flobz
Expired Certificate
Describe the bug Today expired the Peugeout certificate in the APK version that you store on psa_apk.
Additional context Please update the APK so I can login into the app
Maybe we can find a way to fix it ourself. So far I found out that the cert is created by setup/apk_parser.py. The certs are created from a file called MWPMYMA1.pfx. This file is located in a BrandAPK file under assets.
This apk is located under: https://github.com/flobz/psa_apk
Maybe we can find a way to fix it ourself. So far I found out that the cert is created by setup/apk_parser.py. The certs are created from a file called MWPMYMA1.pfx. This file is located in a BrandAPK file under assets.
This apk is located under: https://github.com/flobz/psa_apk
The "problem" is to find the password for the changed certificate
Same goes from Finland with Opel Mokka e. Things were working until yesterday, after that the Opel app ceased to have connection and PSA car controller also stopped updating. After that I installed HAOS update and the PSA car controller stopped working. This has happened to me a couple of times before and I have managed to get it back going with a reinstall. When I tried to do this, I ran into this problem.
Same here, Citroen C5,.... KeyError: 'success' {"code":"495", "message": "Invalid or expired client certificate"}
Same problem for me with docker image on DS3 : KeyError: 'success' {"code":"495", "message": "Invalid or expired client certificate"}
@flobz Same problem in Belgium with HA Green en the Add-on 'PSA Car Controller' after system-restart.
- Invalid or expired client certificate. How to fix?
Can you please stop posting that you have the same issue? It seems to be clear that this is a generic problem.
Just 👍 up the initial report.
Seems to be working again for me. Not done anything to fix it.
2024-08-28 12:06:02,434 :: INFO :: 172.30.32.1 - - [28/Aug/2024 12:06:02] "[37mGET /get_vehicleinfo/my vin HTTP/1.1[0m" 200 - 2024-08-28 12:06:02,437 :: INFO :: <Request 'http://127.0.0.1:5000/charge_control?vin=my vin' [GET]> 2024-08-28 12:06:02,441 :: INFO :: 172.30.32.1 - - [28/Aug/2024 12:06:02] "[37mGET /charge_control?vin=my vin HTTP/1.1[0m" 200 -
I am still getting:
Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/setup/app_decoder.py", line 100, in __fetch_user_info res_dict = res2.json()["success"] KeyError: 'success' {"code":"495", "message": "Invalid or expired client certificate"}
I've forked the repos and bumped the app versions. The newest ones doesn't have the certificate anymore. They changed how the apps authenticates. The certificate kept the same until version 1.46. of the apps. In summary: no luck by updating and using app versions 1.46. @flobz has to update the authentication if possible to match the latest app versions.
What do we have to do now? I am getting still the same error as before.
Based on my previous comment, a developer can help fixing that. Unfortunately my dev skills are quite limited and can't help much
Hmm, actually, the latest app version has that certificate! Still looking into it
@flobz is there any outlook when and how this issue can be solved? @flobz existe-t-il des perspectives quand et comment ce problème pourra être résolu ?
PSA V3.5.1, does not work with the home assistant on the last version. Same certificate issue. Core 2024.8.3 Supervisor 2024.08.0 Operating System 13.1 HOME ASSISTANT GREEN
Hmm, actually, the latest app version has that certificate! Still looking into it
@raphaelbarreiros did you find out anything new?
I followed the following path:
-
Coming from https://github.com/flobz/psa_car_controller/issues/416 and looking here at this reoccuring issue https://github.com/flobz/psa_car_controller/issues/938 I thought to quickly mimic https://github.com/flobz/psa_apk and https://github.com/raphaelbarreiros/psa_apk.
-
So, downloaded the lastest myOpel xapk version from https://apkcombo.com/de/myopel/com.psa.mym.myopel/download/apk and extracted the
myOpel_1.48.2_APKPure.xapkto getcom.psa.mym.myopel.apk, plus renamed it tomyopel.apk. -
But I first needed to fix the >100MB file size error "remote: error: File myopel.apk is 111.55 MB; this exceeds GitHub's file size limit of 100.00 MB" via
sudo apt install git-lfs
git lfs install
git lfs track "*.apk"
git add .gitattributes
git add myopel.apk
[...]
- I SSHed (this is more a "note to myself" info, probably mostly irrelevant for somebody else) into my Home Assistant VM on my Synology and inside the Docker
flobz/psa_car_controller:v3.5.1viadocker exec -it addon_b9f12d83_psacc /bin/bashto modify/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/setup/apk_decoder.pywith
APP_VERSION = "1.48.1"
GITHUB_USER = "HansUweRempler"
- Unfortunately, the cert error remains:
ConnectionError: Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/setup/app_decoder.py", line 100, in __fetch_user_info
KeyError: 'success'
{"code":"495", "message": "Invalid or expired client certificate"}
2024-08-30 07:02:00,234 :: INFO :: 172.30.32.1 - - [30/Aug/2024 07:02:00] "[37mPOST /_dash-update-component HTTP/1.1[0m" 200 -
I guess the next step would be to look into apk_parser.py and the save_key_to_pem() part where pkcs12.load_key_and_certificates() is called. But I need to pause here for now.
Yeah, I did almost the same as you @HansUweRempler but then I decided to try to make the API calls from Postman to make sure everything was working ok before making any changes to the code. So I've extracted the Cert, Client_ID and Client_Secret manually - just like the apk_parser.py The thing is I managed to extract everything and make the API calls! I managed to: 1 - compose and generate the URL, and get the Code just like the tutorial 2 - Exchange the Code for the Tokens 3 - Make a call to /user/vehicles endpoint
The last one I did literally 1 minute before going to bed. Just starting my day here, so as soon as I can I'm going to debug the code but it looks like it's not finding the file with the client id and client secret, they might have changed that in some of the versions, so shouldn't be too difficult to fix!
@HansUweRempler did you restart your container after modify? If not the changes will not be happend, and it still download the old stuff
After restart the container it will run in: res1 must be zero! Which comes from androguard which is used in 3.3.5, maybe a newer version may help here, on the other hand the file can just be unzipped, w/o using androdguard like @raphaelbarreiros described
Here it is how it works:
docker exec -it addon_b9f12d83_psacc /bin/bash to modify /usr/local/lib/python3.9/dist-packages/psa_car_controller/psa/setup/apk_decoder.py
apt install python3.9-distutils pip install --upgrade androguard
open apk_parser.py
replace:
from androguard.core.bytecodes.apk import APK
with
from androguard.core.apk import APK
open app_decoder.py update the file:
APP_VERSION = "1.48.1"
GITHUB_USER = "HansUweRempler"
I have issued a pull request for it https://github.com/flobz/psa_car_controller/pull/944
@kurim brilliant! I've applied your changes to my repo, so I can start testing and playing with it now. It worked like a charm!
In case someone wants to install my fork in the meantime: https://github.com/raphaelbarreiros/psacc-ha I'll also add the vehicles pending merge quite soon :)
@kurim Ah, yes, of course, you're absolutely right, I missed to restart the container! Thank you very much for your hints, it worked like a charm 🥇.
@raphaelbarreiros thank you for starting all of this. Let's see how long this will hold up until the next update.
@kurim I've applied your suggestion but I receive the same error .. Where I wrong ?
