sepafm 0.1.0 → 0.1.1

data/lib/sepa/banks/nordea/nordea_response.rb

@@ -1,20 +1,20 @@
 module Sepa
   class NordeaResponse < Response
+    include Utilities
 
-    def initialize(response, command: nil)
-      super
+    def own_signing_cert
+      application_response = extract_application_response(NORDEA_PKI)
+      at = 'xmlns|Certificate > xmlns|Certificate'
+      node = Nokogiri::XML(application_response).at(at, xmlns: NORDEA_XML_DATA)
 
-      if @command == :get_certificate
-        @application_response = extract_application_response('http://bxd.fi/CertificateService')
-        @content = extract_own_cert
-      end
-    end
+      return unless node
 
-    def extract_own_cert
-      node = Nokogiri::XML(@application_response)
-      .at('xmlns|Certificate > xmlns|Certificate', xmlns: 'http://filetransfer.nordea.com/xmldata/')
+      cert_value = process_cert_value node.content
+      cert = x509_certificate cert_value
+      cert_plain = cert.to_s
 
-      Base64.encode64(OpenSSL::X509::Certificate.new(process_cert_value(node.content)).to_s) if node
+      encode cert_plain
     end
+
   end
 end

data/lib/sepa/banks/nordea/soap_nordea.rb

@@ -18,7 +18,7 @@ module Sepa
       end
 
       def set_body_contents
-        set_node(@template, 'cer|ApplicationRequest', @ar.to_base64)
+        set_node(@template, 'cer|ApplicationRequest', @application_request.to_base64)
         set_node(@template, 'cer|SenderId', @customer_id)
         set_node(@template, 'cer|RequestId', request_id)
         set_node(@template, 'cer|Timestamp', iso_time)
@@ -34,7 +34,7 @@ module Sepa
       end
 
       def common_set_body_contents
-        set_node(@template, 'bxd|ApplicationRequest', @ar.to_base64)
+        set_node(@template, 'bxd|ApplicationRequest', @application_request.to_base64)
         set_node(@template, 'bxd|SenderId', @customer_id)
         set_node(@template, 'bxd|RequestId', request_id)
         set_node(@template, 'bxd|Timestamp', iso_time)

data/lib/sepa/client.rb

@@ -35,6 +35,8 @@ module Sepa
     def initialize(hash = {})
       self.attributes hash
       self.environment ||= 'PRODUCTION'
+      self.language ||= 'EN'
+      self.status ||= 'NEW'
     end
 
     def bank=(value)
@@ -56,13 +58,26 @@ module Sepa
 
       soap = SoapBuilder.new(create_hash).to_xml
       client = Savon.client(wsdl: wsdl)
-      response = client.call(command, xml: soap).doc
+
+      begin
+        response = client.call(command, xml: soap)
+        response &&= response.to_xml
+      rescue Savon::Error => e
+        response = nil
+        error = e.to_s
+      end
+
+      options = {
+        response: response,
+        error: error,
+        command: command
+      }
 
       case bank
       when :nordea
-        NordeaResponse.new response, command: command
+        NordeaResponse.new options
       when :danske
-        DanskeResponse.new response, command: command
+        DanskeResponse.new options
       end
     end
 
@@ -87,5 +102,27 @@ module Sepa
         @private_key = OpenSSL::PKey::RSA.new(@private_key) if @private_key
       end
 
+      # Returns path to WSDL file
+      def wsdl
+        case bank
+          when :nordea
+            if command == :get_certificate
+              file = "wsdl_nordea_cert.xml"
+            else
+              file = "wsdl_nordea.xml"
+            end
+          when :danske
+            if [:get_bank_certificate, :create_certificate].include? command
+              file = "wsdl_danske_cert.xml"
+            else
+              file = "wsdl_danske.xml"
+            end
+          else
+            return nil
+        end
+
+        "#{WSDL_PATH}/#{file}"
+      end
+
   end
 end

data/lib/sepa/response.rb

@@ -3,27 +3,21 @@ module Sepa
     include ActiveModel::Validations
     include Utilities
 
-    attr_reader :soap, :application_response, :certificate, :content
+    attr_reader :soap, :error, :command
 
     validates :soap, presence: true
     validate :validate_document_format
     validate :document_must_validate_against_schema
+    validate :client_errors
 
