itunes_receipt_decoder 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: be8ac7da532b84da681984f7e5e51e8677133d77
-  data.tar.gz: fc0888f8a80f019e20059535fe6e926ed5c56e40
+  metadata.gz: a6838ab6252d5ec860f98df20e04bca32f93b801
+  data.tar.gz: bfe44e8887c1867ea74b2de25dd8e979383ff97a
 SHA512:
-  metadata.gz: 056453f28cb7f4b62464736c07cbdc90bfe53aa1802d371075fe418146646d11312047cbec620edea1620c4f0b1b4a80319992db6bbf63f93b28314ce3ada481
-  data.tar.gz: b9d31eb78fef4c3753aa19f610cf092474757bee9b01339b303e8a853a286c30405244fcea628a00bb375a9460b97c4cd9b48e3fbab4bb8b1577a8989c39ae89
+  metadata.gz: 07bbd06b2c295609c2123fd45a3261bfc8beafa8cdb1453d973c0a651ea3c8fe46ccf28de426b65bcaf9a5f90a5836121d5d57ea345d00f58168f74cef76773a
+  data.tar.gz: fb7050fc14c45a0a1affd783ab6fa2d365bae45c849188039203f5436ceaf1e742f9661225bf87a1dcac57f6a4d0464c466823bb06c4b66796e9d1ec61e5dc23

data/lib/itunes_receipt_decoder/decode/transaction_receipt.rb

@@ -1,6 +1,7 @@
 require 'openssl'
 require 'cfpropertylist'
 require 'itunes_receipt_decoder/decode/base'
+require 'itunes_receipt_decoder/public_key'
 
 ##
 # ItunesReceiptDecoder
@@ -11,44 +12,77 @@ module ItunesReceiptDecoder
     ##
     # ItunesReceiptDecoder::Decode::TransactionReceipt
     class TransactionReceipt < Base
-      PUBLIC_KEY = OpenSSL::PKey::RSA.new <<-PUBLIC_KEY
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLyvMpRDPgu8N4fNY4ny
-zNm+IE1atP6HZ9Ka3hpUnaLz34fkTMuTEXigMI80QcHTvmZtR2yYuOx61cndpeTq
-xnD0NdCR97PYChGZqzpiOr179FZP258kk1FQfCDVZk1m8xikE5YiFv0xp/Q5Zpv7
-YmlcS5+UqEvo7FtkWhh5ihZ1Y0KkSdmMM96te9Y5BPTinQppjOtLEihLNEgHmw5Z
-+R9isAOfNrhOo9N1WdTzOgXKxTM7+MAGCQiT2+dNvxHzUiylFjUV80ECzQLR/PX4
-xYS9Y2qG1raZ9oauX/0D1CiKWl2vvGV00fcaw5II9BytaegCTA6VFQe8vmpvwbOt
-oQIDAQAB
------END PUBLIC KEY-----
-PUBLIC_KEY
+      ##
+      # ItunesReceiptDecoder::Decode::TransactionReceipt::SignatureValidation
+      class SignatureValidation
+        attr_reader :blob, :purchase_info
+        attr_accessor :version, :signature, :raw_cert, :cert_length
+
+        def initialize(blob, purchase_info)
+          @blob = blob
+          @purchase_info = purchase_info
+        end
+
+        def valid?
+          unpack &&
+            raw_cert.size == cert_length &&
+            cert &&
+            cert.verify(public_key) &&
+            verify
+        end
+
+        private
+
+        def verify
+          data = [version, purchase_info].pack('ca*')
+          cert.public_key.verify(OpenSSL::Digest::SHA1.new, signature, data)
+        end
+
+        def cert
+          @cert ||= OpenSSL::X509::Certificate.new(raw_cert)
+        rescue OpenSSL::X509::CertificateError => _e
+          false
+        end
+
+        def unpack
+          self.version, following = blob.unpack('c a*')
+          return false unless [2, 3].include?(version)
+          arrangement =
+            case version
+            when 2 then 'a128 N a*'
+            when 3 then 'a256 N a*'
+            end
+          self.signature, self.cert_length, self.raw_cert =
+            following.unpack(arrangement)
+        end
+
+        def public_key
+          @public_key ||=
+            case version
+            when 2 then PublicKey::V2
+            when 3 then PublicKey::V3
+            end
+        end
+      end
 
