abna 0.1.1

Automated retrieval of mutations from ABN Amro
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369

//! Client library for ABN Amro online banking
//!
//! This library provides automated retrieval of mutations (transactions) from the ABN Amro
//! banking platform. It handles authentication with the bank's API and fetches transaction
//! history for specified accounts.
//!
//! # Example
//!
//! ```no_run
//! # async fn example() -> anyhow::Result<()> {
//! let mut session = abna::Session::new("NL12ABNA0123456789".to_string()).await?;
//! session.login(1234, "12345").await?;
//!
//! let mutations = session.mutations("NL12ABNA0123456789", None).await?;
//! for mutation in &mutations.mutations {
//!     println!("{:?}", mutation.mutation);
//! }
//! # Ok(())
//! # }
//! ```

use std::{
    collections::{BTreeMap, HashMap},
    str::FromStr,
};

use aws_lc_rs::rsa::{Pkcs1PublicEncryptingKey, PublicKeyComponents};
use chrono::NaiveDateTime;
use reqwest::header::{HeaderMap, HeaderValue, USER_AGENT};
use serde::{Deserialize, Deserializer, Serialize};
use serde_json::Value;

/// A session for interacting with the ABN Amro banking API
///
/// This struct maintains a connection to the ABN Amro API, including cookie-based session
/// state. Create a new session with [`Session::new()`], authenticate with [`Session::login()`],
/// and retrieve transaction data with [`Session::mutations()`].
pub struct Session {
    iban: String,
    client: reqwest::Client,
}

impl Session {
    /// Creates a new session for the specified IBAN
    ///
    /// This initializes an HTTP client with cookie storage enabled for maintaining session state
    /// across requests. The session is not authenticated until [`Session::login()`] is called.
    pub async fn new(iban: String) -> anyhow::Result<Self> {
        let mut headers = HeaderMap::new();
        headers.insert(USER_AGENT, HeaderValue::from_static(USER_AGENT_STR));
        Ok(Session {
            iban,
            client: reqwest::Client::builder()
                .cookie_store(true)
                .default_headers(headers)
                .build()?,
        })
    }

    /// Authenticates the session with ABN Amro using card number and token
    ///
    /// This performs a challenge-response authentication flow with RSA encryption. The
    /// session must be successfully logged in before calling [`Session::mutations()`].
    ///
    /// # Arguments
    ///
    /// * `card` - the card number associated with the account (typically 3 digits)
    /// * `token` - the authentication token (PIN or soft token code)
    ///
    /// # Errors
    ///
    /// Reasons this could error include:
    ///
    /// - The IBAN format is invalid
    /// - The network request fails
    /// - Authentication fails (incorrect credentials)
    /// - The cryptographic operations fail
    pub async fn login(&mut self, card: u16, token: &str) -> anyhow::Result<()> {
        let login = Login {
            access_tool_usage: "SOFTTOKEN",
            account_number: u32::from_str(&self.iban[8..])?,
            app_id: "SIMPLE_BANKING",
            card_number: card,
        };

        self.client.get(START).send().await?;
        let response = self
            .client
            .get(format!("{BASE}/session/loginchallenge"))
            .query(&login)
            .send()
            .await?;

        let challenge = response.json::<Challenge>().await?;
        let response = challenge.response(login, token)?;

        let mut headers = HeaderMap::new();
        headers.insert(
            SERVICE_VERSION_HEADER,
            HeaderValue::from_static(SERVICE_VERSION),
        );

        let login_response = self
            .client
            .put(format!("{BASE}/session/loginresponse"))
            .headers(headers)
            .json(&response)
            .send()
            .await?;

        if !login_response.status().is_success() {
            let error = login_response.json::<ErrorResponse>().await?;
            anyhow::bail!("login failed: {error:?}");
        }

