Class SignedDataVerifier

A class providing utility methods for verifying and decoding App Store signed data.

Example Usage:

const verifier = new SignedDataVerifier([appleRoot, appleRoot2], true, Environment.SANDBOX, "com.example")

try {
    const decodedNotification = verifier.verifyAndDecodeNotification("ey...")
    console.log(decodedNotification)
} catch (e) {
    console.error(e)
}

Constructors

constructor

Properties

appAppleId? bundleId enableOnlineChecks environment rootCertificates verifiedPublicKeyCache

Methods

checkOCSPStatus verifyAndDecodeAppTransaction verifyAndDecodeNotification verifyAndDecodeRenewalInfo verifyAndDecodeTransaction verifyCertificateChain verifyCertificateChainWithoutCaching verifyJWT verifyNotification

Constructors

constructor

  • new SignedDataVerifier(
        appleRootCertificates: Buffer<ArrayBufferLike>[],
        enableOnlineChecks: boolean,
        environment: Environment,
        bundleId: string,
        appAppleId?: number,
    ): SignedDataVerifier

    Parameters

    • appleRootCertificates: Buffer<ArrayBufferLike>[]

      A list of DER-encoded root certificates

    • enableOnlineChecks: boolean

      Whether to enable revocation checking and check expiration using the current date

    • environment: Environment

      The App Store environment to target for checks

    • bundleId: string

      The app's bundle identifier

    • OptionalappAppleId: number

      The app's identifier, omitted in the sandbox environment

    Returns SignedDataVerifier

Properties

Protected OptionalappAppleId

appAppleId?: number

ProtectedbundleId

bundleId: string

ProtectedenableOnlineChecks

enableOnlineChecks: boolean

Protectedenvironment

environment: Environment

ProtectedrootCertificates

rootCertificates: X509Certificate[]

ProtectedverifiedPublicKeyCache

verifiedPublicKeyCache: { [index: string]: CacheValue }

Methods

ProtectedcheckOCSPStatus

  • checkOCSPStatus(cert: X509Certificate, issuer: X509Certificate): Promise<void>

    Parameters

    • cert: X509Certificate
    • issuer: X509Certificate

    Returns Promise<void>

verifyAndDecodeAppTransaction

  • verifyAndDecodeAppTransaction(
        signedAppTransaction: string,
    ): Promise<AppTransaction>

    Verifies and decodes a signed AppTransaction See AppTransaction

    Parameters

    • signedAppTransaction: string

      The signed AppTransaction

    Returns Promise<AppTransaction>

    The decoded AppTransaction after validation

    Throws

    VerificationException Thrown if the data could not be verified

verifyAndDecodeNotification

verifyAndDecodeRenewalInfo

  • verifyAndDecodeRenewalInfo(
        signedRenewalInfo: string,
    ): Promise<JWSRenewalInfoDecodedPayload>

    Verifies and decodes a signedRenewalInfo obtained from the App Store Server API, an App Store Server Notification, or from a device See JWSRenewalInfo

    Parameters

    • signedRenewalInfo: string

      The signedRenewalInfo field

    Returns Promise<JWSRenewalInfoDecodedPayload>

    The decoded renewal info after verification

    Throws

    VerificationException Thrown if the data could not be verified

verifyAndDecodeTransaction

  • verifyAndDecodeTransaction(
        signedTransactionInfo: string,
    ): Promise<JWSTransactionDecodedPayload>

    Verifies and decodes a signedTransaction obtained from the App Store Server API, an App Store Server Notification, or from a device See JWSTransaction

    Parameters

    • signedTransactionInfo: string

    Returns Promise<JWSTransactionDecodedPayload>

    The decoded transaction info after verification

    Throws

    VerificationException Thrown if the data could not be verified

ProtectedverifyCertificateChain

  • verifyCertificateChain(
        trustedRoots: X509Certificate[],
        leaf: X509Certificate,
        intermediate: X509Certificate,
        effectiveDate: Date,
    ): Promise<KeyObject>

    Parameters

    • trustedRoots: X509Certificate[]
    • leaf: X509Certificate
    • intermediate: X509Certificate
    • effectiveDate: Date

    Returns Promise<KeyObject>

ProtectedverifyCertificateChainWithoutCaching

  • verifyCertificateChainWithoutCaching(
        trustedRoots: X509Certificate[],
        leaf: X509Certificate,
        intermediate: X509Certificate,
        effectiveDate: Date,
    ): Promise<KeyObject>

    Parameters

    • trustedRoots: X509Certificate[]
    • leaf: X509Certificate
    • intermediate: X509Certificate
    • effectiveDate: Date

    Returns Promise<KeyObject>

ProtectedverifyJWT

  • verifyJWT<T>(
        jwt: string,
        validator: Validator<T>,
        signedDateExtractor: (decodedJWT: T) => Date,
    ): Promise<T>

    Type Parameters

    • T

    Parameters

    • jwt: string
    • validator: Validator<T>
    • signedDateExtractor: (decodedJWT: T) => Date

    Returns Promise<T>

ProtectedverifyNotification

  • verifyNotification(
        bundleId?: string,
        appAppleId?: number,
        environment?: string,
    ): void

    Parameters

    • OptionalbundleId: string
    • OptionalappAppleId: number
    • Optionalenvironment: string

    Returns void

Settings

Member Visibility

On This Page

Constructors
Properties
Methods