RubyGems - tonglian-ruby-sdk - Versions diffs - 0.2.0 → 0.3.1 - Mend

tonglian-ruby-sdk 0.2.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d110ad2c605228b2bcad375d09bdb1054e03f252880adff36ac6f573f3ed01df
-  data.tar.gz: c116187cd8e449a0965694d7154acf6c0f22ea232f133f3590101255f3c96c26
+  metadata.gz: 34e702fea8cfb17cedcc44ca1c3cef1c047b43c35d96904b3e1dd07c5e8ada72
+  data.tar.gz: b432d9015bf5dba98ef5921f42b7e742d2440c42487d4919cce2d7cec24c67f0
 SHA512:
-  metadata.gz: 017d35a06757cc2375cea897f41a3a8da499e77ae770e71b605e505b2b290d91558686305bd0119d930927d8614bd06e999e33b1c0c120bef9aef599281a37b5
-  data.tar.gz: 17eb8000f9961dfb76dfe89199831a3364b4befed84973e2250c0145e2e9df15015dece33c01f6937ac79bf128849f0a050df90d4c84da29925721c6d9133e38
+  metadata.gz: b2e90a848ff85e07a0689df84c5eb07a6cf01426b7a6b23d4414cd51011306afc509b39557f1d321726a569abeb4453af05035e14ca0f99dfc6d85c58499d069
+  data.tar.gz: 520cc51c2a2a1933d377e16ec83cdbae62e756a2dc33d7defa744c244b0d061acfd7f3645e88fd2351c694cb3cbe38be0a448abe6254b2ec9aef0cc17ff75993

data/lib/tonglian-ruby-sdk.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # to avoid error when loading PKCS12 private key file
-ENV['OPENSSL_CONF'] = './add-openssl-provider.conf'
+current_dir = File.dirname(__FILE__)
+provider_conf = File.join(current_dir, 'add-openssl-provider.conf')
+ENV['OPENSSL_CONF'] = provider_conf
 require 'openssl'
 require 'cgi'
@@ -33,7 +35,6 @@ module TonglianRubySdk
       data['sign']       = @signer.sign(data)
       url = URI(@api_end_point)
       http = Net::HTTP.new(url.host, url.port)
       http.use_ssl = true if @api_end_point.downcase.starts_with?('https') # Enable SSL for HTTPS
@@ -42,9 +43,9 @@ module TonglianRubySdk
       request.body = URI.encode_www_form(data)
       response = http.request(request)
-      # Handle response
-      puts response.code
-      puts response.body
+      object = JSON.parse(response.body)
+      @signer.verify?(object) || raise('Invalid response signature!')
+      { 'code' => response.code, 'data' => object }
     end
     private
@@ -65,25 +66,26 @@ module TonglianRubySdk
     end
     def sign(params)
-      str = make_sign_message(params)
+      message = make_sign_message(params)
       rsa = OpenSSL::PKey::RSA.new private_key
-      Base64.strict_encode64(rsa.sign('sha1', str.force_encoding('UTF-8')))
+      Base64.strict_encode64(rsa.sign(OpenSSL::Digest.new('SHA256'), message))
     end
     def verify?(params, signature = nil)
       signature = params['sign'] if signature.nil? || signature.to_s.empty?
-      str = make_sign_message(params)
+      params.delete('sign')
+      message = make_verify_message(params)
       public_file = File.open(@public_path)
       public_key = OpenSSL::X509::Certificate.new(public_file).public_key.export
       rsa = OpenSSL::PKey::RSA.new(public_key)
-      rsa.verify('sha1', Base64.decode64(signature), str)
+      rsa.verify(OpenSSL::Digest.new('SHA256'), Base64.decode64(signature), message)
     end
     private
     def private_key
       return @private_key if @private_key
       private_file = File.open(@private_path)
       @private_key = OpenSSL::PKCS12.new(private_file, @private_passwd).key.export
     end
@@ -100,11 +102,35 @@ module TonglianRubySdk
       params.keys.sort.map do |k|
         next if %w[sign signType].include? k
         next if params[k].nil? || params[k].to_s.empty?
-        #sorted_params.push("#{k}=#{CGI.escape(params[k])}")
         sorted_params.push("#{k}=#{params[k]}")
       end
-      Base64.strict_encode64(Digest::MD5.hexdigest(sorted_params.join('&')))
+      flattened_params = sorted_params.join('&')
+      md5_digest = Digest::MD5.digest(flattened_params)
+      Base64.strict_encode64(md5_digest)
+    end
+    def make_verify_message(params)
+      params = sort_object(params)
+      flattened_params = params.to_json
+      Base64.strict_encode64(Digest::MD5.digest(flattened_params))
+    end
+    # In Ruby 3, a hash preserves the order the keys are inserted
+    # So we can make a 'sorted' hash and generate a sorted json later
+    def sort_object(obj)
+      result = nil
+      if obj.is_a? Hash
+        result = {}
+        obj.keys.sort.each { |k| result[k] = sort_object(obj[k]) }
+      elsif obj.is_a? Array
+        result = []
+        obj.sort.each { |k| result.push(k) }
+      else
+        result = obj
+      end
+      result
     end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tonglian-ruby-sdk
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Yi Zhang