sepafm 0.1.3 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ef6bfed9365908016a49c134f04b31270f2cd7c0
-  data.tar.gz: fad409e18066c845c6cc8c267d1d6f328c365f6a
+  metadata.gz: b12a4088afb4ab54adbbab5c077ffabed2637060
+  data.tar.gz: 677279058018c696a4f5e6d0b2e47a82527213ca
 SHA512:
-  metadata.gz: 0caa72426efa99e3baf93ad1cbdeb08ae742a99001de93068d48a8405a406eb3fb07eeb5ae69aa3b582f1af7c6a53f2a1153eca7d1c5b4b68c0798a217a4c082
-  data.tar.gz: 05e7942b179477e1742190c6160bf6270b8770fe1ee3e78ac5be7926d2d39464dc87b3b0ea570cb03d60653d19f4cd2b2593c31001f6be94de00f9ab7e14acf0
+  metadata.gz: 6ed8c28c79a852890cfaf17c34180cbfe2291800ff742215eb0e80c52b3ccb7ad00496499c3cc83b68407f1ce46febfd0aab4a4659d5a4e4d6392230020a54d0
+  data.tar.gz: ac504dbcb51ab54f63fdc72b991fbfb07aea8e5529fd280b1ef4d686faa3641751184910a988f38aab4bbc0e9ccfe8e825bfdfdb8a8c7365dc45ac04ec9c446f

data/lib/sepa/application_request.rb

@@ -154,7 +154,7 @@ module Sepa
         add_node_to_root(signature_node)
         add_value_to_signature('DigestValue', digest)
         add_value_to_signature('SignatureValue', calculate_signature)
-        add_value_to_signature('X509Certificate', format_cert(@signing_certificate))
+        add_value_to_signature('X509Certificate', format_cert(@own_signing_certificate))
       end
 
       def add_target_id_after(node)

data/lib/sepa/application_response.rb

@@ -6,10 +6,10 @@ module Sepa
     attr_reader :xml
 
     validate :response_must_validate_against_schema
-    validate :validate_document_format
 
-    def initialize(app_resp)
+    def initialize(app_resp, bank)
       @xml = app_resp
+      @bank = bank
     end
 
     def doc
@@ -33,14 +33,7 @@ module Sepa
 
     # Checks that the signature is signed with the private key of the certificate's public key.
     def signature_is_valid?
-      node = doc.at('xmlns|SignedInfo', 'xmlns' => DSIG)
-      node = node.canonicalize
-
-      signature = doc.at('xmlns|SignatureValue', 'xmlns' => DSIG).content
-      signature = decode(signature)
-
-      # Return true or false
-      certificate.public_key.verify(OpenSSL::Digest::SHA1.new, signature, node)
+      validate_signature(doc, certificate, :normal)
     end
 
     def to_s
@@ -51,13 +44,19 @@ module Sepa
       extract_cert(doc, 'X509Certificate', DSIG)
     end
 
-    private
-
-      def validate_document_format
-        unless doc.respond_to?(:canonicalize)
-          errors.add(:base, 'Document must be a valid XML file')
+    def certificate_is_trusted?
+      root_certificate =
+        case @bank
+        when :nordea
+          NORDEA_ROOT_CERTIFICATE
+        when :danske
+          DANSKE_ROOT_CERTIFICATE
         end
-      end
+
+      verify_certificate_against_root_certificate(certificate, root_certificate)
+    end
+
+    private
 
       def response_must_validate_against_schema
         check_validity_against_schema(doc, 'application_response.xsd')

data/lib/sepa/attribute_checks.rb

@@ -28,14 +28,14 @@ module Sepa
       end
 
       begin
-        OpenSSL::X509::Certificate.new signing_certificate
+        x509_certificate own_signing_certificate
       rescue
-        errors.add(:signing_certificate, "Invalid signing certificate")
+        errors.add(:own_signing_certificate, "Invalid signing certificate")
       end
     end
 
     def check_signing_csr
-      return unless command == :create_certificate
+      return unless [:get_certificate, :create_certificate].include? command
 
       unless cert_request_valid?(signing_csr)
         errors.add(:signing_csr, SIGNING_CERT_REQUEST_ERROR_MESSAGE)
@@ -50,22 +50,10 @@ module Sepa
       end
     end
 
-    def check_wsdl
-      return unless wsdl.present?
-
-      xsd = Nokogiri::XML::Schema(File.read(SCHEMA_FILE))
-      wsdl_file = File.read(wsdl)
-      xml = Nokogiri::XML(wsdl_file)
-
-      unless xsd.valid?(xml)
-        errors.add(:wsdl, "Invalid wsdl file")
-      end
-    end
-
     def check_file_type
       return unless [:upload_file, :download_file_list, :download_file].include? command
 
-      if file_type.nil? || file_type.size > 35
+      unless file_type && file_type.respond_to?(:size) && file_type.size < 35
         errors.add(:file_type, FILE_TYPE_ERROR_MESSAGE)
       end
     end
@@ -83,7 +71,7 @@ module Sepa
     end
 
     def check_presence_and_length(attribute, length, error_message)
-      if send(attribute).nil? || send(attribute).size > length
+      unless send(attribute) && send(attribute).respond_to?(:size) && send(attribute).size < length
         errors.add(attribute, error_message)
       end
     end
@@ -91,13 +79,13 @@ module Sepa
     def check_content
       return unless command == :upload_file
 
-      errors.add(:content, CONTENT_ERROR_MESSAGE) if content.nil?
+      errors.add(:content, CONTENT_ERROR_MESSAGE) unless content && content.respond_to?(:length)
     end
 
     def check_pin
-      return unless command == :create_certificate
+      return unless [:create_certificate, :get_certificate].include? command
 
-      check_presence_and_length(:pin, 10, PIN_ERROR_MESSAGE)
+      check_presence_and_length(:pin, 20, PIN_ERROR_MESSAGE)
     end
 
     def check_environment
@@ -109,7 +97,7 @@ module Sepa
     end
 
     def check_customer_id
-      unless customer_id && customer_id.length.between?(1, 16)
+      unless customer_id && customer_id.respond_to?(:length) && customer_id.length.between?(1, 16)
         errors.add(:customer_id, CUSTOMER_ID_ERROR_MESSAGE)
       end
     end
@@ -118,7 +106,14 @@ module Sepa
       return unless bank == :danske
       return if command == :get_bank_certificate
 
-      errors.add(:encryption_certificate, ENCRYPTION_CERT_ERROR_MESSAGE) unless encryption_certificate
+      unless bank_encryption_certificate
+        return errors.add(:bank_encryption_certificate, ENCRYPTION_CERT_ERROR_MESSAGE)
+      end
+
+      x509_certificate bank_encryption_certificate
+
+    rescue
+      errors.add(:bank_encryption_certificate, ENCRYPTION_CERT_ERROR_MESSAGE)
     end
 
     def check_status
@@ -132,9 +127,7 @@ module Sepa
     def check_file_reference
       return unless command == :download_file
 
-      unless file_reference && file_reference.length <= 32
-        errors.add :file_reference, FILE_REFERENCE_ERROR_MESSAGE
-      end
+      check_presence_and_length :file_reference, 33, FILE_REFERENCE_ERROR_MESSAGE
     end
 
     def check_encryption_private_key

data/lib/sepa/banks/danske/danske_response.rb

@@ -1,6 +1,9 @@
 module Sepa
   class DanskeResponse < Response
 
+    validate :valid_get_bank_certificate_response
+    validate :can_be_decrypted_with_given_key
+
     def application_response
       @application_response ||= decrypt_application_response
     end
@@ -46,27 +49,40 @@ module Sepa
         @certificate ||= begin
           extract_cert(doc, 'X509Certificate', DSIG)
         end
+      else
+        super
       end
     end
 
+    def response_code
+      return super unless [:get_bank_certificate, :create_certificate].include? @command
+
+      node = doc.at('xmlns|ReturnCode', xmlns: DANSKE_PKI)
+      node.content if node
+    end
+
+    def certificate_is_trusted?
+      return true if @command == :get_bank_certificate
+
+      verify_certificate_against_root_certificate(certificate, DANSKE_ROOT_CERTIFICATE)
+    end
+
     private
 
       def find_node_by_uri(uri)
-        node = doc.at("[xml|id='#{uri}']")
+        return super unless [:get_bank_certificate, :create_certificate].include? @command
+
+        node = doc.at("[xml|id='#{uri}']").clone
         node.at('xmlns|Signature', xmlns: DSIG).remove
         node
       end
 
       def decrypt_application_response
-        encrypted_application_response = extract_application_response(BXD)
-        encrypted_application_response = xml_doc encrypted_application_response
-        enc_key = encrypted_application_response.css('CipherValue', 'xmlns' => XMLENC)[0].content
-        enc_key = decode enc_key
-        key = @encryption_private_key.private_decrypt(enc_key)
+        key = decrypt_embedded_key
 
         encypted_data = encrypted_application_response
-                        .css('CipherValue', 'xmlns' => XMLENC)[1]
-                        .content
+        .css('CipherValue', 'xmlns' => XMLENC)[1]
+        .content
 
         encypted_data = decode encypted_data
         iv = encypted_data[0, 8]
@@ -80,5 +96,46 @@ module Sepa
         decipher.update(encypted_data) + decipher.final
       end
 
