AJet
commented
3 years ago Sorry, I seem to have conflated this package with the same-named package from https://github.com/cloudflare/cfssl. It seems that the fullsailor's pkcs7 actually works with the App Store receipts!
I'm trying to use this golang package "pkcs7" to locally validate the Mac App Store receipt on my server written in golang, following the guidelines of https://developer.apple.com/library/archive/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateLocally.html.
Obviously, the receipt is a valid PKCS7 container, however, the function pkcs7.ParsePKCS7() returns errors. At first, it returns a syntax error: {"code":1003,"message":"asn1: syntax error: sequence truncated"}
During debugging I found that it happens because the field signedData.SignerInfos doesn't have the "optional" tag. I added the tag, but now I'm getting another error:
{"code":1003,"message":"asn1: structure error: tags don't match (16 vs {class:0 tag:2 length:1 isCompound:false}) {optional:false explicit:false application:false private:false defaultValue:\u003cnil\u003e tag:\u003cnil\u003e stringType:0 timeType:0 set:false omitEmpty:false} TBSCertificateList @2"}
You can reproduce this issue by using the MAS receipt of any Mac app you install from the Mac App Store. Despite obviously being a totally valid PKCS7 container, the golang pkcs7 package fails to parse it.
Could you help please?