sepafm 1.1.8 → 1.1.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4495553a8331dc839714be9d80f714bcdad98a00
-  data.tar.gz: 60935bd6d5859e8e812943c40c64854671b365c4
+  metadata.gz: d7953437ff7a58f58b2f7df4b1e9541ceb409000
+  data.tar.gz: ac839e70c1644adb076586e5ac98fa78779fd8a3
 SHA512:
-  metadata.gz: f8cad4589cb2968fa5ff25dbf14542584973549dd5d3836e404dea824bdfecaed3deceeaddd62d8f191734040910f6d810617d40fce84762931c7e24d73ceec7
-  data.tar.gz: 726a6d88274b0f076f86ba1798c46649e304f6da1f5a23f6f8669eab07c5e96fef2a52b0257b47cc3755e4bf3e1771fa929b7ec69b38548dd5aedbbc68b2a45e
+  metadata.gz: 8c8b5f59d6bac6b85f71d893039f1ffe707c78258c1f65546c7b64c650f27bc7b389196ae62513b0c0e933c20ec488370b7aa220c5b3297375b602d07aada7f0
+  data.tar.gz: ed2acb7fa7b253c93cd36be5eca1750e40e709b43914baa876ee68b5bea5a242ac3d46b12672a4659301b554afe276ea374dc45e7a7667bd18cfe26d61f5f11e

data/.rubocop.yml

@@ -5,7 +5,7 @@ Metrics/AbcSize:
   Max: 37
 
 Metrics/ClassLength:
-  Max: 348
+  Max: 350
 
 Metrics/CyclomaticComplexity:
   Max: 8
@@ -17,7 +17,7 @@ Metrics/MethodLength:
   Max: 69
 
 Metrics/ModuleLength:
-  Max: 146
+  Max: 150
 
 Style/Documentation:
   Exclude:
@@ -25,11 +25,13 @@ Style/Documentation:
     - 'test/**/*'
 
 Style/IndentationConsistency:
-  SupportedStyles: rails
+  EnforcedStyle: rails
 
 Style/StringLiterals:
-  SupportedStyles: single_quotes, double_quotes
-  ConsistentQuotesInMultiline: true
+  Enabled: false
 
 Style/TrailingCommaInLiteral:
-  SupportedStyles: comma
+  EnforcedStyleForMultiline: comma
+
+Style/TrailingCommaInArguments:
+  EnforcedStyleForMultiline: comma

data/Rakefile

@@ -12,4 +12,4 @@ task :console do
   sh "bundle exec irb -I lib -r sepafm.rb"
 end
 
-task :default => :test
+task default: :test

data/lib/sepa/application_request.rb

@@ -74,7 +74,7 @@ module Sepa
       # @example Example input and output
       #   :get_user_info --> GetUserInfo
       def pretty_command
-        @command.to_s.split(/[\W_]/).map {|c| c.capitalize}.join
+        @command.to_s.split(/[\W_]/).map(&:capitalize).join
       end
 
       # Determines which content setting method to call depending on {#command}
@@ -86,8 +86,8 @@ module Sepa
 
       # Sets nodes' values for download file request
       def set_download_file_nodes
-        add_target_id_after 'FileReferences'
-        set_node("Status", @status)
+        add_node_after('FileReferences', 'TargetId', content: @target_id) if @bank == :nordea
+        add_node_after('Timestamp', 'Status', content: @status) if @status.present?
         add_node_to_root 'FileType', content: @file_type if @file_type.present?
         set_node("FileReference", @file_reference)
       end
@@ -110,20 +110,20 @@ module Sepa
       def set_upload_file_nodes
         set_node_b("Content", @content)
         set_node("FileType", @file_type)
-        add_target_id_after 'Environment'
+        add_node_after('Environment', 'TargetId', content: @target_id) if @bank == :nordea
       end
 
