[13.0][IMP]SWIFT 3SKey support (#18)

This commit is contained in:
Luc De Meyer 2020-08-07 17:12:02 +02:00
parent 293c1fa3c2
commit 09ab61270f
5 changed files with 48 additions and 8 deletions

View File

@ -24,6 +24,7 @@ Remark:
The EBICS 'Test Mode' for uploading orders requires Fintech 4.3.4 or higher. The EBICS 'Test Mode' for uploading orders requires Fintech 4.3.4 or higher.
SWIFT 3SKey support requires Fintech 6.4 or higher.
| |
We also recommend to consider the installation of the following modules: We also recommend to consider the installation of the following modules:
@ -136,5 +137,5 @@ You can also find this information in the doc folder of this module (file EBICS_
Known Issues / Roadmap Known Issues / Roadmap
====================== ======================
- add support for 3SKEY signed transactions
- add support for EBICS 3.0 - add support for EBICS 3.0
- add support to import externally generated keys & certificates (currently only 3SKey signature certificate)

View File

@ -3,7 +3,7 @@
{ {
'name': 'EBICS banking protocol', 'name': 'EBICS banking protocol',
'version': '13.0.1.1.4', 'version': '13.0.1.2.0',
'license': 'LGPL-3', 'license': 'LGPL-3',
'author': 'Noviat', 'author': 'Noviat',
'website': 'www.noviat.com', 'website': 'www.noviat.com',

View File

@ -93,6 +93,14 @@ class EbicsUserID(models.Model):
help="EBICS Public Bank Keys to be checked for consistency.") help="EBICS Public Bank Keys to be checked for consistency.")
ebics_public_bank_keys_fn = fields.Char( ebics_public_bank_keys_fn = fields.Char(
string='EBICS Public Bank Keys Filename', readonly=True) string='EBICS Public Bank Keys Filename', readonly=True)
swift_3skey = fields.Boolean(
string='Enable 3SKey support',
help="Transactions for this user will be signed "
"by means of the SWIFT 3SKey token.")
swift_3skey_certificate = fields.Binary(
string='3SKey Certficate')
swift_3skey_certificate_fn = fields.Char(
string='EBICS Public Bank Keys Filename')
# X.509 Distinguished Name attributes used to # X.509 Distinguished Name attributes used to
# create self-signed X.509 certificates # create self-signed X.509 certificates
ebics_key_x509 = fields.Boolean( ebics_key_x509 = fields.Boolean(
@ -168,6 +176,16 @@ class EbicsUserID(models.Model):
raise UserError(_( raise UserError(_(
"The passphrase must be at least 8 characters long")) "The passphrase must be at least 8 characters long"))
@api.onchange('signature_class')
def _onchange_signature_class(self):
if self.signature_class == 'T':
self.swift_3skey = False
@api.onchange('swift_3skey')
def _onchange_swift_3skey(self):
if self.swift_3skey:
self.ebics_key_x509 = True
def set_to_draft(self): def set_to_draft(self):
return self.write({'state': 'draft'}) return self.write({'state': 'draft'})
@ -192,6 +210,10 @@ class EbicsUserID(models.Model):
raise UserError( raise UserError(
_("Set a passphrase.")) _("Set a passphrase."))
if not self.swift_3skey and not self.swift_3skey_certificate:
raise UserError(
_("3SKey certificate missing."))
ebics_version = self.ebics_config_id.ebics_version ebics_version = self.ebics_config_id.ebics_version
try: try:
keyring = EbicsKeyRing( keyring = EbicsKeyRing(
@ -214,6 +236,14 @@ class EbicsUserID(models.Model):
self.ebics_config_id._check_ebics_keys() self.ebics_config_id._check_ebics_keys()
if not os.path.isfile(self.ebics_keys_fn): if not os.path.isfile(self.ebics_keys_fn):
try: try:
# TODO:
# enable import of all type of certicates: A00x, X002, E002
if self.swift_3skey:
kwargs = {
self.ebics_config_id.ebics_key_version:
base64.decodestring(self.swift_3skey_certificate),
}
user.import_certificates(**kwargs)
user.create_keys( user.create_keys(
keyversion=self.ebics_config_id.ebics_key_version, keyversion=self.ebics_config_id.ebics_key_version,
bitlength=self.ebics_config_id.ebics_key_bitlength) bitlength=self.ebics_config_id.ebics_key_bitlength)
@ -223,6 +253,11 @@ class EbicsUserID(models.Model):
error += '\n' + str(exctype) + '\n' + str(value) error += '\n' + str(exctype) + '\n' + str(value)
raise UserError(error) raise UserError(error)
if self.swift_3skey and not self.ebics_key_x509:
raise UserError(_(
"The current version of this module "
"requires to X509 support when enabling 3SKey"))
if self.ebics_key_x509: if self.ebics_key_x509:
dn_attrs = { dn_attrs = {
'commonName': self.ebics_key_x509_dn_cn, 'commonName': self.ebics_key_x509_dn_cn,

View File

@ -358,9 +358,8 @@ ul.auto-toc {
</ul> </ul>
<p>Remark:</p> <p>Remark:</p>
<p>The EBICS 'Test Mode' for uploading orders requires Fintech 4.3.4 or higher.</p> <p>The EBICS 'Test Mode' for uploading orders requires Fintech 4.3.4 or higher.</p>
<div class="line-block"> <p>SWIFT 3SKey support requires Fintech 6.4 or higher.
<div class="line"><br /></div> |</p>
</div>
<p>We also recommend to consider the installation of the following modules:</p> <p>We also recommend to consider the installation of the following modules:</p>
<div class="line-block"> <div class="line-block">
<div class="line"><br /></div> <div class="line"><br /></div>
@ -472,8 +471,8 @@ You can also find this information in the doc folder of this module (file EBICS_
<div class="section" id="known-issues-roadmap"> <div class="section" id="known-issues-roadmap">
<h2>Known Issues / Roadmap</h2> <h2>Known Issues / Roadmap</h2>
<ul class="simple"> <ul class="simple">
<li>add support for 3SKEY signed transactions</li>
<li>add support for EBICS 3.0</li> <li>add support for EBICS 3.0</li>
<li>add support to import externally generated keys &amp; certificates (currently only 3SKey signature certificate)</li>
</ul> </ul>
</div> </div>
</div> </div>

View File

@ -38,13 +38,18 @@
help="Use this button to bypass the EBICS initialization (e.g. in case you have manually transferred active EBICS keys from another system."/> help="Use this button to bypass the EBICS initialization (e.g. in case you have manually transferred active EBICS keys from another system."/>
<field name="state" widget="statusbar"/> <field name="state" widget="statusbar"/>
</header> </header>
<group name="main"> <group name="main" attrs="{'readonly': [('state', '!=', 'draft')]}">
<field name="ebics_keys_found" invisible="1"/> <field name="ebics_keys_found" invisible="1"/>
<field name="ebics_keys_fn" invisible="1"/> <field name="ebics_keys_fn" invisible="1"/>
<group name="main-left"> <group name="main-left">
<field name="name"/> <field name="name"/>
<field name="ebics_passphrase" password="True" <field name="ebics_passphrase" password="True"
attrs="{'required': [('state', '=', 'draft')]}"/> attrs="{'required': [('state', '=', 'draft')]}"/>
<field name="swift_3skey"
attrs="{'invisible': [('signature_class', '=', 'T')]}"/>
<field name="swift_3skey_certificate_fn" invisible="1"/>
<field name="swift_3skey_certificate" filename="swift_3skey_certificate_fn"
attrs="{'invisible': [('swift_3skey', '=', False)], 'required': [('swift_3skey', '=', True)]}"/>
<field name="active"/> <field name="active"/>
</group> </group>
<group name="main-right"> <group name="main-right">
@ -53,7 +58,7 @@
<field name="ebics_key_x509"/> <field name="ebics_key_x509"/>
</group> </group>
</group> </group>
<group col="4" name="dn" attrs="{'invisible': [('ebics_key_x509', '=', False)]}"> <group col="4" name="dn" attrs="{'invisible': [('ebics_key_x509', '=', False)], 'readonly': [('state', '!=', 'draft')]}">
<group colspan="4" col="1"> <group colspan="4" col="1">
<strong>Distinguished Name attributes used to create self-signed X.509 certificates:</strong> <strong>Distinguished Name attributes used to create self-signed X.509 certificates:</strong>
</group> </group>