"“Test Apple Root CA - G3” certificate is not trusted" when verifying renewal info

App & System Services StoreKit
nosedive OP
Created Jun ’21
Replies 8
Boosts 0
Views 2.7k
Participants 7

Following the sample code from the session, I received errors when verifying the renewal info:

[Default] [StoreKit] Failed to verify certificate chain due to client recoverable failure:
Error Domain=NSOSStatusErrorDomain Code=-67843 "“Test Apple Root CA - G3” certificate is not trusted" UserInfo={NSLocalizedDescription=“Test Apple Root CA - G3” certificate is not trusted, NSUnderlyingError=0x2800835d0 {Error Domain=NSOSStatusErrorDomain Code=-67843 "Certificate 2 “Test Apple Root CA - G3” has errors: Root is not trusted;" UserInfo={NSLocalizedDescription=Certificate 2 “Test Apple Root CA - G3” has errors: Root is not trusted;}}}
[Default] [StoreKit] Failed to verify signature for subscription status, will assume invalid:
failedToVerifyCertificateChain

Here's the code I'm using for getting subscription status

@MainActor
func subscriptionStatus() async -> (Product, Product.SubscriptionInfo.Status)? {
  do {
    // This app has only one subscription group so products in the subscriptions
    // array all belong to the same group. The statuses returned by
    // `product.subscription.status` apply to the entire subscription group.
    guard let product = subscriptions.first,
       let statuses = try await product.subscription?.status else {
         return nil
       }
    var highestSubscriptionStatus: (product: Product, status: Product.SubscriptionInfo.Status)?
    for status in statuses {
      switch status.state {
      case .expired, .revoked:
        continue
      default:
        let renewalInfo = try checkVerified(status.renewalInfo)
        guard let newSubscription = subscriptions.first(where: { $0.id == renewalInfo.currentProductID }) else {
          continue
        }
        guard let currentProduct = highestSubscriptionStatus?.product else {
          highestSubscriptionStatus = (newSubscription, status)
          continue
        }
        let highestTier = tier(for: currentProduct.id)
        let newTier = tier(for: renewalInfo.currentProductID)
        if newTier > highestTier {
          highestSubscriptionStatus = (newSubscription, status)
        }
      }
    }
    return highestSubscriptionStatus
  } catch {
    print("Could not update subscription status \(error)")
    return nil
  }
}

I'm running this on a real device without the storekit configuration file. Is this a known issue or am I missing something to get this working?

Thanks

Answered by Frameworks Engineer in 688096022

This issue has been addressed. If you are still seeing this error while using StoreKit 2 and Sandbox, we recommend that you delete and reinstall your app. Please file a bug report with feedback assistant from the device running your app, if you continue to have issues.

Replies  8
Boosts  0
Views  2.7k
Participants  7
nosedive OP
Jun ’21

FB9142670

0
Frameworks Engineer OP
Apple
Jun ’21

Thank you for filing the feedback, we will look into this. Does this behavior reproduce regularly, or did you just notice it this one time?

0
Frameworks Engineer OP
Apple
Jun ’21
Accepted Answer

We looked into this issue some more and have an update:

This will impact all users testing StoreKit 2 in the sandbox environment at the moment. That is, Product.SubscriptionInfo.RenewalInfo and Transaction will always result as VerificationResult.unverified(_:). In the meantime, if you want to test successfully verified transaction and renewal information, you can use StoreKit Testing in Xcode which will not be impacted by this issue.

2
ryannn OP
Aug ’21

I'm seeing the same thing here! Works fine with Xcode testing, just not in TestFlight/Sandbox.

1
gokcekinay OP
Sep ’21

Since sandbox purchases do not pass validation, they can not be finalized either. This makes it impossible to test the rest of the purchase flow.

I am wondering if Apple can provide updates on this. Should we expect the sandbox transactions to pass validation once iOS15 is officially released?

0
robert-nyt OP
Sep ’21

I'm also seeing this issue so just +1ing the issue.

Also curious if there is a technical reason why promotional offers are not signed/validated automatically by StoreKit2 the same way purchases can now be signed by the framework itself? Thanks

0
WeddMate OP
Sep ’21

Hi so we already have a release candidate, the whole time I test it with StoreKit testing but now we are testing before release and still get Failed to verify the signature for Transaction, will assume invalid Is there something that I'm missing or does the in-App purchase have to be approved on Appstore Connect?

0
Frameworks Engineer OP
Apple
Sep ’21
Recommended

This issue has been addressed. If you are still seeing this error while using StoreKit 2 and Sandbox, we recommend that you delete and reinstall your app. Please file a bug report with feedback assistant from the device running your app, if you continue to have issues.

4
"“Test Apple Root CA - G3” certificate is not trusted" when verifying renewal info
First post date Last post date
 
 
Q