Merge pull request #1 from payrails/PR-2360-create-cse-ios-sdk-with-n…

…ew-client-side-encryption-flow

PR-2360: Create cse ios sdk

.github/workflows/ci.yaml

@@ -0,0 +1,18 @@
+name: iOS CSE CI
+on:
+  pull_request:
+    branches: ["main"]
+jobs:
+  ci:
+    runs-on: macos-latest
+
+    strategy:
+      matrix:
+        node-version: [12.x]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Pod Lint
+        run: |
+          pod lib lint

.github/workflows/semgrep.yaml

@@ -30,7 +30,6 @@ jobs:
         env:
           # more rules at semgrep.dev/explore
           SEMGREP_RULES: >-
-            .semgrep
             p/security-audit
             p/secrets
             p/supply-chain
@@ -45,6 +44,7 @@ jobs:
             p/javascript
             p/kubernetes
             p/terraform
+            p/swift
           SEMGREP_SEND_METRICS: 0
           SEMGREP_TIMEOUT: 1800
           #SEMGREP_BASELINE_REF: master

.github/workflows/trivy.yaml

@@ -17,7 +17,7 @@ jobs:
       - name: Run Trivy vulnerability scanner (filesystem)
         uses: aquasecurity/trivy-action@master
         with:
-          scan-type: 'config'
+          scan-type: 'fs'
           scan-ref: '.'
           hide-progress: false
           ignore-unfixed: true

.gitignore

@@ -1,2 +1,10 @@
 .idea/
 .DS_Store
+/.build
+/Packages
+/*.xcodeproj
+xcuserdata/
+DerivedData/
+.swiftpm/config/registries.json
+.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata
+.netrc

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Payrails GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

Package.resolved

@@ -0,0 +1,14 @@
+{
+  "pins" : [
+    {
+      "identity" : "joseswift",
+      "kind" : "remoteSourceControl",
+      "location" : "https://github.com/airsidemobile/JOSESwift.git",
+      "state" : {
+        "revision" : "10ed3b6736def7c26eb87135466b1cb46ea7e37f",
+        "version" : "2.4.0"
+      }
+    }
+  ],
+  "version" : 2
+}

Package.swift

@@ -0,0 +1,33 @@
+// swift-tools-version: 5.8
+// The swift-tools-version declares the minimum version of Swift required to build this package.
+
+import PackageDescription
+
+let package = Package(
+    name: "PayrailsCSE",
+    platforms: [
+        .macOS(.v11),
+        .iOS(.v14)
+    ],
+    products: [
+        // Products define the executables and libraries a package produces, and make them visible to other packages.
+        .library(
+            name: "PayrailsCSE",
+            targets: ["PayrailsCSE"]),
+    ],
+    dependencies: [
+        // Dependencies declare other packages that this package depends on.
+        // .package(url: /* package url */, from: "1.0.0"),
+        .package(url: "https://github.com/airsidemobile/JOSESwift.git", from: "2.3.0")
+    ],
+    targets: [
+        // Targets are the basic building blocks of a package. A target can define a module or a test suite.
+        // Targets can depend on other targets in this package, and on products in packages this package depends on.
+        .target(
+            name: "PayrailsCSE",
+            dependencies: ["JOSESwift"]),
+        .testTarget(
+            name: "PayrailsCSETests",
+            dependencies: ["PayrailsCSE"]),
+    ]
+)

PayrailsCSE.podspec

@@ -0,0 +1,35 @@
+#
+# Be sure to run `pod lib lint PayrailsCSE.podspec' to ensure this is a
+# valid spec before submitting.
+#
+# Any lines starting with a # are optional, but their use is encouraged
+# To learn more about a Podspec see https://guides.cocoapods.org/syntax/podspec.html
+#
+
+Pod::Spec.new do |s|
+  s.name             = 'PayrailsCSE'
+  s.version          = '0.1.0'
+  s.summary          = 'Payrails client-side encryption SDK'
+
+# This description is used to generate tags and improve search results.
+#   * Think: What does it do? Why did you write it? What is the focus?
+#   * Try to keep it short, snappy and to the point.
+#   * Write the description between the DESC delimiters below.
+#   * Finally, don't worry about the indent, CocoaPods strips it!
+
+  s.swift_version = '5.8'
+
+  s.description      = <<-DESC
+SDK provides client side encryption and tokenization on Payrails platform.
+                       DESC
+
+  s.homepage         = 'https://github.com/payrails/ios-cse'
+  s.license          = { :type => 'MIT', :file => 'LICENSE' }
+  s.author           = { 'Payrails' => '[email protected]' }
+  s.source           = { :git => 'https://github.com/payrails/ios-cse.git', :tag => s.version.to_s }
+
+  s.ios.deployment_target = '10.0'
+
+  s.source_files = 'Sources/**/*'
+  s.dependency 'JOSESwift'
+end

README.md

@@ -1,19 +1,63 @@
-# Payrails Template Repository
+# Payrails iOS CSE SDK
 
-[![Semgrep Badge](https://github.com/payrails/template-repository/actions/workflows/semgrep.yaml/badge.svg?branch=master)](https://github.com/payrails/template-repository/actions/workflows/semgrep.yaml)
-
-### Features
+## Features
 
-...
+SDK provides client side encryption and tokenization on Payrails platform.
 
-### Getting Started
+## Installation
 
-...
+### CocoaPods
 
-### Reporting Vulnerabilities
+Add `pod 'PayrailsCSE'` to your `Podfile`.
+Run `pod install`.
 
-...
+### Swift Package Manager
 
-### Contributing
+Use `https://github.com/Payrails/ios-cse` as the repository URL
 
-...
+## Usage example
+
+```(swift)
+import PayrailsCSE
+
+let cse = PayrailsCSE(
+    data: initResponse.data,
+    version: initResponse.version
+)
+
+cse.tokenize(
+    cardNumber: cardNumber,
+    expiryMonth: expiryMonth,
+    expiryYear: expiryYear,
+    holderName: holderName,
+    securityCode: securityCode,
+    futureUsage: futureUsage,
+    storeInstrument: storeInstrument,
+    completion: {(result: Result<TokenizeResponse, Error>) in
+        switch result {
+        case .success(let response):
+            debugPrint("tokenization request successful")
+        case .failure(let error):
+            debugPrint("tokenization request failed")
+        }
+    }
+)
+```
+
+## Security Policy
+
+### Reporting a Vulnerability
+
+If you find any vulnerability in ios-cse, do not hesitate to _report them_.
+
+1. Send the disclosure to [email protected]
+
+2. Describe the vulnerability.
+
+   If you have a fix, that is most welcome -- please attach or summarize it in your message!
+
+3. We will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. We will contact you to let you know the outcome, and will credit you in the report.
+
+   Please **do not disclose the vulnerability publicly** until a fix is released!
+
+4. Once we have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to publicly disclose it.