tclink 4.2.0

data/ext/tclink.h

@@ -0,0 +1,83 @@
+/* tclink.h - Header file for TCLink library.
+ *
+ * TCLink Copyright (c) 2013 TrustCommerce.
+ * http://www.trustcommerce.com
+ * techsupport@trustcommerce.com
+ * (949) 387-3747
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef _TCLINK_H
+#define _TCLINK_H
+
+#include "config.h"
+
+/* Handle passed to all TCLink functions.  A unique handle must be created
+ * for each concurrent thread, but the same handle can be shared by transactions
+ * occurring one after another (such as a for loop).
+ */
+#define TCLinkHandle void *
+
+/* Parameter names and values cannot exceed this size.
+ */
+#define PARAM_MAX_LEN 256
+
+/* Create a new TCLinkHandle.
+ */
+TCLinkHandle TCLinkCreate();
+
+/* Add a parameter to be sent to the server.
+ */
+void TCLinkPushParam(TCLinkHandle handle, const char *name, const char *value);
+
+/* Flush the parameters to the server.
+ */
+void TCLinkSend(TCLinkHandle handle);
+
+/* Look up a response value from the server.
+ * Returns NULL if no such parameter, or stores the value in 'value' and
+ * returns a pointer to value.  value should be at least PARAM_MAX_LEN in size.
+ */
+char *TCLinkGetResponse(TCLinkHandle handle, const char *name, char *value);
+
+/* Get all response values from the server in one giant string.
+ * Stores the string into buf and returns a pointer to it.  Size should be
+ * sizeof(buf), which will limit the string so that no buffer overruns occur.
+ */
+char *TCLinkGetEntireResponse(TCLinkHandle handle, char *buf, int size);
+
+/* Destory a handle, ending that transaction and freeing the memory associated with it. */
+void TCLinkDestroy(TCLinkHandle handle);
+
+/* Store version string into buf.  Returns a pointer to buf. */
+char *TCLinkGetVersion(char *buf);
+
+
+/* The API methods below are subject to change. */
+
+/* Enables (1) or Disables (0) the full SSL close_notify sequence.  By default, this is set to 1.*/
+int TCLinkSetFullClose(TCLinkHandle handle, int full_ssl_close);
+
+/* Provides a method, before the first send call is initiated, of loading a set of trusted CA certificates (PEM format). */
+void TCLinkSetTrustedCABundle(TCLinkHandle handle, const char *str, int len);
+
+/* Provides a method, once the handshake is completed, a means to verify the contents of that certificate independently.  
+ * Note that the certificate may not be set depending on the negotation type (in which case the pointer would be NULL)
+ */
+void TCLinkSetValidateCallback(TCLinkHandle handle, int (*validate_cert)(int, void *));
+
+#endif
+

data/ext/validate.c

@@ -0,0 +1,154 @@
+/*
+COPYRIGHT AND PERMISSION NOTICE
+ 
+Copyright (c) 1996 - 2010, Daniel Stenberg, <daniel@haxx.se>.
+ 
+All rights reserved.
+ 
+Permission to use, copy, modify, and distribute this software for any purpose
+with or without fee is hereby granted, provided that the above copyright
+notice and this permission notice appear in all copies.
+ 
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN
+NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
+OR OTHER DEALINGS IN THE SOFTWARE.
+ 
+Except as contained in this notice, the name of a copyright holder shall not
+be used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization of the copyright holder.
+*/
+/* simplified to a basic host name check */
+#include <string.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+
+#define bool int
+#define false 0
+#define true 1
+/** @fn static bool cert_hostcheck(const char *hostname, char *pattern)
+  * Verifies that the hostname matches against the pattern specified.
+  * Handles wildcard patterns and ignores the distinction between upper and lower case letters.
+  * Note: Ported over from ssluse.c in curl (7.1.16) lib
+  * Note: Explicit pattern match disabled as we do not use that for processing node certificate.
+  * Note: No longer ignores the distinction between upper and lower case letters.  Our certificate is generated with lowercase letters.
+  * @return true if matches, false otherwise
+  * @param hostname The hostname we want to check. e.g: vault.trustcommerce.com
+  * @param pattern The pattern we wish to match against. e.g: *.trustcommerce.com
+  */
+bool cert_hostcheck(const char *pattern, const char *hostname)
+{
+	if (!hostname || !pattern || !*hostname || !*pattern) return false;
+	if (!strcmp(hostname,pattern)) return true;
+	return false;
+}
+/** @fn static bool checkCertificate(X509 *cert, char *host)
+  * Provides validation of the hostname associated with a certificate.
+  * See RFC2818 - Server Identity for an overview of the concept.
+  * This implementation is based off the one found in curl-7.16.1: ssluse.c
+  * but we treat the subjectAltName as a recommendation... so if it fails, 
+  * we will proceed to the CN check.
+  * The rationale for this is that we are not always using HTTP (over SSL)
+  * and its more of a certification generation / CA issue and we want
+  * maximum interoperability (as opposed to strict compliance). 
+  * @param cert The X509 certificate in question.
+  * @param host The hostname or ip we wish to check.
+  * @return true if matches, false otherwise
+  */
+static bool checkCertificate(X509 * cert, const char *host)
+{
+	int i,j;
+	bool matched = false;
+	STACK_OF(GENERAL_NAME) * altnames;
+	unsigned char *nulstr = { '\0' };
+	unsigned char *peer_CN = nulstr;
+	X509_NAME *name;
+	ASN1_STRING * tmp;
+	bool status = false;
+
+	if (!cert || !host) return false;
+
+	altnames = (STACK_OF(GENERAL_NAME) *)(X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL));
+
+	if (altnames != NULL)
+	{
+		int numalts = sk_GENERAL_NAME_num(altnames);
+		for (i=0; (i<numalts) && (matched == false); i++)
+		{
+			const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
+			const char *altptr = (char *)(ASN1_STRING_data(check->d.ia5));
+			size_t altlen;
+			switch (check->type)
+			{
+				case GEN_DNS: 
+					altlen = ASN1_STRING_length(check->d.ia5);
+					if (altlen == strlen(host) && cert_hostcheck(altptr, host))
+						matched = true;
+					break;
+				case GEN_IPADD:
+					altlen = ASN1_STRING_length(check->d.ia5);
+					if (altlen == strlen(host) && !memcmp(altptr, host, altlen))
+						matched = true;
+					break;
+			}
+		}
+		GENERAL_NAMES_free(altnames);
+		if (matched != false) return true;
+	}
+	
+	i = j = -1;
+
+
+	name = X509_get_subject_name(cert);
+	if (!name) return false;
+
+
+	// get the last CN found in the subject (supposedly its the most distinguished one)
+	while ((j=X509_NAME_get_index_by_NID(name,NID_commonName,i))>=0)
+		i=j;
+
+	if (i<0) return false;
+
+	tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
+	/* workaround for version of openssl < 0.9.7d */
+	if (tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING)
+	{
+		j = ASN1_STRING_length(tmp);
+		if (j >= 0) {
+			peer_CN = (unsigned char *)(OPENSSL_malloc(j+1));
+			if (peer_CN)
+			{
+				memcpy(peer_CN, ASN1_STRING_data(tmp), j);
+				peer_CN[j] = '\0';
+			}
+		}
+	}
+	else
+	{
+		j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
+	}
+
+	if (peer_CN == nulstr)
+		peer_CN = NULL;
+
+	if (peer_CN == NULL)
+		return false; // the cn isnt missing in virtually all cases
+	else if(!cert_hostcheck((char *)(peer_CN), host))
+		status = false;
+	else 
+		status = true;
+
+	if (peer_CN)
+		OPENSSL_free(peer_CN);
+	return status;
+}
+
+int TCLinkDefaultValidate(int x, void * cert)
+{
+	if (x != 0 || cert == NULL) return 0;
+	return !checkCertificate((X509 *)cert, "pgw1.trustcommerce.com");
+
+}

