ipizza 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 160c73db6da0b92bb8d59f3478ae2836a8efdfe57cbfe174a0715559a980273a
-  data.tar.gz: 40486a43f105c5ee73fb7d3f4e827124f7bff5cb8fb1bfa93c2fca677c06f9c7
+  metadata.gz: 5ed9393a3cf761d93af6cacfe5ab9f5290bd9f9fa07df805eba6e8923c302b80
+  data.tar.gz: 8543fd69e9b7c1c523bdbed2f20ac511b8fef3f3661987d4a960c27df9827bab
 SHA512:
-  metadata.gz: 173c0fd63f8e5c43c099a9871005db2bc83272455eb56c10c9c01fabb4a2ab2c42925d490f9608332aca2916ef172ef81bc204ae9f211d9a357a3a4989581f43
-  data.tar.gz: b702c29a1c3ccf89a46a10828c3911ab9d7d9880d43e79387ff4e5cd6284aabe83dcb81c28f65c19f484550f018c2fb93261b0e7a7939ed04c587a76a00ed2be
+  metadata.gz: 9172fb1cbe9b620439a73b41b12d53f0e6bfd5f4ce2d219f0398ab6c4136716200463885ba692cf34b70675e4151f3536398c10a4bf59e9817b09f2c3b52eb69
+  data.tar.gz: 01010f397f8c724adcf89e9db463f7ba6ba9277501ef243957e58b8a7e2eb863c840d9a533e921ec4f953dd10d76479676b0ade0b7bf24da69891bc8fc6cfd7e

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    ipizza (2.0.1)
+    ipizza (2.2.0)
 
 GEM
   remote: http://rubygems.org/
@@ -46,3 +46,6 @@ DEPENDENCIES
   rake
   rb-fsevent
   rspec (~> 2.9.0)
+
+BUNDLED WITH
+   1.17.3

data/lib/ipizza/authentication.rb

@@ -1,8 +1,8 @@
 module Ipizza
   class Authentication
-    
+
     attr_accessor :provider, :user, :message_time, :sender_id, :receiver_id, :user_name, :user_id, :country, :other, :authentication_identifier, :request_identifier
-    
+
     def initialize(attribs = {})
       attribs.each do |key, value|
         if self.respond_to?("#{key.to_s}=".to_sym)

data/lib/ipizza/authentication_response.rb

@@ -1,18 +1,18 @@
 module Ipizza
   class AuthenticationResponse < Ipizza::Response
-    
+
     def success?
       %w(3012 3013).include?(@params['VK_SERVICE'])
     end
-    
+
     def valid?
       @valid
     end
-    
+
     def info_social_security_id
       authentication_info.user_id
     end
-    
+
     def info_name
       authentication_info.user_name
     end

data/lib/ipizza/payment.rb

@@ -1,8 +1,8 @@
 module Ipizza
   class Payment
-    
+
     attr_accessor :provider, :stamp, :amount, :currency, :refnum, :receiver_account, :receiver_name, :sender_account, :sender_name, :message, :transaction_id, :transaction_time
-    
+
     def initialize(attribs = {})
       attribs.each do |key, value|
         if self.respond_to?("#{key.to_s}=".to_sym)

data/lib/ipizza/payment_response.rb

@@ -3,15 +3,15 @@ class Ipizza::PaymentResponse < Ipizza::Response
   def success?
     %w(1111).include?(@params['VK_SERVICE'])
   end
-  
+
   def valid?
     @valid
   end
-  
+
   def automatic_message?
     @params['VK_AUTO'] == 'Y'
   end
-  
+
   def payment_info
     @payment_info ||= Ipizza::Payment.new(
       provider: @params['VK_SND_ID'],

data/lib/ipizza/provider/base.rb

@@ -4,7 +4,20 @@ module Ipizza::Provider
     SUPPORTED_ENCODINGS = %w(UTF-8 ISO-8859-1 WINDOWS-1257)
 
     class << self
-      attr_accessor :service_url, :return_url, :cancel_url, :file_key, :key_secret, :file_cert, :snd_id, :rec_id, :rec_acc, :rec_name, :encoding, :lang
+      attr_accessor :service_url,
+                    :return_url,
+                    :cancel_url,
+                    :file_key,
+                    :key_secret,
+                    :file_cert,
+                    :sign_algorithm,
+                    :verification_algorithm,
+                    :snd_id,
+                    :rec_id,
+                    :rec_acc,
+                    :rec_name,
+                    :encoding,
+                    :lang
     end
 
     def payment_request(payment, service_no = 1012)
@@ -40,7 +53,10 @@ module Ipizza::Provider
 
     def payment_response(params)
       response = Ipizza::PaymentResponse.new(params)
-      response.verify(self.class.file_cert)
+      response.verify(
+        self.class.file_cert,
+        self.class.verification_algorithm || Ipizza::Util::DEFAULT_HASH_ALGORITHM
+      )
       response
     end
 
@@ -77,7 +93,10 @@ module Ipizza::Provider
 
     def authentication_response(params)
       response = Ipizza::AuthenticationResponse.new(params)
-      response.verify(self.class.file_cert)
+      response.verify(
+        self.class.file_cert,
+        self.class.verification_algorithm || Ipizza::Util::DEFAULT_HASH_ALGORITHM
+      )
       response
     end
 

data/lib/ipizza/request.rb

@@ -1,6 +1,6 @@
 module Ipizza
   class Request
-    
+
     attr_accessor :extra_params
     attr_accessor :sign_params
     attr_accessor :service_url
@@ -16,7 +16,7 @@ module Ipizza
       signature = Ipizza::Util.sign(privkey_path, privkey_secret, Ipizza::Util.mac_data_string(sign_params, order))
       self.sign_params[mac_param] = signature
     end
-    
+
     def request_params
       sign_params.merge(extra_params)
     end

data/lib/ipizza/response.rb

@@ -2,21 +2,21 @@ class Ipizza::Response
 
   attr_accessor :verify_params
   attr_accessor :verify_params_order
-  
+
   PARAM_ORDER = {
     '1111' => %w(VK_SERVICE VK_VERSION VK_SND_ID VK_REC_ID VK_STAMP VK_T_NO VK_AMOUNT VK_CURR VK_REC_ACC VK_REC_NAME VK_SND_ACC VK_SND_NAME VK_REF VK_MSG VK_T_DATETIME),
     '3012' => %w(VK_SERVICE VK_VERSION VK_USER VK_DATETIME VK_SND_ID VK_REC_ID VK_USER_NAME VK_USER_ID VK_COUNTRY VK_OTHER VK_TOKEN VK_RID),
     '3013' => %w(VK_SERVICE VK_VERSION VK_DATETIME VK_SND_ID VK_REC_ID VK_NONCE VK_USER_NAME VK_USER_ID VK_COUNTRY VK_OTHER VK_TOKEN VK_RID),
     '1911' => %w(VK_SERVICE VK_VERSION VK_SND_ID VK_REC_ID VK_STAMP VK_REF VK_MSG)
-  }  
-  
+  }
+
   def initialize(params)
     @params = params
   end
 
-  def verify(certificate_path)
+  def verify(certificate_path, hash_algorithm = Ipizza::Util::DEFAULT_HASH_ALGORITHM)
     mac_string = Ipizza::Util.mac_data_string(@params, PARAM_ORDER[@params['VK_SERVICE']])
 
-    @valid = Ipizza::Util.verify_signature(certificate_path, @params['VK_MAC'], mac_string)
+    @valid = Ipizza::Util.verify_signature(certificate_path, @params['VK_MAC'], mac_string, hash_algorithm)
   end
 end

data/lib/ipizza/util.rb

@@ -3,24 +3,33 @@ require 'openssl'
 
 module Ipizza
   class Util
-    
+
+    DEFAULT_HASH_ALGORITHM = 'sha1'
+
     class << self
-      
-      def verify_signature(certificate_path, signature, data)
+
+      def verify_signature(certificate_path, signature, data, hash_algorithm = DEFAULT_HASH_ALGORITHM)
         if !certificate_path.to_s.empty? && !signature.to_s.empty? && File.file?(certificate_path)
           certificate = OpenSSL::X509::Certificate.new(File.read(certificate_path).gsub(/  /, '')).public_key
-          certificate.verify(OpenSSL::Digest::SHA1.new, Base64.decode64(signature), data)
+          certificate.verify(
+            digest_class(hash_algorithm).new,
+            Base64.decode64(signature),
+            data
+          )
         else
           false
         end
       end
-      
-      def sign(privkey_path, privkey_secret, data)
+
+      def sign(privkey_path, privkey_secret, data, hash_algorithm = DEFAULT_HASH_ALGORITHM)
         privkey = File.open(privkey_path, 'r') { |f| f.read }
         privkey = OpenSSL::PKey::RSA.new(privkey.gsub(/  /, ''), privkey_secret)
 
-        signature = privkey.sign(OpenSSL::Digest::SHA1.new, data)
-        signature = Base64.encode64(signature).gsub(/\n/, '')
+        signature = privkey.sign(
+          digest_class(hash_algorithm).new,
+          data
+        )
+        Base64.encode64(signature).gsub(/\n/, '')
       end
 
