sepafm 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3aefe6a38ae84af5717876529a623911ba878fe7
-  data.tar.gz: 6e7f6f900978fd42a02153d04ed834e964206ca7
+  metadata.gz: 6baff59782f24a508d2560a71b776fcb5374d598
+  data.tar.gz: 85b220374605d706461e301fc477574481635e31
 SHA512:
-  metadata.gz: 2fb3932511a5c24d1be39e4afa01f332a668c9732255f1446b5fea72fad6756408b6d435dbddfde78bc500c2d18ee865c0b93a6a904f616681c3cf54765683c2
-  data.tar.gz: 17b9b9ce641d796520d5c023b077daaadd181c2dc64b4678fc51d10b7c03f2619da95cb3fd26cc9fa32a0a7a8026a4cd48968b5e1e05a7d456f2d2f24a71be49
+  metadata.gz: 38454e6cac847fa6e23de5785b3e2db8c134a486ac8d124b8ca0b5e8f12c24b6a3bc4181541de0dad43135430d7a15c51cf16b0e76821d8ad3d0fbfde75489f0
+  data.tar.gz: de324888c9ea1b78f817b688ffbffacc11bcc4f1496cc3a9e48f22d2955e8db07aa02b0b356ca4ed7844b9e875e95e51bba71ed992faaa35ba8907f6c37aa5b1

data/.gitignore

@@ -17,3 +17,9 @@ Gemfile.lock
 .ruby-version
 
 /.env
+
+# Test client
+/test_client/data/certs.rb
+/test_client/data/params.rb
+/test_client/data/payload.xml
+/test_client/log/

data/.travis.yml

@@ -1,6 +1,6 @@
 language: ruby
+sudo: false
 rvm:
-- 2.0.0
 - 2.1.7
 - 2.2.3
 notifications:

data/lib/sepa/application_request.rb

@@ -80,27 +80,16 @@ module Sepa
 
       # Determines which content setting method to call depending on {#command}
       def set_nodes_contents
-        case @command
-        when :create_certificate
-          set_create_certificate_nodes
-        when :get_certificate
-          set_get_certificate_nodes
-        when :download_file_list
-          set_download_file_list_nodes
-        when :download_file
-          set_download_file_nodes
-        when :upload_file
-          set_upload_file_nodes
-        when :get_bank_certificate
-          set_get_bank_certificate_nodes
-        end
+        method = "set_#{@command}_nodes"
+
+        send(method) if self.class.private_method_defined? method
       end
 
       # Sets nodes' values for download file request
       def set_download_file_nodes
         add_target_id_after 'FileReferences'
         set_node("Status", @status)
-        set_node("FileType", @file_type)
+        add_node_to_root 'FileType', content: @file_type if @file_type.present?
         set_node("FileReference", @file_reference)
       end
 
@@ -129,17 +118,20 @@ module Sepa
       def set_download_file_list_nodes
         add_target_id_after 'Environment'
         set_node("Status", @status)
-        set_node("FileType", @file_type)
+        add_node_to_root 'FileType', content: @file_type if @file_type.present?
       end
 
-      # Sets nodes' contents for Nordea's get certificate request
-      #
-      # @todo Raise error if {#bank} is other than Nordea like in {#set_get_bank_certificate_nodes}
-      # @todo Check further into what service actually is
+      # Sets nodes' contents for Nordea's and OP's get certificate request
       def set_get_certificate_nodes
-        set_node("Service", '')
-        set_node("Content", format_cert_request(@signing_csr))
-        set_node("HMAC", hmac(@pin, csr_to_binary(@signing_csr)))
+        set_node "Service", "MATU" if @bank == :op
+        set_node "TransferKey", @pin if @bank == :op
+        set_node "HMAC", hmac(@pin, csr_to_binary(@signing_csr)) if @bank == :nordea
+        set_node "Content", format_cert_request(@signing_csr)
+      end
+
+      # Sets nodes' contents for OP's get service certificates request
+      def set_service_certificates_nodes
+        set_node("Service", "MATU")
       end
 
       # Sets nodes' contents for Danske Bank's create certificate request. Environment is set to
@@ -182,11 +174,15 @@ module Sepa
         @application_request.at_css("xmlns|#{node}", 'xmlns' => xmlns).remove
       end
 
-      # Adds node to the root of the application request
-      #
-      # @todo Move to {Utilities} and move document to parameters
-      def add_node_to_root(node)
-        @application_request.root.add_child(node)
+      # Adds node to the root of the application request and content to it if specified
+      def add_node_to_root(node, content: nil)
+        unless node.is_a? Nokogiri::XML::Node
+          node = Nokogiri::XML::Node.new node, @application_request
+        end
+
+        @application_request.root.add_child node
+
+        set_node(node.name, content) if content
       end
 
       # Calculates the digest of {#application_request}
@@ -228,9 +224,12 @@ module Sepa
       # {#own_signing_certificate} to the signature node.
       def process_signature
         # No signature for Certificate Requests
-        return if @command == :get_certificate
-        return if @command == :get_bank_certificate
-        return if @command == :create_certificate
+        return if %i(
+          create_certificate
+          get_bank_certificate
+          get_certificate
+          get_service_certificates
+        ).include? @command
 
         signature_node = remove_node('Signature', 'http://www.w3.org/2000/09/xmldsig#')
         digest = calculate_digest

data/lib/sepa/attribute_checks.rb

@@ -11,10 +11,22 @@ module Sepa
     def allowed_commands
       case bank
       when :nordea
-        [:get_certificate, :get_user_info, :download_file_list, :download_file, :upload_file]
+        STANDARD_COMMANDS +
+        %i(get_certificate)
       when :danske
-        [:get_bank_certificate, :download_file_list, :download_file,
-         :upload_file, :create_certificate]
+        STANDARD_COMMANDS -
+        %i(get_user_info) +
+        %i(
+          create_certificate
+          get_bank_certificate
+         )
+      when :op
+        STANDARD_COMMANDS -
+        %i(get_user_info) +
+        %i(
+          get_certificate
+          get_service_certificates
+         )
       else
         []
       end
@@ -27,7 +39,12 @@ module Sepa
 
     # Checks that signing keys and certificates can be initialized properly.
     def check_keys
-      return if [:get_certificate, :get_bank_certificate, :create_certificate].include? command
+      return if %i(
+        create_certificate
+        get_bank_certificate
+        get_certificate
+        get_service_certificates
+      ).include? command
 
       begin
         rsa_key signing_private_key
@@ -62,22 +79,34 @@ module Sepa
 
     # Checks that {Client#file_type} is proper
     def check_file_type
-      return unless [:upload_file, :download_file_list, :download_file].include? command
-
-      unless file_type && file_type.respond_to?(:size) && file_type.size < 35
-        errors.add(:file_type, FILE_TYPE_ERROR_MESSAGE)
+      if file_type.present?
+        valid = file_type.size < 35
+      else
+        return if bank == :op && %i(download_file
+                                  download_file_list).include?(command)
+
+        valid = !(%i(
+          download_file
+          download_file_list
+          upload_file
+        ).include? command)
       end
+
+      errors.add(:file_type, FILE_TYPE_ERROR_MESSAGE) unless valid
     end
 
     # Checks that {Client#target_id} is valid.
     def check_target_id
-      return if [:get_user_info,
-                 :get_certificate,
-                 :create_certificate,
-                 :get_bank_certificate].include? command
-
-      # Danske Bank does not use target_id
-      return if bank == :danske
+      return if %i(
+          create_certificate
+          get_bank_certificate
+          get_certificate
+          get_user_info
+        ).include?(command) ||
+        %i(
+          danske
+          op
+        ).include?(bank)
 
       check_presence_and_length(:target_id, 80, TARGET_ID_ERROR_MESSAGE)
     end

data/lib/sepa/banks/danske/danske_response.rb

@@ -106,6 +106,27 @@ module Sepa
       return super unless [:get_bank_certificate, :create_certificate].include? @command
 
       node = doc.at('xmlns|ReturnCode', xmlns: DANSKE_PKI)
+      node = doc.at('xmlns|ReturnCode', xmlns: DANSKE_PKIF) unless node
+
+      node.content if node
+    end
+
+    # Extract response text from the response. Overrides super method when {#command} is
+    # `:get_bank_certificate` or `:create_certificate` because response text node is named
+    # differently in those responses.
+    #
+    # @return [String] if response text is found
+    # @return [nil] if response text cannot be found
+    # @see Response#response_text
+    def response_text
+      return super unless %i(
+          create_certificate
+          get_bank_certificate
+        ).include? @command
+
+      node = doc.at('xmlns|ReturnText', xmlns: DANSKE_PKI)
+      node = doc.at('xmlns|ReturnText', xmlns: DANSKE_PKIF) unless node
+
       node.content if node
     end
 

data/lib/sepa/banks/danske/soap_danske.rb

@@ -1,5 +1,5 @@
 module Sepa
-  
+
   # Contains Danske Bank specific soap building functionality
   module DanskeSoapRequest
 
@@ -85,21 +85,6 @@ module Sepa
         ar
       end
 
-      # Sets contents for generic request's nodes. Generic requests are:
-      # * Upload file
-      # * Download file
-      # * Download file list
-      #
-      # @todo make ReceiverId dynamic
-      def set_generic_request_contents
-        set_node(@template, 'bxd|SenderId', @customer_id)
-        set_node(@template, 'bxd|RequestId', request_id)
-        set_node(@template, 'bxd|Timestamp', iso_time)
-        set_node(@template, 'bxd|Language', @language)
-        set_node(@template, 'bxd|UserAgent', "Sepa Transfer Library version " + VERSION)
-        set_node(@template, 'bxd|ReceiverId', "DABAFIHH")
-      end
-
       # Sets contents for create certificate requests.
       #
       # @todo rename
@@ -132,7 +117,8 @@ module Sepa
       #
       # @return [Nokogiri::XML] the complete soap
       def build_danske_generic_request
-        set_generic_request_contents
+        common_set_body_contents
+        set_receiver_id
         encrypted_request = encrypt_application_request
         add_encrypted_generic_request_to_soap(encrypted_request)
 
@@ -204,10 +190,13 @@ module Sepa
       # Generates a random 10-character request id for Danske Bank's requests.
       #
       # @return [String] 10-character hexnumeric request id
-      # @todo move to utilities
       def request_id
         SecureRandom.hex(5)
       end
 
+      def set_receiver_id
+        set_node(@template, 'bxd|ReceiverId', 'DABAFIHH')
+      end
+
   end
 end

data/lib/sepa/banks/nordea/nordea_response.rb

@@ -33,6 +33,19 @@ module Sepa
       node.content if node
     end
 
+    # Returns the response text in the response. Overrides {Response#response_text} if {#command} is
+    # `:get_certificate`, because the namespace is different with that command.
+    #
+    # @return [String] response text if it is found
+    # @return [nil] if response text cannot be found
+    # @see Response#response_text
+    def response_text
+      return super unless command == :get_certificate
+
+      node = doc.at('xmlns|ResponseText', xmlns: NORDEA_PKI)
+      node.content if node
+    end
+
     # Checks whether the certificate embedded in the response soap has been signed with Nordea's
     # root certificate.
     #

data/lib/sepa/banks/nordea/soap_nordea.rb

@@ -1,74 +1,14 @@
 module Sepa
-
   # Contains Nordea specific soap building functionality
   module NordeaSoapRequest
-
     private
 
-      # Determines which soap request to build based on command. Certificate requests are built
-      # differently than generic requests.
-      #
-      # @return [Nokogiri::XML] the soap as a nokogiri document
-      def find_correct_build
-        case @command
-        when :get_certificate
-          build_certificate_request
-        when :get_user_info, :download_file_list, :download_file, :upload_file
-          build_common_request
-        end
-      end
-
-      # Sets contents for certificate request
-      #
-      # @return [Nokogiri::XML] the template with contents added to it
-      def build_certificate_request
-        set_body_contents
-      end
-
-      # Sets soap body contents. Application request is base64 encoded here.
-      #
-      # @return [Nokogiri::XML] the soap with contents added to it
-      # @todo rename, because apparently only sets certificate contents
-      def set_body_contents
-        set_node(@template, 'cer|ApplicationRequest', @application_request.to_base64)
-        set_node(@template, 'cer|SenderId', @customer_id)
-        set_node(@template, 'cer|RequestId', request_id)
-        set_node(@template, 'cer|Timestamp', iso_time)
-
-        @template
-      end
-
-      # Builds generic request which is a request made with commands:
-      # * Get User Info
-      # * Download File
-      # * Download File List
-      # * Upload File
-      #
-      # @return [Nokogiri::XML] the generic request soap
-      def build_common_request
-        common_set_body_contents
-        process_header
-        add_body_to_header
-      end
-
-      # Sets nodes for generic requests, application request is base64 encoded here.
-      def common_set_body_contents
-        set_node(@template, 'bxd|ApplicationRequest', @application_request.to_base64)
-        set_node(@template, 'bxd|SenderId', @customer_id)
-        set_node(@template, 'bxd|RequestId', request_id)
-        set_node(@template, 'bxd|Timestamp', iso_time)
-        set_node(@template, 'bxd|Language', @language)
-        set_node(@template, 'bxd|UserAgent', "Sepa Transfer Library version #{VERSION}")
+      def set_receiver_id
         set_node(@template, 'bxd|ReceiverId', @target_id)
       end
 
-      # Generates a random request id for Nordea request
-      #
-      # @return [String] hexnumeric request id
-      # @todo move to utilities
-      def request_id
-        SecureRandom.hex(17)
+      def cert_ns
+        NORDEA_PKI
       end
-
   end
 end

data/lib/sepa/banks/op/op_response.rb

@@ -0,0 +1,76 @@
+module Sepa
+  # Handles OP specific response logic. Mainly certificate specific stuff.
+  class OpResponse < Response
+    include Utilities
+
+    # Extracts own signing certificate from the response.
+    #
+    # @return [String] own signing certificate as string it it is found
+    # @return [nil] if the certificate cannot be found
+    def own_signing_certificate
+      application_response = extract_application_response(OP_PKI)
+      at                   = 'xmlns|Certificate > xmlns|Certificate'
+      node                 = Nokogiri::XML(application_response).at(at, xmlns: OP_XML_DATA)
+
+      return unless node
+
+      cert_value = process_cert_value node.content
+      cert       = x509_certificate cert_value
+      cert.to_s
+    end
+
+    # Returns the response code in the response. Overrides {Response#response_code} if {#command} is
+    # `:get_certificate`, because the namespace is different with that command.
+    #
+    # @return [String] response code if it is found
+    # @return [nil] if response code cannot be found
+    # @see Response#response_code
+    def response_code
+      return super unless %i(
+        get_certificate
+        get_service_certificates
+      ).include? command
+
+      node = doc.at('xmlns|ResponseCode', xmlns: OP_PKI)
+      node.content if node
+    end
+
+    # Returns the response text in the response. Overrides {Response#response_text} if {#command} is
+    # `:get_certificate`, because the namespace is different with that command.
+    #
+    # @return [String] response text if it is found
+    # @return [nil] if response text cannot be found
+    # @see Response#response_text
+    def response_text
+      return super unless %i(
+        get_certificate
+        get_service_certificates
+      ).include? command
+
+      node = doc.at('xmlns|ResponseText', xmlns: OP_PKI)
+      node.content if node
+    end
+
+    # Checks whether the certificate embedded in the response soap has been signed with OP's
+    # root certificate. The check is skipped in test environment, because a different root
+    # certificate is used
+    #
+    # @return [true] if certificate is trusted
+    # @return [false] if certificate fails to verify
+    # @see DanskeResponse#certificate_is_trusted?
+    def certificate_is_trusted?
+      return true if environment == :test
+      verify_certificate_against_root_certificate(certificate, OP_ROOT_CERTIFICATE)
+    end
+
+    # OP's get service certificates response isn't signed
+    def validate_hashes
+      super unless command == :get_service_certificates
+    end
+
+    # OP's get service certificates response isn't signed
+    def verify_signature
+      super unless command == :get_service_certificates
+    end
+  end
+end

data/lib/sepa/banks/op/soap_op.rb

@@ -0,0 +1,14 @@
+module Sepa
+  # Contains OP specific soap building functionality
+  module OpSoapRequest
+    private
+
+      def set_receiver_id
+        set_node @template, 'bxd|ReceiverId', 'OKOYFIHH'
+      end
+
+      def cert_ns
+        OP_PKI
+      end
+  end
+end

data/lib/sepa/certificates/op_root_certificate.cer

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFMzCCAxugAwIBAgICHhkwDQYJKoZIhvcNAQELBQAwKjELMAkGA1UEBhMCRkkx
+GzAZBgNVBAMTEk9QLVBvaGpvbGEgUm9vdCBDQTAeFw0xMjA2MDcwODQyNDJaFw00
+MTA2MDcwODQyNDJaMCoxCzAJBgNVBAYTAkZJMRswGQYDVQQDExJPUC1Qb2hqb2xh
+IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCdFCgwifVV
+/XdLNmuIAUox7H3RZOyWotq3HUyGWCX/T337wfrbAQWXSa8C4z2Adr0O3P0qMEFR
+BKt2p4zupD4bkzR1p8tn/K2Y+TVf/ZAjpk3S1/7KZT8DqRCnlb2IuUCeO0OaC0gk
+XIqkeeoogHhYYdQwI0qai2qk8N3jgTlOXqAHceg+yO0h58VIcCaASfR9zIclmYLK
+g2pFPoC22+2QlCgSg4M1ceoiie48Nzk+BYA1Qm1TGjox9BGakiSq+pF+6GC+QBjM
+lnd8rz8lAPqZ7eoukLanOZxo97bG1nIsEyrDTBT+hdkJj4VG+m0Q8oLtBfzadekM
+dWwjHgRWYcQHrlI5WxTgAT5iDdGMrg05cM8poxy09HoFBKHS1fgaFVddr7MFqZcu
+z/kyaQevjnsfPXkI3eDqhxnLbRjHrnqBWX7ELyLgcEjX4syTteKp8aAeYdvN8U8A
+MJ/q56Guob5g/RlDfBXO9aoSyR3bPh6m8sGNgfB38NDKpO6NZK04vLvK3hF0NhWd
+Lqr+ccs1slaWPR2mK0+19o7EjObWGPBxCs17jkd2OV7iXQwt1gaNcIhDDjpH4MdR
+4FZla64vfuMh1lsVtqi0goCuS6p4aH7VIhjTNVPlQulLgFj2e41z3DmpCo/gfZ65
+QDYYVzFZmCQFfaeoyfZ6SK/jVjUEthSC8wIDAQABo2MwYTAfBgNVHSMEGDAWgBTJ
+N/SYhJwjwZbTpFuapA8rFyyQvDAdBgNVHQ4EFgQUyTf0mIScI8GW06RbmqQPKxcs
+kLwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggIBAFD28Nl4kdeC54BI7IKtCIflTbFmMRykTEvJsPN6t566FxjKSim4KzJ+
+aPXz5DNx7bLXBaFePpOYUhnX6ritZv53Y9MqWjon9L48T2LGbtU8wd7+CWvkjx6r
+37RGOLUAblfj8Av2lt0wwAusy1AtJtYJf3cvxRRLnUgmoEXh19u0LbhB0NXsPUEv
+js1UuFTq00/KJq/609R73IjzaStWgBXvEDRVJvAhwqlH+xw/5wo+aCcIpdES9kFU
+sVFp9iEMIDBjzQiOm39nIpjUr5irrtiO469yfarwP4JgBXGUP+DoWeB+fYQgK0RG
+/6WN1AZlO+lcChR7k83QeIAnPg698DQNiVMdpXKQKAM+7ri24mtWJOJXAoaA4bhP
+oUL17kys7/m//n9cjlsc4iH+bLSnzUpronznGgMu6XfFFgAhZsYKLVNGCFwuc2Gc
+7y/Luj5aXh3C1PEvN/SDNhe0j2q2z0FSpT/NMja/KXydTF4B3j0/eVmAbUP3WXWC
+11LoUQDo9A9hqejoUu+fc7KXob/iDztnpweabNvrMCvYPsiGfiuUPgI5+nxDCH9B
+uxHHUhFLF5/QMPKsvyZekaxMDxlWLs7RJeK4f4pGTbOTTnwwcQ791IcgNR2bYOku
+7nxefQXOs2Z3xFETBfoNkVGiIVf5AyXigVKFyBXIfCOK9RHJMVEq
+-----END CERTIFICATE-----

data/lib/sepa/client.rb

@@ -165,7 +165,11 @@ module Sepa
     attr_accessor :encryption_csr
 
     # The list of banks that are currently supported by this gem
-    BANKS = [:nordea, :danske]
+    BANKS = %i(
+      danske
+      nordea
+      op
+    )
 
     # Languages that are currently supported by the gem
     LANGUAGES = ['FI', 'SE', 'EN']
@@ -256,7 +260,7 @@ module Sepa
         response &&= response.to_xml
       rescue Savon::Error => e
         response = nil
-        error = e.to_s
+        error = e.http.body
       end
 
       initialize_response(error, response)
@@ -293,22 +297,16 @@ module Sepa
       # Returns path to WSDL file according to {#bank} and {#command}
       # @return [String] Path to the WSDL file of the bank and command
       def wsdl
-        case bank
-        when :nordea
-          if command == :get_certificate
-            file = "wsdl_nordea_cert.xml"
-          else
-            file = "wsdl_nordea.xml"
-          end
-        when :danske
-          if [:get_bank_certificate, :create_certificate].include? command
-            file = "wsdl_danske_cert.xml"
-          else
-            file = "wsdl_danske.xml"
-          end
-        end
+        file = if STANDARD_COMMANDS.include?(command)
+                 "wsdl_#{bank}"
+               else
+                 "wsdl_#{bank}_cert"
+               end
+
+        path  = "#{WSDL_PATH}/#{file}"
+        path2 = "#{path}_#{environment}.xml"
 
-        "#{WSDL_PATH}/#{file}"
+        File.exist?(path2) ? path2 : "#{path}.xml"
       end
 
       # Initializes {Response} as correct class for a bank. Also converts possible
@@ -319,20 +317,16 @@ module Sepa
       # @return [Response] A {Response} with a correct class for a bank
       def initialize_response(error, response)
         options = {
-          response: response,
-          error: error,
-          command: command
+          command:     command,
+          environment: environment,
+          error:       error,
+          response:    response
         }
         if encryption_private_key && !encryption_private_key.empty?
           options[:encryption_private_key] = rsa_key(encryption_private_key)
         end
 
-        case bank
-        when :nordea
-          NordeaResponse.new options
-        when :danske
-          DanskeResponse.new options
-        end
+        "Sepa::#{bank.capitalize}Response".constantize.new(options)
       end
 
   end

data/lib/sepa/response.rb

@@ -23,6 +23,11 @@ module Sepa
     # @return [Symbol]
     attr_reader :command
 
+    # The environment in which the request was sent
+    #
+    # @return [Symbol]
+    attr_reader :environment
+
     validate  :document_must_validate_against_schema
     validate  :client_errors
     validate  :validate_response_code
@@ -41,10 +46,11 @@ module Sepa
     #     encryption_private_key: OpenSSL::PKey::RSA
     #   }
     def initialize(hash = {})
-      @soap = hash[:response]
-      @command = hash[:command]
-      @error = hash[:error]
+      @command                = hash[:command]
       @encryption_private_key = hash[:encryption_private_key]
+      @environment            = hash[:environment]
+      @error                  = hash[:error]
+      @soap                   = hash[:response]
     end
 
     # Returns the soap of the response as a Nokogiri document
@@ -54,6 +60,13 @@ module Sepa
       @doc ||= xml_doc @soap
     end
 
+    # Returns the error of the response as a Nokogiri document
+    #
+    # @return [Nokogiri::XML] The error as Nokogiri document
+    def error_doc
+      @error_doc ||= xml_doc @error
+    end
+
     # Verifies that all digest values in the response match the actual ones. Takes an optional
     # verbose parameter to show which digests didn't match. The digest embedded in the document are
     # first retrieved with {#find_digest_values} method and if none are found, false is returned.
@@ -197,6 +210,17 @@ module Sepa
     # @return [nil] if the response code cannot be found
     def response_code
       node = doc.at('xmlns|ResponseCode', xmlns: BXD)
+      node = error_doc.at('xmlns|ResponseCode', xmlns: BXD) unless node
+      node.content if node
+    end
+
+    # Returns the response text of the response
+    #
+    # @return [String] if the response text can be found
+    # @return [nil] if the response text cannot be found
+    def response_text
+      node = doc.at('xmlns|ResponseText', xmlns: BXD)
+      node = error_doc.at('xmlns|ResponseText', xmlns: BXD) unless node
       node.content if node
     end
 
@@ -272,12 +296,9 @@ module Sepa
       end
 
       # Validates response code in response. "00" and "24" are currently considered valid.
-      # Validation is not run if {#error} is present
       def validate_response_code
-        return if @error
-
         unless %w(00 24).include? response_code
-          errors.add(:base, NOT_OK_RESPONSE_CODE_ERROR_MESSAGE)
+          errors.add(:base, { response_code: response_code, response_text: response_text })
         end
       end