pedicel 0.0.2 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: d2328aa143a9d49fbec83ddd1550c648267e039a
-  data.tar.gz: a90ab943850850e230bb6baa74dc498fab689ea2
+SHA256:
+  metadata.gz: 628cf5b61cec879b91695fdbbf8f9c3a0803a9c7be2645076d34da772f030b86
+  data.tar.gz: 04dd8ff38fe186fdf5f79a2c648a9482e63add4df9ac2b42aa2b229b2c4ae3fa
 SHA512:
-  metadata.gz: dc1dded2040b5efb55a74617873cb0ac5884d3fbdb7cb5694aa6bb1c6b5869aa01d66d0c38224c4759302cdc85f4aa1826859d1939c039925344abe604ec2dff
-  data.tar.gz: a719c00c24208ceffd9666df3f1925b0a9a16ad1c753ef688366b9703812b343d36e1705985f613148e6927e5422b48fcc8903ee107841686dc7e7aa2e7a788f
+  metadata.gz: 111ea8c7a4baf9cdf7128aeb710cd9ea8d51a31e722d2ae93939812bc12cee9c388476e62b33042ca5fe41324239b106f87a128e2ea599b57b9d2771ec7521fe
+  data.tar.gz: ad718264658b4c26ae9c62644e98a5b6056637b781a3100c01666e08b1d07ff569c21abe1cb7bd18647bcd904898730b4b081349552b37d81672f72242b4a9b5

data/lib/pedicel/base.rb

@@ -1,20 +1,18 @@
 require 'openssl'
 require 'base64'
+require 'pedicel/validator'
 
 module Pedicel
   class Base
-    SUPPORTED_VERSIONS = [:EC_v1]
+    SUPPORTED_VERSIONS = [:EC_v1].freeze
 
-    def initialize(token, now: Time.now)
-      @token = token
-    end
-
-    def validate_content(now: Time.now)
-      raise VersionError, "unsupported version: #{version}" unless SUPPORTED_VERSIONS.include?(@token['version'])
+    attr_reader :config
 
-      raise ReplayAttackError, "token signature time indicates a replay attack (age #{now-cms_signing_time})" unless signing_time_ok?(now: now)
+    def initialize(token, config: Pedicel::DEFAULT_CONFIG)
+      Validator.validate_token(token)
 
-      raise SignatureError unless valid_signature?
+      @token  = token
+      @config = config
     end
 
     def version
@@ -38,68 +36,79 @@ module Pedicel
     end
 
     def application_data
-      return nil unless @token['applicationData']
-
-      [@token['applicationData']].pack('H*')
-    end
-
-    def signing_time_ok?(now: Time.now)
-      # "Inspect the CMS signing time of the signature, as defined by section 11.3
-      # of RFC 5652. If the time signature and the transaction time differ by more
-      # than a few minutes, it's possible that the token is a replay attack."
-      # https://developer.apple.com/library/content/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html
+      return nil unless @token['header']['applicationData']
 
-      delta = Pedicel.config[:replay_threshold_seconds]
-
-      cms_signing_time.between?(now - delta, now + delta)
-      # Deliberately ignoring leap seconds.
+      [@token['header']['applicationData']].pack('H*')
     end
 
     def private_key_class
-      {EC_v1: OpenSSL::PKey::EC, RSA_v1: OpenSSL::PKey::RSA}[version]
+      raise VersionError, "unsupported version: #{version}" unless SUPPORTED_VERSIONS.include?(version)
+
+      { EC_v1: OpenSSL::PKey::EC, RSA_v1: OpenSSL::PKey::RSA }[version]
     end
 
     def symmetric_algorithm
-      {EC_v1: 'aes-256-gcm', RSA_v1: 'aes-128-gcm'}[version]
+      raise VersionError, "unsupported version: #{version}" unless SUPPORTED_VERSIONS.include?(version)
+
+      { EC_v1: 'aes-256-gcm', RSA_v1: 'aes-128-gcm' }[version]
     end
 
     def decrypt_aes(key:)
       raise TokenFormatError, 'no encrypted data present' unless encrypted_data
 
       if OpenSSL::Cipher.new('aes-256-gcm').respond_to?(:iv_len=)
-        # Either because you use Ruby >=2.4's native openssl lib, or if you have a
-        # "recent enough" version of the openssl gem available.
+        # Either because you use Ruby >=2.4's native openssl lib, or if you have
+        # a "recent enough" version of the openssl gem available.
+        decrypt_aes_openssl(key)
+      else
+        decrypt_aes_gem(key)
+      end
+    end
 
-        cipher = OpenSSL::Cipher.new(symmetric_algorithm)
-        cipher.decrypt
+    private
+    def decrypt_aes_openssl(key)
+      cipher = OpenSSL::Cipher.new(symmetric_algorithm)
+      cipher.decrypt
 
+      begin
         cipher.key = key
-        cipher.iv_len = 16 # Must be set before the IV because default is 12 and
-                           # only IVs of length `iv_len` will be accepted.
-        cipher.iv = "\x00".b * cipher.iv_len
+      rescue ArgumentError => e
+        raise Pedicel::AesKeyError, "invalid key: #{e.message}"
+      end
 
-        split_position = encrypted_data.length - cipher.iv_len
-        tag = encrypted_data.slice(split_position, cipher.iv_len)
-        untagged_encrypted_data = encrypted_data.slice(0, split_position)
+      # iv_len must be set before the IV because default is 12 and
+      # only IVs of length `iv_len` will be accepted.
+      cipher.iv_len = 16
+      cipher.iv = 0.chr * cipher.iv_len
 
-        cipher.auth_tag = tag
-        cipher.auth_data = ''.b
+      split_position = encrypted_data.length - cipher.iv_len
+      tag = encrypted_data.slice(split_position, cipher.iv_len)
+      untagged_encrypted_data = encrypted_data.slice(0, split_position)
 
-        cipher.update(untagged_encrypted_data) << cipher.final
-      else
-        require 'aes256gcm_decrypt'
+      cipher.auth_tag = tag
+      cipher.auth_data = ''.b
 
-        Aes256GcmDecrypt::decrypt(encrypted_data, key)
-      end
+      cipher.update(untagged_encrypted_data) << cipher.final
+    rescue OpenSSL::Cipher::CipherError
+      raise Pedicel::AesKeyError, 'wrong key'
+    end
+
+    def decrypt_aes_gem(key)
+      require 'aes256gcm_decrypt'
+
+      Aes256GcmDecrypt.decrypt(encrypted_data, key)
+    rescue Aes256GcmDecrypt::Error => e
+      raise Pedicel::AesKeyError, "decryption failed: #{e}"
     end
+    public
 
     def valid_signature?(now: Time.now)
-      true if validate_signature(now: now)
+      !!verify_signature(now: now)
     rescue
       false
     end
 
-    def verify_signature(ca_certificate_pem: Pedicel.config[:apple_root_ca_g3_cert_pem], now: Time.now)
+    def verify_signature(ca_certificate_pem: @config[:trusted_ca_pem], now: Time.now)
       raise SignatureError, 'no signature present' unless signature
 
       begin
@@ -108,24 +117,34 @@ module Pedicel
         raise SignatureError, "invalid PKCS #7 signature: #{e.message}"
       end
 
-      # 1.a
-      # Ensure that the certificates contain the correct custom OIDs: (...).
-      # The value for these marker OIDs doesn't matter, only their presence.
-      leaf, intermediate = self.class.verify_signature_certificate_oids(signature: s)
-
       begin
-        root = OpenSSL::X509::Certificate.new(ca_certificate_pem)
+        trusted_root = OpenSSL::X509::Certificate.new(ca_certificate_pem)
       rescue => e
-        raise CertificateError, "invalid root certificate: #{e.message}"
+        raise CertificateError, "invalid trusted root certificate: #{e.message}"
       end
 
+      # 1.a
+      # Ensure that the certificates contain the correct custom OIDs: (...).
+      # The value for these marker OIDs doesn't matter, only their presence.
+      leaf, intermediate, other = self.class.extract_certificates(signature: s)
+      # Implicit since these are the ones extracted.
+
       # 1.b
       # Ensure that the root CA is the Apple Root CA - G3. (...)
-      self.class.verify_root_certificate(root: root, intermediate: intermediate)
+      if other
+        self.class.verify_root_certificate(trusted_root: trusted_root, root: other)
+        # Allow no other certificate than the root.
+      #else
+        # no other certificate is not extracted from the signature, and thus, we
+        # trust the trusted root.
+      end
 
       # 1.c
-      # Ensure that there is a valid X.509 chain of trust from the signature to the root CA.
-      self.class.verify_x509_chain(root: root, intermediate: intermediate, leaf: leaf)
+      # Ensure that there is a valid X.509 chain of trust from the signature to
+      # the root CA.
+      self.class.verify_x509_chain(root: trusted_root, intermediate: intermediate, leaf: leaf)
+      # We "only" check the *certificate* chain (from leaf to root). Below (in
+      # 1.d) is checked that the signature is created with the leaf.
 
