diff options
| author | Antoine A <> | 2024-03-12 11:02:45 +0100 |
|---|---|---|
| committer | Antoine A <> | 2024-03-12 11:02:45 +0100 |
| commit | 3b0aa4610772ef5ace8442532b247f917e59af3a (patch) | |
| tree | c68bf8973ca30af4ae5e75358a62d726f6eb21d1 /nexus/src/main/kotlin/tech/libeufin/nexus/ebics | |
| parent | 90e9e6804f01793628b2abe0c2771fb96bf318e3 (diff) | |
| parent | 0cc7f2a61b17f2870d1c8f9c45d0eb754a60a27b (diff) | |
| download | libeufin-3b0aa4610772ef5ace8442532b247f917e59af3a.tar.gz libeufin-3b0aa4610772ef5ace8442532b247f917e59af3a.tar.bz2 libeufin-3b0aa4610772ef5ace8442532b247f917e59af3a.zip | |
Clean EBICS implementation, replace JAXB code with Kotlin DSL XML combinators
Diffstat (limited to 'nexus/src/main/kotlin/tech/libeufin/nexus/ebics')
6 files changed, 860 insertions, 1194 deletions
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/Ebics2.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/Ebics2.kt deleted file mode 100644 index dd2cd67b..00000000 --- a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/Ebics2.kt +++ /dev/null @@ -1,379 +0,0 @@ -/* - * This file is part of LibEuFin. - * Copyright (C) 2024 Taler Systems S.A. - - * LibEuFin is free software; you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation; either version 3, or - * (at your option) any later version. - - * LibEuFin is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General - * Public License for more details. - - * You should have received a copy of the GNU Affero General Public - * License along with LibEuFin; see the file COPYING. If not, see - * <http://www.gnu.org/licenses/> - */ - -/** - * This file contains helpers to construct EBICS 2.x requests. - */ - -package tech.libeufin.nexus.ebics - -import org.slf4j.Logger -import org.slf4j.LoggerFactory -import tech.libeufin.ebics.* -import tech.libeufin.ebics.ebics_h004.EbicsKeyManagementResponse -import tech.libeufin.ebics.ebics_h004.EbicsNpkdRequest -import tech.libeufin.ebics.ebics_h004.EbicsRequest -import tech.libeufin.ebics.ebics_h004.EbicsUnsecuredRequest -import tech.libeufin.nexus.BankPublicKeysFile -import tech.libeufin.nexus.ClientPrivateKeysFile -import tech.libeufin.nexus.EbicsSetupConfig -import java.io.InputStream -import java.security.interfaces.RSAPrivateCrtKey -import java.time.Instant -import java.time.ZoneId -import java.util.* -import javax.xml.datatype.DatatypeFactory - -private val logger: Logger = LoggerFactory.getLogger("libeufin-nexus-ebics2") - -/** - * Creates a EBICS 2.5 download init. message. So far only used - * to fetch the PostFinance bank accounts. - */ -fun createEbics25DownloadInit( - cfg: EbicsSetupConfig, - clientKeys: ClientPrivateKeysFile, - bankKeys: BankPublicKeysFile, - orderType: String, - orderParams: EbicsOrderParams = EbicsStandardOrderParams() -): ByteArray { - val nonce = getNonce(128) - val req = EbicsRequest.createForDownloadInitializationPhase( - cfg.ebicsUserId, - cfg.ebicsPartnerId, - cfg.ebicsHostId, - nonce, - DatatypeFactory.newInstance().newXMLGregorianCalendar( - GregorianCalendar( - TimeZone.getTimeZone(ZoneId.systemDefault()) - ) - ), - bankKeys.bank_encryption_public_key, - bankKeys.bank_authentication_public_key, - orderType, - makeOrderParams(orderParams) - ) - val doc = XMLUtil.convertJaxbToDocument(req) - XMLUtil.signEbicsDocument( - doc, - clientKeys.authentication_private_key, - withEbics3 = false - ) - return XMLUtil.convertDomToBytes(doc) -} - -/** - * Creates raw XML for an EBICS receipt phase. - * - * @param cfg configuration handle. - * @param clientKeys user EBICS private keys. - * @param transactionId transaction ID of the EBICS communication that - * should receive this receipt. - * @param success was the download successfully processed - * @return receipt request in XML. - */ -fun createEbics25DownloadReceiptPhase( - cfg: EbicsSetupConfig, - clientKeys: ClientPrivateKeysFile, - transactionId: String, - success: Boolean -): ByteArray { - val req = EbicsRequest.createForDownloadReceiptPhase( - transactionId, - cfg.ebicsHostId, - success - ) - val doc = XMLUtil.convertJaxbToDocument(req) - XMLUtil.signEbicsDocument( - doc, - clientKeys.authentication_private_key, - withEbics3 = false - ) - return XMLUtil.convertDomToBytes(doc) -} - -/** - * Creates raw XML for an EBICS transfer phase. - * - * @param cfg configuration handle. - * @param clientKeys user EBICS private keys. - * @param segNumber which segment we ask the bank. - * @param totalSegments how many segments compose the whole EBICS transaction. - * @param transactionId ID of the EBICS transaction that transports all the segments. - * @return raw XML string of the request. - */ -fun createEbics25DownloadTransferPhase( - cfg: EbicsSetupConfig, - clientKeys: ClientPrivateKeysFile, - segNumber: Int, - totalSegments: Int, - transactionId: String -): ByteArray { - val req = EbicsRequest.createForDownloadTransferPhase( - hostID = cfg.ebicsHostId, - segmentNumber = segNumber, - numSegments = totalSegments, - transactionID = transactionId - ) - val doc = XMLUtil.convertJaxbToDocument(req) - XMLUtil.signEbicsDocument( - doc, - clientKeys.authentication_private_key, - withEbics3 = false - ) - return XMLUtil.convertDomToBytes(doc) -} - -/** - * Parses the raw XML that came from the bank into the Nexus representation. - * - * @param clientEncryptionKey client private encryption key, used to decrypt - * the transaction key. - * @param xml the bank raw XML response - * @return the internal representation of the XML response, or null if the parsing or the decryption failed. - * Note: it _is_ possible to successfully return the internal repr. of this response, where - * the payload is null. That's however still useful, because the returned type provides bank - * and EBICS return codes. - */ -fun parseKeysMgmtResponse( - clientEncryptionKey: RSAPrivateCrtKey, - xml: InputStream -): EbicsKeyManagementResponseContent? { - // TODO throw instead of null - val jaxb = try { - XMLUtil.convertToJaxb<EbicsKeyManagementResponse>(xml) - } catch (e: Exception) { - tech.libeufin.nexus.logger.error("Could not parse the raw response from bank into JAXB.") - return null - } - var payload: ByteArray? = null - jaxb.value.body.dataTransfer?.dataEncryptionInfo.apply { - // non-null indicates that an encrypted payload should be found. - if (this != null) { - val encOrderData = jaxb.value.body.dataTransfer?.orderData?.value - if (encOrderData == null) { - tech.libeufin.nexus.logger.error("Despite a non-null DataEncryptionInfo, OrderData could not be found, can't decrypt any payload!") - return null - } - payload = decryptAndDecompressPayload( - clientEncryptionKey, - DataEncryptionInfo(this.transactionKey, this.encryptionPubKeyDigest.value), - listOf(encOrderData) - ).readBytes() - } - } - val bankReturnCode = EbicsReturnCode.lookup(jaxb.value.body.returnCode.value) // business error - val ebicsReturnCode = EbicsReturnCode.lookup(jaxb.value.header.mutable.returnCode) // ebics error - return EbicsKeyManagementResponseContent(ebicsReturnCode, bankReturnCode, payload) -} - -/** - * Generates the INI message to upload the signature key. - * - * @param cfg handle to the configuration. - * @param clientKeys set of all the client keys. - * @return the raw EBICS INI message. - */ -fun generateIniMessage(cfg: EbicsSetupConfig, clientKeys: ClientPrivateKeysFile): ByteArray { - val iniRequest = EbicsUnsecuredRequest.createIni( - cfg.ebicsHostId, - cfg.ebicsUserId, - cfg.ebicsPartnerId, - clientKeys.signature_private_key - ) - val doc = XMLUtil.convertJaxbToDocument(iniRequest) - return XMLUtil.convertDomToBytes(doc) -} - -/** - * Generates the HIA message: uploads the authentication and - * encryption keys. - * - * @param cfg handle to the configuration. - * @param clientKeys set of all the client keys. - * @return the raw EBICS HIA message. - */ -fun generateHiaMessage(cfg: EbicsSetupConfig, clientKeys: ClientPrivateKeysFile): ByteArray { - val hiaRequest = EbicsUnsecuredRequest.createHia( - cfg.ebicsHostId, - cfg.ebicsUserId, - cfg.ebicsPartnerId, - clientKeys.authentication_private_key, - clientKeys.encryption_private_key - ) - val doc = XMLUtil.convertJaxbToDocument(hiaRequest) - return XMLUtil.convertDomToBytes(doc) -} - -/** - * Generates the HPB message: downloads the bank keys. - * - * @param cfg handle to the configuration. - * @param clientKeys set of all the client keys. - * @return the raw EBICS HPB message. - */ -fun generateHpbMessage(cfg: EbicsSetupConfig, clientKeys: ClientPrivateKeysFile): ByteArray { - val hpbRequest = EbicsNpkdRequest.createRequest( - cfg.ebicsHostId, - cfg.ebicsPartnerId, - cfg.ebicsUserId, - getNonce(128), - DatatypeFactory.newInstance().newXMLGregorianCalendar(GregorianCalendar()) - ) - val doc = XMLUtil.convertJaxbToDocument(hpbRequest) - XMLUtil.signEbicsDocument(doc, clientKeys.authentication_private_key) - return XMLUtil.convertDomToBytes(doc) -} - -/** - * Collects message type and date range of an EBICS 2 request. - */ -data class Ebics2Request( - val messageType: String, - val orderParams: EbicsOrderParams -) - -/** - * Prepares an EBICS 2 request to get pain.002 acknowledgements - * about submitted pain.001 documents. - * - * @param startDate earliest timestamp of the returned document(s). If - * null, it defaults to download the unseen documents. - * @param endDate latest timestamp of the returned document(s). If - * null, it defaults to the current time. - * @return [Ebics2Request] object to be first converted in XML and - * then be passed to the EBICS downloader. - */ -private fun prepAckRequest2( - startDate: Instant? = null, - endDate: Instant? = null -): Ebics2Request { - val maybeDateRange = if (startDate != null) EbicsDateRange(startDate, endDate ?: Instant.now()) else null - return Ebics2Request( - messageType = "Z01", - orderParams = EbicsStandardOrderParams(dateRange = maybeDateRange) - ) -} - -/** - * Prepares an EBICS 2 request to get intraday camt.052 reports. - * - * @param startDate earliest timestamp of the returned document(s). If - * null, it defaults to download the unseen documents. - * @param endDate latest timestamp of the returned document(s). If - * null, it defaults to the current time. - * @return [Ebics2Request] object to be first converted in XML and - * then be passed to the EBICS downloader. - */ -private fun prepReportRequest2( - startDate: Instant? = null, - endDate: Instant? = null -): Ebics2Request { - val maybeDateRange = if (startDate != null) EbicsDateRange(startDate, endDate ?: Instant.now()) else null - return Ebics2Request( - messageType = "Z52", - orderParams = EbicsStandardOrderParams(dateRange = maybeDateRange) - ) -} - -/** - * Prepares an EBICS 2 request to get daily camt.053 statements. - * - * @param startDate earliest timestamp of the returned document(s). If - * null, it defaults to download the unseen documents. - * @param endDate latest timestamp of the returned document(s). If - * null, it defaults to the current time. - * @return [Ebics2Request] object to be first converted in XML and - * then be passed to the EBICS downloader. - */ -private fun prepStatementRequest2( - startDate: Instant? = null, - endDate: Instant? = null -): Ebics2Request { - val maybeDateRange = if (startDate != null) EbicsDateRange(startDate, endDate ?: Instant.now()) else null - return Ebics2Request( - messageType = "Z53", - orderParams = EbicsStandardOrderParams(dateRange = maybeDateRange) - ) -} - -/** - * Prepares an EBICS 2 request to get camt.054 notifications. - * - * @param startDate earliest timestamp of the returned document(s). If - * null, it defaults to download the unseen documents. - * @param endDate latest timestamp of the returned document(s). If - * null, it defaults to the current time. - * @return [Ebics2Request] object to be first converted in XML and - * then be passed to the EBICS downloader. - */ -private fun prepNotificationRequest2( - startDate: Instant? = null, - endDate: Instant? = null -): Ebics2Request { - val maybeDateRange = if (startDate != null) EbicsDateRange(startDate, endDate ?: Instant.now()) else null - return Ebics2Request( - messageType = "Z54", // ZS2 is the non-appendix type - orderParams = EbicsStandardOrderParams(dateRange = maybeDateRange) - ) -} - -/** - * Prepares an EBICS 2 request to get logs from the bank about any - * uploaded or downloaded document. - * - * @param startDate earliest timestamp of the returned document(s). If - * null, it defaults to download the unseen documents. - * @param endDate latest timestamp of the returned document(s). If - * null, it defaults to the current time. - * @return [Ebics2Request] object to be first converted in XML and - * then be passed to the EBICS downloader. - */ -private fun prepLogsRequest2( - startDate: Instant? = null, - endDate: Instant? = null -): Ebics2Request { - val maybeDateRange = if (startDate != null) EbicsDateRange(startDate, endDate ?: Instant.now()) else null - return Ebics2Request( - messageType = "HAC", - orderParams = EbicsStandardOrderParams(dateRange = maybeDateRange) - ) -} - -/** - * Abstracts EBICS 2 request creation of a download init phase. - * - * @param whichDoc type of wanted document. - * @param startDate earliest timestamp of the document(s) to download. - * If null, it gets the unseen documents. If defined, - * the latest timestamp defaults to the current time. - * @return [Ebics2Request] to be converted to XML string and passed to - * the EBICS downloader. - */ -fun prepEbics2Document( - whichDoc: SupportedDocument, - startDate: Instant? = null -): Ebics2Request = - when(whichDoc) { - SupportedDocument.PAIN_002 -> prepAckRequest2(startDate) - SupportedDocument.CAMT_052 -> prepReportRequest2(startDate) - SupportedDocument.CAMT_053 -> prepStatementRequest2(startDate) - SupportedDocument.CAMT_054 -> prepNotificationRequest2(startDate) - SupportedDocument.PAIN_002_LOGS -> prepLogsRequest2(startDate) - }
\ No newline at end of file diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/Ebics3.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/Ebics3.kt deleted file mode 100644 index 09aac3df..00000000 --- a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/Ebics3.kt +++ /dev/null @@ -1,443 +0,0 @@ -/* - * This file is part of LibEuFin. - * Copyright (C) 2024 Taler Systems S.A. - - * LibEuFin is free software; you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation; either version 3, or - * (at your option) any later version. - - * LibEuFin is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General - * Public License for more details. - - * You should have received a copy of the GNU Affero General Public - * License along with LibEuFin; see the file COPYING. If not, see - * <http://www.gnu.org/licenses/> - */ -package tech.libeufin.nexus.ebics - -import io.ktor.client.* -import tech.libeufin.ebics.PreparedUploadData -import tech.libeufin.ebics.XMLUtil -import tech.libeufin.ebics.ebics_h005.Ebics3Request -import tech.libeufin.ebics.getNonce -import tech.libeufin.ebics.getXmlDate -import tech.libeufin.nexus.BankPublicKeysFile -import tech.libeufin.nexus.ClientPrivateKeysFile -import tech.libeufin.nexus.EbicsSetupConfig -import tech.libeufin.nexus.logger -import java.math.BigInteger -import java.time.Instant -import java.util.* -import javax.xml.datatype.DatatypeFactory - -/** - * Crafts an EBICS request for the receipt phase of a download - * transaction. - * - * @param cfg config handle - * @param clientKeys subscriber private keys. - * @param transactionId EBICS transaction ID as assigned by the - * bank to any successful transaction. - * @param success was the download successfully processed - * @return the raw XML of the EBICS request. - */ -fun createEbics3DownloadReceiptPhase( - cfg: EbicsSetupConfig, - clientKeys: ClientPrivateKeysFile, - transactionId: String, - success: Boolean -): ByteArray { - val req = Ebics3Request.createForDownloadReceiptPhase( - transactionId, - cfg.ebicsHostId, - success - ) - val doc = XMLUtil.convertJaxbToDocument(req) - XMLUtil.signEbicsDocument( - doc, - clientKeys.authentication_private_key, - withEbics3 = true - ) - return XMLUtil.convertDomToBytes(doc) -} - -/** - * Crafts an EBICS download request for the transfer phase. - * - * @param cfg config handle - * @param clientKeys subscriber private keys - * @param transactionId EBICS transaction ID. That came from the - * bank after the initialization phase ended successfully. - * @param segmentNumber which (payload's) segment number this requests wants. - * @param howManySegments total number of segments that the payload is split to. - * @return the raw XML EBICS request. - */ -fun createEbics3DownloadTransferPhase( - cfg: EbicsSetupConfig, - clientKeys: ClientPrivateKeysFile, - howManySegments: Int, - segmentNumber: Int, - transactionId: String -): ByteArray { - val req = Ebics3Request.createForDownloadTransferPhase( - cfg.ebicsHostId, - transactionId, - segmentNumber, - howManySegments - ) - val doc = XMLUtil.convertJaxbToDocument(req) - XMLUtil.signEbicsDocument( - doc, - clientKeys.authentication_private_key, - withEbics3 = true - ) - return XMLUtil.convertDomToBytes(doc) -} - -/** - * Creates the EBICS 3 document for the init phase of a download - * transaction. - * - * @param cfg configuration handle. - * @param bankkeys bank public keys. - * @param clientKeys client private keys. - * @param orderService EBICS 3 document defining the request type - */ -fun createEbics3DownloadInitialization( - cfg: EbicsSetupConfig, - bankkeys: BankPublicKeysFile, - clientKeys: ClientPrivateKeysFile, - orderParams: Ebics3Request.OrderDetails.BTDOrderParams -): ByteArray { - val nonce = getNonce(128) - val req = Ebics3Request.createForDownloadInitializationPhase( - cfg.ebicsUserId, - cfg.ebicsPartnerId, - cfg.ebicsHostId, - nonce, - DatatypeFactory.newInstance().newXMLGregorianCalendar(GregorianCalendar()), - bankAuthPub = bankkeys.bank_authentication_public_key, - bankEncPub = bankkeys.bank_encryption_public_key, - myOrderParams = orderParams - ) - val doc = XMLUtil.convertJaxbToDocument( - req, - withSchemaLocation = "urn:org:ebics:H005 ebics_request_H005.xsd" - ) - XMLUtil.signEbicsDocument( - doc, - clientKeys.authentication_private_key, - withEbics3 = true - ) - return XMLUtil.convertDomToBytes(doc) -} - -/** - * Creates the EBICS 3 document for the init phase of an upload - * transaction. - * - * @param cfg configuration handle. - * @param preparedUploadData business payload to send. - * @param bankkeys bank public keys. - * @param clientKeys client private keys. - * @param orderService EBICS 3 document defining the request type - * @return raw XML of the EBICS 3 init phase. - */ -fun createEbics3RequestForUploadInitialization( - cfg: EbicsSetupConfig, - preparedUploadData: PreparedUploadData, - bankkeys: BankPublicKeysFile, - clientKeys: ClientPrivateKeysFile, - orderService: Ebics3Request.OrderDetails.Service -): ByteArray { - val nonce = getNonce(128) - val req = Ebics3Request.createForUploadInitializationPhase( - preparedUploadData.transactionKey, - preparedUploadData.userSignatureDataEncrypted, - preparedUploadData.dataDigest, - cfg.ebicsHostId, - nonce, - cfg.ebicsPartnerId, - cfg.ebicsUserId, - DatatypeFactory.newInstance().newXMLGregorianCalendar(GregorianCalendar()), - bankkeys.bank_authentication_public_key, - bankkeys.bank_encryption_public_key, - BigInteger.ONE, - orderService - ) - val doc = XMLUtil.convertJaxbToDocument( - req, - withSchemaLocation = "urn:org:ebics:H005 ebics_request_H005.xsd" - ) - XMLUtil.signEbicsDocument( - doc, - clientKeys.authentication_private_key, - withEbics3 = true - ) - return XMLUtil.convertDomToBytes(doc) -} - -/** - * Crafts one EBICS 3 request for the upload transfer phase. Currently - * only 1-chunk payloads are supported. - * - * @param cfg configuration handle. - * @param clientKeys client private keys. - * @param transactionId EBICS transaction ID obtained from an init phase. - * @param uploadData business content to upload. - * - * @return raw XML document. - */ -fun createEbics3RequestForUploadTransferPhase( - cfg: EbicsSetupConfig, - clientKeys: ClientPrivateKeysFile, - transactionId: String, - uploadData: PreparedUploadData -): ByteArray { - val chunkIndex = 1 // only 1-chunk communication currently supported. - val req = Ebics3Request.createForUploadTransferPhase( - cfg.ebicsHostId, - transactionId, - BigInteger.valueOf(chunkIndex.toLong()), - uploadData.encryptedPayloadChunks[chunkIndex - 1] - ) - val doc = XMLUtil.convertJaxbToDocument(req) - XMLUtil.signEbicsDocument( - doc, - clientKeys.authentication_private_key, - withEbics3 = true - ) - return XMLUtil.convertDomToBytes(doc) -} - -/** - * Collects all the steps to prepare the submission of a pain.001 - * document to the bank, and finally send it. Indirectly throws - * [EbicsSideException] or [EbicsUploadException]. The first means - * that the bank sent an invalid response or signature, the second - * that a proper EBICS or business error took place. The caller must - * catch those exceptions and decide the retry policy. - * - * @param pain001xml pain.001 document in XML. The caller should - * ensure its validity. - * @param cfg configuration handle. - * @param clientKeys client private keys. - * @param bankkeys bank public keys. - * @param httpClient HTTP client to connect to the bank. - */ -suspend fun submitPain001( - pain001xml: String, - cfg: EbicsSetupConfig, - clientKeys: ClientPrivateKeysFile, - bankkeys: BankPublicKeysFile, - httpClient: HttpClient -): String { - val orderService: Ebics3Request.OrderDetails.Service = Ebics3Request.OrderDetails.Service().apply { - serviceName = "MCT" - scope = "CH" - messageName = Ebics3Request.OrderDetails.Service.MessageName().apply { - value = "pain.001" - version = "09" - } - } - val maybeUploaded = doEbicsUpload( - httpClient, - cfg, - clientKeys, - bankkeys, - orderService, - pain001xml.toByteArray(Charsets.UTF_8), - ) - logger.debug("Payment submitted, report text is: ${maybeUploaded.reportText}," + - " EBICS technical code is: ${maybeUploaded.technicalReturnCode}," + - " bank technical return code is: ${maybeUploaded.bankReturnCode}" - ) - return maybeUploaded.orderID!! -} - -/** - * Crafts a date range object, when the caller needs a time range. - * - * @param startDate inclusive starting date for the returned banking events. - * @param endDate inclusive ending date for the returned banking events. - * @return [Ebics3Request.DateRange] - */ -private fun getEbics3DateRange( - startDate: Instant, - endDate: Instant -): Ebics3Request.DateRange { - return Ebics3Request.DateRange().apply { - start = getXmlDate(startDate) - end = getXmlDate(endDate) - } -} - -/** - * Prepares the request for a camt.054 notification from the bank, - * via EBICS 3. - * Notifications inform the subscriber that some new events occurred - * on their account. One main difference with reports/statements is - * that notifications - according to the ISO20022 documentation - do - * NOT contain any balance. - * - * @param startDate inclusive starting date for the returned notification(s). - * @param endDate inclusive ending date for the returned notification(s). NOTE: - * if startDate is NOT null and endDate IS null, endDate gets defaulted - * to the current UTC time. - * @param isAppendix if true, the responded camt.054 will be an appendix of - * another camt.053 document, not therefore strictly acting as a notification. - * For example, camt.053 may omit wire transfer subjects and its related - * camt.054 appendix would instead contain those. - * - * @return [Ebics3Request.OrderDetails.BTOrderParams] - */ -fun prepNotificationRequest3( - startDate: Instant? = null, - endDate: Instant? = null, - isAppendix: Boolean -): Ebics3Request.OrderDetails.BTDOrderParams { - val service = Ebics3Request.OrderDetails.Service().apply { - serviceName = "REP" - scope = "CH" - container = Ebics3Request.OrderDetails.Service.Container().apply { - containerType = "ZIP" - } - messageName = Ebics3Request.OrderDetails.Service.MessageName().apply { - value = "camt.054" - version = "08" - } - if (!isAppendix) - serviceOption = "XDCI" - } - return Ebics3Request.OrderDetails.BTDOrderParams().apply { - this.service = service - this.dateRange = if (startDate != null) - getEbics3DateRange(startDate, endDate ?: Instant.now()) - else null - } -} - -/** - * Prepares the request for a pain.002 acknowledgement from the bank, via - * EBICS 3. - * - * @param startDate inclusive starting date for the returned acknowledgements. - * @param endDate inclusive ending date for the returned acknowledgements. NOTE: - * if startDate is NOT null and endDate IS null, endDate gets defaulted - * to the current UTC time. - * - * @return [Ebics3Request.OrderDetails.BTOrderParams] - */ -fun prepAckRequest3( - startDate: Instant? = null, - endDate: Instant? = null -): Ebics3Request.OrderDetails.BTDOrderParams { - val service = Ebics3Request.OrderDetails.Service().apply { - serviceName = "PSR" - scope = "CH" - container = Ebics3Request.OrderDetails.Service.Container().apply { - containerType = "ZIP" - } - messageName = Ebics3Request.OrderDetails.Service.MessageName().apply { - value = "pain.002" - version = "10" - } - } - return Ebics3Request.OrderDetails.BTDOrderParams().apply { - this.service = service - this.dateRange = if (startDate != null) - getEbics3DateRange(startDate, endDate ?: Instant.now()) - else null - } -} - -/** - * Prepares the request for (a) camt.053/statement(s) via EBICS 3. - * - * @param startDate inclusive starting date for the returned banking events. - * @param endDate inclusive ending date for the returned banking events. NOTE: - * if startDate is NOT null and endDate IS null, endDate gets defaulted - * to the current UTC time. - * - * @return [Ebics3Request.OrderDetails.BTOrderParams] - */ -fun prepStatementRequest3( - startDate: Instant? = null, - endDate: Instant? = null -): Ebics3Request.OrderDetails.BTDOrderParams { - val service = Ebics3Request.OrderDetails.Service().apply { - serviceName = "EOP" - scope = "CH" - container = Ebics3Request.OrderDetails.Service.Container().apply { - containerType = "ZIP" - } - messageName = Ebics3Request.OrderDetails.Service.MessageName().apply { - value = "camt.053" - version = "08" - } - } - return Ebics3Request.OrderDetails.BTDOrderParams().apply { - this.service = service - this.dateRange = if (startDate != null) - getEbics3DateRange(startDate, endDate ?: Instant.now()) - else null - } -} - -/** - * Prepares the request for camt.052/intraday records via EBICS 3. - * - * @param startDate inclusive starting date for the returned banking events. - * @param endDate inclusive ending date for the returned banking events. NOTE: - * if startDate is NOT null and endDate IS null, endDate gets defaulted - * to the current UTC time. - * - * @return [Ebics3Request.OrderDetails.BTOrderParams] - */ -fun prepReportRequest3( - startDate: Instant? = null, - endDate: Instant? = null -): Ebics3Request.OrderDetails.BTDOrderParams { - val service = Ebics3Request.OrderDetails.Service().apply { - serviceName = "STM" - scope = "CH" - container = Ebics3Request.OrderDetails.Service.Container().apply { - containerType = "ZIP" - } - messageName = Ebics3Request.OrderDetails.Service.MessageName().apply { - value = "camt.052" - version = "08" - } - } - return Ebics3Request.OrderDetails.BTDOrderParams().apply { - this.service = service - this.dateRange = if (startDate != null) - getEbics3DateRange(startDate, endDate ?: Instant.now()) - else null - } -} - -/** - * Abstracts EBICS 3 request creation of a download init phase. - * - * @param whichDoc type of wanted document. - * @param startDate earliest timestamp of the document(s) to download. - * If null, it gets the unseen documents. If defined, - * the latest timestamp defaults to the current time. - * @return [Ebics2Request] to be converted to XML string and passed to - * the EBICS downloader. - */ -fun prepEbics3Document( - whichDoc: SupportedDocument, - startDate: Instant? = null -): Ebics3Request.OrderDetails.BTDOrderParams = - when(whichDoc) { - SupportedDocument.PAIN_002 -> prepAckRequest3(startDate) - SupportedDocument.CAMT_052 -> prepReportRequest3(startDate) - SupportedDocument.CAMT_053 -> prepStatementRequest3(startDate) - SupportedDocument.CAMT_054 -> prepNotificationRequest3(startDate, isAppendix = true) - SupportedDocument.PAIN_002_LOGS -> throw Exception("HAC (--only-logs) not available in EBICS 3") - }
\ No newline at end of file diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsBTS.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsBTS.kt new file mode 100644 index 00000000..356d4b96 --- /dev/null +++ b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsBTS.kt @@ -0,0 +1,347 @@ +/* + * This file is part of LibEuFin. + * Copyright (C) 2024 Taler Systems S.A. + + * LibEuFin is free software; you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation; either version 3, or + * (at your option) any later version. + + * LibEuFin is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General + * Public License for more details. + + * You should have received a copy of the GNU Affero General Public + * License along with LibEuFin; see the file COPYING. If not, see + * <http://www.gnu.org/licenses/> + */ +package tech.libeufin.nexus.ebics + +import io.ktor.client.* +import tech.libeufin.nexus.* +import tech.libeufin.common.* +import tech.libeufin.common.crypto.* +import java.math.BigInteger +import java.time.* +import java.time.format.* +import java.util.* +import java.io.File +import org.w3c.dom.* +import javax.xml.datatype.XMLGregorianCalendar +import javax.xml.datatype.DatatypeFactory +import java.security.interfaces.* + + +fun Instant.xmlDate(): String = DateTimeFormatter.ISO_DATE.withZone(ZoneId.of("UTC")).format(this) +fun Instant.xmlDateTime(): String = DateTimeFormatter.ISO_OFFSET_DATE_TIME.withZone(ZoneId.of("UTC")).format(this) + +/** EBICS protocol for business transactions */ +class EbicsBTS( + val cfg: EbicsSetupConfig, + val bankKeys: BankPublicKeysFile, + val clientKeys: ClientPrivateKeysFile, + val order: EbicsOrder +) { + /* ----- Download ----- */ + + fun downloadInitialization(startDate: Instant?, endDate: Instant?): ByteArray { + val nonce = getNonce(128) + return signedRequest { + el("header") { + attr("authenticate", "true") + el("static") { + el("HostID", cfg.ebicsHostId) + el("Nonce", nonce.encodeHex()) + el("Timestamp", Instant.now().xmlDateTime()) + el("PartnerID", cfg.ebicsPartnerId) + el("UserID", cfg.ebicsUserId) + // SystemID + // Product + el("OrderDetails") { + when (order) { + is EbicsOrder.V2_5 -> { + el("OrderType", order.type) + el("OrderAttribute", order.attribute) + el("StandardOrderParams") { + if (startDate != null) { + el("DateRange") { + el("Start", startDate.xmlDate()) + el("End", (endDate ?: Instant.now()).xmlDate()) + } + } + } + } + is EbicsOrder.V3 -> { + el("AdminOrderType", order.type) + if (order.type == "BTD") { + el("BTDOrderParams") { + el("Service") { + el("ServiceName", order.name!!) + el("Scope", order.scope!!) + if (order.container != null) { + el("Container") { + attr("containerType", order.container) + } + } + el("MsgName") { + attr("version", order.messageVersion!!) + text(order.messageName!!) + } + } + if (startDate != null) { + el("DateRange") { + el("Start", startDate.xmlDate()) + el("End", (endDate ?: Instant.now()).xmlDate()) + } + } + } + } + } + } + } + bankDigest() + } + el("mutable/TransactionPhase", "Initialisation") + } + el("AuthSignature") + el("body") + } + } + + fun downloadTransfer( + howManySegments: Int, + segmentNumber: Int, + transactionId: String + ): ByteArray { + return signedRequest { + el("header") { + attr("authenticate", "true") + el("static") { + el("HostID", cfg.ebicsHostId) + el("TransactionID", transactionId) + } + el("mutable") { + el("TransactionPhase", "Transfer") + el("SegmentNumber") { + attr("lastSegment", if (howManySegments == segmentNumber) "true" else "false") + } + } + } + el("AuthSignature") + el("body") + } + } + + fun downloadReceipt( + transactionId: String, + success: Boolean + ): ByteArray { + return signedRequest { + el("header") { + attr("authenticate", "true") + el("static") { + el("HostID", cfg.ebicsHostId) + el("TransactionID", transactionId) + } + el("mutable") { + el("TransactionPhase", "Receipt") + } + } + el("AuthSignature") + el("body/TransferReceipt") { + attr("authenticate", "true") + el("ReceiptCode", if (success) "0" else "1") + } + } + } + + /* ----- Upload ----- */ + + fun uploadInitialization(preparedUploadData: PreparedUploadData): ByteArray { + val nonce = getNonce(128) + return signedRequest { + el("header") { + attr("authenticate", "true") + el("static") { + el("HostID", cfg.ebicsHostId) + el("Nonce", nonce.encodeUpHex()) + el("Timestamp", Instant.now().xmlDateTime()) + el("PartnerID", cfg.ebicsPartnerId) + el("UserID", cfg.ebicsUserId) + // SystemID + // Product + el("OrderDetails") { + when (order) { + is EbicsOrder.V2_5 -> { + // TODO + } + is EbicsOrder.V3 -> { + el("AdminOrderType", order.type) + el("BTUOrderParams") { + el("Service") { + el("ServiceName", order.name!!) + el("Scope", order.scope!!) + el("MsgName") { + attr("version", order.messageVersion!!) + text(order.messageName!!) + } + } + el("SignatureFlag", "true") + } + } + } + } + bankDigest() + el("NumSegments", "1") // TODO test upload of many segment + + } + el("mutable") { + el("TransactionPhase", "Initialisation") + } + } + el("AuthSignature") + el("body") { + el("DataTransfer") { + el("DataEncryptionInfo") { + attr("authenticate", "true") + el("EncryptionPubKeyDigest") { + attr("Version", "E002") + attr("Algorithm", "http://www.w3.org/2001/04/xmlenc#sha256") + text(CryptoUtil.getEbicsPublicKeyHash(bankKeys.bank_encryption_public_key).encodeBase64()) + } + el("TransactionKey", preparedUploadData.transactionKey.encodeBase64()) + } + el("SignatureData") { + attr("authenticate", "true") + text(preparedUploadData.userSignatureDataEncrypted.encodeBase64()) + } + el("DataDigest") { + attr("SignatureVersion", "A006") + text(preparedUploadData.dataDigest.encodeBase64()) + } + } + } + } + } + + fun uploadTransfer( + transactionId: String, + uploadData: PreparedUploadData + ): ByteArray { + val chunkIndex = 1 // TODO test upload of many segment + return signedRequest { + el("header") { + attr("authenticate", "true") + el("static") { + el("HostID", cfg.ebicsHostId) + el("TransactionID", transactionId) + } + el("mutable") { + el("TransactionPhase", "Transfer") + el("SegmentNumber") { + attr("lastSegment", "true") + text(chunkIndex.toString()) + } + } + } + el("AuthSignature") + el("body/DataTransfer/OrderData", uploadData.encryptedPayloadChunks[chunkIndex - 1]) + } + } + + /* ----- Helpers ----- */ + + /** Generate a signed ebicsRequest */ + private fun signedRequest(lambda: XmlBuilder.