       # Sets nodes' contents for download file list request
       def set_download_file_list_nodes
-        add_target_id_after 'Environment'
-        set_node("Status", @status)
+        add_node_after('Environment', 'TargetId', content: @target_id) if @bank == :nordea
+        add_node_after('Timestamp', 'Status', content: @status) if @status.present?
         add_node_to_root 'FileType', content: @file_type if @file_type.present?
       end
 
       # Sets nodes' contents for Nordea's and OP's get certificate request
       def set_get_certificate_nodes
         set_node "Service", "MATU" if @bank == :op
-        set_node "TransferKey", @pin if @bank == :op
+        set_node "TransferKey", @pin if [:op, :samlink].include?(@bank)
         set_node "HMAC", hmac(@pin, csr_to_binary(@signing_csr)) if @bank == :nordea
         set_node "Content", format_cert_request(@signing_csr)
       end
@@ -131,7 +131,7 @@ module Sepa
       # Sets nodes' contents for renew certificate request
       def set_renew_certificate_nodes
         case @bank
-        when :nordea, :op
+        when :nordea, :op, :samlink
           set_node "Service", "service" if @bank == :nordea
           set_node "Content", format_cert_request(@signing_csr)
         when :danske
@@ -255,16 +255,10 @@ module Sepa
         add_value_to_signature('X509Certificate', format_cert(@own_signing_certificate))
       end
 
-      # Adds target id to the application request after a specific node because the schema defines a
-      # sequence. Target id is only added if {#bank} is `:nordea`
-      #
-      # @param node [String] the name of the node after which the target id node will be added
-      def add_target_id_after(node)
-        return unless @bank == :nordea
-
-        target_id = Nokogiri::XML::Node.new 'TargetId', @application_request
-        target_id.content = @target_id
-        @application_request.at(node).add_next_sibling target_id
+      def add_node_after(node, new_node, content:)
+        new_node = Nokogiri::XML::Node.new(new_node, @application_request)
+        new_node.content = content
+        @application_request.at(node).add_next_sibling(new_node)
       end
 
       def canonicalization_mode

data/lib/sepa/application_response.rb

@@ -1,5 +1,4 @@
 module Sepa
-
   # Contains functionality for the application response embedded in {Response}
   # @todo Use functionality from this class more when validating response
   class ApplicationResponse
@@ -96,6 +95,5 @@ module Sepa
       def response_must_validate_against_schema
         check_validity_against_schema(doc, 'application_response.xsd')
       end
-
   end
 end

data/lib/sepa/attribute_checks.rb

@@ -13,7 +13,7 @@ module Sepa
         [
           STANDARD_COMMANDS,
           :get_certificate,
-          :renew_certificate
+          :renew_certificate,
         ].flatten
       when :danske
         [
@@ -28,6 +28,12 @@ module Sepa
           :get_certificate,
           :get_service_certificates,
         ].flatten
+      when :samlink
+        [
+          STANDARD_COMMANDS - [:get_user_info],
+          :get_certificate,
+          :renew_certificate,
+        ].flatten
       else
         []
       end
@@ -53,11 +59,9 @@ module Sepa
         errors.add(:signing_private_key, "Invalid signing private key")
       end
 
-      begin
-        x509_certificate own_signing_certificate
-      rescue
-        errors.add(:own_signing_certificate, "Invalid signing certificate")
-      end
+      x509_certificate own_signing_certificate
+    rescue
+      errors.add(:own_signing_certificate, "Invalid signing certificate")
     end
 
     # Checks that signing certificate signing request can be initialized properly.
@@ -82,8 +86,7 @@ module Sepa
       if file_type.present?
         valid = file_type.size < 35
       else
-        return if bank == :op && %i(download_file
-                                  download_file_list).include?(command)
+        return if bank == :op && %i(download_file download_file_list).include?(command)
 
         valid = !(%i(
           download_file
@@ -97,17 +100,21 @@ module Sepa
 
     # Checks that {Client#target_id} is valid.
     def check_target_id
-      return if %i(
-          create_certificate
-          get_bank_certificate
-          get_certificate
-          renew_certificate
-          get_user_info
-        ).include?(command) ||
-        %i(
-          danske
-          op
-        ).include?(bank)
+      exclude_commands = [
+        :create_certificate,
+        :get_bank_certificate,
+        :get_certificate,
+        :get_user_info,
+        :renew_certificate,
+      ]
+
+      exclude_banks = [
+        :danske,
+        :op,
+        :samlink,
+      ]
+
+      return if exclude_commands.include?(command) || exclude_banks.include?(bank)
 
       check_presence_and_length(:target_id, 80, TARGET_ID_ERROR_MESSAGE)
     end
@@ -122,7 +129,7 @@ module Sepa
       check &&= send(attribute)
       check &&= send(attribute).respond_to? :size
       check &&= send(attribute).size < length
-      check &&= send(attribute).size > 0
+      check &&= !send(attribute).empty?
 
       errors.add(attribute, error_message) unless check
     end
@@ -135,7 +142,7 @@ module Sepa
       check = true
       check &&= content
       check &&= content.respond_to? :length
-      check &&= content.length > 0
+      check &&= !content.empty?
 
       errors.add(:content, CONTENT_ERROR_MESSAGE) unless check
     end
@@ -151,10 +158,9 @@ module Sepa
     # {Client#command} is `:get_bank_certificate`.
     def check_environment
       return if command == :get_bank_certificate
+      return if Client::ENVIRONMENTS.include?(environment)
 
-      unless Client::ENVIRONMENTS.include? environment
-        errors.add(:environment, ENVIRONMENT_ERROR_MESSAGE)
-      end
+      errors.add(:environment, ENVIRONMENT_ERROR_MESSAGE)
     end
 
     # Checks that {Client#customer_id} is valid
@@ -182,11 +188,11 @@ module Sepa
 
     # Checks that {Client#status} is included in {Client::STATUSES}.
     def check_status
+      return if bank == :samlink && command != :download_file_list
       return unless [:download_file_list, :download_file].include? command
+      return if status && Client::STATUSES.include?(status)
 
-      unless status && Client::STATUSES.include?(status)
-        errors.add :status, STATUS_ERROR_MESSAGE
-      end
+      errors.add :status, STATUS_ERROR_MESSAGE
     end
 
     # Checks presence and length of {Client#file_reference} if {Client#command} is `:download_file`
@@ -208,6 +214,5 @@ module Sepa
     rescue
       errors.add :encryption_private_key, ENCRYPTION_PRIVATE_KEY_ERROR_MESSAGE
     end
-
   end
 end

data/lib/sepa/banks/danske/danske_response.rb

@@ -2,6 +2,8 @@ module Sepa
   # Handles Danske Bank specific {Response} functionality. Mainly decryption and certificate
   # specific stuff.
   class DanskeResponse < Response
+    CERTIFICATE_COMMANDS = [:get_bank_certificate, :create_certificate, :renew_certificate].freeze
+
     validate :valid_get_bank_certificate_response
     validate :can_be_decrypted_with_given_key
 
@@ -84,41 +86,23 @@ module Sepa
     # @return [OpenSSL::X509::Certificate]
     # @raise [OpenSSL::X509::CertificateError] if certificate cannot be processed
     def certificate
-      return super unless [:get_bank_certificate, :create_certificate, :renew_certificate].include? @command
+      return super unless CERTIFICATE_COMMANDS.include? @command
 
