nlnet/task3/keys.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

#!/bin/bash

set -eu

# This script prepares the EBICS keys for one subscriber
# at the PostFinance test platform.

export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:/tmp/postfinance-nexusdb.sqlite3"

NEXUS_USERNAME="netzbon-bridge"
NEXUS_PASSWORD="secret"
NEXUS_PORT="5001"

function exit_cleanup()
{
  for n in `jobs -p`
    do
      kill $n 2> /dev/null || true
    done
    wait || true
}

trap "exit_cleanup" EXIT

echo "Creating the $NEXUS_USERNAME Nexus user..."
libeufin-nexus superuser $NEXUS_USERNAME --password $NEXUS_PASSWORD
echo "Launching Nexus on port $NEXUS_PORT..."
libeufin-nexus \
  serve --ipv4-only \
  --log-level debug \
  --no-localhost-only \
  --port $NEXUS_PORT > nexus-postfinance.log 2>&1 &

echo -n "Checking Nexus is serving..."
for i in `seq 1 10`; do
  echo -n .
  if test i = 10; then
    echo Nexus is unreachable
    exit 1
  fi
  if `curl "http://localhost:$NEXUS_PORT/" &> /dev/null`; then
    break
  fi
  sleep 1
done
echo OK

export LIBEUFIN_NEXUS_URL="http://localhost:5001/"
export LIBEUFIN_NEXUS_USERNAME=$NEXUS_USERNAME
export LIBEUFIN_NEXUS_PASSWORD=$NEXUS_PASSWORD

# FIXME: make connection creation idempotent.
echo "Creating a EBICS connection at Nexus..."
libeufin-cli connections new-ebics-connection \
  --ebics-url https://isotest.postfinance.ch/ebicsweb/ebicsweb \
  --host-id PFEBICS \
  --partner-id  $EBICS_PARTNER_ID \
  --ebics-user-id $EBICS_USER_ID \
  --dialect pf \
  postfinanceconn || true

# 1, send the keys (INI, HIA)
# NOTE: these keys will ONLY be considered if the user
# is in a NEW state, any previous uploaded keys should be reset.
echo "If that is the case, reset any previous keys via the bank Web UI.  Press Enter to continue.. "
read -s
echo -n "Sending the new keys to the bank..."
libeufin-cli connections connect postfinanceconn
echo DONE

# 2, invite the user to unblock them in the Web UI
echo "Please enable the new client keys via the bank Web UI, then press Enter.. "
read -s

# 3, download the bank keys (HPB).
# That's achieved with another 'connect' action (#7880).
echo -n "Downloading the bank keys..."
libeufin-cli connections connect postfinanceconn
echo DONE
echo "Found the following bank keys:"
libeufin-cli connections show-connection postfinanceconn | jq -r '.details | "Auth: \(.bankAuthKeyHash)\nEnc: \(.bankEncKeyHash)"'

echo
echo "If any bank keys showed up, please check in the bank Web UI if they match."
echo "If they match, press Enter to continue, otherwise CTRL-C to end."
read -s

echo -n "Preparing the local keys bundle.."
libeufin-cli connections export-backup \
  --passphrase secret \
  --output-file /tmp/pofi.json \
  postfinanceconn > /dev/null
echo DONE