Conversation
|
Hi @tobischo, |
|
I am really excited to see that you also added EBICS 3 🤩 I had that on my list as a potential followup after your changes. |
tobischo
left a comment
tobischo
left a comment
There was a problem hiding this comment.
Overall this looks great.
I haven't tested it yet against an EBICS API, so I cannot speak to whether it is still working (yet).
I think it is missing some test cases, e.g. around the signature algorithm handling and using a different EBICS version
| Communication Standard). | ||
|
|
||
| It supports EBICS 2.5. | ||
| It supports EBICS 2.4, 2.5 and 3.0. |
There was a problem hiding this comment.
I think the readme could reflect which one is the default when initializing a new or existing client and how to work with another version
|
@jplot do you need help finalizing this ? |
I don't have a sandbox environment to test end-to-end operation. |
|
I haven't checked if it supports EBICS 2.4, but https://iso20022test.credit-suisse.com/login provides a testing environment for communication through EBICS |
|
Sadly the credit-suisse test ox does not work for ebics 3.0
|
jplot
force-pushed
the
h003-a005
branch
2 times, most recently
from
f688bfb to
db2cd7d
Compare
|
@tobischo I have reallocated my work time to this project full-time, with the aim of integrating the features related to versions 'H003' and 'H005'. |
|
Amazing 😃 |
|
@jplot We have some mandates with H003 servers so we can also do the testing part for you 😉 |
|
@frantisekrokusek If you have the possibility of writing more complete tests on the main branch, this would allow me to guarantee the integrity of the new system. |
|
For version H003, I can only confirm that FDL, HAA, HAC, HEV, HIA, HKD, HPB, HPD, HTD, INI, PTK are supported. |
|
@jplot we just finished our testing phase on our fork We have successfully initialized those French banks but only tested INI/HIA/HPB/FDL commands because our mandates do not have access to other commands. |
|
|
|
Key Technical Points for H003 and H005 Versions
|
|
I'll take some time this week to update the branch, look into leveraging the X509 Certificate support, and wrap up the remaining items. |
Replaces the legacy header_request.build approach with the versioned factory pattern (V25: build_download_request, V3: BTD with PSR/pain.002). Adds z01 to ORDER_TYPES registry and updates spec with shared examples.
Replaces the legacy header_request.build approach with the versioned factory pattern. Adds add_ful_order_params to OrderDetailsBuilder for FileFormat support, and makes build_upload_request accept a block for custom order params. Updates spec with shared examples.
- Fix V2 factory: %w[btd btu] instead of ['btd btu'] so create_btd and create_btu properly raise VersionSupportError - V3 Z01: add service_option CH003GEN per SIX Group spec - V3 FUL: raise VersionSupportError since FUL doesn't exist in H005
Add shared examples for receipt, transfer, FDLOrderParams, and FULOrderParams phases. Apply H004 structural validation to all 30 order types covering init, transfer, and receipt phases as applicable.
Rename 'a valid H004 ...' shared examples to 'a valid ebicsRequest ...' with an ebics_version parameter (default 'H004') to support both H003 and H004 structural validation from the same test definitions. Add H003 structural tests for the 8 order types that already support it: HKD, HPD, HTD, PTK (init), HAA, HAC (init + receipt), STA, FDL (receipt).
Add pending H003 init blocks for downloads (BKA, C52-C54, C5N, VMK, WSS, Z01, Z52-Z54, CDZ, CRZ, STA) and uploads (CCT, B2B, CD1, CDB, CDD, CIP, XE2, XE3, AZV, C2S, CCS, FUL). Add active H003 transfer blocks for all uploads since transfer XML is version-agnostic. Fix FDL: remove incorrect H003 pending markers since FDL already supports H003 through the factories/builders architecture.
Move build_download_request, build_upload_request, and all 27 create_xxx methods from V25 up to V2, making them available to both V24 (H003) and V25 (H004). Fix V24 add_order_type to support OZHNN for uploads with electronic signature. Remove duplicate V24 initialize. V24 and V25 now differ only by namespace (H003/H004) and OrderID (mandatory in H003, absent in H004).