-    GENERIC_COMMANDS = [:get_user_info, :download_file_list, :download_file, :upload_file]
-
-    def initialize(response, command: nil)
-      @soap = response
-      @command = command
-
-      # Check if command is one of the generic commands which should behave the same way across
-      # different banks
-      if GENERIC_COMMANDS.include? command
-        xsd = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
+    def initialize(hash = {})
+      @soap = hash[:response]
+      @command = hash[:command]
+      @error = hash[:error]
+    end
 
-        @application_response = extract_application_response('http://model.bxd.fi')
-        @certificate = extract_cert(soap, 'BinarySecurityToken', xsd)
-        @content = extract_content
-      end
+    def doc
+      @doc ||= xml_doc @soap
     end
 
     # Verifies that all digest values in the response match the actual ones.
@@ -31,7 +25,7 @@ module Sepa
     # i.e. verbose: true
     def hashes_match?(options = {})
       digests = find_digest_values
-      nodes = find_nodes_to_verify(soap, digests)
+      nodes = find_nodes_to_verify(digests)
 
       verified_digests = digests.select do |uri, digest|
         uri = uri.sub(/^#/, '')
@@ -55,58 +49,76 @@ module Sepa
     # Verifies the signature by extracting the public key from the certificate
     # embedded in the soap header and verifying the signature value with that.
     def signature_is_valid?
-      node = soap.at_css('xmlns|SignedInfo', 'xmlns' => 'http://www.w3.org/2000/09/xmldsig#')
+      node = doc.at('xmlns|SignedInfo', xmlns: DSIG)
 
-      node = node.canonicalize(
-        mode = Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0,
-        inclusive_namespaces = nil, with_comments = false
-      )
+      node = canonicalize_exclusively node
 
-      signature = soap.at_css(
-        'xmlns|SignatureValue',
-        'xmlns' => 'http://www.w3.org/2000/09/xmldsig#'
-      ).content
+      signature = doc.at('xmlns|SignatureValue', xmlns: DSIG).content
 
-      signature = Base64.decode64(signature)
+      signature = decode(signature)
 
       certificate.public_key.verify(OpenSSL::Digest::SHA1.new, signature, node)
     end
 
-    # Gets the application response from the response as an Nokogiri::XML
-    # document
+    # Gets the application response from the response as an xml document
     def application_response
-      ar = soap.at_css('mod|ApplicationResponse').content
-      ar = Base64.decode64(ar)
-      Nokogiri::XML(ar)
+      @application_response ||= extract_application_response(BXD)
     end
 
     def file_references
       return unless @command == :download_file_list
 
       @file_references ||= begin
-        content = Nokogiri::XML @content
-        descriptors = content.css('FileDescriptor')
+        xml = xml_doc content
+        descriptors = xml.css('FileDescriptor')
         descriptors.map { |descriptor| descriptor.at('FileReference').content }
       end
     end
 
+    def certificate
+      @certificate ||= begin
+        extract_cert(doc, 'BinarySecurityToken', OASIS_SECEXT)
+      end
+    end
+
+    def content
+      @content ||= begin
+        xml = xml_doc(application_response)
+
+        case @command
+        when :download_file
+          content_node = xml.at('xmlns|Content', xmlns: XML_DATA)
+          content_node.content if content_node
+        when :download_file_list
+          content_node = xml.remove_namespaces!.at('FileDescriptors')
+          content_node.to_xml if content_node
+        when :get_user_info
+          canonicalized_node(xml, XML_DATA, 'UserFileTypes')
+        when :upload_file
+          signature_node = xml.at('xmlns|Signature', xmlns: DSIG)
+          if signature_node
+            signature_node.remove
+            xml.canonicalize
+          end
+        end
+      end
+    end
+
+    def to_s
+      @soap
+    end
+
     private
 
       # Finds all reference nodes with digest values in the document and returns
       # a hash with uri as the key and digest as the value.
       def find_digest_values
         references = {}
-        reference_nodes = soap.css(
-          'xmlns|Reference',
-          'xmlns' => 'http://www.w3.org/2000/09/xmldsig#'
-        )
+        reference_nodes = doc.css('xmlns|Reference', xmlns: DSIG)
 
         reference_nodes.each do |node|
           uri = node.attr('URI')
-          digest_value = node.at_css(
-            'xmlns|DigestValue',
-            'xmlns' => 'http://www.w3.org/2000/09/xmldsig#'
-          ).content
+          digest_value = node.at('xmlns|DigestValue', xmlns: DSIG).content
 
           references[uri] = digest_value
         end
@@ -116,17 +128,12 @@ module Sepa
 
       # Finds nodes to verify by comparing their id's to the uris' in the
       # references hash.
-      def find_nodes_to_verify(doc, references)
+      def find_nodes_to_verify(references)
         nodes = {}
 
-        references.each do |uri, digest_value|
+        references.each do |uri, _digest_value|
           uri = uri.sub(/^#/, '')
-          wsu = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
-
-          node = doc.at_css(
-            "[wsu|Id='#{uri}']",
-            'wsu' => wsu
-          )
+          node = find_node_by_uri(uri)
 
           nodes[uri] = calculate_digest(node)
         end
@@ -135,45 +142,27 @@ module Sepa
       end
 
       def validate_document_format
-        unless soap.respond_to?(:canonicalize)
-          errors.add(:base, 'Document must be a Nokogiri XML file')
+        unless doc.respond_to?(:canonicalize)
+          errors.add(:base, 'Document must be a valid XML file')
         end
       end
 
       def document_must_validate_against_schema
-        check_validity_against_schema(soap, 'soap.xsd')
+        check_validity_against_schema(doc, 'soap.xsd')
       end
 
-      def extract_content
-        xml = Nokogiri::XML(@application_response)
-        xmlns = 'http://bxd.fi/xmldata/'
-
-        case @command
-        when :download_file
-          content_node = xml.at('xmlns|Content', xmlns: xmlns)
-          content_node.content if content_node
-        when :download_file_list
-          content_node = xml.remove_namespaces!.at('FileDescriptors')
-          content_node.to_xml if content_node
-        when :get_user_info
-          canonicalized_node(xml, xmlns, 'UserFileTypes')
-        when :upload_file
-          signature_node = xml.at('xmlns|Signature', xmlns: 'http://www.w3.org/2000/09/xmldsig#')
-          if signature_node
-            signature_node.remove
-            xml.canonicalize
-          end
-        end
+      def extract_application_response(namespace)
+        ar_node = doc.at('xmlns|ApplicationResponse', xmlns: namespace)
+        decode(ar_node.content)
       end
 
-      def extract_application_response(namespace)
-        if soap.respond_to? :at_css
-          ar_node = soap.at_css('xmlns|ApplicationResponse', xmlns: namespace)
-        end
+      def client_errors
+        client_error = error.to_s
+        errors.add(:base, client_error) unless client_error.empty?
+      end
 
-        if ar_node
-          Base64.decode64(ar_node.content)
-        end
+      def find_node_by_uri(uri)
+        doc.at("[xmlns|Id='#{uri}']", xmlns: OASIS_UTILITY)
       end
 
   end

data/lib/sepa/soap_builder.rb

@@ -2,26 +2,27 @@ module Sepa
   class SoapBuilder
     include Utilities
 
-    attr_reader :ar
+    attr_reader :application_request
 
     # SoapBuilder creates the SOAP structure.
     def initialize(params)
-      @bank = params[:bank]
-      @private_key = params[:private_key]
-      @cert = params[:cert]
-      @command = params[:command]
-      @customer_id = params[:customer_id]
-      @environment = params[:environment]
-      @status = params[:status]
-      @target_id = params[:target_id]
-      @language = params[:language]
-      @file_type = params[:file_type]
-      @content = params[:content]
-      @file_reference = params[:file_reference]
-      @enc_cert = params[:enc_cert]
-      @header_template = load_header_template
-      @template = load_body_template SOAP_TEMPLATE_PATH
-      @ar = ApplicationRequest.new(params)
+      @bank                = params[:bank]
+      @cert                = params[:cert]
+      @command             = params[:command]
+      @content             = params[:content]
+      @customer_id         = params[:customer_id]
+      @enc_cert            = params[:enc_cert]
+      @environment         = params[:environment]
+      @file_reference      = params[:file_reference]
+      @file_type           = params[:file_type]
+      @language            = params[:language]
+      @private_key         = params[:private_key]
+      @status              = params[:status]
+      @target_id           = params[:target_id]
+
+      @application_request = ApplicationRequest.new params
+      @header_template     = load_header_template
+      @template            = load_body_template SOAP_TEMPLATE_PATH
 
       find_correct_bank_extension
     end
@@ -51,7 +52,7 @@ module Sepa
           inclusive_namespaces = nil, with_comments = false
         )
 
