Class: Sepa::ApplicationResponse

Inherits:

Object

• Object
• Sepa::ApplicationResponse

Includes:

ActiveModel::Validations, Utilities

Defined in:

lib/sepa/application_response.rb

Overview

TODO:

Use functionality from this class more when validating response

Contains functionality for the application response embedded in Response

Instance Attribute Summary

• #xml ⇒ String readonly

  The raw xml of the application response.

Instance Method Summary

• #certificate ⇒ OpenSSL::X509::Certificate^?

  The certificate which private key has been used to sign the application response.

• #certificate_is_trusted? ⇒ true, false

  Checks whether the embedded certificate has been signed by the private key of the bank's root certificate.

• #doc ⇒ Nokogiri::XML::Document

  The application response as a nokogiri xml document.

• #hashes_match? ⇒ true, false

  Checks that the hash value reported in the signature matches the one that is calculated locally.

• #initialize(app_resp, bank) ⇒ ApplicationResponse constructor

  Initializes the ApplicationResponse with an application response xml and bank.

• #response_must_validate_against_schema ⇒ Object private

  Validates that the response is valid against the application response schema.

• #signature_is_valid? ⇒ true, false

  Checks that the signature has been calculated with the private key of the certificate's public key.

• #to_s ⇒ String

  Returns the raw xml of the application response.

Methods included from Utilities

#calculate_digest, #canonicalize_exclusively, #canonicalized_node, #cert_request_valid?, #check_validity_against_schema, #csr_to_binary, #decode, #encode, #extract_cert, #format_cert, #format_cert_request, #hmac, #iso_time, #load_body_template, #process_cert_value, #rsa_key, #set_node_id, #validate_signature, #verify_certificate_against_root_certificate, #x509_certificate, #xml_doc

Constructor Details

#initialize(app_resp, bank) ⇒ ApplicationResponse

Initializes the Sepa::ApplicationResponse with an application response xml and bank

Parameters:

• app_resp (#to_s) —

  the application response xml

• bank (Symbol) —

  the bank from which the application response came from

# File 'lib/sepa/application_response.rb', line 20

def initialize(app_resp, bank)
  @xml = app_resp
  @bank = bank
end

Instance Attribute Details

#xml ⇒ String (readonly)

The raw xml of the application response

Returns:

• (String) —

  the raw xml of the application response

# File 'lib/sepa/application_response.rb', line 12

def xml
  @xml
end

Instance Method Details

#certificate ⇒ OpenSSL::X509::Certificate^?

The certificate which private key has been used to sign the application response

Returns:

• (OpenSSL::X509::Certificate) —

  if the certificate can be found

• (nil) —

  if the certificate cannot be found

Raises:

• (OpenSSL::X509::CertificateError) —

  if the certificate is not valid

# File 'lib/sepa/application_response.rb', line 72

def certificate
  extract_cert(doc, 'X509Certificate', DSIG)
end

#certificate_is_trusted? ⇒ true, false

Checks whether the embedded certificate has been signed by the private key of the bank's root certificate. The root certificate used varies by bank.

Returns:

• (true) —

  if the certificate is trusted

• (false) —

  if the certificate is not trusted

# File 'lib/sepa/application_response.rb', line 81

def certificate_is_trusted?
  root_certificate =
    case @bank
    when :nordea
      NORDEA_ROOT_CERTIFICATE
    when :danske
      DANSKE_ROOT_CERTIFICATE
    end

  verify_certificate_against_root_certificate(certificate, root_certificate)
end

#doc ⇒ Nokogiri::XML::Document

The application response as a nokogiri xml document

Returns:

• (Nokogiri::XML::Document) —

  the application response as a nokogiri document

# File 'lib/sepa/application_response.rb', line 28

def doc
  @doc ||= xml_doc @xml
end

#hashes_match? ⇒ true, false

Checks that the hash value reported in the signature matches the one that is calculated locally

Returns:

• (true) —

  if hashes match

• (false) —

  if hashes don't match

# File 'lib/sepa/application_response.rb', line 37

def hashes_match?
  are = doc.clone

  digest_value = are.at('xmlns|DigestValue', xmlns: DSIG).content.strip

  are.at('xmlns|Signature', xmlns: DSIG).remove

  actual_digest = calculate_digest(are)

  return true if digest_value == actual_digest

  false
end

#response_must_validate_against_schema ⇒ Object (private)

Validates that the response is valid against the application response schema

# File 'lib/sepa/application_response.rb', line 96

def response_must_validate_against_schema
  check_validity_against_schema(doc, 'application_response.xsd')
end

#signature_is_valid? ⇒ true, false

Checks that the signature has been calculated with the private key of the certificate's public key.

Returns:

• (true) —

  if signature can be verified

• (false) —

  if signature fails to verify

# File 'lib/sepa/application_response.rb', line 56

def signature_is_valid?
  validate_signature(doc, certificate, :normal)
end

#to_s ⇒ String

Returns the raw xml of the application response

Returns:

• (String) —

  the raw xml of the application response

# File 'lib/sepa/application_response.rb', line 63

def to_s
  @xml
end