+      def valid_get_bank_certificate_response
+        return unless @command == :get_bank_certificate
+
+        if doc.at('xmlns|PKIFactoryServiceFault', xmlns: DANSKE_PKIF)
+          errors.add(:base, "Did not get a proper response when trying to get bank's certificates")
+        end
+      end
+
+      def encrypted_application_response
+        @encrypted_application_response ||= begin
+          encrypted_application_response = extract_application_response(BXD)
+          xml_doc encrypted_application_response
+        end
+      end
+
+      def can_be_decrypted_with_given_key
+        return if [:get_bank_certificate, :create_certificate].include? @command
+        return unless encrypted_application_response.css('CipherValue', 'xmlns' => XMLENC)[0]
+
+        unless decrypt_embedded_key
+          errors.add(:encryption_private_key, DECRYPTION_ERROR_MESSAGE)
+        end
+      end
+
+      def decrypt_embedded_key
+        enc_key = encrypted_application_response.css('CipherValue', 'xmlns' => XMLENC)[0].content
+        enc_key = decode enc_key
+        @encryption_private_key.private_decrypt(enc_key)
+
+      rescue OpenSSL::PKey::RSAError
+        nil
+      end
+
+      def verify_signature
+        super unless [:get_bank_certificate, :create_certificate].include? @command
+      end
+
+      def validate_hashes
+        super unless [:get_bank_certificate, :create_certificate].include? @command
+      end
+
   end
 end

data/lib/sepa/banks/danske/soap_danske.rb

@@ -15,7 +15,7 @@ module Sepa
       end
 
       def encrypt_application_request
-        encryption_certificate = OpenSSL::X509::Certificate.new(@encryption_certificate)
+        encryption_certificate = x509_certificate(@bank_encryption_certificate)
         encryption_public_key = encryption_certificate.public_key
         encryption_certificate = format_cert(encryption_certificate)
         encrypted_application_request, key = encrypt_ar

data/lib/sepa/banks/nordea/nordea_response.rb

@@ -14,5 +14,16 @@ module Sepa
       cert.to_s
     end
 
+    def response_code
+      return super unless command == :get_certificate
+
+      node = doc.at('xmlns|ResponseCode', xmlns: NORDEA_PKI)
+      node.content if node
+    end
+
+    def certificate_is_trusted?
+      verify_certificate_against_root_certificate(certificate, NORDEA_ROOT_CERTIFICATE)
+    end
+
   end
 end

