aliquot 2.0.0 → 2.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b4b575c575e5104e23692cbf9ddf45fd40555862d306a88995d33c7c2fa2085b
-  data.tar.gz: b2be001378fea01010ae490230d8cd14c0767b6fec3155a7a4d6c24c95262c7d
+  metadata.gz: 340c8e93be8733d7b403356c5d7b85f0f1b69466e8492f6750875f7d1b4b0332
+  data.tar.gz: 27bb764e594448851ddceaaf0e65afd0a8c7916b82cf65514f077ad67d65ac56
 SHA512:
-  metadata.gz: 41e6616072916a6bf54baa76e62e8e9ccd07afc5056f7bcbf3886292d941f66c451f434924837e667592543184c91089f7032b25a1bb9daf646d9a69ef647529
-  data.tar.gz: adfe0fe58146dd4824c1677a482e948b4405973d6c18b7bcd31f516d446921f3b6266b8600148ec05b7c03ba78650c7f33de39f100e93eed8587abcee28999c2
+  metadata.gz: 70e3dfd919b5b2dde76eb7025a6627b46f2462096a7a9ce747764315c8b612104be97a38c7c4e8f7b2d5927e807adf992dc4bd7c145d5e091c6a699c5fae4830
+  data.tar.gz: 58c0275b221f378289d417131eb3e84039be05183b09e0e00cdb0b5ad8450d59c28d859ec5242544ce6eedbd0b0a933b6ad82e4e3bd0fb3ae0d62041e9e44a8d

data/lib/aliquot/validator.rb

@@ -9,143 +9,221 @@ module Aliquot
   module Validator
     # Verified according to:
     # https://developers.google.com/pay/api/web/guides/resources/payment-data-cryptography#payment-method-token-structure
-    module Predicates
-      include Dry::Logic::Predicates
-
-      CUSTOM_PREDICATE_ERRORS = {
-        base64?:          'must be Base64',
-        pan?:             'must be a pan',
-        ec_public_key?:   'must be an EC public key',
-        eci?:             'must be an ECI',
-        json_string?:     'must be valid JSON',
-        integer_string?:  'must be string encoded integer',
-        month?:           'must be a month (1..12)',
-        year?:            'must be a year (2000..3000)',
-        base64_asn1?:     'must be base64 encoded asn1 value',
-        json_object?:     'must be a JSON object',
-
-        authMethodCryptogram3DS: 'authMethod CRYPTOGRAM_3DS requires eciIndicator',
-        authMethodCard:          'eciIndicator/cryptogram must be omitted when PAN_ONLY',
-      }.freeze
-
-      # Support Ruby 2.3, but use the faster #match? when available.
-      match_b = ''.respond_to?(:match?) ? ->(s, re) { s.match?(re) } : ->(s, re) { !!(s =~ re) }
-
-      def self.to_bool(lbd)
-        lbd.call
-        true
-      rescue
-        false
-      end
 
-      predicate(:base64?) do |x|
-        str?(x) &&
-          match_b.call(x, /\A[=A-Za-z0-9+\/]*\z/) && # allowable chars
-          x.length.remainder(4).zero? && # multiple of 4
-          !match_b.call(x, /=[^$=]/) && # may only end with ='s
-          !match_b.call(x, /===/) # at most 2 ='s
-      end
+    CUSTOM_ERRORS = {
+      base64?:         'must be Base64',
+      pan?:            'must be a PAN',
+      ec_public_key?:  'must be an EC public key',
+      eci?:            'must be an ECI',
+      integer_string?: 'must be string encoded integer',
+      month?:          'must be a month (1..12)',
+      year?:           'must be a year (2000..3000)',
+      base64_asn1?:    'must be base64-encoded ANS.1 value',
+      json?:           'must be valid JSON',
+
+      is_authMethodCryptogram3DS: 'authMethod CRYPTOGRAM_3DS requires eciIndicator',
+      is_authMethodCard:          'eciIndicator/cryptogram must be omitted when PAN_ONLY',
+    }.freeze
+
+    def self.base64_check(value)
+      /\A[=A-Za-z0-9+\/]*\z/.match?(value) && # allowable chars
+        value.length.remainder(4).zero? && # multiple of 4
+        !/=[^$=]/.match?(value) && # may only end with ='s
+        !/===/.match?(value) # at most 2 ='s
+    end
 
-      # We should figure out how strict we should be. Hopefully we can discard
-      # the above Base64? predicate and use the following simpler one:
-      #predicate(:strict_base64?) { |x| !!Base64.strict_decode64(x) rescue false }
+    Dry::Validation.register_macro(:base64?) do
+      if key?
+        unless Aliquot::Validator.base64_check(value)
+          key.failure(CUSTOM_ERRORS[:base64?])
+        end
+      end
+    end
 
-      predicate(:pan?) { |x| match_b.call(x, /\A[1-9][0-9]{11,18}\z/) }
+    def self.ans1_check(value)
+      OpenSSL::ASN1.decode(Base64.strict_decode64(value)) rescue false
+    end
 
-      predicate(:eci?) { |x| str?(x) && match_b.call(x, /\A\d{1,2}\z/) }
+    Dry::Validation.register_macro(:base64_asn1?) do
+      if key?
+        unless Aliquot::Validator.ans1_check(value)
+          key.failure(CUSTOM_ERRORS[:base64_asn1?])
+        end
+      end
+    end
 
-      predicate(:ec_public_key?) { |x| base64?(x) && OpenSSL::PKey::EC.new(Base64.decode64(x)).check_key rescue false }
+    Dry::Validation.register_macro(:pan?) do
+      if key?
+        unless /\A[1-9][0-9]{11,18}\z/.match?(value)
+          key.failure(CUSTOM_ERRORS[:pan?])
+        end
+      end
+    end
 
-      predicate(:json_string?) { |x| !!JSON.parse(x) rescue false }
+    Dry::Validation.register_macro(:ec_public_key?) do
+      if key?
+        begin
+          OpenSSL::PKey::EC.new(Base64.decode64(value)).check_key
+        rescue
+          key.failure(CUSTOM_ERRORS[:ec_public_key?])
+        end
+      end
+    end
 
-      predicate(:integer_string?) { |x| str?(x) && match_b.call(x, /\A\d+\z/) }
+    Dry::Validation.register_macro(:eci?) do
+      if key?
+        unless /\A\d{1,2}\z/.match?(value)
+          key.failure(CUSTOM_ERRORS[:eci?])
+        end
+      end
+    end
 
-      predicate(:month?) { |x| x.between?(1, 12) }
+    Dry::Validation.register_macro(:integer_string?) do
+      if key?
+        unless /\A\d+\z/.match?(value)
+          key.failure(CUSTOM_ERRORS[:integer_string?])
+        end
+      end
+    end
 
-      predicate(:year?) { |x| x.between?(2000, 3000) }
+    Dry::Validation.register_macro(:json?) do
+      if key?
+        json = JSON.parse(value) rescue false
+        key.failure(CUSTOM_ERRORS[:json?]) unless json
+      end
+    end
 
-      predicate(:base64_asn1?) { |x| OpenSSL::ASN1.decode(Base64.strict_decode64(x)) rescue false }
+    Dry::Validation.register_macro(:month?) do
+      if key?
+        unless value.between?(1, 12)
+          key.failure(CUSTOM_ERRORS[:month?])
+        end
+      end
+    end
 
-      predicate(:json_object?) { |x| hash?(x) }
+    Dry::Validation.register_macro(:year?) do
+      if key?
+        unless value.between?(2000, 3000)
+          key.failure(CUSTOM_ERRORS[:year?])
+        end
+      end
     end
 
-    # Base for DRY-Validation schemas used in Aliquot.
-    class BaseSchema < Dry::Validation::Schema::JSON
-      predicates(Predicates)
-      def self.messages
-        super.merge(en: { errors: Predicates::CUSTOM_PREDICATE_ERRORS })
+    class SignedKeyContract < Dry::Validation::Contract
+      json do
+        required(:keyExpiration).filled(:str?)
+        required(:keyValue).filled(:str?)
       end
+      rule(:keyExpiration).validate(:integer_string?)
+      rule(:keyValue).validate(:ec_public_key?)
     end
 
-    # Schema used for the 'intermediateSigningKey' hash included in ECv2.
-    IntermediateSigningKeySchema = Dry::Validation.Schema(BaseSchema) do
-      required(:signedKey).filled(:str?, :json_string?)
+    SignedKeySchema = SignedKeyContract.new
 
