aliquot-pay 0.11.0 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aliquot-pay.rb +18 -11
- data/lib/aliquot-pay/util.rb +14 -5
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a5d8f8763b6da348c202d9ac6b747deb0f4c4e22b7ee63301dffc9c483f54369
|
|
4
|
+
data.tar.gz: 00a805257ee340456dfa3aa9920fac250f8831ed2061c8634402910e42c579d0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b64c6ceaa8c0645557a1ec10c54fd10458ed4c03b5d52e223d10b0245ef222bed81cae829094a1eeac4958948e578cf577041c01eeaa0f7085f14aedf8692c9e
|
|
7
|
+
data.tar.gz: c2a7637c5bf0f7f6238045dbde732766267782de8b1d60af57ae533bd83a45c1a6610a73783356fe397609a48c5d904316199b16ac37570f4320dbf5fd2ad621
|
data/lib/aliquot-pay.rb
CHANGED
|
@@ -20,11 +20,20 @@ module AliquotPay
|
|
|
20
20
|
Base64.strict_encode64(key.sign(d, message))
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
def self.encrypt(cleartext_message, recipient,
|
|
23
|
+
def self.encrypt(cleartext_message, recipient, protocol_version, info = 'Google')
|
|
24
24
|
eph = AliquotPay::Util.generate_ephemeral_key
|
|
25
25
|
ss = AliquotPay::Util.generate_shared_secret(eph, recipient.public_key)
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
case protocol_version
|
|
28
|
+
when :ECv1
|
|
29
|
+
cipher = OpenSSL::Cipher::AES128.new(:CTR)
|
|
30
|
+
when :ECv2
|
|
31
|
+
cipher = OpenSSL::Cipher::AES256.new(:CTR)
|
|
32
|
+
else
|
|
33
|
+
raise StandardError, "Invalid protocol_version #{protocol_version}"
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
keys = AliquotPay::Util.derive_keys(eph.public_key.to_bn.to_s(2), ss, info, protocol_version)
|
|
28
37
|
|
|
29
38
|
cipher.encrypt
|
|
30
39
|
cipher.key = keys[:aes_key]
|
|
@@ -75,17 +84,17 @@ module AliquotPay
|
|
|
75
84
|
def self.generate_signature(*args)
|
|
76
85
|
args.map do |s|
|
|
77
86
|
four_byte_length(s) + s
|
|
78
|
-
end.join
|
|
87
|
+
end.join
|
|
79
88
|
end
|
|
80
89
|
|
|
81
90
|
def self.signature_string(
|
|
82
91
|
message,
|
|
83
|
-
|
|
92
|
+
merchant_id: DEFAULTS[:merchant_id],
|
|
84
93
|
sender_id: DEFAULTS[:info],
|
|
85
94
|
protocol_version: 'ECv1'
|
|
86
95
|
)
|
|
87
96
|
|
|
88
|
-
generate_signature(sender_id,
|
|
97
|
+
generate_signature(sender_id, "merchant:#{merchant_id}", protocol_version, message)
