epics 1.8.1 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1d010ef17cbdb364881aa1d097aa37aa5d5dcbe10475042a48c2fdbff7f06bbd
-  data.tar.gz: 9344c72519ee202a8b919ee1995d6784063767bf5b486f43e4f69fe1866c4099
+  metadata.gz: 15557f467cdc9d8ca61665fc9c177001f95c668c6b05bab941223a630130e7f4
+  data.tar.gz: b6177ec4c23c26641ddc48eb1b99478c49768e02a114d448769aa405bbe6bedc
 SHA512:
-  metadata.gz: 9fea543b7b03303a272a67499f1c79b60e574c58fc43e9843f11100ca92f8311869c89904f3b1d3a7507fd579380b846d81752b25a488a4969d5548b5820b070
-  data.tar.gz: 6f8df9fe023baee3c6f6d292a9ba1df6a77af88da38a4b93323c7a8c2adb8199e9554bac8920a87eb33670f698d1c3c0a8911b15eed9d9a9741863b776ac80e2
+  metadata.gz: ae3f679ae1b3d6a32851701716eca59ab4d17d9e3ef8f0f95ba7acd09ebb1c9f80750ee76f65e53596490b9aead1c89196c530515a8c40a19049c14d254fe8eb
+  data.tar.gz: a4b9d40d66190362de7f68d11fbb178827980683c5d25323c9d48a6f15f5fa4dcce721f52e80b601a73f3877dee648042c2d95938ce597b91868317b050d8b7c

data/.semaphore/semaphore.yml

@@ -16,36 +16,30 @@ blocks:
   - name: Spec versions
     task:
       jobs:
-        - name: "2.4"
+        - name: "2.7"
           commands:
             - checkout
-            - sem-version ruby 2.4
+            - sem-version ruby 2.7
             - cache restore
+            - gem install bundler:2.4.3
             - bundle install
             - cache store
             - bundle exec rspec
-        - name: "2.5"
+        - name: "3.0"
           commands:
             - checkout
-            - sem-version ruby 2.5
+            - sem-version ruby 3.0
             - cache restore
+            - gem install bundler:2.4.3
             - bundle install
             - cache store
             - bundle exec rspec
-        - name: "2.6"
+        - name: "3.1"
           commands:
             - checkout
-            - sem-version ruby 2.6
+            - sem-version ruby 3.1
             - cache restore
-            - bundle install
-            - cache store
-            - bundle exec rspec
-        - name: "jruby-9.2.0.0"
-          commands:
-            - checkout
-            - sem-version ruby jruby-9.2.0.0
-            - cache restore
-            - gem install bundler
+            - gem install bundler:2.4.3
             - bundle install
             - cache store
             - bundle exec rspec

data/CHANGELOG.md

@@ -1,3 +1,21 @@
+### 2.1.0
+
+- [HOUSEKEEPING] updates Nokogiri dependencies
+- [HOUSEKEEPING] updates Bundler dependency
+- [HOUSEKEEPING] updates Gemfile bundler version
+- [HOUSEKEEPING] Bump ruby required version from 2.6 to 2.7
+
+### 2.0.0
+- [BUGFIX] Add Openssl 3.0 support
+- [BUGFIX] Update CDZ to download data, not upload it
+- [BUGFIX] Support signature for keys later than 2048 bit
+- [HOUSEKEEPING] Open rubyzip dependency to allow newer versions and update it
+- [HOUSEKEEPING] Update supported ruby versions to 2.6+
+- [HOUSEKEEPING] Update faraday, nokogiri, and development dependencies
+- [HOUSEKEEPING] Remove JRuby test execution due to failing tests - needs to be re-added if required
+- [ENHANCEMENT] Adds CRZ order type
+- [ENHANCEMENT] Make date period optional for CDZ order type
+
 ### 1.8.1
 - [BUGFIX] Remove masking of transport client errors
 

data/CONTRIBUTING.md

@@ -1,3 +1,44 @@
-# Contributing to Epics
+# Individual Contributor Non-Exclusive License Agreement
 
-To get started, <a href="https://www.clahub.com/agreements/railslove/epics">sign the Contributor License Agreement</a>.
+Note: This CLA is for Individual Copyright owner only. If You would like to submit your Contribution as part of your employment or as Legal Entity, please contact Us at team@railslove.com first.
+
+Thank you for your interest in contributing to the project **„epics - EBICS client for Ruby“ from Railslove GmbH, An der Bottmuehle 5, 50678 Cologne, Germany (“We” or “Us”).**
+The purpose of this contributor agreement (**“Agreement”**) is to clarify and document the rights granted by contributors to Us.
+
+### 1. DEFINITIONS
+**“You”** means the Individual Copyright owner who submits a Contribution to Us. If You are either a Legal Entity or submit the Contribution as part of your employment, please contact Us at team@railslove.com first.
+**“Contribution”** means any original work of authorship (software and/or documentation) including any modifications or additions to an existing work, Submitted by You to Us, in which You own the Copyright. If You do not own the Copyright in the entire work of authorship, please contact Us at team@railslove.com.
+**“Copyright”** means all rights protecting works of authorship owned or controlled by You, including copyright, moral and neighboring rights, as appropriate, for the full term of their existence including any extensions by You.
+**“Material”** means the software or documentation made available by Us to third parties. When this Agreement covers more than one software project, the Material means the software or documentation to which the Contribution was Submitted. After You Submit the Contribution, it may be included in the Material.
+**“Submit”** means any form of physical, electronic, or written communication sent to Us, including but not limited to electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, Us, but excluding communication that is conspicuously marked or otherwise designated in writing by You as “Not a Contribution.”
+**“Submission Date”** means the date You Submit a Contribution to Us.
+**“Documentation”** means any non-software portion of a Contribution.
+
+### 2. LICENSE GRANT
+2.1 Copyright License to Us
+Subject to the terms and conditions of this Agreement, You hereby grant to Us a worldwide, royalty-free, NON-exclusive, perpetual and irrevocable license, with the right to transfer an unlimited number of non-exclusive licenses or to grant sublicenses to third parties, under the Copyright covering the Contribution to use the Contribution by all means, including, but not limited to:
+- to publish the Contribution, 
+- to modify the Contribution, to prepare derivative works based upon or containing the Contribution and to combine the Contribution with other software code, 
+- to reproduce the Contribution in original or modified form, 
+- to distribute, to make the Contribution available to the public, display and publicly perform the Contribution in original or modified form. 
+
+2.2 Moral Rights remain unaffected to the extent they are recognized and not waivable by applicable law. Notwithstanding, You may add your name in the header of the source code files of Your Contribution and We will respect this attribution when using Your Contribution.
+
+### 3. DISCLAIMER
+THE CONTRIBUTION IS PROVIDED “AS IS”. MORE PARTICULARLY, ALL EXPRESS OR IMPLIED WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT ARE EXPRESSLY DISCLAIMED BY YOU TO US AND BY US TO YOU. TO THE EXTENT THAT ANY SUCH WARRANTIES CANNOT BE DISCLAIMED, SUCH WARRANTY IS LIMITED IN DURATION TO THE MINIMUM PERIOD PERMITTED BY LAW.
+
+### 4. Consequential Damage Waiver
+TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL YOU OR US BE LIABLE FOR ANY LOSS OF PROFITS, LOSS OF ANTICIPATED SAVINGS, LOSS OF DATA, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL AND EXEMPLARY DAMAGES ARISING OUT OF THIS AGREEMENT REGARDLESS OF THE LEGAL OR EQUITABLE THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH THE CLAIM IS BASED.
+
+### 5. Approximation of Disclaimer and Damage Waiver
+IF THE DISCLAIMER AND DAMAGE WAIVER MENTIONED IN SECTION 3 AND SECTION 4 CANNOT BE GIVEN LEGAL EFFECT UNDER APPLICABLE LOCAL LAW, REVIEWING COURTS SHALL APPLY LOCAL LAW THAT MOST CLOSELY APPROXIMATES AN ABSOLUTE WAIVER OF ALL CIVIL LIABILITY IN CONNECTION WITH THE CONTRIBUTION.
+
+### 6. Term
+6.1 This Agreement shall come into effect upon Your acceptance of the terms and conditions.
+6.2 In the event of a termination of this Agreement Sections 3, 4, 5, 6 and 7 shall survive such termination and shall remain in full force thereafter. For the avoidance of doubt, Contributions that are already licensed under a free and open source license at the date of the termination shall remain in full force after the termination of this Agreement.
+
+### 7. Miscellaneous
+7.1 This Agreement and all disputes, claims, actions, suits or other proceedings arising out of this agreement or relating in any way to it shall be governed by the laws of Germany excluding its private international law provisions.
+7.2 This Agreement sets out the entire agreement between You and Us for Your Contributions to Us and overrides all other agreements or understandings.
+7.3 If any provision of this Agreement is found void and unenforceable, such provision will be replaced to the extent possible with a provision that comes closest to the meaning of the original provision and that is enforceable. The terms and conditions set forth in this Agreement shall apply notwithstanding any failure of essential purpose of this Agreement or any limited remedy to the maximum extent possible under law.
+7.4 You agree to notify Us of any facts or circumstances of which you become aware that would make this Agreement inaccurate in any respect.

data/README.md

@@ -244,6 +244,7 @@ EPICS_VERIFY_SSL=false
 - [Die Deutsche Kreditwirtschaft](http://www.die-deutsche-kreditwirtschaft.de/)
 
 ## Contributing
+Railslove has a [Contributor License Agreement (CLA)](https://github.com/railslove/epics/blob/master/CONTRIBUTING.md) which clarifies the intellectual property rights for contributions from individuals or entities. To ensure every developer has signed the CLA, we use [CLA  Assistant](https://cla-assistant.io/). 
 
 0. Contact team@railslove.com for information about the CLA
 1. Fork it ( https://github.com/[my-github-username]/epics/fork )
@@ -264,4 +265,4 @@ EPICS_VERIFY_SSL=false
 
 ---
 
-2014-2019 - built with love by [Railslove](http://railslove.com) and released under the [GNU LESSER GENERAL PUBLIC LICENSE](https://github.com/railslove/epics/blob/master/LICENSE.txt). We have built quite a number of FinTech products. If you need support we are happy to help. Please contact us at team@railslove.com.
+2014-2022 - built with love by [Railslove](http://railslove.com) and released under the [GNU LESSER GENERAL PUBLIC LICENSE](https://github.com/railslove/epics/blob/master/LICENSE.txt). We have built quite a number of FinTech products. If you need support we are happy to help. Please contact us at team@railslove.com.

data/epics.gemspec

@@ -20,13 +20,13 @@ Gem::Specification.new do |spec|
       STA HAA HTD HPD PKT HAC HKD C52 C53 C54
 
     And the following upload orders:
-      CD1 CDD CCT CDB CDS CCS CDZ
+      CD1 CDD CCT CDB CDS CCS CDZ CRZ
   description
 
   spec.homepage      = 'https://github.com/railslove/epics'
   spec.license       = 'LGPL-3.0'
 
-  spec.required_ruby_version = '>= 2.4'
+  spec.required_ruby_version = '>= 2.7'
 
   spec.files         = `git ls-files -z`.split("\x0")
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
@@ -40,11 +40,11 @@ Gem::Specification.new do |spec|
   spec.post_install_message += "Please create an issue on github (railslove/epics) if anything does not work as expected. And contact team@railslove.com if you are looking for support with your integration.\n"
   spec.post_install_message += "\e[32m" + ('*' * 60) + "\n\e[0m"
 
-  spec.add_dependency 'faraday', '>= 1.0.0'
-  spec.add_dependency 'nokogiri', '>= 1.10.7'
-  spec.add_dependency 'rubyzip', '2.2.0'
+  spec.add_dependency 'faraday',  '>= 1.10.0'
+  spec.add_dependency 'nokogiri', '>= 1.14.0'
+  spec.add_dependency 'rubyzip',  '>= 2.3.2'
 
-  spec.add_development_dependency 'bundler', '>= 1.6.2'
+  spec.add_development_dependency 'bundler', '>= 2.4.3'
   spec.add_development_dependency 'equivalent-xml'
   spec.add_development_dependency 'pry'
   spec.add_development_dependency 'rake', '~> 13.0'

data/lib/epics/cdz.rb

@@ -1,7 +1,7 @@
 class Epics::CDZ < Epics::GenericRequest
   attr_accessor :from, :to
 
-  def initialize(client, from, to)
+  def initialize(client, from = nil, to = nil)
     super(client)
     self.from = from
     self.to = to
@@ -20,13 +20,17 @@ class Epics::CDZ < Epics::GenericRequest
           xml.OrderDetails {
             xml.OrderType 'CDZ'
             xml.OrderAttribute 'DZHNN'
-            xml.StandardOrderParams {
-              xml.DateRange {
-                xml.Start from
-                xml.End to
+            if !!from && !!to
+              xml.StandardOrderParams {
+                xml.DateRange {
+                  xml.Start from
+                  xml.End to
+                }
               }
-            }
-          }
+            else
+              xml.StandardOrderParams
+            end
+          }  
           xml.BankPubKeyDigests {
             xml.Authentication(client.bank_x.public_digest, Version: 'X002', Algorithm: "http://www.w3.org/2001/04/xmlenc#sha256")
             xml.Encryption(client.bank_e.public_digest, Version: 'E002', Algorithm: "http://www.w3.org/2001/04/xmlenc#sha256" )

data/lib/epics/client.rb

@@ -143,10 +143,6 @@ class Epics::Client
     upload(Epics::XDS, document)
   end
 
-  def CDZ(document)
-    upload(Epics::CDZ, document)
-  end
-
   def CCT(document)
     upload(Epics::CCT, document)
   end
@@ -167,6 +163,14 @@ class Epics::Client
     download(Epics::VMK, from, to)
   end
 
+  def CDZ(from = nil, to = nil)
+    download_and_unzip(Epics::CDZ, from, to)
+  end
+
+  def CRZ(from = nil, to = nil)
+    download_and_unzip(Epics::CRZ, from, to)
+  end
+
   def C52(from, to)
     download_and_unzip(Epics::C52, from, to)
   end
@@ -265,14 +269,16 @@ class Epics::Client
     JSON.dump(keys.each_with_object({}) {|(k,v),m| m[k]= encrypt(v.key.to_pem)})
   end
 
-  def cipher
-    @cipher ||= OpenSSL::Cipher.new("aes-256-cbc")
+  def new_cipher
+    # Re-using the cipher between keys has weird behaviours with openssl3
+    # Using a fresh key instead of memoizing it on the client simplifies things
+    OpenSSL::Cipher.new('aes-256-cbc')
   end
 
   def encrypt(data)
     salt = OpenSSL::Random.random_bytes(8)
 
-    setup_cipher(:encrypt, self.passphrase, salt)
+    cipher = setup_cipher(:encrypt, self.passphrase, salt)
     Base64.strict_encode64([salt, cipher.update(data) + cipher.final].join)
   end
 
@@ -281,13 +287,15 @@ class Epics::Client
     salt = data[0..7]
     data = data[8..-1]
 
-    setup_cipher(:decrypt, self.passphrase, salt)
+    cipher = setup_cipher(:decrypt, self.passphrase, salt)
     cipher.update(data) + cipher.final
   end
 
   def setup_cipher(method, passphrase, salt)
+    cipher = new_cipher
     cipher.send(method)
     cipher.key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(passphrase, salt, 1, cipher.key_len)
+    cipher
   end
 
   def verify_ssl?

data/lib/epics/crz.rb

@@ -0,0 +1,46 @@
+class Epics::CRZ < Epics::GenericRequest
+  attr_accessor :from, :to
+
+  def initialize(client, from = nil, to = nil)
+    super(client)
+    self.from = from
+    self.to = to
+  end
+
+  def header
+    Nokogiri::XML::Builder.new do |xml|
+      xml.header(authenticate: true) {
+        xml.static {
+          xml.HostID host_id
+          xml.Nonce nonce
+          xml.Timestamp timestamp
+          xml.PartnerID partner_id
+          xml.UserID user_id
+          xml.Product("EPICS - a ruby ebics kernel", 'Language' => 'de')
+          xml.OrderDetails {
+            xml.OrderType 'CRZ'
+            xml.OrderAttribute 'DZHNN'
+            if !!from && !!to
+              xml.StandardOrderParams {
+                xml.DateRange {
+                  xml.Start from
+                  xml.End to
+                }
+              }
+            else
+              xml.StandardOrderParams
+            end
+          }
+          xml.BankPubKeyDigests {
+            xml.Authentication(client.bank_x.public_digest, Version: 'X002', Algorithm: "http://www.w3.org/2001/04/xmlenc#sha256")
+            xml.Encryption(client.bank_e.public_digest, Version: 'E002', Algorithm: "http://www.w3.org/2001/04/xmlenc#sha256" )
+          }
+          xml.SecurityMedium '0000'
+        }
+        xml.mutable {
+          xml.TransactionPhase 'Initialisation'
+        }
+      }
+    end.doc.root
+  end
+end

data/lib/epics/error.rb

@@ -308,7 +308,7 @@ class Epics::Error < StandardError
       },
       "091301" => {
         "symbol" => "EBICS_SIGNATURE_VERIFICATION_FAILED",
-        "short_text" => "Verification of the ES has failed In the case of asynchronouslyimplemented orders, the error can occur during preliminary verification."
+        "short_text" => "Verification of the ES has failed In the case of asynchronously implemented orders, the error can occur during preliminary verification."
       },
       "091302" => {
         "symbol" => "EBICS_ACCOUNT_AUTHORISATION_FAILED",

data/lib/epics/key.rb

@@ -29,51 +29,19 @@ class Epics::Key
     self.key.e.to_s(16)
   end
 
-  def sign(msg, salt = OpenSSL::Random.random_bytes(32) )
-    Base64.encode64(mod_pow(OpenSSL::BN.new(emsa_pss(msg, salt).to_s, 2), self.key.d, self.key.n).to_s(2)).gsub("\n", "")
-  end
-
-  def recover(msg)
-    mod_pow(OpenSSL::BN.new(msg.to_s, 2), self.key.e, self.key.n).to_s(2)
+  def sign(msg)
+    Base64.encode64(
+      key.sign_pss(
+        'SHA256',
+        msg,
+        salt_length: :digest,
+        mgf1_hash:   'SHA256',
+      ),
+    ).gsub("\n", '')
   end
 
   def digester
     @digester ||= OpenSSL::Digest::SHA256.new
   end
 
-  private
-
-  ##
-  # http://de.wikipedia.org/wiki/Probabilistic_Signature_Scheme
-  ##
-  def emsa_pss(msg, salt)
-    m_tick_hash = digester.digest [("\x00" * 8), digester.digest(msg), salt].join
-
-    ps = "\x00" * 190
-    db = [ps, "\x01", salt].join
-
-    db_mask   = Epics::MGF1.new.generate(m_tick_hash, db.size)
-    masked_db = Epics::MGF1.new.xor(db, db_mask)
-
-    masked_db_msb = OpenSSL::BN.new(masked_db[0], 2).to_i.to_s(2).rjust(8, "0")
-    masked_db_msb[0] = "0"
-
-    masked_db[0] = OpenSSL::BN.new(masked_db_msb.to_i(2).to_s).to_s(2)
-
-    [masked_db, m_tick_hash, ["BC"].pack("H*") ].join
-  end
-
-  def mod_pow(base, power, mod)
-    base  = base.to_i
-    power = power.to_i
-    mod   = mod.to_i
-    result = 1
-    while power > 0
-      result = (result * base) % mod if power & 1 == 1
-      base = (base * base) % mod
-      power >>= 1
-    end
-    OpenSSL::BN.new(result.to_s)
-  end
-
 end

data/lib/epics/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Epics
-  VERSION = '1.8.1'
+  VERSION = '2.1.0'
 end

data/lib/epics.rb

@@ -10,7 +10,6 @@ require 'securerandom'
 require 'time'
 require "epics/version"
 require "epics/key"
-require "epics/mgf"
 require "epics/response"
 require "epics/error"
 require "epics/middleware/xmlsig"
@@ -39,6 +38,7 @@ require "epics/b2b"
 require "epics/xds"
 require "epics/cds"
 require "epics/cdz"
+require "epics/crz"
 require "epics/xct"
 require "epics/hia"
 require "epics/ini"

data/spec/generic_upload_spec.rb

@@ -1,6 +1,7 @@
 RSpec.describe Epics::GenericUploadRequest do
   let(:client) { Epics::Client.new( File.open(File.join( File.dirname(__FILE__), 'fixtures', 'SIZBN001.key')), 'secret' , 'https://194.180.18.30/ebicsweb/ebicsweb', 'SIZBN001', 'EBIX', 'EBICS') }
-  subject { described_class.new(client, "\x01" * 12) }
+  let(:document) { "\x01" * 12 }
+  subject { described_class.new(client, document) }
 
   describe '#pad' do
 
@@ -22,7 +23,17 @@ RSpec.describe Epics::GenericUploadRequest do
     before { allow(OpenSSL::Random).to receive(:random_bytes).with(32).and_return(Base64.strict_decode64("7wtROfiX4tyN60cygJUSsHkhzxX1RVJa8vGNYnflvKc=")) } # digest requires 32 bytes
 
     it 'will be the signed document' do
-      expect(subject.signature_value).to eq("BQBMyxGHYoAbbmbMJRFbGrvUNinY15+qeeRLF708VL+tuENnbJMO6xHLWxU1rksOnu4xDzxfua9b3IxIaxLyTTFDuVi6bbu3sBslhIt2frdigo0xBL14KUJQ/pYiMj+2pfNYhtVxzamrnvgPSLNAEn36JykK2d347chT87HlZ7CAGNBS7lJHAzRP1v7Hkc+kKttkkWCpOGk06R6FUCxxVKXmQketMEl/scsMyJ3JtBe/EcjEZdDe5WcqZYUu5ARrfEiAeyutVRZnu17c3nKwkmWl7UqFAwp16cS8IPNL4i5FGCytgKl/kyaoxaE/P1lrGOkHcCTsSR0bAbARhndfdQ==")
+      key = subject.client.a.key
+
+      verification_result = key.verify_pss(
+                              'SHA256',
+                              Base64.decode64(subject.signature_value),
+                              OpenSSL::Digest::SHA256.new.digest(document),
+                              salt_length: :digest,
+                              mgf1_hash:   'SHA256',
+                            )
+
+      expect(verification_result).to eq(true)
     end
   end
 
@@ -35,4 +46,4 @@ RSpec.describe Epics::GenericUploadRequest do
     end
 
   end
-end
+end

data/spec/key_spec.rb

@@ -11,22 +11,22 @@ RSpec.describe Epics::Key do
 
 
   describe '#sign' do
-    # echo QwpW2a/Cu43TmibTIABrLuyZsiWY9oL8fARob0YoytU= | base64 -d | openssl dgst -sha256 -sign spec/fixtures/e002.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 | base64 -w0
-    let(:openssl) { "bZyyz4vPqRTyU7hfJ1cv6FgihhQOi8NTbk8nSuPEoXeuODJOQkCvxRDw1QoUGa181EbaPACYwJbQ9uwgwgb/b3k+bQ4KdJzCjbCrh7rKmQvLmnLgfQWIxp5hZdw7ebaR36rlpoHQ8yzlm0hhVLCDu2+HMIu5SA4kEd4ci9ZfVRm+aDVOwQZNLXNyKWAW/ZYkbsH+TzX4euIh831JBxGq967U5DVz6Aa8qqJPUafYiSE4H8x36Nw3qW0ib2DDcvGFTqtA6MeJyI1Quzko5+kSdnZkpIeZr/SXB1WnocYWR1oYoVG4+P+cMyCNiYSV4/NVEL4jmUbfdCSmUYo5cfPlJg==" }
-
-    # r = subject.recover(sig)
-    # masked_db = r[0..222]
-    # hm = r[223..-2]
-    # db_mask = MGF1.new.generate(hm, masked_db.size)
-    # db = MGF1.new.xor(masked_db, db_mask)
-    # salt = db[-32..-1]
-    # Base64.encode64(salt)
-    let(:salt) { "HkCke9oBSGTo2J20Xq8LZ/ouRHfB/ySlXf4+Cr45RV0=" }
-
     let(:dsi) { OpenSSL::Digest::SHA256.new.digest("ruby is great") }
 
-    it 'will be compliant with openssl' do
-      expect( subject.sign( dsi, Base64.decode64(salt)) ).to eq(openssl)
+    it 'will generated a digest that can be verified with openssl key.verify_pss' do
+      signed_digest = subject.sign(dsi)
+
+      key = subject.key
+
+      verification_result = key.verify_pss(
+                              'SHA256',
+                              Base64.decode64(signed_digest),
+                              dsi,
+                              salt_length: :digest,
+                              mgf1_hash:   'SHA256',
+                            )
+
+      expect(verification_result).to eq(true)
     end
 
   end

data/spec/orders/cdz_spec.rb

@@ -1,8 +1,27 @@
 RSpec.describe Epics::CDZ do
   let(:client) { Epics::Client.new( File.open(File.join( File.dirname(__FILE__), '..', 'fixtures', 'SIZBN001.key')), 'secret' , 'https://194.180.18.30/ebicsweb/ebicsweb', 'SIZBN001', 'EBIX', 'EBICS') }
-  subject { described_class.new(client, "2014-09-01", "2014-09-30") }
 
-  describe '#to_xml' do
-    specify { expect(subject.to_xml).to be_a_valid_ebics_doc }
+  context 'with date range' do
+    subject { described_class.new(client, "2014-09-01", "2014-09-30") }
+
+    describe '#to_xml' do
+      specify { expect(subject.to_xml).to be_a_valid_ebics_doc }
+
+      it 'does includes a date range as standard order parameter' do
+        expect(subject.to_xml).to include('<StandardOrderParams><DateRange><Start>2014-09-01</Start><End>2014-09-30</End></DateRange></StandardOrderParams>')
+      end
+    end
+  end
+
+  context 'without date range' do
+    subject { described_class.new(client) }
+
+    describe '#to_xml' do
+      specify { expect(subject.to_xml).to be_a_valid_ebics_doc }
+
+      it 'does not include a standard order parameter' do
+        expect(subject.to_xml).to include('<StandardOrderParams/>')
+      end
+    end
   end
 end

data/spec/orders/crz_spec.rb

@@ -0,0 +1,27 @@
+RSpec.describe Epics::CRZ do
+  let(:client) { Epics::Client.new( File.open(File.join( File.dirname(__FILE__), '..', 'fixtures', 'SIZBN001.key')), 'secret' , 'https://194.180.18.30/ebicsweb/ebicsweb', 'SIZBN001', 'EBIX', 'EBICS') }
+  
+  context 'with date range' do
+    subject { described_class.new(client, "2014-09-01", "2014-09-30") }
+
+    describe '#to_xml' do
+      specify { expect(subject.to_xml).to be_a_valid_ebics_doc }
+
+      it 'does includes a date range as standard order parameter' do
+        expect(subject.to_xml).to include('<StandardOrderParams><DateRange><Start>2014-09-01</Start><End>2014-09-30</End></DateRange></StandardOrderParams>')
+      end
+    end
+  end
+
+  context 'without date range' do
+    subject { described_class.new(client) }
+
+    describe '#to_xml' do
+      specify { expect(subject.to_xml).to be_a_valid_ebics_doc }
+
+      it 'does not include a standard order parameter' do
+        expect(subject.to_xml).to include('<StandardOrderParams/>')
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: epics
 version: !ruby/object:Gem::Version
-  version: 1.8.1
+  version: 2.1.0
 platform: ruby
 authors:
 - Lars Brillert
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-06 00:00:00.000000000 Z
+date: 2023-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -16,56 +16,56 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: 1.10.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: 1.10.0
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.10.7
+        version: 1.14.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.10.7
+        version: 1.14.0
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.0
+        version: 2.3.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.0
+        version: 2.3.2
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.2
+        version: 2.4.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.2
+        version: 2.4.3
 - !ruby/object:Gem::Dependency
   name: equivalent-xml
   requirement: !ruby/object:Gem::Requirement
@@ -146,7 +146,7 @@ description: |2
         STA HAA HTD HPD PKT HAC HKD C52 C53 C54
 
       And the following upload orders:
-        CD1 CDD CCT CDB CDS CCS CDZ
+        CD1 CDD CCT CDB CDS CCS CDZ CRZ
 email:
 - lars@railslove.com
 executables: []
@@ -177,6 +177,7 @@ files:
 - lib/epics/cds.rb
 - lib/epics/cdz.rb
 - lib/epics/client.rb
+- lib/epics/crz.rb
 - lib/epics/error.rb
 - lib/epics/generic_request.rb
 - lib/epics/generic_upload_request.rb
@@ -189,7 +190,6 @@ files:
 - lib/epics/htd.rb
 - lib/epics/ini.rb
 - lib/epics/key.rb
-- lib/epics/mgf.rb
 - lib/epics/middleware/parse_ebics.rb
 - lib/epics/middleware/xmlsig.rb
 - lib/epics/ptk.rb
@@ -241,7 +241,6 @@ files:
 - spec/generic_upload_spec.rb
 - spec/hpb_spec.rb
 - spec/key_spec.rb
-- spec/mgf_spec.rb
 - spec/middleware/parse_ebics_spec.rb
 - spec/orders/azv_spec.rb
 - spec/orders/b2b_spec.rb
@@ -254,6 +253,7 @@ files:
 - spec/orders/cdb_spec.rb
 - spec/orders/cdd_spec.rb
 - spec/orders/cdz_spec.rb
+- spec/orders/crz_spec.rb
 - spec/orders/haa_spec.rb
 - spec/orders/hac_spec.rb
 - spec/orders/hia_spec.rb
@@ -298,15 +298,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
-signing_key: 
+rubygems_version: 3.4.13
+signing_key:
 specification_version: 4
 summary: a ruby implementation of the EBICS protocol
 test_files:
@@ -350,7 +350,6 @@ test_files:
 - spec/generic_upload_spec.rb
 - spec/hpb_spec.rb
 - spec/key_spec.rb
-- spec/mgf_spec.rb
 - spec/middleware/parse_ebics_spec.rb
 - spec/orders/azv_spec.rb
 - spec/orders/b2b_spec.rb
@@ -363,6 +362,7 @@ test_files:
 - spec/orders/cdb_spec.rb
 - spec/orders/cdd_spec.rb
 - spec/orders/cdz_spec.rb
+- spec/orders/crz_spec.rb
 - spec/orders/haa_spec.rb
 - spec/orders/hac_spec.rb
 - spec/orders/hia_spec.rb