       @certificate ||= extract_cert(doc, 'X509Certificate', DSIG)
     end
 
-    # Extract response code from the response. Overrides super method when {#command} is
-    # `:get_bank_certificate`, `:create_certificate` or `:renew_certificate` because response code node is named
-    # differently in those responses.
-    #
-    # @return [String] if response code is found
-    # @return [nil] if response code cannot be found
     # @see Response#response_code
     def response_code
-      return super unless [:get_bank_certificate, :create_certificate, :renew_certificate].include? @command
-
-      node = doc.at('xmlns|ReturnCode', xmlns: DANSKE_PKI)
-      node = doc.at('xmlns|ReturnCode', xmlns: DANSKE_PKIF) unless node
+      return super unless CERTIFICATE_COMMANDS.include? @command
 
-      node.content if node
+      super(namespace: DANSKE_PKI, node_name: 'ReturnCode') || super(namespace: DANSKE_PKIF, node_name: 'ReturnCode')
     end
 
-    # Extract response text from the response. Overrides super method when {#command} is
-    # `:get_bank_certificate`, `:create_certificate` or `:renew_certificate` because response text node is named
-    # differently in those responses.
-    #
-    # @return [String] if response text is found
-    # @return [nil] if response text cannot be found
     # @see Response#response_text
     def response_text
-      return super unless [:get_bank_certificate, :create_certificate, :renew_certificate].include? @command
-
-      node = doc.at('xmlns|ReturnText', xmlns: DANSKE_PKI)
-      node = doc.at('xmlns|ReturnText', xmlns: DANSKE_PKIF) unless node
+      return super unless CERTIFICATE_COMMANDS.include? @command
 
-      node.content if node
+      super(namespace: DANSKE_PKI, node_name: 'ReturnText') || super(namespace: DANSKE_PKIF, node_name: 'ReturnText')
     end
 
     # Checks whether certificate embedded in the response has been signed with the bank's root
@@ -144,7 +128,7 @@ module Sepa
       # @return [Nokogiri::XML::Node] node with signature removed from its document since signature
       #   has to be removed for canonicalization and hash calculation
       def find_node_by_uri(uri)
-        return super unless [:get_bank_certificate, :create_certificate, :renew_certificate].include? @command
+        return super unless CERTIFICATE_COMMANDS.include? @command
 
         doc_without_signature = doc.dup
         doc_without_signature.at('xmlns|Signature', xmlns: DSIG).remove
@@ -203,7 +187,7 @@ module Sepa
       # Validates that the encrypted key in the response can be decrypted with the private key given
       # to the response in the parameters. Response is invalid if this cannot be done.
       def can_be_decrypted_with_given_key
-        return if [:get_bank_certificate, :create_certificate, :renew_certificate].include? @command
+        return if CERTIFICATE_COMMANDS.include? @command
         return unless encrypted_application_response.css('CipherValue', 'xmlns' => XMLENC)[0]
         return if decrypt_embedded_key
 

data/lib/sepa/banks/danske/soap_danske.rb

@@ -65,7 +65,7 @@ module Sepa
         encrypted_data = iv + encrypted_data
         encrypted_data = encode encrypted_data
 
-        return encrypted_data, key
+        [encrypted_data, key]
       end
 
       # Builds the xml structure for the encrypted application request that can be base64 encoded

data/lib/sepa/banks/nordea/nordea_response.rb

@@ -1,5 +1,4 @@
 module Sepa
-
   # Handles Nordea specific response logic. Mainly certificate specific stuff.
   class NordeaResponse < Response
     include Utilities
@@ -20,30 +19,18 @@ module Sepa
       cert.to_s
     end
 
-    # Returns the response code in the response. Overrides {Response#response_code} if {#command} is
-    # `:get_certificate`, because the namespace is different with that command.
-    #
-    # @return [String] response code if it is found
-    # @return [nil] if response code cannot be found
     # @see Response#response_code
     def response_code
       return super unless [:get_certificate, :renew_certificate].include? command
 
-      node = doc.at('xmlns|ResponseCode', xmlns: NORDEA_PKI)
-      node.content if node
+      super(namespace: NORDEA_PKI)
     end
 
