Я внедряю подписки PayPal API в мой проект, однако получаю следующую ошибку скручивания:
array:2 [▼
"error" => "error_in_reading_cert"
"error_description" => "Unable to read x509 certificate"
]
обратите внимание, что я использую Laravel. Вот мой класс curl:
<?php
namespace App\Logic\Curl;
class Curl {
/**
* Perform new POST request and return decoded JSON response
*
* @param $url
* @param $data
* @return array
*/
public function newRequest($url, $data)
{
$connection = curl_init($url);
$clientId = env('services.paypal.client-id');
$secret = env('services.paypal.secret');
curl_setopt($connection, CURLOPT_HTTPHEADER, [
"Content-Type: application/json",
"Authorization: Basic $clientId:$secret",
]
);
$options = array(
CURLOPT_RETURNTRANSFER => true, // return web page
CURLOPT_HEADER => false, // don't return headers
CURLOPT_FOLLOWLOCATION => true, // follow redirects
CURLOPT_MAXREDIRS => 10, // stop after 10 redirects
CURLOPT_ENCODING => "", // handle compressed
CURLOPT_USERAGENT => "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36", // name of client
CURLOPT_AUTOREFERER => true, // set referrer on redirect
CURLOPT_CONNECTTIMEOUT => 120, // time-out on connect
CURLOPT_TIMEOUT => 120, // time-out on response
);
curl_setopt_array($connection, $options);
curl_setopt($connection, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($connection);
if(curl_error($connection)) {
return curl_error($connection);
}
curl_close($connection);
return $this->decodeResponse($response);
}
/**
* JSON decode the response
*
* @param $response
* @return mixed
*/
public function decodeResponse($response)
{
return json_decode($response, true);
}
}
вот мой класс PayPal:
<?php
namespace App\Logic\Paypal;
use App\Logic\Curl\Curl;
use Exception;
class Paypal {
public function createProduct()
{
$productDetails = [
"name" => "Feedback Form",
"description" => "Feedback form as a service.",
"type" => "SERVICE",
"category" => "SOFTWARE",
"home_url" => "https://www.feedback.com/"
];
$url = $this->getApiUrl('createProduct');
$curl = new Curl();
return $curl->newRequest($url, $productDetails);
}
public function getApiUrl($endpointName) {
$mode = config('services.paypal.mode');
$urls = [
'createProduct' => [
'live' => 'https://api.paypal.com/v1/catalogs/products',
'sandbox' => 'https://api.sandbox.paypal.com/v1/catalogs/products'
]
];
return $urls[$endpointName][$mode];
}
}
вот мой контроллер PayPal, который получает запросы:
<?php
namespace App\Http\Controllers;
use App\Logic\Paypal\Paypal;
use App\Setting;
class PaypalController extends Controller
{
public function bootstrap()
{
$setting = Setting::where('name', '=', 'active_plan_id')->first();
if ($setting) {
return 'plan already activated';
}
$paypal = new Paypal();
$product = $paypal->createProduct();
dd($product);
}
}
Приведенный выше код просто пытается создать продукт в соответствии с документацией по подписке PayPal.
При поиске решения в Интернете я сталкивался с различными вопросами о StackOverflow, наиболее многообещающим из которых был this . Сначала я попробовал решение с наибольшим количеством голосов, но оно не сработало для меня, хотя и странно. Я последовал за ним и зашел в свой /etc/php/7.2/apache2/php.ini и оставил комментарий curl.cainfo, заполнил его абсолютным путем к загруженному сертификату и перезапустил apache, и это не помогло. Затем я создал информационный файл php и посмотрел опции, и там я не смог найти curl.cainfo, хотя загруженный файл конфигурации был именно тем, который я отредактировал - согласно this curl.cainfo не будет отображаться в phpinfo, начиная с PHP7 .2, что решает эту проблему.
Из того же вопроса StackOverflow я также попытался:
sudo apt-get install ca-certificates
и:
sudo update-ca-certificates
но это не помогло.
Любая помощь очень ценится.
РЕДАКТИРОВАТЬ 1: Только что заметил в документации PayPal здесь curl вызывается с опцией -k, который допускает даже небезопасные соединения. Интересно, почему PayPal использует самозаверяющие сертификаты в своих API песочницы?
РЕДАКТИРОВАТЬ 2: Я попытался загрузить сертификат с здесь и
РЕДАКТИРОВАТЬ 3: Я попытался отключить проверку сертификата однорангового узла, добавив следующую строку $options[CURLOPT_SSL_VERIFYPEER] = false;, но я все еще получаю ту же ошибку
РЕДАКТИРОВАТЬ 4: Я также попытался добавить curl_setopt($connection, CURLOPT_CAINFO, '/path/to/cacert.pem');, но это не помогло
РЕДАКТИРОВАТЬ 5: Я также пытался выполнить тот же запрос из командной строки, но я получаю ту же ошибку, вот вывод:
Note: Unnecessary use of -X or --request, POST is already inferred.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* Trying 173.0.82.78...
* TCP_NODELAY set
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0* Connected to api.sandbox.paypal.com (173.0.82.78) port 443 (#0)
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ca-certificates
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [85 bytes data]
0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4162 bytes data]
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
{ [944 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
} [7 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [262 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / AES256-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=San Jose; O=PayPal, Inc.; OU=PayPal Production; CN=api.sandbox.paypal.com
* start date: Aug 21 00:00:00 2018 GMT
* expire date: Aug 20 12:00:00 2020 GMT
* subjectAltName: host "api.sandbox.paypal.com" matched cert's "api.sandbox.paypal.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert Global CA G2
* SSL certificate verify ok.
0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0} [5 bytes data]
> POST /v1/catalogs/products HTTP/1.1
> Host: api.sandbox.paypal.com
> User-Agent: curl/7.58.0
> Accept: */*
> Content-Type: application/json
> Authorization: Basic client-id:secret
> Content-Length: 205
>
} [205 bytes data]
* upload completely sent off: 205 out of 205 bytes
{ [5 bytes data]
< HTTP/1.1 401 Unauthorized
< Cache-Control: max-age=0, no-cache, no-store, must-revalidate
< Content-Length: 87
< Content-Type: application/json
< Date: Wed, 25 Mar 2020 09:45:30 GMT
< Paypal-Debug-Id: f3411e0e1c2ab
<
{ [87 bytes data]
100 292 100 87 100 205 12 30 0:00:07 0:00:06 0:00:01 55
100 292 100 87 100 205 12 30 0:00:07 0:00:06 0:00:01 68
* Connection #0 to host api.sandbox.paypal.com left intact
{"error":"error_in_reading_cert","error_description":"Unable to read x509 certificate"}
РЕДАКТИРОВАТЬ 6 : Вот полная команда curl, которую я пробовал, и вывод:
curl -v -k POST https://api.sandbox.paypal.com/v1/catalogs/products -H "Content-Type: application/json" -H "Authorization: Basic AW09uZVO_1NUVZXEzlYp1xgiVjweOwnIBl0rMltEK7X1zMhe9fxcPPr_IgwGplL0xSPHQo4lO3cdP27p:EB351ARk-HkEd5OmkV7NGXrUT5V2AU_zN8ZRJ55cWowGUKr845Do0MM5zrqfpCxJECqL59rwcXueQUW2" -d '{"name": "Video Streaming Service","description": "Video streaming service","type": "SERVICE","category": "SOFTWARE","image_url": "https://example.com/streaming.jpg","home_url": "https://example.com/home"}' --cacert /opt/ssl/curl.pem 2>&1 | tee curl.txt
output:
* Rebuilt URL to: POST/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:07 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:08 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:09 --:--:-- 0* Could not resolve host: POST
* Closing connection 0
curl: (6) Could not resolve host: POST
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0* Trying 173.0.82.78...
* TCP_NODELAY set
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0* Connected to api.sandbox.paypal.com (173.0.82.78) port 443 (#1)
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /opt/ssl/curl.pem
CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [85 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4162 bytes data]
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
{ [944 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
} [7 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [262 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / AES256-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=San Jose; O=PayPal, Inc.; OU=PayPal Production; CN=api.sandbox.paypal.com
* start date: Aug 21 00:00:00 2018 GMT
* expire date: Aug 20 12:00:00 2020 GMT
* issuer: C=US; O=DigiCert Inc; CN=DigiCert Global CA G2
* SSL certificate verify ok.