|
|
89
98
|
end
|
|
90
99
|
|
|
91
100
|
# payment:: Google Pay token as a ruby Hash
|
|
@@ -93,8 +102,7 @@ module AliquotPay
|
|
|
93
102
|
# recipient:: OpenSSL::PKey::EC
|
|
94
103
|
# signed_message:: Pass a customized message to sign as signed messaged.
|
|
95
104
|
def self.generate_token_ecv1(payment, signing_key, recipient, signed_message = nil)
|
|
96
|
-
|
|
97
|
-
signed_message ||= JSON.unparse(encrypt(JSON.unparse(payment), recipient, cipher))
|
|
105
|
+
signed_message ||= encrypt(payment.to_json, recipient, :ECv1).to_json
|
|
98
106
|
signature_string = signature_string(signed_message)
|
|
99
107
|
|
|
100
108
|
{
|
|
@@ -106,17 +114,16 @@ module AliquotPay
|
|
|
106
114
|
|
|
107
115
|
def self.generate_token_ecv2(payment, signing_key, intermediate_key, recipient,
|
|
108
116
|
signed_message: nil, expire_time: "#{Time.now.to_i + 3600}000")
|
|
109
|
-
|
|
110
|
-
signed_message ||= JSON.unparse(encrypt(JSON.unparse(payment), recipient, cipher))
|
|
117
|
+
signed_message ||= encrypt(payment.to_json, recipient, :ECv2).to_json
|
|
111
118
|
sig = signature_string(signed_message, protocol_version: 'ECv2')
|
|
112
119
|
|
|
113
120
|
intermediate_pub = OpenSSL::PKey::EC.new(EC_CURVE)
|
|
114
121
|
intermediate_pub.public_key = intermediate_key.public_key
|
|
115
122
|
|
|
116
|
-
signed_key =
|
|
123
|
+
signed_key = {
|
|
117
124
|
'keyExpiration' => expire_time,
|
|
118
125
|
'keyValue' => Base64.strict_encode64(intermediate_pub.to_der)
|
|
119
|
-
|
|
126
|
+
}.to_json
|
|
120
127
|
|
|
121
128
|
ik_signature_string = generate_signature('Google', 'ECv2', signed_key)
|
|
122
129
|
signatures = [sign(signing_key, ik_signature_string)]
|
data/lib/aliquot-pay/util.rb
CHANGED
|
@@ -11,18 +11,27 @@ module AliquotPay
|
|
|
11
11
|
private_key.dh_compute_key(public_key)
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def self.derive_keys(ephemeral_public_key, shared_secret, info,
|
|
14
|
+
def self.derive_keys(ephemeral_public_key, shared_secret, info, protocol_version = :ECv2)
|
|
15
|
+
case protocol_version
|
|
16
|
+
when :ECv1
|
|
17
|
+
key_length = 16
|
|
18
|
+
when :ECv2
|
|
19
|
+
key_length = 32
|
|
20
|
+
else
|
|
21
|
+
raise StandardError, "invalid protocol_version #{protocol_version}"
|
|
22
|
+
end
|
|
23
|
+
|
|
15
24
|
input_keying_material = ephemeral_public_key + shared_secret
|
|
16
25
|
if OpenSSL.const_defined?(:KDF) && OpenSSL::KDF.respond_to?(:hkdf)
|
|
17
26
|
h = OpenSSL::Digest::SHA256.new
|
|
18
|
-
hbytes = OpenSSL::KDF.hkdf(input_keying_material, hash: h, salt: '', length:
|
|
27
|
+
hbytes = OpenSSL::KDF.hkdf(input_keying_material, hash: h, salt: '', length: key_length * 2, info: info)
|
|
19
28
|
else
|
|
20
|
-
hbytes = HKDF.new(input_keying_material, algorithm: 'SHA256', info: info).next_bytes(
|
|
29
|
+
hbytes = HKDF.new(input_keying_material, algorithm: 'SHA256', info: info).next_bytes(key_length * 2)
|
|
21
30
|
end
|
|
22
31
|
|
|
23
32
|
{
|
|
24
|
-
aes_key: hbytes[0
|
|
25
|
-
mac_key: hbytes[
|
|
33
|
+
aes_key: hbytes[0, key_length],
|
|
34
|
+
mac_key: hbytes[key_length, key_length],
|
|
26
35
|
}
|
|
27
36
|
end
|
|
28
37
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aliquot-pay
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.12.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Clearhaus
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-01-
|
|
11
|
+
date: 2019-01-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: hkdf
|
|
@@ -65,8 +65,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
65
65
|
- !ruby/object:Gem::Version
|
|
66
66
|
version: '0'
|
|
67
67
|
requirements: []
|
|
68
|
-
|
|
69
|
-
rubygems_version: 2.7.7
|
|
68
|
+
rubygems_version: 3.0.2
|
|
70
69
|
signing_key:
|
|
71
70
|
specification_version: 4
|
|
72
71
|
summary: Generates Google Pay test dummy tokens
|