data/lib/sepa/certificates/danske_root_certificate.cer

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIEQjoxcjANBgkqhkiG9w0BAQsFADCBmDEQMA4GA1UEAxMH
+REJHUk9PVDELMAkGA1UEBhMCREsxEzARBgNVBAcTCkNvcGVuaGFnZW4xEDAOBgNV
+BAgTB0Rlbm1hcmsxGjAYBgNVBAoTEURhbnNrZSBCYW5rIEdyb3VwMRowGAYDVQQL
+ExFEYW5za2UgQmFuayBHcm91cDEYMBYGA1UEBRMPNjExMjYyMjgxMTEwMDAyMB4X
+DTEwMTAyNzAwMDAwMFoXDTIwMTAyNzAwMDAwMFowgZgxEDAOBgNVBAMTB0RCR1JP
+T1QxCzAJBgNVBAYTAkRLMRMwEQYDVQQHEwpDb3BlbmhhZ2VuMRAwDgYDVQQIEwdE
+ZW5tYXJrMRowGAYDVQQKExFEYW5za2UgQmFuayBHcm91cDEaMBgGA1UECxMRRGFu
+c2tlIEJhbmsgR3JvdXAxGDAWBgNVBAUTDzYxMTI2MjI4MTExMDAwMjCCASAwDQYJ
+KoZIhvcNAQEBBQADggENADCCAQgCggEBAKWRtTRCXNEn5Hj+tA0vVg8VKUi/HnFg
+ioZW/eyaF4gWvR4PNXXJJOS31VNHnb2SQHPLt3ac+5icH7vLu/OtS5rvnDiDFMg+
+TomVDrur6RtlsZNLnihZiaSaooI49+ERTz6vcCjST7xbfhmC03LUhE8eBKI1U70c
+x/lQ55UQKZvIAIbCVaZEks95VS4uJpwnU4M8glNIVGSvJhIUj/LIkSIcqBiryq/t
+9FRVtRl1gVhwKdi8A5O9hp4t3dBIdOanaup2UEL4lp7izzgt2rkMeuyQ1ZjHsN7L
+mDsfjoFcYx/8CID9LBwRCN2p+YCuoWUjuorrdU/2eit2lNh6ypiF6WECAQOjgZAw
+gY0wHQYDVR0OBBYEFIT65b/ekUlm38WKUsOzt7MgHMdtMA4GA1UdDwEB/wQEAwIB
+BjASBgNVHRMBAf8ECDAGAQH/AgEBMEgGA1UdHwRBMD8wPaA7oDmGN2h0dHA6Ly9v
+bmxpbmUuZGFuc2tlYmFuay5jb20vcGtpL0RCR1JPT1RfMTExMTExMDAwMi5jcmww
+DQYJKoZIhvcNAQELBQADggEBAFjnBPCos7jMMLc3FqyQUMt/HJGKgJDrhYiPZBo9
+njGkH52Urryqw1sbT3wXA1NuzbjHE3xTUD+5jNPCncYqML9xqQjSQkBcb9eJfHZ+
+asiclsO38cSn2qriJPIrCREPOpRVqrGQRbZQhmDiB198hpAdLp38khJon/gXbR7u
+9e0rN8MIM4sXn+lFuQIWiPuv+3llGSoLlIxJnjiQQ9FDjhwN5U+N1N2aHaLc5AHu
+4X/qRutLCy7AYUJZMPBoakPLscYceW2Ztvx4VAyOXgHDdvmz0Bd58XWOs1A9bNMZ
+FeYAB14D9yQRCkXYLhr6sm8HuyqaIkGChFpNb+Gf8gcPvtw=
+-----END CERTIFICATE-----

data/lib/sepa/client.rb

@@ -17,10 +17,10 @@ module Sepa
                   :status,
                   :pin,
                   :signing_private_key,
-                  :signing_certificate,
+                  :own_signing_certificate,
                   :signing_csr,
                   :encryption_private_key,
-                  :encryption_certificate,
+                  :bank_encryption_certificate,
                   :encryption_csr
 
     BANKS = [:nordea, :danske]
@@ -39,7 +39,6 @@ module Sepa
     validate :check_content
     validate :check_pin
     validate :check_command
-    validate :check_wsdl
     validate :check_keys
     validate :check_encryption_certificate
     validate :check_encryption_cert_request
@@ -63,6 +62,8 @@ module Sepa
     end
 
     def environment=(value)
+      return unless value.respond_to? :downcase
+
       @environment = value.downcase.to_sym
     end
 
@@ -79,6 +80,7 @@ module Sepa
       client = Savon.client(wsdl: wsdl)
 
       begin
+        error = nil
         response = client.call(command, xml: soap)
         response &&= response.to_xml
       rescue Savon::Error => e
@@ -86,19 +88,7 @@ module Sepa
         error = e.to_s
       end
 
-      options = {
-        response: response,
-        error: error,
-        command: command
-      }
-      options[:encryption_private_key] = rsa_key(encryption_private_key) if encryption_private_key
-
-      case bank
-      when :nordea
-        NordeaResponse.new options
-      when :danske
-        DanskeResponse.new options
-      end
+      initialize_response(error, response)
     end
 
     private
@@ -125,24 +115,40 @@ module Sepa
       # Returns path to WSDL file
       def wsdl
         case bank
-          when :nordea
-            if command == :get_certificate
-              file = "wsdl_nordea_cert.xml"
-            else
-              file = "wsdl_nordea.xml"
-            end
-          when :danske
-            if [:get_bank_certificate, :create_certificate].include? command
-              file = "wsdl_danske_cert.xml"
-            else
-              file = "wsdl_danske.xml"
-            end
+        when :nordea
+          if command == :get_certificate
+            file = "wsdl_nordea_cert.xml"
+          else
+            file = "wsdl_nordea.xml"
+          end
+        when :danske
+          if [:get_bank_certificate, :create_certificate].include? command
+            file = "wsdl_danske_cert.xml"
           else
-            return nil
+            file = "wsdl_danske.xml"
+          end
         end
 