Remove Epics::X509Certificate in favor of Epics::Crypt::X509 which now provides data, fingerprint and to_pem. Certificates are assigned directly on Signature objects via the keyring instead of being stored separately on the client. Remove x_509_certificates_content, x_509_certificate(type) and x_509_certificate_hash(type) from Client. Remove dead x509_data_xml from GenericRequest. Update OrderDataHandler, LetterRenderer and ini_with_certs template to use certificates from signatures.
|
Would appreciate if folks could test this branch against their EBICS connections to confirm H003 and H004 both work as expected. Any feedback welcome! |
- Add auto-generated X.509 certificates for H005 test clients - Implement CryptService.sign() with RSA-PSS (A006) and PKCS1v15 (A005) - Add BTD mappings for BKA, C5N, CDZ, CRZ downloads in V3 factory - Add BTU mappings for AZV, B2B, CCS, CDS, C2S uploads in V3 factory - Add VersionSupportError for FDL, CD1, WSS, XDS in H005 - Fix missing AuthSignature in V3 create_btd - Add H005 structural shared examples (header, download, upload, receipt, transfer) - Remove all H005 pending tests and replace with active structural tests - Override AZV#to_xml to use create_azv (separate from CD1 in H005)
Cover all CryptService public methods (sign A005/A006, encrypt, AES round-trip, transaction key encryption, hash, digest calculation, certificate fingerprint) and DigestResolver behavior differences between V2 (key-based) and V3 (certificate-based).
Test XmlBuilder (V24/V25/V3 namespaces and container types), OrderDetailsBuilder (V2 OrderType/OrderAttribute vs V3 AdminOrderType/ BTDOrderParams/BTUOrderParams), StaticBuilder, MutableBuilder, DataTransferBuilder (V2 no-op vs V3 DataDigest/AdditionalOrderInfo), DataEncryptionInfoBuilder, HeaderBuilder, BodyBuilder, and TransferReceiptBuilder.
Test UserSignatureHandler V2 (S001) vs V3 (S002), OrderDataHandler V24/V25 (PubKeyValue with RSA material) vs V3 (X509Data, no PubKeyValue), and AuthSignatureHandler (digest, signature verification, C14N) across all three EBICS versions.
Test base factory methods (HEV, INI, HIA, HPB, transfers, admin orders), V2 download/upload patterns with OrderType/OrderAttribute/OrderID, V3 BTD/BTU patterns with AdminOrderType and service descriptors, and VersionSupportError boundaries between protocol versions.
Test version validation, key slot accessors, key serialization round-trip (dump/reload with AES-256-CBC encryption), Client.setup key generation (A005/A006, X002, E002), next_order_id overflow, and urn_schema per protocol version.
Signer was only used by the XMLSIG Faraday middleware which has been replaced by AuthSignatureHandler signing directly during request construction in the factories.
XCT now delegates to request_factory.create_azv like all other order types instead of using the legacy HeaderRequest monolithic builder. HeaderRequest has no remaining consumers and is removed along with its require and Client#header_request accessor.
AZV overrides to_xml completely and uses create_azv (not create_cd1), so inheriting from CD1 was misleading. AZV and CD1 are unrelated order types (international payment vs SEPA COR1 direct debit).
|
@jplot nice work! |
CDS: SEPA Direct Debit without ES (DZHNN), BTU with SDD/BIL/pain.008 XCT: International payment alias for AZV (CD1 in V2, XCT/dtazv in V3)
XCT: add scope 'DE' assertion (matching AZV which already had it) CDD: add scope 'GLB' assertion for SEPA Direct Debit Core
The passphrase for key encryption/decryption is stored on Client, not on Keyring. This attribute was never used anywhere in production.
Include xmlns:xsi namespace declaration and xsi:schemaLocation attribute on all H003/H004/H005 request root elements (ebicsRequest, ebicsUnsecuredRequest, ebicsNoPubKeyDigestsRequest, ebicsUnsignedRequest). Each version points to its official XSD: - H003: http://www.ebics.org/H003/ebics_H003.xsd - H004: http://www.ebics.org/H004/ebics_H004.xsd - H005: http://www.ebics.org/H005/ebics_H005.xsd Update fixtures and auth signature test values to reflect the new canonical XML content (C14N inclusive includes ancestor namespaces).
Comprehensive reference file with links to official EBICS specifications, XSD schemas, implementation guides, BTF/BTD/BTU documentation, and country-specific resources (France, Switzerland, Germany).
The ini.erb template now handles both certificate and RSA key display using conditionals, eliminating the need for a separate ini_with_certs.erb.
|
|
5 participants
Testing overview: