sepafm 1.1.5 → 1.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b95413cb0ca0c02afb68f0e7be64782306fe267e
-  data.tar.gz: 7363a519ce10b82d0c3a58bc86dffd0f6d435bad
+  metadata.gz: c038dcb77ca225b13580f7f01c23ecf58fc00e23
+  data.tar.gz: aa11761b080c92183b185d997bb5c7e509e88171
 SHA512:
-  metadata.gz: 07caab040ab4dd22976fb24a677ff56dca5b07912391a49047be8e92e5320447b669add4eabf264c83c29ae17a65909f41b830a26db846730d124cb8c2a19b5b
-  data.tar.gz: ed91bbf27e8a015815955525cf650305e2b99d97d11f02c6dfcf689ff9021ba379acaa80fcbebc258ab121d971af62a668f7d95da338abd1b3c5dee591c82e98
+  metadata.gz: ea3ae75974fbbb309e959796d709dbf50209f03e8fe5d2b5d47b4028c08cd9dbecbeb2e0f835b84792ee5d71f43e16aae94b7ac69dbb09122c990cff6016435d
+  data.tar.gz: ad964633e3b736ade71ee6a64222311167a47f5f0b7d5406ac06b1f0bfd3012a232e782e798d86d6fe9e14c30afa9f1df549ccc2a1310054735daed5e71ebe3b

data/.rubocop.yml

@@ -1,3 +1,6 @@
+AllCops:
+  TargetRubyVersion: 2.2
+
 Metrics/AbcSize:
   Max: 37
 

data/lib/sepa/application_request.rb

@@ -1,5 +1,4 @@
 module Sepa
-
   # Contains functionality to build the application request
   #
   # @todo Add return values for content modifying methods to signal whether they succeeded or not
@@ -22,7 +21,7 @@ module Sepa
         instance_variable_set("@#{key}", value)
       end
 
-      @application_request = load_body_template AR_TEMPLATE_PATH
+      @application_request = load_body_template(AR_TEMPLATE_PATH)
     end
 
     # Sets the nodes in the application request, processes signature and then returns the
@@ -129,10 +128,21 @@ module Sepa
         set_node "Content", format_cert_request(@signing_csr)
       end
 
-      # Sets nodes' contents for Nordea's and OP's renew certificate request
+      # Sets nodes' contents for renew certificate request
       def set_renew_certificate_nodes
-        set_node "Service", "service" if @bank == :nordea
-        set_node "Content", format_cert_request(@signing_csr)
+        case @bank
+        when :nordea, :op
+          set_node "Service", "service" if @bank == :nordea
+          set_node "Content", format_cert_request(@signing_csr)
+        when :danske
+          @environment = 'customertest' if @environment == :test
+
+          set_node 'tns|CustomerId',           @customer_id
+          set_node 'tns|EncryptionCertPKCS10', format_cert_request(@encryption_csr)
+          set_node 'tns|SigningCertPKCS10',    format_cert_request(@signing_csr)
+          set_node 'tns|Timestamp',            iso_time
+          set_node 'tns|Environment',          @environment
+        end
       end
 
       # Sets nodes' contents for OP's get service certificates request
@@ -161,8 +171,8 @@ module Sepa
       # Sets contents for nodes that are common to all requests except when {#command} is
       # `:get_bank_certificate` or `:create_certificate`. {#environment} is upcased here.
       def set_common_nodes
-        return if @command == :get_bank_certificate
-        return if @command == :create_certificate
+        return if [:get_bank_certificate, :create_certificate].include?(@command)
+        return if @bank == :danske && @command == :renew_certificate
 
         set_node('Environment', @environment.to_s.upcase)
         set_node("CustomerId", @customer_id)
@@ -256,6 +266,5 @@ module Sepa
         target_id.content = @target_id
         @application_request.at(node).add_next_sibling target_id
       end
-
   end
 end

data/lib/sepa/attribute_checks.rb

@@ -1,5 +1,4 @@
 module Sepa
-
   # Contains functionality to check the attributes passed to {Client}. Uses
   # ActiveModel::Validations for the actual validation.
   module AttributeChecks
@@ -11,25 +10,24 @@ module Sepa
     def allowed_commands
       case bank
       when :nordea
-        STANDARD_COMMANDS +
-        %i(
-          get_certificate
-          renew_certificate
-        )
+        [
+          STANDARD_COMMANDS,
+          :get_certificate,
+          :renew_certificate
+        ].flatten
       when :danske
-        STANDARD_COMMANDS -
-        %i(get_user_info) +
-        %i(
-          create_certificate
-          get_bank_certificate
-         )
+        [
+          STANDARD_COMMANDS - [:get_user_info],
+          :create_certificate,
+          :get_bank_certificate,
+          :renew_certificate,
+        ].flatten
       when :op
-        STANDARD_COMMANDS -
-        %i(get_user_info) +
-        %i(
-          get_certificate
-          get_service_certificates
-         )
+        [
+          STANDARD_COMMANDS - [:get_user_info],
+          :get_certificate,
+          :get_service_certificates,
+        ].flatten
       else
         []
       end
@@ -64,20 +62,19 @@ module Sepa
 
     # Checks that signing certificate signing request can be initialized properly.
     def check_signing_csr
-      return unless [:get_certificate, :create_certificate].include? command
+      return unless [:get_certificate, :create_certificate, :renew_certificate].include? command
+      return if cert_request_valid?(signing_csr)
 
-      unless cert_request_valid?(signing_csr)
-        errors.add(:signing_csr, SIGNING_CERT_REQUEST_ERROR_MESSAGE)
-      end
+      errors.add(:signing_csr, SIGNING_CERT_REQUEST_ERROR_MESSAGE)
     end
 
     # Checks that encryption certificate signing request can be initialized properly.
     def check_encryption_cert_request
-      return unless command == :create_certificate
+      return unless bank == :danske
+      return unless [:create_certificate, :renew_certificate].include? command
+      return if cert_request_valid?(encryption_csr)
 
-      unless cert_request_valid?(encryption_csr)
-        errors.add(:encryption_csr, ENCRYPTION_CERT_REQUEST_ERROR_MESSAGE)
-      end
+      errors.add(:encryption_csr, ENCRYPTION_CERT_REQUEST_ERROR_MESSAGE)
     end
 
     # Checks that {Client#file_type} is proper

data/lib/sepa/banks/danske/danske_response.rb

@@ -1,9 +1,7 @@
 module Sepa
-
   # Handles Danske Bank specific {Response} functionality. Mainly decryption and certificate
   # specific stuff.
   class DanskeResponse < Response
-
     validate :valid_get_bank_certificate_response
     validate :can_be_decrypted_with_given_key
 
@@ -47,63 +45,59 @@ module Sepa
     end
 
     # Returns own encryption certificate which has been signed by the bank. Only present in
-    # `:create_certificate` responses
+    # `:create_certificate` & `:renew_certificate` responses
     #
-    # @return [OpenSSL::X509::Certificate] if {#command} is `:create_certificate`
+    # @return [OpenSSL::X509::Certificate] if {#command} is `:create_certificate` or `:renew_certificate`
     # @return [nil] if command is any other
     def own_encryption_certificate
-      return unless @command == :create_certificate
+      return unless [:create_certificate, :renew_certificate].include?(@command)
 
       @own_encryption_certificate ||= extract_cert(doc, 'EncryptionCert', DANSKE_PKI)
     end
 
     # Returns own signing certificate which has been signed by the bank. Is used to sign requests
-    # sent to the bank. Is only present in `:create_certificate` responses.
+    # sent to the bank. Is only present in `:create_certificate` & `:renew_certificate` responses.
     #
-    # @return [OpenSSL::X509::Certificate] if {#command} is `:create_certificate`
+    # @return [OpenSSL::X509::Certificate] if {#command} is `:create_certificate` or `:renew_certificate`
     # @return [nil] if command is any other
     def own_signing_certificate
-      return unless @command == :create_certificate
+      return unless [:create_certificate, :renew_certificate].include?(@command)
 
       @own_signing_certificate ||= extract_cert(doc, 'SigningCert', DANSKE_PKI)
     end
 
     # Returns the CA certificate that has been used to sign own signing and encryption certificates.
-    # Only present in `:create_certificate` responses
+    # Only present in `:create_certificate` & `:renew_certificate` responses
     #
-    # @return [OpenSSL::X509::Certificate] if {#command} is `:create_certificate`
+    # @return [OpenSSL::X509::Certificate] if {#command} is `:create_certificate` or `:renew_certificate`
     # @return [nil] if command is any other
     def ca_certificate
-      return unless @command == :create_certificate
+      return unless [:create_certificate, :renew_certificate].include?(@command)
 
