tyler_efm_client 1.0.0.pre.alpha.1

data/lib/tyler_efm_client/client.rb

@@ -0,0 +1,627 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'uri'
+require 'openssl'
+require 'base64'
+require 'securerandom'
+require 'time'
+require 'digest'
+require 'nokogiri'
+require 'json'
+
+module TylerEfmClient
+  ##
+  # Tyler EFM Client for Electronic Court Filing (ECF) services.
+  #
+  # This client provides a simple interface for:
+  # 1. Authentication with Tyler EFM services
+  # 2. Making SOAP calls to any Tyler EFM service operation
+  #
+  # Key features:
+  # - Automatic certificate handling (PFX files)
+  # - WS-Security digital signatures (RSA-SHA1/SHA1 for Tyler compatibility)
+  # - Support for both User Service and Court Record Service operations
+  # - Flexible response formats (XML or JSON)
+  #
+  # @example Basic usage
+  #   client = TylerEfmClient::Client.new
+  #   
+  #   # Authenticate
+  #   auth_result = client.authenticate(
+  #     base_url: "https://server.com/EFM/EFMUserService.svc",
+  #     pfx_file: "certificate.pfx",
+  #     pfx_password: "password",
+  #     user_email: "user@example.com",
+  #     user_password: "userpass"
+  #   )
+  #   
+  #   if auth_result.success?
+  #     # Call a service
+  #     response = client.call_service(
+  #       base_url: "https://server.com/efm/v5/CourtRecordService.svc",
+  #       password_hash: auth_result.password_hash,
+  #       operation: "GetCaseList",
+  #       soap_body: "<GetCaseListRequest>...</GetCaseListRequest>",
+  #       user_email: "user@example.com"
+  #     )
+  #   end
+  class Client
+    def initialize
+      @pkcs12_data = nil
+      @certificate = nil
+      @private_key = nil
+    end
+
+    ##
+    # Authenticate with Tyler EFM User Service.
+    #
+    # @param base_url [String] Base URL for the EFM User Service (e.g., "https://server/EFM/EFMUserService.svc")
+    # @param pfx_file [String] Path to the PFX certificate file
+    # @param pfx_password [String] Password for the PFX certificate
+    # @param user_email [String] User's email address
+    # @param user_password [String] User's password
+    #
+    # @return [AuthenticationResult] Result with success status and authentication details
+    #
+    # @raise [TylerEfmClient::AuthenticationError] If authentication fails
+    # @raise [TylerEfmClient::CertificateError] If certificate loading fails
+    # @raise [TylerEfmClient::Error] If there are other errors (network, etc.)
+    def authenticate(base_url:, pfx_file:, pfx_password:, user_email:, user_password:)
+      begin
+        # Step 1: Load certificate
+        unless load_certificate(pfx_file, pfx_password)
+          return AuthenticationResult.new(
+            success: false,
+            error_code: 'CERT_LOAD_ERROR',
+            error_message: 'Failed to load certificate from PFX file'
+          )
+        end
+
+        # Step 2: Create authentication SOAP envelope
+        soap_envelope = create_auth_soap_envelope(user_email, user_password)
+
+        # Step 3: Make HTTP request
+        headers = {
+          'Content-Type' => 'text/xml; charset=utf-8',
+          'SOAPAction' => 'urn:tyler:efm:services/IEfmUserService/AuthenticateUser',
+          'User-Agent' => 'Tyler-EFM-Client-Ruby/1.0',
+          'Accept' => 'text/xml, application/soap+xml, */*'
+        }
+
+        response = make_http_request(base_url, soap_envelope, headers)
+
+        if response.code.to_i == 200
+          parse_auth_response(response.body)
+        else
+          AuthenticationResult.new(
+            success: false,
+            error_code: "HTTP_#{response.code}",
+            error_message: "Authentication request failed: HTTP #{response.code}"
+          )
+        end
+
+      rescue => e
+        raise Error, "Authentication error: #{e.message}"
+      end
+    end
+
+    ##
+    # Call any Tyler EFM SOAP service operation.