-      required(:signatures).filled(:array?) { each { base64? & base64_asn1? } }
+    # Schema used for the 'intermediateSigningKey' hash included in ECv2.
+    class IntermediateSigningKeyContract < Dry::Validation::Contract
+      json do
+        required(:signedKey).filled(:str?)
+        required(:signatures).array(:str?)
+      end
+      rule(:signedKey).validate(:json?)
+      rule(:signatures).each do
+        key.failure('must be Base64') unless Aliquot::Validator.base64_check(value) &&
+          Aliquot::Validator.ans1_check(value)
+      end
     end
 
-    SignedKeySchema = Dry::Validation.Schema(BaseSchema) do
-      required(:keyExpiration).filled(:integer_string?)
-      required(:keyValue).filled(:ec_public_key?)
-    end
+    IntermediateSigningKeySchema = IntermediateSigningKeyContract.new
 
     # DRY-Validation schema for Google Pay token
-    TokenSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:signature).filled(:str?, :base64?, :base64_asn1?)
-
-      required(:protocolVersion).filled(:str?).when(eql?: 'ECv2') do
-        required(:intermediateSigningKey)
+    class TokenContract < Dry::Validation::Contract
+      json do
+        required(:signature).filled(:str?)
+        required(:signedMessage).filled(:str?)
+        required(:protocolVersion).filled(:str?)
+        optional(:intermediateSigningKey).hash(IntermediateSigningKeyContract.new.schema)
       end
+      rule(:signature).validate(:base64?, :base64_asn1?)
+      rule(:signedMessage).validate(:json?)
 
-      required(:signedMessage).filled(:str?, :json_string?)
-
-      optional(:intermediateSigningKey).value(:json_object?) { schema(IntermediateSigningKeySchema) }
+      rule(:intermediateSigningKey) do
+        key.failure('is missing') if 'ECv2'.eql?(values[:protocolVersion]) &&
+          values[:intermediateSigningKey].nil?
+      end
     end
 
+    TokenSchema = TokenContract.new
+
     # DRY-Validation schema for signedMessage component Google Pay token
-    SignedMessageSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:encryptedMessage).filled(:str?, :base64?)
-      required(:ephemeralPublicKey).filled(:str?, :base64?)
-      required(:tag).filled(:str?, :base64?)
+    class SignedMessageContract < Dry::Validation::Contract
+      json do
+        required(:encryptedMessage).filled(:str?)
+        required(:ephemeralPublicKey).filled(:str?)
+        required(:tag).filled(:str?)
+      end
+      rule(:encryptedMessage).validate(:base64?)
+      rule(:ephemeralPublicKey).validate(:base64?)
+      rule(:tag).validate(:base64?)
     end
 
-    # DRY-Validation schema for paymentMethodDetails component Google Pay token
-    PaymentMethodDetailsSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:pan).filled(:integer_string?, :pan?)
-      required(:expirationMonth).filled(:int?, :month?)
-      required(:expirationYear).filled(:int?, :year?)
-      required(:authMethod).filled(:str?, included_in?: %w[PAN_ONLY CRYPTOGRAM_3DS])
-
-      optional(:cryptogram).filled(:str?)
-      optional(:eciIndicator).filled(:str?, :eci?)
+    SignedMessageSchema = SignedMessageContract.new
 
-      rule(cryptogram: %i[authMethod cryptogram]) do |method, cryptogram|
-        method.eql?('CRYPTOGRAM_3DS') > required(:cryptogram)
+    # DRY-Validation schema for paymentMethodDetails component Google Pay token
+    class PaymentMethodDetailsContract < Dry::Validation::Contract
+      json do
+        required(:pan).filled(:str?)
+        required(:expirationMonth).filled(:int?)
+        required(:expirationYear).filled(:int?)
+        required(:authMethod).filled(:str?, included_in?: %w[PAN_ONLY CRYPTOGRAM_3DS])
+
+        optional(:cryptogram).filled(:str?)
+        optional(:eciIndicator).filled(:str?)
+      end
+      rule(:pan).validate(:integer_string?, :pan?)
+      rule(:expirationMonth).validate(:month?)
+      rule(:expirationYear).validate(:year?)
+      rule(:eciIndicator).validate(:eci?)
+
+      rule(:cryptogram) do
+        key.failure('is missing') if 'CRYPTOGRAM_3DS'.eql?(values[:authMethod]) &&
+          values[:cryptogram].nil?
       end
 
