aliquot 0.10.0 → 0.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aliquot/error.rb +16 -1
- data/lib/aliquot/payment.rb +31 -5
- data/lib/aliquot/validator.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4ba838f9284bf05a6b396005bf21c4bbecefe36432457b4b5dfb48c76997353e
|
4
|
+
data.tar.gz: 96a202458e4bb76634375857f4af9c3a1f0f3529d0e2089e64b295345590778e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6607632c5489062965cc3a95eb66b2a572af1821f0b4506d2e5e20ea23ba974741beb6091dfc16de78b3ba53ccab62a87c16a183dbf1d4f8b6ae9b01d6bde94c
|
7
|
+
data.tar.gz: d39edb966edf213869963edfaf753893a11dbe13b8f72af130be3ffb0c12da3a1dbf65b21448492500be9d63abfb8fffbfb7fdd5087dd9fbce292cd1dbe66bd0
|
data/lib/aliquot/error.rb
CHANGED
@@ -2,8 +2,17 @@ module Aliquot
|
|
2
2
|
# Base class for all errors thrown in Aliquot
|
3
3
|
class Error < StandardError; end
|
4
4
|
|
5
|
+
# Error in the input
|
6
|
+
class InputError < Error; end
|
7
|
+
|
8
|
+
# Errors in decryption. Might not be possible to provoke
|
9
|
+
class DecryptionError < Error; end
|
10
|
+
|
11
|
+
# When key derivation fails. Might not be possible to provoke
|
12
|
+
class KeyDerivationError < Error; end
|
13
|
+
|
5
14
|
# Thrown if the token is expired
|
6
|
-
class
|
15
|
+
class TokenExpiredError < Error; end
|
7
16
|
|
8
17
|
# Thrown if the signature is invalid
|
9
18
|
class InvalidSignatureError < Error; end
|
@@ -13,4 +22,10 @@ module Aliquot
|
|
13
22
|
|
14
23
|
# Thrown if there was an error validating the input data
|
15
24
|
class ValidationError < Error; end
|
25
|
+
|
26
|
+
# Thrown if JSON is invalid.
|
27
|
+
class FormatError < Error; end
|
28
|
+
|
29
|
+
# When shared_secret is invalid
|
30
|
+
class InvalidSharedSecretError < Error; end
|
16
31
|
end
|
data/lib/aliquot/payment.rb
CHANGED
@@ -21,8 +21,12 @@ module Aliquot
|
|
21
21
|
def initialize(token_string, shared_secret, merchant_id,
|
22
22
|
signing_keys: ENV['GOOGLE_SIGNING_KEYS'])
|
23
23
|
|
24
|
-
|
25
|
-
|
24
|
+
begin
|
25
|
+
validation = Aliquot::Validator::Token.new(JSON.parse(token_string))
|
26
|
+
validation.validate
|
27
|
+
rescue JSON::JSONError => e
|
28
|
+
raise InputError, "token JSON invalid, #{e.message}"
|
29
|
+
end
|
26
30
|
|
27
31
|
@token = validation.output
|
28
32
|
|
@@ -38,19 +42,31 @@ module Aliquot
|
|
38
42
|
raise Error, 'only ECv1 protocolVersion is supported'
|
39
43
|
end
|
40
44
|
|
45
|
+
check_shared_secret
|
46
|
+
|
41
47
|
raise InvalidSignatureError unless valid_signature?
|
42
48
|
|
43
49
|
validator = Aliquot::Validator::SignedMessage.new(JSON.parse(@token[:signedMessage]))
|
44
50
|
validator.validate
|
45
51
|
signed_message = validator.output
|
46
52
|
|
47
|
-
|
53
|
+
begin
|
54
|
+
aes_key, mac_key = derive_keys(signed_message[:ephemeralPublicKey], @shared_secret, 'Google')
|
55
|
+
rescue => e
|
56
|
+
raise KeyDerivationError, "unable to derive keys, #{e.message}"
|
57
|
+
end
|
48
58
|
|
49
59
|
unless self.class.valid_mac?(mac_key, signed_message[:encryptedMessage], signed_message[:tag])
|
50
60
|
raise InvalidMacError
|
51
61
|
end
|
52
62
|
|
53
|
-
|
63
|
+
begin
|
64
|
+
@message = JSON.parse(self.class.decrypt(aes_key, signed_message[:encryptedMessage]))
|
65
|
+
rescue JSON::JSONError => e
|
66
|
+
raise InputError, "encryptedMessage JSON invalid, #{e.message}"
|
67
|
+
rescue => e
|
68
|
+
raise DecryptionError, "decryption failed, #{e.message}"
|
69
|
+
end
|
54
70
|
|
55
71
|
message_validator = Aliquot::Validator::EncryptedMessageValidator.new(@message)
|
56
72
|
message_validator.validate
|
@@ -58,7 +74,7 @@ module Aliquot
|
|
58
74
|
# Output is hashed with symbolized keys.
|
59
75
|
@message = message_validator.output
|
60
76
|
|
61
|
-
raise
|
77
|
+
raise TokenExpiredError if expired?
|
62
78
|
|
63
79
|
@message
|
64
80
|
end
|
@@ -137,5 +153,15 @@ module Aliquot
|
|
137
153
|
|
138
154
|
[key_bytes[0..15], key_bytes[16..32]]
|
139
155
|
end
|
156
|
+
|
157
|
+
def check_shared_secret
|
158
|
+
begin
|
159
|
+
decoded = Base64.strict_decode64(@shared_secret)
|
160
|
+
rescue
|
161
|
+
raise InvalidSharedSecretError, 'shared_secret must be base64'
|
162
|
+
end
|
163
|
+
|
164
|
+
raise InvalidSharedSecretError, 'shared_secret must be 32 bytes when base64 decoded' unless decoded.length == 32
|
165
|
+
end
|
140
166
|
end
|
141
167
|
end
|
data/lib/aliquot/validator.rb
CHANGED
@@ -125,7 +125,7 @@ module Aliquot
|
|
125
125
|
@validation ||= @schema.call(@input)
|
126
126
|
@output = @validation.output
|
127
127
|
return true if @validation.success?
|
128
|
-
raise Aliquot::ValidationError, "validation error
|
128
|
+
raise Aliquot::ValidationError, "validation error(s), #{errors_formatted}"
|
129
129
|
end
|
130
130
|
|
131
131
|
def valid?
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aliquot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.11.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Clearhaus
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-01-
|
11
|
+
date: 2019-01-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dry-validation
|
@@ -58,14 +58,14 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
61
|
+
version: 0.6.0
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
68
|
+
version: 0.6.0
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: pry
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|