Mirror/node-ebics-client
2
0
Fork 0
mirror of https://github.com/node-ebics/node-ebics-client.git synced 2025-08-15 12:15:36 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: Mirror:master
Branches Tags
Mirror:master Mirror:dependabot/npm_and_yarn/braces-3.0.3 Mirror:dependabot/npm_and_yarn/xml-crypto-6.0.0 Mirror:fix/request Mirror:update-deps Mirror:feat/new-license Mirror:release-it Mirror:feat/drop-bn.js Mirror:feat/drop-moment Mirror:chore/tests Mirror:feat/handle-unsual-exponent Mirror:monorepo
Mirror:v4.1.0 Mirror:v4.0.0 Mirror:v3.0.0 Mirror:v0.2.1 Mirror:v0.2.0 Mirror:v0.1.7 Mirror:v0.1.6 Mirror:v0.1.4 Mirror:v0.1.3 Mirror:push Mirror:v0.1.2 Mirror:v0.1.1 Mirror:v0.0.8 Mirror:v0.0.7 Mirror:v0.0.6 Mirror:v0.0.5 Mirror:v0.0.36 Mirror:v0.0.35 Mirror:v0.0.3 Mirror:v0.1.0 Mirror:v0.0.4
..
compare: Mirror:dependabot/npm_and_yarn/xml-crypto-6.0.0
Branches Tags
Mirror:master Mirror:dependabot/npm_and_yarn/braces-3.0.3 Mirror:dependabot/npm_and_yarn/xml-crypto-6.0.0 Mirror:fix/request Mirror:update-deps Mirror:feat/new-license Mirror:release-it Mirror:feat/drop-bn.js Mirror:feat/drop-moment Mirror:chore/tests Mirror:feat/handle-unsual-exponent Mirror:monorepo
Mirror:v4.1.0 Mirror:v4.0.0 Mirror:v3.0.0 Mirror:v0.2.1 Mirror:v0.2.0 Mirror:v0.1.7 Mirror:v0.1.6 Mirror:v0.1.4 Mirror:v0.1.3 Mirror:push Mirror:v0.1.2 Mirror:v0.1.1 Mirror:v0.0.8 Mirror:v0.0.7 Mirror:v0.0.6 Mirror:v0.0.5 Mirror:v0.0.36 Mirror:v0.0.35 Mirror:v0.0.3 Mirror:v0.1.0 Mirror:v0.0.4

1 Commits
master ... dependabot

Author SHA1 Message Date
dependabot[bot]
6bc2e508de chore(deps): bump xml-crypto from 4.1.0 to 6.0.0 
Bumps [xml-crypto](https://github.com/node-saml/xml-crypto) from 4.1.0 to 6.0.0.
- [Release notes](https://github.com/node-saml/xml-crypto/releases)
- [Changelog](https://github.com/node-saml/xml-crypto/blob/master/CHANGELOG.md)
- [Commits](https://github.com/node-saml/xml-crypto/compare/v4.1.0...v6.0.0)

---
updated-dependencies:
- dependency-name: xml-crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-01 17:06:50 +00:00
13 changed files with 583 additions and 339 deletions
Expand all files Collapse all files

6
.github/workflows/CI.yml vendored
View File

@@ -11,12 +11,12 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
node: [ 18, 20, 22 ]
node: [ 18, 19, 20 ]
name: Node.js ${{ matrix.node }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v3
- name: Setup node
uses: actions/setup-node@v4
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
- run: npm ci

6
CHANGELOG.md
View File

@@ -1,11 +1,5 @@
### Changelog
#### [v4.2.0]
- feat: update dependencies [`a03ec22`](https://github.com/node-ebics/node-ebics-client/commit/a03ec2283fdd3dcf750c5ed448f0195d92c5c9f0)
- chore: Update dev dependency libxmljs [`3a8dc1d`](https://github.com/node-ebics/node-ebics-client/commit/3a8dc1da0bac20a6f25a687da0a783f3b52d5163)
- feat: replace &lt;request&gt; with &lt;rock-req&gt; [`b6b2751`](https://github.com/node-ebics/node-ebics-client/commit/b6b27516d5854b38dcdbe56f23967001f844e631)
#### [v4.0.0](https://github.com/node-ebics/node-ebics-client/compare/v3.0.0...v0.4.0)
- Add CI [`#75`](https://github.com/node-ebics/node-ebics-client/pull/75)