-      rule(eciIndicator: %i[authMethod eciIndicator]) do |method, eci|
-        method.eql?('PAN_ONLY').then(eci.none?)
+      rule(:cryptogram) do
+        key.failure('cannot be defined') if 'PAN_ONLY'.eql?(values[:authMethod]) &&
+          !values[:cryptogram].nil?
       end
 
-      rule(cryptogram: %i[authMethod cryptogram]) do |method, cryptogram|
-        method.eql?('PAN_ONLY').then(cryptogram.none?)
+      rule(:eciIndicator) do
+        key.failure('cannot be defined') if 'PAN_ONLY'.eql?(values[:authMethod]) &&
+          !values[:eciIndicator].nil?
       end
     end
 
+    PaymentMethodDetailsSchema = PaymentMethodDetailsContract.new
+
     # DRY-Validation schema for encryptedMessage component Google Pay token
-    EncryptedMessageSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:messageExpiration).filled(:str?, :integer_string?)
-      required(:messageId).filled(:str?)
-      required(:paymentMethod).filled(:str?, eql?: 'CARD')
-      required(:paymentMethodDetails).value(:json_object?) { schema PaymentMethodDetailsSchema }
+    class EncryptedMessageContract < Dry::Validation::Contract
+      json do
+        required(:messageExpiration).filled(:str?)
+        required(:messageId).filled(:str?)
+        required(:paymentMethod).filled(:str?)
+        required(:paymentMethodDetails).filled(:hash).schema(PaymentMethodDetailsContract.schema)
+      end
+      rule(:messageExpiration).validate(:integer_string?)
+      rule(:paymentMethod) do
+        key.failure('must be equal to CARD') unless 'CARD'.eql?(value)
+      end
     end
 
+    EncryptedMessageSchema = EncryptedMessageContract.new
+
     module InstanceMethods
       attr_reader :output
 
       def validate
         @validation ||= @schema.call(@input)
-        @output = @validation.output
+        @output = @validation.to_h
         return true if @validation.success?
         raise Aliquot::ValidationError, "validation error(s), #{errors_formatted}"
       end
@@ -176,7 +254,9 @@ module Aliquot
     # Class for validating a Google Pay token
     class Token
       include InstanceMethods
+
       class Error < ::Aliquot::Error; end
+
       def initialize(input)
         @input = input
         @schema = TokenSchema
@@ -186,7 +266,9 @@ module Aliquot
     # Class for validating the SignedMessage component of a Google Pay token
     class SignedMessage
       include InstanceMethods
+
       class Error < ::Aliquot::Error; end
+
       def initialize(input)
         @input = input
         @schema = SignedMessageSchema
@@ -196,7 +278,9 @@ module Aliquot
     # Class for validating the encryptedMessage component of a Google Pay token
     class EncryptedMessageValidator
       include InstanceMethods
+
       class Error < ::Aliquot::Error; end
+
       def initialize(input)
         @input = input
         @schema = EncryptedMessageSchema
@@ -205,7 +289,9 @@ module Aliquot
 
     class SignedKeyValidator
       include InstanceMethods
+
       class Error < ::Aliquot::Error; end
+
       def initialize(input)
         @input = input
         @schema = SignedKeySchema

metadata

@@ -1,35 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: aliquot
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.1
 platform: ruby
 authors:
 - Clearhaus
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-01 00:00:00.000000000 Z
+date: 2022-09-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-validation
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.11.0
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.11.0
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '1.8'
 - !ruby/object:Gem::Dependency
   name: excon
   requirement: !ruby/object:Gem::Requirement
@@ -64,14 +58,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 2.1.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 2.1.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -86,7 +108,21 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3'
-description:
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
 email: hello@clearhaus.com
 executables: []
 extensions: []
@@ -100,23 +136,23 @@ homepage: https://github.com/clearhaus/aliquot
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - "~>"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.1.6
+signing_key: 
 specification_version: 4
 summary: Validates Google Pay tokens
 test_files: []