-    # Returns the response text in the response. Overrides {Response#response_text} if {#command} is
-    # `:get_certificate`, because the namespace is different with that command.
-    #
-    # @return [String] response text if it is found
-    # @return [nil] if response text cannot be found
     # @see Response#response_text
     def response_text
       return super unless [:get_certificate, :renew_certificate].include? command
 
-      node = doc.at('xmlns|ResponseText', xmlns: NORDEA_PKI)
-      node.content if node
+      super(namespace: NORDEA_PKI)
     end
 
     # Checks whether the certificate embedded in the response soap has been signed with Nordea's
@@ -55,6 +42,5 @@ module Sepa
     def certificate_is_trusted?
       verify_certificate_against_root_certificate(certificate, NORDEA_ROOT_CERTIFICATE)
     end
-
   end
 end

data/lib/sepa/banks/op/op_response.rb

@@ -6,7 +6,7 @@ module Sepa
     BYPASS_COMMANDS = %i(
       get_certificate
       get_service_certificates
-    )
+    ).freeze
 
     # Extracts own signing certificate from the response.
     #
@@ -24,36 +24,18 @@ module Sepa
       cert.to_s
     end
 
-    # Returns the response code in the response. Overrides {Response#response_code} if {#command} is
-    # `:get_certificate`, because the namespace is different with that command.
-    #
-    # @return [String] response code if it is found
-    # @return [nil] if response code cannot be found
     # @see Response#response_code
     def response_code
-      return super unless %i(
-        get_certificate
-        get_service_certificates
-      ).include? command
+      return super unless [:get_certificate, :get_service_certificates].include? command
 
-      node = doc.at('xmlns|ResponseCode', xmlns: OP_PKI)
-      node.content if node
+      super(namespace: OP_PKI)
     end
 
-    # Returns the response text in the response. Overrides {Response#response_text} if {#command} is
-    # `:get_certificate`, because the namespace is different with that command.
-    #
-    # @return [String] response text if it is found
-    # @return [nil] if response text cannot be found
     # @see Response#response_text
     def response_text
-      return super unless %i(
-        get_certificate
-        get_service_certificates
-      ).include? command
+      return super unless [:get_certificate, :get_service_certificates].include? command
 
-      node = doc.at('xmlns|ResponseText', xmlns: OP_PKI)
-      node.content if node
+      super(namespace: OP_PKI)
     end
 
     # Checks whether the certificate embedded in the response soap has been signed with OP's

data/lib/sepa/banks/samlink/samlink_response.rb

@@ -0,0 +1,35 @@
+module Sepa
+  # Handles Samlink specific response logic. Mainly certificate specific stuff.
+  class SamlinkResponse < Response
+    # @see Response#response_code
+    def response_code
+      [:get_certificate, :renew_certificate].include?(command) ? super(namespace: SAMLINK_PKI) : super
+    end
+
+    # @see Response#response_code
+    def response_text
+      [:get_certificate, :renew_certificate].include?(command) ? super(namespace: SAMLINK_PKI) : super
+    end
+
+    def application_response
+      [:get_certificate, :renew_certificate].include?(command) ? super(namespace: SAMLINK_PKI) : super
+    end
+
+    def own_signing_certificate
+      (node = Nokogiri::XML(application_response).at('xmlns|Certificate > xmlns|Certificate', xmlns: OP_XML_DATA)) &&
+        (content = node.content) &&
+        x509_certificate(decode(content)).to_s
+    end
+
+    def certificate_is_trusted?
+      case environment
+      when :production
+        # Samlink doesn't provide a CA certificate for production environment and that's why we check that the
+        #   certificate provided is equal to the known trusted certificate.
+        certificate.to_s == SAMLINK_CERTIFICATE.to_s
+      when :test
+        verify_certificate_against_root_certificate(certificate, SAMLINK_ROOT_CERTIFICATE)
+      end
+    end
+  end
+end

