passbook2 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 4a58374078ae35a90f7e9704ff3e643e6936dc64f8d218861f0e4e5fbc93edfb
+  data.tar.gz: 4d1ff0d20b11ee00f5b2062d83dc48979e7b5c1e9916ff401843709a7f309217
+SHA512:
+  metadata.gz: dcc263f3738566ddc9eddc287330bde5908e4503755c71bbdd872679258e3c38b97681fd8e021fff443d243de143cddbc88eab56ba07014d4f58e77a6c23c9b5
+  data.tar.gz: f1f04770847c5e8c26a5ab2354d5dae23f3555e372dafc73eebb5baa317fd2ac87695bb042c4ad29ff04d1981e6630704cf4f91b7e985488dcc1fb976ebc93e6

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 1.9.2
+  - ruby-head
+  - 2.0.0
+  - 2.1.2

data/Gemfile

@@ -0,0 +1,18 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in passbook.gemspec
+gem 'rubyzip', '>= 1.0.0'
+gem 'grocer'
+gem 'commander'
+gem 'terminal-table'
+
+group :test, :development do
+  gem 'rack-test'
+  gem 'activesupport'
+  gem 'jeweler'
+  gem 'simplecov'
+  gem 'rspec'
+  gem 'rake' 
+  gem 'yard'
+  gem 'debug'
+end

data/Gemfile.lock

@@ -0,0 +1,136 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (7.0.4.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    addressable (2.4.0)
+    builder (3.2.4)
+    commander (4.6.0)
+      highline (~> 2.0.0)
+    concurrent-ruby (1.2.2)
+    debug (1.8.0)
+      irb (>= 1.5.0)
+      reline (>= 0.3.1)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    diff-lcs (1.5.0)
+    docile (1.4.0)
+    faraday (0.9.2)
+      multipart-post (>= 1.2, < 3)
+    git (1.11.0)
+      rchardet (~> 1.8)
+    github_api (0.16.0)
+      addressable (~> 2.4.0)
+      descendants_tracker (~> 0.0.4)
+      faraday (~> 0.8, < 0.10)
+      hashie (>= 3.4)
+      mime-types (>= 1.16, < 3.0)
+      oauth2 (~> 1.0)
+    grocer (0.7.1)
+    hashie (5.0.0)
+    highline (2.0.3)
+    i18n (1.13.0)
+      concurrent-ruby (~> 1.0)
+    io-console (0.6.0)
+    io-console (0.6.0-java)
+    irb (1.7.4)
+      reline (>= 0.3.6)
+    jar-dependencies (0.4.1)
+    jeweler (2.3.9)
+      builder
+      bundler
+      git (>= 1.2.5)
+      github_api (~> 0.16.0)
+      highline (>= 1.6.15)
+      nokogiri (>= 1.5.10)
+      psych
+      rake
+      rdoc
+      semver2
+    jwt (2.7.0)
+    mime-types (2.99.3)
+    mini_portile2 (2.8.1)
+    minitest (5.18.0)
+    multi_json (1.15.0)
+    multi_xml (0.6.0)
+    multipart-post (2.3.0)
+    nokogiri (1.14.3)
+      mini_portile2 (~> 2.8.0)
+      racc (~> 1.4)
+    nokogiri (1.14.3-java)
+      racc (~> 1.4)
+    oauth2 (1.4.8)
+      faraday (>= 0.8, < 3.0)
+      jwt (>= 1.0, < 3.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    psych (5.1.0)
+      stringio
+    psych (5.1.0-java)
+      jar-dependencies (>= 0.1.7)
+    racc (1.6.2)
+    racc (1.6.2-java)
+    rack (2.2.7)
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rake (13.0.6)
+    rchardet (1.8.0)
+    rdoc (6.5.0)
+      psych (>= 4.0.0)
+    reline (0.3.8)
+      io-console (~> 0.5)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.2)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.3)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.5)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+    rubyzip (2.3.2)
+    semver2 (3.4.2)
+    simplecov (0.22.0)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
+    stringio (3.0.6)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
+    thread_safe (0.3.6)
+    thread_safe (0.3.6-java)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.4.2)
+    yard (0.9.34)
+
+PLATFORMS
+  java
+  ruby
+
+DEPENDENCIES
+  activesupport
+  commander
+  debug
+  grocer
+  jeweler
+  rack-test
+  rake
+  rspec
+  rubyzip (>= 1.0.0)
+  simplecov
+  terminal-table
+  yard
+
+BUNDLED WITH
+   2.4.10