47
README.md
View File

@@ -15,55 +15,30 @@
<a href='https://coveralls.io/github/eCollect/node-ebics-client?branch=master' title="Coverage Status"><img src='https://coveralls.io/repos/github/eCollect/node-ebics-client/badge.svg?branch=master' alt='Coverage Status' /></a>
</p>
Pure Node.js (>= 16) implementation of [EBICS](https://en.wikipedia.org/wiki/Electronic_Banking_Internet_Communication_Standard) (Electronic Banking Internet Communication).
Pure node.js ( >=8 ) implementation of [EBICS](https://en.wikipedia.org/wiki/Electronic_Banking_Internet_Communication_Standard) ( Electronic Banking Internet Communication ).
The client is aimed to be 100% [ISO 20022](https://www.iso20022.org) compliant, and supports the complete initializations process ( INI, HIA, HPB orders ) and HTML letter generation.
## Usage
For examples on how to use this library, take a look at the [examples](https://github.com/node-ebics/node-ebics-client/tree/master/examples).
### A note on recent Node.js versions
The latest Node.js versions don't support `RSA_PKCS1_PADDING` for private decryption for security reasons, throwing an error like _TypeError: RSA_PKCS1_PADDING is no longer supported for private decryption, this can be reverted with --security-revert=CVE-2023-46809_.
EBICS requires this mode, so in order for this library to work, add the following parameter when starting Node.js: `--security-revert=CVE-2023-46809`
### Initialization
1. Create a configuration (see [example configs](https://github.com/node-ebics/node-ebics-client/tree/master/examples/config)) with the EBICS credentials you received from your bank and name it in this schema: `config.<environment>.<bank>[.<entity>].json` (the entity is optional).
- The fields `url`, `partnerId`, `userId`, `hostId` are provided by your bank.
- The `passphrase` is used to encrypt the keys file, which will be stored at the `storageLocation`.
- The `bankName` and `bankShortName` are used internally for creating files and identifying the bank to you.
- The `languageCode` is used when creating the Initialization Letter and can be either `de`, `en`, or `fr`.
- You can chose any environment, bank and, optionally, entity name. Entities are useful if you have multiple EBICS users for the same bank account.
2. Run `node examples/initialize.js <environment> <bank> [entity]` to generate your key pair and perform the INI and HIA orders (ie. send the public keys to your bank)
The generated keys are stored in the file specified in your config and encrypted with the specified passphrase.
3. Run `node examples/bankLetter.js <environment> <bank> [entity]` to generate the Initialization Letter
4. Print the letter, sign it and send it to your bank. Wait for them to activate your EBICS account.
5. Download the bank keys by running `node examples/save-bank-keys.js <environment> <bank> [entity]`
If all these steps were executed successfully, you can now do all things EBICS, like fetching bank statements by running `node examples/send-sta-order.js <environment> <bank> [entity]`, or actually use this library in your custom banking applications.
## Supported Banks
The client is currently tested and verified to work with the following banks:
- [Credit Suisse (Schweiz) AG](https://www.credit-suisse.com/ch/en.html)
- [Zürcher Kantonalbank](https://www.zkb.ch/en/lg/ew.html)
- [Raiffeisen Schweiz](https://www.raiffeisen.ch/rch/de.html)
- [BW Bank](https://www.bw-bank.de/de/home.html)
- [Bank GPB International S.A.](https://gazprombank.lu/e-banking)
- [Bank GPB AO](https://gazprombank.ru/)
- [J.P. Morgan](https://www.jpmorgan.com/)
* [Credit Suisse (Schweiz) AG](https://www.credit-suisse.com/ch/en.html)
* [Zürcher Kantonalbank](https://www.zkb.ch/en/lg/ew.html)
* [Raiffeisen Schweiz](https://www.raiffeisen.ch/rch/de.html)
* [BW Bank](https://www.bw-bank.de/de/home.html)
* [Bank GPB International S.A.](https://gazprombank.lu/e-banking)
* [Bank GPB AO](https://gazprombank.ru/)
* [J.P. Morgan](https://www.jpmorgan.com/)
## Inspiration
The basic concept of this library was inspired by the [EPICS](https://github.com/railslove/epics) library from the Railslove Team.
## Copyright
Copyright: Dimitar Nanov, 2019-2022.
Licensed under the [MIT](LICENSE) license.

2
examples/bankLetter.js
View File

@@ -10,7 +10,7 @@ const os = require('os');
const config = require('./loadConfig')();
const client = require('./getClient')(config);
const bankName = client.bankName;
const template = fs.readFileSync("./templates/ini_"+client.languageCode+".hbs", { encoding: 'utf8'});
const template = fs.readFileSync("../templates/ini_"+client.languageCode+".hbs", { encoding: 'utf8'});
const bankLetterFile = path.join("./", "bankLetter_"+client.bankShortName+"_"+client.languageCode+".html");
const letter = new ebics.BankLetter({ client, bankName, template });

2
examples/getClient.js
View File

@@ -10,7 +10,6 @@ module.exports = ({
userId,
hostId,
passphrase,
iv,
keyStoragePath,
} = loadConfig()) => new Client({
url,
@@ -18,6 +17,5 @@ module.exports = ({
userId,
hostId,
passphrase,
iv,
keyStorage: fsKeysStorage(keyStoragePath),
});

13
lib/Client.js
View File

@@ -43,8 +43,7 @@ const stringifyKeys = (keys) => {
* @property {string} partnerId - PARTNERID provided by the bank
* @property {string} hostId - HOSTID provided by the bank
* @property {string} userId - USERID provided by the bank
* @property {string|Buffer} passphrase - passphrase or key for keys encryption
* @property {string|Buffer} iv - Initialization Vector for keys encryption
* @property {string} passphrase - passphrase for keys encryption
* @property {KeyStorage} keyStorage - keyStorage implementation
* @property {object} [tracesStorage] - traces (logs) storage implementation
* @property {string} bankName - Full name of the bank to be used in the bank INI letters.
@@ -52,6 +51,7 @@ const stringifyKeys = (keys) => {
* @property {string} languageCode - Language code to be used in the bank INI letters ("de", "en" and "fr" are currently supported).
* @property {string} storageLocation - Location where to store the files that are downloaded. This can be a network share for example.
*/
module.exports = class Client {
/**
*Creates an instance of Client.
@@ -63,7 +63,6 @@ module.exports = class Client {
userId,
hostId,
passphrase,
iv,
keyStorage,
tracesStorage,
bankName,
@@ -89,7 +88,7 @@ module.exports = class Client {
this.userId = userId;
this.hostId = hostId;
this.keyStorage = keyStorage;
this.keyEncryptor = defaultKeyEncryptor({ passphrase, iv });
this.keyEncryptor = defaultKeyEncryptor({ passphrase });
this.tracesStorage = tracesStorage || null;
this.bankName = bankName || 'Dummy Bank Full Name';
this.bankShortName = bankShortName || 'BANKSHORTCODE';
@@ -225,7 +224,7 @@ module.exports = class Client {
(err, res, data) => {
if (err) reject(err);
const ebicsResponse = response.version(version)(data.toString('utf-8'), keys);
const ebicsResponse = response.version(version)(data, keys);
if (this.tracesStorage)
this.tracesStorage
@@ -235,7 +234,8 @@ module.exports = class Client {
.persist();
resolve(ebicsResponse);
});
},
);
});
}
@@ -250,6 +250,7 @@ module.exports = class Client {
async keys() {
try {
const keysString = await this._readKeys();
return new Keys(JSON.parse(this.keyEncryptor.decrypt(keysString)));
} catch (err) {
return null;

13
lib/crypto/Crypto.js
View File

@@ -1,7 +1,6 @@
'use strict';
const crypto = require('crypto');
const NodeRSA = require('node-rsa');
const BigNumber = require('./BigNumber.js');
const mgf1 = require('./MGF1');
@@ -55,14 +54,10 @@ module.exports = class Crypto {
}
static privateDecrypt(key, data) {
const keyRSA = new NodeRSA(
key.toPem(),
'pkcs1-private-pem', {
encryptionScheme: 'pkcs1',
environment: 'browser', // would use the crypto module by default, which blocks pkcs1
},
);
return keyRSA.decrypt(data);
return crypto.privateDecrypt({
key: key.toPem(),
padding: crypto.constants.RSA_PKCS1_PADDING,
}, data);
}
static privateSign(key, data, outputEncoding = 'base64') {

