sberbank-acquiring 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7f8468504447448f4c59173b580560f9a320ead9
-  data.tar.gz: 1eb948165621a4bb2cf43e426243b8366f1d7694
+  metadata.gz: ccbf57e377afcb8ff803721cd4babfa79b4d65a2
+  data.tar.gz: 53e128c622fcb4b1d251c9f5a68dba55cb0e5a47
 SHA512:
-  metadata.gz: 445a28f80ae3fc93ff514e89ff9720dbd8539705b338638c09e83977fa826ded919a303f38d19bc78ad0e978363160ca4b915b2b3caaae0e752afc10baf340b7
-  data.tar.gz: b720936ba81b9e777da382c4fa2bbbc3db768a02af4e819c7595fae38c5a8792fb15c7cc1b175bfc0858abac0b9a3d2370741dbbb652a1ca9fe2331c19c0d525
+  metadata.gz: d663c70963ef9ee8d7ac1876957b2e771da19b5b07c75a4ba3e59ed4b943b3e6c451298a179a684b6aa8a9ee6ce703a9523b80b5ce44991ca91ec9dc7f810afe
+  data.tar.gz: b1e55b21521a2c4a5f29fa75718047132d16c365f0b49aa6d707ab1756852227fcb88ce4d111442d67797327aa5a04fbfab38290ea25dbdab81dadc1ea49d26e

data/.travis.yml

@@ -9,3 +9,4 @@ rvm:
   - 2.6.0
   - jruby
 before_install: gem install bundler -v 1.16.2
+cache: bundler

data/CHANGELOG.md

@@ -0,0 +1,17 @@
+# Changelog
+
+## 0.2.0 - 2019-01-27
+### Added
+- Changelog
+- Asymmetric key request checksum validation
+- `AbstractChecksumValidator`
+
+### Changed
+- Inherited `SymmetricKeyChecksumValidator` and `AsymmetricKeyChecksumValidator` from `AbstractChecksumValidator`
+
+## 0.1.0 - 2018-12-10
+### Added
+- Running key (documented) requests against remote API
+- Running any requests against remote API
+- Symmetric key request checksum validation
+- Test and Production environments support

data/README.md

@@ -1,18 +1,23 @@
-# Sberbank::Acquiring
+# 💳 Sberbank::Acquiring
 
 [![Build Status](https://travis-ci.org/panasyuk/sberbank-acquiring.svg?branch=master)](https://travis-ci.org/panasyuk/sberbank-acquiring)
 
+🔻Ruby Version 2.1 - 2.6 (+ JRuby)
+🎈Никаких сторонних зависимостей
+
 ## Описание
 
 GEM sberbank-acquiring предоставляет функциональность для взаимодействия с API эквайринга банка Сбербанк. Он использует RESTful API эквайринга Сбербанка.
 
-Перед тем, как приступить к использованию этого гема, автор настоятельно рекомендует (хотя бы бегло) ознакомиться с официальной [документацией к JSON API эквайринга Сбербанка](https://securepayments.sberbank.ru/wiki/doku.php/integration:api:start), а так же [Wiki](https://github.com/panasyuk/sberbank-acquiring/wiki), кому интересно
+Перед тем, как приступить к использованию этого гема, автор настоятельно рекомендует (хотя бы бегло) ознакомиться с официальной [документацией к JSON API эквайринга Сбербанка](https://securepayments.sberbank.ru/wiki/doku.php/integration:api:start#%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81_rest), а так же [Wiki](https://github.com/panasyuk/sberbank-acquiring/wiki), кому интересно
 
 ## Установка
 
 ```ruby
 # Gemfile
 gem 'sberbank-acquiring', github: 'panasyuk/sberbank-acquiring'
+# или
+gem 'sberbank-acquiring', '~> 0.1.0'
 ```
 
 ## Использование
@@ -162,12 +167,29 @@ API эквайринга Сбербанка поддерживает два ви
 
 ```ruby
 # params = {}
-symmetric_key = '20546026a3675994185a132875efe41a'
+key = '20546026a3675994185a132875efe41a'
+
+callback_params = params.dup
+checksum = callback_params.delete('checksum')
+
+validator = Sberbank::Acquiring::SymmetricKeyChecksumValidator.new(key)
+if validator.validate(checksum, callback_params)
+  # запрос успешно прошел валидацию, контрольная сумма верна
+else
+  # запрос не может быть обработан, так как контрольная сумма неверна
+end
+```
+
+#### Асимметричный ключ
+
+```ruby
+# params = {}
+pem = File.read('< путь до файла сертификата >')
 
 callback_params = params.dup
 checksum = callback_params.delete('checksum')
 
-validator = Sberbank::Acquiring::SymmetricKeyChecksumValidator.new(symmetric_key)
+validator = Sberbank::Acquiring::AsymmetricKeyChecksumValidator.new(pem)
 if validator.validate(checksum, callback_params)
   # запрос успешно прошел валидацию, контрольная сумма верна
 else
@@ -181,9 +203,7 @@ end
 
 ## TODO
 
-1. Добавить проверку Callback-уведомлений для асимметричного ключа
-2. v0.1.0
-3. Добавить API для того чтобы сделать удобнее отправку заказов по ФФД 1.05. Примерный API:
+1. Добавить API для того чтобы сделать удобнее отправку заказов по ФФД 1.05. Примерный API:
 ```ruby
 sberbank_order = SBRF::Acquiring::Order.new(
   number: 'order#1',

