all green

edutap-eu · Dec 6, 2024 · c2e774d · c2e774d
1 parent 40be169
commit c2e774d
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 5 deletions.
diff --git a/src/edutap/wallet_google/handlers/validate.py b/src/edutap/wallet_google/handlers/validate.py
@@ -4,6 +4,20 @@
 from ..settings import GoogleWalletSettings
 
 
+def _raw_private_key(inkey: str) -> str:
+    """
+    Returns the raw private key.
+    """
+    result = ""
+    for line in inkey.splitlines():
+        if "BEGIN PRIVATE KEY" in line:
+            continue
+        if "END PRIVATE KEY" in line:
+            break
+        result += line.strip()
+    return result
+
+
 def verify_signature(data: CallbackData) -> bool:
     """
     Verifies the signature of the callback data.
@@ -12,7 +26,7 @@ def verify_signature(data: CallbackData) -> bool:
     decryptor = GooglePayTokenDecryptor(
         settings.google_root_signing_public_keys.dict()["keys"],
         settings.issuer_id,
-        settings.credentials_info["private_key"],
+        _raw_private_key(settings.credentials_info["private_key"]),
     )
     try:
         decryptor.verify_signature(dict(data))

diff --git a/src/edutap/wallet_google/settings.py b/src/edutap/wallet_google/settings.py
@@ -5,7 +5,6 @@
 from pydantic import HttpUrl
 from pydantic_settings import BaseSettings
 from pydantic_settings import SettingsConfigDict
-from typing import Any
 from typing import Literal
 
 import json
@@ -49,14 +48,14 @@ class GoogleWalletSettings(BaseSettings):
 
     credentials_file: Path = ROOT_DIR / "credentials.json"
     issuer_account_email: EmailStr | None = None
-    issuer_id: str | None = Field(min_length=19, max_length=20, default=None)
+    issuer_id: str = Field(min_length=19, max_length=20, default="")
 
     callback_url: HttpUrl | None = None
     callback_update_url: HttpUrl | None = None
 
     environment: Literal["production", "testing"] = "testing"
 
-    cached_credentials_info: dict[str, Any] | None = Field(default=None, hidden=True)
+    cached_credentials_info: dict[str, str] = {}
 
     @property
     def google_root_signing_public_keys(self) -> RootSigningPublicKeys:

diff --git a/tests/test_handler_validate.py b/tests/test_handler_validate.py
@@ -1,5 +1,23 @@
 from edutap.wallet_google.handlers.validate import verify_signature
+from edutap.wallet_google.models.callback import CallbackData
+
+
+callbackdata_for_test_failure = {
+    "signature": "foo",
+    "intermediateSigningKey": {
+        "signedKey": {"keyValue": "baz", "keyExpiration": 0},
+        "signatures": ["bar"],
+    },
+    "protocolVersion": "",
+    "signedMessage": {
+        "classId": "1",
+        "objectId": "2",
+        "expTimeMillis": 0,
+        "eventType": "SAVE",
+    },
+}
 
 
 def test_handler_validate_valid():
-    assert verify_signature("data") is True
+    data = CallbackData.model_validate(callbackdata_for_test_failure)
+    assert verify_signature(data) is False