diff options
author | MS <ms@taler.net> | 2023-07-05 11:39:31 +0200 |
---|---|---|
committer | MS <ms@taler.net> | 2023-07-05 11:39:31 +0200 |
commit | 23bc0d0a67b6442b60c616c48dc86f2373dca1b4 (patch) | |
tree | cd3a78f632fc10ebdcb931efb99d4233e550f3e8 | |
parent | 6675af2f84ee3fe4616c26b84bf5ce768a5c956e (diff) | |
download | deployment-23bc0d0a67b6442b60c616c48dc86f2373dca1b4.tar.gz deployment-23bc0d0a67b6442b60c616c48dc86f2373dca1b4.tar.bz2 deployment-23bc0d0a67b6442b60c616c48dc86f2373dca1b4.zip |
Drafting NLnet Task3 delivery.
-rw-r--r-- | nlnet/task3/Dockerfile | 20 | ||||
-rwxr-xr-x | nlnet/task3/ebics.sh | 8 | ||||
-rwxr-xr-x | nlnet/task3/keys.sh | 94 | ||||
-rw-r--r-- | nlnet/task3/salted-incoming-payment-template.csv | 2 | ||||
-rwxr-xr-x | nlnet/task3/start.sh | 93 |
5 files changed, 217 insertions, 0 deletions
diff --git a/nlnet/task3/Dockerfile b/nlnet/task3/Dockerfile new file mode 100644 index 0000000..4ec5732 --- /dev/null +++ b/nlnet/task3/Dockerfile @@ -0,0 +1,20 @@ +FROM debian:stable + +RUN apt-get update +RUN apt-get install -y openjdk-17-jre git python3-pip curl jq sqlite3 +RUN pip3 install click requests + +# Installation +RUN git clone git://git.taler.net/libeufin +WORKDIR /libeufin +RUN git fetch && git checkout 06452b9adc4d149bdb1532a3ea3160909eb51c9a +RUN ./bootstrap +RUN ./configure --prefix=/usr/local +RUN make install + +COPY keys.sh / +COPY ebics.sh / +COPY start.sh / +COPY salted-incoming-payment-template.csv / +RUN mkdir /output-docs +ENTRYPOINT ["/start.sh"] diff --git a/nlnet/task3/ebics.sh b/nlnet/task3/ebics.sh new file mode 100755 index 0000000..a6f14e2 --- /dev/null +++ b/nlnet/task3/ebics.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# This script offers one operation to download the latest payments +# and another operation to upload one pain.001. It relies on PostFinance.kt +# in libeufin.git. + +# ./ebics.sh download +# ./ebics.sh upload $PAYMENT_SUBJECT diff --git a/nlnet/task3/keys.sh b/nlnet/task3/keys.sh new file mode 100755 index 0000000..281f17a --- /dev/null +++ b/nlnet/task3/keys.sh @@ -0,0 +1,94 @@ +#!/bin/bash + +set -eu + +# This script prepares the EBICS keys for one subscriber +# at the PostFinance test platform. + +export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:/postfinance-nexusdb.sqlite3" + +NEXUS_USERNAME="netzbon-bridge" +NEXUS_PASSWORD="secret" +NEXUS_PORT="5001" + +function exit_cleanup() +{ + echo "Running exit-cleanup" + for n in `jobs -p` + do + kill $n 2> /dev/null || true + done + wait || true +} + +trap "exit_cleanup" EXIT + +echo "Creating the $NEXUS_USERNAME Nexus user..." +libeufin-nexus superuser $NEXUS_USERNAME --password $NEXUS_PASSWORD +echo "Launching Nexus on port $NEXUS_PORT..." +libeufin-nexus \ + serve --ipv4-only \ + --log-level debug \ + --no-localhost-only \ + --port $NEXUS_PORT > nexus-postfinance.log 2>&1 & + +echo -n "Checking Nexus is serving..." +for i in `seq 1 10`; do + echo -n . + if test i = 10; then + echo Nexus is unreachable + exit 1 + fi + if `curl "http://localhost:$NEXUS_PORT/" &> /dev/null`; then + break + fi + sleep 1 +done +echo OK + +export LIBEUFIN_NEXUS_URL="http://localhost:5001/" +export LIBEUFIN_NEXUS_USERNAME=$NEXUS_USERNAME +export LIBEUFIN_NEXUS_PASSWORD=$NEXUS_PASSWORD + +# FIXME: make connection creation idempotent. +echo "Creating a EBICS connection at Nexus..." +libeufin-cli connections new-ebics-connection \ + --ebics-url https://isotest.postfinance.ch/ebicsweb/ebicsweb \ + --host-id PFEBICS \ + --partner-id $EBICS_PARTNER_ID \ + --ebics-user-id $EBICS_USER_ID \ + --dialect pf \ + postfinanceconn || true + +# 1, send the keys (INI, HIA) +# NOTE: these keys will ONLY be considered if the user +# is in a NEW state. Please delete any previous uploaded +# keys via the "zuruecksetzen" button. +echo "Please reset any previous keys via the bank Web UI, then press Enter.." +read -s +echo -n "Sending the new keys to the bank..." +libeufin-cli connections connect postfinanceconn +echo DONE + +# 2, invite the user to unblock them in the Web UI +echo "Please enable the new client keys via the bank Web UI, then press Enter.." +read -s + +# 3, download the bank keys (HPB). +# That's achieved with another 'connect' action (#7880). +echo -n "Downloading the bank keys..." +libeufin-cli connections connect postfinanceconn +echo DONE +echo "Found the following bank keys:" +libeufin-cli connections show-connection postfinanceconn | jq -r '.details | "Auth: \(.bankAuthKeyHash)\nEnc: \(.bankEncKeyHash)"' + +echo +echo "If any bank keys showed up, please check in the bank Web UI if they match." +echo "If they match, press Enter to continue, otherwise CTRL-C to end." + +echo -n "Preparing the local keys bundle.." +libeufin-cli connections export-backup \ + --passphrase secret \ + --output-file /tmp/pofi.json \ + postfinanceconn > /dev/null +echo DONE diff --git a/nlnet/task3/salted-incoming-payment-template.csv b/nlnet/task3/salted-incoming-payment-template.csv new file mode 100644 index 0000000..c539939 --- /dev/null +++ b/nlnet/task3/salted-incoming-payment-template.csv @@ -0,0 +1,2 @@ +Product;Channel;Account;Currency;Amount;Reference;Name;Street;Number;Postcode;City;Country;DebtorAddressLine;DebtorAddressLine;DebtorAccount;ReferenceType;UltimateDebtorName;UltimateDebtorStreet;UltimateDebtorNumber;UltimateDebtorPostcode;UltimateDebtorTownName;UltimateDebtorCountry;UltimateDebtorAddressLine;UltimateDebtorAddressLine;RemittanceInformationText + QRR;PO;__PAYEE_IBAN__;CHF;33;;D009;Musterstrasse;1;1111;Musterstadt;CH;;;;NON;D009;Musterstrasse;1;1111;Musterstadt;CH;;;__PAYMENT_SALT__ diff --git a/nlnet/task3/start.sh b/nlnet/task3/start.sh new file mode 100755 index 0000000..b1edcc9 --- /dev/null +++ b/nlnet/task3/start.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +set -eu + +# Expected arguments are: +# +# $1 := EBICS user ID +# $2 := EBICS partner ID +# $3 := IBAN as assigned by the PostFinance test platform. + +# Suggested invocation via 'docker': +# +# docker +# run \ +# -v /$HOST_MOUNTPOINT:/output-docs/ \ +# -it $IMAGE_TAG $EBICS_USER_ID $EBICS_PARTNER_ID $MY_IBAN + +# This script conducts the key exchange with the bank +# and guides the user to download and upload docuemts +# to the bank. It pauses the execution to let the user +# check and set the Web UI as a double-check mean. + +# Setting the EBICS keys. +export EBICS_USER_ID=$1 +export EBICS_PARTNER_ID=$2 +/keys.sh + +# If the keys are ready, it proceeds to invoke the uploading +# and downloading logic (ebics.sh). Such 'invocation' might +# even just mean to give the user a facilitated environment +# to manually run the steps. + +# Download test. + +# Let the user first upload one salted payment that should +# then show up here as the downloaded result. The salted +# payment is a CSV file that should be manually uploaded in +# the bank Web UI. +PAYMENT_SALT=$RANDOM +echo "Now preparing the CSV document that instructs the bank" +echo "to create an incoming payment for the test platform account." +echo "The incoming payment defaults to have this subject: $PAYMENT_SALT". +echo "Please enter any value in this prompt, in case you want to" +echo -n "change the default subject: " +read MAYBE_PAYMENT_SALT + +if ! test "x" = "x$MAYBE_PAYMENT_SALT"; then + PAYMENT_SALT=$MAYBE_PAYMENT_SALT +fi + +MY_IBAN=$3 +OUTPUT_CSV=$(mktemp /output-docs/salted-incoming-payment-XXXX.csv) +sed "s/__PAYMENT_SALT__/$PAYMENT_SALT/" /salted-incoming-payment-template.csv \ + | sed "s/__PAYEE_IBAN__/$MY_IBAN/" > $OUTPUT_CSV + +echo "The payment instruction (subject $PAYMENT_SALT) was saved in $OUTPUT_CSV." +echo -n "Please upload it manually to the bank and press Enter when done. " +read +/ebics.sh download # downloads the new records. + +echo "Now downloading the banking records and showing the payment subject(s)" +echo "that were found. If you see $PAYMENT_SALT, then LibEuFin succeeded in" +echo "downloading the banking records." + +# Upload test. +echo +echo "Press Enter to continue with uploading a payment instruction to the" +echo -n "bank, or CTRL-C to end the test. " + +PAIN_SALT=$RANDOM +echo +echo +echo "Now preparing the pain.001 to upload to the bank via LibEuFin." +echo "This document instructs the bank to send money to an arbitrary" +echo "IBAN by debiting the test platform bank account." +echo "The outgoing payment defaults to have this subject: $PAIN_SALT". +echo "Please enter any value in this prompt, in case you want to" +echo -n "change the default subject: " +read MAYBE_PAIN_SALT + +if ! test "x" = "x$MAYBE_PAIN_SALT"; then + PAIN_SALT=$MAYBE_PAIN_SALT +fi + +echo "The pain.001 will have this subject: $PAIN_SALT, now calling" +echo -n "LibEuFin to upload it via EBICS.." +/ebics.sh upload $PAIN_SALT # uploads one pain.001 given its subject. +echo DONE + +echo +echo "Please check the bank Web UI to find the pain.001 document" +echo "whose subject is '$PAIN_SALT'. If that is found, then LibEuFin" +echo "has successfully uploaded it." |