about "raw"
qoyanchoz opened this issue · comments
I have a question about GooglePay structures.
What are you storing in the raw field?
For example
type baseSignedMessage struct {
EncryptedMessage paytokens.Base64Encoded
EphemeralPublicKey paytokens.Base64Encoded json:"ephemeralPublicKey"
Tag paytokens.Base64Encoded json:"tag"
}
type signedMessage struct {
baseSignedMessage
raw string json:"-"
}
ты хранишь в строке raw не серилизованную структуру baseSignedMessage?
Hi !
you right
technical this file is string with json content inside
after initial decode json token to token struct
we have problem
SignedMessage field is string with json inside so we need to decode it to
BUT must store original json string to use it later as part of signature check
( see 57 line in handler_decrypt.go )
Hi!
I have problem, when i try to verify signatures.
I take keys from Google URL.
so i have trouble when i Verify(see 137 line in internals.go)
It will be problem with google keys or i do smth wrong?
P.S. Google send me payloads for test.
And i have trouble with parse ephemeral public key - "failed to parse ECDSA public key". - resolved.
And i have problem with private key using ur function to parse it errors.
I generated a private key using the openssl ecparam -name prime256v1 -genkey -noout -out key.pem
can you provide data & code for test ?
.
Thanks! :)
add fix to parse EC type private key
need to check if google support it
also have problem with yours pay token
it corrupted I thin with same json processing
in my practice signedKey filed is string
in your file it struct
also your file have not correct unicode escape chars
But i don't know what to do with private key, in google docs they says: "just generate by code".
i tried to unmrashal with ur structures, it fails.
I'll try tomorrow or today at night.
1 problem with you sample data is EC private key
now your private key parsed - its ok
BUT actually I need correct token to check is parsed EC key fine with verification
2 problem - your token is bad encoded - so it imposible to fine parse it
token is very delicate thing because has double escaped unicode chars and other tricks
can you provide raw data received from browser ?
OK, thanks. I'll try tomorrow to with ur structures and methods.
And callback here. Thank u very much!
this what Google send me to my email
{"signature":"MEUCIQDQ1zb0Tgto0IQKMAe6kwEKonhLUdSHx75kAhJDuMlQ5QIgYx+xcnWyk30/7qZjyEZmPxCq1mMGCJ8tdZ+duTYll5U\u003d","intermediateSigningKey":{"signedKey":"{\"keyValue\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETEpsSYSkAH4aaI4MOUIuiF4U8ERw9GNklQOev3c1F4qkTAImvwWBor0GO3WpbiurLt70MqvPtcUJrHxZ1wizkg\\u003d\\u003d\",\"keyExpiration\":\"1689703328589\"}","signatures":["MEUCIBtDE/gRiaSpfN8rMTxz7SEpuOLlYXIBbYYbENbe2kHmAiEAugnqa2w/FNsnpgZi9JZhBRMIGDrj5LbXLHjEXExnGaM\u003d"]},"protocolVersion":"ECv2","signedMessage":"{\"encryptedMessage\":\"fbLbKe87z/QwuLu4zwJ7RbogajVD/x5Psz/ssOw46Jeg823QGjgpbDLqiHxXQZKwaTtfAk8Xn/CRYCaChpOHzWX8aLkwVye+SIi1B4z4awrBj+KTmrXr3cUpueCj3AOHO29Kw84PqnvbSX76maZrTfwGNDHmrdPLhQcxJlweZsnxi+g3zVayZvgsDNlJePXokWpfQu8TboSCEfeWqWqNvjEccFcI9qmu2GB0ZCsqbXWy9ft3vyOh8xnCt0OaPvAc2ofaUx1Eprg8g9EPH+KieItr8cp+74ugX6C00acf85WytF+jGmBDR7/gP/AGN9xo9C8GvgSmD5rXZNu4GhpBMzyY3/uT2JVGrz2XwJZQLPoNPyKGWw/MZIkEFUmJ3hmraurpXhog0rNX2PzEPch4DD4TmMKRfkr4pGxHEncjz21gUzmQgceHea4BQA94Qd08ui/33hio+eY57xojAj5ce3ONbSnsSiVuhYqlNcVcHrL3llb5q9OFH2F1qT7OYuJhOOiCQ8jkRkGfQEtaXnQgfnb9zyeRG1ddy/sk1Dc41etogaqqBg67CpugZhRTRuXKIzJfiRzXOazNAhWsDdWvbmT7+eQSPhL18ChohbbSv5CqyHgNDeJP9gMJ5u7nQxAommq2n2//LOsadQ\\u003d\\u003d\",\"ephemeralPublicKey\":\"BKYp0Qn8He/hqSXRYpQ8TNabbJ79RlDEABhcvhbZENXrGcrujdNccavXtgywNFPRHeOOwv5vwB/1LjCxR4Yw11w\\u003d\",\"tag\":\"9EGLwWJZABBaSVNiZ4n7VmM+4WcH/oROC3YC2qAKZQA\\u003d\"}"}
Hi!
