Skip to content

Instantly share code, notes, and snippets.

behe / app_store_server_notifications_v2_validation.livemd
Created Feb 14, 2022
Apple App Store Server Notifications v2 validation
View app_store_server_notifications_v2_validation.livemd

Apple App Store Server Notifications v2 validation


I recently had to upgrade our backend's handling of App Store Server Notifications to the new v2 version. The old version had pretty basic security by only having a supplied password in the response that you verified with what you had configured it to be in App Store Connect. The new version on the other hand is now in JWS (JSON Web Signature) signed with an Apple X.509 certificate chain. Since it was not straight forward to figure out how to verify this certificate chain and signature I wanted to write down how I was able to do it in Elixir:

The following steps are needed to verify the notifications:

View gc_count.exs
defmodule ATGCCount do
def count(sequence), do: cnt(String.to_char_list(sequence),0,0)
def cnt([65|t],at,gc), do: cnt(t,at+1,gc)
def cnt([84|t],at,gc), do: cnt(t,at+1,gc)
def cnt([71|t],at,gc), do: cnt(t,at,gc+1)
def cnt([67|t],at,gc), do: cnt(t,at,gc+1)
def cnt([62|_],at,gc), do: {at,gc}
def cnt([],at,gc), do: {at,gc}
# def cnt(_,0,0), do: {0,0}
def cnt([_|t], at, gc), do: cnt(t,at,gc)
behe / fizzbuzz.exs
Last active Aug 29, 2015
FizzBuzz in Elixir
View fizzbuzz.exs
defmodule FizzBuzz do
def up_to(n) do
|> Enum.to_list
|> Enum.join " "
behe / gist:2145979
Created Mar 21, 2012
Reload .rvmrc after git checkout
View gist:2145979
# Put this is your .profile, .bashrc or similar to automatically reload your .rvmrc after git checkouts
git() { command git "$@" ; if [[ "$@" == *checkout* ]]; then [[ -s .rvmrc ]] && . .rvmrc; fi }