int addUser(AB_PROVIDER *pro,
GWEN_DB_NODE *dbArgs,
int argc,
char **argv)
{
GWEN_DB_NODE *db;
int rv;
GWEN_BUFFER *nameBuffer=NULL;
const char *tokenName;
const char *tokenType;
const char *bankId;
const char *userId;
const char *customerId;
const char *userName;
const char *hostName;
const char *server;
const char *ebicsVersion;
int importing;
uint32_t cid;
const GWEN_ARGS args[]= {
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"bankId", /* name */
0, /* minnum */
1, /* maxnum */
"b", /* short option */
"bank", /* long option */
"Specify the bank code", /* short description */
"Specify the bank code" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"userId", /* name */
0, /* minnum */
1, /* maxnum */
"u", /* short option */
"user", /* long option */
"Specify the user id (Benutzerkennung)", /* short description */
"Specify the user id (Benutzerkennung)" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"customerId", /* name */
0, /* minnum */
1, /* maxnum */
"c", /* short option */
"customer", /* long option */
"Specify the customer id (Kundennummer)", /* short description */
"Specify the customer id (Kundennummer)" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"tokenType", /* name */
1, /* minnum */
1, /* maxnum */
"t", /* short option */
"tokentype", /* long option */
"Specify the crypt token type", /* short description */
"Specify the crypt token type" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"tokenName", /* name */
0, /* minnum */
1, /* maxnum */
"n", /* short option */
"tokenname", /* long option */
"Specify the crypt token name", /* short description */
"Specify the crypt token name" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"serverAddr", /* name */
0, /* minnum */
1, /* maxnum */
"s", /* short option */
"server", /* long option */
"Specify the server URL", /* short description */
"Specify the server URL" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"hostName", /* name */
1, /* minnum */
1, /* maxnum */
"H", /* short option */
"hostname", /* long option */
"Specify the EBICS hostname", /* short description */
"Specify the EBICS hostname" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"userName", /* name */
1, /* minnum */
1, /* maxnum */
"N", /* short option */
"username", /* long option */
"Specify the realname of the user", /* short description */
"Specify the realname of the user" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"ebicsVersion", /* name */
0, /* minnum */
1, /* maxnum */
"E", /* short option */
"ebicsversion", /* long option */
"Specify the EBICS version to use (e.g. H002)", /* short description */
"Specify the EBICS version to use (e.g. H002)" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Int, /* type */
"context", /* name */
0, /* minnum */
1, /* maxnum */
0, /* short option */
"context", /* long option */
"Select a context on the medium", /* short description */
"Select a context on the medium" /* long description */
},
{
0, /* flags */
GWEN_ArgsType_Int, /* type */
"import", /* name */
0, /* minnum */
1, /* maxnum */
0, /* short option */
"import", /* long option */
"Import a user which has already been in use (e.g. with previous versions)",
"Import a user which has already been in use (e.g. with previous versions)"
},
{
GWEN_ARGS_FLAGS_HELP | GWEN_ARGS_FLAGS_LAST, /* flags */
GWEN_ArgsType_Int, /* type */
"help", /* name */
0, /* minnum */
0, /* maxnum */
"h", /* short option */
"help", /* long option */
"Show this help screen", /* short description */
"Show this help screen" /* long description */
}
};
db=GWEN_DB_GetGroup(dbArgs, GWEN_DB_FLAGS_DEFAULT, "local");
rv=GWEN_Args_Check(argc, argv, 1,
0 /*GWEN_ARGS_MODE_ALLOW_FREEPARAM*/,
args,
db);
if (rv==GWEN_ARGS_RESULT_ERROR) {
fprintf(stderr, "ERROR: Could not parse arguments\n");
return 1;
}
else if (rv==GWEN_ARGS_RESULT_HELP) {
GWEN_BUFFER *ubuf;
ubuf=GWEN_Buffer_new(0, 1024, 0, 1);
if (GWEN_Args_Usage(args, ubuf, GWEN_ArgsOutType_Txt)) {
fprintf(stderr, "ERROR: Could not create help string\n");
return 1;
}
fprintf(stdout, "%s\n", GWEN_Buffer_GetStart(ubuf));
GWEN_Buffer_free(ubuf);
return 0;
}
tokenType=GWEN_DB_GetCharValue(db, "tokenType", 0, 0);
tokenName=GWEN_DB_GetCharValue(db, "tokenName", 0, 0);
bankId=GWEN_DB_GetCharValue(db, "bankId", 0, 0);
userId=GWEN_DB_GetCharValue(db, "userId", 0, 0);
customerId=GWEN_DB_GetCharValue(db, "customerId", 0, 0);
hostName=GWEN_DB_GetCharValue(db, "hostName", 0, 0);
userName=GWEN_DB_GetCharValue(db, "userName", 0, 0);
server=GWEN_DB_GetCharValue(db, "serverAddr", 0, 0);
cid=GWEN_DB_GetIntValue(db, "context", 0, 0);
importing=GWEN_DB_GetIntValue(db, "import", 0, 0);
ebicsVersion=GWEN_DB_GetCharValue(db, "ebicsVersion", 0, "H003");
if (1) {
const char *lbankId;
const char *luserId;
const char *lcustomerId;
const char *lserverAddr;
GWEN_URL *url;
GWEN_CRYPT_TOKEN_CONTEXT *ctx=NULL;
AB_USER *user;
if (1) {
GWEN_PLUGIN_MANAGER *pm;
GWEN_PLUGIN *pl;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *cctx;
if (cid==0) {
DBG_ERROR(0, "No context given.");
return 1;
}
/* get crypt token */
pm=GWEN_PluginManager_FindPluginManager("ct");
if (pm==0) {
DBG_ERROR(0, "Plugin manager not found");
return 3;
}
pl=GWEN_PluginManager_GetPlugin(pm, tokenType);
if (pl==0) {
DBG_ERROR(0, "Plugin not found");
return 3;
}
DBG_INFO(0, "Plugin found");
ct=GWEN_Crypt_Token_Plugin_CreateToken(pl, tokenName);
if (ct==0) {
DBG_ERROR(0, "Could not create crypt token");
return 3;
}
/* open crypt token */
rv=GWEN_Crypt_Token_Open(ct, 0, 0);
if (rv) {
DBG_ERROR(0, "Could not open token (%d)", rv);
return 3;
}
/* get real token name */
nameBuffer=GWEN_Buffer_new(0, 64, 0, 1);
GWEN_Buffer_AppendString(nameBuffer, GWEN_Crypt_Token_GetTokenName(ct));
tokenName=GWEN_Buffer_GetStart(nameBuffer);
cctx=GWEN_Crypt_Token_GetContext(ct, cid, 0);
if (cctx==NULL) {
DBG_ERROR(0, "Context %02x not found", cid);
return 3;
}
ctx=GWEN_Crypt_Token_Context_dup(cctx);
lbankId=bankId?bankId:GWEN_Crypt_Token_Context_GetServiceId(ctx);
luserId=userId?userId:GWEN_Crypt_Token_Context_GetUserId(ctx);
lcustomerId=customerId?customerId:luserId;
lserverAddr=server?server:GWEN_Crypt_Token_Context_GetAddress(ctx);
rv=GWEN_Crypt_Token_Close(ct, 0, 0);
if (rv) {
DBG_ERROR(0, "Could not close token (%d)", rv);
return 3;
}
GWEN_Crypt_Token_free(ct);
}
if (!lbankId || !*lbankId) {
DBG_ERROR(0, "No bank id stored and none given");
return 3;
}
if (!luserId || !*luserId) {
DBG_ERROR(0, "No user id (Benutzerkennung) stored and none given");
return 3;
}
/* TODO: Check for existing users to avoid duplicates */
#if 0
user=AB_Banking_FindUser(ab, EBC_PROVIDER_NAME,
"de",
lbankId, luserId, lcustomerId);
if (user) {
DBG_ERROR(0, "User %s already exists", luserId);
return 3;
}
#endif
user=AB_Provider_CreateUserObject(pro);
assert(user);
AB_User_SetCountry(user, "de");
AB_User_SetBankCode(user, lbankId);
AB_User_SetUserId(user, luserId);
AB_User_SetCustomerId(user, lcustomerId);
EBC_User_SetPeerId(user, hostName);
AB_User_SetUserName(user, userName);
EBC_User_SetTokenType(user, tokenType);
EBC_User_SetTokenName(user, tokenName);
EBC_User_SetTokenContextId(user, cid);
if (ebicsVersion) {
if (strcasecmp(ebicsVersion, "H002")==0) {
EBC_User_SetProtoVersion(user, "H002");
EBC_User_SetSignVersion(user, "A004");
EBC_User_SetAuthVersion(user, "X001");
EBC_User_SetCryptVersion(user, "E001");
}
else if (strcasecmp(ebicsVersion, "H003")==0) {
EBC_User_SetProtoVersion(user, "H003");
EBC_User_SetSignVersion(user, "A005");
EBC_User_SetAuthVersion(user, "X002");
EBC_User_SetCryptVersion(user, "E002");
}
else if (strcasecmp(ebicsVersion, "H004")==0) {
EBC_User_SetProtoVersion(user, "H004");
EBC_User_SetSignVersion(user, "A005");
EBC_User_SetAuthVersion(user, "X002");
EBC_User_SetCryptVersion(user, "E002");
}
else {
fprintf(stderr, "%s",
I18N("Invalid protocol version.\n"
"Possible versions are H002, H003 and H004.\n"));
return 3;
}
}
/* try to get server address from database if still unknown */
if (!lserverAddr || *lserverAddr==0) {
GWEN_BUFFER *tbuf;
tbuf=GWEN_Buffer_new(0, 256, 0, 1);
if (getBankUrl(AB_Provider_GetBanking(pro), lbankId, tbuf)) {
DBG_INFO(0, "Could not find server address for \"%s\"", lbankId);
}
if (GWEN_Buffer_GetUsedBytes(tbuf)==0) {
DBG_ERROR(0, "No address given and none available in internal db");
return 3;
}
url=GWEN_Url_fromString(GWEN_Buffer_GetStart(tbuf));
if (url==NULL) {
DBG_ERROR(0, "Bad URL \"%s\" in internal db",
GWEN_Buffer_GetStart(tbuf));
return 3;
}
GWEN_Buffer_free(tbuf);
}
else {
/* set address */
url=GWEN_Url_fromString(lserverAddr);
if (url==NULL) {
DBG_ERROR(0, "Bad URL \"%s\"", lserverAddr);
return 3;
}
}
GWEN_Url_SetProtocol(url, "https");
if (GWEN_Url_GetPort(url)==0)
GWEN_Url_SetPort(url, 443);
/* set url */
if (1) {
GWEN_BUFFER *tbuf;
tbuf=GWEN_Buffer_new(0, 256, 0, 1);
rv=GWEN_Url_toString(url, tbuf);
if (rv<0) {
DBG_ERROR(0, "Internal error storing URL");
return 3;
}
EBC_User_SetServerUrl(user, GWEN_Buffer_GetStart(tbuf));
GWEN_Buffer_free(tbuf);
}
GWEN_Url_free(url);
if (importing) {
EBC_User_AddFlags(user, EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA);
EBC_User_SetStatus(user, EBC_UserStatus_Enabled);
}
rv=AB_Provider_AddUser(pro, user);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Coud not add new user (%d)", rv);
AB_User_free(user);
return 4;
}
AB_User_free(user);
/* context no longer needed */
GWEN_Crypt_Token_Context_free(ctx);
}
return 0;
}
int EBC_Provider_XchgIniRequest_H002(AB_PROVIDER *pro,
GWEN_HTTP_SESSION *sess,
AB_USER *u)
{
int rv;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
uint32_t kid;
const GWEN_CRYPT_TOKEN_KEYINFO *signKeyInfo=NULL;
xmlNsPtr ns;
EB_MSG *msg;
const char *userId;
EB_MSG *mRsp;
EB_RC rc;
xmlDocPtr doc;
xmlNodePtr root_node = NULL;
xmlNodePtr node = NULL;
GWEN_BUFFER *tbuf;
const char *signVersion;
const char *s;
GWEN_BUFFER *bufKey;
GWEN_BUFFER *bufZip;
GWEN_BUFFER *bufB64;
userId=AB_User_GetUserId(u);
/* get crypt token and context */
rv=EBC_Provider_MountToken(pro, u, &ct, &ctx);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
return rv;
}
/* get crypt key info */
kid=GWEN_Crypt_Token_Context_GetSignKeyId(ctx);
if (kid) {
signKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid,
GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER,
0);
if (signKeyInfo==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Sign key info not found on crypt token");
GWEN_Gui_ProgressLog(0,
GWEN_LoggerLevel_Error,
I18N("Sign key info not found on crypt token"));
return GWEN_ERROR_NOT_FOUND;
}
}
signVersion=EBC_User_GetSignVersion(u);
if (!(signVersion && *signVersion))
signVersion="A004";
if (strcasecmp(signVersion, "A004")==0) {
/* encode according to "DFUE-Abkommen" */
bufKey=GWEN_Buffer_new(0, 512, 0, 1);
rc=EB_Key_Info_toBin(signKeyInfo, userId, "A004", 1024, bufKey);
if (rc) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error writing key (rc=%06x)", rc);
GWEN_Buffer_free(bufKey);
return GWEN_ERROR_GENERIC;
}
/* zip order */
bufZip=GWEN_Buffer_new(0, 512, 0, 1);
if (EB_Zip_Deflate(GWEN_Buffer_GetStart(bufKey),
