connect-sdk-ruby 1.8.0 → 1.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 980877434fcc0d67e0a3b79881d54a496584dff0
-  data.tar.gz: 84819aa760a8d93e692c0b2cbce97fa7a20a2f7c
+  metadata.gz: b1cc2f2e689f0848718eb4a78877c4f83506c06e
+  data.tar.gz: a58d8736d1ec8609b0f19d3a358dcbd898c4b8c0
 SHA512:
-  metadata.gz: 7299829037d437656d41cee2a9331a67f35cc736d0ab7bfc7a368e771243f6ce62ebd6ba5f32b6080f40ce53f0c0a28fc976dcedf0f2013f897c17a1688f011f
-  data.tar.gz: 015e6059dc121b9dc0c34085147c173aa854802eaeef3e47a38e8d6cad9917964cebe3cd19774ef8e3973f554b86940c1040252770bf4794de63e75b4b7a7385
+  metadata.gz: b0792a215969663067ac9057eac4801847ac65f216f36357d54fe2066fac1d144a5d566f9d485897d5069464cde0cacdd28194f62ce485a475e8eca8c95c2bd0
+  data.tar.gz: 25db60ceb4407cd84cf296aa6a918c4c52a5c67b9f42582006a48ddfb98f7cac4b1cbd1d49cb5b6614d5c90c5b94b22d8cd6082e2225fa88cc2a4338697b7666

data/README.md

@@ -32,6 +32,7 @@ As for JRuby, version 9.0.0.0 and higher are supported.
 In addition, the following package is required:
 
 * [httpclient](https://github.com/nahi/httpclient) 2.8 or higher
+* [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby) 1.0 or higher
 
 ## Installation
 

data/connect-sdk-ruby.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name           = 'connect-sdk-ruby'
-  spec.version        = '1.8.0'
+  spec.version        = '1.9.0'
   spec.authors        = ['Ingenico ePayments']
   spec.email          = ['github@epay.ingenico.com']
   spec.summary        = %q{SDK to communicate with the Ingenico ePayments platform using the Ingenico Connect Server API}
@@ -18,6 +18,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.0'
 
   spec.add_dependency 'httpclient', '~> 2.8'
+  spec.add_dependency 'concurrent-ruby', '~>1.0'
 
   spec.add_development_dependency 'yard', '~> 0.9'
   spec.add_development_dependency 'rspec', '~> 3.5'

data/lib/ingenico/connect/sdk.rb

@@ -25,3 +25,4 @@ require prefix + 'meta_data_provider'
 require prefix + 'factory'
 
 require prefix + 'defaultimpl'
+require prefix + 'webhooks'

data/lib/ingenico/connect/sdk/logging/stdout_communicator_logger.rb

@@ -6,14 +6,13 @@ module Ingenico::Connect::SDK
 
     # {Ingenico::Connect::SDK::Logging::CommunicatorLogger} that logs the messages to $stdout.
     class StdoutCommunicatorLogger < CommunicatorLogger
-
       include Singleton
 
       def initialize
         # implement the interface
       end
 
-      # NOTE: this is needed to not break method calls based on old interface
+      # NOTE: this alias is needed to not break existing method calls depending on old interface
       class << self
         alias_method :INSTANCE, :instance
       end

data/lib/ingenico/connect/sdk/meta_data_provider.rb

@@ -5,7 +5,7 @@ module Ingenico::Connect::SDK
 
   # Manages metadata about the server using the SDK
   class MetaDataProvider
-    @@SDK_VERSION = '1.8.0'
+    @@SDK_VERSION = '1.9.0'
     @@SERVER_META_INFO_HEADER = 'X-GCS-ServerMetaInfo'
     @@PROHIBITED_HEADERS = [@@SERVER_META_INFO_HEADER, 'X-GCS-Idempotence-Key',
                             'Date', 'Content-Type', 'Authorization'].sort!.freeze

data/lib/ingenico/connect/sdk/modules.rb

@@ -142,3 +142,7 @@ end
 # Contains data classes related to shopping cart functionality.
 module Ingenico::Connect::SDK::Domain::MetaData
 end
+
+# Contains data classes related to webhooks functionality.
+module Ingenico::Connect::SDK::Webhooks
+end

