class ApplePay::PaymentToken::CertificateChain

Constants

CHAIN_OIDS

Attributes

intermediate[RW]
leaf[RW]
pkcs7[RW]
root[RW]

Public Class Methods

new(pkcs7_encoded) click to toggle source
# File lib/apple_pay/payment_token/certificate_chain.rb, line 11
def initialize(pkcs7_encoded)
  self.pkcs7 = OpenSSL::PKCS7.new Base64.decode64(pkcs7_encoded)
  [:leaf, :intermediate].each do |position|
    detected = pkcs7.certificates.detect do |cert|
      cert.extensions.collect(&:oid).include? CHAIN_OIDS[position]
    end
    self.send "#{position}=", detected
  end
  self.root = OpenSSL::X509::Certificate.new(
    File.read File.join(__dir__, 'AppleRootCa-G3.cer')
  )
end

Public Instance Methods

verify(signature_base_string) click to toggle source
# File lib/apple_pay/payment_token/certificate_chain.rb, line 24
def verify(signature_base_string)
  trusted_store = OpenSSL::X509::Store.new
  trusted_store.add_cert root
  pkcs7.certificates = [leaf, intermediate].compact
  pkcs7.verify nil, trusted_store, signature_base_string
end