aliquot-pay 0.12.0 → 0.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5d8f8763b6da348c202d9ac6b747deb0f4c4e22b7ee63301dffc9c483f54369
-  data.tar.gz: 00a805257ee340456dfa3aa9920fac250f8831ed2061c8634402910e42c579d0
+  metadata.gz: efe2c37b1391901980795e2bf48846eb753b5189e9d6a9158b399eb13be452dc
+  data.tar.gz: bb99c1418c9c3f83cce4a940c9d3983b4ba227eff8e88be729409a33a4e0a8f7
 SHA512:
-  metadata.gz: b64c6ceaa8c0645557a1ec10c54fd10458ed4c03b5d52e223d10b0245ef222bed81cae829094a1eeac4958948e578cf577041c01eeaa0f7085f14aedf8692c9e
-  data.tar.gz: c2a7637c5bf0f7f6238045dbde732766267782de8b1d60af57ae533bd83a45c1a6610a73783356fe397609a48c5d904316199b16ac37570f4320dbf5fd2ad621
+  metadata.gz: ef84809aaec9b3e8e4d88268f3daf6c96288150daf67cbda6e02066d1b61cfc1baf4cae8e8c541f9c320d309a431216081e7c2960382dcfb08ef3f54e570b490
+  data.tar.gz: 2a6bef39650b08231597b420f4227877cd017b0544ff857a6b0c373634a0a7a260ea6d2da5b3682963b136b015aa488f85f8e37f9a98840ed33e217fb8d12c29

data/lib/aliquot-pay.rb

@@ -4,7 +4,7 @@ require 'json'
 
 require 'aliquot-pay/util'
 
-module AliquotPay
+class AliquotPay
   class Error < StandardError; end
 
   EC_CURVE = 'prime256v1'.freeze
@@ -14,6 +14,21 @@ module AliquotPay
     merchant_id: '0123456789',
   }.freeze
 
+  attr_accessor :signature, :intermediate_signing_key, :signed_message
+  attr_accessor :signed_key, :signatures
+  attr_accessor :key_expiration, :key_value
+  attr_accessor :encrypted_message, :cleartext_message, :ephemeral_public_key, :tag
+  attr_accessor :message_expiration, :message_id, :payment_method, :payment_method_details
+  attr_accessor :pan, :expiration_month, :expiration_year, :auth_method
+  attr_accessor :cryptogram, :eci_indicator
+
+  attr_accessor :recipient, :info, :root_key, :intermediate_key
+  attr_writer   :merchant_id, :shared_secret, :token, :signed_key_string
+
+  def initialize(protocol_version = :ECv2)
+    @protocol_version = protocol_version
+  end
+
   def self.sign(key, message)
     d = OpenSSL::Digest::SHA256.new
     def key.private?; private_key?; end
@@ -43,9 +58,9 @@ module AliquotPay
     tag = AliquotPay::Util.calculate_tag(keys[:mac_key], encrypted_message)
 
     {
-      encryptedMessage: Base64.strict_encode64(encrypted_message),
-      ephemeralPublicKey: Base64.strict_encode64(eph.public_key.to_bn.to_s(2)),
-      tag: Base64.strict_encode64(tag),
+      'encryptedMessage'   => Base64.strict_encode64(encrypted_message),
+      'ephemeralPublicKey' => Base64.strict_encode64(eph.public_key.to_bn.to_s(2)),
+      'tag'                => Base64.strict_encode64(tag),
     }
   end
 
@@ -138,4 +153,207 @@ module AliquotPay
       },
     }
   end
+
+  def token
+    build_token
+  end
+
+  def extract_root_signing_keys
+    key = Base64.strict_encode64(eckey_to_public(ensure_root_key).to_der)
+    {
+      'keys' => [
+        'protocolVersion' => @protocol_version,
+        'keyValue'        => key,
+      ]
+    }.to_json
+  end
+
+  def eckey_to_public(key)
+    p = OpenSSL::PKey::EC.new(EC_CURVE)
+
+    p.public_key = key.public_key
+
+    p
+  end
+
+  #private
+
+  def sign(key, message)
+    d = OpenSSL::Digest::SHA256.new
+    def key.private?; private_key?; end
+    Base64.strict_encode64(key.sign(d, message))
+  end
+
+  def encrypt(cleartext_message)
+    @recipient ||= OpenSSL::PKey::EC.new('prime256v1').generate_key
+    @info ||= 'Google'
+
+    eph = AliquotPay::Util.generate_ephemeral_key
+    @shared_secret ||= AliquotPay::Util.generate_shared_secret(eph, @recipient.public_key)
+    ss  = @shared_secret
+
+    case @protocol_version
+    when :ECv1
+      cipher = OpenSSL::Cipher::AES128.new(:CTR)
+    when :ECv2
+      cipher = OpenSSL::Cipher::AES256.new(:CTR)
+    else
+      raise StandardError, "Invalid protocol_version #{protocol_version}"
+    end
+
+    keys = AliquotPay::Util.derive_keys(eph.public_key.to_bn.to_s(2), ss, @info, @protocol_version)
+
+    cipher.encrypt
+    cipher.key = keys[:aes_key]
+
+    encrypted_message = cipher.update(cleartext_message) + cipher.final
+
+    tag = AliquotPay::Util.calculate_tag(keys[:mac_key], encrypted_message)
+
+    {
+      'encryptedMessage'   => Base64.strict_encode64(encrypted_message),
+      'ephemeralPublicKey' => Base64.strict_encode64(eph.public_key.to_bn.to_s(2)),
+      'tag'                => Base64.strict_encode64(tag),
+    }
+  end
+
+  def build_payment_method_details
+    return @payment_method_details if @payment_method_details
+    value = {
+      'pan'             => @pan              || '4111111111111111',
+      'expirationYear'  => @expiration_year  || 2023,
+      'expirationMonth' => @expiration_month || 12,
+      'authMethod'     => @auth_method      || 'PAN_ONLY',
+    }
+
+    if @auth_method == 'CRYPTOGRAM_3DS'
+      value.merge!(
+        'cryptogram'   => @cryptogram    || 'SOME CRYPTOGRAM',
+        'eciIndicator' => @eci_indicator || '05'
+      )
+    end
+
+    value
+  end
+
+  def build_cleartext_message
+    return @cleartext_message if @cleartext_message
+    default_message_id = Base64.strict_encode64(OpenSSL::Random.random_bytes(24))
+    default_message_expiration = ((Time.now.to_f + 60 * 5) * 1000).round.to_s
+
+    @cleartext_message = {
+      'messageExpiration'    => @message_expiration || default_message_expiration,
+      'messageId'            => @message_id || default_message_id,
+      'paymentMethod'        => @payment_method || 'CARD',
+      'paymentMethodDetails' => build_payment_method_details
+    }
+  end
+
+  def build_signed_message
+    return @signed_message if @signed_message
+
+    signed_message = encrypt(build_cleartext_message.to_json)
+    signed_message['encryptedMessage']   = @encrypted_message if @encrypted_message
+    signed_message['ephemeralPublicKey'] = @ephemeral_public_key if @ephemeral_public_key
+    signed_message['tag']                = @tag if @tag
+
+    @signed_message = signed_message
+  end
+
+  def signed_message_string
+    @signed_message_string ||= build_signed_message.to_json
+  end
+
+  def build_signed_key
+    return @signed_key if @signed_key
+    ensure_intermediate_key
+
+    if @intermediate_key.private_key? || @intermediate_key.public_key?
+      public_key = eckey_to_public(@intermediate_key)
+    else
+      fail 'Intermediate key must be public and private key'
+    end
+
+    default_key_value      = Base64.strict_encode64(public_key.to_der)
+    default_key_expiration = "#{Time.now.to_i + 3600}000"
+
+    @signed_key = {
+      'keyExpiration' => @key_expiration || default_key_expiration,
+      'keyValue'      => @key_value || default_key_value,
+    }
+  end
+
+  def signed_key_string
+    @signed_key_string ||= build_signed_key.to_json
+  end
+
+  def ensure_root_key
+    @root_key ||= OpenSSL::PKey::EC.new(EC_CURVE).generate_key
+  end
+
+  def ensure_intermediate_key
+    @intermediate_key ||= OpenSSL::PKey::EC.new(EC_CURVE).generate_key
+  end
+
+  def build_signature
+    return @signature if @signature
+    key = case @protocol_version
+          when :ECv1
+            ensure_root_key
+          when :ECv2
+            ensure_intermediate_key
+          end
+
+    signature_string =
+      signed_string_message = ['Google',
+                               "merchant:#{merchant_id}",
+                               @protocol_version.to_s,
+                               signed_message_string].map do |str|
+        [str.length].pack('V') + str
+      end.join
+    @signature = sign(key, signature_string)
+  end
+
+  def build_signatures
+    return @signatures if @signatures
+
+    signature_string =
+      signed_key_signature = ['Google', 'ECv2', signed_key_string].map do |str|
+        [str.to_s.length].pack('V') + str.to_s
+      end.join
+
+    @signatures = [sign(ensure_root_key, signature_string)]
+  end
+
+  def build_token
+    return @token if @token
+    res = {
+      'protocolVersion' => @protocol_version.to_s,
+      'signedMessage'   => @signed_message || signed_message_string,
+      'signature'       => build_signature,
+    }
+
+    if @protocol_version == :ECv2
+      intermediate = {
+        'intermediateSigningKey' => @intermediate_signing_key || {
+          'signedKey'  => signed_key_string,
+          'signatures' => build_signatures,
+        }
+      }
+
+      res.merge!(intermediate)
+    end
+
+    @token = res
+  end
+
+  def merchant_id
+    @merchant_id ||= DEFAULTS[:merchant_id]
+  end
+
+  def shared_secret
+    return Base64.strict_encode64(@shared_secret) if @shared_secret
+    @shared_secret ||= Random.new.bytes(32)
+    shared_secret
+  end
 end

data/lib/aliquot-pay/util.rb

@@ -1,7 +1,7 @@
 require 'openssl'
 require 'hkdf'
 
-module AliquotPay
+class AliquotPay
   class Util
     def self.generate_ephemeral_key
       OpenSSL::PKey::EC.new(AliquotPay::EC_CURVE).generate_key

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aliquot-pay
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 0.13.0
 platform: ruby
 authors:
 - Clearhaus
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-14 00:00:00.000000000 Z
+date: 2019-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hkdf