RubyGems - aliquot-pay - Versions diffs - 0.12.0 → 0.13.0 - Mend

aliquot-pay 0.12.0 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5d8f8763b6da348c202d9ac6b747deb0f4c4e22b7ee63301dffc9c483f54369
-  data.tar.gz: 00a805257ee340456dfa3aa9920fac250f8831ed2061c8634402910e42c579d0
+  metadata.gz: efe2c37b1391901980795e2bf48846eb753b5189e9d6a9158b399eb13be452dc
+  data.tar.gz: bb99c1418c9c3f83cce4a940c9d3983b4ba227eff8e88be729409a33a4e0a8f7
 SHA512:
-  metadata.gz: b64c6ceaa8c0645557a1ec10c54fd10458ed4c03b5d52e223d10b0245ef222bed81cae829094a1eeac4958948e578cf577041c01eeaa0f7085f14aedf8692c9e
-  data.tar.gz: c2a7637c5bf0f7f6238045dbde732766267782de8b1d60af57ae533bd83a45c1a6610a73783356fe397609a48c5d904316199b16ac37570f4320dbf5fd2ad621
+  metadata.gz: ef84809aaec9b3e8e4d88268f3daf6c96288150daf67cbda6e02066d1b61cfc1baf4cae8e8c541f9c320d309a431216081e7c2960382dcfb08ef3f54e570b490
+  data.tar.gz: 2a6bef39650b08231597b420f4227877cd017b0544ff857a6b0c373634a0a7a260ea6d2da5b3682963b136b015aa488f85f8e37f9a98840ed33e217fb8d12c29

