amazon_pay 2.0.0

data/lib/amazon_pay/client_helper.rb

@@ -0,0 +1,193 @@
+module AmazonPay
+
+  # This will extend the client class to add additional
+  # helper methods that combine core API calls.
+  class Client
+
+    # This method combines multiple API calls to perform
+    # a complete transaction with minimum requirements.
+    # @param amazon_reference_id [String]
+    # @param authorization_reference_id [String]
+    # @param charge_amount [String]
+    # @optional charge_currency_code [String]
+    # @optional charge_note [String]
+    # @optional charge_order [String]
+    # @optional store_name [String]
+    # @optional custom_information [String]
+    # @optional soft_descriptor [String]
+    # @optional platform_id [String]
+    # @optional merchant_id [String]
+    # @optional mws_auth_token [String]
+    def charge(
+            amazon_reference_id,
+            authorization_reference_id,
+            charge_amount,
+            charge_currency_code: @currency_code,
+            charge_note: nil,
+            charge_order_id: nil,
+            store_name: nil,
+            custom_information: nil,
+            soft_descriptor: nil,
+            platform_id: nil,
+            merchant_id: @merchant_id,
+            mws_auth_token: nil)
+
+      if is_order_reference?(amazon_reference_id)
+        response = call_order_reference_api(
+                       amazon_reference_id,
+                       authorization_reference_id,
+                       charge_amount,
+                       charge_currency_code,
+                       charge_note,
+                       charge_order_id,
+                       store_name,
+                       custom_information,
+                       soft_descriptor,
+                       platform_id,
+                       merchant_id,
+                       mws_auth_token)
+        return response
+      end
+
+      if is_billing_agreement?(amazon_reference_id)
+        response = call_billing_agreement_api(
+                       amazon_reference_id,
+                       authorization_reference_id,
+                       charge_amount,
+                       charge_currency_code,
+                       charge_note,
+                       charge_order_id,
+                       store_name,
+                       custom_information,
+                       soft_descriptor,
+                       platform_id,
+                       merchant_id,
+                       mws_auth_token)
+        return response
+      end
+    end
+
+    private
+
+    def call_order_reference_api(
+            amazon_reference_id,
+            authorization_reference_id,
+            charge_amount,
+            charge_currency_code,
+            charge_note,
+            charge_order_id,
+            store_name,
+            custom_information,
+            soft_descriptor,
+            platform_id,
+            merchant_id,
+            mws_auth_token)
+
+      response = set_order_reference_details(
+        amazon_reference_id,
+        charge_amount,
+        currency_code: charge_currency_code,
+        platform_id: platform_id,
+        seller_note: charge_note,
+        seller_order_id: charge_order_id,
+        store_name: store_name,
+        custom_information: custom_information,
+        merchant_id: merchant_id,
+        mws_auth_token: mws_auth_token)
+      if response.success
+        response = confirm_order_reference(
+          amazon_reference_id,
+          merchant_id: merchant_id,
+          mws_auth_token: mws_auth_token)
+        if response.success
+          response = authorize(
+            amazon_reference_id,
+            authorization_reference_id,
+            charge_amount,
+            currency_code: charge_currency_code,
+            seller_authorization_note: charge_note,
+            transaction_timeout: 0,
+            capture_now: true,
+            soft_descriptor: soft_descriptor,
+            merchant_id: merchant_id,
+            mws_auth_token: mws_auth_token)
+          return response
+        else
+          return response
+        end
+      else
+        return response
+      end
+    end
+
+    def call_billing_agreement_api(
+            amazon_reference_id,
+            authorization_reference_id,
+            charge_amount,
+            charge_currency_code,
+            charge_note,
+            charge_order_id,
+            store_name,
+            custom_information,
+            soft_descriptor,
+            platform_id,
+            merchant_id,
+            mws_auth_token)
+
+      response = get_billing_agreement_details(
+        amazon_reference_id,
+        merchant_id: merchant_id,
+        mws_auth_token: mws_auth_token)
+      if response.get_element('GetBillingAgreementDetailsResponse/GetBillingAgreementDetailsResult/BillingAgreementDetails/BillingAgreementStatus','State').eql?('Draft')
+        response = set_billing_agreement_details(
+          amazon_reference_id,
+          platform_id: platform_id,
+          seller_note: charge_note,
+          seller_billing_agreement_id: charge_order_id,
+          store_name: store_name,
+          custom_information: custom_information,
+          merchant_id: merchant_id,
+          mws_auth_token: mws_auth_token)
+        if response.success
+          response = confirm_billing_agreement(
+            amazon_reference_id,
+            merchant_id: merchant_id,
+            mws_auth_token: mws_auth_token)
+          if response.success.eql?(false)
+            return response
+          end
+        end
+      end
+
+      response = authorize_on_billing_agreement(
+        amazon_reference_id,
+        authorization_reference_id,
+        charge_amount,
+        currency_code: charge_currency_code,
+        seller_authorization_note: charge_note,
+        transaction_timeout: 0,
+        capture_now: true,
+        soft_descriptor: soft_descriptor,
+        seller_note: charge_note,
+        platform_id: platform_id,
+        seller_order_id: charge_order_id,
+        store_name: store_name,
+        custom_information: custom_information,
+        inherit_shipping_address: true,
+        merchant_id: merchant_id,
+        mws_auth_token: mws_auth_token)
+      return response
+    end
+
+
+    def is_order_reference?(amazon_reference_id)
+      amazon_reference_id.start_with?('S','P')
+    end
+
+    def is_billing_agreement?(amazon_reference_id)
+      amazon_reference_id.start_with?('C','B')
+    end
+
+  end
+
+end

data/lib/amazon_pay/ipn_handler.rb

@@ -0,0 +1,222 @@
+require 'base64'
+require 'json'
+require 'net/http'
+require 'net/https'
+require 'openssl'
+require 'uri'
+
+module AmazonPay
+
+  class IpnWasNotAuthenticError < StandardError
+  end
+
+  # AmazonPay Ipn Handler
+  #
+  # This class authenticates an sns message sent from Amazon. It
+  # will validate the header, subject, and certificate. After validation
+  # there are many helper methods in place to extract information received
+  # from the ipn notification.
+  class IpnHandler
+
+    SIGNABLE_KEYS = [
+      'Message',
+      'MessageId',
+      'Timestamp',
+      'TopicArn',
+      'Type',
+    ].freeze
+
+    COMMON_NAME = 'sns.amazonaws.com'
+
+    attr_reader(:headers, :body)
+    attr_accessor(:proxy_addr, :proxy_port, :proxy_user, :proxy_pass)
+
+    # @param headers [request.headers]
+    # @param body [request.body.read]
+    # @optional proxy_addr [String]
+    # @optional proxy_port [String]
+    # @optional proxy_user [String]
+    # @optional proxy_pass [String]
+    def initialize(
+            headers,
+            body,
+            proxy_addr: :ENV,
+            proxy_port: nil,
+            proxy_user: nil,
+            proxy_pass: nil)
+
+      @body = body
+      @raw = parse_from(@body)
+      @headers = headers
+      @proxy_addr = proxy_addr
+      @proxy_port = proxy_port
+      @proxy_user = proxy_user
+      @proxy_pass = proxy_pass
+    end
+
+    # This method will authenticate the ipn message sent from Amazon.
+    # It will return true if everything is verified. It will raise an
+    # error message if verification fails.
+    def authentic?
+      begin
+        decoded_from_base64 = Base64.decode64(signature)
+        validate_header
+        validate_subject(get_certificate.subject)
+        public_key = get_public_key_from(get_certificate)
+        verify_public_key(public_key, decoded_from_base64, canonical_string)
+
+        return true
+      rescue IpnWasNotAuthenticError => e
+        raise e.message
+      end
+    end
+
+    def type
+      @raw['Type']
+    end
+
+    def message_id
+      @raw['MessageId']
+    end
+
+    def topic_arn
+      @raw['TopicArn']
+    end
+
+    def message
+      @raw['Message']
+    end
+
+    def timestamp
+      @raw['Timestamp']
+    end
+
+    def signature
+      @raw['Signature']
+    end
+
+    def signature_version
+      @raw['SignatureVersion']
+    end
+
+    def signing_cert_url
+      @raw['SigningCertURL']
+    end
+
+    def unsubscribe_url
+      @raw['UnsubscribeURL']
+    end
+
+    def notification_type
+      parse_from(@raw['Message'])["NotificationType"]
+    end
+
+    def seller_id
+      parse_from(@raw['Message'])["SellerId"]
+    end
+
+    def environment
+      parse_from(@raw['Message'])["ReleaseEnvironment"]
+    end
+
+    def version
+      parse_from(@raw['Message'])["Version"]
+    end
+
+    def notification_data
+      parse_from(@raw['Message'])["NotificationData"]
+    end
+
+    def message_timestamp
+      parse_from(@raw['Message'])["Timestamp"]
+    end
+
+    def parse_from(json)
+      JSON.parse(json)
+    end
+
+    protected
+
+    def get_certificate
+      cert_pem = download_cert(signing_cert_url)
+      OpenSSL::X509::Certificate.new(cert_pem)
+    end
+
+    def get_public_key_from(certificate)
+      OpenSSL::PKey::RSA.new(certificate.public_key)
+    end
+
+    def canonical_string
+      text = ''
+      SIGNABLE_KEYS.each do |key|
+        value = @raw[key]
+        next if value.nil? or value.empty?
+        text << key << "\n"
+        text << value << "\n"
+      end
+      text
+    end
+
+    def download_cert(url)
+      uri = URI.parse(url)
+      unless
+        uri.scheme == 'https' &&
+        uri.host.match(/^sns\.[a-zA-Z0-9\-]{3,}\.amazonaws\.com(\.cn)?$/) &&
+        File.extname(uri.path) == '.pem'
+      then
+        msg = "Error - certificate is not hosted at AWS URL (https): #{url}"
+        raise IpnWasNotAuthenticError, msg
+      end
+      tries = 0
+      begin
+        resp = https_get(url)
+        resp.body
+      rescue => error
+        tries += 1
+        retry if tries < 3
+        raise error
+      end
+    end
+
+    def https_get(url)
+      uri = URI.parse(url)
+      http = Net::HTTP.new(uri.host, uri.port, @proxy_addr, @proxy_port, @proxy_user, @proxy_pass)
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      http.start
+      resp = http.request(Net::HTTP::Get.new(uri.request_uri))
+      http.finish
+      resp
+    end
+
+    def validate_header
+      unless
+        @headers['x-amz-sns-message-type'] == 'Notification'
+      then
+        msg = "Error - Header does not contain x-amz-sns-message-type header"
+        raise IpnWasNotAuthenticError, msg
+      end
+    end
+
+    def validate_subject(certificate_subject)
+      subject = certificate_subject.to_a
+      unless
+        subject[4][1] == COMMON_NAME
+      then
+        msg = "Error - Unable to verify certificate subject issued by Amazon"
+        raise IpnWasNotAuthenticError, msg
+      end
+    end
+
+    def verify_public_key(public_key, decoded_signature, signed_string)
+      unless
+        public_key.verify(OpenSSL::Digest::SHA1.new, decoded_signature, signed_string)
+      then
+        msg = "Error - Unable to verify public key with signature and signed string"
+        raise IpnWasNotAuthenticError, msg
+      end
+    end
+
+  end
+
+end

data/lib/amazon_pay/login.rb

@@ -0,0 +1,75 @@
+require 'uri'
+require 'net/http'
+require 'net/https'
+require 'json'
+require 'openssl'
+
+module AmazonPay
+
+  # AmazonPay API
+  #
+  # This class allows you to obtain user profile
+  # information once a user has logged into your
+  # application using their Amazon credentials.
+  class Login
+
+    attr_reader(:region)
+
+    attr_accessor(:client_id, :sandbox)
+
+    # @param client_id [String]
+    # @optional region [Symbol] Default: :na
+    # @optional sandbox [Boolean] Default: false
+    def initialize(client_id, region: :na, sandbox: false)
+      @client_id = client_id
+      @region = region
+      @endpoint = region_hash[@region]
+      @sandbox = sandbox
+      @sandbox_str = @sandbox ? "api.sandbox" : "api"
+    end
+
+    # This method will validate the access token and
+    # return the user's profile information.
+    # @param access_token [String]
+    def get_login_profile(access_token)
+      decoded_access_token = URI.decode(access_token)
+      encoded_access_token = URI.encode(decoded_access_token)
+      uri = URI("https://#{@sandbox_str}.#{@endpoint}/auth/o2/tokeninfo?access_token=#{encoded_access_token}")
+      req = Net::HTTP::Get.new(uri.request_uri)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      response = http.request(req)
+      decode = JSON.parse(response.body)
+
+      if decode['aud'] != @client_id
+        raise "Invalid Access Token"
+      end
+
+      uri = URI.parse("https://#{@sandbox_str}.#{@endpoint}/user/profile")
+      req = Net::HTTP::Get.new(uri.request_uri)
+      req['Authorization'] = "bearer " + decoded_access_token
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      response = http.request(req)
+      decoded_login_profile = JSON.parse(response.body)
+      return decoded_login_profile
+    end
+
+    private
+
+    def region_hash
+      {
+        :jp => 'amazon.co.jp',
+        :uk => 'amazon.co.uk',
+        :de => 'amazon.de',
+        :eu => 'amazon.co.uk',
+        :us => 'amazon.com',
+        :na => 'amazon.com'
+      }
+    end
+
+  end
+
+end

data/lib/amazon_pay/request.rb

@@ -0,0 +1,114 @@
+require 'uri'
+require 'net/http'
+require 'net/https'
+require 'base64'
+require 'openssl'
+
+module AmazonPay
+
+  # This class creates the request to send to the
+  # specified MWS endpoint.
+  class Request
+        
+    MAX_RETRIES = 3
+
+    def initialize(
+            parameters,
+            optional,
+            default_hash,
+            mws_endpoint,
+            sandbox_str,
+            secret_key,
+            proxy_addr,
+            proxy_port,
+            proxy_user,
+            proxy_pass,
+            throttle,
+            application_name,
+            application_version)
+
+      @parameters = parameters
+      @optional = optional
+      @default_hash = default_hash
+      @mws_endpoint = mws_endpoint
+      @sandbox_str = sandbox_str
+      @secret_key = secret_key
+      @proxy_addr = proxy_addr
+      @proxy_port = proxy_port
+      @proxy_user = proxy_user
+      @proxy_pass = proxy_pass
+      @throttle = throttle
+      @application_name = application_name
+      @application_version = application_version
+    end
+
+    # This method sends the post request.
+    def send_post
+      post_url = build_post_url
+      post(@mws_endpoint, @sandbox_str, post_url)
+    end
+
+    private
+
+    # This method combines the required and optional
+    # parameters to sign the post body and generate
+    # the post url.
+    def build_post_url
+      @optional.map { |k, v| @parameters[k] = v unless v.nil? }
+      @parameters = @default_hash.merge(@parameters)
+      post_url = @parameters.sort.map { |k, v| "#{k}=#{ custom_escape(v) }" }.join("&")
+      post_body = ["POST", "#{@mws_endpoint}", "/#{@sandbox_str}/#{AmazonPay::API_VERSION}", post_url].join("\n")
+      post_url += "&Signature=" + sign(post_body)
+      return post_url
+    end
+
+    # This method signs the post body that is being sent
+    # using the secret key provided.
+    def sign(post_body)
+      custom_escape(Base64.strict_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, @secret_key, post_body)))
+    end
+
+    # This method performs the post to the MWS endpoint.
+    # It will retry three times after the initial post if
+    # the status code comes back as either 500 or 503.
+    def post(mws_endpoint, sandbox_str, post_url)
+      uri = URI("https://#{mws_endpoint}/#{sandbox_str}/#{AmazonPay::API_VERSION}")
+      https = Net::HTTP.new(uri.host, uri.port, @proxy_addr, @proxy_port, @proxy_user, @proxy_pass)
+      https.use_ssl = true
+      https.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      
+      user_agent = {"User-Agent" => "#{AmazonPay::SDK_NAME}/#{AmazonPay::VERSION}; (#{@application_name + '/' if @application_name }#{@application_version.to_s + ';' if @application_version} #{RUBY_VERSION}; #{RUBY_PLATFORM})"}
+
+      tries = 0
+      begin
+        response = https.post(uri.path, post_url, user_agent)
+        if @throttle.eql?(true)
+          if response.code.eql?('500')
+            raise 'InternalServerError'
+          elsif response.code.eql?('503')
+            raise 'ServiceUnavailable or RequestThrottled'
+          end
+        end
+        AmazonPay::Response.new(response)
+      rescue => error
+        tries += 1
+        sleep(get_seconds_for_try_count(tries))
+        retry if tries <= MAX_RETRIES
+        raise error.message
+      end
+    end
+
+    def get_seconds_for_try_count(try_count)
+      seconds = { 1=>1, 2=>4, 3=>10, 4=>0 }
+      seconds[try_count]
+    end
+
+    def custom_escape(val)
+      val.to_s.gsub(/([^\w.~-]+)/) do
+        "%" + $1.unpack("H2" * $1.bytesize).join("%").upcase
+      end
+    end
+
+  end
+
+end

data/lib/amazon_pay/response.rb

@@ -0,0 +1,42 @@
+require 'rexml/document'
+
+module AmazonPay
+
+  # This class provides helpers to parse the response
+  class Response
+
+     def initialize(response)
+       @response = response
+     end
+
+     def body
+       @response.body
+     end
+
+     def to_xml
+       REXML::Document.new(body)
+     end
+
+     def get_element(xpath, xml_element)
+       xml = self.to_xml
+       xml.elements.each(xpath) do |element|
+         @value = element.elements[xml_element].text
+       end
+       return @value
+     end
+
+     def code
+       @response.code
+     end
+
+     def success
+      if @response.code.eql? '200'
+         return true
+      else
+         return false
+      end
+     end
+
+  end
+
+end

data/lib/amazon_pay/version.rb

@@ -0,0 +1,5 @@
+module AmazonPay
+  VERSION = "2.0.0"
+  SDK_NAME = "amazon-pay-sdk-ruby"
+  API_VERSION = "2013-01-01"
+end

data/lib/amazon_pay.rb

@@ -0,0 +1,7 @@
+require 'amazon_pay/client'
+require 'amazon_pay/client_helper'
+require 'amazon_pay/ipn_handler'
+require 'amazon_pay/login'
+require 'amazon_pay/request'
+require 'amazon_pay/response'
+require 'amazon_pay/version'