0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0} [5 bytes data]
> POST /v1/catalogs/products HTTP/1.1
> Host: api.sandbox.paypal.com
> User-Agent: curl/7.58.0
> Accept: */*
> Content-Type: application/json
> Authorization: Basic AW09uZVO_1NUVZXEzlYp1xgiVjweOwnIBl0rMltEK7X1zMhe9fxcPPr_IgwGplL0xSPHQo4lO3cdP27p:EB351ARk-HkEd5OmkV7NGXrUT5V2AU_zN8ZRJ55cWowGUKr845Do0MM5zrqfpCxJECqL59rwcXueQUW2
> Content-Length: 205
>
} [205 bytes data]
* upload completely sent off: 205 out of 205 bytes
{ [5 bytes data]
< HTTP/1.1 401 Unauthorized
< Cache-Control: max-age=0, no-cache, no-store, must-revalidate
< Content-Length: 87
< Content-Type: application/json
< Date: Wed, 25 Mar 2020 15:54:35 GMT
< Paypal-Debug-Id: ae0a3de96fdf5
<
{ [87 bytes data]
100 292 100 87 100 205 16 39 0:00:05 0:00:05 --:--:-- 79
* Connection #1 to host api.sandbox.paypal.com left intact
{"error":"error_in_reading_cert","error_description":"Unable to read x509 certificate"}
EDIT 7: я запускаю ту же команду curl, но с разными учетными данными из другого бизнеса учетная запись, вот команда и вывод:
curl -v -k POST https://api.sandbox.paypal.com/v1/catalogs/products -H "Content-Type: application/json" -H "Authorization: Basic AVx9AFnHHdAvjsRA_t5AXJEdu_XIqC4RgxOvJ_a49r3QZj9eNlSy1gRGRmLIBS52wh1LWi27adQgvwSc:EPCcwShbEMG4O9uoPvoMtbwFc02RT2vo8FayHqU3StskKR3bxx7sxXACEG7Sf-Mwx_taRFhRfp0s79Ox" -d '{"name": "Video Streaming Service","description": "Video streaming service","type": "SERVICE","category": "SOFTWARE","image_url": "https://example.com/streaming.jpg","home_url": "https://example.com/home"}' --cacert /opt/ssl/curl.pem 2>&1 | tee curl.txt
вывод:
* Rebuilt URL to: POST/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:07 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:08 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:09 --:--:-- 0* Could not resolve host: POST
* Closing connection 0
curl: (6) Could not resolve host: POST
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0* Trying 173.0.82.78...
* TCP_NODELAY set
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0* Connected to api.sandbox.paypal.com (173.0.82.78) port 443 (#1)
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /opt/ssl/curl.pem
CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [85 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4162 bytes data]
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
{ [944 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
} [7 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [262 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / AES256-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=San Jose; O=PayPal, Inc.; OU=PayPal Production; CN=api.sandbox.paypal.com
* start date: Aug 21 00:00:00 2018 GMT
* expire date: Aug 20 12:00:00 2020 GMT
* issuer: C=US; O=DigiCert Inc; CN=DigiCert Global CA G2
* SSL certificate verify ok.
0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0} [5 bytes data]
> POST /v1/catalogs/products HTTP/1.1
> Host: api.sandbox.paypal.com
> User-Agent: curl/7.58.0
> Accept: */*
> Content-Type: application/json
> Authorization: Basic AW09uZVO_1NUVZXEzlYp1xgiVjweOwnIBl0rMltEK7X1zMhe9fxcPPr_IgwGplL0xSPHQo4lO3cdP27p:EB351ARk-HkEd5OmkV7NGXrUT5V2AU_zN8ZRJ55cWowGUKr845Do0MM5zrqfpCxJECqL59rwcXueQUW2
> Content-Length: 205
>
} [205 bytes data]
* upload completely sent off: 205 out of 205 bytes
{ [5 bytes data]
< HTTP/1.1 401 Unauthorized
< Cache-Control: max-age=0, no-cache, no-store, must-revalidate
< Content-Length: 87
< Content-Type: application/json
< Date: Wed, 25 Mar 2020 15:54:35 GMT
< Paypal-Debug-Id: ae0a3de96fdf5
<
{ [87 bytes data]
100 292 100 87 100 205 16 39 0:00:05 0:00:05 --:--:-- 79
* Connection #1 to host api.sandbox.paypal.com left intact
{"error":"error_in_reading_cert","error_description":"Unable to read x509 certificate"}