andrew-svirin
EBICS 3.0: DER was not encoded.
I use EBICS 3.0 with the Credit Suisse Testsystem. The keyring is initialize with an empty array, as I do not have any keyring data yet.
I get the error
In ASN1.php line 816:
DER was not encoded.
when calling the INI() method:
$bank = new Bank($entry->getHostId(), $entry->getUrl());
$user = new User($entry->getPartnerId(), $entry->getUserId());
$keyringManager = new ArrayKeyringManager();
$keyringEntry = [];
$keyring = $keyringManager->loadKeyring($keyringEntry, $entry->getPassword(), Keyring::VERSION_30);
$keyring->setCertificateGenerator(new CertificateX509Generator());
$client = new \AndrewSvirin\Ebics\EbicsClient($bank, $user, $keyring);
The custom X509 generator looks like this
<?php
declare(strict_types=1);
namespace App\Service;
use AndrewSvirin\Ebics\Models\X509\AbstractX509Generator;
final class CertificateX509Generator extends AbstractX509Generator
{
/**
* @return array<mixed>
*/
protected function getCertificateOptions(): array
{
return ['subject' => [
'DN' => [
'id-at-countryName' => 'FR',
'id-at-stateOrProvinceName' => 'State',
'id-at-localityName' => 'City',
'id-at-organizationName' => 'Your company',
'id-at-commonName' => 'yourwebsite.tld',
],
],
'extensions' => [
'id-ce-subjectAltName' => [
'value' => [
'dNSName' => '*.yourwebsite.tld',
],
],
],
];
}
}
This is version 2.2.0 of the lib.
Hi @codedge Try first check this test file for usage examples https://github.com/andrew-svirin/ebics-client-php/blob/2.x/tests/EbicsClientV30Test.php
@andrew-svirin I don't understand what you suggest.
The login details like hostId, userId and so on are properly filled into $bank and $user. I use an ArrayKeyringManager, in your test a FileKeyringManager is used. But that should not matter.
The certificate generator that I use is set up, the same way you describe here: https://github.com/andrew-svirin/ebics-client-php?tab=readme-ov-file#note-for-french-bank-and-for-ebics-30
Nothing wrong with it.
What I found out is, that there seems to be no call into my custom CertificateX509Generator. When I do a dump inside the getCertificateOptions method, nothing is outputted.
I updated my code so you can copy n' paste and have reproducible example.
Try to use this generator:
if(__IS_CERTIFIED__) {
$certificateGenerator = (new BankX509Generator());
$certificateGenerator->setCertificateOptionsByBank($bank);
$keyring->setCertificateGenerator($certificateGenerator);
}
Still not clear:
I want to use my own generator, as described. There is no setCertificateOptionsByBank method. How does the code looks like with my generator?
You suggest using a custom generator here (https://github.com/andrew-svirin/ebics-client-php?tab=readme-ov-file#note-for-french-bank-and-for-ebics-30) .. I did it this way.
You can propose your changes if you see some unclear. This is open source :)
I know, it is open source and it works well with EBICS 2.5.
I was just wondering why the instructions you give here (https://github.com/andrew-svirin/ebics-client-php?tab=readme-ov-file#note-for-french-bank-and-for-ebics-30) do not work.
You wrote in your readme, that it is possible to use a custom/our own generator, although in your example above you suggest using your BankX509Generator.
I am going to debug and will let you know.
There are 2 solutions to this error:
- Remove this section from the
getCertificateOptionsmethod.
'extensions' => [
'id-ce-subjectAltName' => [
'value' => [
'dNSName' => '*.sample.com',
],
],
],
- Write it properly with an additional array notation, which is missing in the README.md
'extensions' => [
'id-ce-subjectAltName' => [
'value' => [
[
'dNSName' => '*.sample.com'
],
],
],
],
You wrote it correctly in one of your tests, but missed that in your README.md.