data/lib/aliquot-pay.rb CHANGED Viewed

@@ -4,7 +4,7 @@ require 'json'
 require 'aliquot-pay/util'
-module AliquotPay
+class AliquotPay
   class Error < StandardError; end
   EC_CURVE = 'prime256v1'.freeze
@@ -14,6 +14,21 @@ module AliquotPay
     merchant_id: '0123456789',
   }.freeze
+  attr_accessor :signature, :intermediate_signing_key, :signed_message
+  attr_accessor :signed_key, :signatures
+  attr_accessor :key_expiration, :key_value
+  attr_accessor :encrypted_message, :cleartext_message, :ephemeral_public_key, :tag
+  attr_accessor :message_expiration, :message_id, :payment_method, :payment_method_details
+  attr_accessor :pan, :expiration_month, :expiration_year, :auth_method
+  attr_accessor :cryptogram, :eci_indicator
+  attr_accessor :recipient, :info, :root_key, :intermediate_key
+  attr_writer   :merchant_id, :shared_secret, :token, :signed_key_string
+  def initialize(protocol_version = :ECv2)
+    @protocol_version = protocol_version
+  end
   def self.sign(key, message)
     d = OpenSSL::Digest::SHA256.new
     def key.private?; private_key?; end
@@ -43,9 +58,9 @@ module AliquotPay
     tag = AliquotPay::Util.calculate_tag(keys[:mac_key], encrypted_message)
     {
-      encryptedMessage: Base64.strict_encode64(encrypted_message),
-      ephemeralPublicKey: Base64.strict_encode64(eph.public_key.to_bn.to_s(2)),
-      tag: Base64.strict_encode64(tag),
+      'encryptedMessage'   => Base64.strict_encode64(encrypted_message),
+      'ephemeralPublicKey' => Base64.strict_encode64(eph.public_key.to_bn.to_s(2)),
+      'tag'                => Base64.strict_encode64(tag),
     }
   end
@@ -138,4 +153,207 @@ module AliquotPay
       },
     }
   end
+  def token
+    build_token
+  end
+  def extract_root_signing_keys
+    key = Base64.strict_encode64(eckey_to_public(ensure_root_key).to_der)
+    {
+      'keys' => [
+        'protocolVersion' => @protocol_version,
+        'keyValue'        => key,
+      ]
+    }.to_json
+  end
+  def eckey_to_public(key)
+    p = OpenSSL::PKey::EC.new(EC_CURVE)
+    p.public_key = key.public_key
+    p
+  end
+  #private
+  def sign(key, message)
+    d = OpenSSL::Digest::SHA256.new
+    def key.private?; private_key?; end
+    Base64.strict_encode64(key.sign(d, message))
+  end
+  def encrypt(cleartext_message)
+    @recipient ||= OpenSSL::PKey::EC.new('prime256v1').generate_key
+    @info ||= 'Google'
+    eph = AliquotPay::Util.generate_ephemeral_key
+    @shared_secret ||= AliquotPay::Util.generate_shared_secret(eph, @recipient.public_key)
+    ss  = @shared_secret
+    case @protocol_version
+    when :ECv1
+      cipher = OpenSSL::Cipher::AES128.new(:CTR)
+    when :ECv2
+      cipher = OpenSSL::Cipher::AES256.new(:CTR)
+    else
+      raise StandardError, "Invalid protocol_version #{protocol_version}"
+    end
+    keys = AliquotPay::Util.derive_keys(eph.public_key.to_bn.to_s(2), ss, @info, @protocol_version)
+    cipher.encrypt
+    cipher.key = keys[:aes_key]
+    encrypted_message = cipher.update(cleartext_message) + cipher.final
+    tag = AliquotPay::Util.calculate_tag(keys[:mac_key], encrypted_message)
+    {
+      'encryptedMessage'   => Base64.strict_encode64(encrypted_message),
+      'ephemeralPublicKey' => Base64.strict_encode64(eph.public_key.to_bn.to_s(2)),
+      'tag'                => Base64.strict_encode64(tag),
+    }
+  end
+  def build_payment_method_details
+    return @payment_method_details if @payment_method_details
+    value = {
+      'pan'             => @pan              || '4111111111111111',
+      'expirationYear'  => @expiration_year  || 2023,
+      'expirationMonth' => @expiration_month || 12,
+      'authMethod'     => @auth_method      || 'PAN_ONLY',
+    }
+    if @auth_method == 'CRYPTOGRAM_3DS'
+      value.merge!(
+        'cryptogram'   => @cryptogram    || 'SOME CRYPTOGRAM',
+        'eciIndicator' => @eci_indicator || '05'
+      )
+    end
+    value
+  end
+  def build_cleartext_message
+    return @cleartext_message if @cleartext_message
+    default_message_id = Base64.strict_encode64(OpenSSL::Random.random_bytes(24))
+    default_message_expiration = ((Time.now.to_f + 60 * 5) * 1000).round.to_s
+    @cleartext_message = {
+      'messageExpiration'    => @message_expiration || default_message_expiration,
+      'messageId'            => @message_id || default_message_id,
+      'paymentMethod'        => @payment_method || 'CARD',
+      'paymentMethodDetails' => build_payment_method_details
+    }
+  end
+  def build_signed_message
+    return @signed_message if @signed_message
+    signed_message = encrypt(build_cleartext_message.to_json)
+    signed_message['encryptedMessage']   = @encrypted_message if @encrypted_message
+    signed_message['ephemeralPublicKey'] = @ephemeral_public_key if @ephemeral_public_key
+    signed_message['tag']                = @tag if @tag
+    @signed_message = signed_message
+  end
+  def signed_message_string
+    @signed_message_string ||= build_signed_message.to_json
+  end
+  def build_signed_key
+    return @signed_key if @signed_key
+    ensure_intermediate_key
+    if @intermediate_key.private_key? || @intermediate_key.public_key?
+      public_key = eckey_to_public(@intermediate_key)
+    else
+      fail 'Intermediate key must be public and private key'
+    end
+    default_key_value      = Base64.strict_encode64(public_key.to_der)
+    default_key_expiration = "#{Time.now.to_i + 3600}000"
+    @signed_key = {
+      'keyExpiration' => @key_expiration || default_key_expiration,
+      'keyValue'      => @key_value || default_key_value,
+    }
+  end
+  def signed_key_string
+    @signed_key_string ||= build_signed_key.to_json
+  end
+  def ensure_root_key
+    @root_key ||= OpenSSL::PKey::EC.new(EC_CURVE).generate_key
+  end
+  def ensure_intermediate_key
+    @intermediate_key ||= OpenSSL::PKey::EC.new(EC_CURVE).generate_key
+  end
+  def build_signature
+    return @signature if @signature
+    key = case @protocol_version
+          when :ECv1
+            ensure_root_key
+          when :ECv2
+            ensure_intermediate_key
+          end
+    signature_string =
+      signed_string_message = ['Google',
+                               "merchant:#{merchant_id}",
+                               @protocol_version.to_s,
+                               signed_message_string].map do |str|
+        [str.length].pack('V') + str
+      end.join
+    @signature = sign(key, signature_string)
+  end
+  def build_signatures
+    return @signatures if @signatures
+    signature_string =
+      signed_key_signature = ['Google', 'ECv2', signed_key_string].map do |str|
+        [str.to_s.length].pack('V') + str.to_s
+      end.join
+    @signatures = [sign(ensure_root_key, signature_string)]
+  end
+  def build_token
+    return @token if @token
+    res = {
+      'protocolVersion' => @protocol_version.to_s,
+      'signedMessage'   => @signed_message || signed_message_string,
+      'signature'       => build_signature,
+    }
+    if @protocol_version == :ECv2
+      intermediate = {
+        'intermediateSigningKey' => @intermediate_signing_key || {
+          'signedKey'  => signed_key_string,
+          'signatures' => build_signatures,
+        }
+      }
+      res.merge!(intermediate)
+    end
+    @token = res
+  end
+  def merchant_id
+    @merchant_id ||= DEFAULTS[:merchant_id]
+  end
+  def shared_secret
+    return Base64.strict_encode64(@shared_secret) if @shared_secret
+    @shared_secret ||= Random.new.bytes(32)
+    shared_secret
+  end
 end

data/lib/aliquot-pay/util.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 require 'openssl'
 require 'hkdf'
-module AliquotPay
+class AliquotPay
   class Util
     def self.generate_ephemeral_key
       OpenSSL::PKey::EC.new(AliquotPay::EC_CURVE).generate_key

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aliquot-pay
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 0.13.0
 platform: ruby
 authors:
 - Clearhaus
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-01-14 00:00:00.000000000 Z
+date: 2019-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hkdf