() -> Unit): ByteArray { + val doc = XmlBuilder.toDom("ebicsRequest", "urn:org:ebics:${order.schema}") { + attr("http://www.w3.org/2000/xmlns/", "xmlns", "urn:org:ebics:${order.schema}") + attr("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#") + attr("Version", order.schema) + attr("Revision", "1") + lambda() + } + XMLUtil.signEbicsDocument( + doc, + clientKeys.authentication_private_key, + order.schema + ) + return XMLUtil.convertDomToBytes(doc) + } + + private fun XmlBuilder.bankDigest() { + el("BankPubKeyDigests") { + el("Authentication") { + attr("Version", "X002") + attr("Algorithm", "http://www.w3.org/2001/04/xmlenc#sha256") + text(CryptoUtil.getEbicsPublicKeyHash(bankKeys.bank_authentication_public_key).encodeBase64()) + } + el("Encryption") { + attr("Version", "E002") + attr("Algorithm", "http://www.w3.org/2001/04/xmlenc#sha256") + text(CryptoUtil.getEbicsPublicKeyHash(bankKeys.bank_encryption_public_key).encodeBase64()) + } + // Signature + } + el("SecurityMedium", "0000") + } + + companion object { + fun parseResponse(doc: Document): EbicsResponse<BTSResponse> { + return XmlDestructor.fromDoc(doc, "ebicsResponse") { + var transactionID: String? = null + var numSegments: Int? = null + lateinit var technicalCode: EbicsReturnCode + lateinit var bankCode: EbicsReturnCode + var orderID: String? = null + var segmentNumber: Int? = null + var payloadChunk: ByteArray? = null + var dataEncryptionInfo: DataEncryptionInfo? = null + one("header") { + one("static") { + transactionID = opt("TransactionID")?.text() + numSegments = opt("NumSegments")?.text()?.toInt() + } + one("mutable") { + segmentNumber = opt("SegmentNumber")?.text()?.toInt() + orderID = opt("OrderID")?.text() + technicalCode = EbicsReturnCode.lookup(one("ReturnCode").text()) + } + } + one("body") { + opt("DataTransfer") { + payloadChunk = one("OrderData").text().decodeBase64() + dataEncryptionInfo = opt("DataEncryptionInfo") { + DataEncryptionInfo( + one("TransactionKey").text().decodeBase64(), + one("EncryptionPubKeyDigest").text().decodeBase64() + ) + } + } + bankCode = EbicsReturnCode.lookup(one("ReturnCode").text()) + } + EbicsResponse( + bankCode = bankCode, + technicalCode = technicalCode, + content = BTSResponse( + transactionID = transactionID, + orderID = orderID, + payloadChunk = payloadChunk, + dataEncryptionInfo = dataEncryptionInfo, + numSegments = numSegments, + segmentNumber = segmentNumber + ) + ) + } + } + } +} + +data class BTSResponse( + val transactionID: String?, + val orderID: String?, + val dataEncryptionInfo: DataEncryptionInfo?, + val payloadChunk: ByteArray?, + val segmentNumber: Int?, + val numSegments: Int? +)
\ No newline at end of file diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsCommon.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsCommon.kt index c4231455..74c1dd32 100644 --- a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsCommon.kt +++ b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsCommon.kt @@ -32,11 +32,6 @@ package tech.libeufin.nexus.ebics -import com.itextpdf.kernel.pdf.PdfDocument -import com.itextpdf.kernel.pdf.PdfWriter -import com.itextpdf.layout.Document -import com.itextpdf.layout.element.AreaBreak -import com.itextpdf.layout.element.Paragraph import io.ktor.client.* import io.ktor.client.plugins.* import io.ktor.client.request.* @@ -45,8 +40,6 @@ import io.ktor.http.* import io.ktor.utils.io.jvm.javaio.* import tech.libeufin.common.* import tech.libeufin.common.crypto.* -import tech.libeufin.ebics.* -import tech.libeufin.ebics.ebics_h005.Ebics3Request import tech.libeufin.nexus.* import java.io.ByteArrayOutputStream import java.io.InputStream @@ -55,7 +48,11 @@ import java.security.interfaces.RSAPrivateCrtKey import java.time.LocalDateTime import java.time.format.DateTimeFormatter import java.util.* +import java.time.Instant import kotlinx.coroutines.* +import java.security.SecureRandom +import org.w3c.dom.Document +import org.xml.sax.SAXException /** * Available EBICS versions. @@ -82,15 +79,14 @@ enum class SupportedDocument { * one actually used to encrypt the payload. * @param encryptionInfo details related to the encrypted payload. * @param chunks the several chunks that constitute the whole encrypted payload. - * @return the plain payload. Errors throw, so the caller must handle those. + * @return the plain payload. */ fun decryptAndDecompressPayload( clientEncryptionKey: RSAPrivateCrtKey, encryptionInfo: DataEncryptionInfo, - chunks: List<String> + chunks: List<ByteArray> ): InputStream = - SequenceInputStream(Collections.enumeration(chunks.map { it.toByteArray().inputStream() })) // Aggregate - .decodeBase64() + SequenceInputStream(Collections.enumeration(chunks.map { it.inputStream() })) // Aggregate .run { CryptoUtil.decryptEbicsE002( encryptionInfo.transactionKey, @@ -99,6 +95,13 @@ fun decryptAndDecompressPayload( ) }.inflate() +sealed class EbicsError(msg: String, cause: Throwable? = null): Exception(msg, cause) { + /** Http and network errors */ + class Transport(msg: String, cause: Throwable? = null): EbicsError(msg, cause) + /** EBICS protocol & XML format error */ + class Protocol(msg: String, cause: Throwable? = null): EbicsError(msg, cause) +} + /** * POSTs the EBICS message to the bank. * @@ -106,164 +109,49 @@ fun decryptAndDecompressPayload( * @param msg EBICS message as raw bytes. * @return the raw bank response. */ -suspend fun HttpClient.postToBank(bankUrl: String, msg: ByteArray): InputStream { - logger.debug("POSTing EBICS to '$bankUrl'") - val res = post(urlString = bankUrl) { - contentType(ContentType.Text.Xml) - setBody(msg) - } - if (res.status != HttpStatusCode.OK) { - throw Exception("Invalid response status: ${res.status}") - } - return res.bodyAsChannel().toInputStream() -} - -/** - * Generate the PDF document with all the client public keys - * to be sent on paper to the bank. - */ -fun generateKeysPdf( - clientKeys: ClientPrivateKeysFile, - cfg: EbicsSetupConfig -): ByteArray { - val po = ByteArrayOutputStream() - val pdfWriter = PdfWriter(po) - val pdfDoc = PdfDocument(pdfWriter) - val date = LocalDateTime.now() - val dateStr = date.format(DateTimeFormatter.ISO_LOCAL_DATE) - - fun formatHex(ba: ByteArray): String { - var out = "" - for (i in ba.indices) { - val b = ba[i] - if (i > 0 && i % 16 == 0) { - out += "\n" - } - out += java.lang.String.format("%02X", b) - out += " " +suspend fun HttpClient.postToBank(bankUrl: String, msg: ByteArray, phase: String): Document { + val res = try { + post(urlString = bankUrl) { + contentType(ContentType.Text.Xml) + setBody(msg) } - return out - } - - fun writeCommon(doc: Document) { - doc.add( - Paragraph( - """ - Datum: $dateStr - Host-ID: ${cfg.ebicsHostId} - User-ID: ${cfg.ebicsUserId} - Partner-ID: ${cfg.ebicsPartnerId} - ES version: A006 - """.trimIndent() - ) - ) - } - - fun writeKey(doc: Document, priv: RSAPrivateCrtKey) { - val pub = CryptoUtil.getRsaPublicFromPrivate(priv) - val hash = CryptoUtil.getEbicsPublicKeyHash(pub) - doc.add(Paragraph("Exponent:\n${formatHex(pub.publicExponent.toByteArray())}")) - doc.add(Paragraph("Modulus:\n${formatHex(pub.modulus.toByteArray())}")) - doc.add(Paragraph("SHA-256 hash:\n${formatHex(hash)}")) + } catch (e: Exception) { + throw EbicsError.Transport("$phase: failed to contact bank", e) } - - fun writeSigLine(doc: Document) { - doc.add(Paragraph("Ort / Datum: ________________")) - doc.add(Paragraph("Firma / Name: ________________")) - doc.add(Paragraph("Unterschrift: ________________")) + + if (res.status != HttpStatusCode.OK) { + throw EbicsError.Transport("$phase: bank HTTP error: ${res.status}") } - - Document(pdfDoc).use { - it.add(Paragraph("Signaturschlüssel").setFontSize(24f)) - writeCommon(it) - it.add(Paragraph("Öffentlicher Schlüssel (Public key for the electronic signature)")) - writeKey(it, clientKeys.signature_private_key) - it.add(Paragraph("\n")) - writeSigLine(it) - it.add(AreaBreak()) - - it.add(Paragraph("Authentifikationsschlüssel").setFontSize(24f)) - writeCommon(it) - it.add(Paragraph("Öffentlicher Schlüssel (Public key for the identification and authentication signature)")) - writeKey(it, clientKeys.authentication_private_key) - it.add(Paragraph("\n")) - writeSigLine(it) - it.add(AreaBreak()) - - it.add(Paragraph("Verschlüsselungsschlüssel").setFontSize(24f)) - writeCommon(it) - it.add(Paragraph("Öffentlicher Schlüssel (Public encryption key)")) - writeKey(it, clientKeys.encryption_private_key) - it.add(Paragraph("\n")) - writeSigLine(it) + try { + return XMLUtil.parseIntoDom(res.bodyAsChannel().toInputStream()) + } catch (e: SAXException) { + throw EbicsError.Protocol("$phase: invalid XML bank reponse", e) + } catch (e: Exception) { + throw EbicsError.Transport("$phase: failed read bank response", e) } - pdfWriter.flush() - return po.toByteArray() } -/** - * POSTs raw EBICS XML to the bank and checks the two return codes: - * EBICS- and bank-technical. - * - * @param clientKeys client keys, used to sign the request. - * @param bankKeys bank keys, used to decrypt and validate the response. - * @param xmlReq raw EBICS request in XML. - * @param isEbics3 true in case the communication is EBICS 3, false - * @return [EbicsResponseContent] or throws [EbicsSideException] - */ -suspend fun postEbics( +suspend fun EbicsBTS.postBTS( client: HttpClient, - cfg: EbicsSetupConfig, - bankKeys: BankPublicKeysFile, xmlReq: ByteArray, - isEbics3: Boolean -): EbicsResponseContent { - val respXml = try { - client.postToBank(cfg.hostBaseUrl, xmlReq) - } catch (e: Exception) { - throw EbicsSideException( - "POSTing to ${cfg.hostBaseUrl} failed", - sideEc = EbicsSideError.HTTP_POST_FAILED, - e - ) - } - - // Parses the bank response from the raw XML and verifies - // the bank signature. - val doc = try { - XMLUtil.parseIntoDom(respXml) - } catch (e: Exception) { - throw EbicsSideException( - "Bank response apparently invalid", - sideEc = EbicsSideError.BANK_RESPONSE_IS_INVALID - ) - } + phase: String, +): EbicsResponse<BTSResponse> { + val doc = client.postToBank(cfg.hostBaseUrl, xmlReq, phase) if (!XMLUtil.verifyEbicsDocument( doc, bankKeys.bank_authentication_public_key, - isEbics3 + order.schema )) { - throw EbicsSideException( - "Bank signature did not verify", - sideEc = EbicsSideError.BANK_SIGNATURE_DIDNT_VERIFY - ) + throw EbicsError.Protocol("$phase: bank signature did not verify") + } + try { + return EbicsBTS.parseResponse(doc) + } catch (e: Exception) { + throw EbicsError.Protocol("$phase: invalid ebics response", e) } - if (isEbics3) - return ebics3toInternalRepr(doc) - return ebics25toInternalRepr(doc) } /** - * Checks that EBICS- and bank-technical return codes are both EBICS_OK. - * - * @param ebicsResponseContent valid response gotten from the bank. - * @return true only if both codes are EBICS_OK. - */ -private fun areCodesOk(ebicsResponseContent: EbicsResponseContent) = - ebicsResponseContent.technicalReturnCode == EbicsReturnCode.EBICS_OK && - ebicsResponseContent.bankReturnCode == EbicsReturnCode.EBICS_OK - -/** * Perform an EBICS download transaction. * * It conducts init -> transfer -> processing -> receipt phases. @@ -273,7 +161,6 @@ private fun areCodesOk(ebicsResponseContent: EbicsResponseContent) = * @param clientKeys client EBICS private keys. * @param bankKeys bank EBICS public keys. * @param reqXml raw EBICS XML request of the init phase. - * @param isEbics3 true for EBICS 3, false otherwise. * @param processing processing lambda receiving EBICS files as a byte stream if the transaction was not empty. * @return T if the transaction was successful. If the failure is at the EBICS * level EbicsSideException is thrown else ités the exception of the processing lambda. @@ -283,142 +170,98 @@ suspend fun ebicsDownload( cfg: EbicsSetupConfig, clientKeys: ClientPrivateKeysFile, bankKeys: BankPublicKeysFile, - reqXml: ByteArray, - isEbics3: Boolean, - processing: (InputStream) -> Unit + order: EbicsOrder, + startDate: Instant?, + endDate: Instant?, + processing: (InputStream) -> Unit, ) = coroutineScope { - val scope = this + val impl = EbicsBTS(cfg, bankKeys, clientKeys, order) + val parentScope = this + // We need to run the logic in a non-cancelable context because we need to send // a receipt for each open download transaction, otherwise we'll be stuck in an // error loop until the pending transaction timeout. // TODO find a way to cancel the pending transaction ? - withContext(NonCancellable) { - val initResp = postEbics(client, cfg, bankKeys, reqXml, isEbics3) - logger.debug("Download init phase done. EBICS- and bank-technical codes are: ${initResp.technicalReturnCode}, ${initResp.bankReturnCode}") - if (initResp.technicalReturnCode != EbicsReturnCode.EBICS_OK) { - throw Exception("Download init phase has EBICS-technical error: ${initResp.technicalReturnCode}") + withContext(NonCancellable) { + // Init phase + val initReq = impl.downloadInitialization(startDate, endDate) + val initResp = impl.postBTS(client, initReq, "Download init phase") + if (initResp.bankCode == EbicsReturnCode.EBICS_NO_DOWNLOAD_DATA_AVAILABLE) { + logger.debug("Download content is empty") + return@withContext } - if (initResp.bankReturnCode == EbicsReturnCode.EBICS_NO_DOWNLOAD_DATA_AVAILABLE) { - logger.debug("Download content is empty") - return@withContext - } else if (initResp.bankReturnCode != EbicsReturnCode.EBICS_OK) { - throw Exception("Download init phase has bank-technical error: ${initResp.bankReturnCode}") + val initContent = initResp.okOrFail("Download init phase") + val tId = requireNotNull(initContent.transactionID) { + "Download init phase: missing transaction ID" } - val tId = initResp.transactionID - ?: throw EbicsSideException( - "EBICS download init phase did not return a transaction ID, cannot do the transfer phase.", - sideEc = EbicsSideError.EBICS_UPLOAD_TRANSACTION_ID_MISSING - ) - logger.debug("EBICS download transaction passed the init phase, got ID: $tId") - val howManySegments = initResp.numSegments - if (howManySegments == null) { - throw Exception("Init response lacks the quantity of segments, failing.") + val howManySegments = requireNotNull(initContent.numSegments) { + "Download init phase: missing num segments" } - val ebicsChunks = mutableListOf<String>() - // Getting the chunk(s) - val firstDataChunk = initResp.orderDataEncChunk - ?: throw EbicsSideException( - "OrderData element not found, despite non empty payload, failing.", - sideEc = EbicsSideError.ORDER_DATA_ELEMENT_NOT_FOUND - ) - val dataEncryptionInfo = initResp.dataEncryptionInfo ?: run { - throw EbicsSideException( - "EncryptionInfo element not found, despite non empty payload, failing.", - sideEc = EbicsSideError.ENCRYPTION_INFO_ELEMENT_NOT_FOUND - ) + val firstDataChunk = requireNotNull(initContent.payloadChunk) { + "Download init phase: missing OrderData" } - ebicsChunks.add(firstDataChunk) - // proceed with the transfer phase. - for (x in 2 .. howManySegments) { - if (!scope.isActive) break - // request segment number x. - val transReq = if (isEbics3) - createEbics3DownloadTransferPhase(cfg, clientKeys, x, howManySegments, tId) - else createEbics25DownloadTransferPhase(cfg, clientKeys, x, howManySegments, tId) - - val transResp = postEbics(client, cfg, bankKeys, transReq, isEbics3) - if (!areCodesOk(transResp)) { - throw EbicsSideException( - "EBICS transfer segment #$x failed.", - sideEc = EbicsSideError.TRANSFER_SEGMENT_FAILED - ) + val dataEncryptionInfo = requireNotNull(initContent.dataEncryptionInfo) { + "Download init phase: missing EncryptionInfo" + } + + logger.debug("Download init phase for transaction '$tId'") + + /** Send download receipt */ + suspend fun receipt(success: Boolean) { + val xml = impl.downloadReceipt(tId, success) + impl.postBTS(client, xml, "Download receipt phase").okOrFail("Download receipt phase") + } + /** Throw if parent scope have been canceled */ + suspend fun checkCancellation() { + if (!parentScope.isActive) { + // First send a proper EBICS transaction failure + receipt(false) + // Send throw cancelation exception + throw CancellationException() } - val chunk = transResp.orderDataEncChunk - if (chunk == null) { - throw Exception("EBICS transfer phase lacks chunk #$x, failing.") + } + + // Transfer phase + val ebicsChunks = mutableListOf(firstDataChunk) + for (x in 2 .. howManySegments) { + checkCancellation() + val transReq = impl.downloadTransfer(x, howManySegments, tId) + val transResp = impl.postBTS(client, transReq, "Download transfer phase").okOrFail("Download transfer phase") + val chunk = requireNotNull(transResp.payloadChunk) { + "Download transfer phase: missing encrypted chunk" } ebicsChunks.add(chunk) } - suspend fun receipt(success: Boolean) { - val receiptXml = if (isEbics3) - createEbics3DownloadReceiptPhase(cfg, clientKeys, tId, success) - else createEbics25DownloadReceiptPhase(cfg, clientKeys, tId, success) - - // Sending the receipt to the bank. - postEbics( - client, - cfg, - bankKeys, - receiptXml, - isEbics3 - ) - } - if (scope.isActive) { - // all chunks gotten, shaping a meaningful response now. - val payloadBytes = decryptAndDecompressPayload( + + checkCancellation() + + // Decompress encrypted chunks + val payloadStream = try { + decryptAndDecompressPayload( clientKeys.encryption_private_key, dataEncryptionInfo, ebicsChunks ) - // Process payload - val res = runCatching { - processing(payloadBytes) - } - receipt(res.isSuccess) + } catch (e: Exception) { + throw EbicsError.Protocol("invalid chunks", e) + } - res.getOrThrow() - } else { - receipt(false) - throw CancellationException() + checkCancellation() + + // Run business logic + val res = runCatching { + processing(payloadStream) } + + // First send a proper EBICS transaction receipt + receipt(res.isSuccess) + // Then throw business logic exception if any + res.getOrThrow() } Unit } /** - * These errors affect an EBICS transaction regardless - * of the standard error codes. - */ -enum class EbicsSideError { - BANK_SIGNATURE_DIDNT_VERIFY, - BANK_RESPONSE_IS_INVALID, - ENCRYPTION_INFO_ELEMENT_NOT_FOUND, - ORDER_DATA_ELEMENT_NOT_FOUND, - TRANSFER_SEGMENT_FAILED, - /** - * This might indicate that the EBICS transaction had errors. - */ - EBICS_UPLOAD_TRANSACTION_ID_MISSING, - /** - * May be caused by a connection issue OR the HTTP response - * code was not 200 OK. Both cases should lead to retry as - * they are fixable or transient. - */ - HTTP_POST_FAILED -} - -/** - * Those errors happen before getting to validate the bank response - * and successfully verify its signature. They bring therefore NO - * business meaning and may be retried. - */ -class EbicsSideException( - msg: String, - val sideEc: EbicsSideError, - cause: Exception? = null -) : Exception(msg, cause) - -/** * Signs and the encrypts the data to send via EBICS. * * @param cfg configuration handle. @@ -433,43 +276,32 @@ fun prepareUploadPayload( clientKeys: ClientPrivateKeysFile, bankKeys: BankPublicKeysFile, payload: ByteArray, - isEbics3: Boolean ): PreparedUploadData { - val encryptionResult: CryptoUtil.EncryptionResult = if (isEbics3) { - val innerSignedEbicsXml = signOrderEbics3( // A006 signature. - payload, - clientKeys.signature_private_key, - cfg.ebicsPartnerId, - cfg.ebicsUserId - ) - val userSignatureDataEncrypted = CryptoUtil.encryptEbicsE002( - EbicsOrderUtil.encodeOrderDataXml(innerSignedEbicsXml), - bankKeys.bank_encryption_public_key - ) - userSignatureDataEncrypted - } else { - val innerSignedEbicsXml = signOrder( // A006 signature. - payload, - clientKeys.signature_private_key, - cfg.ebicsPartnerId, - cfg.ebicsUserId - ) - val userSignatureDataEncrypted = CryptoUtil.encryptEbicsE002( - EbicsOrderUtil.encodeOrderDataXml(innerSignedEbicsXml), - bankKeys.bank_encryption_public_key - ) - userSignatureDataEncrypted + val innerSignedEbicsXml = XmlBuilder.toBytes("UserSignatureData") { + attr("xmlns", "http://www.ebics.org/S002") + el("OrderSignatureData") { + el("SignatureVersion", "A006") + el("SignatureValue", CryptoUtil.signEbicsA006( + CryptoUtil.digestEbicsOrderA006(payload), + clientKeys.signature_private_key, + ).encodeBase64()) + el("PartnerID", cfg.ebicsPartnerId) + el("UserID", cfg.ebicsUserId) + } } - val plainTransactionKey = encryptionResult.plainTransactionKey - ?: throw Exception("Could not generate the transaction key, cannot encrypt the payload!") + val encryptionResult = CryptoUtil.encryptEbicsE002( + innerSignedEbicsXml.inputStream().deflate(), + bankKeys.bank_encryption_public_key + ) // Then only E002 symmetric (with ephemeral key) encrypt. - val compressedInnerPayload = payload.inputStream().deflate().readAllBytes() + val compressedInnerPayload = payload.inputStream().deflate() + // TODO stream val encryptedPayload = CryptoUtil.encryptEbicsE002withTransactionKey( compressedInnerPayload, bankKeys.bank_encryption_public_key, - plainTransactionKey + encryptionResult.plainTransactionKey ) - val encodedEncryptedPayload = Base64.getEncoder().encodeToString(encryptedPayload.encryptedData) + val encodedEncryptedPayload = encryptedPayload.encryptedData.encodeBase64() return PreparedUploadData( encryptionResult.encryptedTransactionKey, // ephemeral key @@ -480,32 +312,6 @@ fun prepareUploadPayload( } /** - * Possible states of an EBICS transaction. - */ -enum class EbicsPhase { - initialization, - transmission, - receipt -} - -/** - * Witnesses a failure in an EBICS communication. That - * implies that the bank response and its signature were - * both valid. - */ -class EbicsUploadException( - msg: String, - val phase: EbicsPhase, - val ebicsErrorCode: EbicsReturnCode, - /** - * If the error was EBICS-technical, then we might not - * even have interest on the business error code, therefore - * the value below may be null. - */ - val bankErrorCode: EbicsReturnCode? = null -) : Exception(msg) - -/** * Collects all the steps of an EBICS 3 upload transaction. * NOTE: this function could conveniently be reused for an EBICS 2.x * transaction, hence this function stays in this file. @@ -522,56 +328,122 @@ suspend fun doEbicsUpload( cfg: EbicsSetupConfig, clientKeys: ClientPrivateKeysFile, bankKeys: BankPublicKeysFile, - orderService: Ebics3Request.OrderDetails.Service, + order: EbicsOrder, payload: ByteArray, -): EbicsResponseContent = withContext(NonCancellable) { +): String = withContext(NonCancellable) { + val impl = EbicsBTS(cfg, bankKeys, clientKeys, order) // TODO use a lambda and pass the order detail there for atomicity ? - val preparedPayload = prepareUploadPayload(cfg, clientKeys, bankKeys, payload, isEbics3 = true) - val initXml = createEbics3RequestForUploadInitialization( - cfg, - preparedPayload, - bankKeys, - clientKeys, - orderService - ) - val initResp = postEbics( // may throw EbicsEarlyException - client, - cfg, - bankKeys, - initXml, - isEbics3 = true - ) - if (!areCodesOk(initResp)) throw EbicsUploadException( - "EBICS upload init failed", - phase = EbicsPhase.initialization, - ebicsErrorCode = initResp.technicalReturnCode, - bankErrorCode = initResp.bankReturnCode - ) - // Init phase OK, proceeding with the transfer phase. - val tId = initResp.transactionID - ?: throw EbicsSideException( - "EBICS upload init phase did not return a transaction ID, cannot do the transfer phase.", - sideEc = EbicsSideError.EBICS_UPLOAD_TRANSACTION_ID_MISSING - ) - val transferXml = createEbics3RequestForUploadTransferPhase( - cfg, - clientKeys, - tId, - preparedPayload - ) - val transferResp = postEbics( - client, - cfg, - bankKeys, - transferXml, - isEbics3 = true - ) - if (!areCodesOk(transferResp)) throw EbicsUploadException( - "EBICS upload transfer failed", - phase = EbicsPhase.transmission, - ebicsErrorCode = initResp.technicalReturnCode, - bankErrorCode = initResp.bankReturnCode - ) - // EBICS- and bank-technical codes were both EBICS_OK, success! - transferResp + val preparedPayload = prepareUploadPayload(cfg, clientKeys, bankKeys, payload) + + // Init phase + val initXml = impl.uploadInitialization(preparedPayload) + val initResp = impl.postBTS(client, initXml, "Upload init phase").okOrFail("Upload init phase") + val tId = requireNotNull(initResp.transactionID) { + "Upload init phase: missing transaction ID" + } + + // Transfer phase + val transferXml = impl.uploadTransfer(tId, preparedPayload) + val transferResp = impl.postBTS(client, transferXml, "Upload transfer phase").okOrFail("Upload transfer phase") + val orderId = requireNotNull(transferResp.orderID) { + "Upload transfer phase: missing order ID" + } + orderId +} + +/** + * @param size in bits + */ +fun getNonce(size: Int): ByteArray { + val sr = SecureRandom() + val ret = ByteArray(size / 8) + sr.nextBytes(ret) + return ret +} + +class PreparedUploadData( + val transactionKey: ByteArray, + val userSignatureDataEncrypted: ByteArray, + val dataDigest: ByteArray, + val encryptedPayloadChunks: List<String> +) + +class DataEncryptionInfo( + val transactionKey: ByteArray, + val bankPubDigest: ByteArray +) + +class EbicsResponse<T>( + val technicalCode: EbicsReturnCode, + val bankCode: EbicsReturnCode, + private val content: T +) { + /** Checks that return codes are both EBICS_OK or throw an exception */ + fun okOrFail(phase: String): T { + logger.debug("$phase return codes: $technicalCode & $bankCode") + require(technicalCode.kind() != EbicsReturnCode.Kind.Error) { + "$phase has technical error: $technicalCode" + } + require(bankCode.kind() != EbicsReturnCode.Kind.Error) { + "$phase has bank error: $bankCode" + } + return content + } +} + +// TODO import missing using a script +@Suppress("SpellCheckingInspection") +enum class EbicsReturnCode(val code: String) { + EBICS_OK("000000"), + EBICS_DOWNLOAD_POSTPROCESS_DONE("011000"), + EBICS_DOWNLOAD_POSTPROCESS_SKIPPED("011001"), + EBICS_TX_SEGMENT_NUMBER_UNDERRUN("011101"), + EBICS_AUTHENTICATION_FAILED("061001"), + EBICS_INVALID_REQUEST("061002"), + EBICS_INTERNAL_ERROR("061099"), + EBICS_TX_RECOVERY_SYNC("061101"), + EBICS_AUTHORISATION_ORDER_IDENTIFIER_FAILED("090003"), + EBICS_INVALID_ORDER_DATA_FORMAT("090004"), + EBICS_NO_DOWNLOAD_DATA_AVAILABLE("090005"), + EBICS_INVALID_USER_OR_USER_STATE("091002"), + EBICS_USER_UNKNOWN("091003"), + EBICS_INVALID_USER_STATE("091004"), + EBICS_INVALID_ORDER_IDENTIFIER("091005"), + EBICS_UNSUPPORTED_ORDER_TYPE("091006"), + EBICS_INVALID_XML("091010"), + EBICS_TX_MESSAGE_REPLAY("091103"), + EBICS_INVALID_REQUEST_CONTENT("091113"), + EBICS_PROCESSING_ERROR("091116"), + EBICS_ACCOUNT_AUTHORISATION_FAILED("091302"), + EBICS_AMOUNT_CHECK_FAILED("091303"); + + enum class Kind { + Information, + Note, + Warning, + Error + } + + fun kind(): Kind { + return when (val errorClass = code.substring(0..1)) { + "00" -> Kind.Information + "01" -> Kind.Note + "03" -> Kind.Warning + "06", "09" -> Kind.Error + else -> throw Exception("Unknown EBICS status code error class: $errorClass") + } + } + + companion object { + fun lookup(code: String): EbicsReturnCode { + for (x in entries) { + if (x.code == code) { + return x + } + } + throw Exception( + "Unknown EBICS status code: $code" + ) + } + } }
\ No newline at end of file diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsKeyMng.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsKeyMng.kt new file mode 100644 index 00000000..a6d965e5 --- /dev/null +++ b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsKeyMng.kt @@ -0,0 +1,210 @@ +/* + * This file is part of LibEuFin. + * Copyright (C) 2024 Taler Systems S.A. + + * LibEuFin is free software; you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation; either version 3, or + * (at your option) any later version. + + * LibEuFin is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General + * Public License for more details. + + * You should have received a copy of the GNU Affero General Public + * License along with LibEuFin; see the file COPYING. If not, see + * <http://www.gnu.org/licenses/> + */ + +package tech.libeufin.nexus.ebics + +import org.w3c.dom.Document +import tech.libeufin.common.crypto.CryptoUtil +import tech.libeufin.common.* +import tech.libeufin.nexus.* +import tech.libeufin.nexus.BankPublicKeysFile +import tech.libeufin.nexus.ClientPrivateKeysFile +import tech.libeufin.nexus.EbicsSetupConfig +import java.io.InputStream +import java.time.Instant +import java.time.ZoneId +import java.util.* +import javax.xml.datatype.DatatypeFactory +import java.security.interfaces.* + +/** EBICS protocol for key management */ +class Ebics3KeyMng( + private val cfg: EbicsSetupConfig, + private val clientKeys: ClientPrivateKeysFile +) { + fun INI(): ByteArray { + val inner = XMLOrderData(cfg, "ns2:SignaturePubKeyOrderData", "http://www.ebics.org/S001") { + el("ns2:SignaturePubKeyInfo") { + RSAKeyXml(clientKeys.signature_private_key) + el("ns2:SignatureVersion", "A006") + } + } + val doc = request("ebicsUnsecuredRequest") { + el("header") { + attr("authenticate", "true") + el("static") { + el("HostID", cfg.ebicsHostId) + el("PartnerID", cfg.ebicsPartnerId) + el("UserID", cfg.ebicsUserId) + el("OrderDetails") { + el("OrderType", "INI") + el("OrderAttribute", "DZNNN") + } + el("SecurityMedium", "0200") + } + el("mutable") + } + el("body/DataTransfer/OrderData", inner) + } + return XMLUtil.convertDomToBytes(doc) + } + + fun HIA(): ByteArray { + val inner = XMLOrderData(cfg, "ns2:HIARequestOrderData", "urn:org:ebics:H004") { + el("ns2:AuthenticationPubKeyInfo") { + RSAKeyXml(clientKeys.authentication_private_key) + el("ns2:AuthenticationVersion", "X002") + } + el("ns2:EncryptionPubKeyInfo") { + RSAKeyXml(clientKeys.encryption_private_key) + el("ns2:EncryptionVersion", "E002") + } + } + val doc = request("ebicsUnsecuredRequest") { + el("header") { + attr("authenticate", "true") + el("static") { + el("HostID", cfg.ebicsHostId) + el("PartnerID", cfg.ebicsPartnerId) + el("UserID", cfg.ebicsUserId) + el("OrderDetails") { + el("OrderType", "HIA") + el("OrderAttribute", "DZNNN") + } + el("SecurityMedium", "0200") + } + el("mutable") + } + el("body/DataTransfer/OrderData", inner) + } + return XMLUtil.convertDomToBytes(doc) + } + + fun HPB(): ByteArray { + val nonce = getNonce(128) + val doc = request("ebicsNoPubKeyDigestsRequest") { + el("header") { + attr("authenticate", "true") + el("static") { + el("HostID", cfg.ebicsHostId) + el("Nonce", nonce.encodeUpHex()) + el("Timestamp", Instant.now().xmlDateTime()) + el("PartnerID", cfg.ebicsPartnerId) + el("UserID", cfg.ebicsUserId) + el("OrderDetails") { + el("OrderType", "HPB") + el("OrderAttribute", "DZHNN") + } + el("SecurityMedium", "0000") + } + el("mutable") + } + el("AuthSignature") + el("body") + } + XMLUtil.signEbicsDocument(doc, clientKeys.authentication_private_key, "H004") + return XMLUtil.convertDomToBytes(doc) + } + + /* ----- Helpers ----- */ + + private fun request(name: String, build: XmlBuilder.() -> Unit): Document { + return XmlBuilder.toDom(name, "urn:org:ebics:H004") { + attr("http://www.w3.org/2000/xmlns/", "xmlns", "urn:org:ebics:H004") + attr("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#") + attr("Version", "H004") + attr("Revision", "1") + build() + } + } + + private fun XmlBuilder.RSAKeyXml(key: RSAPrivateCrtKey) { + el("ns2:PubKeyValue") { + el("ds:RSAKeyValue") { + el("ds:Modulus", key.modulus.encodeBase64()) + el("ds:Exponent", key.publicExponent.encodeBase64()) + } + } + } + + private fun XMLOrderData(cfg: EbicsSetupConfig, name: String, schema: String, build: XmlBuilder.() -> Unit): String { + return XmlBuilder.toBytes(name) { + attr("xmlns:ds", "http://www.w3.org/2000/09/xmldsig#") + attr("xmlns:ns2", schema) + build() + el("ns2:PartnerID", cfg.ebicsPartnerId) + el("ns2:UserID", cfg.ebicsUserId) + }.inputStream().deflate().encodeBase64() + } + + companion object { + fun parseResponse(doc: Document, clientEncryptionKey: RSAPrivateCrtKey): EbicsResponse<InputStream?> { + return XmlDestructor.fromDoc(doc, "ebicsKeyManagementResponse") { + lateinit var technicalCode: EbicsReturnCode + lateinit var bankCode: EbicsReturnCode + var payload: InputStream? = null + one("header") { + one("mutable") { + technicalCode = EbicsReturnCode.lookup(one("ReturnCode").text()) + } + } + one("body") { + bankCode = EbicsReturnCode.lookup(one("ReturnCode").text()) + payload = opt("DataTransfer") { + val descriptionInfo = one("DataEncryptionInfo") { + DataEncryptionInfo( + one("TransactionKey").text().decodeBase64(), + one("EncryptionPubKeyDigest").text().decodeBase64() + ) + } + val chunk = one("OrderData").text().decodeBase64() + decryptAndDecompressPayload( + clientEncryptionKey, + descriptionInfo, + listOf(chunk) + ) + } + } + EbicsResponse( + technicalCode = technicalCode, + bankCode, + content = payload + ) + } + } + + fun parseHpbOrder(data: InputStream): Pair<RSAPublicKey, RSAPublicKey> { + return XmlDestructor.fromStream(data, "HPBResponseOrderData") { + val authPub = one("AuthenticationPubKeyInfo").one("PubKeyValue").one("RSAKeyValue") { + CryptoUtil.loadRsaPublicKeyFromComponents( + one("Modulus").text().decodeBase64(), + one("Exponent").text().decodeBase64(), + ) + } + val encPub = one("EncryptionPubKeyInfo").one("PubKeyValue").one("RSAKeyValue") { + CryptoUtil.loadRsaPublicKeyFromComponents( + one("Modulus").text().decodeBase64(), + one("Exponent").text().decodeBase64(), + ) + } + Pair(authPub, encPub) + } + } + } +}
\ No newline at end of file diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsOrder.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsOrder.kt new file mode 100644 index 00000000..3c73fff0 --- /dev/null +++ b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsOrder.kt @@ -0,0 +1,59 @@ +/* + * This file is part of LibEuFin. + * Copyright (C) 2024 Taler Systems S.A. + + * LibEuFin is free software; you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation; either version 3, or + * (at your option) any later version. + + * LibEuFin is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General + * Public License for more details. + + * You should have received a copy of the GNU Affero General Public + * License along with LibEuFin; see the file COPYING. If not, see + * <http://www.gnu.org/licenses/> + */ +package tech.libeufin.nexus.ebics + +// We will support more dialect in the future + +sealed class EbicsOrder(val schema: String) { + data class V2_5( + val type: String, + val attribute: String + ): EbicsOrder("H004") + data class V3( + val type: String, + val name: String? = null, + val scope: String? = null, + val messageName: String? = null, + val messageVersion: String? = null, + val container: String? = null, + ): EbicsOrder("H005") +} + +fun downloadDocService(doc: SupportedDocument, ebics2: Boolean): EbicsOrder { + return if (ebics2) { + when (doc) { + SupportedDocument.PAIN_002 -> EbicsOrder.V2_5("Z01", "DZHNN") + SupportedDocument.CAMT_052 -> EbicsOrder.V2_5("Z52", "DZHNN") + SupportedDocument.CAMT_053 -> EbicsOrder.V2_5("Z53", "DZHNN") + SupportedDocument.CAMT_054 -> EbicsOrder.V2_5("Z54", "DZHNN") + SupportedDocument.PAIN_002_LOGS -> EbicsOrder.V2_5("HAC", "DZHNN") + } + } else { + when (doc) { + SupportedDocument.PAIN_002 -> EbicsOrder.V3("BTD", "PSR", "CH", "pain.002", "10", "ZIP") + SupportedDocument.CAMT_052 -> EbicsOrder.V3("BTD", "STM", "CH", "camt.052", "08", "ZIP") + SupportedDocument.CAMT_053 -> EbicsOrder.V3("BTD", "EOP", "CH", "camt.053", "08", "ZIP") + SupportedDocument.CAMT_054 -> EbicsOrder.V3("BTD", "REP", "CH", "camt.054", "08", "ZIP") + SupportedDocument.PAIN_002_LOGS -> EbicsOrder.V3("HAC") + } + } +} + +fun uploadPaymentService(): EbicsOrder = + EbicsOrder.V3("BTU", "MCT", "CH", "pain.001", "09") |