RubyGems - pedicel - Versions diffs - 0.1.0 → 1.0.1 - Mend

pedicel 0.1.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 74bf3607219c5927eb2c3409abb203f3e8db743ee8d7e264f10b5c801fc8fde3
-  data.tar.gz: a1bc91e194a468eed00e996af0b149d784a801f3fa8608129696af26d1fc34bd
+  metadata.gz: 8effeb35a7193cf9470319b3666b17a7105e3abb94d404882ce5ca705feca4b3
+  data.tar.gz: 9586a185c9dd0c0ea2faeea433f938507391cc91c20e7000c1b1a60f47b70e52
 SHA512:
-  metadata.gz: dd75b505a0eefefba6fa101e6fcd65e5274b495871a602f3f7b308df34a58ca9b10855b090344256658379c330e76a1658f002aa00e46c55bbe14f15c5f12087
-  data.tar.gz: c3cf9f84d1e0fb73bfe0241a305c9bec64a5e75f84ea4c42a95303c88873de3eadd0890d511ca6a3cf45dfc20897b87ecb6981d74f70c5122d3342aa2a1df275
+  metadata.gz: f3ae4d8a50ec94b2f217a19c63aeeeeab150296d85b7716fe3b2ef2721839059eeb14c69e42c5f503f84f4662dec72e7b7e19292c40ccc2d7ef48eccf84a64fb
+  data.tar.gz: '091465c0bcdba0987a5cae1df961ae68f0c0f406278187072a9d7d980c2e20e51b419cd501924d96adfb4448917deaa5343465d69168d8fa0d80330ba1e23442'

data/lib/pedicel/ec.rb CHANGED Viewed

@@ -3,6 +3,8 @@ require 'pedicel/base'
 module Pedicel
   class EC < Base
     def ephemeral_public_key
+      @token[:header].transform_keys!(&:to_sym)
       Base64.decode64(@token[:header][:ephemeralPublicKey])
     end

data/lib/pedicel/validator.rb CHANGED Viewed

@@ -1,4 +1,6 @@
-require 'dry-validation'
+require 'dry/validation'
+require 'dry/schema'
+require 'dry/logic'
 require 'base64'
 require 'openssl'
@@ -8,140 +10,275 @@ module Pedicel
   # https://developer.apple.com/library/content/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html
   # This purposefully only does syntactic validation (as opposed to semantic).
   module Validator
+    CUSTOM_ERRORS = {
+      is_base64:          'must be Base64',
+      is_hex:             'must be hex',
+      is_pan:             'must be a pan',
+      is_yymmdd:          'must be formatted YYMMDD',
+      is_ec_public_key:   'must be an EC public key',
+      is_pkcs7_signature: 'must be a PKCS7 Signature',
+      is_eci:             'must be an ECI',
+      is_hex_sha256:      'must be a hex-encoded SHA-256',
+      is_base64_sha256:   'must be a Base64-encoded SHA-256',
+      is_iso4217_numeric: 'must be an ISO 4217 numeric code',
+    }.freeze
+    Dry::Validation.register_macro(:is_hex) do
+      if key?
+        unless /\A[a-f0-9]*\z/i.match?(value)
+          key.failure(CUSTOM_ERRORS[:is_hex])
+        end
+      end
+    end
-    module Predicates
-      include Dry::Logic::Predicates
-      CUSTOM_PREDICATE_ERRORS = {
-        base64?:          'must be Base64',
-        hex?:             'must be hex',
-        pan?:             'must be a pan',
-        yymmdd?:          'must be formatted YYMMDD',
-        ec_public_key?:   'must be an EC public key',
-        pkcs7_signature?: 'must be a PKCS7 Signature',
-        eci?:             'must be an ECI',
-        hex_sha256?:      'must be a hex-encoded SHA-256',
-        base64_sha256?:   'must be a Base64-encoded SHA-256',
-        iso4217_numeric?: 'must be an ISO 4217 numeric code',
-      }.freeze
+    Dry::Validation.register_macro(:is_hex_sha256) do
+      if key?
+        unless :is_hex && value.length == 64
+          key.failure(CUSTOM_ERRORS[:is_hex_sha256])
+        end
+      end
+    end
-      # Support Ruby 2.3, but use the faster #match? when available.