       # Calculates and adds control number using 7-3-1 algoritm for Estonian banking account and reference numbers.
@@ -74,6 +83,16 @@ module Ipizza
           sprintf('%03i', val.bytesize)
         end
       end
+
+      def digest_class(hash_algorithm)
+        algorithm = (hash_algorithm || '').upcase
+
+        if OpenSSL::Digest.const_defined?(algorithm)
+          OpenSSL::Digest.const_get(algorithm)
+        else
+          raise ArgumentError, "Unknown hash algorithm OpenSSL::Digest::#{algorithm}"
+        end
+      end
     end
   end
 end

data/lib/ipizza/version.rb

@@ -1,3 +1,3 @@
 module Ipizza
-  VERSION = '2.1.0'
+  VERSION = '2.2.0'
 end

data/spec/config/config.yml

@@ -41,6 +41,8 @@ seb:
   key_secret: foobar
   encoding: UTF-8
   snd_id: sender
+  sign_algorithm: 'sha256'
+  verification_algorithm: 'sha256'
 
 luminor:
   service_url: https://banklink.luminor.ee/test

data/spec/config/plain_config.yml

@@ -11,3 +11,5 @@ swedbank:
 
 seb:
   service_url: https://www.seb.ee/banklink
+  sign_algorithm: 'sha256'
+  verification_algorithm: 'sha1'

data/spec/ipizza/config_spec.rb

@@ -16,6 +16,8 @@ describe Ipizza::Config do
       Ipizza::Provider::Swedbank.encoding.should == 'UTF-8'
       
       Ipizza::Provider::Seb.service_url.should == 'https://www.seb.ee/banklink'
+      Ipizza::Provider::Seb.sign_algorithm.should == 'sha256'
+      Ipizza::Provider::Seb.verification_algorithm.should == 'sha1'
     end
   
     it 'should load certificates from path relative to configuration file' do

data/spec/ipizza/provider/luminor_spec.rb

@@ -2,7 +2,7 @@ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
 
 describe Ipizza::Provider::Luminor do
   let(:response_time) { Ipizza::Util.time_to_iso8601(Time.now) }
-  let(:bank_key) { File.expand_path('../../../certificates/pangalink_luminor_bank_key.pem', __FILE__) }
+  let(:bank_key) { File.expand_path('../../../certificates/pangalink_seb_bank_key.pem', __FILE__) }
 
   describe '#payment_request' do
     let(:payment) { Ipizza::Payment.new(stamp: 1, amount: '123.34', refnum: 1, message: 'Payment message', currency: 'EUR') }

data/spec/ipizza/provider/seb_spec.rb

@@ -45,7 +45,12 @@ describe Ipizza::Provider::Seb do
     }
 
     it 'should parse and verify the payment response from bank' do
-      signature = Ipizza::Util.sign(bank_key, nil, Ipizza::Util.mac_data_string(params, Ipizza::Response::PARAM_ORDER['1111']))
+      signature = Ipizza::Util.sign(
+        bank_key,
+        nil,
+        Ipizza::Util.mac_data_string(params, Ipizza::Response::PARAM_ORDER['1111']),
+        Ipizza::Provider::Seb.sign_algorithm
+      )
       Ipizza::Provider::Seb.new.payment_response(params.merge('VK_MAC' => signature)).should be_valid
     end
   end
@@ -82,7 +87,12 @@ describe Ipizza::Provider::Seb do
     }
 
     it 'should parse and verify the authentication response from bank' do
-      signature = Ipizza::Util.sign(bank_key, nil, Ipizza::Util.mac_data_string(params, Ipizza::Response::PARAM_ORDER['3012']))
+      signature = Ipizza::Util.sign(
+        bank_key,
+        nil,
+        Ipizza::Util.mac_data_string(params, Ipizza::Response::PARAM_ORDER['3012']),
+        Ipizza::Provider::Seb.sign_algorithm
+      )
       Ipizza::Provider::Seb.new.authentication_response(params.merge('VK_MAC' => signature)).should be_valid
     end
   end

data/spec/ipizza/provider_spec.rb

@@ -46,10 +46,6 @@ describe Ipizza::Provider do
       Ipizza::Provider.get('krediidipank').should be_a(Ipizza::Provider::Krediidipank)
     end
 
-    it 'returns nordea provider for "nordea" attribute' do
-      Ipizza::Provider.get('nordea').should be_a(Ipizza::Provider::Nordea)
-    end
-
     it 'returns nothing for "unkn" attribute' do
       Ipizza::Provider.get('unkn').should be_nil
     end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: ipizza
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Priit Haamer
 - Tanel Jakobsoo
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-09-15 00:00:00.000000000 Z
+date: 2023-09-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -136,10 +136,6 @@ files:
 - spec/ipizza/provider/krediidipank_spec.rb
 - spec/ipizza/provider/lhv_spec.rb
 - spec/ipizza/provider/luminor_spec.rb
-- spec/ipizza/provider/nordea/authentication_response_spec.rb
-- spec/ipizza/provider/nordea/payment_request_spec.rb
-- spec/ipizza/provider/nordea/payment_response_spec.rb
-- spec/ipizza/provider/nordea_spec.rb
 - spec/ipizza/provider/sampo_spec.rb
 - spec/ipizza/provider/seb_spec.rb
 - spec/ipizza/provider/swedbank_spec.rb
@@ -150,7 +146,7 @@ files:
 homepage: https://github.com/Voog/ipizza
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -165,8 +161,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.0.8
+signing_key:
 specification_version: 4
 summary: Implements iPizza protocol to communicate with Estonian Banks
 test_files:
@@ -195,10 +191,6 @@ test_files:
 - spec/ipizza/provider/krediidipank_spec.rb
 - spec/ipizza/provider/lhv_spec.rb
 - spec/ipizza/provider/luminor_spec.rb
-- spec/ipizza/provider/nordea/authentication_response_spec.rb
-- spec/ipizza/provider/nordea/payment_request_spec.rb
-- spec/ipizza/provider/nordea/payment_response_spec.rb
-- spec/ipizza/provider/nordea_spec.rb
 - spec/ipizza/provider/sampo_spec.rb
 - spec/ipizza/provider/seb_spec.rb
 - spec/ipizza/provider/swedbank_spec.rb

data/spec/ipizza/provider/nordea/authentication_response_spec.rb

@@ -1,33 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/../../../spec_helper')
-
-describe Ipizza::Provider::Nordea::AuthenticationResponse do
-  before(:each) do
-    @valid_params = {
-      'B02K_CUSTNAME' => 'Demo kasutaja', 'B02K_IDNBR' => '87654321', 'B02K_TIMESTMP' => '20020101204145428720',
-      'B02K_STAMP' => '20101204155339', 'B02K_KEYVERS' => '0001', 'B02K_MAC' => 'A061E22312D7D63FDC2B0B52E16BC971',
-      'B02K_CUSTTYPE' => '01', 'B02K_ALG' => '01', 'B02K_CUSTID' => '37404280367', 'B02K_VERS' => '0002'
-    }
-    @response = Ipizza::Provider::Nordea::AuthenticationResponse.new(@valid_params)
-    @response.verify(Ipizza::Provider::Nordea.file_key)
-  end
-  
-  describe '#valid?' do
-    context 'given valid parameters' do
-      it 'returns true' do
-        @response.valid?.should be_true
-      end
-    end
-  end
-  
-  describe '#info_social_security_id' do
-    it 'should get user social security id from the response' do
-      @response.info_social_security_id.should == '37404280367'
-    end
-  end
-  
-  describe '#info_name' do
-    it 'should get user name from the response' do
-      @response.info_name.should == 'Demo kasutaja'
-    end
-  end
-end

data/spec/ipizza/provider/nordea/payment_request_spec.rb

@@ -1,4 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/../../../spec_helper')
-
-describe Ipizza::Provider::Nordea::PaymentRequest do
-end

data/spec/ipizza/provider/nordea/payment_response_spec.rb

@@ -1,4 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/../../../spec_helper')
-
-describe Ipizza::Provider::Nordea::PaymentResponse do
-end

data/spec/ipizza/provider/nordea_spec.rb

@@ -1,29 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
-
-describe Ipizza::Provider::Nordea do
-  describe '#authentication_request' do
-    before(:each) do
-      @req = Ipizza::Provider::Nordea.new.authentication_request
-    end
-    
-    it 'returns signed authentication request object' do
-      @req.request_params.fetch('A01Y_MAC').should be
-    end
-    
-    it 'adds service url to request' do
-      @req.service_url.should == Ipizza::Provider::Nordea.auth_service_url
-    end
-
-    it 'adds return url from configuration to request' do
-      @req.request_params.fetch('A01Y_RETLINK').should == Ipizza::Provider::Nordea.auth_return_url
-    end
-
-    it 'adds cancel url from configuration to request' do
-      @req.request_params.fetch('A01Y_CANLINK').should == Ipizza::Provider::Nordea.auth_cancel_url
-    end
-
-    it 'adds reject url from configuration to request' do
-      @req.request_params.fetch('A01Y_REJLINK').should == Ipizza::Provider::Nordea.auth_reject_url
-    end
-  end
-end