       @ca_certificate ||= extract_cert(doc, 'CACert', DANSKE_PKI)
     end
 
     # Extract certificate that has been used to sign the response. This overrides
-    # {Response#certificate} method with specific functionality for `:get_bank_certificate` and
-    # `:create_certificate` commands. Otherwise just calls {Response#certificate}
+    # {Response#certificate} method with specific functionality for `:get_bank_certificate`,
+    # `:create_certificate` & `:renew_certificate` commands. Otherwise just calls {Response#certificate}
     #
     # @return [OpenSSL::X509::Certificate]
     # @raise [OpenSSL::X509::CertificateError] if certificate cannot be processed
     def certificate
-      if [:get_bank_certificate, :create_certificate].include? @command
-        @certificate ||= begin
-          extract_cert(doc, 'X509Certificate', DSIG)
-        end
-      else
-        super
-      end
+      return super unless [:get_bank_certificate, :create_certificate, :renew_certificate].include? @command
+
+      @certificate ||= extract_cert(doc, 'X509Certificate', DSIG)
     end
 
     # Extract response code from the response. Overrides super method when {#command} is
-    # `:get_bank_certificate` or `:create_certificate` because response code node is named
+    # `:get_bank_certificate`, `:create_certificate` or `:renew_certificate` because response code node is named
     # differently in those responses.
     #
     # @return [String] if response code is found
     # @return [nil] if response code cannot be found
     # @see Response#response_code
     def response_code
-      return super unless [:get_bank_certificate, :create_certificate].include? @command
+      return super unless [:get_bank_certificate, :create_certificate, :renew_certificate].include? @command
 
       node = doc.at('xmlns|ReturnCode', xmlns: DANSKE_PKI)
       node = doc.at('xmlns|ReturnCode', xmlns: DANSKE_PKIF) unless node
@@ -112,17 +106,14 @@ module Sepa
     end
 
     # Extract response text from the response. Overrides super method when {#command} is
-    # `:get_bank_certificate` or `:create_certificate` because response text node is named
+    # `:get_bank_certificate`, `:create_certificate` or `:renew_certificate` because response text node is named
     # differently in those responses.
     #
     # @return [String] if response text is found
     # @return [nil] if response text cannot be found
     # @see Response#response_text
     def response_text
-      return super unless %i(
-          create_certificate
-          get_bank_certificate
-        ).include? @command
+      return super unless [:get_bank_certificate, :create_certificate, :renew_certificate].include? @command
 
       node = doc.at('xmlns|ReturnText', xmlns: DANSKE_PKI)
       node = doc.at('xmlns|ReturnText', xmlns: DANSKE_PKIF) unless node
@@ -145,7 +136,7 @@ module Sepa
     private
 
       # Finds a node by its reference URI from Danske Bank's certificate responses. If {#command} is
-      # other than `:get_bank_certificate` or `:create_certificate` returns super. This method is
+      # other than `:get_bank_certificate`, `:create_certificate` or `:renew_certificate` returns super. This method is
       # needed because Danske Bank uses a different way to reference nodes in their certificate
       # responses.
       #
@@ -153,7 +144,7 @@ module Sepa
       # @return [Nokogiri::XML::Node] node with signature removed from its document since signature
       #   has to be removed for canonicalization and hash calculation
       def find_node_by_uri(uri)
-        return super unless [:get_bank_certificate, :create_certificate].include? @command
+        return super unless [:get_bank_certificate, :create_certificate, :renew_certificate].include? @command
 
         doc_without_signature = doc.dup
         doc_without_signature.at('xmlns|Signature', xmlns: DSIG).remove
@@ -173,11 +164,11 @@ module Sepa
         key = decrypt_embedded_key
 
         encypted_data = encrypted_application_response
-        .css('CipherValue', 'xmlns' => XMLENC)[1]
-        .content
+                        .css('CipherValue', 'xmlns' => XMLENC)[1]
+                        .content
 
         encypted_data = decode encypted_data
-        iv = encypted_data[0, 8]
+        iv            = encypted_data[0, 8]
         encypted_data = encypted_data[8, encypted_data.length]
 
         decipher = OpenSSL::Cipher.new('DES-EDE3-CBC')
@@ -192,10 +183,9 @@ module Sepa
       # from the bank.
       def valid_get_bank_certificate_response
         return unless @command == :get_bank_certificate
+        return unless doc.at('xmlns|PKIFactoryServiceFault', xmlns: DANSKE_PKIF)
 
-        if doc.at('xmlns|PKIFactoryServiceFault', xmlns: DANSKE_PKIF)
-          errors.add(:base, "Did not get a proper response when trying to get bank's certificates")
-        end
+        errors.add(:base, "Did not get a proper response when trying to get bank's certificates")
       end
 
       # Extracts the encrypted application response from the response and returns it as a nokogiri
@@ -206,19 +196,18 @@ module Sepa
       def encrypted_application_response
         @encrypted_application_response ||= begin
           encrypted_application_response = extract_application_response(BXD)
-          xml_doc encrypted_application_response
+          xml_doc(encrypted_application_response)
         end
       end
 
       # Validates that the encrypted key in the response can be decrypted with the private key given
       # to the response in the parameters. Response is invalid if this cannot be done.
       def can_be_decrypted_with_given_key
-        return if [:get_bank_certificate, :create_certificate].include? @command
+        return if [:get_bank_certificate, :create_certificate, :renew_certificate].include? @command
         return unless encrypted_application_response.css('CipherValue', 'xmlns' => XMLENC)[0]
+        return if decrypt_embedded_key
 
-        unless decrypt_embedded_key
-          errors.add(:encryption_private_key, DECRYPTION_ERROR_MESSAGE)
-        end
+        errors.add(:encryption_private_key, DECRYPTION_ERROR_MESSAGE)
       end
 
       # Decrypts (assymetrically) the symmetric encryption key embedded in the response with the
@@ -235,6 +224,5 @@ module Sepa
       rescue OpenSSL::PKey::RSAError
         nil
       end
-
   end
 end

data/lib/sepa/banks/danske/soap_danske.rb

@@ -1,8 +1,6 @@
 module Sepa
-
   # Contains Danske Bank specific soap building functionality
   module DanskeSoapRequest
-
     private
 
       # Determines which kind of request to build depending on command. Certificate requests differ
@@ -13,11 +11,13 @@ module Sepa
       def find_correct_build
         case @command
         when :create_certificate
-          build_certificate_request
+          build_create_certificate_request
         when :upload_file, :download_file, :get_user_info, :download_file_list
           build_danske_generic_request
         when :get_bank_certificate
           build_get_bank_certificate_request
+        when :renew_certificate
+          build_renew_certificate_request
         end
       end
 
@@ -85,16 +85,16 @@ module Sepa
         ar
       end
 
-      # Sets contents for create certificate requests.
-      #
-      # @todo rename
-      def set_create_cert_contents
-        set_node(@template, 'pkif|SenderId', @customer_id)
-        set_node(@template, 'pkif|CustomerId', @customer_id)
-        set_node(@template, 'pkif|RequestId', request_id)
-        set_node(@template, 'pkif|Timestamp', iso_time)
-        set_node(@template, 'pkif|InterfaceVersion', 1)
-        set_node(@template, 'pkif|Environment', @environment)
+      # Sets contents for certificate requests.
+      def set_cert_contents
+        @environment = :customertest if @environment == :test
+
+        set_node @template, 'pkif|SenderId',         @customer_id
+        set_node @template, 'pkif|CustomerId',       @customer_id
+        set_node @template, 'pkif|RequestId',        request_id
+        set_node @template, 'pkif|Timestamp',        iso_time
+        set_node @template, 'pkif|InterfaceVersion', 1
+        set_node @template, 'pkif|Environment',      @environment
       end
 
       # Sets contents for get bank certificate requests
@@ -130,12 +130,9 @@ module Sepa
       # if set to `:test`. This request is encrypted but not signed.
       #
       # @return [Nokogiri::XML] the complete soap
-      # @todo rename
-      def build_certificate_request
-        @environment = :customertest if @environment == :test
-        set_create_cert_contents
-        encrypted_request = encrypt_application_request
-        add_encrypted_request_to_soap(encrypted_request)
+      def build_create_certificate_request
+        set_cert_contents
+        add_encrypted_request_to_soap(encrypt_application_request)
       end
 
       # Builds get bank certificate request soap. This request is neither signed nor encrypted.
@@ -146,16 +143,27 @@ module Sepa
         add_bank_certificate_body_to_soap
       end
 
+      # Builds Danske Bank's renew certificate request soap. Environment is set to `:customertest`
+      # if set to `:test`. This request is encrypted and signed
+      #
+      # @return [Nokogiri::XML] the complete soap
+      def build_renew_certificate_request
+        set_cert_contents
+        add_encrypted_request_to_soap(encrypt_application_request, parent_node: 'pkif|RenewCertificateIn')
+        process_header
+        add_body_to_header
+      end
+
       # Adds encrypted application request xml structure to the soap. This method is used when
-      # building create certificate requests and the encrypted application request xml structure
+      # building create & renew certificate requests and the encrypted application request xml structure
       # will not be base64 encoded.
       #
       # @param encrypted_request [Nokogiri::XML] the encrypted application request xml structure
       # @return [Nokogiri::XML] the soap with the encrypted application request added to it
-      def add_encrypted_request_to_soap(encrypted_request)
+      def add_encrypted_request_to_soap(encrypted_request, parent_node: 'pkif|CreateCertificateIn')
         encrypted_request = Nokogiri::XML(encrypted_request.to_xml)
         encrypted_request = encrypted_request.root
-        @template.at_css('pkif|CreateCertificateIn').add_child(encrypted_request)
+        @template.at_css(parent_node).add_child(encrypted_request)
 
         @template
       end
@@ -199,6 +207,5 @@ module Sepa
       end
 
       def set_application_request; end
-
   end
 end

data/lib/sepa/client.rb

@@ -1,6 +1,5 @@
 # Main module for this gem
 module Sepa
-
   # Handles parameter validation, key initialization, {SoapBuilder} initialization, communicating
   # with the bank and {Response} initialization.
   class Client
@@ -9,7 +8,6 @@ module Sepa
     include ErrorMessages
     include AttributeChecks
 
-
     # The bank that is used in this client. One of {BANKS}.
     #
     # @return [Symbol]
@@ -169,18 +167,18 @@ module Sepa
       danske
       nordea
       op
-    )
+    ).freeze
 
     # Languages that are currently supported by the gem
-    LANGUAGES = ['FI', 'SE', 'EN']
+    LANGUAGES = %w(FI SE EN).freeze
 
     # Environments that are currently supported by the gem
-    ENVIRONMENTS = [:production, :test]
+    ENVIRONMENTS = [:production, :test].freeze
 
     # Statuses that can be given to download file list command. When NEW is given, only those files
     # that have not yet been downloaded will be listed. DOWNLOADED will list only downloaded files
     # and ALL will list every file
-    STATUSES = ['NEW', 'DOWNLOADED', 'ALL']
+    STATUSES = %w(NEW DOWNLOADED ALL).freeze
 
     validates :bank, inclusion: { in: BANKS }
     validates :language, inclusion: { in: LANGUAGES }, allow_nil: true
@@ -205,10 +203,10 @@ module Sepa
     #
     # @param hash [Hash] All the attributes of the client can be given to the construcor in a hash
     def initialize(hash = {})
-      self.attributes hash
+      attributes(hash)
       self.environment ||= :production
-      self.language ||= 'EN'
-      self.status ||= 'NEW'
+      self.language    ||= 'EN'
+      self.status      ||= 'NEW'
     end
 
     def bank=(value)
@@ -330,8 +328,7 @@ module Sepa
       end
 
       def soap_command
-        case @command
-        when :renew_certificate
+        if @command == :renew_certificate && [:nordea, :op].include?(@bank)
           :get_certificate
         else
           @command

data/lib/sepa/response.rb

@@ -1,5 +1,4 @@
 module Sepa
-
   # Handles soap responses got back from the bank. Bank specific functionality is defined in
   # subclasses. Handles i.e. logic to make sure the response's integrity has not been compromised
   # and has methods to extract content from the response.
@@ -276,9 +275,10 @@ module Sepa
       # @return [nil] if application response cannot be found
       def extract_application_response(namespace)
         ar_node = doc.at('xmlns|ApplicationResponse', xmlns: namespace)
-        if ar_node
-          decode(ar_node.content)
-        end
+
+        return unless ar_node
+
+        decode(ar_node.content)
       end
 
       # Handles errors that have been passed from client
@@ -297,43 +297,34 @@ module Sepa
 
       # Validates response code in response. "00" and "24" are currently considered valid.
       def validate_response_code
-        unless %w(00 24).include? response_code
-          errors.add(:base, { response_code: response_code, response_text: response_text })
-        end
+        return if %w(00 24).include? response_code
+
+        errors.add(:base, response_code: response_code, response_text: response_text)
       end
 
       # Validates hashes in the response. {#hashes_match?} must return true for validation to pass.
       # Is not run if {#error} is present or response code is not ok.
       def validate_hashes
-        return if @error
-        return unless response_code_is_ok?
+        return if @error || !response_code_is_ok? || hashes_match?
 
-        unless hashes_match?
-          errors.add(:base, HASH_ERROR_MESSAGE)
-        end
+        errors.add(:base, HASH_ERROR_MESSAGE)
       end
 
       # Validate signature in the response. Validation is not run if {#error} is present or response
       # is not ok.
       def verify_signature
-        return if @error
-        return unless response_code_is_ok?
+        return if @error || !response_code_is_ok? || signature_is_valid?
 
-        unless signature_is_valid?
-          errors.add(:base, SIGNATURE_ERROR_MESSAGE)
-        end
+        errors.add(:base, SIGNATURE_ERROR_MESSAGE)
       end
 
       # Validates certificate in the soap. The certificate must be present and signed by the bank's
       # root certificate for the validation to pass. Is not run if {#error} is present or response
       # code is not ok.
       def verify_certificate
-        return if @error
-        return unless response_code_is_ok?
+        return if @error || !response_code_is_ok? || certificate_is_trusted?
 
-        unless certificate_is_trusted?
-          errors.add(:base, 'The certificate in the response is not trusted')
-        end
+        errors.add(:base, 'The certificate in the response is not trusted')
       end
 
       # Checks whether response code in the response is ok. Response code is considered ok if it is
@@ -346,6 +337,5 @@ module Sepa
 
         false
       end
-
   end
 end

data/lib/sepa/utilities.rb

@@ -1,8 +1,6 @@
 module Sepa
-
   # Contains utility methods that are used in this gem.
   module Utilities
-
     # Calculates a SHA1 digest for a given node. Before the calculation, the node is canonicalized
     # exclusively.
     #
@@ -11,7 +9,7 @@ module Sepa
     def calculate_digest(node)
       sha1 = OpenSSL::Digest::SHA1.new
 
-      canon_node = canonicalize_exclusively node
+      canon_node = canonicalize_exclusively(node)
 
       encode(sha1.digest(canon_node)).gsub(/\s+/, "")
     end
@@ -189,9 +187,7 @@ module Sepa
     # @param value [Nokogiri::XML::Node, #canonicalize] the node to be canonicalized
     # @return [String] the canonicalized node
     def canonicalize_exclusively(value)
-      value.canonicalize(mode = Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0,
-                         inclusive_namespaces = nil,
-                         with_comments = false)
+      value.canonicalize(Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0)
     end
 
     # Creates a new OpenSSL X509 certificate from a string

data/lib/sepa/version.rb

@@ -1,4 +1,4 @@
 module Sepa
   # The current version of the gem
-  VERSION = "1.1.5".freeze
+  VERSION = "1.1.6".freeze
 end

data/lib/sepa/xml_schemas/danske_pki.xsd

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- edited with XMLSpy v2009 sp1 (http://www.altova.com) by Danske Bank (Danske Bank A/S) -->
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:tns="http://danskebank.dk/PKI/PKIFactoryService/elements" xmlns:xml="http://www.w3.org/XML/1998/namespace" targetNamespace="http://danskebank.dk/PKI/PKIFactoryService/elements" elementFormDefault="qualified" attributeFormDefault="unqualified">
-    <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+    <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
     <!--xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="store:///schemas/xmldsig-core-schema.xsd"/-->
     <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml_id.xsd"/>
     <!-- SHARED TYPES SECTION -->

data/lib/sepa/xml_templates/application_request/danske/renew_certificate.xml

@@ -0,0 +1,33 @@
+<tns:RenewCertificateRequest xmlns:pkif="http://danskebank.dk/PKI/PKIFactoryService"
+                             xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+                             xmlns:xe="http://www.w3.org/2001/04/xmlenc#"
+                             xmlns:xd="http://www.w3.org/2000/09/xmldsig#"
+                             xmlns:tns="http://danskebank.dk/PKI/PKIFactoryService/elements">
+  <tns:CustomerId/>
+  <tns:KeyGeneratorType>software</tns:KeyGeneratorType>
+  <tns:EncryptionCertPKCS10/>
+  <tns:SigningCertPKCS10/>
+  <tns:Timestamp/>
+  <tns:RequestId/>
+  <tns:Environment/>
+  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+    <SignedInfo>
+      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+      <Reference URI="">
+        <Transforms>
+          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+        </Transforms>
+        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+        <DigestValue/>
+      </Reference>
+    </SignedInfo>
+    <SignatureValue/>
+    <KeyInfo>
+      <X509Data>
+        <X509Certificate/>
+      </X509Data>
+    </KeyInfo>
+  </Signature>
+</tns:RenewCertificateRequest>