data/lib/sepa/banks/samlink/soap_samlink.rb

@@ -0,0 +1,14 @@
+module Sepa
+  # Contains Samlink specific soap building functionality
+  module SamlinkSoapRequest
+    private
+
+      def set_receiver_id
+        set_node @template, 'bxd|ReceiverId', @target_id
+      end
+
+      def cert_ns
+        SAMLINK_PKI
+      end
+  end
+end

data/lib/sepa/certificates/samlink_certificate.pem

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE6TCCAtGgAwIBAgIQA3WFy1naV3PkFL0hKYOZ3TANBgkqhkiG9w0BAQsFADA9
+MQswCQYDVQQGEwJGSTEQMA4GA1UECgwHU2FtbGluazEcMBoGA1UEAwwTU2FtbGlu
+ayBDdXN0b21lciBDQTAeFw0xNDA5MjQwODI0MjJaFw0xNzA5MjMwODI0MjJaMFYx
+CzAJBgNVBAYTAkZJMSEwHwYDVQQKDBhBaW5laXN0b3BhbHZlbHV0LVNhbWxpbmsx
+ETAPBgNVBAMMCFNFUEFXRUJTMREwDwYDVQQEDAgwMDAwMDAwMTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANpDNrC4C+2vUuDvDYpvRn14AWW48JlOC8M/
+w5k5/fu8B+sV70qt/no3JKBKNvNpqDr34hILBtCc3TppGDz+Uv/W347Q/N42B1Z9
+8cAKMEkoKvLcQVotlLSzxXeG5nhsZKw79uiyNx8VePHnnPVjjH1+daOG0xEPZqcL
+XqtJh2dI9OjHs+HWkgy8Eudv0GrO0g5ArrEN1sfNfp9WdhZ7nzHtYcIYVApZB9oV
+MpBkWXBAV3XZNbu+3gHbAs7JNi+c90MOmuhlzUIF6DNUU0ahrTQR55LynkGVuY/v
+jlQvIdzD71bC3MoNZ1yJgoWDi1DjakkdSijiH2lLJtYlKQ/VTVcCAwEAAaOByzCB
+yDAfBgNVHSMEGDAWgBTKgDgzk4pjBJGNBWlWaEI15cf/vDB2BgNVHR8EbzBtMGug
+aaBnhmVsZGFwOi8vMTk0LjI1Mi4xMjQuMjQxOjM4OS9jbj1TYW1saW5rJTIwQ3Vz
+dG9tZXIlMjBDQSxvPVNhbWxpbmssYz1maT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25s
+aXN0O2JpbmFyeTAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0OBBYEFEAoDpdUQbW9K35l
+2K3ywgNemLeWMA0GCSqGSIb3DQEBCwUAA4ICAQBr0+3BfuQacQ9esTZpny08lagu
+FMttI47i8AUwkJkKnvhROysBke77UoO6jyHDxskFOHd9yZdnPfzpJ6AVXzqwUxdL
+Uakk38Wk8ODAyF6leRuy+I/biO+jRa52C0Ai4+XF5VNa1UUrsvjYJl6BqKJmI8aO
+34ArzOcFocUF9UBQNC/eqL/AIx8mp5HC6fWA58kvWwiwdC5CQILbMMADpDjmEpkg
+2ueBsLudrxXw1uNktY2wUv95KcfmlqdeAPkb0ra5x7p5SM1bJYFh8MMpm9BwnJ3a
+q/l1+qFMmL0GCcevNQP5Dp3Vkrsf601aQcYyaptHMfiv6ryLfVq3487gUPNPUwWn
+x24K1A5j1aQBmF8TLZl8MRkDeeEIwbXJxgoZZXAJSO2Yf/JO/vPCalBJflosiNgg
+o9oxE8LCjqbJ26HeiNoeNUC1cnv15yhb6O+eSgZbkAYfuKgLWeOele3oC2QWqqT7
+TSHaEipRz3TifdzpzKuXRvQaPv6lra28nbyc+OeJlnr/A7ZH3VF6OkasAoIC5wmU
+tJgcQW5eD5jmaQZYktZljNWKXEm6tXmXOnDoRib0yzqUA9s6ReD7sBHBUaTDZFfy
+/qrAHfYk4Pe/9seeBmbTnkdi5VnoNQT70boqaVsa/OK8eE2EWjTYs++ocfWaGSpN
+pUI4al2qFueN8ji+nw==
+-----END CERTIFICATE-----