66
lib/crypto/encryptDecrypt.js
View File

@@ -1,66 +0,0 @@
'use strict';
const crypto = require('crypto');
const createKeyAndIv = (passphrase) => {
// this generates a 256-bit key and a 128-bit iv for aes-256-cbc
// just like nodejs's deprecated/removed crypto.createCipher would
const a = crypto.createHash('md5').update(passphrase).digest();
const b = crypto
.createHash('md5')
.update(Buffer.concat([a, Buffer.from(passphrase)]))
.digest();
const c = crypto
.createHash('md5')
.update(Buffer.concat([b, Buffer.from(passphrase)]))
.digest();
const bytes = Buffer.concat([a, b, c]);
const key = bytes.subarray(0, 32);
const iv = bytes.subarray(32, 48);
return { key, iv };
};
const encrypt = (data, algorithm, passphrase, iv) => {
let cipher;
if (iv) {
cipher = crypto.createCipheriv(algorithm, passphrase, iv);
} else {
console.warn(
'[Deprecation notice] No IV provided, falling back to legacy key derivation.\n'
+ 'This will be removed in a future major release. You should encrypt your keys with a proper key and IV.',
);
if (crypto.createCipher) {
// nodejs < 22
cipher = crypto.createCipher(algorithm, passphrase);
} else {
const { key, iv: generatedIv } = createKeyAndIv(passphrase);
cipher = crypto.createCipheriv(algorithm, key, generatedIv);
}
}
const encrypted = cipher.update(data, 'utf8', 'hex') + cipher.final('hex');
return Buffer.from(encrypted).toString('base64');
};
const decrypt = (data, algorithm, passphrase, iv) => {
data = Buffer.from(data, 'base64').toString();
let decipher;
if (iv) {
decipher = crypto.createDecipheriv(algorithm, passphrase, iv);
} else {
console.warn(
'[Deprecation notice] No IV provided, falling back to legacy key derivation.\n'
+ 'This will be removed in a future major release. You should re-encrypt your keys with a proper key and IV.',
);
if (crypto.createDecipher) {
// nodejs < 22
decipher = crypto.createDecipher(algorithm, passphrase);
} else {
const { key, iv: generatedIv } = createKeyAndIv(passphrase);
decipher = crypto.createDecipheriv(algorithm, key, generatedIv);
}
}
const decrypted = decipher.update(data, 'hex', 'utf8') + decipher.final('utf8');
return decrypted;
};
module.exports = { encrypt, decrypt };

18
lib/keymanagers/KeysManager.js
View File

@@ -1,8 +1,24 @@
'use strict';
const { encrypt, decrypt } = require('../crypto/encryptDecrypt');
const crypto = require('crypto');
const Keys = require('./Keys');
const encrypt = (data, algorithm, passphrase) => {
const cipher = crypto.createCipher(algorithm, passphrase);
const encrypted = cipher.update(data, 'utf8', 'hex') + cipher.final('hex');
return Buffer.from(encrypted).toString('base64');
};
const decrypt = (data, algorithm, passphrase) => {
data = (Buffer.from(data, 'base64')).toString();
const decipher = crypto.createDecipher(algorithm, passphrase);
const decrypted = decipher.update(data, 'hex', 'utf8') + decipher.final('utf8');
return decrypted;
};
module.exports = (keysStorage, passphrase, algorithm = 'aes-256-cbc') => {
const storage = keysStorage;
const pass = passphrase;

21
lib/keymanagers/defaultKeyEncryptor.js
View File

@@ -1,9 +1,24 @@
'use strict';
const { encrypt, decrypt } = require('../crypto/encryptDecrypt');
const crypto = require('crypto');
const encrypt = (data, algorithm, passphrase) => {
const cipher = crypto.createCipher(algorithm, passphrase);
const encrypted = cipher.update(data, 'utf8', 'hex') + cipher.final('hex');
return Buffer.from(encrypted).toString('base64');
};
const decrypt = (data, algorithm, passphrase) => {
data = (Buffer.from(data, 'base64')).toString();
const decipher = crypto.createDecipher(algorithm, passphrase);
const decrypted = decipher.update(data, 'hex', 'utf8') + decipher.final('utf8');
module.exports = ({ passphrase, iv, algorithm = 'aes-256-cbc' }) => ({
encrypt: data => encrypt(data, algorithm, passphrase, iv),
return decrypted;
};
module.exports = ({
passphrase,
algorithm = 'aes-256-cbc',
}) => ({
encrypt: data => encrypt(data, algorithm, passphrase),
decrypt: data => decrypt(data, algorithm, passphrase),
});