-        Base64.encode64(sha1.digest(canon_node)).gsub(/\s+/, "")
+        encode(sha1.digest(canon_node)).gsub(/\s+/, "")
       end
 
       def calculate_signature(doc, node)
@@ -64,7 +65,7 @@ module Sepa
         )
 
         signature = @private_key.sign(sha1, canon_signed_info_node)
-        Base64.encode64(signature).gsub(/\s+/, "")
+        encode(signature).gsub(/\s+/, "")
       end
 
       def load_header_template

data/lib/sepa/utilities.rb

@@ -4,12 +4,9 @@ module Sepa
     def calculate_digest(node)
       sha1 = OpenSSL::Digest::SHA1.new
 
-      canon_node = node.canonicalize(
-          mode = Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0,
-          inclusive_namespaces = nil, with_comments = false
-      )
+      canon_node = canonicalize_exclusively node
 
-      Base64.encode64(sha1.digest(canon_node)).gsub(/\s+/, "")
+      encode(sha1.digest(canon_node)).gsub(/\s+/, "")
     end
 
     # Takes a certificate, adds begin and end
@@ -17,9 +14,9 @@ module Sepa
     # can read it.
     def process_cert_value(cert_value)
       cert = "-----BEGIN CERTIFICATE-----\n"
-      cert += cert_value.to_s.gsub(/\s+/, "").scan(/.{1,64}/).join("\n")
-      cert += "\n"
-      cert + "-----END CERTIFICATE-----"
+      cert << cert_value.to_s.gsub(/\s+/, "").scan(/.{1,64}/).join("\n")
+      cert << "\n"
+      cert << "-----END CERTIFICATE-----"
     end
 
     def format_cert(cert)
@@ -47,18 +44,14 @@ module Sepa
     # Extracts a certificate from a document and return it as an OpenSSL X509 certificate
     # Return nil is the node cannot be found
     def extract_cert(doc, node, namespace)
-      return nil unless doc.respond_to? :at
-
       cert_raw = doc.at("xmlns|#{node}", 'xmlns' => namespace)
 
-      return nil if cert_raw.nil?
-
       cert_raw = cert_raw.content.gsub(/\s+/, "")
 
       cert = process_cert_value(cert_raw)
 
       begin
-        OpenSSL::X509::Certificate.new(cert)
+        x509_certificate(cert)
       rescue => e
         fail OpenSSL::X509::CertificateError,
              "The certificate could not be processed. It's most likely corrupted. OpenSSL had this to say: #{e}."
@@ -97,7 +90,7 @@ module Sepa
         fail ArgumentError
       end
 
-      Nokogiri::XML(File.open(path))
+      xml_doc(File.open(path))
     end
 
     # Checks that the certificate in the application response is signed with the
@@ -116,7 +109,7 @@ module Sepa
     end
 
     def hmac(pin, csr)
-      Base64.encode64(OpenSSL::HMAC.digest('sha1', pin, csr)).chop
+      encode(OpenSSL::HMAC.digest('sha1', pin, csr)).chop
     end
 
     def csr_to_binary(csr)
@@ -128,5 +121,27 @@ module Sepa
       content_node.canonicalize if content_node
     end
 
+    def xml_doc(value)
+      Nokogiri::XML value
+    end
+
+    def decode(value)
+      Base64.decode64 value
+    end
+
+    def canonicalize_exclusively(value)
+      value.canonicalize(mode = Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0,
+                         inclusive_namespaces = nil,
+                         with_comments = false)
+    end
+
+    def x509_certificate(value)
+      OpenSSL::X509::Certificate.new value
+    end
+
+    def encode(value)
+      Base64.encode64 value
+    end
+
   end
 end