From 09ab61270fe1ebff0de5a23aacd735c95eb3fb54 Mon Sep 17 00:00:00 2001 From: Luc De Meyer Date: Fri, 7 Aug 2020 17:12:02 +0200 Subject: [PATCH] [13.0][IMP]SWIFT 3SKey support (#18) --- account_ebics/README.rst | 3 +- account_ebics/__manifest__.py | 2 +- account_ebics/models/ebics_userid.py | 35 +++++++++++++++++++++ account_ebics/static/description/index.html | 7 ++--- account_ebics/views/ebics_userid_views.xml | 9 ++++-- 5 files changed, 48 insertions(+), 8 deletions(-) diff --git a/account_ebics/README.rst b/account_ebics/README.rst index d668e42..54aeab8 100644 --- a/account_ebics/README.rst +++ b/account_ebics/README.rst @@ -24,6 +24,7 @@ Remark: The EBICS 'Test Mode' for uploading orders requires Fintech 4.3.4 or higher. +SWIFT 3SKey support requires Fintech 6.4 or higher. | We also recommend to consider the installation of the following modules: @@ -136,5 +137,5 @@ You can also find this information in the doc folder of this module (file EBICS_ Known Issues / Roadmap ====================== -- add support for 3SKEY signed transactions - add support for EBICS 3.0 +- add support to import externally generated keys & certificates (currently only 3SKey signature certificate) diff --git a/account_ebics/__manifest__.py b/account_ebics/__manifest__.py index bce8e59..fd3324d 100644 --- a/account_ebics/__manifest__.py +++ b/account_ebics/__manifest__.py @@ -3,7 +3,7 @@ { 'name': 'EBICS banking protocol', - 'version': '13.0.1.1.4', + 'version': '13.0.1.2.0', 'license': 'LGPL-3', 'author': 'Noviat', 'website': 'www.noviat.com', diff --git a/account_ebics/models/ebics_userid.py b/account_ebics/models/ebics_userid.py index 4953474..6ae6a1f 100644 --- a/account_ebics/models/ebics_userid.py +++ b/account_ebics/models/ebics_userid.py @@ -93,6 +93,14 @@ class EbicsUserID(models.Model): help="EBICS Public Bank Keys to be checked for consistency.") ebics_public_bank_keys_fn = fields.Char( string='EBICS Public Bank Keys Filename', readonly=True) + swift_3skey = fields.Boolean( + string='Enable 3SKey support', + help="Transactions for this user will be signed " + "by means of the SWIFT 3SKey token.") + swift_3skey_certificate = fields.Binary( + string='3SKey Certficate') + swift_3skey_certificate_fn = fields.Char( + string='EBICS Public Bank Keys Filename') # X.509 Distinguished Name attributes used to # create self-signed X.509 certificates ebics_key_x509 = fields.Boolean( @@ -168,6 +176,16 @@ class EbicsUserID(models.Model): raise UserError(_( "The passphrase must be at least 8 characters long")) + @api.onchange('signature_class') + def _onchange_signature_class(self): + if self.signature_class == 'T': + self.swift_3skey = False + + @api.onchange('swift_3skey') + def _onchange_swift_3skey(self): + if self.swift_3skey: + self.ebics_key_x509 = True + def set_to_draft(self): return self.write({'state': 'draft'}) @@ -192,6 +210,10 @@ class EbicsUserID(models.Model): raise UserError( _("Set a passphrase.")) + if not self.swift_3skey and not self.swift_3skey_certificate: + raise UserError( + _("3SKey certificate missing.")) + ebics_version = self.ebics_config_id.ebics_version try: keyring = EbicsKeyRing( @@ -214,6 +236,14 @@ class EbicsUserID(models.Model): self.ebics_config_id._check_ebics_keys() if not os.path.isfile(self.ebics_keys_fn): try: + # TODO: + # enable import of all type of certicates: A00x, X002, E002 + if self.swift_3skey: + kwargs = { + self.ebics_config_id.ebics_key_version: + base64.decodestring(self.swift_3skey_certificate), + } + user.import_certificates(**kwargs) user.create_keys( keyversion=self.ebics_config_id.ebics_key_version, bitlength=self.ebics_config_id.ebics_key_bitlength) @@ -223,6 +253,11 @@ class EbicsUserID(models.Model): error += '\n' + str(exctype) + '\n' + str(value) raise UserError(error) + if self.swift_3skey and not self.ebics_key_x509: + raise UserError(_( + "The current version of this module " + "requires to X509 support when enabling 3SKey")) + if self.ebics_key_x509: dn_attrs = { 'commonName': self.ebics_key_x509_dn_cn, diff --git a/account_ebics/static/description/index.html b/account_ebics/static/description/index.html index fd66ab0..570ff71 100644 --- a/account_ebics/static/description/index.html +++ b/account_ebics/static/description/index.html @@ -358,9 +358,8 @@ ul.auto-toc {

Remark:

The EBICS 'Test Mode' for uploading orders requires Fintech 4.3.4 or higher.

-
-

-
+

SWIFT 3SKey support requires Fintech 6.4 or higher. +|

We also recommend to consider the installation of the following modules:


@@ -472,8 +471,8 @@ You can also find this information in the doc folder of this module (file EBICS_

Known Issues / Roadmap

    -
  • add support for 3SKEY signed transactions
  • add support for EBICS 3.0
  • +
  • add support to import externally generated keys & certificates (currently only 3SKey signature certificate)
diff --git a/account_ebics/views/ebics_userid_views.xml b/account_ebics/views/ebics_userid_views.xml index b402c74..aa32002 100644 --- a/account_ebics/views/ebics_userid_views.xml +++ b/account_ebics/views/ebics_userid_views.xml @@ -38,13 +38,18 @@ help="Use this button to bypass the EBICS initialization (e.g. in case you have manually transferred active EBICS keys from another system."/> - + + + + @@ -53,7 +58,7 @@ - + Distinguished Name attributes used to create self-signed X.509 certificates: