[13.0][IMP]SWIFT 3SKey support (#18)

This commit is contained in:
Luc De Meyer 2020-08-07 17:12:02 +02:00
parent 967a2927a7
commit b5ba6fc6bd
5 changed files with 48 additions and 8 deletions

View File

@ -24,6 +24,7 @@ Remark:
The EBICS 'Test Mode' for uploading orders requires Fintech 4.3.4 or higher.
SWIFT 3SKey support requires Fintech 6.4 or higher.
|
We also recommend to consider the installation of the following modules:
@ -136,5 +137,5 @@ You can also find this information in the doc folder of this module (file EBICS_
Known Issues / Roadmap
======================
- add support for 3SKEY signed transactions
- add support for EBICS 3.0
- add support to import externally generated keys & certificates (currently only 3SKey signature certificate)

View File

@ -3,7 +3,7 @@
{
'name': 'EBICS banking protocol',
'version': '13.0.1.1.4',
'version': '13.0.1.2.0',
'license': 'LGPL-3',
'author': 'Noviat',
'website': 'www.noviat.com',

View File

@ -93,6 +93,14 @@ class EbicsUserID(models.Model):
help="EBICS Public Bank Keys to be checked for consistency.")
ebics_public_bank_keys_fn = fields.Char(
string='EBICS Public Bank Keys Filename', readonly=True)
swift_3skey = fields.Boolean(
string='Enable 3SKey support',
help="Transactions for this user will be signed "
"by means of the SWIFT 3SKey token.")
swift_3skey_certificate = fields.Binary(
string='3SKey Certficate')
swift_3skey_certificate_fn = fields.Char(
string='EBICS Public Bank Keys Filename')
# X.509 Distinguished Name attributes used to
# create self-signed X.509 certificates
ebics_key_x509 = fields.Boolean(
@ -168,6 +176,16 @@ class EbicsUserID(models.Model):
raise UserError(_(
"The passphrase must be at least 8 characters long"))
@api.onchange('signature_class')
def _onchange_signature_class(self):
if self.signature_class == 'T':
self.swift_3skey = False
@api.onchange('swift_3skey')
def _onchange_swift_3skey(self):
if self.swift_3skey:
self.ebics_key_x509 = True
def set_to_draft(self):
return self.write({'state': 'draft'})
@ -192,6 +210,10 @@ class EbicsUserID(models.Model):
raise UserError(
_("Set a passphrase."))
if not self.swift_3skey and not self.swift_3skey_certificate:
raise UserError(
_("3SKey certificate missing."))
ebics_version = self.ebics_config_id.ebics_version
try:
keyring = EbicsKeyRing(
@ -214,6 +236,14 @@ class EbicsUserID(models.Model):
self.ebics_config_id._check_ebics_keys()
if not os.path.isfile(self.ebics_keys_fn):
try:
# TODO:
# enable import of all type of certicates: A00x, X002, E002
if self.swift_3skey:
kwargs = {
self.ebics_config_id.ebics_key_version:
base64.decodestring(self.swift_3skey_certificate),
}
user.import_certificates(**kwargs)
user.create_keys(
keyversion=self.ebics_config_id.ebics_key_version,
bitlength=self.ebics_config_id.ebics_key_bitlength)
@ -223,6 +253,11 @@ class EbicsUserID(models.Model):
error += '\n' + str(exctype) + '\n' + str(value)
raise UserError(error)
if self.swift_3skey and not self.ebics_key_x509:
raise UserError(_(
"The current version of this module "
"requires to X509 support when enabling 3SKey"))
if self.ebics_key_x509:
dn_attrs = {
'commonName': self.ebics_key_x509_dn_cn,

View File

@ -358,9 +358,8 @@ ul.auto-toc {
</ul>
<p>Remark:</p>
<p>The EBICS 'Test Mode' for uploading orders requires Fintech 4.3.4 or higher.</p>
<div class="line-block">
<div class="line"><br /></div>
</div>
<p>SWIFT 3SKey support requires Fintech 6.4 or higher.
|</p>
<p>We also recommend to consider the installation of the following modules:</p>
<div class="line-block">
<div class="line"><br /></div>
@ -472,8 +471,8 @@ You can also find this information in the doc folder of this module (file EBICS_
<div class="section" id="known-issues-roadmap">
<h2>Known Issues / Roadmap</h2>
<ul class="simple">
<li>add support for 3SKEY signed transactions</li>
<li>add support for EBICS 3.0</li>
<li>add support to import externally generated keys &amp; certificates (currently only 3SKey signature certificate)</li>
</ul>
</div>
</div>

View File

@ -38,13 +38,18 @@
help="Use this button to bypass the EBICS initialization (e.g. in case you have manually transferred active EBICS keys from another system."/>
<field name="state" widget="statusbar"/>
</header>
<group name="main">
<group name="main" attrs="{'readonly': [('state', '!=', 'draft')]}">
<field name="ebics_keys_found" invisible="1"/>
<field name="ebics_keys_fn" invisible="1"/>
<group name="main-left">
<field name="name"/>
<field name="ebics_passphrase" password="True"
attrs="{'required': [('state', '=', 'draft')]}"/>
<field name="swift_3skey"
attrs="{'invisible': [('signature_class', '=', 'T')]}"/>
<field name="swift_3skey_certificate_fn" invisible="1"/>
<field name="swift_3skey_certificate" filename="swift_3skey_certificate_fn"
attrs="{'invisible': [('swift_3skey', '=', False)], 'required': [('swift_3skey', '=', True)]}"/>
<field name="active"/>
</group>
<group name="main-right">
@ -53,7 +58,7 @@
<field name="ebics_key_x509"/>
</group>
</group>
<group col="4" name="dn" attrs="{'invisible': [('ebics_key_x509', '=', False)]}">
<group col="4" name="dn" attrs="{'invisible': [('ebics_key_x509', '=', False)], 'readonly': [('state', '!=', 'draft')]}">
<group colspan="4" col="1">
<strong>Distinguished Name attributes used to create self-signed X.509 certificates:</strong>
</group>