GWEN_Buffer_GetUsedBytes(bufKey),
bufZip)) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Unable to zip key data");
GWEN_Buffer_free(bufZip);
GWEN_Buffer_free(bufKey);
return GWEN_ERROR_GENERIC;
}
GWEN_Buffer_free(bufKey);
/* base64 encode for order */
bufB64=GWEN_Buffer_new(0, 800, 0, 1);
if (GWEN_Base64_Encode((const unsigned char *)GWEN_Buffer_GetStart(bufZip),
GWEN_Buffer_GetUsedBytes(bufZip),
bufB64, 0)) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error encoding key");
GWEN_Buffer_free(bufB64);
GWEN_Buffer_free(bufZip);
return GWEN_ERROR_GENERIC;
}
GWEN_Buffer_free(bufZip);
}
else {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Unsupported sign version [%s]", signVersion);
return GWEN_ERROR_INTERNAL;
}
/* create request */
msg=EB_Msg_new();
doc=EB_Msg_GetDoc(msg);
root_node=xmlNewNode(NULL, BAD_CAST "ebicsUnsecuredRequest");
xmlDocSetRootElement(doc, root_node);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.ebics.org/H002",
NULL);
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2000/09/xmldsig#",
BAD_CAST "ds");
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2001/XMLSchema-instance",
BAD_CAST "xsi");
xmlNewNsProp(root_node,
ns,
BAD_CAST "schemaLocation", /* xsi:schemaLocation */
BAD_CAST "http://www.ebics.org/H002 "
"http://www.ebics.org/H002/ebics_keymgmt_request.xsd");
xmlNewProp(root_node, BAD_CAST "Version", BAD_CAST "H002");
xmlNewProp(root_node, BAD_CAST "Revision", BAD_CAST "1");
/* header */
node=xmlNewChild(root_node, NULL, BAD_CAST "header", NULL);
xmlNewProp(node, BAD_CAST "authenticate", BAD_CAST "true");
xmlNewChild(node, NULL, BAD_CAST "static", NULL);
xmlNewChild(node, NULL, BAD_CAST "mutable", NULL);
/* body */
node=xmlNewChild(root_node, NULL, BAD_CAST "body", NULL);
/* fill */
s=EBC_User_GetPeerId(u);
if (s)
EB_Msg_SetCharValue(msg, "header/static/HostID", s);
s=AB_User_GetCustomerId(u);
if (s)
EB_Msg_SetCharValue(msg, "header/static/PartnerID", s);
EB_Msg_SetCharValue(msg, "header/static/UserID",
AB_User_GetUserId(u));
EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderType", "INI");
tbuf=GWEN_Buffer_new(0, 16, 0, 1);
rv=EBC_Provider_Generate_OrderId(pro, tbuf);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error creating order id (%d)", rv);
GWEN_Buffer_free(tbuf);
GWEN_Buffer_free(bufB64);
EB_Msg_free(msg);
return rv;
}
EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderID",
GWEN_Buffer_GetStart(tbuf));
GWEN_Buffer_free(tbuf);
EB_Msg_SetCharValue(msg,
"header/static/OrderDetails/OrderAttribute",
"DZNNN");
EB_Msg_SetCharValue(msg, "header/static/SecurityMedium", "0000");
EB_Msg_SetCharValue(msg, "body/DataTransfer/OrderData",
GWEN_Buffer_GetStart(bufB64));
GWEN_Buffer_free(bufB64);
/* exchange requests */
rv=EBC_Dialog_ExchangeMessages(sess, msg, &mRsp);
if (rv<0 || rv>=300) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv);
EB_Msg_free(msg);
return rv;
}
EB_Msg_free(msg);
/* check response */
assert(mRsp);
/* log results */
EBC_Provider_LogRequestResults(pro, mRsp, NULL);
rc=EB_Msg_GetResultCode(mRsp);
if ((rc & 0xff0000)==0x090000 ||
(rc & 0xff0000)==0x060000) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc);
EB_Msg_free(mRsp);
return AB_ERROR_SECURITY;
}
rc=EB_Msg_GetBodyResultCode(mRsp);
if (rc) {
if ((rc & 0xff0000)==0x090000 ||
(rc & 0xff0000)==0x060000) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc);
EB_Msg_free(mRsp);
if ((rc & 0xfff00)==0x091300 ||
(rc & 0xfff00)==0x091200)
return AB_ERROR_SECURITY;
else
return GWEN_ERROR_GENERIC;
}
}
EB_Msg_free(mRsp);
/* adjust user status and flags */
DBG_NOTICE(AQEBICS_LOGDOMAIN, "Adjusting user flags");
EBC_User_AddFlags(u, EBC_USER_FLAGS_INI);
if ((EBC_User_GetFlags(u) & (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA))
==
(EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA))
EBC_User_SetStatus(u, EBC_UserStatus_Init2);
else
EBC_User_SetStatus(u, EBC_UserStatus_Init1);
return 0;
}
static int EBC_Provider_XchgHpbRequest_H003(AB_PROVIDER *pro,
GWEN_HTTP_SESSION *sess,
AB_USER *u) {
EBC_PROVIDER *dp;
int rv;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
uint32_t keyId;
xmlNsPtr ns;
EB_MSG *msg;
EB_MSG *mRsp;
EB_RC rc;
xmlDocPtr doc;
xmlNodePtr root_node = NULL;
xmlNodePtr node = NULL;
xmlNodePtr sigNode = NULL;
GWEN_BUFFER *tbuf;
const char *s;
assert(pro);
dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro);
assert(dp);
/* get crypt token and context */
rv=EBC_Provider_MountToken(pro, u, &ct, &ctx);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
return rv;
}
/* create request */
msg=EB_Msg_new();
doc=EB_Msg_GetDoc(msg);
root_node=xmlNewNode(NULL, BAD_CAST "ebicsNoPubKeyDigestsRequest");
xmlDocSetRootElement(doc, root_node);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.ebics.org/H003",
NULL);
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2000/09/xmldsig#",
BAD_CAST "ds");
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2001/XMLSchema-instance",
BAD_CAST "xsi");
xmlNewNsProp(root_node,
ns,
BAD_CAST "schemaLocation", /* xsi:schemaLocation */
BAD_CAST "http://www.ebics.org/H003 "
"http://www.ebics.org/H003/ebics_keymgmt_request.xsd");
xmlNewProp(root_node, BAD_CAST "Version", BAD_CAST "H003");
xmlNewProp(root_node, BAD_CAST "Revision", BAD_CAST "1");
/* header */
node=xmlNewChild(root_node, NULL, BAD_CAST "header", NULL);
xmlNewProp(node, BAD_CAST "authenticate", BAD_CAST "true");
xmlNewChild(node, NULL, BAD_CAST "static", NULL);
xmlNewChild(node, NULL, BAD_CAST "mutable", NULL);
sigNode=xmlNewChild(root_node, NULL, BAD_CAST "AuthSignature", NULL);
/* body */
node=xmlNewChild(root_node, NULL, BAD_CAST "body", NULL);
/* fill */
s=EBC_User_GetPeerId(u);
if (s)
EB_Msg_SetCharValue(msg, "header/static/HostID", s);
/* generate Nonce */
tbuf=GWEN_Buffer_new(0, 128, 0, 1);
rv=EBC_Provider_GenerateNonce(pro, tbuf);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(tbuf);
EB_Msg_free(msg);
return rv;
}
EB_Msg_SetCharValue(msg, "header/static/Nonce", GWEN_Buffer_GetStart(tbuf));
GWEN_Buffer_Reset(tbuf);
/* generate timestamp */
rv=EBC_Provider_GenerateTimeStamp(pro, u, tbuf);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(tbuf);
EB_Msg_free(msg);
return rv;
}
EB_Msg_SetCharValue(msg, "header/static/Timestamp", GWEN_Buffer_GetStart(tbuf));
GWEN_Buffer_free(tbuf);
s=AB_User_GetCustomerId(u);
if (s)
EB_Msg_SetCharValue(msg, "header/static/PartnerID", s);
EB_Msg_SetCharValue(msg, "header/static/UserID",
AB_User_GetUserId(u));
EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderType", "HPB");
EB_Msg_SetCharValue(msg,
"header/static/OrderDetails/OrderAttribute",
"DZHNN");
EB_Msg_SetCharValue(msg, "header/static/SecurityMedium", "0000");
/* sign */
rv=EBC_Provider_SignMessage(pro, msg, u, sigNode);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
EB_Msg_free(msg);
return rv;
}
/* exchange requests */
rv=EBC_Dialog_ExchangeMessages(sess, msg, &mRsp);
if (rv<0 || rv>=300) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv);
EB_Msg_free(msg);
return rv;
}
EB_Msg_free(msg);
/* check response */
assert(mRsp);
/* log results */
EBC_Provider_LogRequestResults(pro, mRsp, NULL);
rc=EB_Msg_GetResultCode(mRsp);
if ((rc & 0xff0000)==0x090000 ||
(rc & 0xff0000)==0x060000) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc);
EB_Msg_free(mRsp);
return AB_ERROR_SECURITY;
}
rc=EB_Msg_GetBodyResultCode(mRsp);
if (rc) {
if ((rc & 0xff0000)==0x090000 ||
(rc & 0xff0000)==0x060000) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc);
EB_Msg_free(mRsp);
if ((rc & 0xfff00)==0x091300 ||
(rc & 0xfff00)==0x091200)
return AB_ERROR_SECURITY;
else
return GWEN_ERROR_GENERIC;
}
}
if (1) {
xmlDocPtr orderDoc=NULL;
xmlNodePtr root_node=NULL;
xmlNodePtr node=NULL;
GWEN_CRYPT_KEY *skey=NULL;
GWEN_BUFFER *buf1;
GWEN_BUFFER *buf2;
const char *s;
/* extract keys and store them */
node=EB_Xml_GetNode(EB_Msg_GetRootNode(mRsp),
"body/DataTransfer/DataEncryptionInfo",
GWEN_PATH_FLAGS_NAMEMUSTEXIST);
if (node==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN,
"Bad message from server: Missing session key");
EB_Msg_free(mRsp);
return GWEN_ERROR_BAD_DATA;
}
rv=EBC_Provider_ExtractSessionKey(pro, u, node, &skey);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
EB_Msg_free(mRsp);
return rv;
}
s=EB_Msg_GetCharValue(mRsp, "body/DataTransfer/OrderData", NULL);
if (!s) {
DBG_ERROR(AQEBICS_LOGDOMAIN,
"Bad message from server: Missing OrderData");
EB_Msg_free(mRsp);
return GWEN_ERROR_BAD_DATA;
}
buf1=GWEN_Buffer_new(0, strlen(s), 0, 1);
rv=GWEN_Base64_Decode((const uint8_t*)s, 0, buf1);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "Could not decode OrderData (%d)", rv);
GWEN_Buffer_free(buf1);
EB_Msg_free(mRsp);
return rv;
}
/* decode data */
buf2=GWEN_Buffer_new(0, GWEN_Buffer_GetUsedBytes(buf1), 0, 1);
rv=EBC_Provider_DecryptData(pro, u, skey,
(const uint8_t*)GWEN_Buffer_GetStart(buf1),
GWEN_Buffer_GetUsedBytes(buf1),
buf2);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "Could not decrypt OrderData (%d)", rv);
GWEN_Buffer_free(buf2);
GWEN_Buffer_free(buf1);
return rv;
}
/* parse XML document */
rv=EB_Xml_DocFromBuffer(GWEN_Buffer_GetStart(buf2),
GWEN_Buffer_GetUsedBytes(buf2),
&orderDoc);
GWEN_Buffer_free(buf2);
GWEN_Buffer_free(buf1);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
EB_Msg_free(mRsp);
return rv;
}
/* get keys */
root_node=xmlDocGetRootElement(orderDoc);
/* get auth key */
node=EB_Xml_GetNode(root_node, "AuthenticationPubKeyInfo",
GWEN_PATH_FLAGS_NAMEMUSTEXIST);
if (node==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN,
"No authentication key found");
xmlFreeDoc(orderDoc);
EB_Msg_free(mRsp);
return GWEN_ERROR_BAD_DATA;
}
else {
const GWEN_CRYPT_TOKEN_KEYINFO *cki;
GWEN_CRYPT_TOKEN_KEYINFO *ki;
keyId=GWEN_Crypt_Token_Context_GetAuthVerifyKeyId(ctx);
cki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0, 0);
if (cki)
ki=GWEN_Crypt_Token_KeyInfo_dup(cki);
else
ki=GWEN_Crypt_Token_KeyInfo_new(keyId,
GWEN_Crypt_CryptAlgoId_Rsa,
128);
GWEN_Crypt_Token_KeyInfo_SetFlags(ki, 0);
rc=EB_Key_Info_ReadXml(ki, node);
if (rc) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%06x)", rc);
GWEN_Crypt_Token_KeyInfo_free(ki);
xmlFreeDoc(orderDoc);
EB_Msg_free(mRsp);
return GWEN_ERROR_BAD_DATA;
}
rv=GWEN_Crypt_Token_SetKeyInfo(ct, keyId, ki, 0);
GWEN_Crypt_Token_KeyInfo_free(ki);
if (rv) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
xmlFreeDoc(orderDoc);
EB_Msg_free(mRsp);
return rv;
}
DBG_NOTICE(AQEBICS_LOGDOMAIN, "Auth key stored");
}
/* get crypt key */
node=EB_Xml_GetNode(root_node, "EncryptionPubKeyInfo",
GWEN_PATH_FLAGS_NAMEMUSTEXIST);
if (node==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN,
"No encryption key found");
xmlFreeDoc(orderDoc);
EB_Msg_free(mRsp);
return GWEN_ERROR_BAD_DATA;
}
else {
const GWEN_CRYPT_TOKEN_KEYINFO *cki;
GWEN_CRYPT_TOKEN_KEYINFO *ki;
keyId=GWEN_Crypt_Token_Context_GetEncipherKeyId(ctx);
cki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0, 0);
if (cki)
ki=GWEN_Crypt_Token_KeyInfo_dup(cki);
else
ki=GWEN_Crypt_Token_KeyInfo_new(keyId,
GWEN_Crypt_CryptAlgoId_Rsa,
128);
GWEN_Crypt_Token_KeyInfo_SetFlags(ki, 0);
rc=EB_Key_Info_ReadXml(ki, node);
if (rc) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%06x)", rc);
GWEN_Crypt_Token_KeyInfo_free(ki);
xmlFreeDoc(orderDoc);
EB_Msg_free(mRsp);
return GWEN_ERROR_BAD_DATA;
}
rv=GWEN_Crypt_Token_SetKeyInfo(ct, keyId, ki, 0);
GWEN_Crypt_Token_KeyInfo_free(ki);
if (rv) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
xmlFreeDoc(orderDoc);
EB_Msg_free(mRsp);
return rv;
}
DBG_NOTICE(AQEBICS_LOGDOMAIN, "Crypt key stored");
}
xmlFreeDoc(orderDoc);
}
EB_Msg_free(mRsp);
/* adjust user status and flags */
DBG_NOTICE(AQEBICS_LOGDOMAIN, "Adjusting user flags");
if ((EBC_User_GetFlags(u) &
(EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA))
==
(EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA))
EBC_User_SetStatus(u, EBC_UserStatus_Enabled);
return 0;
}
int EBC_Provider_XchgHiaRequest_H003(AB_PROVIDER *pro,
GWEN_HTTP_SESSION *sess,
AB_USER *u)
{
int rv;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
uint32_t kid;
const GWEN_CRYPT_TOKEN_KEYINFO *cryptKeyInfo=NULL;
const GWEN_CRYPT_TOKEN_KEYINFO *authKeyInfo=NULL;
xmlNsPtr ns;
EB_MSG *msg;
const char *userId;
const char *partnerId;
EB_MSG *mRsp;
EB_RC rc;
xmlDocPtr doc;
xmlNodePtr root_node = NULL;
xmlNodePtr node = NULL;
/*xmlNodePtr nodeX = NULL;*/
GWEN_BUFFER *mbuf;
GWEN_BUFFER *tbuf;
const char *s;
userId=AB_User_GetUserId(u);
partnerId=AB_User_GetCustomerId(u);
/* get crypt token and context */
rv=EBC_Provider_MountToken(pro, u, &ct, &ctx);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
return rv;
}
/* get crypt key info */
kid=GWEN_Crypt_Token_Context_GetDecipherKeyId(ctx);
if (kid) {
cryptKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid,
GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER,
0);
if (cryptKeyInfo==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Crypt key info not found on crypt token");
GWEN_Gui_ProgressLog(0,
GWEN_LoggerLevel_Error,
I18N("Crypt key info not found on crypt token"));
return GWEN_ERROR_NOT_FOUND;
}
}
/* get auth sign key info */
kid=GWEN_Crypt_Token_Context_GetAuthSignKeyId(ctx);
if (kid) {
authKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid,
GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER,
0);
if (authKeyInfo==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Auth key info not found on crypt token");
GWEN_Gui_ProgressLog(0,
GWEN_LoggerLevel_Error,
I18N("Auth key info not found on crypt token"));
return GWEN_ERROR_NOT_FOUND;
}
}
/* create HIARequestOrderData */
doc=xmlNewDoc(BAD_CAST "1.0");
doc->encoding=xmlCharStrdup("UTF-8");
root_node=xmlNewNode(NULL, BAD_CAST "HIARequestOrderData");
xmlDocSetRootElement(doc, root_node);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.ebics.org/H003",
NULL);
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2000/09/xmldsig#",
BAD_CAST "ds");
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2001/XMLSchema-instance",
BAD_CAST "xsi");
xmlNewNsProp(root_node,
ns,
BAD_CAST "schemaLocation", /* xsi:schemaLocation */
BAD_CAST "http://www.ebics.org/H003 "
"http://www.ebics.org/H003/ebics_orders.xsd");
/* create auth key tree */
node=xmlNewChild(root_node, NULL,
BAD_CAST "AuthenticationPubKeyInfo", NULL);
rv=EB_Key_Info_toXml(authKeyInfo, node);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%d)", rv);
xmlFreeDoc(doc);
return GWEN_ERROR_INVALID;
}
xmlNewChild(node, NULL,
BAD_CAST "AuthenticationVersion",
BAD_CAST "X002");
/* create crypt key tree */
node=xmlNewChild(root_node, NULL,
BAD_CAST "EncryptionPubKeyInfo", NULL);
rv=EB_Key_Info_toXml(cryptKeyInfo, node);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%d)", rv);