         "#{WSDL_PATH}/#{file}"
       end
 
+      def initialize_response(error, response)
+        options = {
+          response: response,
+          error: error,
+          command: command
+        }
+        if encryption_private_key && !encryption_private_key.empty?
+          options[:encryption_private_key] = rsa_key(encryption_private_key)
+        end
+
+        case bank
+        when :nordea
+          NordeaResponse.new options
+        when :danske
+          DanskeResponse.new options
+        end
+      end
+
   end
 end

data/lib/sepa/error_messages.rb

@@ -12,5 +12,16 @@ module Sepa
     STATUS_ERROR_MESSAGE = 'Status is required for this command and must be either NEW, DOWNLOADED or ALL'
     FILE_REFERENCE_ERROR_MESSAGE = 'File reference is required for this command and must be under 33 characters'
     ENCRYPTION_PRIVATE_KEY_ERROR_MESSAGE = 'Encryption private key is needed for this bank and this command'
+    NOT_OK_RESPONSE_CODE_ERROR_MESSAGE = 'The response from the bank suggested there was ' \
+    'something wrong with your request, check your parameters and try again'
+
+    DECRYPTION_ERROR_MESSAGE = 'The response could not be decrypted with the private key ' \
+    'that you gave. Check that the key is the private key of your own encryption certificate'
+
+    HASH_ERROR_MESSAGE = 'The hashes in the response did not match which means that the data in ' \
+    'the response is not intact'
+
+    SIGNATURE_ERROR_MESSAGE = 'The signature in the response did not verify and the response ' \
+    'cannot be trusted'
   end
 end

data/lib/sepa/response.rb

@@ -2,13 +2,16 @@ module Sepa
   class Response
     include ActiveModel::Validations
     include Utilities
+    include ErrorMessages
 
     attr_reader :soap, :error, :command
 
-    validates :soap, presence: true
-    validate  :validate_document_format
     validate  :document_must_validate_against_schema
     validate  :client_errors
+    validate  :response_code_is_ok
+    validate  :validate_hashes
+    validate  :verify_signature
+    validate  :verify_certificate
 
     def initialize(hash = {})
       @soap = hash[:response]
@@ -41,7 +44,7 @@ module Sepa
       end
 
       if options[:verbose]
-        puts "These digests failed to verify: #{unverified_digests}."
+        puts "These digests failed to verify: #{unverified_digests}"
       end
 
       false
@@ -50,15 +53,7 @@ module Sepa
     # Verifies the signature by extracting the public key from the certificate
     # embedded in the soap header and verifying the signature value with that.
     def signature_is_valid?
-      node = doc.at('xmlns|SignedInfo', xmlns: DSIG)
-
-      node = canonicalize_exclusively node
-
-      signature = doc.at('xmlns|SignatureValue', xmlns: DSIG).content
-
-      signature = decode(signature)
-
-      certificate.public_key.verify(OpenSSL::Digest::SHA1.new, signature, node)
+      validate_signature(doc, certificate, :exclusive)
     end
 
     # Gets the application response from the response as an xml document
@@ -121,6 +116,11 @@ module Sepa
 
     def ca_certificate; end
 
+    def response_code
+      node = doc.at('xmlns|ResponseCode', xmlns: BXD)
+      node.content if node
+    end
+
     private
 
       # Finds all reference nodes with digest values in the document and returns
@@ -154,21 +154,17 @@ module Sepa
         nodes
       end
 
-      def validate_document_format
-        unless doc.respond_to?(:canonicalize)
-          errors.add(:base, 'Document must be a valid XML file')
-        end
-      end
-
       def document_must_validate_against_schema
-        return if command.to_sym == :get_bank_certificate
+        return if @error || command.to_sym == :get_bank_certificate
 
         check_validity_against_schema(doc, 'soap.xsd')
       end
 
       def extract_application_response(namespace)
         ar_node = doc.at('xmlns|ApplicationResponse', xmlns: namespace)
-        decode(ar_node.content)
+        if ar_node
+          decode(ar_node.content)
+        end
       end
 
       def client_errors
@@ -180,5 +176,31 @@ module Sepa
         doc.at("[xmlns|Id='#{uri}']", xmlns: OASIS_UTILITY)
       end
 
+      def response_code_is_ok
+        return if @error
+
+        unless %w(00 24).include? response_code
+          errors.add(:base, NOT_OK_RESPONSE_CODE_ERROR_MESSAGE)
+        end
+      end
+
+      def validate_hashes
+        unless hashes_match?
+          errors.add(:base, HASH_ERROR_MESSAGE)
+        end
+      end
+
+      def verify_signature
+        unless signature_is_valid?
+          errors.add(:base, SIGNATURE_ERROR_MESSAGE)
+        end
+      end
+
+      def verify_certificate
+        unless certificate_is_trusted?
+          errors.add(:base, 'The certificate in the response is not trusted')
+        end
+      end
+
   end
 end

data/lib/sepa/soap_builder.rb

@@ -6,23 +6,23 @@ module Sepa
 
     # SoapBuilder creates the SOAP structure.
     def initialize(params)
-      @bank                   = params[:bank]
-      @signing_certificate    = params[:signing_certificate]
-      @command                = params[:command]
-      @content                = params[:content]
-      @customer_id            = params[:customer_id]
-      @encryption_certificate = params[:encryption_certificate]
-      @environment            = params[:environment]
-      @file_reference         = params[:file_reference]
-      @file_type              = params[:file_type]
-      @language               = params[:language]
-      @signing_private_key    = params[:signing_private_key]
-      @status                 = params[:status]
-      @target_id              = params[:target_id]
-
-      @application_request    = ApplicationRequest.new params
-      @header_template        = load_header_template
-      @template               = load_body_template SOAP_TEMPLATE_PATH
+      @bank                        = params[:bank]
+      @own_signing_certificate     = params[:own_signing_certificate]
+      @command                     = params[:command]
+      @content                     = params[:content]
+      @customer_id                 = params[:customer_id]
+      @bank_encryption_certificate = params[:bank_encryption_certificate]
+      @environment                 = params[:environment]
+      @file_reference              = params[:file_reference]
+      @file_type                   = params[:file_type]
+      @language                    = params[:language]
+      @signing_private_key         = params[:signing_private_key]
+      @status                      = params[:status]
+      @target_id                   = params[:target_id]
+
+      @application_request         = ApplicationRequest.new params
+      @header_template             = load_header_template
+      @template                    = load_body_template SOAP_TEMPLATE_PATH
 
       find_correct_bank_extension
     end
@@ -89,13 +89,13 @@ module Sepa
         set_node(@header_template, 'wsu|Created', iso_time)
         set_node(@header_template, 'wsu|Expires', (Time.now.utc + 300).iso8601)
 
-        timestamp_id = set_timestamp_id
+        timestamp_id = set_node_id(@header_template, OASIS_UTILITY, 'Timestamp', 0)
 
         timestamp_digest = calculate_digest(@header_template, 'wsu|Timestamp')
         dsig = "dsig|Reference[URI='##{timestamp_id}'] dsig|DigestValue"
         set_node(@header_template, dsig, timestamp_digest)
 
-        body_id = set_body_id
+        body_id = set_node_id(@template, ENVELOPE, 'Body', 1)
 
         body_digest = calculate_digest(@template, 'env|Body')
         dsig = "dsig|Reference[URI='##{body_id}'] dsig|DigestValue"
@@ -104,7 +104,7 @@ module Sepa
         signature = calculate_signature(@header_template, 'dsig|SignedInfo')
         set_node(@header_template, 'dsig|SignatureValue', signature)
 
-        formatted_cert = format_cert(@signing_certificate)
+        formatted_cert = format_cert(@own_signing_certificate)
         set_node(@header_template, 'wsse|BinarySecurityToken', formatted_cert)
       end
 
@@ -115,23 +115,5 @@ module Sepa
         @header_template.at('wsse|Reference')['URI'] = "##{security_token_id}"
       end
 
-      def set_timestamp_id
-        timestamp_id = "timestamp-#{SecureRandom.uuid}"
-
-        @header_template.at('wsu|Timestamp')['wsu:Id'] = timestamp_id
-        @header_template.css('dsig|Reference')[0]['URI'] = "##{timestamp_id}"
-
-        timestamp_id
-      end
-
-      def set_body_id
-        body_id = "body-#{SecureRandom.uuid}"
-
-        @template.at('env|Body')['wsu:Id'] = body_id
-        @header_template.css('dsig|Reference')[1]['URI'] = "##{body_id}"
-
-        body_id
-      end
-
   end
 end