Skip to content

Conversation

vnovitskyi
Copy link
Contributor

@vnovitskyi vnovitskyi commented May 15, 2025

This PR adds support for using x509 self-signed certificates in INI and HIA requests.
Details

  • Enables the use of x509 self-signed certificates when handling INI and HIA requests.
  • Updates the generation of init_letter to use certificate data instead of a,x and e keys.
  • Adds support for passing a debug_mode: boolean option to client initialization, allowing easy logging of requests and responses for debugging purposes. When debug_mode is enabled, Faraday’s logger middleware is activated to output request and response bodies to STDOUT

Impact

  • No breaking changes; existing workflows not using certificates remain unaffected.
  • Users can now configure and use certificates for INI and HIA interactions as needed.

The changes are tested on plenty of 🇫🇷 banks: BNP, HSBC, Société Générale, LCL.

EBICS - Guide de mise en œuvre en France

@CLAassistant
Copy link

CLAassistant commented May 15, 2025

CLA assistant check
All committers have signed the CLA.

@tobischo tobischo mentioned this pull request May 15, 2025
Copy link
Collaborator

@tobischo tobischo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks generally ok. I left some comments for which I would suggest a bit of refactoring. I have no EBICS access with which I could test it.

In case where certificates are being used, it should either be all or nothing. Therefore we should probably validate for that.

We probably also do not need to keep all 3 as attr_accessor variables on the client.

The most important piece that is missing here are usage examples for the README.
Without that, the change is not really complete for something as specific as this.
I would not expect anyone to figure it out by reading the code unless they know that it is already an available feature.

Copy link
Collaborator

@tobischo tobischo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, also tested at least file download on EBICS 2.5 still working (the primary use case that I have and can easily test)

The primary thing that is keeping me from merging this right now is #154, as bringing those together again might be a larger change and change the interface

@vnovitskyi
Copy link
Contributor Author

LGTM, also tested at least file download on EBICS 2.5 still working (the primary use case that I have and can easily test)

The primary thing that is keeping me from merging this right now is #154, as bringing those together again might be a larger change and change the interface

Hi @tobischo
I'm happy to see that the PR has been approved! I also added a final commit updating the documentation on how to use X.509 certificates.
If you require any additional assistance with this topic, please don't hesitate to let me know. And apologies that addressing the comments took a bit longer than expected.

@tobischo tobischo merged commit ff21dfb into railslove:master Jul 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants