isds 0.1.0

data/lib/isds/client.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+module ISDS
+  class Client
+    attr_reader :configuration, :connection
+
+    def initialize(config = nil, &block)
+      @configuration = config || ISDS.configuration
+      yield(@configuration) if block
+      @connection = Connection.new(@configuration)
+    end
+
+    def authenticate!
+      configuration.validate!
+      # Perform a simple operation to verify credentials
+      connection.call(:info, :get_owner_info_from_login)
+      @authenticated = true
+    rescue ISDS::Error
+      @authenticated = false
+      raise
+    end
+
+    def connected?
+      @authenticated == true
+    end
+
+    def disconnect
+      @authenticated = false
+      @connection = Connection.new(configuration)
+    end
+
+    # --- Message operations ---
+
+    def send_message(to_databox_id, subject:, attachments: [], **options)
+      message = Message.new(connection: connection)
+      message.create(to_databox_id, subject: subject, attachments: attachments, **options)
+    end
+
+    def receive_messages(limit: 50, unread_only: true, **filters)
+      Message.received(connection: connection, limit: limit, unread_only: unread_only, **filters)
+    end
+
+    def sent_messages(limit: 50, **filters)
+      Message.sent(connection: connection, limit: limit, **filters)
+    end
+
+    def find_message(message_id)
+      Message.find(message_id, connection: connection)
+    end
+
+    def mark_messages_read(message_ids)
+      Array(message_ids).each do |id|
+        Message.mark_as_read(id, connection: connection)
+      end
+    end
+
+    # --- Databox operations ---
+
+    def find_databox(databox_id)
+      Databox.find(databox_id, connection: connection)
+    end
+
+    def search_databoxes(query, **filters)
+      Search.databoxes(query, connection: connection, **filters)
+    end
+
+    def check_databox_status(databox_id)
+      Databox.check_status(databox_id, connection: connection)
+    end
+
+    # --- Info operations ---
+
+    def owner_info
+      connection.call(:info, :get_owner_info_from_login)
+    end
+
+    def password_info
+      connection.call(:access, :get_password_info)
+    end
+  end
+end