data/lib/epics/mgf.rb

@@ -1,41 +0,0 @@
-class Epics::MGF1
-  def initialize(digest = OpenSSL::Digest::SHA256)
-    @digest = digest.new
-    @hlen = 32
-  end
-
-  def generate(seed, masklen)
-    if masklen > (2 << 31) * @hlen
-      raise ArgumentError, "mask too long"
-    end
-    t = ""
-    divceil(masklen, @hlen).times do |counter|
-      t += @digest.digest(seed + i2osp(counter, 4))
-    end
-    t[0, masklen]
-  end
-
-  def i2osp(x, len)
-    if x >= 256 ** len
-      raise ArgumentError, "integer too large"
-    end
-    [x].pack("N").gsub(/^\x00+/, '').rjust(len, "\x00")
-  end
-
-  def divceil(a, b)
-    (a + b - 1) / b
-  end
-
-  def xor(a, b)
-    if a.size != b.size
-      raise ArgumentError, "different length for a and b"
-    end
-    a = a.unpack('C*')
-    b = b.unpack('C*')
-    a.size.times do |idx|
-      a[idx] ^= b[idx]
-    end
-    a.pack("C*")
-  end
-
-end

data/spec/mgf_spec.rb

@@ -1,36 +0,0 @@
-RSpec.describe Epics::MGF1 do
-
-  describe '#generate' do
-    it { expect(subject.generate('foo', 0)).to eq('')}
-    it { expect(subject.generate('bar', 1)).to eq('8')}
-    it { expect(subject.generate('noIdea', 2).bytes.to_a).to eq([86, 174])}
-    it { expect(subject.generate('What', 4).bytes.to_a).to eq([238, 183, 195, 188])}
-    it { expect(subject.generate('ImDoing', 8).bytes.to_a).to eq([134, 205, 115, 236, 187, 67, 223, 2])}
-    it { expect { subject.generate('seed', 137438953473) }.to raise_error(ArgumentError, 'mask too long') }
-  end
-
-  describe '#i2osp' do
-    it { expect(subject.i2osp(1, 1).bytes.to_a).to eq([1])}
-    it { expect(subject.i2osp(1, 2).bytes.to_a).to eq([0, 1])}
-    it { expect(subject.i2osp(1, 3).bytes.to_a).to eq([0, 0, 1])}
-    it { expect(subject.i2osp(2, 1).bytes.to_a).to eq([2])}
-    it { expect(subject.i2osp(4, 4).bytes.to_a).to eq([0, 0, 0, 4])}
-    it { expect { subject.i2osp(256, 1) }.to raise_error(ArgumentError, 'integer too large') }
-  end
-
-  describe '#divceil' do
-    it { expect(subject.divceil(1, 1)).to eq(1) }
-    it { expect(subject.divceil(8, 2)).to eq(4) }
-    it { expect(subject.divceil(32, 4)).to eq(8) }
-    it { expect(subject.divceil(140, 21)).to eq(7) }
-    it { expect(subject.divceil(987654321, 123456789)).to eq(9) }
-  end
-
-  describe '#xor' do
-    it { expect(subject.xor('a', 'a').bytes.to_a).to eq([0]) }
-    it { expect(subject.xor('a', 'b').bytes.to_a).to eq([3]) }
-    it { expect(subject.xor('foo', 'bar').bytes.to_a).to eq([4, 14, 29]) }
-    it { expect(subject.xor('encyclopedia', 'aidepolcycne').bytes.to_a).to eq([4, 7, 7, 28, 19, 3, 3, 19, 28, 7, 7, 4]) }
-    it { expect { subject.xor('to raise', 'or not') }.to raise_error(ArgumentError, 'different length for a and b') }
-  end
-end