So i unmarshal with ur structures. And i still can't verify signatures.
What could be the problem?
The reason is your token in test mode
you need create decoder in test mode ( I push update with test mode option )
dec, err := gpay.New(
merchantId,
gpay.MerchantPrivateKeyLocation("private.pem"),
gpay.TestMode(),
)
Hi!
Anyway i can't verify signatures.
Maybe payload is expired or smth.
I will force google to give me new payloads and try tomorrow.
Thanks!
Hi!
Google send me today new payloads, right now everything is okay.
But i can't unmarshal into GooglePayToken struct .
its errors when i unmrashal decrypted message: "invalid character '½' looking for beginning of value"
Can u help me please?
And u have skip error. Its no need check or ?
if err := req.verifyMessageSignature(d.merchantId); err != nil {
//return nil, err
}
Mb if u try to decrypt that and on yours it will be okay
Here payload:
{"signature":"MEYCIQDiCgfbpxN6HSEL5e2l8Uk27iKgIN7RwyDu5KFmVsTY8AIhAIY92gloonm7u8cgW4MjlK186nNUlBTk6rm9C47IiKxp","intermediateSigningKey":{"signedKey":"{"keyValue":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnZa9CKHVUvru6KoaOvsp+aVnNCu1edPdjNlYajM6gqAPl7yFTCuDhvn7TEDHsO/PTCSm7GsWoR+UKskj3L5MVg\u003d\u003d","keyExpiration":"1690443767060"}","signatures":["MEUCIBUG08Jw1uth7qLa4zqP9zn0CauEomshoZGTXwd7vCvrAiEAvoRqYTTGzWwkTjfWe0RtA7uUotZSYKSenut3cCoHRuo\u003d"]},"protocolVersion":"ECv2","signedMessage":"{"encryptedMessage":"Hk1Yzn9Huonpd1da+3JyixvSUJAJaRSXbCF2Fiwf8AVBGLPfCLT6V7XJDfomDvpZts7rU4jE6Nk0GX///c7HFSYosg2mqRpFtBab/e0gh+SyYOlZ0Ae72tWW8RO25dRlK3UdqSzsEIqNmfNB8cFU/B7AXQ2xg/L7L9kYVVDpzCRN2sMENEjRzzGsKcQSRUy78Pi9VrqJ81UISMNJ9t/MUb+4a/ZK0fpOUCFMrhSsezmhSyEeM5OJoD3n+Cs2n3Fuz0CKICXGJHl2LqNs5AkwKGoREllU3sBSI0jmySibqAt6O3ObkQolCbQNEmUBc5cBap8jHLjAgaOQ+oOjNbYrUl4/LZNSU0ikyQtlvb0zLsTCUJx2sxd6lmPPY6YJTD+bWGh8a9bRTlL1qaVo+T4kb2aPy2ZCPc7p6N9ZAlO2sy9o/Wdb/yUUt4Qvl3ST3m7M2O15yk9m9f4i5etol3J6BIHXa10ete0AsygPZ0lpYjlKwpbNu8fhZUrPvBjrbsF+W/c2Hqd/NcJV499jYS3nnVh+TaFe8fylN2D9ayZgi4H72GOkgUYTZrXO26XjWKGzeUWYDNUSICn8d8MtFUajvGskoNskVA2NS6qox0kd3+5hfsJW9PKR6CNJYhu99JoRmCqd/XH5GlUZ6g\u003d\u003d","ephemeralPublicKey":"BBdYf97vNElUCq5d7Hi2qHW7ie+pZ+oPVxX/c9jcM095UBWOt21ZNSMxIYSGzTr3pizjYMZfpikj4STjDcHgqh0\u003d","tag":"rFSOUNCKB70pW0CZrsp0KYCOTJXbNzeG6/+sBViMw9o\u003d"}"}
Here Private key:
key.zip