       # 1.d
       # Validate the token's signature.
@@ -140,58 +159,91 @@ module Pedicel
       self
     end
 
-    private
+    def self.extract_certificates(signature:, config: Pedicel::DEFAULT_CONFIG)
+      leafs, intermediates, others = [], [], []
 
-    def self.verify_signature_certificate_oids(signature:)
-      leaf = signature.certificates.find{|c| c.extensions.find{|e| e.oid == Pedicel.config[:oids][:leaf_certificate]}}
-      unless leaf
-        raise SignatureError, "no leaf certificate found (OID #{Pedicel.config[:oids][:leaf_certificate]})"
-      end
+      signature.certificates.each do |certificate|
+        leaf_or_intermediate = false
+
+        certificate.extensions.each do |extension|
+          case extension.oid
+          when config[:oid_intermediate_certificate]
+            intermediates << certificate
+            leaf_or_intermediate = true
+          when config[:oid_leaf_certificate]
+            leafs << certificate
+            leaf_or_intermediate = true
+          end
+        end
 
-      intermediate = signature.certificates.find{|c| c.extensions.find{|e| e.oid == Pedicel.config[:oids][:intermediate_certificate]}}
-      unless intermediate
-        raise SignatureError, "no intermediate certificate found (OID #{Pedicel.config[:oids][:leaf_certificate]})"
+        others << certificate unless leaf_or_intermediate
       end
 
-      [leaf, intermediate]
+      raise SignatureError, "no unique leaf certificate found (OID #{config[:oid_leaf_certificate]})" unless leafs.length == 1
+      raise SignatureError, "no unique intermediate certificate found (OID #{config[:oid_intermediate_certificate]})" unless intermediates.length == 1
+      raise SignatureError, "too many certificates found in the signature: #{others.map(&:subject).join('; ')}" if others.length > 1
+
+      [leafs.first, intermediates.first, others.first]
     end
 
-    def self.verify_root_certificate(root:, intermediate:)
-      unless intermediate.issuer == root.subject
-        raise SignatureError, 'root certificate has not issued intermediate certificate'
-      end
+    def self.verify_root_certificate(root:, trusted_root:)
+      raise SignatureError, 'root certificate is not trusted' unless root.to_der == trusted_root.to_der
+
+      true
     end
 
     def self.verify_x509_chain(root:, intermediate:, leaf:)
-      valid_chain = OpenSSL::X509::Store.new.
-                      add_cert(root).
-                      add_cert(intermediate).
-                      verify(leaf)
+      store = OpenSSL::X509::Store.new.add_cert(root)
+
+      unless store.verify(root)
+        raise SignatureError, "invalid chain due to root: #{store.error_string}"
+      end
+
+      unless store.verify(intermediate)
+        raise SignatureError, "invalid chain due to intermediate: #{store.error_string}"
+      end
+
+      begin
+        store.add_cert(intermediate)
+      rescue OpenSSL::X509::StoreError
+        raise SignatureError, "invalid chain due to intermediate"
+      end
 
-      raise SignatureError, 'invalid chain of trust' unless valid_chain
+      begin
+        store.add_cert(leaf)
+      rescue OpenSSL::X509::StoreError
+        raise SignatureError, "invalid chain due to leaf"
+      end
+
+      unless store.verify(leaf)
+        raise SignatureError, "invalid chain due to leaf: #{store.error_string}"
+      end
+
+      true
     end
 
-    def self.verify_signed_time(signature:, now:)
+    def self.verify_signed_time(signature:, now:, config: Pedicel::DEFAULT_CONFIG)
       # Inspect the CMS signing time of the signature, as defined by section
       # 11.3 of RFC 5652. If the time signature and the transaction time differ
       # by more than a few minutes, it's possible that the token is a replay
       # attack.
+      # https://developer.apple.com/library/content/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html
 
       unless signature.signers.length == 1
         raise SignatureError, 'not 1 signer, unable to determine signing time'
       end
       signed_time = signature.signers.first.signed_time
 
-      few_min = Pedicel.config[:replay_threshold_seconds]
+      few_min = config[:replay_threshold_seconds]
 
-      # Time objects. DST aware. Ignoring leap seconds.
-      return if signed_time.between?(now - few_min, now + few_min) # Both ends included.
+      # Time objects. DST aware. Ignoring leap seconds. Both ends included.
+      return true if signed_time.between?(now - few_min, now + few_min)
 
       diff = signed_time - now
       if diff.negative?
-        raise SignatureError, "signature too old; signed #{-diff.to_i}s ago"
+        raise SignatureError, "signature too old; signed #{-diff}s ago"
       end
-      raise SignatureError, "signature too new; signed #{diff.to_i}s in the future"
+      raise SignatureError, "signature too new; signed #{diff}s in the future"
     end
   end
 end

data/lib/pedicel/ec.rb

@@ -7,47 +7,44 @@ module Pedicel
     end
 
     def decrypt(symmetric_key: nil, merchant_id: nil, certificate: nil, private_key: nil,
-                ca_certificate_pem: Pedicel.config[:apple_root_ca_g3_cert_pem], now: Time.now)
-      raise ArgumentError 'invalid argument combination' unless \
-        !symmetric_key.nil? ^ ((!merchant_id.nil? ^ !certificate.nil?) && !private_key.nil?)
-      # .-------------------'--------. .----------'----. .-------------''---.
-      # | symmetric_key can be       | | merchant_id   | | Both private_key |
-      # | derived from private_key   | | (byte string) | | and merchant_id  |
-      # | and the shared_secret---   | | can be        | | is necessary to  |
-      # | which can be derived from  | | derived from  | | derive the       |
-      # | the private_key and the    | | the public    | | symmetric key    |
-      # | token's ephemeralPublicKey | | certificate   | '------------------'
-      # '----------------------------' '---------------'
-
-      if private_key
-        symmetric_key = symmetric_key(private_key: private_key,
-                                      certificate: certificate,
-                                      merchant_id: merchant_id)
+                ca_certificate_pem: @config[:trusted_ca_pem], now: Time.now)
+      # Check for necessary parameters.
+      unless symmetric_key || ((merchant_id || certificate) && private_key)
+        raise ArgumentError, 'missing parameters'
+      end
+
+      # Check for uniqueness among the supplied parameters used directly here.
+      if symmetric_key && (merchant_id || certificate || private_key)
+        raise ArgumentError, "leave out other parameters when supplying 'symmetric_key'"
       end
 
       verify_signature(ca_certificate_pem: ca_certificate_pem, now: now)
+
+      symmetric_key ||= symmetric_key(private_key: private_key,
+                                      merchant_id: merchant_id,
+                                      certificate: certificate)
+
       decrypt_aes(key: symmetric_key)
     end
 
-    def symmetric_key(shared_secret: nil, private_key: nil, merchant_id: nil, certificate: nil)
-      raise ArgumentError 'invalid argument combination' unless \
-        (!shared_secret.nil? ^ !private_key.nil?) && (!merchant_id.nil? ^ !certificate.nil?)
-      # .--------------------'.  .----------------'|  .-----------------'--.
-      # | shared_secret can   |  | shared_secret   |  | merchant_id (byte  |
-      # | be derived from the |  | and merchant_id |  | string can be      |
-      # | private_key and the |  | is necessary to |  | derived from the   |
-      # | ephemeralPublicKey  |  | derive the      |  | public certificate |
-      # '---------------------'  | symmetric_key   |  '--------------------'
-      #                          '-----------------'
+    def symmetric_key(private_key: nil, merchant_id: nil, certificate: nil)
+      # Check for necessary parameters.
+      unless private_key && (merchant_id || certificate)
+        raise ArgumentError, 'missing parameters'
+      end
+
+      # Check for uniqueness among the supplied parameters.
+      if merchant_id && certificate
+        raise ArgumentError, "leave out 'certificate' when supplying 'merchant_id'"
+      end
+
+      shared_secret = shared_secret(private_key: private_key)
 
-      shared_secret = shared_secret(private_key: private_key) if private_key
-      merchant_id = self.class.merchant_id(certificate: certificate) if certificate
+      merchant_id ||= self.class.merchant_id(certificate: certificate)
 
       self.class.symmetric_key(shared_secret: shared_secret, merchant_id: merchant_id)
     end
 
-    # Extract the shared secret from one public key (the ephemeral) and one
-    # private key.
     def shared_secret(private_key:)
       begin
         privkey = OpenSSL::PKey::EC.new(private_key)
@@ -58,19 +55,21 @@ module Pedicel
       begin
         pubkey = OpenSSL::PKey::EC.new(ephemeral_public_key).public_key
       rescue => e
-        raise EcKeyError, "invalid format of ephemeralPublicKey (from token) for EC: #{e.message}"
+        raise EcKeyError, "invalid ephemeralPublicKey (from token) for EC: #{e.message}"
       end
 
       unless privkey.group == pubkey.group
-        raise EcKeyError,
-          "private_key curve '#{privkey.group.curve_name}' differ from " \
-          "ephemeralPublicKey (from token) curve '#{pubkey.group.curve_name}'"
+        raise EcKeyError, "private_key curve '%s' differs from token ephemeralPublicKey curve '%s'" %
+                          [privkey.group.curve_name, pubkey.group.curve_name]
       end
 
       privkey.dh_compute_key(pubkey)
     end
 
     def self.symmetric_key(merchant_id:, shared_secret:)
+      raise ArgumentError, 'merchant_id must be a SHA256' unless merchant_id.is_a?(String) && merchant_id.length == 32
+      raise ArgumentError, 'shared_secret must be a string' unless shared_secret.is_a?(String)
+
       # http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf
       # Section 5.8.1.1, The Single-Step KDF Specification.
       #
@@ -92,18 +91,18 @@ module Pedicel
       # >    hashlen` leftmost bits of `K(reps)`.
       # > 7. Return `K(1) || K(2) || ... || K(reps-1) || K_Last`.
       #
-      # Digest::SHA256 will do the calculations when we throw Z and OtherInfo into
-      # the digest.
+      # Digest::SHA256 will do the calculations when we throw Z and OtherInfo
+      # into the digest.
 
       sha256 = Digest::SHA256.new
 
-      # Step 3:
+      # Step 3
       sha256 << "\x00\x00\x00\x01"
 
-      # Z:
+      # Z
       sha256 << shared_secret
 
-      # OtherInfo:
+      # OtherInfo
       # https://developer.apple.com/library/content/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html
       sha256 << "\x0d" + 'id-aes256-GCM' # AlgorithmID
       sha256 << 'Apple' # PartyUInfo
@@ -112,7 +111,7 @@ module Pedicel
       sha256.digest
     end
 
-    def self.merchant_id(certificate:)
+    def self.merchant_id(certificate:, config: Pedicel::DEFAULT_CONFIG)
       begin
         cert = OpenSSL::X509::Certificate.new(certificate)
       rescue => e
@@ -120,11 +119,11 @@ module Pedicel
       end
 
       merchant_id_hex =
-        cert.
-          extensions.
-          find { |x| x.oid == Pedicel.config[:oids][:merchant_identifier_field] }&.
-          value&. # Hex encoded Merchant ID plus perhaps extra non-hex chars.
-          delete("^[0-9a-fA-F]") # Remove non-hex chars.
+        cert
+        .extensions
+        .find { |x| x.oid == config[:oid_merchant_identifier_field] }
+        &.value # Hex encoded Merchant ID plus perhaps extra non-hex chars.
+        &.delete('^[0-9a-fA-F]') # Remove non-hex chars.
 
       raise CertificateError, 'no merchant identifier in certificate' unless merchant_id_hex
 
@@ -163,6 +162,8 @@ module Pedicel
       unless signature.verify(certificates, store, message, flags)
         raise SignatureError, 'signature does not match the message'
       end
+
+      true
     end
   end
 end

data/lib/pedicel/validator.rb

@@ -1,138 +1,168 @@
 require 'dry-validation'
 require 'base64'
+require 'openssl'
 
 module Pedicel
+  # Validation class for Apple Pay Payment Token and associated data:
+  # https://developer.apple.com/library/content/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html
+  # This purposefully only does syntactic validation (as opposed to semantic).
   class Validator
     class Error < StandardError; end
     class TokenFormatError < Error; end
     class TokenDataFormatError < Error; end
 
-    DRY_CUSTOM_PREDICATE_ERRORS = {
-      base64?: 'invalid base64',
-      hex?: 'invalid hex',
-      pan?: 'invalid pan',
-      yymmdd?: 'invalid date format YYMMDD',
-    }
-
     module Predicates
       include Dry::Logic::Predicates
 
-      predicate(:base64?) { |value| !Base64.decode64(value).nil? rescue false }
+      CUSTOM_PREDICATE_ERRORS = {
+        base64?:          'invalid base64',
+        hex?:             'invalid hex',
+        pan?:             'invalid pan',
+        yymmdd?:          'invalid date format YYMMDD',
+        ec_public_key?:   'is not an EC public key',
+        pkcs7_signature?: 'is not a PKCS7 Signature',
+        eci?:             'not an ECI indicator',
+        hex_sha256?:      'not hex-encoded SHA256',
+        base64_sha256?:   'not base64-encoded SHA256',
+      }.freeze
+
+      # Support Ruby 2.3, but use the faster #match? when available.
+      match_b = String.new.respond_to?(:match?) ? lambda{|s, re| s.match?(re)} : lambda{|s, re| !!(s =~ re)}
+
+      predicate(:base64?) do |x|
+        str?(x) &&
+          match_b.(x, /\A[=A-Za-z0-9+\/]*\z/) && # allowable chars
+          x.length.remainder(4).zero? && # multiple of 4
+          !match_b.(x, /=[^$=]/) && # may only end with ='s
+          !match_b.(x, /===/) # at most 2 ='s
+      end
+
+      # We should figure out how strict we should be. Hopefully we can discard
+      # the above base64? predicate and use the following simpler one:
+      #predicate(:strict_base64?) { |x| !!Base64.strict_decode64(x) rescue false }
 
-      predicate(:hex?) { |value| !Regexp.new(/\A[a-f0-9-]*\z/i).match(value).nil? }
+      predicate(:base64_sha256?) { |x| base64?(x) && Base64.decode64(x).length == 32 }
 
-      predicate(:pan?) { |value| !Regexp.new(/\A[0-9]{13,19}\z/).match(value).nil? }
+      predicate(:hex?) { |x| str?(x) && match_b.(x, /\A[a-f0-9]*\z/i) }
 
-      predicate(:yymmdd?) do |value|
-        return false unless value.length == 6
-        Time.new(value[0..1],value[2..3], value[4..5]).is_a?(Time) rescue false
-      end
+      predicate(:hex_sha256?) { |x| hex?(x) && x.length == 64 }
+
+      predicate(:pan?) { |x| str?(x) && match_b.(x, /\A[1-9][0-9]{11,18}\z/) }
+
+      predicate(:yymmdd?) { |x| str?(x) && match_b.(x, /\A\d{6}\z/) }
+
+      predicate(:eci?) { |x| str?(x) && match_b.(x, /\A\d{2}\z/) }
+
+      predicate(:ec_public_key?) { |x| base64?(x) && OpenSSL::PKey::EC.new(Base64.decode64(x)).check_key rescue false }
+
+      predicate(:pkcs7_signature?) { |x| base64?(x) && !!OpenSSL::PKCS7.new(Base64.decode64(x)) rescue false }
     end
 
     TokenSchema = Dry::Validation.Schema do
       configure do
+        # NOTE: This option removes/sanitizes hash element not mentioned/tested.
+        # Hurray for good documentation.
+        config.input_processor = :json
+
+        # In theory, I would guess that :strict below would cause a failure if
+        # untested keys were encountered, however this appears to not be the
+        # case. Anyways, it's (of course) not documented.
+        # config.hash_type = :strict
+
         predicates(Predicates)
         def self.messages
-          super.merge(en: { errors: DRY_CUSTOM_PREDICATE_ERRORS })
+          super.merge(en: { errors: Predicates::CUSTOM_PREDICATE_ERRORS })
         end
       end
 
       required(:data).filled(:str?, :base64?)
 
       required(:header).schema do
-        optional(:applicationData).filled(:str?, :hex?)
+        optional(:applicationData).filled(:str?, :hex?, :hex_sha256?)
+
+        optional(:ephemeralPublicKey).filled(:str?, :base64?, :ec_public_key?)
 
-        optional(:ephemeralPublicKey).filled(:str?, :base64?)
         optional(:wrappedKey).filled(:str?, :base64?)
+
         rule('ephemeralPublicKey xor wrappedKey': [:ephemeralPublicKey, :wrappedKey]) do |e, w|
           e.filled? ^ w.filled?
         end
 
-        required(:publicKeyHash).filled(:str?, :base64?)
+        required(:publicKeyHash).filled(:str?, :base64?, :base64_sha256?)
 
         required(:transactionId).filled(:str?, :hex?)
       end
 
-      required(:signature).filled(:str?, :base64?)
+      required(:signature).filled(:str?, :base64?, :pkcs7_signature?)
 
-      required(:version).filled(:str?, included_in?: ['EC_v1', 'RSA_v1'])
+      required(:version).filled(:str?, included_in?: %w[EC_v1 RSA_v1])
     end
 
-    # Pedicel::Validator::TokenSchema.call({data: 'asdf', header: {ephemeralPublicKey: 'e', publicKeyHash: 'p', transactionId: 'f'}, signature: 's', version: 'EC_v1'})
-
     TokenDataSchema = Dry::Validation.Schema do
       configure do
         predicates(Predicates)
         def self.messages
-          super.merge(en: { errors: DRY_CUSTOM_PREDICATE_ERRORS })
+          super.merge(en: { errors: Predicates::CUSTOM_PREDICATE_ERRORS })
         end
       end
 
-      required(:applicationPrimaryAccountNumber).filled(:str?, :pan?)
+      required('applicationPrimaryAccountNumber').filled(:str?, :pan?)
 
-      required(:applicationExpirationDate).filled(:str?, :yymmdd?)
+      required('applicationExpirationDate').filled(:str?, :yymmdd?)
 
-      required(:currencyCode).filled(:str?, format?: /\A[0-9]{3}\z/)
+      required('currencyCode').filled(:str?, format?: /\A[0-9]{3}\z/)
 
-      required(:transactionAmount).filled(:int?)
+      required('transactionAmount').filled(:int?)
 
-      optional(:cardholderName).filled(:str?)
+      optional('cardholderName').filled(:str?)
 
-      required(:deviceManufacturerIdentifier).filled(:str?, :hex?)
+      required('deviceManufacturerIdentifier').filled(:str?, :hex?)
 
-      required(:paymentDataType).filled(:str?, included_in?: ['3DSecure', 'EMV'])
+      required('paymentDataType').filled(:str?, included_in?: %w[3DSecure EMV])
 
-      required(:paymentData).schema do
-        optional(:onlinePaymentCryptogram).filled(:str?, :base64?)
-        optional(:eciIndicator).filled(:str?)
+      required('paymentData').schema do
+        optional('onlinePaymentCryptogram').filled(:str?, :base64?)
+        optional('eciIndicator').filled(:str?, :eci?)
 
-        optional(:emvData).filled(:str?, :base64?)
-        optional(:encryptedPINData).filled(:str?, :hex?)
+        optional('emvData').filled(:str?, :base64?)
+        optional('encryptedPINData').filled(:str?, :hex?)
       end
 
-      rule('consistent paymentDataType and paymentData': [:paymentDataType, [:paymentData, :onlinePaymentCryptogram]]) do |t, cryptogram|
+      rule('paymentDataType affects paymentData': [:paymentDataType, [:paymentData, :onlinePaymentCryptogram]]) do |t, cryptogram|
         t.eql?('3DSecure') > cryptogram.filled?
       end
     end
 
-    # Pedicel::Validator::TokenDataSchema.call(
-    #   applicationPrimaryAccountNumber: '1234567890123',
-    #   applicationExpirationDate: '101112',
-    #   currencyCode: '123',
-    #   transactionAmount: 12.34,
-    #   cardholderName: 'asdf',
-    #   deviceManufacturerIdentifier: 'adsf',
-    #   paymentDataType: 'asdf',
-    # )
-
-    def self.validate_token(token, now: Time.now)
+    def self.validate_token(token)
       validation = TokenSchema.call(token)
 
-      raise TokenFormatError, validation.hints.map{|key,msg| "#{key} #{msg}"}.join(', and ') unless validation.errors.empty?
+      raise TokenFormatError, format_errors(validation) if validation.failure?
 
       true
     end
 
-    def self.valid_token?(token, now: Time.now)
-      validate_token(token, now: now) rescue false
+    def self.valid_token?(token)
+      validate_token(token)
+    rescue TokenFormatError
+      false
     end
 
     def self.validate_token_data(token_data)
       validation = TokenDataSchema.call(token_data)
 
-      raise TokenDataFormatError, validation.hints.map{|key,msg| "#{key} #{msg}"}.join(', and ') unless validation.errors.empty?
+      raise TokenDataFormatError, format_errors(validation) if validation.failure?
 
       true
     end
 
     def self.valid_token_data?(token_data)
-      validate_token_data(token_data) rescue false
+      validate_token_data(token_data)
+    rescue TokenDataFormatError
+      false
     end
 
-    def validate_content(now: Time.now)
-      raise ReplayAttackError, "token signature time indicates a replay attack (age #{now-cms_signing_time})" unless signing_time_ok?(now: now)
-
-      raise SignatureError unless valid_signature?
+    def self.format_errors(validation)
+      validation.errors.map{|key, msg| "#{key}: #{msg}"}.join('; ')
     end
   end
 end

data/lib/pedicel/version.rb

@@ -1,3 +1,3 @@
 module Pedicel
-  VERSION = '0.0.2'
+  VERSION = '0.0.4'.freeze
 end

data/lib/pedicel.rb

@@ -9,38 +9,32 @@ module Pedicel
   class VersionError < Error; end
   class CertificateError < Error; end
   class EcKeyError < Error; end
+  class AesKeyError < Error; end
 
-  DEFAULTS = {
-    oids: {
-      intermediate_certificate:  '1.2.840.113635.100.6.2.14',
-      leaf_certificate:          '1.2.840.113635.100.6.29',
-      merchant_identifier_field: '1.2.840.113635.100.6.32',
-    },
-    replay_threshold_seconds: 3*60,
-    apple_root_ca_g3_cert_pem: <<~PEM
-      -----BEGIN CERTIFICATE-----
-      MIICQzCCAcmgAwIBAgIILcX8iNLFS5UwCgYIKoZIzj0EAwMwZzEbMBkGA1UEAwwS
-      QXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9u
-      IEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcN
-      MTQwNDMwMTgxOTA2WhcNMzkwNDMwMTgxOTA2WjBnMRswGQYDVQQDDBJBcHBsZSBS
-      b290IENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9y
-      aXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzB2MBAGByqGSM49
-      AgEGBSuBBAAiA2IABJjpLz1AcqTtkyJygRMc3RCV8cWjTnHcFBbZDuWmBSp3ZHtf
-      TjjTuxxEtX/1H7YyYl3J6YRbTzBPEVoA/VhYDKX1DyxNB0cTddqXl5dvMVztK517
-      IDvYuVTZXpmkOlEKMaNCMEAwHQYDVR0OBBYEFLuw3qFYM4iapIqZ3r6966/ayySr
-      MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gA
-      MGUCMQCD6cHEFl4aXTQY2e3v9GwOAEZLuN+yRhHFD/3meoyhpmvOwgPUnPWTxnS4
-      at+qIxUCMG1mihDK1A3UT82NQz60imOlM27jbdoXt2QfyFMm+YhidDkLF1vLUagM
-      6BgD56KyKA==
-      -----END CERTIFICATE-----
-    PEM
-  }
+  APPLE_ROOT_CA_G3_CERT_PEM = <<~PEM
+    -----BEGIN CERTIFICATE-----
+    MIICQzCCAcmgAwIBAgIILcX8iNLFS5UwCgYIKoZIzj0EAwMwZzEbMBkGA1UEAwwS
+    QXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9u
+    IEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcN
+    MTQwNDMwMTgxOTA2WhcNMzkwNDMwMTgxOTA2WjBnMRswGQYDVQQDDBJBcHBsZSBS
+    b290IENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9y
+    aXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzB2MBAGByqGSM49
+    AgEGBSuBBAAiA2IABJjpLz1AcqTtkyJygRMc3RCV8cWjTnHcFBbZDuWmBSp3ZHtf
+    TjjTuxxEtX/1H7YyYl3J6YRbTzBPEVoA/VhYDKX1DyxNB0cTddqXl5dvMVztK517
+    IDvYuVTZXpmkOlEKMaNCMEAwHQYDVR0OBBYEFLuw3qFYM4iapIqZ3r6966/ayySr
+    MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gA
+    MGUCMQCD6cHEFl4aXTQY2e3v9GwOAEZLuN+yRhHFD/3meoyhpmvOwgPUnPWTxnS4
+    at+qIxUCMG1mihDK1A3UT82NQz60imOlM27jbdoXt2QfyFMm+YhidDkLF1vLUagM
+    6BgD56KyKA==
+    -----END CERTIFICATE-----
+  PEM
+  APPLE_ROOT_CA_G3_CERT_PEM.freeze
 
-  def self.config
-    @@config ||= DEFAULTS
-  end
-
-  def self.config=(other)
-    @@config = other
-  end
+  DEFAULT_CONFIG = {
+    oid_intermediate_certificate:  '1.2.840.113635.100.6.2.14',
+    oid_leaf_certificate:          '1.2.840.113635.100.6.29',
+    oid_merchant_identifier_field: '1.2.840.113635.100.6.32',
+    replay_threshold_seconds: 3 * 60,
+    trusted_ca_pem: APPLE_ROOT_CA_G3_CERT_PEM,
+  }.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pedicel
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.4
 platform: ruby
 authors:
 - Clearhaus
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-27 00:00:00.000000000 Z
+date: 2018-06-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-validation
@@ -24,6 +24,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.11.1
+- !ruby/object:Gem::Dependency
+  name: aes256gcm_decrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -39,19 +67,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.7'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: pedicel-pay
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.11'
+        version: '0.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.11'
+        version: '0.0'
 description: 
 email: hello@clearhaus.com
 executables: []
@@ -64,7 +92,7 @@ files:
 - lib/pedicel/rsa.rb
 - lib/pedicel/validator.rb
 - lib/pedicel/version.rb
-homepage: https://github.com/clearhaus/pedicel-pay
+homepage: https://github.com/clearhaus/pedicel
 licenses:
 - MIT
 metadata: {}
@@ -76,7 +104,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - "~>"
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -84,8 +112,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.7.4
 signing_key: 
 specification_version: 4
-summary: Backend and client part of Apple Pay
+summary: Decryption of Apple Pay payment tokens
 test_files: []