data/lib/ingenico/connect/sdk/webhooks.rb

@@ -0,0 +1,11 @@
+prefix = 'ingenico/connect/sdk/webhooks/'
+
+require prefix + 'api_version_mismatch_exception'
+require prefix + 'signature_validation_exception'
+require prefix + 'secret_key_not_available_exception'
+require prefix + 'secret_key_store'
+require prefix + 'in_memory_secret_key_store'
+require prefix + 'webhooks_event'
+require prefix + 'webhooks_helper'
+require prefix + 'webhooks_helper_builder'
+require prefix + 'webhooks'

data/lib/ingenico/connect/sdk/webhooks/api_version_mismatch_exception.rb

@@ -0,0 +1,20 @@
+module Ingenico::Connect::SDK
+  module Webhooks
+    # Raised when a webhooks event has an API version that is not supported by current version
+    # of SDK.
+    class ApiVersionMismatchException < RuntimeError
+
+      def initialize(event_api_version, sdk_api_version)
+        super("event API version #{event_api_version} is not compatible with SDK API version #{sdk_api_version}")
+        @event_api_version = event_api_version
+        @sdk_api_version = sdk_api_version
+      end
+
+      # The API version from the webhooks event.
+      attr_reader :event_api_version
+
+      # The API version that this version of the SDK supports.
+      attr_reader :sdk_api_version
+    end
+  end
+end

data/lib/ingenico/connect/sdk/webhooks/in_memory_secret_key_store.rb

@@ -0,0 +1,56 @@
+require 'concurrent'
+require 'singleton'
+
+module Ingenico::Connect::SDK
+  module Webhooks
+    # An in-memory secret key store. This implementation can be used
+    # in applications where secret keys are specified at application
+    # startup. Thread-safe.
+    class InMemorySecretKeyStore
+
+      include Singleton
+      include SecretKeyStore
+
+      # Creates new InMemorySecretKeyStore
+      def initialize
+        # NOTE: use Map instead of Hash to provide better performance
+        # under high concurrency.
+        @store = Concurrent::Map.new
+      end
+
+      # Retrieves the secret key corresponding to the given key id
+      #
+      # key_id:: key id of the secret key
+      # Raises {Ingenico::Connect::SDK::Webhooks::SecretKeyNotAvailableException} if the secret key for the given key id is not available.
+      def get_secret_key(key_id)
+        if (secret_key = @store.get(key_id)).nil?
+          msg = "could not find secret key for key id " + key_id
+          raise SecretKeyNotAvailableException.new(message: msg, key_id: key_id)
+        end
+        secret_key
+      end
+
+      # Stores the given secret key for the given key id.
+      #
+      # key_id:: key id of the secret key
+      # secret_id:: the secret key to be stored
+      def store_secret_key(key_id, secret_key)
+        raise ArgumentError if key_id.nil? or key_id.strip.empty?
+        raise ArgumentError if secret_key.nil? or secret_key.strip.empty?
+        @store.put(key_id, secret_key)
+      end
+
+      # Removes the secret key for the given key id.
+      #
+      # key_id:: the key id whose corresponding secret should be removed from the store
+      def remove_secret_key(key_id)
+        @store.delete(key_id)
+      end
+
+      # Removes all stored secret keys from the store
+      def clear
+        @store.clear
+      end
+    end
+  end
+end

data/lib/ingenico/connect/sdk/webhooks/secret_key_not_available_exception.rb

@@ -0,0 +1,15 @@
+module Ingenico::Connect::SDK
+  module Webhooks
+    # Raised when an error caused a secret to become not available.
+    class SecretKeyNotAvailableException < SignatureValidationException
+
+      def initialize(args)
+        raise ArgumentError if (key_id = args.delete(:key_id)).nil? # key_id is mandatory
+        super(args)
+        @key_id = key_id
+      end
+
+      attr_reader :key_id
+    end
+  end
+end

data/lib/ingenico/connect/sdk/webhooks/secret_key_store.rb

@@ -0,0 +1,16 @@
+module Ingenico::Connect::SDK
+  module Webhooks
+    # An abstract store of secret keys. Implementation can store secret keys in a database,
+    # on disk, etc. Should be Thread-safe.
+    module SecretKeyStore
+
+      # Retrieve secret key for given key id
+      #
+      # key_id:: given key id
+      # Raises {Ingenico::Connect::SDK::Webhooks::SecretKeyNotAvailableException} if the secret key for the given key id is not available.
+      def get_secret_key(key_id)
+        raise NotImplementedError
+      end
+    end
+  end
+end

