pedicel 0.0.5 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 67d155d5766564d4ca2580589ca57cacb94415eb7b7b3bfa9eefe01d6b30e270
-  data.tar.gz: a384e5e0b28d9aaa8d51fbe80dfe532efd4adfaa27ce44995306385ae0b7363f
+  metadata.gz: 004d5f107ed691aa9edd17fc47ab18dc9c795e67b911cf5667ccd73708b7381e
+  data.tar.gz: 1c42781d776de29f26364109556cfb0836fa10b42b54374675330b941ecf0298
 SHA512:
-  metadata.gz: fda0a0d5b14ddf620e42523352b5ced7c6725d03b1a6d6af12677220e42ca979188fd3049602bc0946d2f456572f8e8c92681a42b8a28cd353834e397f06192f
-  data.tar.gz: 40b85a602bd41992fb8ddf8e147dac5668422b9148319ff4d8885eb7a825498a0ef638a73655453a08079f2d66426be3b13333cfa7721c0bd1e8bd3241b5bbf8
+  metadata.gz: 9d4cc8d8715e4c06d8eeb5ef4b90205a450ed8bd7c8b697faf4cd5a2742f747faab2f064e5b774846b388800b1b42e82f5ce44e6e84b22ee3c1a1c85fd43e19d
+  data.tar.gz: 312c53ec2fdd15ec88431634c34b521302e83ab12d4e2ca24f6feb38f4c84f67d4dc75912f58770f654b40212d10dc4e62db943112e5b675dfd247c212be1417

data/lib/pedicel/base.rb

@@ -196,30 +196,21 @@ module Pedicel
     end
 
     def self.verify_x509_chain(root:, intermediate:, leaf:)
-      store = OpenSSL::X509::Store.new.add_cert(root)
+      # Specifically, ensure that the signature was created using the private
+      # key corresponding to the leaf certificate, that the leaf certificate is
+      # signed by the intermediate CA, and that the intermediate CA is signed by
+      # the Apple Root CA - G3.
 
-      unless store.verify(root)
-        raise SignatureError, "invalid chain due to root: #{store.error_string}"
+      unless root.verify(root.public_key)
+        raise SignatureError, 'invalid chain due to root'
       end
 
-      unless store.verify(intermediate)
-        raise SignatureError, "invalid chain due to intermediate: #{store.error_string}"
+      unless intermediate.verify(root.public_key)
+        raise SignatureError, 'invalid chain due to intermediate'
       end
 
-      begin
-        store.add_cert(intermediate)
-      rescue OpenSSL::X509::StoreError
-        raise SignatureError, "invalid chain due to intermediate"
-      end
-
-      begin
-        store.add_cert(leaf)
-      rescue OpenSSL::X509::StoreError
-        raise SignatureError, "invalid chain due to leaf"
-      end
-
-      unless store.verify(leaf)
-        raise SignatureError, "invalid chain due to leaf: #{store.error_string}"
+      unless leaf.verify(intermediate.public_key)
+        raise SignatureError, 'invalid chain due to leaf'
       end
 
       true

data/lib/pedicel/validator.rb

@@ -50,7 +50,7 @@ module Pedicel
 
       predicate(:yymmdd?) { |x| str?(x) && match_b.(x, /\A\d{6}\z/) }
 
-      predicate(:eci?) { |x| str?(x) && match_b.(x, /\A\d{2}\z/) }
+      predicate(:eci?) { |x| str?(x) && match_b.(x, /\A\d{1,2}\z/) }
 
       predicate(:ec_public_key?) { |x| base64?(x) && OpenSSL::PKey::EC.new(Base64.decode64(x)).check_key rescue false }
 
@@ -168,6 +168,16 @@ module Pedicel
 
         @validation.errors
       end
+
+      def errors_formatted(node = [errors])
+        node.pop.flat_map do |key, value|
+          if value.is_a?(Array)
+            value.map { |error| "#{(node + [key]).join('.')} #{error}" }
+          else
+            errors_formatted(node + [key, value])
+          end
+        end
+      end
     end
 
     class Token

data/lib/pedicel/version.rb

@@ -1,3 +1,3 @@
 module Pedicel
-  VERSION = '0.0.5'.freeze
+  VERSION = '0.0.6'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pedicel
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.6
 platform: ruby
 authors:
 - Clearhaus
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-28 00:00:00.000000000 Z
+date: 2018-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-validation
@@ -112,7 +112,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.4
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: Decryption of Apple Pay payment tokens