1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
EBICS 3.0 with PostFinance
##########################
The tutorial shows how to run the Docker-based EBICS 3 test,
where the user will be guided through the three main operations.
The main EBICS 3 operations are the following:
* Key exchange: Nexus gives the customer keys to the bank, and then downloads the bank keys.
* Uploading of a payment instruction: the customer sends money to another fictional IBAN.
* Downloading of banking records: the customer gets their banking activity where the previous outgoing payment should appear.
Setting up the test platform at PostFinance
-------------------------------------------
Because the test is based on the PostFinance test platform, the first
requirement is to create one account `there <https://isotest.postfinance.ch>`_.
It's adivsed to set the language as English, as the following screenshots
address the international audience.
Set the language in the dropdown menu and navigate to the registration
section as it's shown below:
.. image:: set-english-and-register.png
Even if the page doesn't welcome you in English, the two boxes in the
screenshot will still hold their position, so please look for box #1 to
set the language and for box #2 to get the page that offers to register.
After a sucessful registration, the next two settings need to be given:
(1) EBICS 3 and (2) the format of payment confirmations (more on this later).
Note: setting EBICS 3 is not *explicit*, but it's a side effect of choosing
one particular format for downloading the bank account records. The following
screenshots show how. First, from the profile home page, click the navigation
bar item highlighted in the following screenshot.
.. image:: set-ISO-2019-0.png
The following page should appear, where the ISO format can be specified
as it is depicted in the following screenshot.
.. image:: set-ISO-2019-1.png
Payment confirmations are ISO20022 documents that witness the outcome
of outgoing payments. After sending 1 Swiss Franc to one arbitrary IBAN,
the bank releases this document that contains all the payment details.
In this test, we use this document to test the download capability of
our EBICS 3 implementation. The specific name of such documents is
``camt.054``, and the following screenshots show how to set them. From
the profile home page, hover on box #1 and then click on box #2.
.. image:: camt.054-style-0.png
If the following page appear, please set everything as it is shown below:
.. image:: camt.054-style-1.png
.. _get-ebics-ids:
The last step is to retrieve the user's EBICS identifiers, namely the
EBICS user and partner IDs. From the profile home page, hover on box #1
and then click on box #2.
.. image:: get-EBICS-IDs-0.png
After having navigated to the following page, finally the EBICS identifiers
are shown in box #1. These values will be asked to launch the test runner.
**Note**: the terms 'customer' and 'partner' are used as **synonyms** in this
tutorial (and in the EBICS specifications too).
.. image:: get-EBICS-IDs-1.png
Interestingly, box #2 contains the bank keys fingerprints. These are
important to check that the client, along the keying process, has obtained
the right bank keys. The test runner will pause the execution to let
the user check them.
Setting up the local Docker
---------------------------
Clone the following repository:
.. code-block:: shell-session
git://git.taler.net/deployment
Navigate in the following directory
.. code-block:: shell-session
deployment/nlnet/task3
And build the Docker image with the following command:
.. code-block:: shell-session
docker build -t pofi .
If the previous steps succeeded, the *pofi* image is ready to be run.
.. note::
Although the test runner guides the user via live instructions,
it's advised to read the `Testing description`_ section.
The test runner needs the following two values: EBICS user ID and EBICS
partner ID. The `previous section <get-ebics-ids_>`_ explains how
to get them.
.. code-block:: shell-session
docker run -it pofi $EBICS_USER_ID $EBICS_PARTNER_ID
Testing description
-------------------
The first operation is the key exchange with the bank. EBICS has
encrypted and signed communication from both client and server; for
this reason the client will send its keys to the bank, and viceversa.
Note: after the client sends its keys to the bank, those should
be confirmed via another channel; usually that's done via a ordinary
paper letter but in this case the test platform allows such confirmation
via the Web interface. Therefore, after having uploaded the client
keys to the bank, the test runner pauses the execution to let the
user confirm the keys via the Web interface.
After the key exchange, the test runner continues by uploading one
payment instruction. The payment instruction is a ``pain.001`` document
that complies with the ISO20022 specification, and EBICS is responsible
to transport the pain.001 from the client to the bank.
The payment instruction causes one outgoing payment from the user
test platform account to another fictional IBAN and has a random subject.
A chance to specify a custom subject is also offered by the test runner.
After the upload to the bank, the execution pauses to let the user
check whether the test platform has received the payment instruction.
The following screenshot shows where to look for such check:
.. image:: check-payment-subject.png
At this point, the upload operation ended and the execution can proceed
to test the download. The download tries to get one ``camt.054`` (as well
ISO20022) document from the bank; this document is expected to account
for the previous outgoing payment that was created via the pain.001. As
in the pain.001 case, EBICS is responsible to transport the camt.054 from
the bank to the client.
The download operation logs its activity to the screen, and if the execution
is correct, the user should check the logs for the payment subject that was
initially specified in the pain.001 document.
Please, look for the following line:
.. note::
Replace $TIME, $PAYMENT_SUBJECT and $MSG_ID with the particular case.
.. code-block:: shell-session
$TIME [main] DEBUG tech.libeufin.nexus - Camt NOTIFICATION '$MSG_ID' has new payments:
- $PAYMENT_SUBJECT
If $PAYMENT_SUBJECT equals the initial payment subject from the pain.001,
then the download operation succeeded.
|