data/lib/ingenico/connect/sdk/webhooks/signature_validation_exception.rb

@@ -0,0 +1,19 @@
+module Ingenico::Connect::SDK
+  module Webhooks
+
+    # Raised when an error occurred when validating Webhooks signatures
+    class SignatureValidationException < RuntimeError
+
+      # Creates a new SignatureValidationException
+      #
+      # @param [Hash] args the options to create the Exception with
+      # @option args [String]  :message the error message
+      # @option args [RuntimeError] :cause an Error object that causes the Exception
+      def initialize(args)
+        super(args[:message]) # NOTE: can be nil
+        # store backtrace info if exception given
+        set_backtrace(args[:cause].backtrace) unless args[:cause].nil?
+      end
+    end
+  end
+end

data/lib/ingenico/connect/sdk/webhooks/webhooks.rb

@@ -0,0 +1,21 @@
+module Ingenico::Connect::SDK
+  module Webhooks
+    # Ingenico ePayments platform factory for several webhooks components
+    module Webhooks
+
+      # Creates a WebhooksHelperBuilder that uses the
+      # given SecretkeyStore
+      def self.create_helper_builder(secret_key_store)
+        WebhooksHelperBuilder.new
+          .with_marshaller(DefaultMarshaller.INSTANCE)
+          .with_secret_key_store(secret_key_store)
+      end
+
+      # Creates a WebhooksHelper that uses the given
+      # SecretkeyStore.
+      def self.create_helper(secret_key_store)
+        create_helper_builder(secret_key_store).build
+      end
+    end
+  end
+end

data/lib/ingenico/connect/sdk/webhooks/webhooks_event.rb

@@ -0,0 +1,61 @@
+module Ingenico::Connect::SDK
+  module Webhooks
+
+    class WebhooksEvent < Ingenico::Connect::SDK::DataObject
+
+      # String
+      attr_accessor :api_version
+
+      # String
+      attr_accessor :id
+
+      # String
+      attr_accessor :created
+
+      # String
+      attr_accessor :merchant_id
+
+      # String
+      attr_accessor :type
+
+      # {Ingenico::Connect::SDK::Domain::Payment::PaymentResponse}
+      attr_accessor :payment
+
+      # {Ingenico::Connect::SDK::Domain::Payout::PayoutResponse}
+      attr_accessor :refund
+
+      # {Ingenico::Connect::SDK::Domain::Refund::RefundResponse}
+      attr_accessor :payout
+
+      # {Ingenico::Connect::SDK::Domain::Token::TokenResponse}
+      attr_accessor :token
+
+      def to_h
+        hash = super
+        add_to_hash(hash, 'apiVersion', @api_version)
+        add_to_hash(hash, 'id', @id)
+        add_to_hash(hash, 'created', @created)
+        add_to_hash(hash, 'merchantId', @merchant_id)
+        add_to_hash(hash, 'type', @type)
+        add_to_hash(hash, 'payment', @payment)
+        add_to_hash(hash, 'refund', @refund)
+        add_to_hash(hash, 'payout', @payout)
+        add_to_hash(hash, 'token', @token)
+        hash
+      end
+
+      def from_hash(hash)
+        super
+        @api_version = hash['apiVersion'] if hash.has_key? 'apiVersion'
+        @id = hash['id'] if hash.has_key? 'id'
+        @created = hash['created'] if hash.has_key? 'created'
+        @merchant_id = hash['merchantId'] if hash.has_key? 'merchantId'
+        @type = hash['type'] if hash.has_key? 'type'
+        @payment = Ingenico::Connect::SDK::Domain::Payment::PaymentResponse.new_from_hash(hash['payment']) if hash.has_key? 'payment'
+        @refund = Ingenico::Connect::SDK::Domain::Refund::RefundResponse.new_from_hash(hash['refund']) if hash.has_key? 'refund'
+        @payout = Ingenico::Connect::SDK::Domain::Payout::PayoutResponse.new_from_hash(hash['payout']) if hash.has_key? 'payout'
+        @token = Ingenico::Connect::SDK::Domain::Token::TokenResponse.new_from_hash(hash['token']) if hash.has_key? 'token'
+      end
+    end
+  end
+end

data/lib/ingenico/connect/sdk/webhooks/webhooks_helper.rb

@@ -0,0 +1,98 @@
+require 'openssl'
+require 'base64'
+
+module Ingenico::Connect::SDK
+  module Webhooks
+
+    # Ingenico ePayments platform webhooks Helper, Thread-safe.
+    class WebhooksHelper
+      def initialize(marshaller, secret_key_store)
+        raise ArgumentError if marshaller.nil?
+        raise ArgumentError if secret_key_store.nil?
+        @marshaller = marshaller
+        @secret_key_store = secret_key_store
+      end
+
+      # Unmarshals the given body, while also validating it using the given
+      # request headers.
+      # body:: body of the request, a String
+      # request_headers:: headers of the request, as an Array of {Ingenico::Connect::SDK::RequestHeader}
+      def unmarshal(body, request_headers)
+        validate(body, request_headers)
+        event = @marshaller.unmarshal(body, WebhooksEvent)
+        validate_api_version(event)
+        event
+      end
+
+      # Validates incoming request using request headers
+      #
+      # body:: body of the request, a String
+      # request_headers:: headers of the request which is an Array of {Ingenico::Connect::SDK::RequestHeader}
+      def validate(body, request_headers)
+        validate_body(body, request_headers)
+      end
+
+      private
+
+      HEADER_SIGNATURE = 'X-GCS-Signature'.freeze
+      HEADER_KEY_ID = 'X-GCS-KeyId'.freeze
+      HMAC_SCHEME = 'SHA256'.freeze
+
+      # validation utility methods
+
+      # Validates the body using given request headers
+      #
+      # body:: a String converted from byte array
+      # request_headers:: headers of the request, as an Array of SDK::RequestHeader
+      def validate_body(body, request_headers)
+        signature = get_header_value(request_headers, HEADER_SIGNATURE)
+        key_id = get_header_value(request_headers, HEADER_KEY_ID)
+        secret_key = @secret_key_store.get_secret_key(key_id)
+        digest = OpenSSL::Digest.new(HMAC_SCHEME)
+        hmac = OpenSSL::HMAC.digest(digest, secret_key, body)
+        expected_signature = Base64.strict_encode64(hmac).strip
+
+        unless equal_signatures?(signature, expected_signature)
+          msg = "failed to validate signature '#{signature}'"
+          raise SignatureValidationException.new(message: msg)
+        end
+      end
+
+      # Checks two signatures
+      # signature:: a String
+      # expected_signature:: a String
+      def equal_signatures?(signature, expected_signature)
+        # NOTE: copy the signatures to avoid runtime tampering via references
+        signature = signature.dup.freeze
+        expected_signature = expected_signature.dup.freeze
+        # NOTE: do not use simple equality comparision to avoid side channel attack
+        limit = [signature.length, expected_signature.length, 256].max
+        limit.times.inject(true) do |flag, idx|
+          # NOTE: this block is constructed to take constant time to run
+          flag &= signature[idx] == expected_signature[idx]
+          # [] returns nil if idx >= the length of the String
+        end
+      end
+
+      # general utility methods
+
+      # Returns true if the client API version and the webhooks event API version matches
+      def validate_api_version(event)
+        raise ApiVersionMismatchException.new(event.api_version, Client.API_VERSION) unless Client.API_VERSION.eql?(event.api_version)
+      end
+
+      # Retrieves header value from the request headers whose header name matches the given parameter
+      def get_header_value(request_headers, header_name)
+        if (right_header = request_headers.select { |h| h.name.casecmp(header_name) == 0 }).size != 1
+          msg = if right_header.empty?
+                  "could not find header '#{header_name}'"
+                else # more than 2 headers
+                  "encountered multiple occurrences of header '#{header_name}'"
+                end
+          raise SignatureValidationException.new(message: msg)
+        end
+        right_header.first.value
+      end
+    end
+  end
+end

data/lib/ingenico/connect/sdk/webhooks/webhooks_helper_builder.rb

@@ -0,0 +1,25 @@
+module Ingenico::Connect::SDK
+  module Webhooks
+
+    # Builder for a WebhooksHelper object.
+    class WebhooksHelperBuilder
+
+      # Sets the Marshaller to use.
+      def with_marshaller(marshaller)
+        @marshaller = marshaller
+        self
+      end
+
+      # Sets the SecretkeyStore to use.
+      def with_secret_key_store(secret_key_store)
+        @secret_key_store = secret_key_store
+        self
+      end
+
+      # Creates a fully initialized WebhooksHelper object
+      def build
+        WebhooksHelper.new(@marshaller, @secret_key_store)
+      end
+    end
+  end
+end

