1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
|
/*
* This file is part of LibEuFin.
* Copyright (C) 2024 Taler Systems S.A.
* LibEuFin is free software; you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation; either version 3, or
* (at your option) any later version.
* LibEuFin is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General
* Public License for more details.
* You should have received a copy of the GNU Affero General Public
* License along with LibEuFin; see the file COPYING. If not, see
* <http://www.gnu.org/licenses/>
*/
/**
* This file collects the EBICS helpers in the most version-independent way.
* It tries therefore to make the helpers reusable across the EBICS versions 2.x
* and 3.x.
*/
/**
* NOTE: it has been observed that even with a EBICS 3 server, it
* is still possible to exchange the keys via the EBICS 2.5 protocol.
* That is how this file does, but future versions should implement the
* EBICS 3 keying.
*/
package tech.libeufin.nexus.ebics
import io.ktor.client.*
import io.ktor.client.plugins.*
import io.ktor.client.request.*
import io.ktor.client.statement.*
import io.ktor.http.*
import io.ktor.utils.io.jvm.javaio.*
import tech.libeufin.common.*
import tech.libeufin.common.crypto.*
import tech.libeufin.nexus.*
import java.io.ByteArrayOutputStream
import java.io.InputStream
import java.io.SequenceInputStream
import java.security.interfaces.RSAPrivateCrtKey
import java.time.LocalDateTime
import java.time.format.DateTimeFormatter
import java.util.*
import kotlinx.coroutines.*
import java.security.SecureRandom
import org.w3c.dom.Document
import org.xml.sax.SAXException
/**
* Available EBICS versions.
*/
enum class EbicsVersion { two, three }
/**
* Which documents can be downloaded via EBICS.
*/
enum class SupportedDocument {
PAIN_002,
PAIN_002_LOGS,
CAMT_053,
CAMT_052,
CAMT_054
}
/**
* Decrypts and decompresses the business payload that was
* transported within an EBICS message from the bank
*
* @param clientEncryptionKey client private encryption key, used to decrypt
* the transaction key. The transaction key is the
* one actually used to encrypt the payload.
* @param encryptionInfo details related to the encrypted payload.
* @param chunks the several chunks that constitute the whole encrypted payload.
* @return the plain payload.
*/
fun decryptAndDecompressPayload(
clientEncryptionKey: RSAPrivateCrtKey,
encryptionInfo: DataEncryptionInfo,
chunks: List<ByteArray>
): InputStream =
SequenceInputStream(Collections.enumeration(chunks.map { it.inputStream() })) // Aggregate
.run {
CryptoUtil.decryptEbicsE002(
encryptionInfo.transactionKey,
this,
clientEncryptionKey
)
}.inflate()
sealed class EbicsError(msg: String, cause: Throwable? = null): Exception(msg, cause) {
/** Http and network errors */
class Transport(msg: String, cause: Throwable? = null): EbicsError(msg, cause)
/** EBICS protocol & XML format error */
class Protocol(msg: String, cause: Throwable? = null): EbicsError(msg, cause)
}
/**
* POSTs the EBICS message to the bank.
*
* @param URL where the bank serves EBICS requests.
* @param msg EBICS message as raw bytes.
* @return the raw bank response.
*/
suspend fun HttpClient.postToBank(bankUrl: String, msg: ByteArray): Document {
val res = try {
post(urlString = bankUrl) {
contentType(ContentType.Text.Xml)
setBody(msg)
}
} catch (e: Exception) {
throw EbicsError.Transport("failed to contact bank", e)
}
if (res.status != HttpStatusCode.OK) {
throw EbicsError.Transport("bank HTTP error: ${res.status}")
}
try {
return XMLUtil.parseIntoDom(res.bodyAsChannel().toInputStream())
} catch (e: SAXException) {
throw EbicsError.Protocol("invalid XML bank reponse", e)
} catch (e: Exception) {
throw EbicsError.Transport("failed read bank response", e)
}
}
suspend fun postBTS(
client: HttpClient,
cfg: EbicsSetupConfig,
bankKeys: BankPublicKeysFile,
xmlReq: ByteArray
): EbicsResponse<BTSResponse> {
val doc = client.postToBank(cfg.hostBaseUrl, xmlReq)
if (!XMLUtil.verifyEbicsDocument(
doc,
bankKeys.bank_authentication_public_key,
true
)) {
throw EbicsError.Protocol("bank signature did not verify")
}
try {
return Ebics3BTS.parseResponse(doc)
} catch (e: Exception) {
throw EbicsError.Protocol("invalid ebics response", e)
}
}
/**
* Perform an EBICS download transaction.
*
* It conducts init -> transfer -> processing -> receipt phases.
*
* @param client HTTP client for POSTing to the bank.
* @param cfg configuration handle.
* @param clientKeys client EBICS private keys.
* @param bankKeys bank EBICS public keys.
* @param reqXml raw EBICS XML request of the init phase.
* @param processing processing lambda receiving EBICS files as a byte stream if the transaction was not empty.
* @return T if the transaction was successful. If the failure is at the EBICS
* level EbicsSideException is thrown else ités the exception of the processing lambda.
*/
suspend fun ebicsDownload(
client: HttpClient,
cfg: EbicsSetupConfig,
clientKeys: ClientPrivateKeysFile,
bankKeys: BankPublicKeysFile,
reqXml: ByteArray,
processing: (InputStream) -> Unit
) = coroutineScope {
val impl = Ebics3BTS(cfg, bankKeys, clientKeys)
val parentScope = this
// We need to run the logic in a non-cancelable context because we need to send
// a receipt for each open download transaction, otherwise we'll be stuck in an
// error loop until the pending transaction timeout.
// TODO find a way to cancel the pending transaction ?
withContext(NonCancellable) {
// Init phase
val initResp = postBTS(client, cfg, bankKeys, reqXml)
if (initResp.bankCode == EbicsReturnCode.EBICS_NO_DOWNLOAD_DATA_AVAILABLE) {
logger.debug("Download content is empty")
return@withContext
}
val initContent = initResp.okOrFail("Download init phase")
val tId = requireNotNull(initContent.transactionID) {
"Download init phase: missing transaction ID"
}
val howManySegments = requireNotNull(initContent.numSegments) {
"Download init phase: missing num segments"
}
val firstDataChunk = requireNotNull(initContent.payloadChunk) {
"Download init phase: missing OrderData"
}
val dataEncryptionInfo = requireNotNull(initContent.dataEncryptionInfo) {
"Download init phase: missing EncryptionInfo"
}
logger.debug("Download init phase for transaction '$tId'")
/** Send download receipt */
suspend fun receipt(success: Boolean) {
val xml = impl.downloadReceipt(tId, success)
postBTS(client, cfg, bankKeys, xml).okOrFail("Download receipt phase")
}
/** Throw if parent scope have been canceled */
suspend fun checkCancellation() {
if (!parentScope.isActive) {
// First send a proper EBICS transaction failure
receipt(false)
// Send throw cancelation exception
throw CancellationException()
}
}
// Transfer phase
val ebicsChunks = mutableListOf(firstDataChunk)
for (x in 2 .. howManySegments) {
checkCancellation()
val transReq = impl.downloadTransfer(x, howManySegments, tId)
val transResp = postBTS(client, cfg, bankKeys, transReq).okOrFail("Download transfer phase")
val chunk = requireNotNull(transResp.payloadChunk) {
"Download transfer phase: missing encrypted chunk"
}
ebicsChunks.add(chunk)
}
checkCancellation()
// Decompress encrypted chunks
val payloadStream = try {
decryptAndDecompressPayload(
clientKeys.encryption_private_key,
dataEncryptionInfo,
ebicsChunks
)
} catch (e: Exception) {
throw EbicsError.Protocol("invalid chunks", e)
}
checkCancellation()
// Run business logic
val res = runCatching {
processing(payloadStream)
}
// First send a proper EBICS transaction receipt
receipt(res.isSuccess)
// Then throw business logic exception if any
res.getOrThrow()
}
Unit
}
/**
* Signs and the encrypts the data to send via EBICS.