+    #
+    # @param base_url [String] Base URL for the EFM service (User Service or Court Record Service)
+    # @param password_hash [String] Password hash from successful authentication
+    # @param operation [String] Name of the SOAP operation (e.g., "GetCaseList", "GetCase")
+    # @param soap_body [String] SOAP body content as XML string
+    # @param user_email [String, nil] User's email (required for Court Record Service operations)
+    # @param pfx_file [String, nil] Path to PFX certificate (if not already loaded from authentication)
+    # @param pfx_password [String, nil] PFX password (if not already loaded from authentication)
+    # @param return_json [Boolean] If true, attempt to convert XML response to JSON (default: false)
+    # @param soap_action [String, nil] Custom SOAP action header (auto-generated if not provided)
+    #
+    # @return [ServiceResponse] Response with call results
+    #
+    # @raise [TylerEfmClient::ServiceError] If the service call fails
+    # @raise [TylerEfmClient::Error] If there are other errors
+    def call_service(base_url:, password_hash:, operation:, soap_body:, user_email: nil,
+                     pfx_file: nil, pfx_password: nil, return_json: false, soap_action: nil)
+      begin
+        # Load certificate if not already loaded
+        if @certificate.nil? && pfx_file
+          unless load_certificate(pfx_file, pfx_password)
+            return ServiceResponse.new(
+              success: false,
+              status_code: 0,
+              raw_xml: '',
+              error_message: 'Failed to load certificate'
+            )
+          end
+        end
+
+        if @certificate.nil?
+          return ServiceResponse.new(
+            success: false,
+            status_code: 0,
+            raw_xml: '',
+            error_message: 'No certificate loaded. Provide pfx_file or call authenticate() first.'
+          )
+        end
+
+        # Determine service type and create appropriate SOAP envelope
+        if base_url.include?('CourtRecord') || base_url.downcase.include?('courtrecord')
+          # Court Record Service - requires UserNameHeader
+          if user_email.nil?
+            return ServiceResponse.new(
+              success: false,
+              status_code: 0,
+              raw_xml: '',
+              error_message: 'user_email is required for Court Record Service operations'
+            )
+          end
+          soap_envelope = create_court_record_soap_envelope(user_email, password_hash, operation, soap_body)
+        else
+          # User Service - standard WS-Security only
+          soap_envelope = create_user_service_soap_envelope(operation, soap_body)
+        end
+
+        # Auto-generate SOAP action if not provided
+        if soap_action.nil?
+          if base_url.include?('CourtRecord')
+            soap_action = "https://docs.oasis-open.org/legalxml-courtfiling/ns/v5.0WSDL/CourtRecordMDE/#{operation}"
+          else
+            soap_action = "urn:tyler:efm:services/IEfmUserService/#{operation}"
+          end
+        end
+
+        headers = {
+          'Content-Type' => 'text/xml; charset=utf-8',
+          'SOAPAction' => soap_action,
+          'User-Agent' => 'Tyler-EFM-Client-Ruby/1.0',
+          'Accept' => 'text/xml, application/soap+xml, */*'
+        }
+
+        response = make_http_request(base_url, soap_envelope, headers)
+
+        # Parse response
+        json_data = nil
+        if return_json && response.code.to_i == 200
+          json_data = xml_to_json(response.body)
+        end
+
+        ServiceResponse.new(
+          success: (response.code.to_i == 200),
+          status_code: response.code.to_i,
+          raw_xml: response.body,
+          json_data: json_data,
+          error_message: response.code.to_i == 200 ? nil : "HTTP #{response.code}"
+        )
+
+      rescue => e
+        raise ServiceError, "Service call error: #{e.message}"
+      end
+    end
+
+    private
+
+    def load_certificate(pfx_file, pfx_password)
+      begin
+        pfx_data = File.binread(pfx_file)
+        @pkcs12_data = OpenSSL::PKCS12.new(pfx_data, pfx_password)
+        @certificate = @pkcs12_data.certificate
+        @private_key = @pkcs12_data.key
+        true
+      rescue => e
+        false
+      end
+    end
+
+    def get_certificate_base64
+      cert_der = @certificate.to_der
+      Base64.strict_encode64(cert_der)
+    end
+
+    def canonicalize_xml(xml_element)
+      begin
+        # Use Nokogiri's canonicalize with exclusive C14N
+        xml_element.canonicalize(Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0)
+      rescue => e
+        xml_element.to_s
+      end
+    end
+
+    def compute_sha1_digest(data)
+      Digest::SHA1.digest(data)
+    end
+
+    def sign_data_rsa_sha1(data)
+      @private_key.sign(OpenSSL::Digest::SHA1.new, data)
+    end
+
+    def create_auth_soap_envelope(email, password)
+      timestamp_id = '_0'
+      token_id = "X509-#{SecureRandom.uuid}"
+
+      # Create timestamp
+      now = Time.now.utc
+      created = now.strftime('%Y-%m-%dT%H:%M:%S.%3NZ')
+      expires = (now + 300).strftime('%Y-%m-%dT%H:%M:%S.%3NZ')  # 5 minutes
+
+      cert_base64 = get_certificate_base64
+
+      # Build SOAP envelope XML using Nokogiri
+      builder = Nokogiri::XML::Builder.new(encoding: 'UTF-8') do |xml|
+        xml['soap'].Envelope(
+          'xmlns:soap' => 'http://schemas.xmlsoap.org/soap/envelope/',
+          'xmlns:tns' => 'urn:tyler:efm:services'
+        ) do
+          xml['soap'].Header do
+            xml['wsse'].Security(
+              'xmlns:wsse' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd',
+              'xmlns:wsu' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd',
+              'soap:mustUnderstand' => '1'
+            ) do
+              xml['wsu'].Timestamp('wsu:Id' => timestamp_id) do
+                xml['wsu'].Created created
+                xml['wsu'].Expires expires
+              end
+
+              xml['wsse'].BinarySecurityToken(
+                cert_base64,
+                'ValueType' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3',
+                'EncodingType' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary',
+                'wsu:Id' => token_id
+              )
+            end
+          end
+
+          xml['soap'].Body do
+            xml['tns'].AuthenticateUser do
+              xml['tns'].AuthenticateRequest do
+                xml.Email(email, 'xmlns' => 'urn:tyler:efm:services:schema:AuthenticateRequest')
+                xml.Password(password, 'xmlns' => 'urn:tyler:efm:services:schema:AuthenticateRequest')
+              end
+            end
+          end
+        end
+      end
+
+      # Parse the built XML to add digital signature
+      doc = Nokogiri::XML(builder.to_xml)
+
+      # Find the timestamp element for signing
+      timestamp_elem = doc.xpath('//wsu:Timestamp', 'wsu' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd').first
+
+      if timestamp_elem
+        add_digital_signature(doc, timestamp_elem, timestamp_id, token_id)
+      end
+
+      # Return compact XML (no pretty printing)
+      doc.to_xml(save_with: Nokogiri::XML::Node::SaveOptions::AS_XML)
+    end
+
+    def create_court_record_soap_envelope(email, password_hash, operation, soap_body)
+      timestamp_id = '_0'
+      token_id = "X509-#{SecureRandom.uuid}"
+
+      # Create timestamp
+      now = Time.now.utc
+      created = now.strftime('%Y-%m-%dT%H:%M:%S.%3NZ')
+      expires = (now + 300).strftime('%Y-%m-%dT%H:%M:%S.%3NZ')
+
+      cert_base64 = get_certificate_base64
+
+      # Build SOAP envelope XML using Nokogiri
+      builder = Nokogiri::XML::Builder.new(encoding: 'UTF-8') do |xml|
+        xml['soap'].Envelope(
+          'xmlns:soap' => 'http://schemas.xmlsoap.org/soap/envelope/',
+          'xmlns:tns' => 'https://docs.oasis-open.org/legalxml-courtfiling/ns/v5.0WSDL/CourtRecordMDE',
+          'xmlns:wrappers' => 'https://docs.oasis-open.org/legalxml-courtfiling/ns/v5.0/wrappers',
+          'xmlns' => 'urn:tyler:efm:services'  # Default namespace for Tyler services
+        ) do
+          xml['soap'].Header do
+            # CRITICAL: UserNameHeader MUST be first and WITHOUT namespace prefix
+            xml.UserNameHeader do
+              xml.UserName email
+              xml.Password password_hash  # Use hashed password from authentication
+            end
+
+            # WS-Security as second header element
+            xml['wsse'].Security(
+              'xmlns:wsse' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd',
+              'xmlns:wsu' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd',
+              'soap:mustUnderstand' => '1'
+            ) do
+              xml['wsu'].Timestamp('wsu:Id' => timestamp_id) do
+                xml['wsu'].Created created
+                xml['wsu'].Expires expires
+              end
+
+              xml['wsse'].BinarySecurityToken(
+                cert_base64,
+                'ValueType' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3',
+                'EncodingType' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary',
+                'wsu:Id' => token_id
+              )
+            end
+          end
+
+          xml['soap'].Body('xmlns:xsi' => 'http://www.w3.org/2001/XMLSchema-instance',
+                           'xmlns:xsd' => 'http://www.w3.org/2001/XMLSchema') do
+            # Parse and insert the provided SOAP body
+            begin
+              body_doc = Nokogiri::XML(soap_body)
+              xml << body_doc.root.to_xml
+            rescue
+              # If parsing fails, add as text (fallback)
+              xml << soap_body
+            end
+          end
+        end
+      end
+
+      # Parse the built XML to add digital signature
+      doc = Nokogiri::XML(builder.to_xml)
+
+      # Find the timestamp element for signing
+      timestamp_elem = doc.xpath('//wsu:Timestamp', 'wsu' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd').first
+
+      if timestamp_elem
+        add_digital_signature(doc, timestamp_elem, timestamp_id, token_id)
+      end
+
+      # Return compact XML (no pretty printing)
+      doc.to_xml(save_with: Nokogiri::XML::Node::SaveOptions::AS_XML)
+    end
+
+    def create_user_service_soap_envelope(operation, soap_body)
+      timestamp_id = '_0'
+      token_id = "X509-#{SecureRandom.uuid}"
+
+      # Create timestamp
+      now = Time.now.utc
+      created = now.strftime('%Y-%m-%dT%H:%M:%S.%3NZ')
+      expires = (now + 300).strftime('%Y-%m-%dT%H:%M:%S.%3NZ')
+
+      cert_base64 = get_certificate_base64
+
+      # Build SOAP envelope XML using Nokogiri
+      builder = Nokogiri::XML::Builder.new(encoding: 'UTF-8') do |xml|
+        xml['soap'].Envelope(
+          'xmlns:soap' => 'http://schemas.xmlsoap.org/soap/envelope/',
+          'xmlns:tns' => 'urn:tyler:efm:services'
+        ) do
+          xml['soap'].Header do
+            xml['wsse'].Security(
+              'xmlns:wsse' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd',
+              'xmlns:wsu' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd',
+              'soap:mustUnderstand' => '1'
+            ) do
+              xml['wsu'].Timestamp('wsu:Id' => timestamp_id) do
+                xml['wsu'].Created created
+                xml['wsu'].Expires expires
+              end
+
+              xml['wsse'].BinarySecurityToken(
+                cert_base64,
+                'ValueType' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3',
+                'EncodingType' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary',
+                'wsu:Id' => token_id
+              )
+            end
+          end
+
+          xml['soap'].Body do
+            # Parse and insert the provided SOAP body
+            begin
+              body_doc = Nokogiri::XML(soap_body)
+              xml << body_doc.root.to_xml
+            rescue
+              # If parsing fails, add as text (fallback)
+              xml << soap_body
+            end
+          end
+        end
+      end
+
+      # Parse the built XML to add digital signature
+      doc = Nokogiri::XML(builder.to_xml)
+
+      # Find the timestamp element for signing
+      timestamp_elem = doc.xpath('//wsu:Timestamp', 'wsu' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd').first
+
+      if timestamp_elem
+        add_digital_signature(doc, timestamp_elem, timestamp_id, token_id)
+      end
+
+      # Return compact XML (no pretty printing)
+      doc.to_xml(save_with: Nokogiri::XML::Node::SaveOptions::AS_XML)
+    end
+
+    def add_digital_signature(doc, timestamp_element, timestamp_id, token_id)
+      begin
+        # Canonicalize timestamp and compute digest
+        timestamp_canonical = canonicalize_xml(timestamp_element)
+        timestamp_digest = compute_sha1_digest(timestamp_canonical)
+        timestamp_digest_b64 = Base64.strict_encode64(timestamp_digest)
+
+        # Create SignedInfo XML
+        signed_info_xml = %Q{<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="##{timestamp_id}">
+    <ds:Transforms>
+      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    </ds:Transforms>
+    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+    <ds:DigestValue>#{timestamp_digest_b64}</ds:DigestValue>
+  </ds:Reference>
+</ds:SignedInfo>}
+
+        # Parse SignedInfo for canonicalization
+        signed_info_doc = Nokogiri::XML(signed_info_xml)
+        signed_info_elem = signed_info_doc.root
+
+        # Canonicalize SignedInfo and sign
+        signed_info_canonical = canonicalize_xml(signed_info_elem)
+        signature_bytes = sign_data_rsa_sha1(signed_info_canonical)
+        signature_b64 = Base64.strict_encode64(signature_bytes)
+
+        # Create complete signature XML
+        signature_xml = %Q{<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+  #{signed_info_xml.gsub('<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">', '<ds:SignedInfo>').gsub('</ds:SignedInfo>', '</ds:SignedInfo>')}
+  <ds:SignatureValue>#{signature_b64}</ds:SignatureValue>
+  <ds:KeyInfo>
+    <wsse:SecurityTokenReference>
+      <wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="##{token_id}"/>
+    </wsse:SecurityTokenReference>
+  </ds:KeyInfo>
+</ds:Signature>}
+
+        # Add signature to Security element
+        security_elem = doc.xpath('//wsse:Security', 'wsse' => 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd').first
+        signature_doc = Nokogiri::XML(signature_xml)
+        security_elem.add_child(signature_doc.root)
+
+      rescue => e
+        # Signature creation failed, but continue without signature
+      end
+    end
+
+    def make_http_request(base_url, soap_envelope, headers)
+      uri = URI(base_url)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+
+      # Set client certificate for mutual TLS
+      http.cert = @certificate
+      http.key = @private_key
+
+      # Create POST request
+      request = Net::HTTP::Post.new(uri.path)
+      headers.each { |key, value| request[key] = value }
+      request.body = soap_envelope
+
+      # Make the request
+      http.request(request)
+    end
+
+    def parse_auth_response(response_text)
+      begin
+        # Handle multipart MIME response
+        xml_content = response_text
+        if response_text.include?('--uuid:')
+          xml_start = response_text.index('<s:Envelope') || response_text.index('<')
+          if xml_start
+            xml_end = response_text.rindex('</s:Envelope>')
+            if xml_end
+              xml_end += '</s:Envelope>'.length
+              xml_content = response_text[xml_start...xml_end]
+            end
+          end
+        end
+
+        doc = Nokogiri::XML(xml_content)
+
+        # Extract authentication response data
+        password_hash = extract_element_text(doc, 'PasswordHash')
+        user_id = extract_element_text(doc, 'UserID')
+        first_name = extract_element_text(doc, 'FirstName')
+        last_name = extract_element_text(doc, 'LastName')
+        email = extract_element_text(doc, 'Email')
+        expiration_date = extract_element_text(doc, 'ExpirationDateTime')
+        error_code = extract_element_text(doc, 'ErrorCode')
+        error_message = extract_element_text(doc, 'ErrorText')
+
+        # Determine success
+        success = !password_hash.nil? && (error_code.nil? || error_code == '0')
+
+        AuthenticationResult.new(
+          success: success,
+          password_hash: password_hash,
+          user_id: user_id,
+          first_name: first_name,
+          last_name: last_name,
+          email: email,
+          expiration_date: expiration_date,
+          error_code: error_code,
+          error_message: error_message
+        )
+
+      rescue => e
+        AuthenticationResult.new(
+          success: false,
+          error_code: 'PARSE_ERROR',
+          error_message: "Failed to parse authentication response: #{e.message}"
+        )
+      end
+    end
+
+    def extract_element_text(doc, element_name)
+      elements = doc.xpath("//*[local-name()='#{element_name}']")
+      elements.first&.text&.strip
+    end
+
+    def xml_to_json(xml_text)
+      begin
+        # Handle multipart MIME response
+        xml_content = xml_text
+        if xml_text.include?('--uuid:')
+          xml_start = xml_text.index('<s:Envelope') || xml_text.index('<')
+          if xml_start
+            xml_end = xml_text.rindex('</s:Envelope>')
+            if xml_end
+              xml_end += '</s:Envelope>'.length
+              xml_content = xml_text[xml_start...xml_end]
+            end
+          end
+        end
+
+        doc = Nokogiri::XML(xml_content)
+        element_to_hash(doc.root)
+
+      rescue => e
+        nil
+      end
+    end
+
+    def element_to_hash(element)
+      result = {}
+
+      # Add attributes
+      element.attributes.each do |key, attr|
+        result["@#{key}"] = attr.value
+      end
+
+      # Add text content
+      if element.text && !element.text.strip.empty?
+        if element.children.length == 1 && element.children.first.text?
+          return element.text.strip
+        else
+          result['#text'] = element.text.strip
+        end
+      end
+
+      # Add child elements
+      element.children.each do |child|
+        next if child.text?
+
+        child_name = child.name
+        child_value = element_to_hash(child)
+
+        if result[child_name]
+          # Convert to array if multiple elements with same name
+          if result[child_name].is_a?(Array)
+            result[child_name] << child_value
+          else
+            result[child_name] = [result[child_name], child_value]
+          end
+        else
+          result[child_name] = child_value
+        end
+      end
+
+      result
+    end
+  end
+end

data/lib/tyler_efm_client/errors.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module TylerEfmClient
+  ##
+  # Base exception for Tyler EFM Client errors
+  class Error < StandardError; end
+
+  ##
+  # Exception raised for authentication failures
+  class AuthenticationError < Error; end
+
+  ##
+  # Exception raised for certificate handling errors
+  class CertificateError < Error; end
+
+  ##
+  # Exception raised for SOAP service call errors  
+  class ServiceError < Error; end
+end