railslove / epics Goto Github PK
View Code? Open in Web Editor NEWEBICS client for Ruby
Home Page: https://www.railslove.com/stories/ebics-client-for-ruby
License: GNU Lesser General Public License v3.0
EBICS client for Ruby
Home Page: https://www.railslove.com/stories/ebics-client-for-ruby
License: GNU Lesser General Public License v3.0
It seems that @railslove removed the authors of this gem from the repository - probably by accident.
Sadly nobody @railslove takes care of the maintenance of the gem and has abandoned it.
Please at least transfer ownership of this repository to one of the gem authors.
Hello,
i would like to know how would one be able to make use of this client? without know ruby.
Or compiling this somehow!
Hi team,
Thanks again for this amazing gem.
Can you please specify in you documentation which version of EBICS do this library support ? (1.1, 2.4.2, 3.0 ????)
Thanks
Nice gem. š
Have you thought of supporting HBCI as well?
Could be really useful....
On Ubuntu 14.04 LTS, I installed epics this way: gem install --user-install epics
and when I do :
require 'epics'
e = Epics::Client.setup("my-super-secret", "https://ebics.sandbox", "SIZBN001", "EBIX", "EPICS")
I get this error (user
is my local username, and my_file.rb
is the name of my script) :
/home/user/.gem/ruby/1.9.1/gems/epics-1.1.1/lib/epics/client.rb:59:in `setup': uninitialized constant Epics::Client::Client (NameError)
from my_file.rb:2:in `<main>'
Hello,
Maybe someone can help me with PHP analog of client.
Is this script
Line 32 in c1b9167
$rsa = new \phpseclib\Crypt\RSA();
$rsa->setPassword($password);
$rsa->loadKey($privateKey, \phpseclib\Crypt\RSA::PRIVATE_FORMAT_PKCS1);
$rsa->setHash('sha256');
$rsa->setMGFHash('sha256');
$rsa->setSignatureMode(\phpseclib\Crypt\RSA::SIGNATURE_PSS);
$sign = $rsa->sign($data);
Hello again :-),
now, after the initialization process finished, I try to fetch the available methods of my bank.
But when i try to get e with e = Epics::Client.new(keys, 'passphrase', 'url', 'host', 'user', 'partner')
it run into following error: OpenSSL::Cipher::CipherError
any ideas?
thanks
ternes3
Hi,
we just found your nice gem. So we tried downloading account statements using C53.
e = Epics::Client.new(key, "secret", "https://server", "a", "b", "c")
c53 = e.C53(Date.today.prev_day(2), Date.today.prev_day)
puts c53
That's the output (of course I wiped out some data):
PK?F?ą°?
?
42015-07-24_C53_EUR_13.xml<?xml version='1.0' encoding='UTF-8' ?><Document xmlns='urn:iso:std:iso:20022:tech:xsd:camt.053.001.02'>WIPED OUT</Document>PK??F?ą°?
?
42015-07-24_C53_EUR_13.xmlPKb
Is it an issue with our bank? Can you verify that C53 works for you?
I tried to upgrade to the latest Heroku-22 Stack, which ships with OpenSSL 3 and got the following error:
OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key: unsupported
from vendor/ruby-3.1.2/lib/ruby/3.1.0/openssl/pkey.rb:348:in `initialize'
from vendor/ruby-3.1.2/lib/ruby/3.1.0/openssl/pkey.rb:348:in `new'
from vendor/ruby-3.1.2/lib/ruby/3.1.0/openssl/pkey.rb:348:in `new'
from epics (1.8.1) lib/epics/key.rb:8:in `initialize'
from epics (1.8.1) lib/epics/client.rb:260:in `new'
from epics (1.8.1) lib/epics/client.rb:260:in `block in extract_keys'
from epics (1.8.1) lib/epics/client.rb:259:in `each'
from epics (1.8.1) lib/epics/client.rb:259:in `each_with_object'
from epics (1.8.1) lib/epics/client.rb:259:in `extract_keys'
from epics (1.8.1) lib/epics/client.rb:12:in `initialize'
Heroku mentions this:
In addition, OpenSSL 3 drops default support for a number of legacy/insecure cryptographic algorithms. If you see TLS/SSL related failures connecting from your application to external services, it is likely that those servers are running outdated/insecure software or configurations, that will need to be fixed by the maintainers of those services.
