etsy/applepay-php etsy/applepay-php

  • This repository has been archived on 18/Dec/2019
  • Stars
    star
    119
  • Rank 288,576 (Top 6 %)
  • Language
    C
  • License
    MIT License
  • Created over 8 years ago
  • Updated about 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
etsy/applepay-php
github

etsy

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A PHP extension that verifies and decrypts Apple Pay payment tokens

applepay-php

applepay-php is a PHP extension that verifies and decrypts Apple Pay payment tokens according to Apple's spec[1]. It relies on OpenSSL for all crypto operations. Currently, it serves as the backbone for Etsy's PHP-based Apple Pay token handling endpoint.

Build

$ # Clone repo
$ git clone https://github.com/etsy/applepay-php.git
$ cd applepay-php
$
$ # Install OpenSSL development files (>= 1.0.2 required)
$ sudo yum install openssl-devel
$ # -or- sudo apt-get install libssl-dev
$ # etc...
$
$ # Build extension
$ phpize && ./configure && make
$
$ # Optionally install
$ sudo make install
$ echo 'extension=applepay.so' | sudo tee /etc/php.d/applepay.ini
$ # -or- echo 'extension=applepay.so' | sudo tee -a /etc/php.ini
$ # etc...

Pre-reqs

Before running the demo, you'll need a 'Payment Processing Certificate' and a private key from Apple (referred to as merch.cer and priv.p12 below). You can generate these at Apple's Dev Center. You'll also need an example payment token generated on an end-user device and the timestamp at which it was generated. An RSA-encrypted token should look like this:

{
    "data": "<base64>",
    "header": {
        "applicationData": "<hex_optional>"
        "wrappedKey": "<base64>",
        "publicKeyHash": "<base64>",
        "transactionId": "<hex>"
    },
    "signature": "<base64>",
    "version": "RSA_v1"
}

An ECC-encrypted token should look like this:

{
    "data": "<base64>",
    "header": {
        "applicationData": "<hex_optional>"
        "ephemeralPublicKey": "<base64>",
        "publicKeyHash": "<base64>",
        "transactionId": "<hex>"
    },
    "signature": "<base64>",
    "version": "EC_v1"
}

For more info check out the Apple Pay Programming Guide[2].

Demo

$ # Copy in your payment processing cert and test token
$ cd examples
$ cp /secret/place/merch.cer .
$ cp /secret/place/token.json .
$
$ # Extract private key from cert
$ openssl pkcs12 -export -nocerts -inkey merch.key -out priv.p12 -password 'pass:'
$
$ # Get intermediate and root certs from Apple
$ wget -O int.cer 'https://www.apple.com/certificateauthority/AppleAAICAG3.cer'
$ wget -O root.cer 'https://www.apple.com/certificateauthority/AppleRootCA-G3.cer'
$
$ # Verify chain of trust
$ openssl x509 -inform DER -in merch.cer -pubkey > pub.pem
$ openssl x509 -inform DER -in root.cer > root.pem
$ openssl x509 -inform DER -in int.cer > int_merch.pem
$ openssl x509 -inform DER -in merch.cer >> int_merch.pem
$ openssl verify -verbose -CAfile root.pem int_merch.pem # should output OK
$
$ # Run demo
$ cd ..
$ php -denable_dl=on -dextension=`pwd`/modules/applepay.so examples/decrypt.php -p <privkey_pass> -c examples/token.json -t <time_of_transaction>

If everything goes well you should see decrypted payment data.

Future work

  • Split up library into libapplepay and a PHP wrapper
  • HHVM port

[1] https://developer.apple.com/library/prerelease/ios/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html

[2] https://developer.apple.com/library/ios/ApplePay_Guide/

More Repositories

1

AndroidStaggeredGrid

An Android staggered grid view which supports multiple columns with rows of varying sizes.
Java
4,763
star
2

skyline

It'll detect your anomalies! Part of the Kale stack.
Python
2,131
star
3

logster

Parse log files, generate metrics for Graphite and Ganglia
Python
1,965
star
4

deployinator

Deployinate!
Ruby
1,879
star
5

morgue

post mortem tracker
PHP
1,011
star
6

411

An Alert Management Web Application
PHP
968
star
7

feature

Etsy's Feature flagging API used for operational rampups and A/B testing.
PHP
864
star
8

