Class: ApplePay::PaymentToken::CertificateChain

Inherits:
Object
  • Object
show all
Defined in:
lib/apple_pay/payment_token/certificate_chain.rb

Constant Summary collapse

CHAIN_OIDS = 
{
  leaf: '1.2.840.113635.100.6.29',
  intermediate: '1.2.840.113635.100.6.2.14'
}

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pkcs7_encoded) ⇒ CertificateChain

Returns a new instance of CertificateChain.



11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/apple_pay/payment_token/certificate_chain.rb', line 11

def initialize(pkcs7_encoded)
  self.pkcs7 = OpenSSL::PKCS7.new Base64.decode64(pkcs7_encoded)
  [:leaf, :intermediate].each do |position|
    detected = pkcs7.certificates.detect do |cert|
      cert.extensions.collect(&:oid).include? CHAIN_OIDS[position]
    end
    self.send "#{position}=", detected
  end
  self.root = OpenSSL::X509::Certificate.new(
    File.read File.join(__dir__, 'AppleRootCa-G3.cer')
  )
end

Instance Attribute Details

#intermediateObject

Returns the value of attribute intermediate.



9
10
11
 
# File 'lib/apple_pay/payment_token/certificate_chain.rb', line 9

def intermediate
  @intermediate
end

#leafObject

Returns the value of attribute leaf.



9
10
11
 
# File 'lib/apple_pay/payment_token/certificate_chain.rb', line 9

def leaf
  @leaf
end

#pkcs7Object

Returns the value of attribute pkcs7.



9
10
11
 
# File 'lib/apple_pay/payment_token/certificate_chain.rb', line 9

def pkcs7
  @pkcs7
end

#rootObject

Returns the value of attribute root.



9
10
11
 
# File 'lib/apple_pay/payment_token/certificate_chain.rb', line 9

def root
  @root
end

Instance Method Details

#verify(signature_base_string) ⇒ Object 



24
25
26
27
28
29
 
# File 'lib/apple_pay/payment_token/certificate_chain.rb', line 24

def verify(signature_base_string)
  trusted_store = OpenSSL::X509::Store.new
  trusted_store.add_cert root
  pkcs7.certificates = [leaf, intermediate].compact
  pkcs7.verify nil, trusted_store, signature_base_string
end