data/lib/sepa/certificates/samlink_root_certificate.pem

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFgjCCA2qgAwIBAgIQMEFUVTYB8PwGq4Ak5dfC5TANBgkqhkiG9w0BAQsFADBJ
+MQswCQYDVQQGEwJGSTEQMA4GA1UECgwHU2FtbGluazEoMCYGA1UEAwwfU2FtbGlu
+ayBTeXN0ZW0gVGVzdCBDdXN0b21lciBDQTAeFw0wOTA2MDQxMjU3MTNaFw0zNDA2
+MDQxMjU3MTNaMEkxCzAJBgNVBAYTAkZJMRAwDgYDVQQKDAdTYW1saW5rMSgwJgYD
+VQQDDB9TYW1saW5rIFN5c3RlbSBUZXN0IEN1c3RvbWVyIENBMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAxNegF+36GmNnZJGvGZaZNvMufcpnpSMXtsFC
+6epS+nG9M+KtdcUXGy2W58n0skLmF/lg+IiiK6OyLl621KfpUu2rKQ5TKuTazhW7
+JX3Ha/4Dwa1OJtnfUlWiE94SEJwLspcOI3svSuv7IwEs3brnoNji0+V1qbr3/C2s
+y4x/NQcColsvwMwMUNTuUGxk/I3s/yobUrBTDX3dw2ENhVvTQjnnnhUEsr8f4Hvg
+ouVQTkutLDlB4e/ugYe3cFPDomy5gg8JgDqE+EvrNFRxD7v5Gnwau4jVH2hkB/wC
+2/QAvV8bpBhKOSVUZN7mPIIg6HiCqJd/R6Qd+Hyh9DaTxXUFLPIQs1M352sZRYMJ
+lnwYQCnH/krA7K0rlEjOiiAtlZPeayxatctRFVQyMfzaTzKL7+1jVEcexVDM8aIv
+76Br4cPF2ymF9QGSp9noRozX44yVjNSXqHysjIpUrRG9sQcyraP7+FGfKx3PkihB
+nO9aHplcUIXNldbXu+vobayBHRi5VimV21u7R1DCxbZhfeyxHdlN4/G0Qo4aOLNw
+5Z7ncWwVbTxN14/xHAP14VK4toytsqJ2EhtxVXNEBXgJT2NOimPMbtouRjbgnrmp
+Rb85x9YnCSQhs/Kkh7R5ay7lMa0yS6WeP1G6xXfQ8WOkUkYb+npH5NCtFb47xlgy
+pY1/RxcCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwHQYDVR0OBBYEFAKqDJ696UiBJwgo5ujeFPcVjLm2MB8GA1UdIwQYMBaAFAKq
+DJ696UiBJwgo5ujeFPcVjLm2MA0GCSqGSIb3DQEBCwUAA4ICAQCZ8hOaNfX7LjCO
+R2uPJ89z28tLq4rEX7s+ntTVAtjx78q3x8Pk+DWopucjtqpBBgjSxI6Y3ZDyW4SS
+BWLs9tz+CKbPUkFKOE0/vPbdsFBA1miJrwt8VgzndGb9T+GLAM91d+wXJqccTlmH
+2ERx8lAJSFThO0Dr+WK+N9UFfEviovlnq6ZRGd4X2mk3l/yQ9VDuDNGhb2vH8/Z8
+89deMvP3v9DNm4WiHvKtJ7cdEhiH90SUICKnRRGwu3353QcnGMUfNhqQCnSVGjhN
+EiWukxNF2t5DhDw066wjjxFD5WBG7na5AEzJzW9yn3N4FPNENgege2p7wkyJ4W2/
+qDymuRB26LpfRbzAJ7TdzZM7EeBI2DkXT2mR4/5NQ/TAcPqG2GIDuMuOAvsD7piX
+4tWZDT0phBwQy/EXmCBRwta2w/AcQsrZqUkTD0jJSAJ/rpyatYQz/3y8lLcEz5Do
+ZMFk1a4nYGoyP9O5c04amfdSvhyrjzB0XETnoaQoJPxmpDSmNWmOA6sFL9tMF2ec
+B1Z2ad8VaUJ8Ssyz0uKRZPhbjj7t/nYvR6sz+lIQkISWkdjKUINWaA0Y/qt+rAQr
+c9WTZ8meh1VD8bXn4RRR3KxoFgBqSfz3b4U6gt2M0E/1r8moQXzc7MDeFD3AQVvm
+yMgRk0vap01P6bNkJgj/PrkOw/ECDQ==
+-----END CERTIFICATE-----

