search

fullsailor / pkcs7

Implements a subset of PKCS#7/Crytpographic Message Syntax (rfc2315, rfc5652)
MIT License
123 stars 201 forks source link

Verify iTunes Receipt failed. #9

Closed googollee closed 8 years ago

googollee commented 8 years ago

For background, iTunes Receipt is purchased receipt in iTunes(macOS/iOS). It's a binary file which encoded with pkcs#7.

I try to use this package to parse iTunes Receipt like:

b, err := ioutil.ReadFile("./test_receipt")

d, err := base64.StdEncoding.DecodeString(string(b))

pkcs, err := pkcs7.Parse(d)

pkcs.Verify()

And it always return crypto/rsa: verification error when verify. Even I can parse data with pkcs.Content through asn1.

I can verify the file with openssl OK.

Is there anything I'm wrong or missing when verifying?

Attached test file: test_receipt.zip

fullsailor commented 8 years ago

Hey, looks like you're doing everything right. I was able to reproduce the issue using your sample receipt.

It looks like we don't handle cases where the AuthenticatedAttributes are omitted from the signature. Simple enough to fix.

Thanks for the report!

fullsailor commented 8 years ago

@googollee I had to push a quick fix since I missed a hunk in the git commit. If you tried it out before the last 5 minutes or so, try again now.

Side note, I've now setup Travis CI to prevent this in the future.

googollee commented 8 years ago

Great. Thank you for quick fix. I just try and it's works now.