xmlFreeDoc(doc);
return rv;
}
xmlNewChild(node, NULL,
BAD_CAST "EncryptionVersion",
BAD_CAST "E002");
/* store partner id and user id */
node=xmlNewChild(root_node, NULL,
BAD_CAST "PartnerID",
BAD_CAST partnerId);
node=xmlNewChild(root_node, NULL,
BAD_CAST "UserID",
BAD_CAST userId);
/* compress and base64 doc */
mbuf=GWEN_Buffer_new(0, 512, 0, 1);
rv=EB_Xml_Compress64Doc(doc, mbuf);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error compressing/encoding doc (%d)", rv);
xmlFreeDoc(doc);
return rv;
}
xmlFreeDoc(doc);
/* create request */
msg=EB_Msg_new();
doc=EB_Msg_GetDoc(msg);
root_node=xmlNewNode(NULL, BAD_CAST "ebicsUnsecuredRequest");
xmlDocSetRootElement(doc, root_node);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.ebics.org/H003",
NULL);
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2000/09/xmldsig#",
BAD_CAST "ds");
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2001/XMLSchema-instance",
BAD_CAST "xsi");
xmlNewNsProp(root_node,
ns,
BAD_CAST "schemaLocation", /* xsi:schemaLocation */
BAD_CAST "http://www.ebics.org/H003 "
"http://www.ebics.org/H003/ebics_keymgmt_request.xsd");
xmlNewProp(root_node, BAD_CAST "Version", BAD_CAST "H003");
xmlNewProp(root_node, BAD_CAST "Revision", BAD_CAST "1");
/* header */
node=xmlNewChild(root_node, NULL, BAD_CAST "header", NULL);
xmlNewProp(node, BAD_CAST "authenticate", BAD_CAST "true");
xmlNewChild(node, NULL, BAD_CAST "static", NULL);
xmlNewChild(node, NULL, BAD_CAST "mutable", NULL);
/* body */
node=xmlNewChild(root_node, NULL, BAD_CAST "body", NULL);
/* fill */
s=EBC_User_GetPeerId(u);
if (s)
EB_Msg_SetCharValue(msg, "header/static/HostID", s);
s=AB_User_GetCustomerId(u);
if (s)
EB_Msg_SetCharValue(msg, "header/static/PartnerID", s);
EB_Msg_SetCharValue(msg, "header/static/UserID",
AB_User_GetUserId(u));
EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderType", "HIA");
tbuf=GWEN_Buffer_new(0, 16, 0, 1);
rv=EBC_Provider_Generate_OrderId(pro, tbuf);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv);
GWEN_Buffer_free(tbuf);
GWEN_Buffer_free(mbuf);
EB_Msg_free(msg);
return rv;
}
EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderID",
GWEN_Buffer_GetStart(tbuf));
GWEN_Buffer_free(tbuf);
EB_Msg_SetCharValue(msg,
"header/static/OrderDetails/OrderAttribute",
"DZNNN");
EB_Msg_SetCharValue(msg, "header/static/SecurityMedium", "0200");
EB_Msg_SetCharValue(msg, "body/DataTransfer/OrderData",
GWEN_Buffer_GetStart(mbuf));
GWEN_Buffer_free(mbuf);
/* exchange requests */
rv=EBC_Dialog_ExchangeMessages(sess, msg, &mRsp);
if (rv<0 || rv>=300) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv);
EB_Msg_free(msg);
return rv;
}
EB_Msg_free(msg);
/* check response */
assert(mRsp);
/* log results */
EBC_Provider_LogRequestResults(pro, mRsp, NULL);
rc=EB_Msg_GetResultCode(mRsp);
if ((rc & 0xff0000)==0x090000 ||
(rc & 0xff0000)==0x060000) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc);
EB_Msg_free(mRsp);
return AB_ERROR_SECURITY;
}
rc=EB_Msg_GetBodyResultCode(mRsp);
if (rc) {
if ((rc & 0xff0000)==0x090000 ||
(rc & 0xff0000)==0x060000) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc);
EB_Msg_free(mRsp);
if ((rc & 0xfff00)==0x091300 ||
(rc & 0xfff00)==0x091200)
return AB_ERROR_SECURITY;
else
return GWEN_ERROR_GENERIC;
}
}
EB_Msg_free(mRsp);
/* adjust user status and flags */
DBG_NOTICE(AQEBICS_LOGDOMAIN, "Adjusting user flags");
EBC_User_AddFlags(u, EBC_USER_FLAGS_HIA);
if ((EBC_User_GetFlags(u) & (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA))
==
(EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA))
EBC_User_SetStatus(u, EBC_UserStatus_Init2);
else
EBC_User_SetStatus(u, EBC_UserStatus_Init1);
return 0;
}