Class: IAPServer::JWTTools

Inherits:
Object
  • Object
show all
Defined in:
lib/iap/jwttools.rb

Class Method Summary collapse

Class Method Details

.generateObject 



9
10
11
12
13
14
15
16
17
 
# File 'lib/iap/jwttools.rb', line 9

def self.generate
  config = IAPServer::AppStoreConfig.default_config
  raise "获取秘钥信息失败,请检查。" if config.nil?
  
  key, kid, iss, bid = config['key'], config['kid'], config['iss'], config['bid']
  # fix key
  key = key.split("\\n").join("\n") if key.include?("\\n")
  generate_token(key, kid, iss, bid)
end

.generate_token(key, kid, iss, bid) ⇒ Object

秘钥串、秘钥ID、Issuer ID、bundle id



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/iap/jwttools.rb', line 20

def self.generate_token(key, kid, iss, bid)
  # JWT Header
  header = {
    "alg": "ES256", # 固定值
    "kid": kid, # private key ID from App Store Connect
    "typ": "JWT" # 固定值
  }

  iat = Time.new
  # JWT Payload
  payload = {
    "iss": iss, # Your issuer ID from the Keys page in App Store Connect
    "aud": "appstoreconnect-v1", # 固定值
    "iat": iat.to_i, # 令牌生成时间,UNIX时间单位,秒
    "exp": iat.to_i + 60 * 60, # 令牌失效时间,60 minutes timestamp
    "nonce": UUIDTools::UUID.timestamp_create.to_s, # An arbitrary number you create and use only once
    "bid": bid # Your app's bundle ID
  }

  ecdsa_key = OpenSSL::PKey::EC.new key
  # JWT token
  token = JWT.encode payload, ecdsa_key, algorithm='ES256', header_fields=header
  token
end

.good_signature(jws_token) ⇒ Object 



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/iap/jwttools.rb', line 45

def self.good_signature(jws_token)
    realpath = File.expand_path("#{File.dirname(__FILE__)}/../../assets/AppleRootCA-G3.cer")
    raw = File.read "#{realpath}"
    apple_root_cert = OpenSSL::X509::Certificate.new(raw)

    parts = jws_token.split(".")
    decoded_parts = parts.map { |part| Base64.decode64(part) }
    header = JSON.parse(decoded_parts[0])
    # puts "Header:#{decoded_parts[0]}"
    # puts "Payload:#{decoded_parts[1]}"

    cert_chain =  header["x5c"].map { |part| OpenSSL::X509::Certificate.new(Base64.decode64(part))}
    return false unless cert_chain.last == apple_root_cert

    for n in 0..(cert_chain.count - 2)
      return false unless cert_chain[n].verify(cert_chain[n+1].public_key)
    end

    begin
      decoded_token = JWT.decode(jws_token, cert_chain[0].public_key, true, { algorithms: ['ES256'] })
      !decoded_token.nil?
    rescue JWT::JWKError
      false
    rescue JWT::DecodeError
      false
    end
end

.header(jws_token) ⇒ Object 



79
80
81
82
83
 
# File 'lib/iap/jwttools.rb', line 79

def self.header(jws_token)
    parts = jws_token.split(".")
    decoded_parts = parts.map { |part| Base64.decode64(part) }
    decoded_parts[0]
end

.payload(jws_token) ⇒ Object 



73
74
75
76
77
 
# File 'lib/iap/jwttools.rb', line 73

def self.payload(jws_token)
    parts = jws_token.split(".")
    decoded_parts = parts.map { |part| Base64.decode64(part) }
    decoded_parts[1]
end