data/lib/isds/configuration.rb

@@ -0,0 +1,154 @@
+# frozen_string_literal: true
+
+module ISDS
+  class Configuration
+    VALID_ENVIRONMENTS = %i[test production].freeze
+    VALID_AUTH_METHODS = %i[basic certificate access_interface].freeze
+    DEFAULT_TIMEOUT = 30
+    DEFAULT_RETRIES = 3
+    DEFAULT_POOL_SIZE = 5
+    DEFAULT_LARGE_MESSAGE_CHUNK_SIZE = 10 * 1024 * 1024 # 10MB
+
+    attr_accessor :environment, :timeout, :retries, :auth_method,
+                  :username, :password,
+                  :certificate_path, :private_key_path, :key_password,
+                  :logger, :log_level, :enable_request_logging,
+                  :connection_pool_size, :request_timeout, :large_message_chunk_size,
+                  :endpoints, :ssl_verify_peer, :ssl_ca_file, :ssl_version,
+                  :on_error, :retry_on,
+                  :cache_store, :cache_ttl
+
+    def initialize(**options)
+      assign_core_options(options)
+      assign_auth_options(options)
+      assign_logging_options(options)
+      assign_connection_options(options)
+      assign_ssl_options(options)
+      assign_advanced_options(options)
+    end
+
+    def valid?
+      validate!
+      true
+    rescue ConfigurationError
+      false
+    end
+
+    def validate!
+      validate_environment!
+      validate_auth_method!
+      validate_credentials!
+    end
+
+    def endpoint_urls
+      @endpoints || ISDS::ENDPOINTS.fetch(environment)
+    end
+
+    def endpoint_for(service)
+      urls = endpoint_urls
+
+      # Direct key lookup (backward compat with custom endpoints)
+      return urls[service] if urls.key?(service)
+
+      # Map through SERVICE_ENDPOINT_MAP
+      endpoint_key = ISDS::SERVICE_ENDPOINT_MAP[service]
+      raise ConfigurationError, "Unknown service: #{service}" unless endpoint_key
+
+      urls.fetch(endpoint_key) do
+        raise ConfigurationError, "No endpoint configured for #{endpoint_key} (service: #{service})"
+      end
+    end
+
+    def base_url
+      endpoint_urls[:base_url]
+    end
+
+    def test?
+      environment == :test
+    end
+
+    def production?
+      environment == :production
+    end
+
+    private
+
+    def validate_environment!
+      return if VALID_ENVIRONMENTS.include?(environment)
+
+      raise ConfigurationError, "Invalid environment: #{environment}. Must be one of: #{VALID_ENVIRONMENTS.join(', ')}"
+    end
+
+    def validate_auth_method!
+      return if VALID_AUTH_METHODS.include?(auth_method)
+
+      raise ConfigurationError,
+            "Invalid auth_method: #{auth_method}. Must be one of: #{VALID_AUTH_METHODS.join(', ')}"
+    end
+
+    def validate_credentials!
+      case auth_method
+      when :basic, :access_interface
+        validate_basic_credentials!
+      when :certificate
+        validate_certificate_credentials!
+      end
+    end
+
+    def assign_core_options(options)
+      @environment = options.fetch(:environment, :test)
+      @timeout = options.fetch(:timeout, DEFAULT_TIMEOUT)
+      @retries = options.fetch(:retries, DEFAULT_RETRIES)
+    end
+
+    def assign_auth_options(options)
+      @auth_method = options.fetch(:auth_method, :basic)
+      @username = options[:username]
+      @password = options[:password]
+      @certificate_path = options[:certificate_path]
+      @private_key_path = options[:private_key_path]
+      @key_password = options[:key_password]
+    end
+
+    def assign_logging_options(options)
+      @logger = options[:logger]
+      @log_level = options.fetch(:log_level, :info)
+      @enable_request_logging = options.fetch(:enable_request_logging, false)
+    end
+
+    def assign_connection_options(options)
+      @connection_pool_size = options.fetch(:connection_pool_size, DEFAULT_POOL_SIZE)
+      @request_timeout = options.fetch(:request_timeout, 120)
+      @large_message_chunk_size = options.fetch(:large_message_chunk_size, DEFAULT_LARGE_MESSAGE_CHUNK_SIZE)
+      @endpoints = options[:endpoints]
+    end
+
+    def assign_ssl_options(options)
+      @ssl_verify_peer = options.fetch(:ssl_verify_peer, true)
+      @ssl_ca_file = options[:ssl_ca_file]
+      @ssl_version = options[:ssl_version]
+    end
+
+    def assign_advanced_options(options)
+      @on_error = options[:on_error]
+      @retry_on = options[:retry_on]
+      @cache_store = options[:cache_store]
+      @cache_ttl = options.fetch(:cache_ttl, 3600)
+    end
+
+    def validate_basic_credentials!
+      raise ConfigurationError, 'Username is required for basic authentication' if username.nil? || username.empty?
+      raise ConfigurationError, 'Password is required for basic authentication' if password.nil? || password.empty?
+    end
+
+    def validate_certificate_credentials!
+      if certificate_path.nil? || certificate_path.empty?
+        raise ConfigurationError,
+              'Certificate path is required for certificate authentication'
+      end
+      return unless private_key_path.nil? || private_key_path.empty?
+
+      raise ConfigurationError, 'Private key path is required for certificate authentication'
+    end
+  end
+end

data/lib/isds/connection.rb

@@ -0,0 +1,113 @@
+# frozen_string_literal: true
+
+module ISDS
+  class Connection
+    attr_reader :configuration, :authenticator
+
+    def initialize(configuration)
+      @configuration = configuration
+      @authenticator = Authentication::Base.build(configuration)
+      @soap_clients = {}
+    end
+
+    def call(service, operation, message = {})
+      client = soap_client_for(service)
+      response = client.call(operation, message: message)
+      parse_response(response)
+    rescue Savon::SOAPFault => e
+      handle_soap_fault(e)
+    rescue Savon::HTTPError => e
+      handle_http_error(e)
+    rescue Net::OpenTimeout, Net::ReadTimeout => e
+      raise TimeoutError.new("Request timed out: #{e.message}", original_error: e)
+    rescue Errno::ECONNREFUSED, Errno::ECONNRESET, SocketError => e
+      raise ConnectionError.new("Connection failed: #{e.message}", original_error: e)
+    end
+
+    def soap_client_for(service)
+      @soap_clients[service] ||= build_soap_client(service)
+    end
+
+    private
+
+    def build_soap_client(service)
+      endpoint = configuration.endpoint_for(service)
+
+      options = base_savon_options(endpoint)
+      options = authenticator.apply(options)
+      Savon.client(**options)
+    end
+
+    def base_savon_options(endpoint) # rubocop:disable Metrics/AbcSize
+      options = {
+        endpoint: endpoint,
+        namespace: ISDS::ISDS_NAMESPACE,
+        namespace_identifier: :isds,
+        env_namespace: :soapenv,
+        open_timeout: configuration.timeout,
+        read_timeout: configuration.request_timeout,
+        ssl_verify_mode: configuration.ssl_verify_peer ? :peer : :none,
+        log: configuration.enable_request_logging,
+        pretty_print_xml: configuration.test?,
+        convert_response_tags_to: ->(tag) { tag.snakecase.to_sym }
+      }
+
+      options[:ssl_ca_cert_file] = configuration.ssl_ca_file if configuration.ssl_ca_file
+      if configuration.logger
+        options[:logger] = configuration.logger
+        options[:log_level] = configuration.log_level
+      end
+      options
+    end
+
+    def parse_response(response)
+      body = response.body
+      check_isds_status!(body)
+      body
+    end
+
+    def check_isds_status!(body)
+      status = extract_status(body)
+      return if status.nil?
+
+      code = status[:dm_status_code] || status[:db_status_code]
+      message = status[:dm_status_message] || status[:db_status_message]
+      return if code == '0000'
+
+      raise ErrorMapper.map(code, message)
+    end
+
+    def extract_status(body)
+      return nil unless body.is_a?(Hash)
+
+      body.each_value do |value|
+        next unless value.is_a?(Hash)
+
+        return value[:dm_status] if value[:dm_status]
+        return value[:db_status] if value[:db_status]
+      end
+      nil
+    end
+
+    def handle_soap_fault(error)
+      fault_message = error.to_hash.dig(:fault, :faultstring) || error.message
+
+      if fault_message.match?(/authentication|unauthorized|login/i)
+        raise InvalidCredentialsError.new(fault_message, original_error: error)
+      end
+
+      raise ISDS::Error.new("SOAP Fault: #{fault_message}", original_error: error)
+    end
+
+    def handle_http_error(error)
+      case error.http.code
+      when 401, 403
+        raise InvalidCredentialsError.new("Authentication failed (HTTP #{error.http.code})", original_error: error)
+      when 503
+        raise ServiceUnavailableError.new('ISDS service unavailable', original_error: error)
+      else
+        raise NetworkError.new("HTTP error #{error.http.code}", original_error: error)
+      end
+    end
+  end
+end

data/lib/isds/databox.rb

@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+
+module ISDS
+  class Databox
+    attr_reader :id, :name, :type, :ico, :address, :status,
+                :pdz_enabled, :ovm, :raw_data
+
+    def initialize(**attributes)
+      @id = attributes[:id]
+      @name = attributes[:name]
+      @type = attributes[:type]
+      @ico = attributes[:ico]
+      @address = attributes[:address]
+      @status = attributes[:status]
+      @pdz_enabled = attributes[:pdz_enabled]
+      @ovm = attributes[:ovm]
+      @raw_data = attributes[:raw_data]
+    end
+
+    def active?
+      status&.to_i == 1
+    end
+
+    def accessible?
+      active?
+    end
+
+    def can_receive_pdt?
+      pdz_enabled == true
+    end
+
+    def ovm?
+      ovm == true
+    end
+
+    def self.find(databox_id, connection:)
+      validate_databox_id!(databox_id)
+
+      response = connection.call(:search, :find_data_box, {
+                                   'isds:dbOwnerInfo' => {
+                                     'isds:dbID' => databox_id
+                                   }
+                                 })
+
+      from_response(response)
+    end
+
+    def self.find_by_ico(ico, connection:)
+      response = connection.call(:search, :find_data_box, {
+                                   'isds:dbOwnerInfo' => {
+                                     'isds:ic' => ico
+                                   }
+                                 })
+
+      from_response(response)
+    end
+
+    def self.check_status(databox_id, connection:)
+      validate_databox_id!(databox_id)
+
+      response = connection.call(:search, :check_data_box, {
+                                   'isds:dbID' => databox_id
+                                 })
+
+      extract_status(response)
+    end
+
+    def self.validate_databox_id!(databox_id)
+      return if databox_id.is_a?(String) && databox_id.match?(/\A[a-z0-9]{7}\z/i)
+
+      raise InvalidMessageError, "Invalid databox ID format: #{databox_id}. Must be 7 alphanumeric characters."
+    end
+
+    private_class_method def self.from_response(response)
+      records = extract_records(response)
+      return nil if records.nil? || records.empty?
+
+      records = [records] unless records.is_a?(Array)
+      records.map { |record| from_record(record) }
+    end
+
+    private_class_method def self.extract_records(response)
+      key = response.keys.first
+      response.dig(key, :db_results, :db_owner_info) ||
+        response.dig(key, :db_owner_info)
+    end
+
+    private_class_method def self.from_record(record)
+      new(
+        id: record[:db_id],
+        name: [record[:firm_name], record[:pn_first_name], record[:pn_last_name]].compact.join(' ').strip,
+        type: record[:db_type],
+        ico: record[:ic],
+        address: build_address(record),
+        status: record[:db_state],
+        pdz_enabled: record[:db_open_addressing],
+        ovm: record[:db_type]&.start_with?('OVM'),
+        raw_data: record
+      )
+    end
+
+    private_class_method def self.build_address(record)
+      parts = [
+        record[:ad_street],
+        record[:ad_number_in_street],
+        record[:ad_city],
+        record[:ad_zip_code]
+      ].compact
+      parts.join(', ')
+    end
+
+    private_class_method def self.extract_status(response)
+      key = response.keys.first
+      state = response.dig(key, :db_state)
+      {
+        status: state&.to_i,
+        active: state&.to_i == 1
+      }
+    end
+  end
+end

data/lib/isds/digital_signature/verifier.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module ISDS
+  module DigitalSignature
+    class Verifier
+      attr_reader :connection
+
+      def initialize(connection:)
+        @connection = connection
+      end
+
+      def verify_message(message_id)
+        response = connection.call(:info, :signed_message_download, {
+                                     'isds:dmID' => message_id
+                                   })
+
+        signature_data = response.dig(:signed_message_download_response, :dm_signature)
+        return { valid: false, error: 'No signature found' } unless signature_data
+
+        verify_pkcs7_signature(Base64.decode64(signature_data))
+      end
+
+      def verify_delivery_info(message_id)
+        response = connection.call(:info, :get_signed_delivery_info, {
+                                     'isds:dmID' => message_id
+                                   })
+
+        signed_info = response.dig(:get_signed_delivery_info_response, :dm_signature)
+        return { valid: false, error: 'No delivery signature found' } unless signed_info
+
+        verify_pkcs7_signature(Base64.decode64(signed_info))
+      end
+
+      private
+
+      def verify_pkcs7_signature(data)
+        pkcs7 = OpenSSL::PKCS7.new(data)
+        store = OpenSSL::X509::Store.new
+        store.set_default_paths
+
+        valid = pkcs7.verify([], store, nil, OpenSSL::PKCS7::NOVERIFY)
+        {
+          valid: valid,
+          signer: extract_signer_info(pkcs7),
+          signed_at: extract_signing_time(pkcs7)
+        }
+      rescue OpenSSL::PKCS7::PKCS7Error => e
+        { valid: false, error: e.message }
+      end
+
+      def extract_signer_info(pkcs7)
+        cert = pkcs7.certificates&.first
+        cert&.subject&.to_s
+      end
+
+      def extract_signing_time(pkcs7)
+        signer = pkcs7.signers&.first
+        signer&.signed_time
+      end
+    end
+  end
+end

data/lib/isds/error.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module ISDS
+  class Error < StandardError
+    attr_reader :code, :original_error
+
+    def initialize(message = nil, code: nil, original_error: nil)
+      @code = code
+      @original_error = original_error
+      super(message)
+    end
+  end
+
+  class ConfigurationError < Error; end
+
+  # Network and connection errors
+  class NetworkError < Error; end
+  class TimeoutError < NetworkError; end
+  class ConnectionError < NetworkError; end
+
+  # Authentication errors
+  class AuthenticationError < Error; end
+  class InvalidCredentialsError < AuthenticationError; end
+  class CertificateError < AuthenticationError; end
+
+  # Business logic errors
+  class DataboxNotFoundError < Error; end
+  class MessageNotFoundError < Error; end
+  class PermissionDeniedError < Error; end
+  class InvalidMessageError < Error; end
+
+  # ISDS service errors
+  class ServiceUnavailableError < Error; end
+  class TemporaryUnavailableError < Error; end
+  class QuotaExceededError < Error; end
+
+  # File handling errors
+  class AttachmentError < Error; end
+  class FileSizeExceededError < AttachmentError; end
+  class UnsupportedFormatError < AttachmentError; end
+
+  # Maps ISDS status codes to error classes
+  class ErrorMapper
+    STATUS_MAP = {
+      '0001' => InvalidCredentialsError,
+      '0002' => PermissionDeniedError,
+      '0003' => DataboxNotFoundError,
+      '0004' => MessageNotFoundError,
+      '0005' => InvalidMessageError,
+      '0006' => QuotaExceededError,
+      '9999' => ServiceUnavailableError
+    }.freeze
+
+    def self.map(status_code, status_message)
+      error_class = STATUS_MAP.fetch(status_code, Error)
+      error_class.new(status_message, code: status_code)
+    end
+  end
+end

data/lib/isds/large_messages/downloader.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module ISDS
+  module LargeMessages
+    class Downloader
+      attr_reader :connection
+
+      def initialize(connection:)
+        @connection = connection
+      end
+
+      def download(message_id, attachment_id, target_path, &progress_callback)
+        info = get_attachment_info(message_id, attachment_id)
+        total_chunks = info[:chunks_total].to_i
+
+        File.open(target_path, 'wb') do |file|
+          (1..total_chunks).each do |chunk_num|
+            chunk_data = download_chunk(message_id, attachment_id, chunk_num)
+            file.write(chunk_data)
+
+            progress_callback&.call(chunk_num, total_chunks)
+          end
+        end
+
+        verify_integrity(target_path, info[:hash]) if info[:hash]
+        target_path
+      end
+
+      private
+
+      def get_attachment_info(message_id, attachment_id)
+        response = connection.call(:large_messages, :get_attachment_info, {
+                                     'isds:dmID' => message_id,
+                                     'isds:dmFileID' => attachment_id
+                                   })
+
+        key = response.keys.first
+        response[key] || {}
+      end
+
+      def download_chunk(message_id, attachment_id, chunk_number)
+        response = connection.call(:large_messages, :download_chunk, {
+                                     'isds:dmID' => message_id,
+                                     'isds:dmFileID' => attachment_id,
+                                     'isds:dmChunkSeq' => chunk_number
+                                   })
+
+        key = response.keys.first
+        encoded = response.dig(key, :dm_encoded_content)
+        Base64.decode64(encoded)
+      end
+
+      def verify_integrity(file_path, expected_hash)
+        actual_hash = Digest::SHA256.file(file_path).hexdigest
+        return if actual_hash == expected_hash
+
+        raise AttachmentError, "File integrity check failed. Expected: #{expected_hash}, got: #{actual_hash}"
+      end
+    end
+  end
+end