diff options
Diffstat (limited to 'nlnet/task3/keys.sh')
| -rwxr-xr-x | nlnet/task3/keys.sh | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/nlnet/task3/keys.sh b/nlnet/task3/keys.sh new file mode 100755 index 0000000..d1fff07 --- /dev/null +++ b/nlnet/task3/keys.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +set -eu + +# This script prepares the EBICS keys for one subscriber +# at the PostFinance test platform. + +export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:/tmp/postfinance-nexusdb.sqlite3" + +NEXUS_USERNAME="netzbon-bridge" +NEXUS_PASSWORD="secret" +NEXUS_PORT="5001" + +function exit_cleanup() +{ + for n in `jobs -p` + do + kill $n 2> /dev/null || true + done + wait || true +} + +trap "exit_cleanup" EXIT + +echo "Creating the $NEXUS_USERNAME Nexus user..." +libeufin-nexus superuser $NEXUS_USERNAME --password $NEXUS_PASSWORD +echo "Launching Nexus on port $NEXUS_PORT..." +libeufin-nexus \ + serve --ipv4-only \ + --log-level debug \ + --no-localhost-only \ + --port $NEXUS_PORT > nexus-postfinance.log 2>&1 & + +echo -n "Checking Nexus is serving..." +for i in `seq 1 10`; do + echo -n . + if test i = 10; then + echo Nexus is unreachable + exit 1 + fi + if `curl "http://localhost:$NEXUS_PORT/" &> /dev/null`; then + break + fi + sleep 1 +done +echo OK + +export LIBEUFIN_NEXUS_URL="http://localhost:5001/" +export LIBEUFIN_NEXUS_USERNAME=$NEXUS_USERNAME +export LIBEUFIN_NEXUS_PASSWORD=$NEXUS_PASSWORD + +# FIXME: make connection creation idempotent. +echo "Creating a EBICS connection at Nexus..." +libeufin-cli connections new-ebics-connection \ + --ebics-url https://isotest.postfinance.ch/ebicsweb/ebicsweb \ + --host-id PFEBICS \ + --partner-id $EBICS_PARTNER_ID \ + --ebics-user-id $EBICS_USER_ID \ + --dialect pf \ + postfinanceconn || true + +# 1, send the keys (INI, HIA) +# NOTE: these keys will ONLY be considered if the user +# is in a NEW state, any previous uploaded keys should be reset. +echo "If that is the case, reset any previous keys via the bank Web UI. Press Enter to continue.. " +read -s +echo -n "Sending the new keys to the bank..." +libeufin-cli connections connect postfinanceconn +echo DONE + +# 2, invite the user to unblock them in the Web UI +echo "Please enable the new client keys via the bank Web UI, then press Enter.. " +read -s + +# 3, download the bank keys (HPB). +# That's achieved with another 'connect' action (#7880). +echo -n "Downloading the bank keys..." +libeufin-cli connections connect postfinanceconn +echo DONE +echo "Found the following bank keys:" +libeufin-cli connections show-connection postfinanceconn | jq -r '.details | "Auth: \(.bankAuthKeyHash)\nEnc: \(.bankEncKeyHash)"' + +echo +echo "If any bank keys showed up, please check in the bank Web UI if they match." +echo "If they match, press Enter to continue, otherwise CTRL-C to end." +read -s + +echo -n "Preparing the local keys bundle.." +libeufin-cli connections export-backup \ + --passphrase secret \ + --output-file /tmp/pofi.json \ + postfinanceconn > /dev/null +echo DONE |