I wonder if this is an issue with the Bank servers as it is failing with the same error on all the different ones I connect to, which tends to point to an implementation problem in epics.
I would vote to handle the case of no available statements differently. It should not raise an error, but return an empty array. We could catch the exception.
Hey,
iĀ“m new on ruby and currently I try to integrate ebics with this gem. I just followed the introduction placed in the readme and get this error: uninitialized constant Ebics::Client
any ideas?
thanks
ternes3
Hello epics community,
I ask my self, if the impementation of ebics ordertype CDZ (cdz.rb) has undergone an error. Reading the ebics compendium, the order type should provide "Payment Status Report for Direct Debit". In my understanding this means an action type client "download" from ebics bank server.
But epics client.rb
def CDZ(document) upload(Epics::CDZ, document) end
implements an upload from client to bank. Is this correct ?
If so, could someone point out, why ?
regards,
Peter
@tobischo is currently mainly maintaining this library and has done great work in pushing it forward.
He should get access to the Rubygems project to be able to release the long awaited version 2.0
hello :)
I'm trying to connect to french Bank but when i submit keys to the bank
I got
e.INI
Epics::Error::BusinessError: EBICS_ONLY_X509_SUPPORT - With respect to certificates, the bank system only supports the evaluation of X.509 data
Any help plz and thx
Found the answer. That X001Digest and E001Digest uses from bank for Verification hashes from client side.
We have problems with hash verification in INI letter. I try to check official documentation and algorithm used in this library looks according to spec. But when i try algorithm on example letters in spec it doesn't match on 2/3 letters. Spec file link EBICS_Specification_2.5_final-16-05-2011.pdf. Algorithm for calculation is specified on page 55. Example letters are on pages 272,273,274.
Calculation i used to get hashes
require 'openssl'
require 'base64'
# 11.5.1.2 With version A005/A006 of the electronic signature - THIS IS OK
e = "10001"
n = "9b864d2e729e9e039478eb9641e627c6f298b9b54dacb2b899c6137c6a67a39356b0c0e2bb22d5f14a4e3eb5e0509a416ea5958f75cfa304f9ba3218bfed24ecb6065e628042f97ac1322cf3753fd592722ca283e8b5471259f64bcda64ed87f7b56dad9573279b47b6679c9f718407ecfac5c46146ab7701d47d051e781622b49d7095f47a44ca33f6704024b403d71aa5f3ea230537730710a96dd62be6cbf4027280c9fffe06d0a8c5ee075e230a449136508e5a911e37d1cff7fb931181f"
Base64.decode64(Base64.encode64(digester.digest([ e.gsub(/^0*/,''), n.gsub(/^0*/,'')].map(&:downcase).join(" "))).strip).unpack("H*").join.upcase.scan(/.{2}/).join(" ")
# resulting hash
# => "D4 7A 24 27 5C 5F D8 0D 50 1B CF 28 C5 38 FE 1F 51 DD 24 8B 3E 5C 72 D5 CD 47 9D 82 79 0C EF 52"
# this is matching ini letter
# 11.5.2 Initialisation letter for HIA (example) - THIS IS WRONG
e = "10001"
n = "b79d3af06815ac6eabbff3a1d438a3d14dd6742ccb6d0052d50ca2b0bf22bd088ff45b3eb567b5f5aed639690141d0698bd5f6ea03f14b595684de9313d807fb2613054b04f22765da265135485064b368ca7ce7fdb01234cf3794eece7bb62d796c7973fd9a09a0678231250a42dc962c44d9f0cb13a46675eb39263030d6a011ac699a1908a540a713f861ca3e78e784531a4c27ab66628343e1b281d67083"
