Can't get "Finger print" after "Processing" status

/root may be too far (and you may have issues with read-permissions for the user phpd is running under)

one folder above the folder which is serving your website is sufficient.

I think this is key to get right (and not give up and put them in the webserver folder) because if they are in the webserver folder then anyone can read your two .pem files.

did you do the test I put above, to find out what your [document_root] and [script_filename] is?

in the same folder as index.php, place a new file, perhaps called "fred.php"

in that file paste these 6 lines. goto the file in your web browser and you should see info about your server.

<p>Hi csw. you should see Array { below this line when viewed with a web browser</p>
<?php
echo "<pre>";
print_r ($_SERVER);
echo "</pre>";
?>

these are the relevant results

[SCRIPT_URI] =>
[DOCUMENT_ROOT] =>
[SCRIPT_FILENAME] =>

put the two .pem files and apple_pay_conf.php in a folder which is one folder above [DOCUMENT_ROOT

e.g. if [DOCUMENT_ROOT] says "/var/www/html/mysite" then put .pem etc in "/var/www/html"

[DOCUMENT_ROOT} says /home/users/web/b8xx/apo.myusername

So I am not sure what that means but am assuming it is the / root when I am looking at my files on the web with Dreamweaver.

You say that I need to put the pem files one level above the level that is serving my website.

But that is not possible. The highest level I can place a file is at the www level.

I talked to tech support at my server company and they said there was no place I could put a file where apache does not see it.

However, I do have the pem files one level above the folder where my index.php file is.

and I have the paths defined like this...

define('PRODUCTION_CERTIFICATE_KEY', '../ApplePay.key.pem');

define('PRODUCTION_CERTIFICATE_PATH', '../ApplePay.crt.pem');

Ok, that's unfortunate. You may want to go back and see if your version of cURL supports native .p12 SSL combined cert/key files, or .pem files still but with the password intact. then at least the files on their own aren't useful to anyone who may stumble on them - they'd need the password to decrypt them (which you'd need in the cURL opts in apple_pay_comm.php so it can decrypt them - see uk3.php.net/manual/en/function.curl-setopt.php for

CURLOPT_SSLCERTPASSWD and CURLOPT_SSLKEYPASSWD

are those defined paths you've set working for you? (as they're relative rather than absolute, need to make sure they're written relative to the file that's going to use them (apple_pay_comm.php). i.e. if the .pem files and apple_pay_comm.php are now in the same folder, then in apple_pay_conf.php

define('PRODUCTION_CERTIFICATE_KEY', './ApplePay.key.pem');
define('PRODUCTION_CERTIFICATE_PATH', './ApplePay.crt.pem');

*update*

To extract the ApplePay.key.pem with a password, just omit the " -nodes" from the openssl line in terminal e.g.

openssl pkcs12 -in ApplePayMerchantIdentity_and_privatekey.p12 -out ApplePay.key.pem -nocerts

instead of

openssl pkcs12 -in ApplePayMerchantIdentity_and_privatekey.p12 -out ApplePay.key.pem -nocerts -nodes

then you'll be asked to create a password to encrypt the key with.

add this to your apple_pay_conf.php (update it for the password you created)

define('PRODUCTION_CERTIFICATE_KEY_PASS', 'passwordg3984h98vh');

and add this to apple_pay_comm.php

curl_setopt($ch, CURLOPT_SSLKEYPASSWD, PRODUCTION_CERTIFICATE_KEY_PASS);

Yes, I think my links are correct. I know that I get other errors when those links are wrong.

My server is running on Linux. I don't know about cURL opts.

It is using PHP 5.5

I've updated the post above (and my github) showing everything needed to add a password

also, if you're not getting a nice error back from cURL in the console, make sure you have this in apple_pay_comm.php (I updated it in my github last week, you may have an older version)

it wraps the curlError in a JSON formatted object, so it will get through the JSON.parse() in index.php, to land in the javascript console just like the successful responce does.

if(curl_exec($ch) === false)
{
echo '{"curlError":"' . curl_error($ch) . '"}';
}

I did all of that and still no luck.

The log says this...

Event {isTrusted: true, type: "cancel", target: ApplePaySession, currentTarget: ApplePaySession, eventPhase: 2, …}

ApplePayValidateMerchantEvent {isTrusted: true, validationURL: "https://apple-pay-gateway-cert.apple.com/paymentservices/startSession", type: "validatemerchant", target: ApplePaySession, currentTarget: ApplePaySession, …}

But the ApplePay sheet on the iPhone still says Processing.

and I get the "JSON Parse error: Unrecognized token" here...

function performValidation(valURL) {

return new Promise(function(resolve, reject) {

var xhr = new XMLHttpRequest();

xhr.onload = function() {

var data = JSON.parse(this.responseText); // JSON Parse error: Unrecognized token <<---------

logit(data);

resolve(data);

};

xhr.onerror = reject;

xhr.open('GET', 'apple_pay_comm.php?u=' + valURL);

xhr.send();

});

}

8/16/16 UPDATE

I just discovered why it is failing with a 404 error code. It is because app_pay_comm.php is never getting used and the network status always shows 404.

