From eae942bf2a33b6da76a42860c91020ee2bec85b5 Mon Sep 17 00:00:00 2001
From: Luc De Meyer <luc.demeyer@noviat.com>
Date: Fri, 23 Dec 2022 15:16:22 +0100
Subject: [PATCH] EBICS 3.0 - add extra checks on settings

---
 account_ebics/models/ebics_config.py       |  6 ++++++
 account_ebics/models/ebics_userid.py       | 21 ++++++++++++++++++++-
 account_ebics/views/ebics_userid_views.xml |  1 +
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/account_ebics/models/ebics_config.py b/account_ebics/models/ebics_config.py
index 4cde65c..530ed7c 100644
--- a/account_ebics/models/ebics_config.py
+++ b/account_ebics/models/ebics_config.py
@@ -163,6 +163,12 @@ class EbicsConfig(models.Model):
     def _default_ebics_keys(self):
         return "/".join(["/etc/odoo/ebics_keys", self._cr.dbname])
 
+    @api.constrains("ebics_key_bitlength")
+    def _check_ebics_key_bitlength(self):
+        for cfg in self:
+            if cfg.ebics_version == "H005" and cfg.ebics_key_bitlength < 2048:
+                raise UserError(_("EBICS key bitlength must be >= 2048."))
+
     @api.constrains("order_number")
     def _check_order_number(self):
         for cfg in self:
diff --git a/account_ebics/models/ebics_userid.py b/account_ebics/models/ebics_userid.py
index 7df3026..10cb14c 100644
--- a/account_ebics/models/ebics_userid.py
+++ b/account_ebics/models/ebics_userid.py
@@ -64,6 +64,7 @@ class EbicsUserID(models.Model):
     ebics_config_id = fields.Many2one(
         comodel_name="ebics.config", string="EBICS Configuration", ondelete="cascade"
     )
+    ebics_version = fields.Selection(related="ebics_config_id.ebics_version")
     user_ids = fields.Many2many(
         comodel_name="res.users",
         string="Users",
@@ -185,12 +186,23 @@ class EbicsUserID(models.Model):
                 rec.ebics_keys_fn
             )
 
+    @api.constrains("ebics_key_x509")
+    def _check_ebics_key_x509(self):
+        for cfg in self:
+            if cfg.ebics_version == "H005" and not cfg.ebics_key_x509:
+                raise UserError(_("X.509 certificates must be used with EBICS 3.0."))
+
     @api.constrains("ebics_passphrase")
     def _check_ebics_passphrase(self):
         for rec in self:
             if not rec.ebics_passphrase or len(rec.ebics_passphrase) < 8:
                 raise UserError(_("The passphrase must be at least 8 characters long"))
 
+    @api.onchange("ebics_version")
+    def _onchange_ebics_version(self):
+        if self.ebics_version == "H005":
+            self.ebics_key_x509 = True
+
     @api.onchange("signature_class")
     def _onchange_signature_class(self):
         if self.signature_class == "T":
@@ -292,7 +304,14 @@ class EbicsUserID(models.Model):
             kwargs = {k: v for k, v in dn_attrs.items() if v}
             user.create_certificates(**kwargs)
 
-        client = EbicsClient(bank, user, version=ebics_version)
+        try:
+            client = EbicsClient(bank, user, version=ebics_version)
+        except RuntimeError as err:
+            e = exc_info()
+            error = _("EBICS Initialization Error:")
+            error += "\n"
+            error += err.args[0]
+            raise UserError(error) from err
 
         # Send the public electronic signature key to the bank.
         ebics_config_bank = self.ebics_config_id.journal_ids[0].bank_id
diff --git a/account_ebics/views/ebics_userid_views.xml b/account_ebics/views/ebics_userid_views.xml
index cd22353..d37d655 100644
--- a/account_ebics/views/ebics_userid_views.xml
+++ b/account_ebics/views/ebics_userid_views.xml
@@ -85,6 +85,7 @@
         <group name="main" attrs="{'readonly': [('state', '!=', 'draft')]}">
           <field name="ebics_keys_found" invisible="1" />
           <field name="ebics_keys_fn" invisible="1" />
+          <field name="ebics_version" invisible="1" />
           <group name="main-left">
             <field name="name" />
             <field