*
* @param cfg configuration handle.
* @param clientKeys client keys.
* @param bankKeys bank keys.
* @param payload business payload to send to the bank, typically ISO20022.
* @param isEbics3 true if the payload travels on EBICS 3.
* @return [PreparedUploadData]
*/
fun prepareUploadPayload(
cfg: EbicsSetupConfig,
clientKeys: ClientPrivateKeysFile,
bankKeys: BankPublicKeysFile,
payload: ByteArray,
): PreparedUploadData {
val innerSignedEbicsXml = XmlBuilder.toBytes("UserSignatureData") {
attr("xmlns", "http://www.ebics.org/S002")
el("OrderSignatureData") {
el("SignatureVersion", "A006")
el("SignatureValue", CryptoUtil.signEbicsA006(
CryptoUtil.digestEbicsOrderA006(payload),
clientKeys.signature_private_key,
).encodeBase64())
el("PartnerID", cfg.ebicsPartnerId)
el("UserID", cfg.ebicsUserId)
}
}
val encryptionResult = CryptoUtil.encryptEbicsE002(
innerSignedEbicsXml.inputStream().deflate(),
bankKeys.bank_encryption_public_key
)
// Then only E002 symmetric (with ephemeral key) encrypt.
val compressedInnerPayload = payload.inputStream().deflate()
// TODO stream
val encryptedPayload = CryptoUtil.encryptEbicsE002withTransactionKey(
compressedInnerPayload,
bankKeys.bank_encryption_public_key,
encryptionResult.plainTransactionKey
)
val encodedEncryptedPayload = encryptedPayload.encryptedData.encodeBase64()
return PreparedUploadData(
encryptionResult.encryptedTransactionKey, // ephemeral key
encryptionResult.encryptedData, // bank-pub-encrypted A006 signature.
CryptoUtil.digestEbicsOrderA006(payload), // used by EBICS 3
listOf(encodedEncryptedPayload) // actual payload E002 encrypted.
)
}
/**
* Collects all the steps of an EBICS 3 upload transaction.
* NOTE: this function could conveniently be reused for an EBICS 2.x
* transaction, hence this function stays in this file.
*
* @param client HTTP client for POSTing to the bank.
* @param cfg configuration handle.
* @param clientKeys client EBICS private keys.
* @param bankKeys bank EBICS public keys.
* @param payload binary business paylaod.
* @return [EbicsResponseContent] or throws [EbicsUploadException]
*/
suspend fun doEbicsUpload(
client: HttpClient,
cfg: EbicsSetupConfig,
clientKeys: ClientPrivateKeysFile,
bankKeys: BankPublicKeysFile,
service: Ebics3Service,
payload: ByteArray,
): String = withContext(NonCancellable) {
val impl = Ebics3BTS(cfg, bankKeys, clientKeys)
// TODO use a lambda and pass the order detail there for atomicity ?
val preparedPayload = prepareUploadPayload(cfg, clientKeys, bankKeys, payload)
// Init phase
val initXml = impl.uploadInitialization(service, preparedPayload)
val initResp = postBTS(client, cfg, bankKeys, initXml).okOrFail("Upload init phase")
val tId = requireNotNull(initResp.transactionID) {
"Upload init phase: missing transaction ID"
}
// Transfer phase
val transferXml = impl.uploadTransfer(tId, preparedPayload)
val transferResp = postBTS(client, cfg, bankKeys, transferXml).okOrFail("Upload transfer phase")
val orderId = requireNotNull(transferResp.orderID) {
"Upload transfer phase: missing order ID"
}
orderId
}
/**
* @param size in bits
*/
fun getNonce(size: Int): ByteArray {
val sr = SecureRandom()
val ret = ByteArray(size / 8)
sr.nextBytes(ret)
return ret
}
class PreparedUploadData(
val transactionKey: ByteArray,
val userSignatureDataEncrypted: ByteArray,
val dataDigest: ByteArray,
val encryptedPayloadChunks: List<String>
)
class DataEncryptionInfo(
val transactionKey: ByteArray,
val bankPubDigest: ByteArray
)
/**
* Collects all the steps to prepare the submission of a pain.001
* document to the bank, and finally send it. Indirectly throws
* [EbicsSideException] or [EbicsUploadException]. The first means
* that the bank sent an invalid response or signature, the second
* that a proper EBICS or business error took place. The caller must
* catch those exceptions and decide the retry policy.
*
* @param pain001xml pain.001 document in XML. The caller should
* ensure its validity.
* @param cfg configuration handle.
* @param clientKeys client private keys.
* @param bankkeys bank public keys.
* @param httpClient HTTP client to connect to the bank.
*/
suspend fun submitPain001(
pain001xml: ByteArray,
cfg: EbicsSetupConfig,
clientKeys: ClientPrivateKeysFile,
bankkeys: BankPublicKeysFile,
httpClient: HttpClient
): String {
val service = Ebics3Service(
name = "MCT",
scope = "CH",
messageName = "pain.001",
messageVersion = "09",
container = null
)
return doEbicsUpload(
httpClient,
cfg,
clientKeys,
bankkeys,
service,
pain001xml,
)
}
class EbicsResponse<T>(
val technicalCode: EbicsReturnCode,
val bankCode: EbicsReturnCode,
private val content: T
) {
/** Checks that return codes are both EBICS_OK or throw an exception */
fun okOrFail(phase: String): T {
logger.debug("$phase return codes: $technicalCode & $bankCode")
require(technicalCode.kind() != EbicsReturnCode.Kind.Error) {
"$phase has technical error: $technicalCode"
}
require(bankCode.kind() != EbicsReturnCode.Kind.Error) {
"$phase has bank error: $bankCode"
}
return content
}
}
// TODO import missing using a script
@Suppress("SpellCheckingInspection")
enum class EbicsReturnCode(val code: String) {
EBICS_OK("000000"),
EBICS_DOWNLOAD_POSTPROCESS_DONE("011000"),
EBICS_DOWNLOAD_POSTPROCESS_SKIPPED("011001"),
EBICS_TX_SEGMENT_NUMBER_UNDERRUN("011101"),
EBICS_AUTHENTICATION_FAILED("061001"),
EBICS_INVALID_REQUEST("061002"),
EBICS_INTERNAL_ERROR("061099"),
EBICS_TX_RECOVERY_SYNC("061101"),
EBICS_AUTHORISATION_ORDER_IDENTIFIER_FAILED("090003"),
EBICS_INVALID_ORDER_DATA_FORMAT("090004"),
EBICS_NO_DOWNLOAD_DATA_AVAILABLE("090005"),
EBICS_INVALID_USER_OR_USER_STATE("091002"),
EBICS_USER_UNKNOWN("091003"),
EBICS_INVALID_USER_STATE("091004"),
EBICS_INVALID_ORDER_IDENTIFIER("091005"),
EBICS_UNSUPPORTED_ORDER_TYPE("091006"),
EBICS_INVALID_XML("091010"),
EBICS_TX_MESSAGE_REPLAY("091103"),
EBICS_INVALID_REQUEST_CONTENT("091113"),
EBICS_PROCESSING_ERROR("091116"),
EBICS_ACCOUNT_AUTHORISATION_FAILED("091302"),
EBICS_AMOUNT_CHECK_FAILED("091303");
enum class Kind {
Information,
Note,
Warning,
Error
}
fun kind(): Kind {
return when (val errorClass = code.substring(0..1)) {
"00" -> Kind.Information
"01" -> Kind.Note
"03" -> Kind.Warning
"06", "09" -> Kind.Error
else -> throw Exception("Unknown EBICS status code error class: $errorClass")
}
}
companion object {
fun lookup(code: String): EbicsReturnCode {
for (x in entries) {
if (x.code == code) {
return x
}
}
throw Exception(
"Unknown EBICS status code: $code"
)
}
}
}
|