data/spec/fixtures/resources/webhooks/invalid-body

@@ -0,0 +1,31 @@
+{
+  "apiVersion": "v1",
+  "id": "8ee793f6-4553-4749-85dc-f2ef095c5ab0",
+  "created": "2017-02-02T11:25:14.040+0100",
+  "merchantId": "20000",
+  "type": "payment.paid",
+  "payment": {
+    "id": "00000200000143570012",
+    "paymentOutput": {
+      "amountOfMoney": {
+        "amount": 1000,
+        "currencyCode": "EUR"
+      },
+      "references": {
+        "paymentReference": "200001681810"
+      },
+      "paymentMethod": "bankTransfer",
+      "bankTransferPaymentMethodSpecificOutput": {
+        "paymentProductId": 11
+      }
+    },
+    "status": "PAID",
+    "statusOutput": {
+      "isCancellable": false,
+      "statusCategory": "COMPLETED",
+      "statusCode": 1000,
+      "statusCodeChangeDateTime": "20170202112514",
+      "isAuthorized": true
+    }
+  }
+}

data/spec/fixtures/resources/webhooks/valid-body

@@ -0,0 +1,31 @@
+{
+  "apiVersion": "v1",
+  "id": "8ee793f6-4553-4749-85dc-f2ef095c5ab0",
+  "created": "2017-02-02T11:24:14.040+0100",
+  "merchantId": "20000",
+  "type": "payment.paid",
+  "payment": {
+    "id": "00000200000143570012",
+    "paymentOutput": {
+      "amountOfMoney": {
+        "amount": 1000,
+        "currencyCode": "EUR"
+      },
+      "references": {
+        "paymentReference": "200001681810"
+      },
+      "paymentMethod": "bankTransfer",
+      "bankTransferPaymentMethodSpecificOutput": {
+        "paymentProductId": 11
+      }
+    },
+    "status": "PAID",
+    "statusOutput": {
+      "isCancellable": false,
+      "statusCategory": "COMPLETED",
+      "statusCode": 1000,
+      "statusCodeChangeDateTime": "20170202112414",
+      "isAuthorized": true
+    }
+  }
+}