Base64.decode64(Base64.encode64(digester.digest([ e.gsub(/^0*/,''), n.gsub(/^0*/,'')].map(&:downcase).join(" "))).strip).unpack("H*").join.upcase.scan(/.{2}/).join(" ")
# resulting hash
# => "F6 EB EC 19 67 65 2F 60 7E 1D 8C A3 E0 81 A4 C4 34 E7 14 4D C3 C7 A1 03 E5 8C 1F D9 CD 5D 7D 00"
# this doesn't match provided hash in HIA letter
# B8 3C B0 19 66 C9 9C 6E 2C A5 BA 6A 2B 56 01 92 35 2A B4 91 53 E9 0B BA 34 C1 5E B5 9F 4A 64 F7
e = "10001"
n = "c1c64130af7a7c4c370748b0bdc1fd068b560652cf2c889afb240399a4221763568dea84fe53402eb1d9ff3a8edd7af494955344a3d9b52660ecb109fed970f3d96e407477169b851f5365a3452dc6975d7f9d0b22d91b3c6fc91b7b4411c269f01bb8252ccab613530dbd4602a211e7db31ffe05d78b111c44aa707a7da6c05c7a342593f1340ecce4874b6d5934dc7a28aa12cb862bf2ac962f9952b646bd739a35a99f84b1b898c81742a5ac4a5a3ab0b03b7a282fb3ba7fd63442ae8e1620d1aea32a141e69d3b8ccb9ddee7f92f4205bf721f9ca3b08bf7e948c5395f03d76a3532280173d7308d83b62111c86b9f43600109ab2996b26c935ea036379d"
Base64.decode64(Base64.encode64(digester.digest([ e.gsub(/^0*/,''), n.gsub(/^0*/,'')].map(&:downcase).join(" "))).strip).unpack("H*").join.upcase.scan(/.{2}/).join(" ")
# resulting hash
# => "5C 01 88 FD 60 2A 27 EE 74 E3 6B 49 EB B9 45 AC FC 93 B7 D3 73 36 47 EA 55 AE 04 71 CB 01 CA 2A"
# this doesn't match provided hash in HIA letter
# 9D 2D C0 AF 55 6E D4 D9 04 00 BB 23 AF C8 1B AB 91 A3 7A 2E 97 A9 31 6D D0 01 79 5F C6 D0 CD 54
Has anybody any idea what could be wrong? Is specification examples wrong or i am missing something in algorithm part of how to calculate hashes in INI letters?
Therefore Pull-Requests were closed and re-opened again.
We make writing banking applications fun and easy. so we need some happy maskot.
When inheriting from CCT, CCS order_type and order_attributes should be included in the Nokogiri template of CCT.
class Epics::CCS < Epics::CCT
def order_attribute -> not used
"DZHNN"
end
def order_type -> not used
'CCS'
end
end
CCT.rb
class Epics::CCT < Epics::GenericUploadRequest
def header
Nokogiri::XML::Builder.new do |xml|
xml.header(authenticate: true) {
xml.static {
xml.HostID host_id
xml.Nonce nonce
xml.Timestamp timestamp
xml.PartnerID partner_id
xml.UserID user_id
xml.Product("EPICS - a ruby ebics kernel", 'Language' => 'de')
xml.OrderDetails {
xml.OrderType 'CCT'
xml.OrderAttribute 'OZHNN'
xml.StandardOrderParams
}
xml.BankPubKeyDigests {
xml.Authentication(client.bank_x.public_digest, Version: 'X002', Algorithm: "http://www.w3.org/2001/04/xmlenc#sha256")
xml.Encryption(client.bank_e.public_digest, Version: 'E002', Algorithm: "http://www.w3.org/2001/04/xmlenc#sha256" )
}
xml.SecurityMedium '0000'
xml.NumSegments 1
}
xml.mutable {
xml.TransactionPhase 'Initialisation'
}
}
end.doc.root
end
end
Fix, by adding order_type
and order_attribute
methods in CCT like in CCS and include it in Nokogiri fields instead of hardcoding so that inheriting classes will replace them with their own in the template.
Hi,
I was trying to transfer the sepa file but it's not working with Sparkasse Wuppertal and Sparkasse Pforzheim
I did
e = Epics::Client.new(key, secret, server, a, b, c)
e.HPB
e.CCT("sepa.xml")
Bank replied that they received an error message in their system that corrupt file is received however file is not received. The Sepa.xml is verified separately and checked by the bank to be correct.
Please suggest.
Hi,
I noticed during the development of a C54
feature (basically a copy of your C53
implementation) that the multi segment responses aren't supported currently (also seen your comment in 468fa7c).
Are you already working on the support for multipart responses or do you have any plans for it?
I may also be able to contribute some code if it makes sense.
Cheers, Klaus
We've run into an odd issue while upgrading our application to ruby 3.1: CDB messages are refused by the bank with a '090004' Return code (EBICS_INVALID_ORDER_DATA_FORMAT). A CDB message with the same gem versions and same order data is accepted when issued from ruby 3.0.
Trying to debug the issue with the IT of the bank in question did not yield very precise results, unfortunately, as the server side cause of the rejection wasn't covered by their logging. The best esitmate of the bank is, that the value of the OrderData attribute cannot be decompressed due to it being invalid.
My suspicion on the other hand is, that this may have something to do with the OpenSSL versions used by ruby 3.0 (OpenSSL 1.1) and ruby 3.1 (OpenSSL 3.0).
Before I go poking things with a stick to see what squeaks, are you aware of any issues regarding ruby 3.1 that may cause OrderData to become unreadable to upstream? Or maybe some pointers where it would be sensible to start more detailed debugging? I have logs of the ebics messages in the relevant communications, in case they would help.
We have been using epics for years to download files through C52 and C53.
For a slightly different use case we wanted to use epics now to pass in pain.001.001.03 files (generated through sepa_king) through the CCT action.
However we keep getting an invalid signature error (error code 28 at FIDUCIA/ATRUVIA).
That means we managed to successfully upload the file, so the general authentication worked.
The file could be correctly decrypted, however it lacked the corresponding signature (I suppose A006)
In the readme a few banks are listed where epics works correctly.
It does not however list which order types are executed there.
Now I am wondering whether for the cases with the banks where it worked, the order types CCT, CDD, or CDB where amongst those that are executed.
Do you happen to have any more information on that?
I would love to know whether I am just doing something wrong or whether epics actually has an issue here.
Having followed the getting started instructions in the README, I can successfully generate keys, but then fail on calling the Epics::Client.INI
method. It fails with undefined method xpath for nil:NilClass
at this line.
If I roll back to the latest commit on which the tests did not break, it works.
After invoking INI request to the bank I try integrate with, I got 'EBICS_ONLY_X509_SUPPORT' error message. Although this is one of the standard error codes, I'm not sure what does it mean and how to fix it? I'll be more than happy for any clues about this.
OpenSSL changed the API and the n=
accessors are no longer available and set_key
must now be used.
I guess we have to check if set_key
is defined and then use that new API otherwise the old.
See:
ruby/openssl@7ea72f1#diff-915017dbfe6a2e8cd9741502cfe8f759
nov/json-jwt@aa09a07#diff-e64230ecda134ae0f937388155746d86R102
Hi guys,
I was testing your library with the great https://iso20022test.credit-suisse.com/ testing accounts.
But I have got that error on client.HPB
step:
OpenSSL::PKey::PKeyError: rsa#set_key= is incompatible with OpenSSL 3.0
from /Users/frokusek/.asdf/installs/ruby/3.1.3/lib/ruby/gems/3.1.0/gems/epics-2.0.0/lib/epics/client.rb:110:in `set_key'
Is that a known issue ?
Thanks for your help š
ruby -> ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [arm64-darwin21]
openssl-> LibreSSL 2.8.3
epics -> 2.0.0
Hi railslove team,
I have an ebics key created a couple of years ago with epics. It contains an "#USER": {},
which confuses the current version of epics. Running Epics::Client.new
will trigger
NoMethodError: undefined method `unpack1' for {}:Hash
/usr/lib64/ruby/2.6.0/base64.rb:74:in `strict_decode64'
/home/leonard/.gem/ruby/2.6.0/gems/epics-1.8.1/lib/epics/client.rb:280:in `decrypt'
/home/leonard/.gem/ruby/2.6.0/gems/epics-1.8.1/lib/epics/client.rb:260:in `block in extract_keys'
/home/leonard/.gem/ruby/2.6.0/gems/epics-1.8.1/lib/epics/client.rb:259:in `each'
/home/leonard/.gem/ruby/2.6.0/gems/epics-1.8.1/lib/epics/client.rb:259:in `each_with_object'
/home/leonard/.gem/ruby/2.6.0/gems/epics-1.8.1/lib/epics/client.rb:259:in `extract_keys'
/home/leonard/.gem/ruby/2.6.0/gems/epics-1.8.1/lib/epics/client.rb:12:in `initialize'
Deleting the "#USER": {},
field in the key file avoids the error.
it is missing the html/head/body tags :)
Hey,
we have run into a problem following the Getting started Guide.
When initially submitting the keys to our bank, we are getting the following error:
> e.INI
Nokogiri::XML::XPath::SyntaxError: ERROR: Undefined namespace prefix: //ds:DigestValue
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/nokogiri-1.8.1/lib/nokogiri/xml/searchable.rb:198:in `evaluate'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/nokogiri-1.8.1/lib/nokogiri/xml/searchable.rb:198:in `xpath_impl'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/nokogiri-1.8.1/lib/nokogiri/xml/searchable.rb:179:in `xpath_internal'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/nokogiri-1.8.1/lib/nokogiri/xml/searchable.rb:154:in `xpath'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/epics-1.5.1/lib/epics/signer.rb:30:in `digest_node'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/epics-1.5.1/lib/epics/signer.rb:12:in `digest!'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/epics-1.5.1/lib/epics/middleware/xmlsig.rb:10:in `call'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/faraday-0.13.1/lib/faraday/rack_builder.rb:141:in `build_response'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/faraday-0.13.1/lib/faraday/connection.rb:387:in `run_request'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/faraday-0.13.1/lib/faraday/connection.rb:174:in `post'
from /usr/local/rvm/rubies/ruby-2.3.4/lib/ruby/2.3.0/forwardable.rb:204:in `post'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/epics-1.5.1/lib/epics/client.rb:94:in `INI'
from (irb):16
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/railties-4.2.9/lib/rails/commands/console.rb:110:in `start'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/railties-4.2.9/lib/rails/commands/console.rb:9:in `start'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/railties-4.2.9/lib/rails/commands/commands_tasks.rb:68:in `console'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/railties-4.2.9/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
from /usr/local/rvm/gems/ruby-2.3.4@global/gems/railties-4.2.9/lib/rails/commands.rb:17:in `<top (required)>'
from bin/rails:4:in `require'
from bin/rails:4:in `<main>'
As per email request, we could think of adding numerical error codes to our exceptions. I am not sure if I am a big fan of it. But what do you guys think?
Hey @tobischo, now that you have the RubyGems access it would be great to see a new release. Thanks a lot!
Hi,
faraday has released version 1.0 a few days ago. Since then a new installation of epics is not working anymore because of breaking changes in faraday.
It seems to be related to the changes of #73
Hi,
I try to implement EBICS on PHP and got the proble,
Have you an address of demo-server for test ebics protocol? Or how do you testing requests?
Hi Team,
Thank you so much for having this product developed, this was very helpful for generating the ini letter for the bank.
Now Im trying to send a HPB request and it throws below error, any idea what is this related to? The bank has already confirmed that the User is now Initialised
in `block in call': EBICS_AUTHENTICATION_FAILED - Authentication signature error (Epics::Error::TechnicalError)
Hi,
I have generated the INI letter, sent it to the bank and bank has confirmed account is activated.
I am now trying the next step.
giving the correct details in the parameters below
e = Epics::Client.new(File.open('/tmp/my.key'), 'passphrase', 'url', 'host', 'user', 'partner')
e.HPB
but it is failing with following error at e.HPB
Nokogiri::XML::XPath::SyntaxError
Undefined namespace prefix: .//ds:Modulus
A declarative, efficient, and flexible JavaScript library for building user interfaces.
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ššš
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ā¤ļø Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.