pedicel-pay 0.0.5 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6946f1b2a2838dd1a7b10127e3d11e49945ef7377a904495b77df0238f39e242
-  data.tar.gz: 6fc5c2e1bf92d810e1acaa6c2eb498aeec2f3a3bbe3f9bb59c71e3dcc0e393a0
+  metadata.gz: 12084da10c8a033bfa52a0bb9ab055780a1985760044e98f964afec44143dc27
+  data.tar.gz: 2c5c9b7e328b0ce6fb94b198a85e0212d503046b30f1e797145d0ebf343a3249
 SHA512:
-  metadata.gz: 4f1ad26538147468ca693f8322fdf6ff88994e6f152ca947e9de3f8f8b3e7d8428dc3b58a3da67d9dba086e5f0c31ed1fd73f7d51ea88a1b02b1c541c05483cc
-  data.tar.gz: 7b66f69c2daebc147a6a891e8ebb0f92d338bc3000c6bfed329c5393eb3f2af0967368a24eda7d387a7ce377865f1df86c235ee5ce4dd4723cd125c37b2302ed
+  metadata.gz: 66085fa5b654cd9bfe01a347865df7332435b4047ed0115a5cdff639ddd6fe524808cfc80f50aed1017eb454ac1c71f1191597cb1641f49c2d2915ae15de2ba7
+  data.tar.gz: 0c4f411ea8648e9b86c848197a4e6a57b26b30f0ebd621f4c453a9af0686521c5b2f183c039a47b2a30c0b63d73759ebbdb1e8cbd3c9d3ac085e5a63f18425f5

data/exe/pedicel-pay

@@ -137,6 +137,19 @@ module PedicelPay
       puts token.to_json
     end
 
+    desc 'extract-symmetric-key', 'Extract the symmetric key that is used for encryption/decryption of the token'
+    option 'client-path', type: :string, path: true, aliases: :c
+    option 'file', type: :string, aliases: :f
+
+    def extract_symmetric_key
+      raw_token = options['file'] ? File.read(options['file']) : $stdin.read
+      token = JSON.parse(raw_token)
+
+      client = Helper.load_client(options['client-path'])
+
+      puts client.symmetric_key(token)
+    end
+
 
     desc 'decrypt-token', 'Decrypt a token'
     option 'client-path', type: :string, path: true, aliases: :c
@@ -152,6 +165,28 @@ module PedicelPay
 
       puts client.decrypt(token, ca_certificate_pem: backend.ca_certificate.to_pem)
     end
+
+    desc 'decrypt-token-from-symmetric-key', 'Decrypt a token using the symmetric key'
+    option 'symmetric-key', type: :string, alias: :k
+    option 'file', type: :string, aliases: :f
+    option 'backend-path', type: :string, path: true, aliases: :b
+    option 'time', type: :string, alias: :t
+
+    def decrypt_token_from_symmetric_key
+      raw_token = options['file'] ? File.read(options['file']) : $stdin.read
+      token = JSON.parse(raw_token)
+
+      params = { symmetric_key: Helper.hex_to_bytestring(options['symmetric-key']) }
+
+      params.merge!(now: Time.parse(options['time'])) if options['time']
+
+      if options['backend-path']
+        backend = Helper.load_backend(options['backend-path'])
+        params.merge!(ca_certificate_pem: backend.ca_certificate.to_pem)
+      end
+
+      puts Pedicel::EC.new(token).decrypt(params)
+    end
   end
 
   class Helper

data/lib/pedicel-pay/backend.rb

@@ -104,6 +104,17 @@ module PedicelPay
         OpenSSL::PKCS7::BINARY # Handle 0x00 correctly.
       )
 
+      # Check that the newly created signature is good.
+      flags = \
+        # https://wiki.openssl.org/index.php/Manual:PKCS7_verify(3)#VERIFY_PROCESS
+        OpenSSL::PKCS7::NOCHAIN  | # Ignore certs in the message.
+        OpenSSL::PKCS7::NOINTERN   # Only look at the supplied certificate.
+      trust_store = OpenSSL::X509::Store.new
+      trust_store.add_cert(ca_certificate).add_cert(intermediate_certificate)
+      unless signature.verify([certificate], trust_store, message, flags)
+        fail 'signature is wrong'
+      end
+
       if replace
         # Just replace token.signature.
       else

data/lib/pedicel-pay/client.rb

@@ -38,5 +38,12 @@ module PedicelPay
         new(token).
         decrypt(private_key: key, certificate: certificate, ca_certificate_pem: ca_certificate_pem, now: now)
     end
+
+    def symmetric_key(token)
+      Pedicel::EC.
+        new(token).
+        symmetric_key(private_key: key, certificate: certificate).
+        unpack('H*')
+    end
   end
 end

data/lib/pedicel-pay/helper.rb

@@ -20,6 +20,10 @@ module PedicelPay
       string.unpack('H*').first
     end
 
+    def self.hex_to_bytestring(hex)
+      [hex].pack('H*')
+    end
+
     def self.merchant_id(x)
       case x
       when Client

data/lib/pedicel-pay/token_data.rb

@@ -102,7 +102,7 @@ module PedicelPay
     end
 
     def card_expired?(now)
-      Time.parse(expired) <= now
+      Time.parse(expiry) <= now
     end
 
     def self.sample_expiry(expired: nil, now: nil, soon: nil)

data/lib/pedicel-pay/version.rb

@@ -1,3 +1,3 @@
 module PedicelPay
-  VERSION = '0.0.5'
+  VERSION = '0.0.6'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pedicel-pay
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.6
 platform: ruby
 authors:
 - Clearhaus A/S
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-08-06 00:00:00.000000000 Z
+date: 2022-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 2.1.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: 2.1.4
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.0'
+        version: 1.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.0'
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -115,8 +115,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Backend and client part of Apple Pay