data/tclink.gemspec

@@ -0,0 +1,33 @@
+require 'rubygems' unless defined?(Gem)
+
+spec=Gem::Specification.new do |s|
+  s.name = 'tclink'
+#note: extconf takes version out of this file
+  s.version = '4.2.0'
+  s.summary = "TCLink Trust Commerce link"
+  s.description = "Trust Commerce connectivity layer"
+  s.homepage = "http://trustcommerce.com"
+  s.license = "LGPL-2.1"
+  s.require_path = 'ext'
+  s.required_ruby_version = '>=1.8.7'
+  # s.has_rdoc = false
+  s.author = "Josh Puetz"
+  s.email = "developer@trustcommerce.com"
+  s.extensions = ["ext/extconf.rb"]
+
+  s.files = Dir['ext/*.c'] + Dir['ext/*.h'] + Dir['ext/extconf.rb'] + %w[
+    LICENSE README doc/TCDevGuide.html doc/TCDevGuide.txt
+    test/tclink_test.rb
+    Rakefile
+    tclink.gemspec]
+  s.files
+end
+
+if $0 == __FILE__
+  #Gem::manage_gems
+  #Gem::Builder.new(spec).build
+  require 'rubygems/gem_runner'
+  Gem::GemRunner.new.run ['build', 'tclink.gemspec']
+end
+
+spec

data/test/tclink_test.rb

@@ -0,0 +1,36 @@
+require 'test/unit'
+
+class TCLinkTest < Test::Unit::TestCase
+
+  # Called before every test method runs. Can be used
+  # to set up fixture information.
+  def setup
+    require_relative '../ext/tclink'
+  end
+
+  # Called after every test method runs. Can be used to tear
+  # down fixture information.
+
+  def teardown
+    # Do nothing
+  end
+
+  # Fake test
+  def test_send
+    params = {}
+    params["custid"] = "TestMerchant"
+    params["password"] = "password"
+    params["action"] = "sale"
+    params["media"] = "cc"
+    params["cc"] = "4111111111111111"
+    params["exp"] = "0110"
+    params["amount"] = "100"
+    params["name"] = "Joe Ruby"
+
+# Send the hash to TrustCommerce for processing
+    result = TCLink.send(params)
+    assert('approved').equal?(result['status'])
+
+    # fail('Not implemented')
+  end
+end

metadata

@@ -0,0 +1,59 @@
+--- !ruby/object:Gem::Specification
+name: tclink
+version: !ruby/object:Gem::Version
+  version: 4.2.0
+platform: ruby
+authors:
+- Josh Puetz
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-06-01 00:00:00.000000000 Z
+dependencies: []
+description: Trust Commerce connectivity layer
+email: developer@trustcommerce.com
+executables: []
+extensions:
+- ext/extconf.rb
+extra_rdoc_files: []
+files:
+- LICENSE
+- README
+- Rakefile
+- doc/TCDevGuide.html
+- doc/TCDevGuide.txt
+- ext/config.h
+- ext/extconf.rb
+- ext/mem.c
+- ext/rb_tclink.c
+- ext/tclink.c
+- ext/tclink.h
+- ext/validate.c
+- tclink.gemspec
+- test/tclink_test.rb
+homepage: http://trustcommerce.com
+licenses:
+- LGPL-2.1
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- ext
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.8.7
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: TCLink Trust Commerce link
+test_files: []
+has_rdoc: