commit dcb39fba9611065a6a042967c908cbbd5f7b7939
parent c207d9340e3ab75f2706c5fdceb03640aec6f0b2
Author: Marcello Stanisci <stanisci.m@gmail.com>
Date: Wed, 29 Jan 2020 16:27:23 +0100
Export more context along keys backup.
Diffstat:
3 files changed, 42 insertions(+), 32 deletions(-)
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/JSON.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/JSON.kt
@@ -22,6 +22,10 @@ data class EbicsDateRange(
* the client must provide the passphrase.
*/
data class EbicsKeysBackup(
+ val userID: String,
+ val partnerID: String,
+ val hostID: String,
+ val ebicsURL: String,
val authBlob: String,
val encBlob: String,
val sigBlob: String,
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
@@ -237,14 +237,6 @@ fun main() {
return@post
}
-
- post("/ebics/subscribers/{id}/restore-backup") {
- // Creates a *new* customer with nexus-internal identifier "id"
- // and imports the backup into it.
- // This endpoint *fails* if a subscriber with the same nexus-internal id
- // already exists.
- }
-
get("/ebics/subscribers/{id}/sendHtd") {
val id = expectId(call.parameters["id"])
val subscriberData = transaction {
@@ -256,7 +248,6 @@ fun main() {
)
)
}
-
val response = client.postToBankSigned<EbicsRequest, EbicsResponse>(
subscriberData.ebicsUrl,
createDownloadInitializationPhase(
@@ -570,6 +561,16 @@ fun main() {
post("/ebics/subscribers/{id}/restoreBackup") {
val body = call.receive<EbicsKeysBackup>()
val id = expectId(call.parameters["id"])
+ val subscriber = transaction {
+ EbicsSubscriberEntity.findById(id)
+ }
+ if (subscriber != null) {
+ call.respond(
+ HttpStatusCode.Conflict,
+ NexusError("ID exists, please choose a new one")
+ )
+ return@post
+ }
val (authKey, encKey, sigKey) = try {
Triple(
CryptoUtil.decryptKey(
@@ -584,31 +585,47 @@ fun main() {
)
} catch (e: Exception) {
e.printStackTrace()
+ LOGGER.info("Restoring keys failed, probably due to wrong passphrase")
throw BadBackup(HttpStatusCode.BadRequest)
}
- transaction {
- val subscriber = EbicsSubscriberEntity.findById(id) ?: throw SubscriberNotFoundError(
- HttpStatusCode.NotFound
- )
- subscriber.encryptionPrivateKey = SerialBlob(encKey.encoded)
- subscriber.authenticationPrivateKey = SerialBlob(authKey.encoded)
- subscriber.signaturePrivateKey = SerialBlob(sigKey.encoded)
+ LOGGER.info("Restoring keys, creating new user: $id")
+ try {
+ transaction {
+ EbicsSubscriberEntity.new(id = expectId(call.parameters["id"])) {
+ ebicsURL = body.ebicsURL
+ hostID = body.hostID
+ partnerID = body.partnerID
+ userID = body.userID
+ signaturePrivateKey = SerialBlob(sigKey.encoded)
+ encryptionPrivateKey = SerialBlob(encKey.encoded)
+ authenticationPrivateKey = SerialBlob(authKey.encoded)
+ }
+ }
+ } catch (e: Exception) {
+ print(e)
+ call.respond(NexusError("Could not store the new account $id into database"))
+ return@post
}
call.respondText(
"Keys successfully restored",
ContentType.Text.Plain,
HttpStatusCode.OK
)
+ return@post
}
+ /* performs a keys backup */
post("/ebics/subscribers/{id}/backup") {
-
val id = expectId(call.parameters["id"])
val body = call.receive<EbicsBackupRequest>()
- val content = transaction {
+ val response = transaction {
val subscriber = EbicsSubscriberEntity.findById(id) ?: throw SubscriberNotFoundError(
HttpStatusCode.NotFound
)
EbicsKeysBackup(
+ userID = subscriber.userID,
+ hostID = subscriber.hostID,
+ partnerID = subscriber.partnerID,
+ ebicsURL = subscriber.ebicsURL,
authBlob = bytesToBase64(CryptoUtil.encryptKey(
subscriber.authenticationPrivateKey.toByteArray(),
body.passphrase
@@ -626,13 +643,11 @@ fun main() {
call.response.headers.append("Content-Disposition", "attachment")
call.respond(
HttpStatusCode.OK,
- content
+ response
)
}
post("/ebics/subscribers/{id}/sendTst") {
-
val id = expectId(call.parameters["id"])
-
val subscriberData = transaction {
containerInit(
EbicsSubscriberEntity.findById(id)
@@ -642,7 +657,6 @@ fun main() {
)
}
val payload = "PAYLOAD"
-
if (subscriberData.bankEncPub == null) {
call.respondText(
"Bank encryption key not found, request HPB first!\n",
@@ -708,7 +722,6 @@ fun main() {
HttpStatusCode.OK
)
}
-
post("/ebics/subscribers/{id}/sync") {
val id = expectId(call.parameters["id"])
val bundle = transaction {
@@ -762,15 +775,12 @@ fun main() {
).encoded
)
}
-
call.respondText("Bank keys stored in database\n", ContentType.Text.Plain, HttpStatusCode.OK)
return@post
}
post("/ebics/subscribers/{id}/sendHia") {
-
val id = expectId(call.parameters["id"])
-
val subscriberData = transaction {
containerInit(
EbicsSubscriberEntity.findById(id)
diff --git a/sandbox/src/main/python/libeufin-cli b/sandbox/src/main/python/libeufin-cli
@@ -154,12 +154,8 @@ def restore(obj, account_id, backup_file, nexus_base_url):
print("Could not reach the bank")
return
- if response.status_code != 200:
- print("Unsuccessful status code gotten: {}".format(response.status_code))
- return
-
- print("Keys successfully restored")
-
+ print("Status code: {}".format(response.status_code))
+ print("Nexus says: {}".format(response.content.decode("utf-8")))
@ebics.command(help="Obtain passphrase-protected private keys")
@click.pass_obj
