libeufin

Integration and sandbox testing for FinTech APIs and data formats
Log | Files | Refs | Submodules | README | LICENSE
commit 27893bb6edf97428696f153f60a0398174098184
parent 29330380a762b3a1436224904382403e47cd525b
Author: Marcello Stanisci <stanisci.m@gmail.com>
Date:   Wed, 23 Oct 2019 16:37:03 +0200

fix HIA, plus add sample data.

Diffstat:

Msandbox/src/main/kotlin/DB.kt | 4++--


Msandbox/src/main/kotlin/Main.kt | 28++++++++++++++++++++--------


Msandbox/src/test/resources/HIA.xml | 45+++++++++++++++++++++++++--------------------


3 files changed, 47 insertions(+), 30 deletions(-)

diff --git a/sandbox/src/main/kotlin/DB.kt b/sandbox/src/main/kotlin/DB.kt
@@ -8,8 +8,8 @@ const val CUSTOMER_NAME_MAX_LENGTH = 20
 const val EBICS_USER_ID_MAX_LENGTH = 10
 const val EBICS_PARTNER_ID_MAX_LENGTH = 10
 const val EBICS_SYSTEM_ID_MAX_LENGTH = 10
-const val PUBLIC_KEY_MAX_MODULUS_LENGTH = 256 // FIXME review this value!
-const val PUBLIC_KEY_MAX_EXPONENT_LENGTH = 256 // FIXME review this value!
+const val PUBLIC_KEY_MAX_MODULUS_LENGTH = 2048 // FIXME review this value!
+const val PUBLIC_KEY_MAX_EXPONENT_LENGTH = 64 // FIXME review this value!
 const val PRIV_KEY_MAX_LENGTH = 512 // FIXME review this value!
 
 /**
diff --git a/sandbox/src/main/kotlin/Main.kt b/sandbox/src/main/kotlin/Main.kt
@@ -277,7 +277,7 @@ private suspend fun ApplicationCall.ebicsweb() {
 
     val body: String = receiveText()
     logger.debug("Data received: $body")
-    
+
     val bodyDocument: Document? = xmlProcess.parseStringIntoDom(body)
 
     if (bodyDocument == null || (!xmlProcess.validateFromDom(bodyDocument))) {
@@ -398,7 +398,22 @@ private suspend fun ApplicationCall.ebicsweb() {
              * and at this point is valid and _never_ empty.
              */
             val inflater = InflaterInputStream(zkey.inputStream())
-            var payload = ByteArray(1) {inflater.read().toByte()}
+
+            var payload = try {
+                ByteArray(1) {inflater.read().toByte()}
+            } catch (e: Exception) {
+                e.printStackTrace()
+                val response = KeyManagementResponse(
+                    returnCode = InvalidXmlHelper.getCode(),
+                    reportText = InvalidXmlHelper.getMessage("Badly compressed key")
+                )
+                respondText(
+                    contentType = ContentType.Application.Xml,
+                    status = HttpStatusCode.BadRequest
+                ) { xmlProcess.convertJaxbToString(response.get())!! }
+
+                return
+            }
 
             while (inflater.available() == 1) {
                 payload += inflater.read().toByte()
@@ -406,6 +421,7 @@ private suspend fun ApplicationCall.ebicsweb() {
 
             inflater.close()
 
+            logger.debug("Found payload: ${payload.toString(US_ASCII)}")
 
             when (bodyJaxb.value.header.static.orderDetails.orderType) {
 
@@ -468,7 +484,7 @@ private suspend fun ApplicationCall.ebicsweb() {
                             keyObject.value.encryptionPubKeyInfo.pubKeyValue.rsaKeyValue.exponent
                         )
                     } catch (e: Exception) {
-                        logger.info("User gave bad at lease one invalid HIA key")
+                        logger.info("User gave at least one invalid HIA key")
                         e.printStackTrace()
                         val response = KeyManagementResponse(
                             returnCode = InvalidXmlHelper.getCode(),
@@ -483,8 +499,6 @@ private suspend fun ApplicationCall.ebicsweb() {
                         return
                     }
 
-                    // user exists and keys are good.
-
                     // put try-catch block here? (FIXME)
                     transaction {
                         ebicsSubscriber.authenticationKey = EbicsPublicKey.new {
@@ -521,12 +535,10 @@ private suspend fun ApplicationCall.ebicsweb() {
                 )
             )
 
-            val responseText: String? = xmlProcess.convertJaxbToString(hevResponse.get())
-
             respondText(
                 contentType = ContentType.Application.Xml,
                 status = HttpStatusCode.OK
-            ) { responseText.toString() }
+            ) { xmlProcess.convertJaxbToString(hevResponse.get())!! }
             return
         }
         else -> {
diff --git a/sandbox/src/test/resources/HIA.xml b/sandbox/src/test/resources/HIA.xml
@@ -1,21 +1,26 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<ebics:ebicsUnsecuredRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ebics="urn:org:ebics:H004" xmlns="http://www.w3.org/2001/XMLSchema" Version="H004" Revision="1">
-  <ebics:header authenticate="true">
-    <ebics:static>
-      <ebics:HostID>EBIXQUAL</ebics:HostID>
-      <ebics:PartnerID>EXCHANGE</ebics:PartnerID>
-      <ebics:UserID>TALER</ebics:UserID>
-      <ebics:OrderDetails>
-        <ebics:OrderType>HIA</ebics:OrderType>
-        <ebics:OrderAttribute>DZNNN</ebics:OrderAttribute>
-      </ebics:OrderDetails>
-      <ebics:SecurityMedium>0000</ebics:SecurityMedium>
-    </ebics:static>
-    <ebics:mutable/>
-  </ebics:header>
-  <ebics:body>
-    <ebics:DataTransfer>
-      <ebics:OrderData>eJy9lsmSo0gWRff1FWnRSywTZxZhkVHGLASIeZB2zCAxiVHw9a2OjMiurIxadi/fu9evO+bvuPHy572uvsxpP5Rt8/0J+QaevqRN3CZlk39/msbs6+7pz9c/XtKojIfnvcxY6W1Kh1Hvk7TnwzH88ljfDM/J8P2pGMfuGYaXZfm2YN/aPodRAAAMaPjhSYYy/9fTu/st7RHfN88P2/N7OAD4T8PD/Uvgm+Ut0wYAebf9w5YIHGiqHRdpHT69vp+cmcYibcYyDsfHhxpTpKSr3GTth/6j44XVlL6+JMOzZTO/1FqbTNU0vDImw77Af2n8RxTuXds80l+ZQyHGV0GJiP1FzaeRvXG12BaUfsx1fuqYwTfVhGg76QzjdDWD0owyOb2LSqwsvRZSFgCHqItQ40zl1wrG1O68Uzj76ux21QKzmXGPUO0cMhcF6tnVM/jlWikrJ5ThnF+iA7Q6dt1z0X4D5ynRyru7gEsQCv5g5S0K48eW6YNluLOctlfF2m96ye3Q2UmiUNwM1TK5BoEfu2FZiACinrXgvmc0/+iZd2rA6ezAcUuDZhYizJHOIsOJjoNjSt2oBd13plF2jLqdlF0bdjgJbRKk0v6hXZEpWaULbHViTd4Ej5eveWrkiQtC1oFtlMSVQMFjjAHEjgPm5UrYVyxweq9PeyvmZ2ktBsrkZXazMyJ4nA1gdAJwK+tlNUZTDqOUprF2/hbVHGIMR7divENoajVO1WNpWFxIrZmfE2ok2QzhNNXFvaPcFTBXhrULeDLcO8f1Yr0WwJh4LNfNgzMQPQmleN7qDZxTAiaHto0B2HfxZrs5u6GmL6O520Q/CJAJKZ2zyOihMBaWo3eBz1pVWRlcP0W1Yd8Vvkk3qONkvmavUonYzKFRRA3cw/3NMug+QyHu0uH7XquQuI/ULuFH3GskGtldN9usrRNZk6YdsSgckp4+ntt0Qc8lVaxcyWBWIMrVET4jvnbhqCM0WBZ/T6yo2a8p3t0W66KHGb0LtYw9i811JtlT6EALea/epvjn5L5Vvwz9Dy6csk7tMay7VxQgu68I8hUgDoI8I+AZI84v8N9dH51fePoMQe/Hk/MaAIB+LPrc8bn6O8JCE/dr9z/FWwWJsslUKCywthM01MsRLJRgfaN0uUED91KvcmEXlJ1RDW5DcBDtAz5DztWQ7xbCUSDFZIReNHwgAbPAY9ZKZ+XsDZ3fHGUCWkb3uFHZPm143VLYyZgwTxXWileOe9n36Uw6LvgEnHwiw7kX9z2OHmuyEHDNDxzVyYWT4o1rxBxbHMpPUTGPLSGM0HYbdBOW4hn1hq0KgMxz8Tyo5fnmhkJyDmfUDbuRW6tQkTVHvmCH6uKPgscOAG91kha6uTRKSanwq2Bu2IkS/Gt1346EcS8JXYRVJDjch4VTFiF1ZN8lBzlERdal8LgPd8hsHgt6wvyyNSSXTCi69cpuIInmXEKYsrT9wsMJRi1sTCsAt7PHJXv0yYL4jeM2xMh4186hyzyj4UoW7MJWKTqknmI96NZL+QGAYDpMPqJI4Qd8TUxW3kR17Rezelh9EzpxE9izmsQuLVPBfZSnLT3xaj6ubKEADD8oTeQ2wSQjI0MEhygqHcpTb3VOxrxyjrlSLBlP2oYqPGgYS1rCoTiKeUI8LmyVHHHO949ROLmo6y/D/pLUh9AyLoxIxo60pCLiLDwdXB+4t81uF88aB6mVdswZhM9GEkJmdZbvRt5Tk4cQoCKybY4MA1r1bMj9VqEf76ppXw7X0k40iIhAKjML5/aztJCLfW1Knb42bEND0y3P1BkzArnvGxVgxv8d7//i9wGu8Be0f1d/Vz7BNuzHJu1l/lUIuD1zlISfB/ipvFvd4a1yGFWwPkzvvY/yk7+X1z/+DS9KDOM=</ebics:OrderData>
-    </ebics:DataTransfer>
-  </ebics:body>
-</ebics:ebicsUnsecuredRequest>
+<ebicsUnsecuredRequest xmlns="urn:org:ebics:H004"
+                       xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:org:ebics:H004 ebics_keymgmt_request_H004.xsd"
+                       Version="H004"
+                       Revision="1">
+  <header authenticate="true">
+    <static>
+      <HostID>LIBEUFIN-SANDBOX</HostID>
+      <PartnerID>CUSTM001</PartnerID>
+      <UserID>u1</UserID>
+      <OrderDetails>
+      <OrderType>HIA</OrderType>
+      <OrderAttribute>DZNNN</OrderAttribute>
+      </OrderDetails>
+      <SecurityMedium>0000</SecurityMedium>
+    </static>
+    <mutable/>
+  </header>
+  <body>
+    <DataTransfer>
+      <OrderData>eJzNlsmyo0YWhvf1FBW3l0SZZBY3VHIwCwESM0g7ZpCYxAxPb/mWh7ZdrlUvmhX8Z/gzyPNl5P7npSo/T0nXF0399Q35Cbz9fPi0P8qMmTzHpB8uXZx0fDAEn1+Jdf8e91/f8mFo32F4nuefZuynpstgFAAAAxp+5cR9kf3n7dPn7z0fLb6+jV39/qp6T8Ii6t+PAOA/yn9PXh3/YvpR9+FrAYD8sHbpi39ZLwL7mmpFeVIFX4q6H4I6St4Or157ZhzypB6KKBheP0UfQyVZ5TptDh9G+2+CG5RjcvjNeh/376bF/F3+FtCaeCzH/sCccjF6CEpIHO9qNg7sk6vEJqcu5+zCjy3Te4YaE00r3WCcLidQGGEqJ4uoRMrcaQFlAnAK2xDVb1T2KGFMbW87hbMe9m5XzjCb6kuIareAuStQx66uzs+PUlk5oQim7B6eoNW2qo4Ljxu4jbFWLM4M7n4geL2ZNSiMnxum8+d+YTntqIqVV3eS06KTHYeBuOmqaXA1Ar/csDRAAFFNmr8cGc07u8ZC9TidnjhurtHURIQpvLBIf6Uj/5xQT2pGj62hFy2jbldl1wQtTkKbBKm0d2pWZIxX6Q6brViRT8Hl5UeW6FnsgIC1YQslccVX8AhjALHjgHF/ENYD8+3O7ZLOjPhJWvOeMniZ3ayU8F9rAxgdA9xMO1mN0ITDKKWuzZ23hRWH6P3ZKRn3FBhahVPVUOgmF1Br6mWEGkoWQ9h1eXcWlHsA5sGwVg6PurNwXCdWaw70kceyi3Gye6IjoQTPmksNZ5SAyYFlYQD2HLzenvaur+j7YOw20fN9ZEQK+yYyl0AYctO+tL7HmmVR6lw3hpVuLQpfJxvUcjJfsQ+pQCzmVCuiBpbg+DR1uktRiLu3+LHTSiTqQrWN+QF3a4lGdo/NMirzSlakYYUsCgekexluTTKjt4LKV65gMNMX5fIM3xBPu3PUGepNk19iM6yPa4K3z9m8X4KU3gVayt7E+jGR7DWwoZlcyj38X4P7l2kWlrapX3QcGINhP9L+UH6HAf4+DXu7qBJrCKr2gAJk9wVBvgDERpB3BLxjxG0P/xn/Bhr8D9L+hqb77dg6+ACge/j7sV+Bhn9E9F6oo25t/7eoqyBWNpkKhBnWdoKGuhmCBRJ82aiLXKO+c69WObdyykqpGrcg2A+PPp8it7LPdjNhK5BiMEIn6h6QgJHjEWsmk3Jz+9arzzIBzYNz3qj0mNT8xVTYUR8xVxXWklfOR9nz6FQ6z/gI7Gwkg6kTjx2OnisyF3DN823VzoSr4g5ryJwbHMquYT4NDSEM0PbsLwYsRRPq9lvpA5nnoqlXi9vTCYT4FkyoE7QDt5aBImu2fMdO5d0bBJftAd5cSFpop0IvJKXEH4KxYVdK8B7lsp0JfSmIiwiriH9a+plTZiGxZc8hezlARdah8KgLdshknHN6xLyi0SWHjCm6cYu2J4n6VkCYMjfdzMMxRs1sRCsAt9LXlrr01YT4jeM2RE95x8qg+zShwUrm7MyWCdonrmK+SL8U8gsGwbCZbECR3PP5ihjNrA6ryssn9bR6BnTlRnBkNYmdG6aEuzBLGnrk1WxY2VwBGH5S6tCp/VFGBobwT2FY2JSrPquMjHjlFnGFWDCutPVlcNIwljSFU34Ws5h4bdgq2eKUHV+jcHVQx5v74z2uToGp3xmRjGxpTkTEnnnaf7zQb+rdLpo0DlJL7ZwxCJ8OJIRM6iQvetZRo4sQoCTSbQp1HVovaZ95jUK/zljDup8ehRVrEBGCRGZmzukmaSZn61EXF/pRszUNjc8sVSdM9+Wuq1WA6f+vqP+J5e8oCx+Y/1P/QPzfKN7rQTfUSSfzB8HnjsxZEl5uf2i/Zjj9x6vNqIK5h3/7+rSHv3MJOnz6BXLJ7gw=</OrderData>
+    </DataTransfer>
+  </body>
+</ebicsUnsecuredRequest>