I found that by clicking on the Network tab in the web inspector.

Wll now try to figure out why.

8/16/16 UPDATE 2

OK, I figured out why app_pay_comm.php never loads.

It is because this always fails with Unrecognized token...

var data = JSON.parse(this.responseText); // JSON Parse error: Unrecognized token <<---------

And because that fails, it never gets to this...

xhr.open('GET', 'apple_pay_comm.php?u=' + valURL);

But I don't know why JSON.parse is failing

8/16/16 UPDATE 3

JSON.parse is failing because this.responseText says...

this.responseText is : In apple_pay_commIn apple_pay_conf{"curlError":"SSL certificate problem, verify that the CA cert is OK. Details:

error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed"}

It seems like I have a chicken and egg situation here.

The certificate always fails because the curl routines are in apple_pay.comm.php

and apple_pay.comm.php never gets loaded.

I contacted tech support at my web server and they said they do not support third party certificates.

I am guessing that is why I cannot get any of this to work.

Rich

I am beyond frustrated...

I have moved my website to a new server that supports everything needed to make this work.

But no matter what I try, I always get a JSON Parse error here...

var data = JSON.parse(this.responseText);

I'm sure we can get this working for you 🙂

Suggest you start a new thread though, more likely to get others to view it.

You're on a new server now, have you redone the verification of this new site in your apple developer settings?

Any other details about the JSON parse issue? the error text should come through into the javascript console (unless perhaps it has funny quotes in the error message)

want to share the url to your test site?

update:

I've added a separate curl_test.php file on github here github.com/norfolkmustard/ApplePayJS/blob/master/curl_test.php

Edit the require_once on line 7 to point to your apple_pay_conf.php file location, upload it, then go directly to curl_test.php in your browser

My test url is here...

https://carnationsoftware.com/php/index.php

The JSON error I get is JSON Parse error: Unable to parse JSON string

When I look at the log for this.responseText, I get two different results based upon whether I am using my Sandbox or not.

When using the Sandbox on my iPhone, I get a large string of cryptic numbers like maybe it is reading the certificate.

And when using my normal iCloud account on iPhone, I get status code 417, not registered for service.

Also, note that I do not get a cURL error.

Everything seems like it is trying to work, but I get that JSON error and never get the fingerprint icon on my iPhone. It always says Processing with a spining wheel.

Rich

"Edit the require_once on line 7 to point to your apple_pay_conf.php file location, upload it, then go directly to curl_test.php in your browser"

Did that and everything looks normal to me

you got a merchantSessionIdentifier back ok from curl_test.php ?

check the exact url you're getting from apple for merchant validation (it's given in the console log), and try curl_test.php with that. e.g.

/curl_test.php?u=https://apple-pay-gateway.apple.com/paymentservices/startSession

versus

/curl_test.php?u=https://apple-pay-gateway-cert.apple.com/paymentservices/startSession

also check your php/apache error log, perhaps you still have files in the wrong place.

"you got a merchantSessionIdentifier back ok from curl_test.php ?"

Yes, I did and it looks correct.

Merchant Validation passes with this:

/curl_test.php?u=https://apple-pay-gateway-cert.apple.com/paymentservices/startSession

That one works and is also the gateway returned in my logs.

When I log the response text like this

logit('this.responseText is : ' + this.responseText );

I get what looks like normal text that starts with {"epochTimestamp bla bla bla

But I still get the JSON parse error trying to parse this.responseText

Where do I check the php/appache error log?

Rich

if you're getting that back from index.php then the files are fine, in the right place.

make sure there's no white spaces before <?php and after ?> in apple_pay_comm.php and that you have no other echo() or print_r() in there. need to make sure that ONLY the JSON responce from apple is presented when that file is called, must be clear of absolutely everything else, including white spaces.

add this line 2 to apple_pay_comm.php

<?php
header('Content-Type: application/json');
$validation_url = $_GET['u'];

There were no white spaces and no extra echo or print commands.

I tried adding the header to to apple_pay_comm.php

header('Content-Type: application/json');

But that causes a warning message in the log that says...

Cannot modiry header information - headers already sent by (output started at /home/MyHomexxx/www/php/apple_pay_comm.php:2

One more thing...

My server JSON version is 1.2.1

It seems like that is not the latest version. I think JSON 3.3 is the latest version.

Rich