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Thomas Lauro, Lance Gleason, 2024 Kay Rhodes
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,271 @@
+# passbook2
+
+The passbook2 gem let's you create a pkpass files for Apple's PassKit. 
+It is a fork of the "passbook" gem that has been updated to work with OpenSSL 3.0 and Ruby 3.x. It no longer uses p12 files which because they are no longer supported by Apple.
+
+Apple's [PassKit](https://developer.apple.com/documentation/passkit_apple_pay_and_wallet) is used for processing Apple Pay payments & distributing tickets. This library is currently concerned with simplifying the process of generating a `.pass` bundle for distribution to your users. It's been thoroughly tested as a means of distributing even tickets to iOS devices.
+
+This library does _not_ address updating information on tickets you've already distributed.
+
+Note: This is a fork of [the original passbook gem](https://github.com/frozon/passbook). In addition to a lot of cleanup, it has been updated to support Ruby 3.0 and Apple's current cryptographic requirements.
+
+## Installation
+
+Include the passbook2 gem in your project.
+
+```
+gem 'passbook2'
+```
+
+## Configuration
+
+
+
+```ruby
+
+      # Note: the pb_confg variable below is typically a singleton 
+      # configuration object that has knowledge of where you store 
+      # your certificate files & related passwords
+      # You definitely should not be hardcoding that information.
+      pb_config = <your config object>
+
+      Passbook.configure do |passbook|
+
+        # Path to your wwdc cert file# path to the latest
+        # "Apple Intermediate Certificate Worldwide Developer Relations" certificate
+        # (.cer) file downloaded from here https://www.apple.com/certificateauthority/
+        # and placed somewhere under the rails root. It doesn't matter where.
+        # ⚠❗ these expire
+        passbook.apple_intermediate_cert = pb_config.apple_intermediate_certificate
+
+        # Path to your X509 cert. This is downloaded after generating
+        # a certificate from your apple Pass Type ID on apple's developer site
+        passbook.certificate = pb_config.x509_certificate
+
+        # Path to the .pem file generated from public key of the RSA keypair
+        # that was generated when you made a Certificate Signing Request
+        # It'll be in your keychain under the "Common Name" you specified
+        # for the signing request.
+        passbook.rsa_private_key = pb_config.private_key_pem
+
+        # Password for the .pem file above
+        passbook.password = pb_config.rsa_password
+      end
+
+```
+
+Additional (optional) configuration variables:
+- `notification_cert`
+- `notification_gateway`
+- `notification_passphrase`
+
+
+## Usage
+
+First create a new `PKPass` object and pass it your pass' JSON data in the initializer. This will be stored in the pass' `pass.json` file.
+
+``` ruby
+    pass = Passbook::PKPass.new('{"YOUR STRINGIFIED JSON DATA"}')
+```
+
+Then iterate over the files you need to add to the pass. The order you add them in doesn't matter, but the names must adhere to Apple's Passbook naming convention.
+
+``` ruby
+    pass.add_file("path/to/icon.png")
+    pass.add_files(["path/to/icon@2x.png", "path/to/thumbnail.png"])
+```
+
+![sample.pass](https://github.com/masukomi/passbook2/blob/master/docs/images/passbook_file_structure.png?raw=true)
+
+Once you've added everything you need to your pass, it's time to generate the `.pkpass` zip file. 
+
+``` ruby
+  pass.file # returns a Tempfile containing a ZipStream
+  
+  # you can optionally specify the file name and directory to store it in.
+  pass.file({file_name: 'pass.pkpass', directory: Dir.tmpdir})
+
+```
+
+In a Rails app you'd want to send the `.pkpass` data to users with the appropriate mime-type. Here's how to do that.
+
+``` ruby
+      zip_file_path = my_pass.file.path
+      File.open(zip_file_path, "r") do |file|
+        send_data(file.read,
+                  type:        "application/vnd.apple.pkpass",
+                  disposition: "attachment",
+                  filename:    "#{thingy.descriptive_name}.pkpass")
+      end
+```
+
+### Creating MultiPasses 
+
+Apple supports the idea of a MultiPass. This is just a zipped collection of multiple passes. If, for example, someone buys 5 tickets, you can send them a MultiPass with all 5 wallet passes in it. 
+
+A MultiPass must contain between 1 and 10 passes (inclusive). If your user needs more than 10 items you'll just have to convince them to download multiple MultiPasses. This is annoying, but it's Apple's restriction so there's nothing we can do about it.
+
+To create a MultiPass simply call `PKMultiPass.create_multipass` and give it an array of `PKPass` objects and a valid path and filename to store your MultiPass in. Note that it must end with `.pkpasses`
+
+``` ruby
+      my_file_path = File.join(temp_dir, "#{my_order_number}.pkpasses")
+      multipass_zip_file_path = Passbook::PKMultiPass.create_multipass(
+                        array_of_pk_pass_objects, my_file_path
+                      )
+
+```
+This will return you the same path you passed in. The resulting `.pkpasses` zip file will use ordinal numbers for the names of the `.pkpass` files inside. E.g. `1.pkpass`, `2.pkpass`, `3.pkpass`, etc. 
+
+Note: if you know where the current documentation for creating MultiPass files is, please let me know. 
+
+Sending this data to users is exactly the same as sending the data for an individual pass. 
+
+-----
+
+### Original Passbook(1) functionality
+⚠ WARNING
+
+The following features & documentation come from the original passbook gem, and have _not_ been tested with Apple's current requirements. Signing _does_ work by default, but custom signing has not been tested and appears to still be thinking in terms of `.p12` files which Apple no longer honors. 
+
+Please make a PR if you make an updated version of any of this.
+
+
+#### Using Different Certificates For Different Passes
+
+Sometime you might want to be able to use different certificates for different passes.  This can be done by passing in a Signer class into your PKPass initializer. You don't have to use environment variables, but it's a good way to make these things easy to rotate in the future when the certs expire.
+
+```
+  signer = Passbook::Signer.new(
+    certificate:             Rails.root.join(ENV['PASSBOOK_X509_CERTIFICATE']),
+    rsa_private_key:         Rails.root.join(ENV['PASSBOOK_PRIVATE_KEY_PEM']),
+    password:                ENV['PASSBOOK_RSA_PASSWORD'],
+    apple_intermediate_cert: Rails.root.join(ENV['PASSBOOK_APPLE_INTERMEDIATE_CERTIFICATE'])
+  )
+  pk_pass = Passbook::PKPass.new(data, signer)
+
+  ....
+```
+
+### Push Notifications
+
+If you want to support passbook push notification updates you will need to configure the appropriate bits above.
+
+In order to support push notifications you will need to have a basic understanding of the way that push notifications work and how the data is passed back and forth. 
+
+Your pass will need to have a field called 'webServiceURL' with the base url to your site and a field called 'authenticationToken'. The json snippet should look like this.  Note that your url needs to be a valid signed https endpoint for production.  You can put your phone in dev mode to test updates against a insecure http endpoint (under settings => developer => passkit testing).
+
+```
+...
+  "webserviceURL" : "https://www.honeybadgers.com/",
+  "authenticationToken" : "yummycobras"
+...
+```
+
+Passbook includes rack middleware to make the job of supporting the passbook endpoints easier.  You will need to configure the middleware as outlined above and then implement a class called Passbook::PassbookNotification.  Below is an annotated implementation.
+
+```
+module Passbook
+  class PassbookNotification
+
+    # This is called whenever a new pass is saved to a users passbook or the
+    # notifications are re-enabled.  You will want to persist these values to
+    # allow for updates on subsequent calls in the call chain.  You can have
+    # multiple push tokens and serial numbers for a specific
+    # deviceLibraryIdentifier.
+
+    def self.register_pass(options)
+      the_passes_serial_number = options['serialNumber']
+      the_devices_device_library_identifier = options['deviceLibraryIdentifier']
+      the_devices_push_token = options['pushToken']
+      the_pass_type_identifier = options["passTypeIdentifier"]
+      the_authentication_token = options['authToken']
+
+      # this is if the pass registered successfully
+      # change the code to 200 if the pass has already been registered
+      # 404 if pass not found for serialNubmer and passTypeIdentifier
+      # 401 if authorization failed
+      # or another appropriate code if something went wrong.
+      {:status => 201}
+    end
+
+    # This is called when the device receives a push notification from apple.
+    # You will need to return the serial number of all passes associated with
+    # that deviceLibraryIdentifier.
+
+    def self.passes_for_device(options)
+      device_library_identifier = options['deviceLibraryIdentifier']
+      passes_updated_since = options['passesUpdatedSince']
+
+      # the 'lastUpdated' uses integers values to tell passbook if the pass is
+      # more recent than the current one.  If you just set it is the same value
+      # every time the pass will update and you will get a warning in the log files.
+      # you can use the time in milliseconds,  a counter or any other numbering scheme.
+      # you then also need to return an array of serial numbers.
+      {'lastUpdated' => '1', 'serialNumbers' => ['various', 'serial', 'numbers']}
+    end
+
+    # this is called when a pass is deleted or the user selects the option to disable pass updates.
+    def self.unregister_pass(options)
+      # a solid unique pair of identifiers to identify the pass are
+      serial_number = options['serialNumber']
+      device_library_identifier = options['deviceLibraryIdentifier']
+      the_pass_type_identifier = options["passTypeIdentifier"]
+      the_authentication_token = options['authToken']
+      # return a status 200 to indicate that the pass was successfully unregistered.
+      {:status => 200}
+    end
+
+    # this returns your updated pass
+    def self.latest_pass(options)
+      the_pass_serial_number = options['serialNumber']
+      # create your PkPass the way you did when your first created the pass.
+      # you will want to return
+      my_pass = PkPass.new 'your pass json'
+      # you will want to return the string from the stream of your PkPass object.
+      {:status => 200, :latest_pass => mypass.stream.string, :last_modified => '1442120893'}
+    end
+
+    # This is called whenever there is something from the update process that is a warning
+    # or error
+    def self.passbook_log(log)
+      # this is a VERY crude logging example.  use the logger of your choice here.
+      p "#{Time.now} #{log}"
+    end
+
+  end
+end
+
+```
+
+To send a push notification for a updated pass simply call Passbook::PushNotification.send_notification with the push token for the device you are updating
+
+```
+  Passbook::PushNotification.send_notification the_device_push_token
+
+```
+
+Apple will send out a notification to your phone (usually within 15 minutes or less),  which will cause the phone that this push notification is associated with to make a call to your server to get pass serial numbers and to then get the updated pass.  Each phone/pass combination has it's own push token whch will require a separate call for every phone that has push notifications enabled for a pass (this is an Apple thing).  In the future we may look into offering background process support for this as part of this gem.  For now,  if you have a lot of passes to update you will need to do this yourself.
+
+## Tests
+
+To launch tests:
+
+```bash
+  bundle exec rake spec
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+
+License
+-------
+
+passbook is released under the MIT license:
+
+* http://www.opensource.org/licenses/MIT

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: %i[spec]

data/VERSION

@@ -0,0 +1 @@
+0.5.1

data/lib/passbook/pk_multi_pass.rb

@@ -0,0 +1,26 @@
+require 'zip'
+require 'fileutils'
+module Passbook
+  class PKMultiPass
+    def self.create_multipass(pk_passes, multipass_file_path)
+      raise "Too many passes" if pk_passes.size > 10
+      raise "No passes provided" if pk_passes.size < 1
+      raise "multipass files must have the .pkpasses extension" \
+            unless multipass_file_path.end_with? ".pkpasses"
+      raise "passes must be PKPass objects" \
+            unless pk_passes.all? { |pass| pass.is_a? Passbook::PKPass }
+      temp_dir = Dir.mktmpdir
+      pass_counter = 0
+      Zip::File.open(multipass_file_path, create: true) do |zipfile|
+        pk_passes.each do | pass |
+            pass_counter += 1
+            file_name = "#{pass_counter}.pkpass"
+            pkpass_path = pass.file(file_name: file_name, directory: temp_dir)
+            zipfile.add(file_name, pkpass_path)
+        end
+      end
+      FileUtils.remove_dir(temp_dir, true)
+      multipass_file_path
+    end
+  end
+end

data/lib/passbook/pkpass.rb

@@ -0,0 +1,133 @@
+require 'digest/sha1'
+require 'openssl'
+require 'zip'
+require 'base64'
+
+module Passbook
+  class PKPass
+    attr_accessor :pass, :manifest_files, :signer
+
+    TYPES = %w(boarding-pass coupon event-ticket store-card generic)
+
+    # Initializes a new Passbook::PKPass object
+    # @param pass [String] JSON string representing the pass
+    # @param init_signer [Passbook::Signer] (optional) a signer object
+    def initialize(pass, init_signer = nil)
+      @pass           = pass
+      @manifest_files = []
+      @signer         = init_signer || Passbook::Signer.new
+    end
+
+    # Adds a single file to the pass
+    def add_file(file)
+      @manifest_files << file
+    end
+
+    # Adds multiple files to the pass
+    def add_files(files_array)
+      @manifest_files += files_array
+    end
+
+    # List of files in the pass
+    def list_files
+      @manifest_files
+    end
+
+
+
+    # Return a Tempfile containing our ZipStream
+    # @param options [Hash] :file_name, :directory
+    #   - file_name defaults to 'pass.pkpass'
+    #     a tempfile will be created and renamed to this
+    #   - directory defaults to Dir.tmpdir
+    #     and can be specifed as an absolute string path or a
+    #     Dir object
+    def file(options = {})
+      options[:file_name] ||= 'pass.pkpass'
+      options[:directory] ||= Dir.tmpdir
+      desired_path = File.join(options[:directory], options[:file_name])
+
+      File.binwrite(desired_path, self.stream.string)
+      File.new(desired_path)
+    end
+
+    # Return a ZipOutputStream
+    def stream
+      manifest, signature = build
+
+      output_zip manifest, signature
+    end
+
+    # Builds the pass.
+    # Creates the manifest, checks for necessary files and fields
+    # Returns an array with the manifest and the pass' cryptographic signature
+    # Don't call this unless you have a specific need. Use #file or #stream instead
+    def build
+      manifest = create_manifest
+
+      # Check pass for necessary files and fields
+      check_pass manifest
+
+      # Create pass signature
+      signature = @signer.sign manifest
+
+      [manifest, signature]
+    end
+
+    ## PRIVATE METHODS ##############################################################
+    private
+
+    def check_pass(manifest)
+      # Check for default images
+      raise 'Icon missing'                         unless manifest.include?('icon.png')
+      raise 'Icon@2x missing'                      unless manifest.include?('icon@2x.png')
+
+      # Check for developer field in JSON
+      raise 'Pass Type Identifier missing'         unless @pass.include?('passTypeIdentifier')
+      raise 'Team Identifier missing'              unless @pass.include?('teamIdentifier')
+      raise 'Serial Number missing'                unless @pass.include?('serialNumber')
+      raise 'Organization Name Identifier missing' unless @pass.include?('organizationName')
+      raise 'Format Version'                       unless @pass.include?('formatVersion')
+      raise 'Format Version should be a numeric'   unless JSON.parse(@pass)['formatVersion'].is_a?(Numeric)
+      raise 'Description'                          unless @pass.include?('description')
+    end
+
+    def create_manifest
+      sha1s = {}
+      sha1s['pass.json'] = Digest::SHA1.hexdigest @pass
+
+      @manifest_files.each do |file|
+        if file.class == Hash
+          sha1s[file[:name]] = Digest::SHA1.hexdigest file[:content]
+        else
+          # either a File or a Pathname
+          sha1s[File.basename(file)] = Digest::SHA1.file(File.absolute_path(file)).hexdigest
+        end
+      end
+
+      sha1s.to_json
+    end
+
+    def output_zip(manifest, signature)
+
+      Zip::OutputStream.write_buffer do |zip|
+        zip.put_next_entry 'pass.json'
+        zip.write @pass
+        zip.put_next_entry 'manifest.json'
+        zip.write manifest
+        zip.put_next_entry 'signature'
+        zip.write signature
+
+        @manifest_files.each do |file|
+          if file.class == Hash
+            zip.put_next_entry file[:name]
+            zip.print file[:content]
+          else
+            zip.put_next_entry File.basename(file)
+            zip.print IO.read(file)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/passbook/push_notification.rb

@@ -0,0 +1,19 @@
+module Passbook
+  class PushNotification
+    class << self
+      def pusher
+        @pusher ||= Grocer.pusher(
+          :certificate => Passbook.notification_cert,
+          :passphrase  => Passbook.notification_passphrase || "",
+          :gateway     => Passbook.notification_gateway
+        )
+      end
+
+      def send_notification(device_token)
+        notification = Grocer::PassbookNotification.new(:device_token => device_token)
+
+        pusher.push notification
+      end
+    end
+  end
+end