data/spec/lib/webhooks/webhooks_helper_spec.rb

@@ -0,0 +1,121 @@
+require 'spec_helper'
+
+include Ingenico::Connect::SDK
+describe Webhooks::WebhooksHelper do
+
+  # define constants for the testbench
+  SIGNATURE_HEADER = "X-GCS-Signature"
+  SIGNATURE = "2S7doBj/GnJnacIjSJzr5fxGM5xmfQyFAwxv1I53ZEk="
+  KEY_ID_HEADER = "X-GCS-KeyId"
+  KEY_ID = "dummy-key-id"
+  SECRET_KEY = "hello+world"
+
+  def create_helper(marshaller = DefaultImpl::DefaultMarshaller.INSTANCE)
+    Webhooks::WebhooksHelper.new(marshaller, Webhooks::InMemorySecretKeyStore.instance)
+  end
+
+  def read_resource(resource_name)
+    prefix = 'spec/fixtures/resources/webhooks/'
+    IO.read(prefix + resource_name)
+  end
+
+  before do
+    Webhooks::InMemorySecretKeyStore.instance.clear
+  end
+
+  after do
+    Webhooks::InMemorySecretKeyStore.instance.clear
+  end
+
+  context 'unmarshal' do
+    let(:helper) { create_helper }
+    let(:body) { read_resource('valid-body') }
+    let(:sig_header) { RequestHeader.new(SIGNATURE_HEADER, SIGNATURE) }
+    let(:key_header) { RequestHeader.new(KEY_ID_HEADER, KEY_ID) }
+    let(:request_headers) { [sig_header, key_header] }
+
+    it 'should raise ApiVersionMismatchException when API version does not match' do
+      # mock marshaller once to return an event with a wrong API version number
+      expect(DefaultImpl::DefaultMarshaller.INSTANCE).to receive(:unmarshal) do |body, klass|
+        event = klass.new_from_hash(JSON.load(body))
+        event.api_version = 'v0' # wrong version
+        event
+      end
+      Webhooks::InMemorySecretKeyStore.instance.store_secret_key(KEY_ID, SECRET_KEY)
+      expect{helper.unmarshal(body, request_headers)}.to raise_error(Webhooks::ApiVersionMismatchException)
+    end
+
+    it 'should raise SecretKeyNotAvailableException when no secret key exists' do
+      expect{helper.unmarshal(body, request_headers)}.to raise_error(Webhooks::SecretKeyNotAvailableException)
+    end
+
+    it 'should raise SignatureValidationException when the signature is missing' do
+      Webhooks::InMemorySecretKeyStore.instance.store_secret_key(KEY_ID, SECRET_KEY)
+      expect{helper.unmarshal(body, [])}.to raise_error(Webhooks::SignatureValidationException)
+    end
+
+    it 'should raise SignatureValidationException when there are duplicate headers' do
+      Webhooks::InMemorySecretKeyStore.instance.store_secret_key(KEY_ID, SECRET_KEY)
+      request_headers = [sig_header, key_header, sig_header]
+      expect{helper.unmarshal(body, request_headers)}.to raise_error(Webhooks::SignatureValidationException)
+    end
+
+    it 'should work when everything is correct' do
+      Webhooks::InMemorySecretKeyStore.instance.store_secret_key(KEY_ID, SECRET_KEY)
+      event = helper.unmarshal(body, request_headers)
+      expect(event.api_version).to eq('v1')
+      expect(event.id).to eq("8ee793f6-4553-4749-85dc-f2ef095c5ab0")
+      expect(event.created).to eq("2017-02-02T11:24:14.040+0100")
+      expect(event.merchant_id).to eq('20000')
+      expect(event.type).to eq('payment.paid')
+
+      expect(event.refund).to be_nil
+      expect(event.payout).to be_nil
+      expect(event.token).to be_nil
+
+      expect(event.payment).not_to be_nil
+      expect(event.payment.id).to eq("00000200000143570012")
+      expect(event.payment.payment_output).not_to be_nil
+      expect(event.payment.payment_output.amount_of_money).not_to be_nil
+      expect(event.payment.payment_output.amount_of_money.amount).to eq(1000)
+      expect(event.payment.payment_output.amount_of_money.currency_code).to eq('EUR')
+      expect(event.payment.payment_output.references).not_to be_nil
+      expect(event.payment.payment_output.references.payment_reference).to eq("200001681810")
+      expect(event.payment.payment_output.payment_method).to eq("bankTransfer")
+
+      expect(event.payment.payment_output.card_payment_method_specific_output).to be_nil
+      expect(event.payment.payment_output.cash_payment_method_specific_output).to be_nil
+      expect(event.payment.payment_output.direct_debit_payment_method_specific_output).to be_nil
+      expect(event.payment.payment_output.invoice_payment_method_specific_output).to be_nil
+      expect(event.payment.payment_output.redirect_payment_method_specific_output).to be_nil
+      expect(event.payment.payment_output.sepa_direct_debit_payment_method_specific_output).to be_nil
+      expect(event.payment.payment_output.bank_transfer_payment_method_specific_output).not_to be_nil
+      expect(event.payment.payment_output.bank_transfer_payment_method_specific_output.payment_product_id).to eq(11)
+
+      expect(event.payment.status).to eq('PAID')
+      expect(event.payment.status_output).not_to be_nil
+      expect(event.payment.status_output.is_cancellable).to be false
+      expect(event.payment.status_output.status_category).to eq('COMPLETED')
+      expect(event.payment.status_output.status_code).to eq(1000)
+      expect(event.payment.status_output.status_code_change_date_time).to eq("20170202112414")
+      expect(event.payment.status_output.is_authorized).to be true
+    end
+
+    it 'should raise SignatureValidationException when the body is invalid' do
+      Webhooks::InMemorySecretKeyStore.instance.store_secret_key(KEY_ID, SECRET_KEY)
+      body = read_resource('invalid-body')
+      expect{helper.unmarshal(body, request_headers)}.to raise_error(Webhooks::SignatureValidationException)
+    end
+
+    it 'should raise SignatureValidationException when the secret key is invalid' do
+      Webhooks::InMemorySecretKeyStore.instance.store_secret_key(KEY_ID, '1'+SECRET_KEY) # wrong key
+      expect{helper.unmarshal(body, request_headers)}.to raise_error(Webhooks::SignatureValidationException)
+    end
+
+    it 'should raise SignatureValidationException when the signature is invalid' do
+      Webhooks::InMemorySecretKeyStore.instance.store_secret_key(KEY_ID, SECRET_KEY)
+      request_headers = [RequestHeader.new(SIGNATURE_HEADER, '1'+SIGNATURE), key_header] # wrong signature
+      expect{helper.unmarshal(body, request_headers)}.to raise_error(Webhooks::SignatureValidationException)
+    end
+  end
+end

data/spec/lib/webhooks/webhooks_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+include Ingenico::Connect::SDK
+
+describe Webhooks::Webhooks do
+  let(:webhooks_helper) { Webhooks::Webhooks.create_helper(Webhooks::InMemorySecretKeyStore.instance) }
+
+  context 'construction' do
+    it 'uses the default marshaller' do
+      expect(webhooks_helper.instance_variable_get(:@marshaller)).to eq(DefaultImpl::DefaultMarshaller.INSTANCE)
+    end
+
+    it 'uses the given key store' do
+      expect(webhooks_helper.instance_variable_get(:@secret_key_store)).to eq(Webhooks::InMemorySecretKeyStore.instance)
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: connect-sdk-ruby
 version: !ruby/object:Gem::Version
-  version: 1.8.0
+  version: 1.9.0
 platform: ruby
 authors:
 - Ingenico ePayments
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-09-06 00:00:00.000000000 Z
+date: 2017-09-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httpclient
@@ -24,6 +24,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.8'
+- !ruby/object:Gem::Dependency
+  name: concurrent-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
@@ -459,6 +473,16 @@ files:
 - lib/ingenico/connect/sdk/response_header.rb
 - lib/ingenico/connect/sdk/session.rb
 - lib/ingenico/connect/sdk/validation_exception.rb
+- lib/ingenico/connect/sdk/webhooks.rb
+- lib/ingenico/connect/sdk/webhooks/api_version_mismatch_exception.rb
+- lib/ingenico/connect/sdk/webhooks/in_memory_secret_key_store.rb
+- lib/ingenico/connect/sdk/webhooks/secret_key_not_available_exception.rb
+- lib/ingenico/connect/sdk/webhooks/secret_key_store.rb
+- lib/ingenico/connect/sdk/webhooks/signature_validation_exception.rb
+- lib/ingenico/connect/sdk/webhooks/webhooks.rb
+- lib/ingenico/connect/sdk/webhooks/webhooks_event.rb
+- lib/ingenico/connect/sdk/webhooks/webhooks_helper.rb
+- lib/ingenico/connect/sdk/webhooks/webhooks_helper_builder.rb
 - spec/comparable_extension.rb
 - spec/fixtures/resources/defaultimpl/convertAmount.json
 - spec/fixtures/resources/defaultimpl/createPayment.failure.invalidCardNumber.json
@@ -487,6 +511,8 @@ files:
 - spec/fixtures/resources/payment/rejected.json
 - spec/fixtures/resources/properties.proxy.yml
 - spec/fixtures/resources/properties.yml
+- spec/fixtures/resources/webhooks/invalid-body
+- spec/fixtures/resources/webhooks/valid-body
 - spec/integration/connection_pooling_spec.rb
 - spec/integration/convert_amount_spec.rb
 - spec/integration/idempotence_spec.rb
@@ -519,6 +545,8 @@ files:
 - spec/lib/requestparams/find_params_spec.rb
 - spec/lib/requestparams/get_params_spec.rb
 - spec/lib/requestparams/param_request_spec.rb
+- spec/lib/webhooks/webhooks_helper_spec.rb
+- spec/lib/webhooks/webhooks_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/Ingenico-ePayments/connect-sdk-ruby
 licenses:
@@ -574,6 +602,8 @@ test_files:
 - spec/fixtures/resources/payment/rejected.json
 - spec/fixtures/resources/properties.proxy.yml
 - spec/fixtures/resources/properties.yml
+- spec/fixtures/resources/webhooks/invalid-body
+- spec/fixtures/resources/webhooks/valid-body
 - spec/integration/connection_pooling_spec.rb
 - spec/integration/convert_amount_spec.rb
 - spec/integration/idempotence_spec.rb
@@ -606,4 +636,6 @@ test_files:
 - spec/lib/requestparams/find_params_spec.rb
 - spec/lib/requestparams/get_params_spec.rb
 - spec/lib/requestparams/param_request_spec.rb
+- spec/lib/webhooks/webhooks_helper_spec.rb
+- spec/lib/webhooks/webhooks_spec.rb
 - spec/spec_helper.rb