diff options
author | Antoine A <> | 2024-03-27 01:06:48 +0100 |
---|---|---|
committer | Antoine A <> | 2024-03-27 01:08:18 +0100 |
commit | dc03013dfcc3acc17bb8f54e842ccc6740caa040 (patch) | |
tree | bbe96517ac64ba33a78f89b5f1a46dacacd82ece /nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsCommon.kt | |
parent | 9dfbc9391fe27fc631bdf61e3e51dd3a124a4c60 (diff) | |
download | libeufin-dc03013dfcc3acc17bb8f54e842ccc6740caa040.tar.gz libeufin-dc03013dfcc3acc17bb8f54e842ccc6740caa040.tar.bz2 libeufin-dc03013dfcc3acc17bb8f54e842ccc6740caa040.zip |
Clean and optimize EBICS mess
Diffstat (limited to 'nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsCommon.kt')
-rw-r--r-- | nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsCommon.kt | 58 |
1 files changed, 30 insertions, 28 deletions
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsCommon.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsCommon.kt index 30bcd8de..f87c55b3 100644 --- a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsCommon.kt +++ b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsCommon.kt @@ -80,15 +80,17 @@ fun decryptAndDecompressPayload( clientEncryptionKey: RSAPrivateCrtKey, encryptionInfo: DataEncryptionInfo, chunks: List<ByteArray> -): InputStream = - SequenceInputStream(Collections.enumeration(chunks.map { it.inputStream() })) // Aggregate +): InputStream { + val transactionKey = CryptoUtil.decryptEbicsE002Key(clientEncryptionKey, encryptionInfo.transactionKey) + return SequenceInputStream(Collections.enumeration(chunks.map { it.inputStream() })) // Aggregate .run { CryptoUtil.decryptEbicsE002( - encryptionInfo.transactionKey, - this, - clientEncryptionKey + transactionKey, + this ) }.inflate() +} + sealed class EbicsError(msg: String, cause: Throwable? = null): Exception(msg, cause) { /** Http and network errors */ @@ -162,7 +164,7 @@ suspend fun EbicsBTS.postBTS( */ suspend fun ebicsDownload( client: HttpClient, - cfg: EbicsSetupConfig, + cfg: NexusConfig, clientKeys: ClientPrivateKeysFile, bankKeys: BankPublicKeysFile, order: EbicsOrder, @@ -267,43 +269,43 @@ suspend fun ebicsDownload( * @return [PreparedUploadData] */ fun prepareUploadPayload( - cfg: EbicsSetupConfig, + cfg: NexusConfig, clientKeys: ClientPrivateKeysFile, bankKeys: BankPublicKeysFile, payload: ByteArray, ): PreparedUploadData { + val payloadDigest = CryptoUtil.digestEbicsOrderA006(payload) val innerSignedEbicsXml = XmlBuilder.toBytes("UserSignatureData") { attr("xmlns", "http://www.ebics.org/S002") el("OrderSignatureData") { el("SignatureVersion", "A006") el("SignatureValue", CryptoUtil.signEbicsA006( - CryptoUtil.digestEbicsOrderA006(payload), + payloadDigest, clientKeys.signature_private_key, ).encodeBase64()) el("PartnerID", cfg.ebicsPartnerId) el("UserID", cfg.ebicsUserId) } } - val encryptionResult = CryptoUtil.encryptEbicsE002( - innerSignedEbicsXml.inputStream().deflate(), - bankKeys.bank_encryption_public_key - ) - // Then only E002 symmetric (with ephemeral key) encrypt. - val compressedInnerPayload = payload.inputStream().deflate() - // TODO stream - val encryptedPayload = CryptoUtil.encryptEbicsE002withTransactionKey( - compressedInnerPayload, - bankKeys.bank_encryption_public_key, - encryptionResult.plainTransactionKey - ) - val segment = encryptedPayload.encryptedData.encodeBase64() - // Split 1MB segment when we have payloads that big + // Generate ephemeral transaction key + val (transactionKey, encryptedTransactionKey) = CryptoUtil.genEbicsE002Key(bankKeys.bank_encryption_public_key) + // Compress and encrypt order signature + val orderSignature = CryptoUtil.encryptEbicsE002( + transactionKey, + innerSignedEbicsXml.inputStream().deflate() + ).encodeBase64() + // Compress and encrypt payload + val segment = CryptoUtil.encryptEbicsE002( + transactionKey, + payload.inputStream().deflate() + ).encodeBase64() + // TODO split 1MB segment when we have payloads that big return PreparedUploadData( - encryptionResult.encryptedTransactionKey, // ephemeral key - encryptionResult.encryptedData, // bank-pub-encrypted A006 signature. - CryptoUtil.digestEbicsOrderA006(payload), // used by EBICS 3 - listOf(segment) // actual payload E002 encrypted. + encryptedTransactionKey, + orderSignature, + payloadDigest, + listOf(segment) ) } @@ -321,7 +323,7 @@ fun prepareUploadPayload( */ suspend fun doEbicsUpload( client: HttpClient, - cfg: EbicsSetupConfig, + cfg: NexusConfig, clientKeys: ClientPrivateKeysFile, bankKeys: BankPublicKeysFile, order: EbicsOrder, @@ -361,7 +363,7 @@ fun getNonce(size: Int): ByteArray { class PreparedUploadData( val transactionKey: ByteArray, - val userSignatureDataEncrypted: ByteArray, + val userSignatureDataEncrypted: String, val dataDigest: ByteArray, val segments: List<String> ) |