-      match_b = String.new.respond_to?(:match?) ? ->(s, re) { s.match?(re) } : ->(s, re) { !!(s =~ re) }
+    Dry::Validation.register_macro(:is_base64) do
+      if key?
+        unless /\A[=A-Za-z0-9+\/]*\z/.match?(value) &&
+               value.length.remainder(4).zero? &&
+               !/=[^$=]/.match?(value) &&
+               !/===/.match?(value)
+          key.failure(CUSTOM_ERRORS[:is_base64])
+        end
+      end
+    end
-      predicate(:base64?) do |x|
-        str?(x) &&
-          match_b.(x, /\A[=A-Za-z0-9+\/]*\z/) && # allowable chars
-          x.length.remainder(4).zero? && # multiple of 4
-          !match_b.(x, /=[^$=]/) && # may only end with ='s
-          !match_b.(x, /===/) # at most 2 ='s
+    Dry::Validation.register_macro(:is_base64_sha256) do
+      if key?
+        unless :is_base64 && Base64.decode64(value).length == 32
+          key.failure(CUSTOM_ERRORS[:is_base64_sha256])
+        end
       end
+    end
-      # We should figure out how strict we should be. Hopefully we can discard
-      # the above Base64? predicate and use the following simpler one:
-      #predicate(:strict_base64?) { |x| !!Base64.strict_decode64(x) rescue false }
+    Dry::Validation.register_macro(:is_ec_public_key) do
+      if key?
+        ec = lambda {OpenSSL::PKey::EC.new(Base64.decode64(value)).check_key rescue false}.()
+        unless :is_base64 && ec
+          key.failure(CUSTOM_ERRORS[:is_ec_public_key])
+        end
+      end
+    end
-      predicate(:base64_sha256?) { |x| base64?(x) && Base64.decode64(x).length == 32 }
+    Dry::Validation.register_macro(:is_pkcs7_signature) do
+      if key?
+        pkcs7 = lambda {!!OpenSSL::PKCS7.new(Base64.decode64(value)) rescue false}.()
+        unless :is_base64 && pkcs7
+          key.failure(CUSTOM_ERRORS[:is_pkcs7_signature])
+        end
+      end
+    end
-      predicate(:hex?) { |x| str?(x) && match_b.(x, /\A[a-f0-9]*\z/i) }
+    Dry::Validation.register_macro(:is_eci) do
+      if key?
+        unless  /\A\d{1,2}\z/.match?(value)
+          key.failure(CUSTOM_ERRORS[:is_eci])
+        end
+      end
+    end
-      predicate(:hex_sha256?) { |x| hex?(x) && x.length == 64 }
+    Dry::Validation.register_macro(:is_pan) do
+      if key?
+        unless  /\A[1-9][0-9]{11,18}\z/.match?(value)
+          key.failure(CUSTOM_ERRORS[:is_pan])
+        end
+      end
+    end
-      predicate(:pan?) { |x| str?(x) && match_b.(x, /\A[1-9][0-9]{11,18}\z/) }
+    Dry::Validation.register_macro(:is_yymmdd) do
+      if key?
+        unless  /\A\d{6}\z/.match?(value)
+          key.failure(CUSTOM_ERRORS[:is_yymmdd])
+        end
+      end
+    end
-      predicate(:yymmdd?) { |x| str?(x) && match_b.(x, /\A\d{6}\z/) }
+    Dry::Validation.register_macro(:is_iso4217_numeric) do
+      if key?
+        unless  /\A[0-9]{3}\z/.match?(value.rjust(3, "0"))
+          key.failure(CUSTOM_ERRORS[:is_iso4217_numeric])
+        end
+      end
+    end
-      predicate(:eci?) { |x| str?(x) && match_b.(x, /\A\d{1,2}\z/) }
+    class TokenHeaderContract < Dry::Validation::Contract
+      json do
+        optional(:applicationData).filled(:str?)
-      predicate(:ec_public_key?) { |x| base64?(x) && OpenSSL::PKey::EC.new(Base64.decode64(x)).check_key rescue false }
+        optional(:ephemeralPublicKey).filled(:str?)
-      predicate(:pkcs7_signature?) { |x| base64?(x) && !!OpenSSL::PKCS7.new(Base64.decode64(x)) rescue false }
+        optional(:wrappedKey).filled(:str?)
-      predicate(:iso4217_numeric?) { |x| match_b.(x, /\A[0-9]{3}\z/) }
-    end
-    class BaseSchema < Dry::Validation::Schema::JSON
-      predicates(Predicates)
-      def self.messages
-        super.merge(en: { errors: Predicates::CUSTOM_PREDICATE_ERRORS })
+        required(:publicKeyHash).filled(:str?)
+        required(:transactionId).filled(:str?)
+      end
+      rule(:applicationData).validate(:is_hex, :is_hex_sha256)
+      rule(:ephemeralPublicKey).validate(:is_base64, :is_ec_public_key)
+      rule(:publicKeyHash).validate(:is_base64, :is_base64_sha256)
+      rule(:wrappedKey).validate(:is_base64)
+      rule(:transactionId).validate(:is_hex)
+      rule(:ephemeralPublicKey, :wrappedKey) do
+        key.failure('ephemeralPublicKey xor wrappedKey') unless values[:ephemeralPublicKey].nil? ^ values[:wrappedKey].nil?
       end
     end
-    TokenHeaderSchema = Dry::Validation.Schema(BaseSchema) do
-      optional(:applicationData).filled(:str?, :hex?, :hex_sha256?)
+    TokenHeaderSchema = TokenHeaderContract.new
-      optional(:ephemeralPublicKey).filled(:str?, :base64?, :ec_public_key?)
+    class TokenContract < Dry::Validation::Contract
+      json do
+        required(:data).filled(:str?)
-      optional(:wrappedKey).filled(:str?, :base64?)
+        required(:header).hash(TokenHeaderContract.schema)
-      rule('ephemeralPublicKey xor wrappedKey': [:ephemeralPublicKey, :wrappedKey]) do |e, w|
-        e.filled? ^ w.filled?
-      end
+        required(:signature).filled(:str?)
-      required(:publicKeyHash).filled(:str?, :base64?, :base64_sha256?)
+        required(:version).filled(:str?, included_in?: %w[EC_v1 RSA_v1])
-      required(:transactionId).filled(:str?, :hex?)
+      end
+      rule(:data).validate(:is_base64)
+      rule(:signature).validate(:is_base64, :is_pkcs7_signature)
     end
-    TokenSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:data).filled(:str?, :base64?)
+    TokenSchema = TokenContract.new
-      required(:header).schema(TokenHeaderSchema)
+    class TokenDataPaymentDataContract < Dry::Validation::Contract
+      json do
+        optional(:onlinePaymentCryptogram).filled(:str?)
+        optional(:eciIndicator).filled(:str?)
-      required(:signature).filled(:str?, :base64?, :pkcs7_signature?)
+        optional(:emvData).filled(:str?)
+        optional(:encryptedPINData).filled(:str?)
+      end
+      rule(:onlinePaymentCryptogram).validate(:is_base64)
+      rule(:eciIndicator).validate(:is_eci)
-      required(:version).filled(:str?, included_in?: %w[EC_v1 RSA_v1])
+      rule(:emvData).validate(:is_base64)
+      rule(:encryptedPINData).validate(:is_hex)
     end
-    TokenDataPaymentDataSchema = Dry::Validation.Schema(BaseSchema) do
-      optional(:onlinePaymentCryptogram).filled(:str?, :base64?)
-      optional(:eciIndicator).filled(:str?, :eci?)
+    TokenDataPaymentDataSchema = TokenDataPaymentDataContract.new
-      optional(:emvData).filled(:str?, :base64?)
-      optional(:encryptedPINData).filled(:str?, :hex?)
-    end
+    class TokenDataContract < Dry::Validation::Contract
+      json do
+        required(:applicationPrimaryAccountNumber).filled(:str?)
+        required(:applicationExpirationDate).filled(:str?)
-    TokenDataSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:applicationPrimaryAccountNumber).filled(:str?, :pan?)
+        required(:currencyCode).filled(:str?)
-      required(:applicationExpirationDate).filled(:str?, :yymmdd?)
+        required(:transactionAmount).filled(:int?)
-      required(:currencyCode).filled(:str?, :iso4217_numeric?)
+        optional(:cardholderName).filled(:str?)
-      required(:transactionAmount).filled(:int?)
+        required(:deviceManufacturerIdentifier).filled(:str?)
-      optional(:cardholderName).filled(:str?)
+        required(:paymentDataType).filled(:str?, included_in?: %w[3DSecure EMV])
-      required(:deviceManufacturerIdentifier).filled(:str?, :hex?)
+        required(:paymentData).hash(TokenDataPaymentDataContract.schema)
+      end
+      rule(:applicationPrimaryAccountNumber).validate(:is_pan)
-      required(:paymentDataType).filled(:str?, included_in?: %w[3DSecure EMV])
+      rule(:applicationExpirationDate).validate(:is_yymmdd)
-      required(:paymentData).schema(TokenDataPaymentDataSchema)
+      rule(:currencyCode).validate(:is_iso4217_numeric)
-      rule('when paymentDataType is 3DSecure, onlinePaymentCryptogram': [:paymentDataType, [:paymentData, :onlinePaymentCryptogram]]) do |type, cryptogram|
-        type.eql?('3DSecure') > cryptogram.filled?
-      end
-      rule('when paymentDataType is 3DSecure, emvData': [:paymentDataType, [:paymentData, :emvData]]) do |type, emv|
-        type.eql?('3DSecure') > emv.none?
+      rule(:deviceManufacturerIdentifier).validate(:is_hex)
+      rule(:paymentDataType, paymentData: :onlinePaymentCryptogram) do
+        # rule('when paymentDataType is 3DSecure, onlinePaymentCryptogram': [:paymentDataType, [:paymentData, :onlinePaymentCryptogram]]) do |type, cryptogram|
+        #   type can only be 3DSecure if cryptogram is filled
+        #   type.eql?('3DSecure') > cryptogram.filled?
+        # end
+        if values[:paymentDataType].eql?('3DSecure')
+          key.failure('when paymentDataType is 3DSecure, onlinePaymentCryptogram must be filled') unless
+            values[:paymentData] && values[:paymentData][:onlinePaymentCryptogram]
+        end
       end
-      rule('when paymentDataType is 3DSecure, encryptedPINData': [:paymentDataType, [:paymentData, :encryptedPINData]]) do |type, pin|
-        type.eql?('3DSecure') > pin.none?
+      rule(:paymentDataType, paymentData: :emvData) do
+        # type can only be 3DSecure if emvData is empty
+        # old rule:
+        # rule('when paymentDataType is 3DSecure, emvData': [:paymentDataType, [:paymentData, :emvData]]) do |type, emv|
+        #   type.eql?('3DSecure') > emv.none?
+        # end
+        if values[:paymentDataType].eql?('3DSecure')
+          key.failure('when paymentDataType is 3DSecure, emvData cannot be defined') unless
+            values[:paymentData] && values[:paymentData][:emvData].nil?
+        end
       end
-      rule('when paymentDataType is EMV, onlinePaymentCryptogram': [:paymentDataType, [:paymentData, :onlinePaymentCryptogram]]) do |type, cryptogram|
-        type.eql?('EMV') > cryptogram.none?
+      rule(:paymentDataType, paymentData: :encryptedPINData) do
+        # type can only be 3DSecure if emvData is empty
+        # old rule:
+        # rule('when paymentDataType is 3DSecure, encryptedPINData': [:paymentDataType, [:paymentData, :encryptedPINData]]) do |type, pin|
+        #   type.eql?('3DSecure') > pin.none?
+        # end
+        if values[:paymentDataType].eql?('3DSecure')
+          key.failure('when paymentDataType is 3DSecure, encryptedPINData cannot be defined') unless
+            values[:paymentData] && values[:paymentData][:encryptedPINData].nil?
+        end
       end
-      rule('when paymentDataType is EMV, eciIndicator': [:paymentDataType, [:paymentData, :eciIndicator]]) do |type, eci|
-        type.eql?('EMV') > eci.none?
+      rule(:paymentDataType, paymentData: :onlinePaymentCryptogram) do
+        # type can only be 3DSecure if emvData is empty
+        # old rule:
+        # rule('when paymentDataType is EMV, onlinePaymentCryptogram': [:paymentDataType, [:paymentData, :onlinePaymentCryptogram]]) do |type, cryptogram|
+        #   type.eql?('EMV') > cryptogram.none?
+        # end
+        if values[:paymentDataType].eql?('EMV')
+          key.failure('when paymentDataType is EMV, onlinePaymentCryptogram cannot be defined') unless
+            values[:paymentData] && values[:paymentData][:onlinePaymentCryptogram].nil?
+        end
       end
-      rule('when paymentDataType is EMV, emvData': [:paymentDataType, [:paymentData, :emvData]]) do |type, emv|
-        type.eql?('EMV') > emv.filled?
+      rule(:paymentDataType, paymentData: :eciIndicator) do
+        # type can only be 3DSecure if emvData is empty
+        # old rule:
+        # rule('when paymentDataType is EMV, eciIndicator': [:paymentDataType, [:paymentData, :eciIndicator]]) do |type, eci|
+        #   type.eql?('EMV') > eci.none?
+        # end
+        if values[:paymentDataType].eql?('EMV')
+          key.failure('when paymentDataType is EMV, eciIndicator cannot be defined') unless
+            values[:paymentData] && values[:paymentData][:eciIndicator].nil?
+        end
       end
-      rule('when paymentDataType is EMV, encryptedPINData': [:paymentDataType, [:paymentData, :encryptedPINData]]) do |type, pin|
-        type.eql?('EMV') > pin.filled?
+      rule(:paymentDataType, paymentData: :emvData) do
+        # type can only be 3DSecure if emvData is empty
+        # old rule:
+        # rule('when paymentDataType is EMV, emvData': [:paymentDataType, [:paymentData, :emvData]]) do |type, emv|
+        #   type.eql?('EMV') > emv.filled?
+        # end
+        if values[:paymentDataType].eql?('EMV')
+          key.failure('when paymentDataType is EMV, emvData must be filled') unless
+            values[:paymentData] && values[:paymentData][:emvData]
+        end
       end
+      rule(:paymentDataType, paymentData: :encryptedPINData) do
+        # type can only be 3DSecure if emvData is empty
+        # old rule:
+        # rule('when paymentDataType is EMV, encryptedPINData': [:paymentDataType, [:paymentData, :encryptedPINData]]) do |type, pin|
+        #   type.eql?('EMV') > pin.filled?
+        # end
+        if values[:paymentDataType].eql?('EMV')
+          key.failure('when paymentDataType is EMV, encryptedPINData must be filled') unless
+            values[:paymentData] && values[:paymentData][:encryptedPINData]
+        end
+      end
     end
+    TokenDataSchema = TokenDataContract.new
     class Error < StandardError; end
     module InstanceMethods
@@ -150,11 +287,11 @@ module Pedicel
       def validate
         @validation ||= @schema.call(@input)
-        @output = @validation.output
+        @output = @validation.to_h
         return true if @validation.success?
-        raise Error, "validation error: #{@validation.errors.keys.join(', ')}"
+        raise Error, "validation error: #{@validation.errors.to_h.keys.join(', ')}"
       end
       def valid?
@@ -166,7 +303,7 @@ module Pedicel
       def errors
         valid? unless @validation
-        @validation.errors
+        @validation.errors.to_h.sort
       end
       def errors_formatted(node = [errors])

data/lib/pedicel/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Pedicel
-  VERSION = '0.1.0'.freeze
+  VERSION = '1.0.1'.freeze
 end

metadata CHANGED Viewed

@@ -1,29 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: pedicel
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Clearhaus
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-11-17 00:00:00.000000000 Z
+date: 2023-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-validation
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: dry-schema
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.11.1
+        version: '1.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.11.1
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: dry-logic
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -66,6 +94,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
 description:
 email: hello@clearhaus.com
 executables: []
@@ -90,14 +132,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - "~>"
     - !ruby/object:Gem::Version
-      version: 2.5.5
+      version: 2.7.4
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Decryption of Apple Pay payment tokens