MIDAS

Mac Intrusion Detection Analysis System
831
star
9

opsweekly

On call alert classification and reporting
JavaScript
761
star
10

oculus

The metric correlation component of Etsy's Kale system
Java
706
star
11

mctop

a top like tool for inspecting memcache key values in realtime
Ruby
504
star
12

supergrep

realtime log streamer
JavaScript
410
star
13

Conjecture

Scalable Machine Learning in Scalding
Java
358
star
14

statsd-jvm-profiler

Simple JVM Profiler Using StatsD and Other Metrics Backends
Java
328
star
15

nagios-herald

Add context to Nagios alerts
Ruby
324
star
16

dashboard

JavaScript
308
star
17

Testing101

Etsy's educational materials on testing and design
PHP
262
star
18

boundary-layer

Builds Airflow DAGs from configuration files. Powers all DAGs on the Etsy Data Platform
Python
261
star
19

DebriefingFacilitationGuide

Leading Groups at Etsy to Learn From Accidents
245
star
20

phpunit-extensions

Etsy PHPUnit Extensions
PHP
228
star
21

nagios_tools

Tools for use with Nagios
Python
174
star
22

TryLib

TryLib is a simple php library that helps you generate a diff of your working copy and send it to Jenkins to run the test suite(s) on the latest code patched with your changes.
PHP
155
star
23

open-api

We are working on a new version of Etsy’s Open API and want feedback from developers like you.
149
star
24

BugHunt-iOS

Objective-C
145
star
25

ab

Etsy's little framework for A/B testing, feature ramp up, and more.
129
star
26

mod_realdoc

Apache module to support atomic deploys - http://codeascraft.com/2013/07/01/atomic-deploys-at-etsy/
C
126
star
27

wpt-script

Scripts to generate WebPagetest tests and download results
PHP
121
star
28

foodcritic-rules

Etsy's foodcritic rules
Ruby
117
star
29

kevin-middleware

This is an Express middleware that makes developing javascript in a monorepo easier.
JavaScript
110
star
30

mixer

a tool to initiate meetings by randomly pairing individuals
Go
100
star
31

cloud-jewels

Estimate energy consumption using GCP Billing Data
TSQL
93
star
32

jenkins-master-project

Jenkins Plugin: Master Project. Jenkins project type that allows for selection of sub-jobs to execute, watch, and report worst status of all sub-projects.
Java
84
star
33

Sahale

A Cascading Workflow Visualizer
JavaScript
83
star
34

cdncontrol

CLI tool for working with multiple CDNs
Ruby
80
star
35

PushBot

An IRC Bot for organizing code pushes
Java
79
star
36

chef-whitelist

Simple library to enable host based rollouts of changes
Ruby
68
star
37

rules_grafana

Bazel rules for building Grafana dashboards
Starlark
66
star
38

rfid-checkout

Low Frequency RFID check out/in client for Raspberry Pi
Python
63
star
39

Etsy-Engineering-Career-Ladder

Etsy's Engineering Career Ladder
HTML
61
star
40

Evokit

Rust
59
star
41

ELK-utils

Utilities for working with the ELK (Elasticsearch, Logstash, Kibana) stack
Ruby
58
star
42

incpath

PHP extension to support atomic deploys
C
52
star
43

arbiter

A utility for generating Oozie workflows from a YAML definition
Java
48
star
44

chef-handlers

Chef handlers we use at Etsy
Ruby
41
star
45

VIPERBuilder

Scaffolding for building apps in a clean way with VIPER architecture
Swift
41
star
46

sbt-checkstyle-plugin

SBT Plugin for Running Checkstyle on Java Sources
Scala
32
star
47

es-restlog

Plugin for logging Elasticsearch REST requests
Java
29
star
48

yubigpgkeyer

Script to make RSA authentication key generation on Yubikeys differently painful
Python
28
star
49

Apotheosis

Python
28
star
50

jenkins-deployinator

Jenkins Plugin: Deployinator. Links key deployinator information to Jenkins builds via the CLI.
Java
25
star
51

sbt-compile-quick-plugin

SBT Plugin for Compiling a Single File
Scala
25
star
52

geonames

Scripts for using Geonames
PHP
24
star
53

jading

cascading.jruby build and execution tool
16
star
54

etsy.github.com

Etsy! on Github!
HTML
16
star
55

divertsy-client

The Android client for running DIVERTsy, a waste stream recording tool to help track diversion rates.
Java
13
star
56

cdncontrol_ui

A web UI for Etsy's cdncontrol tool
CSS
13
star
57

terraform-demux

A user-friendly launcher (à la bazelisk) for Terraform.
Go
12
star
58

logstash-plugins

Ruby
11
star
59

jenkins-triggering-user

Jenkins Plugin: Triggering User. Populates a $TRIGGERING_USER environment variable from the build cause and other sources, a best guess.
10
star
60

EtsyCompositionalLayoutBridge

iOS framework that allows for simultaneously leveraging flow layout and compositional layout in collection views
Swift
3
star
61

soft-circuits-workshop

Etsy Soft Circuits Workshop
Arduino
1
star