data/lib/sepa/client.rb

@@ -162,11 +162,27 @@ module Sepa
     # @see #signing_csr The format is the same as in signing csr
     attr_accessor :encryption_csr
 
+    # Options to be passed directly to the underlying savon client. Format is as follows:
+    # {
+    #    globals: {
+    #      ssl_verify_mode: :none,
+    #      ...,
+    #    },
+    #    locals: {
+    #      xml: "<envelope></envelope>",
+    #      ...,
+    #    },
+    # }
+    #
+    # @return [Hash]
+    attr_accessor :savon_options
+
     # The list of banks that are currently supported by this gem
     BANKS = %i(
       danske
       nordea
       op
+      samlink
     ).freeze
 
     # Languages that are currently supported by the gem
@@ -204,9 +220,13 @@ module Sepa
     # @param hash [Hash] All the attributes of the client can be given to the construcor in a hash
     def initialize(hash = {})
       attributes(hash)
-      self.environment ||= :production
-      self.language    ||= 'EN'
-      self.status      ||= 'NEW'
+      self.environment   ||= :production
+      self.language      ||= 'EN'
+      self.status        ||= 'NEW'
+      self.savon_options ||= {
+        globals: {},
+        locals: {},
+      }
     end
 
     def bank=(value)
@@ -249,12 +269,11 @@ module Sepa
     def send_request
       raise ArgumentError, errors.messages unless valid?
 
-      soap = SoapBuilder.new(create_hash).to_xml
-      client = Savon.client(wsdl: wsdl)
+      client = Savon.client(savon_globals)
 
       begin
         error = nil
-        response = client.call(soap_command, xml: soap)
+        response = client.call(soap_command, savon_locals)
         response &&= response.to_xml
       rescue Savon::Error => e
         response = nil
@@ -318,7 +337,7 @@ module Sepa
           command:     command,
           environment: environment,
           error:       error,
-          response:    response
+          response:    response,
         }
         if encryption_private_key && !encryption_private_key.empty?
           options[:encryption_private_key] = rsa_key(encryption_private_key)
@@ -328,11 +347,19 @@ module Sepa
       end
 
       def soap_command
-        if @command == :renew_certificate && [:nordea, :op].include?(@bank)
+        if @command == :renew_certificate && [:nordea, :op, :samlink].include?(@bank)
           :get_certificate
         else
           @command
         end
       end
+
+      def savon_globals
+        { wsdl: wsdl }.merge(savon_options[:globals] || {})
+      end
+
+      def savon_locals
+        { xml: SoapBuilder.new(create_hash).to_xml }.merge(savon_options[:locals] || {})
+      end
   end
 end