Drafting NLnet Task3 delivery.

5 files changed, 217 insertions, 0 deletions

diff --git a/nlnet/task3/Dockerfile b/nlnet/task3/Dockerfile
new file mode 100644
index 0000000..4ec5732
--- /dev/null
+++ b/nlnet/task3/Dockerfile
@@ -0,0 +1,20 @@
+FROM debian:stable
+
+RUN apt-get update
+RUN apt-get install -y openjdk-17-jre git python3-pip curl jq sqlite3
+RUN pip3 install click requests
+
+# Installation
+RUN git clone git://git.taler.net/libeufin
+WORKDIR /libeufin
+RUN git fetch && git checkout 06452b9adc4d149bdb1532a3ea3160909eb51c9a
+RUN ./bootstrap
+RUN ./configure --prefix=/usr/local
+RUN make install
+
+COPY keys.sh /
+COPY ebics.sh /
+COPY start.sh /
+COPY salted-incoming-payment-template.csv /
+RUN mkdir /output-docs
+ENTRYPOINT ["/start.sh"]
diff --git a/nlnet/task3/ebics.sh b/nlnet/task3/ebics.sh
new file mode 100755
index 0000000..a6f14e2
--- /dev/null
+++ b/nlnet/task3/ebics.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# This script offers one operation to download the latest payments
+# and another operation to upload one pain.001.  It relies on PostFinance.kt
+# in libeufin.git.
+
+# ./ebics.sh download
+# ./ebics.sh upload $PAYMENT_SUBJECT
diff --git a/nlnet/task3/keys.sh b/nlnet/task3/keys.sh
new file mode 100755
index 0000000..281f17a
--- /dev/null
+++ b/nlnet/task3/keys.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+
+set -eu
+
+# This script prepares the EBICS keys for one subscriber
+# at the PostFinance test platform.
+
+export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:/postfinance-nexusdb.sqlite3"
+
+NEXUS_USERNAME="netzbon-bridge"
+NEXUS_PASSWORD="secret"
+NEXUS_PORT="5001"
+
+function exit_cleanup()
+{
+  echo "Running exit-cleanup"
+  for n in `jobs -p`
+    do
+      kill $n 2> /dev/null || true
+    done
+    wait || true
+}
+
+trap "exit_cleanup" EXIT
+
+echo "Creating the $NEXUS_USERNAME Nexus user..."
+libeufin-nexus superuser $NEXUS_USERNAME --password $NEXUS_PASSWORD
+echo "Launching Nexus on port $NEXUS_PORT..."
+libeufin-nexus \
+  serve --ipv4-only \
+  --log-level debug \
+  --no-localhost-only \
+  --port $NEXUS_PORT > nexus-postfinance.log 2>&1 &
+
+echo -n "Checking Nexus is serving..."
+for i in `seq 1 10`; do
+  echo -n .
+  if test i = 10; then
+    echo Nexus is unreachable
+    exit 1
+  fi
+  if `curl "http://localhost:$NEXUS_PORT/" &> /dev/null`; then
+    break
+  fi
+  sleep 1
+done
+echo OK
+
+export LIBEUFIN_NEXUS_URL="http://localhost:5001/"
+export LIBEUFIN_NEXUS_USERNAME=$NEXUS_USERNAME
+export LIBEUFIN_NEXUS_PASSWORD=$NEXUS_PASSWORD
+
+# FIXME: make connection creation idempotent.
+echo "Creating a EBICS connection at Nexus..."
+libeufin-cli connections new-ebics-connection \
+  --ebics-url https://isotest.postfinance.ch/ebicsweb/ebicsweb \
+  --host-id PFEBICS \
+  --partner-id  $EBICS_PARTNER_ID \
+  --ebics-user-id $EBICS_USER_ID \
+  --dialect pf \
+  postfinanceconn || true
+
+# 1, send the keys (INI, HIA)
+# NOTE: these keys will ONLY be considered if the user
+# is in a NEW state.  Please delete any previous uploaded
+# keys via the "zuruecksetzen" button.
+echo "Please reset any previous keys via the bank Web UI, then press Enter.."
+read -s
+echo -n "Sending the new keys to the bank..."
+libeufin-cli connections connect postfinanceconn
+echo DONE
+
+# 2, invite the user to unblock them in the Web UI
+echo "Please enable the new client keys via the bank Web UI, then press Enter.."
+read -s
+
+# 3, download the bank keys (HPB).
+# That's achieved with another 'connect' action (#7880).
+echo -n "Downloading the bank keys..."
+libeufin-cli connections connect postfinanceconn
+echo DONE
+echo "Found the following bank keys:"
+libeufin-cli connections show-connection postfinanceconn | jq -r '.details | "Auth: \(.bankAuthKeyHash)\nEnc: \(.bankEncKeyHash)"'
+
+echo
+echo "If any bank keys showed up, please check in the bank Web UI if they match."
+echo "If they match, press Enter to continue, otherwise CTRL-C to end."
+
+echo -n "Preparing the local keys bundle.."