633
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

16
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "ebics-client",
"version": "5.0.0",
"version": "4.1.0",
"description": "Node.js ISO 20022 Compliant EBICS Client",
"main": "index.js",
"files": [
@@ -9,10 +9,7 @@
],
"scripts": {
"lint": "eslint .",
"test": "npm run test:node$(node -v | cut -d '.' -f 1 | cut -c 2-)",
"test:node22": "nyc node ./node_modules/.bin/mocha test/**/*.js",
"test:node20": "nyc node --security-revert=CVE-2023-46809 ./node_modules/.bin/mocha test/**/*.js",
"test:node18": "nyc node --security-revert=CVE-2023-46809 ./node_modules/.bin/mocha test/**/*.js",
"test": "nyc mocha test/**/*.js",
"coverage": "nyc report --reporter=text-lcov | coveralls",
"version": "auto-changelog -p -t changelog-template.hbs && git add CHANGELOG.md"
},
@@ -58,10 +55,6 @@
{
"name": "Herrie",
"url": "https://github.com/Herrie82"
},
{
"name": "Maik Marschner ",
"url": "https://github.com/leMaik"
}
],
"license": "MIT",
@@ -70,7 +63,6 @@
"handlebars": "^4.7.8",
"js2xmlparser": "^5.0.0",
"node-forge": "^1.3.1",
"node-rsa": "^1.1.1",
"rock-req": "^5.1.3",
"uuid": "^9.0.1",
"xml-crypto": "^6.0.0",
@@ -83,8 +75,8 @@
"eslint": "^6.7.2",
"eslint-config-ecollect-base": "^0.1.2",
"eslint-plugin-import": "^2.28.1",
"libxmljs": "^1.0.10",
"mocha": "^10.2.0",
"nyc": "^15.1.0",
"xmllint-wasm": "^4.0.2"
"nyc": "^15.1.0"
}
}

47
test/spec/H004.js
View File

@@ -9,36 +9,27 @@ const fs = require('fs');
const ebics = require('../../');
const xmlLintWasm = require('xmllint-wasm');
const libxml = require('libxmljs');
const validateXML = (() => {
const xsdDir = path.resolve(__dirname, '../xsd');
const schemaPath = path.resolve(xsdDir, 'ebics_H004.xsd');
const schemaDoc = fs.readFileSync(schemaPath, { encoding: 'utf8' });
const preload = fs
.readdirSync(xsdDir)
.filter(file => file.endsWith('.xsd') && file !== 'ebics_H004.xsd')
.map(file => ({
fileName: file,
contents: fs.readFileSync(path.join(xsdDir, file), {
encoding: 'utf8',
}),
}));
const schemaPath = path.resolve(__dirname, '../xsd/ebics_H004.xsd');
const schemaDoc = libxml.parseXml(
fs.readFileSync(schemaPath, { encoding: 'utf8' }),
);
return async (str) => {
const results = await xmlLintWasm.validateXML({
xml: { fileName: 'ebics.xml', contents: str },
schema: [
{
fileName: 'ebics_H004.xsd',
contents: schemaDoc,
},
],
preload,
});
return results.valid;
const schemaDir = path.dirname(schemaPath);
const cwd = process.cwd();
const validateXML = (str) => {
try {
process.chdir(schemaDir);
const isValid = libxml.parseXml(str).validate(schemaDoc);
process.chdir(cwd);
return isValid;
} catch (e) {
process.chdir(cwd);
return false;
}
};
})();
const client = new ebics.Client({
url: 'https://iso20022test.credit-suisse.com/ebicsweb/ebicsweb',
@@ -112,7 +103,7 @@ describe('H004 order generation', () => {
it(`[${operation}] ${type} order generation`, async () => {
const signedOrder = await client.signOrder(order);
assert.isTrue(await validateXML(signedOrder));
assert.isTrue(validateXML(signedOrder));
});
}
});