb(main):019:0> OpenSSL::OPENSSL_LIBRARY_VERSION => "OpenSSL 3.0.7 1 Nov 2022" irb(main):020:0> OpenSSL::VERSION => "3.1.0" irb(main):021:0> ``` What's your versions? – Marcos de Melo Feb 05 '23 at 20:20
  • And I have `p12` that works, but a lot of them no work... And I dont know whats the diference between the p12 files . – Marcos de Melo Feb 05 '23 at 20:27
  • 1
    checkout https://stackoverflow.com/questions/73894224/pkcs12-new-file-p12-passphrase-throws-pkcs12-parse-unsupported-error-afte – Skully Jul 18 '23 at 13:20

0 Answers0