+libeufin-cli connections export-backup \
+  --passphrase secret \
+  --output-file /tmp/pofi.json \
+  postfinanceconn > /dev/null
+echo DONE
diff --git a/nlnet/task3/salted-incoming-payment-template.csv b/nlnet/task3/salted-incoming-payment-template.csv
new file mode 100644
index 0000000..c539939
--- /dev/null
+++ b/nlnet/task3/salted-incoming-payment-template.csv
@@ -0,0 +1,2 @@
+Product;Channel;Account;Currency;Amount;Reference;Name;Street;Number;Postcode;City;Country;DebtorAddressLine;DebtorAddressLine;DebtorAccount;ReferenceType;UltimateDebtorName;UltimateDebtorStreet;UltimateDebtorNumber;UltimateDebtorPostcode;UltimateDebtorTownName;UltimateDebtorCountry;UltimateDebtorAddressLine;UltimateDebtorAddressLine;RemittanceInformationText
+        QRR;PO;__PAYEE_IBAN__;CHF;33;;D009;Musterstrasse;1;1111;Musterstadt;CH;;;;NON;D009;Musterstrasse;1;1111;Musterstadt;CH;;;__PAYMENT_SALT__
diff --git a/nlnet/task3/start.sh b/nlnet/task3/start.sh
new file mode 100755
index 0000000..b1edcc9
--- /dev/null
+++ b/nlnet/task3/start.sh
@@ -0,0 +1,93 @@
+#!/bin/bash
+
+set -eu
+
+# Expected arguments are:
+#
+# $1 := EBICS user ID
+# $2 := EBICS partner ID
+# $3 := IBAN as assigned by the PostFinance test platform.
+
+# Suggested invocation via 'docker':
+#
+# docker
+#   run \
+#     -v /$HOST_MOUNTPOINT:/output-docs/ \
+#     -it $IMAGE_TAG $EBICS_USER_ID $EBICS_PARTNER_ID $MY_IBAN
+
+# This script conducts the key exchange with the bank
+# and guides the user to download and upload docuemts
+# to the bank.  It pauses the execution to let the user
+# check and set the Web UI as a double-check mean.
+
+# Setting the EBICS keys.
+export EBICS_USER_ID=$1
+export EBICS_PARTNER_ID=$2
+/keys.sh
+
+# If the keys are ready, it proceeds to invoke the uploading
+# and downloading logic (ebics.sh).  Such 'invocation' might
+# even just mean to give the user a facilitated environment
+# to manually run the steps.
+
+# Download test.
+
+# Let the user first upload one salted payment that should
+# then show up here as the downloaded result.  The salted
+# payment is a CSV file that should be manually uploaded in
+# the bank Web UI.
+PAYMENT_SALT=$RANDOM
+echo "Now preparing the CSV document that instructs the bank"
+echo "to create an incoming payment for the test platform account."
+echo "The incoming payment defaults to have this subject: $PAYMENT_SALT".
+echo "Please enter any value in this prompt, in case you want to"
+echo -n "change the default subject: "
+read MAYBE_PAYMENT_SALT
+
+if ! test "x" = "x$MAYBE_PAYMENT_SALT"; then
+  PAYMENT_SALT=$MAYBE_PAYMENT_SALT
+fi
+
+MY_IBAN=$3
+OUTPUT_CSV=$(mktemp /output-docs/salted-incoming-payment-XXXX.csv)
+sed "s/__PAYMENT_SALT__/$PAYMENT_SALT/" /salted-incoming-payment-template.csv \
+  | sed "s/__PAYEE_IBAN__/$MY_IBAN/" > $OUTPUT_CSV
+
+echo "The payment instruction (subject $PAYMENT_SALT) was saved in $OUTPUT_CSV."
+echo -n "Please upload it manually to the bank and press Enter when done. "
+read
+/ebics.sh download # downloads the new records.
+
+echo "Now downloading the banking records and showing the payment subject(s)"
+echo "that were found.  If you see $PAYMENT_SALT, then LibEuFin succeeded in"
+echo "downloading the banking records."
+
+# Upload test.
+echo
+echo "Press Enter to continue with uploading a payment instruction to the"
+echo -n "bank, or CTRL-C to end the test. "
+
+PAIN_SALT=$RANDOM
+echo
+echo
+echo "Now preparing the pain.001 to upload to the bank via LibEuFin."
+echo "This document instructs the bank to send money to an arbitrary"
+echo "IBAN by debiting the test platform bank account."
+echo "The outgoing payment defaults to have this subject: $PAIN_SALT".
+echo "Please enter any value in this prompt, in case you want to"
+echo -n "change the default subject: "
+read MAYBE_PAIN_SALT
+
+if ! test "x" = "x$MAYBE_PAIN_SALT"; then
+  PAIN_SALT=$MAYBE_PAIN_SALT
+fi
+
+echo "The pain.001 will have this subject: $PAIN_SALT, now calling"
+echo -n "LibEuFin to upload it via EBICS.."
+/ebics.sh upload $PAIN_SALT # uploads one pain.001 given its subject.
+echo DONE
+
+echo
+echo "Please check the bank Web UI to find the pain.001 document"
+echo "whose subject is '$PAIN_SALT'.  If that is found, then LibEuFin"
+echo "has successfully uploaded it."