search

spreedly / gala

Ruby library for decrypting Apple Pay payment tokens
MIT License
41 stars 24 forks source link

Test failing with InvalidSignatureError #15

Open bcarreno opened 4 years ago

bcarreno commented 4 years ago

Thank you so much for writing and maintaing the Gala gem!

Tests were passing in May 2018 (last commit) but if you run them today you'll get this error.

$ rake test
Run options: --seed 59087

# Running:

...EF.

Finished in 0.041877s, 143.2767 runs/s, 262.6740 assertions/s.

  1) Error:
Gala::PaymentTokenTest#test_decrypt:
Gala::PaymentToken::InvalidSignatureError: Unable to verify a valid chain of trust from signature to root certificate.
    /Users/Carreno/prj/gala/lib/gala/payment_token.rb:61:in `validate_signature'
    /Users/Carreno/prj/gala/lib/gala/payment_token.rb:30:in `decrypt'
    /Users/Carreno/prj/gala/test/payment_token_test.rb:43:in `test_decrypt'

The exception is raised because the call to OpenSSL::X509::Store#verify is returning false https://github.com/spreedly/gala/blob/master/lib/gala/payment_token.rb#L78

My guess the problem is in the certificate, which expired in 2016. You can check via:

$ openssl x509 -in test/fixtures/certificate.pem -text -noout | grep -A 2 Validity
        Validity
            Not Before: Oct 26 12:10:10 2014 GMT
            Not After : Nov 24 12:10:10 2016 GMT
bcarreno commented 4 years ago

If you're busy I can work on a PR next week.