Module: AppStoreServerApi::Utils::Decoder

Defined in:

lib/app_store_server_api/utils/decoder.rb

Class Method Summary

• .apple_root_certs ⇒ Object
• .decode_jws!(jws) ⇒ Hash

  Decode a signed JWT.

• .decode_transaction(signed_transaction:) ⇒ Object
• .decode_transactions(signed_transactions:) ⇒ Object
• .make_apple_cert_store ⇒ Object

Class Method Details

.apple_root_certs ⇒ Object

# File 'lib/app_store_server_api/utils/decoder.rb', line 36

def apple_root_certs
  Dir.glob(File.join(__dir__, 'certs', '*.cer')).map do |filename|
    OpenSSL::X509::Certificate.new File.read(filename)
  end
end

.decode_jws!(jws) ⇒ Hash

Decode a signed JWT

Parameters:

• jws (String) —

  The signed JWT to decode

Returns:

• (Hash) —

  The decoded payload

# File 'lib/app_store_server_api/utils/decoder.rb', line 13

def decode_jws!(jws)
  apple_cert_store = make_apple_cert_store

  payload, = JWT.decode(jws, nil, true, {algorithm: 'ES256'}) do |headers|
    # verify the certificate included in the header x5c
    cert_target, *cert_chain = headers['x5c'].map {|cert| OpenSSL::X509::Certificate.new(Base64.decode64(cert))}
    apple_cert_store.verify(cert_target, cert_chain)
    cert_target.public_key
  end

  payload
end

.decode_transaction(signed_transaction:) ⇒ Object

# File 'lib/app_store_server_api/utils/decoder.rb', line 26

def decode_transaction(signed_transaction:)
  decode_jws! signed_transaction
end

.decode_transactions(signed_transactions:) ⇒ Object

# File 'lib/app_store_server_api/utils/decoder.rb', line 30

def decode_transactions(signed_transactions:)
  signed_transactions.map do |signed_transaction|
    decode_transaction signed_transaction: signed_transaction
  end
end

.make_apple_cert_store ⇒ Object

# File 'lib/app_store_server_api/utils/decoder.rb', line 42

def make_apple_cert_store
  apple_cert_store = OpenSSL::X509::Store.new
  apple_root_certs.each do |cert|
    apple_cert_store.add_cert cert
  end

  apple_cert_store
end