       def style
         :transaction
       end
 
       def signature_valid?
-        version, sig, cert_length, cert =
-          payload.fetch('signature').unpack('m').first.unpack('c a128 N a*')
-        return false unless
-          version == 2 &&
-          sig.size == 128 &&
-          cert.size == cert_length &&
-          (cert = OpenSSL::X509::Certificate.new(cert)) &&
-          cert.verify(PUBLIC_KEY)
-        data = [version, purchase_info].pack('ca*')
-        cert.public_key.verify(OpenSSL::Digest::SHA1.new, sig, data)
+        SignatureValidation.new(signature, purchase_info).valid?
       end
 
       private
 
       def decode
         @receipt = parse_purchase_info
-        if payload.fetch('environment', 'Production') == 'Production'
-          @environment = :production
-        else
-          @environment = :sandbox
-        end
+        @environment =
+          if payload.fetch('environment', 'Production') == 'Production'
+            :production
+          else
+            :sandbox
+          end
       end
 
       def parse_purchase_info
@@ -64,6 +98,10 @@ PUBLIC_KEY
         @purchase_info ||= payload.fetch('purchase-info').unpack('m').first
       end
 
+      def signature
+        @signature ||= payload.fetch('signature').unpack('m').first
+      end
+
       def payload
         @payload ||= parse_plist(raw_receipt)
       end
@@ -71,7 +109,7 @@ PUBLIC_KEY
       def parse_plist(contents)
         plist = CFPropertyList::List.new(data: contents)
         hash = CFPropertyList.native_types(plist.value)
-        fail DecodingError, 'hash not found in plist' unless hash.is_a?(Hash)
+        raise DecodingError, 'hash not found in plist' unless hash.is_a?(Hash)
         hash
       rescue CFPlistError => e
         raise DecodingError, e.message

data/lib/itunes_receipt_decoder/decode/unified_receipt.rb

@@ -1,6 +1,7 @@
 require 'time'
 require 'openssl'
 require 'itunes_receipt_decoder/decode/base'
+require 'itunes_receipt_decoder/public_key'
 
 ##
 # ItunesReceiptDecoder
@@ -11,18 +12,6 @@ module ItunesReceiptDecoder
     ##
     # ItunesReceiptDecoder::Decode::UnifiedReceipt
     class UnifiedReceipt < Base
-      PUBLIC_KEY = OpenSSL::PKey::RSA.new <<-PUBLIC_KEY
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjhUpstWqsgkOUjpjO7s
-X7h/JpG8NFN6znxjgGF3ZF6lByO2Of5QLRVWWHAtfsRuwUqFPi/w3oQaoVfJr3sY
-/2r6FRJJFQgZrKrbKjLtlmNoUhU9jIrsv2sYleADrAF9lwVnzg6FlTdq7Qm2rmfN
-UWSfxlzRvFduZzWAdjakh4FuOI/YKxVOeyXYWr9Og8GN0pPVGnG1YJydM05V+RJY
-DIa4Fg3B5XdFjVBIuist5JSF4ejEncZopbCj/Gd+cLoCWUt3QpE5ufXN4UzvwDtI
-jKblIV39amq7pxY1YNLmrfNGKcnow4vpecBqYWcVsvD95Wi8Yl9uz5nd7xtj/pJl
-qwIDAQAB
------END PUBLIC KEY-----
-PUBLIC_KEY
-
       ##
       # ASN.1 Field types
       #
@@ -46,11 +35,11 @@ PUBLIC_KEY
         1708 => :expires_date,
         1712 => :cancellation_date,
         1711 => :web_order_line_item_id
-      }
+      }.freeze
 
       TIMESTAMP_FIELDS = %i(creation_date expiration_date purchase_date
                             original_purchase_date expires_date
-                            cancellation_date)
+                            cancellation_date).freeze
 
       def style
         :unified
@@ -67,18 +56,19 @@ PUBLIC_KEY
       def signature_valid?
         serial = pkcs7.signers.first.serial.to_i
         cert = pkcs7.certificates.find { |c| c.serial.to_i == serial }
-        cert && cert.verify(PUBLIC_KEY)
+        cert && cert.verify(PublicKey::V3)
       end
 
       private
 
       def decode
         @receipt = parse_app_receipt_fields(payload.value)
-        if @receipt.fetch(:environment, 'Production') == 'Production'
-          @environment = :production
-        else
-          @environment = :sandbox
-        end
+        @environment =
+          if @receipt.fetch(:environment, 'Production') == 'Production'
+            :production
+          else
+            :sandbox
+          end
       end
 
       def parse_app_receipt_fields(fields)

data/lib/itunes_receipt_decoder/public_key.rb

@@ -0,0 +1,32 @@
+require 'openssl'
+
+##
+# ItunesReceiptDecoder
+module ItunesReceiptDecoder
+  ##
+  # ItunesReceiptDecoder::PublicKey
+  module PublicKey
+    V2 = OpenSSL::PKey::RSA.new <<-PUBLIC_KEY
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLyvMpRDPgu8N4fNY4ny
+zNm+IE1atP6HZ9Ka3hpUnaLz34fkTMuTEXigMI80QcHTvmZtR2yYuOx61cndpeTq
+xnD0NdCR97PYChGZqzpiOr179FZP258kk1FQfCDVZk1m8xikE5YiFv0xp/Q5Zpv7
+YmlcS5+UqEvo7FtkWhh5ihZ1Y0KkSdmMM96te9Y5BPTinQppjOtLEihLNEgHmw5Z
++R9isAOfNrhOo9N1WdTzOgXKxTM7+MAGCQiT2+dNvxHzUiylFjUV80ECzQLR/PX4
+xYS9Y2qG1raZ9oauX/0D1CiKWl2vvGV00fcaw5II9BytaegCTA6VFQe8vmpvwbOt
+oQIDAQAB
+-----END PUBLIC KEY-----
+PUBLIC_KEY
+    V3 = OpenSSL::PKey::RSA.new <<-PUBLIC_KEY
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjhUpstWqsgkOUjpjO7s
+X7h/JpG8NFN6znxjgGF3ZF6lByO2Of5QLRVWWHAtfsRuwUqFPi/w3oQaoVfJr3sY
+/2r6FRJJFQgZrKrbKjLtlmNoUhU9jIrsv2sYleADrAF9lwVnzg6FlTdq7Qm2rmfN
+UWSfxlzRvFduZzWAdjakh4FuOI/YKxVOeyXYWr9Og8GN0pPVGnG1YJydM05V+RJY
+DIa4Fg3B5XdFjVBIuist5JSF4ejEncZopbCj/Gd+cLoCWUt3QpE5ufXN4UzvwDtI
+jKblIV39amq7pxY1YNLmrfNGKcnow4vpecBqYWcVsvD95Wi8Yl9uz5nd7xtj/pJl
+qwIDAQAB
+-----END PUBLIC KEY-----
+PUBLIC_KEY
+  end
+end

data/lib/itunes_receipt_decoder/version.rb

@@ -3,5 +3,5 @@
 module ItunesReceiptDecoder
   ##
   # Gem version
-  VERSION = '0.3.0'
+  VERSION = '0.3.1'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: itunes_receipt_decoder
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - mbaasy.com
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-24 00:00:00.000000000 Z
+date: 2016-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: CFPropertyList
@@ -30,28 +30,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.4'
+        version: '11.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.4'
+        version: '11.1'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.3'
+        version: '3.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.3'
+        version: '3.4'
 - !ruby/object:Gem::Dependency
   name: rubygems-tasks
   requirement: !ruby/object:Gem::Requirement
@@ -72,42 +72,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.11'
 - !ruby/object:Gem::Dependency
   name: codeclimate-test-reporter
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.33'
+        version: '0.40'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.33'
+        version: '0.40'
 description: |2
       Decode iTunes OS X and iOS receipts without remote server-side validation
       by using the Apple Inc Root Certificate.
@@ -120,6 +120,7 @@ files:
 - lib/itunes_receipt_decoder/decode/base.rb
 - lib/itunes_receipt_decoder/decode/transaction_receipt.rb
 - lib/itunes_receipt_decoder/decode/unified_receipt.rb
+- lib/itunes_receipt_decoder/public_key.rb
 - lib/itunes_receipt_decoder/version.rb
 homepage: https://github.com/mbaasy/itunes_receipt_decoder
 licenses:
@@ -141,9 +142,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 2.6.3
 signing_key: 
 specification_version: 4
 summary: Decode iTunes OS X and iOS receipts
 test_files: []
-has_rdoc: