Adding GameCenter auth

spec/AuthenticationAdapters.spec.js

@@ -576,4 +576,26 @@ describe('google auth adapter', () => {
       expect(e.message).toBe('Google auth is invalid for this user.');
     }
   });
+
+  it('properly verify a game center identity', () => {
+    const authenticationHandler = authenticationLoader({
+      gcenter: path.resolve('./src/Adapters/Auth/gcenter.js')
+    });
+     validateAuthenticationHandler(authenticationHandler);
+    const validator = authenticationHandler.getValidatorForProvider('gcenter');
+    var identity = {
+      playerId: "G:1958377822",
+      publicKeyUrl: "https://static.gc.apple.com/public-key/gc-prod-3.cer",
+      timestamp: "1513067500622",
+      signature: "BYX5fJ59vVnj/3pdAfsfzkdSHG5kqPJ/gnhagaFJYwAYRlhR9P672sZk0N/cZoCabzTZM+AVMc6W+xwpVVSj/qxgfZi4ADvwKY7m8q8ugdw3Aec97w8zL3i5F5wKLr+HPzR6/OW4YsMQjtuumpWQCq+9bDro9JibiCVKm+x/MwvIgHS3gdi6XVD+JeBMLbd5bJk/wUmcjE9uWMoXRiY4WCREtlIy47eGWYSFQ2kinIKo4YRzpSK95E9jYEB0nOjwg1ExycvMBPDrxoxpk+maIkqPZ3FS6vESLnhq1/gojwECEmObRxv+a1ZRvzt2fwCMfjBzZVv867r+mpF7H/JrXA==",
+      salt: "WN97Bw==",
+      bundleId: "com.appxplore.apptest"
+    };
+    validateValidator(validator);
+    validator(identity, function (err, token)
+    {
+      expect(err).toBeNull();
+      expect(token).not.toBeNull();
+    });
+  });
 });

src/Adapters/Auth/gcenter.js

@@ -0,0 +1,127 @@
+'use strict';
+
+// Helper functions for accessing the google API.
+//var Parse = require('parse/node').Parse;
+var crypto = require('crypto');
+var request = require('request');
+var url = require('url');
+
+// Returns a promise that fulfills if this user id is valid.
+function validateAuthData(authData) {
+  return new Promise(function (resolve, reject) {
+    var identity = {
+      publicKeyUrl: authData.pKeyUrl,
+      timestamp: authData.timeStamp,
+      signature: authData.sig,
+      salt: authData.salt,
+      playerId: authData.id,
+      bundleId: authData.bid
+    };
+
+    return verify(identity, function (err, token) {
+      if(err) {
+        return reject('Failed to validate this access token with Game Center.');
+      } else {
+        return resolve(token);
+      }
+    });
+  });
+}
+
+// Returns a promise that fulfills if this app id is valid.
+function validateAppId() {
+  return Promise.resolve();
+}
+
+function verifyPublicKeyUrl(publicKeyUrl) {
+  var parsedUrl = url.parse(publicKeyUrl);
+  if (parsedUrl.protocol !== 'https:') {
+    return false;
+  }
+
+  var hostnameParts = parsedUrl.hostname.split('.');
+  var domain = hostnameParts[hostnameParts.length - 2] + "." + hostnameParts[hostnameParts.length - 1];
+  if (domain !== 'apple.com') {
+    return false;
+  }
+
+  return true;
+}
+
+function convertX509CertToPEM(X509Cert) {
+  var pemPreFix = '-----BEGIN CERTIFICATE-----\n';
+  var pemPostFix = '-----END CERTIFICATE-----';
+
+  var base64 = X509Cert.toString('base64');
+  var certBody = base64.match(new RegExp('.{0,64}', 'g')).join('\n');
+
+  return pemPreFix + certBody + pemPostFix;
+}
+
+function getAppleCertificate(publicKeyUrl, callback) {
+  if (!verifyPublicKeyUrl(publicKeyUrl)) {
+    callback(new Error('Invalid publicKeyUrl'), null);
+    return;
+  }
+
+  var options = {
+    uri: publicKeyUrl,
+    encoding: null
+  };
+  request.get(options, function (error, response, body) {
+    if (!error && response.statusCode === 200) {
+      var cert = convertX509CertToPEM(body);
+      callback(null, cert);
+    } else {
+      callback(error, null);
+    }
+  });
+}
+
+/* jslint bitwise:true */
+function convertTimestampToBigEndian(timestamp) {
+  // The timestamp parameter in Big-Endian UInt-64 format
+  var buffer = new Buffer(8);
+  buffer.fill(0);
+
+  var high = ~~(timestamp / 0xffffffff); // jshint ignore:line
+  var low = timestamp % (0xffffffff + 0x1); // jshint ignore:line
+
+  buffer.writeUInt32BE(parseInt(high, 10), 0);
+  buffer.writeUInt32BE(parseInt(low, 10), 4);
+
+  return buffer;
+}
+/* jslint bitwise:false */
+
+function verifySignature(publicKey, idToken) {
+  var verifier = crypto.createVerify('sha256');
+  verifier.update(idToken.playerId, 'utf8');
+  verifier.update(idToken.bundleId, 'utf8');
+  verifier.update(convertTimestampToBigEndian(idToken.timestamp));
+  verifier.update(idToken.salt, 'base64');
+
+  if (!verifier.verify(publicKey, idToken.signature, 'base64')) {
+    throw new Error('Invalid Signature');
+  }
+}
+
+function verify(idToken, callback) {
+  getAppleCertificate(idToken.publicKeyUrl, function (err, publicKey) {
+    if (!err) {
+      try {
+        verifySignature(publicKey, idToken);
+        callback(null, idToken);
+      } catch (e) {
+        callback(e, null);
+      }
+    } else {
+      callback(err, null);
+    }
+  });
+}
+
+module.exports = {
+  validateAppId: validateAppId,
+  validateAuthData: validateAuthData
+};

src/Adapters/Auth/index.js

@@ -6,6 +6,7 @@ const instagram = require('./instagram');
 const linkedin = require('./linkedin');
 const meetup = require('./meetup');
 const google = require('./google');
+const gcenter = require("./gcenter");
 const github = require('./github');
 const twitter = require('./twitter');
 const spotify = require('./spotify');
@@ -33,6 +34,7 @@ const providers = {
   linkedin,
   meetup,
   google,
+  gcenter,
   github,
   twitter,
   spotify,