data/lib/sberbank/acquiring/abstract_checksum_validator.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Sberbank
+  module Acquiring
+    class AbstractChecksumValidator
+      def initialize(key, digest = digest_class.new)
+        @key = key
+        @digest = digest
+      end
+
+      def validate(checksum, params)
+        raise NotImplementedError
+      end
+
+      private
+
+      def digest_class
+        OpenSSL::Digest::SHA256
+      end
+
+      def generate_digest_data(params)
+        params.
+          keys.
+          sort { |a, b| a.to_s <=> b.to_s }.
+          map { |param_key| "#{param_key};#{params[param_key]};" }.
+          join
+      end
+    end
+  end
+end

data/lib/sberbank/acquiring/asymmetric_key_checksum_validator.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Sberbank
+  module Acquiring
+    class AsymmetricKeyChecksumValidator < AbstractChecksumValidator
+      def validate(checksum, params = {})
+        certificate.public_key.verify(
+          @digest,
+          [checksum].pack('H*'),
+          generate_digest_data(params)
+        )
+      end
+
+      private
+
+      def certificate
+        @certificate ||= OpenSSL::X509::Certificate.new(@key)
+      end
+
+      def digest_class
+        OpenSSL::Digest::SHA512
+      end
+    end
+  end
+end

data/lib/sberbank/acquiring/symmetric_key_checksum_validator.rb

@@ -1,17 +1,8 @@
 # frozen_string_literal: true
 
-require 'openssl'
-
 module Sberbank
   module Acquiring
-    class SymmetricKeyChecksumValidator
-      DIGEST_CLASS = OpenSSL::Digest::SHA256
-
-      def initialize(key, digest = DIGEST_CLASS.new)
-        @key = key
-        @digest = digest
-      end
-
+    class SymmetricKeyChecksumValidator < AbstractChecksumValidator
       def validate(checksum, params = {})
         checksum == calculate_checksum(generate_digest_data(params))
       end
@@ -19,16 +10,6 @@ module Sberbank
       def calculate_checksum(data)
         OpenSSL::HMAC.hexdigest(@digest, @key, data).upcase!
       end
-
-      private
-
-      def generate_digest_data(params)
-        params.
-          keys.
-          sort { |a, b| a.to_s <=> b.to_s }.
-          map { |param_key| "#{param_key};#{params[param_key]};" }.
-          join
-      end
     end
   end
 end

data/lib/sberbank/acquiring/version.rb

@@ -2,6 +2,6 @@
 
 module Sberbank
   module Acquiring
-    VERSION = '0.1.0'
+    VERSION = '0.2.0'
   end
 end

data/lib/sberbank/acquiring.rb

@@ -1,23 +1,26 @@
 # frozen_string_literal: true
 
+require 'openssl'
 require 'sberbank/acquiring/version'
 require 'sberbank/acquiring/response'
 require 'sberbank/acquiring/request'
 require 'sberbank/acquiring/command_parameters_convertor'
 require 'sberbank/acquiring/command_response_decorator'
 require 'sberbank/acquiring/client'
+require 'sberbank/acquiring/abstract_checksum_validator'
 require 'sberbank/acquiring/symmetric_key_checksum_validator'
+require 'sberbank/acquiring/asymmetric_key_checksum_validator'
 
 module Sberbank
   module Acquiring
     # Order statuses according to https://securepayments.sberbank.ru/wiki/doku.php/integration:api:rest:requests:getorderstatusextended
-    ORDER_NOT_PAID =   0 # order is registered but not paid
-    ORDER_HOLDED =     1 # pre-auth amount is holded (for 2-step payments)
+    ORDER_NOT_PAID   = 0 # order is registered but not paid
+    ORDER_HOLDED     = 1 # pre-auth amount is holded (for 2-step payments)
     ORDER_AUTHORIZED = 2 # order amount is fully authorized
-    ORDER_CANCELLED =  3 # authorization is cancelled
-    ORDER_REFUNDED =   4 # transaction amount was refunded
-    ORDER_PENDING =    5 # authorization pending
-    ORDER_REJECTED =   6 # authorization rejected
+    ORDER_CANCELLED  = 3 # authorization is cancelled
+    ORDER_REFUNDED   = 4 # transaction amount was refunded
+    ORDER_PENDING    = 5 # authorization pending
+    ORDER_REJECTED   = 6 # authorization rejected
 
     OPERATION_SUCCEEDED = 1
     OPERATION_FAILED    = 0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sberbank-acquiring
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Aleksandr Panasyuk
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-10 00:00:00.000000000 Z
+date: 2019-01-27 00:00:00.000000000 Z
 dependencies: []
 description: This is an implementation of Sberbank Acuiring API client
 email:
@@ -19,8 +19,8 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".ruby-gemset"
-- ".ruby-version"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -28,6 +28,8 @@ files:
 - bin/console
 - bin/setup
 - lib/sberbank/acquiring.rb
+- lib/sberbank/acquiring/abstract_checksum_validator.rb
+- lib/sberbank/acquiring/asymmetric_key_checksum_validator.rb
 - lib/sberbank/acquiring/client.rb
 - lib/sberbank/acquiring/command_parameters_convertor.rb
 - lib/sberbank/acquiring/command_response_decorator.rb
@@ -56,7 +58,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.6.12
 signing_key: 
 specification_version: 4
 summary: GEM that makes integration of Sberbank Acquiring easier

data/.ruby-version

@@ -1 +0,0 @@
-2.1.10