        Ok(())
    }

    /// Retrieves a list of mutations (transactions) for the specified account
    ///
    /// Returns transaction history with support for pagination. The session must be
    /// authenticated with [`Session::login()`] before calling this method.
    ///
    /// # Arguments
    ///
    /// * `iban` - the IBAN of the account to retrieve mutations for
    /// * `last_mutation_key` - optional key for pagination. Pass `None` to get the most
    ///   recent transactions, or use the `last_mutation_key` from a previous response to
    ///   fetch older transactions.
    ///
    ///
    /// # Errors
    ///
    /// Reasons this could error include:
    ///
    /// - The network request fails
    /// - The API returns an error response
    /// - The response cannot be parsed
    pub async fn mutations(
        &self,
        iban: &str,
        last_mutation_key: Option<&str>,
    ) -> anyhow::Result<MutationsList> {
        let params = MutationsParams {
            account_number: &self.iban,
            include_actions: "EXTENDED",
            last_mutation_key,
        };

        let mut headers = HeaderMap::new();
        headers.insert(
            SERVICE_VERSION_HEADER,
            HeaderValue::from_static(SERVICE_VERSION),
        );

        let response = self
            .client
            .get(format!("{BASE}/mutations/{iban}"))
            .headers(headers)
            .query(&params)
            .send()
            .await?;

        if !response.status().is_success() {
            let error = response.json::<ErrorResponse>().await?;
            anyhow::bail!("mutations request failed: {error:?}");
        }

        let json = response.text().await?;
        match serde_json::from_str::<MutationsResponse>(&json) {
            Ok(rsp) => Ok(rsp.mutations_list),
            Err(error) => {
                println!("{:#?}", Value::from_str(&json)?);
                anyhow::bail!("failed to decode mutations: {error:?}");
            }
        }
    }
}

/// Response wrapper for the mutations API endpoint
#[derive(Debug, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct MutationsResponse {
    /// Mutations and associated metadata
    pub mutations_list: MutationsList,
}

/// A list of mutations with pagination metadata
#[derive(Debug, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct MutationsList {
    /// Key for fetching the next page of mutations
    ///
    /// Pass this to [`Session::mutations()`] to retrieve older transactions.
    /// `None` indicates there are no more mutations to fetch.
    pub last_mutation_key: Option<String>,
    /// Indicates whether cached data should be cleared
    pub clear_cache_indicator: bool,
    /// The list of mutations (transactions) in this response
    pub mutations: Vec<Mutation>,
}

/// A wrapper for a single mutation (transaction)
#[derive(Debug, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct Mutation {
    /// The actual transaction data.
    pub mutation: MutationData,
}

/// Details of a bank transaction (mutation)
#[derive(Debug, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct MutationData {
    /// Transaction amount (positive for credits, negative for debits)
    pub amount: f64,
    /// Name of the counterparty (sender or recipient)
    pub counter_account_name: String,
    /// Account number of the counterparty
    pub counter_account_number: String,
    /// ISO currency code (like "EUR")
    pub currency_iso_code: String,
    /// Description of the transaction, potentially split across multiple lines
    pub description_lines: Vec<String>,
    /// Date and time when the transaction occurred
    ///
    /// This appears to be in the Europe/Amsterdam timezone.
    #[serde(deserialize_with = "transaction_timestamp")]
    pub transaction_timestamp: NaiveDateTime,
}

fn transaction_timestamp<'de, D: Deserializer<'de>>(
    deserializer: D,
) -> Result<NaiveDateTime, D::Error> {
    let s = <&str>::deserialize(deserializer)?;
    NaiveDateTime::parse_from_str(s, "%Y%m%d%H%M%S%3f").map_err(serde::de::Error::custom)
}

#[derive(Serialize)]
#[serde(rename_all = "camelCase")]
struct MutationsParams<'a> {
    account_number: &'a str,
    include_actions: &'a str,
    #[serde(skip_serializing_if = "Option::is_none")]
    last_mutation_key: Option<&'a str>,
}

#[derive(Serialize)]
#[serde(rename_all = "camelCase")]
struct Login {
    access_tool_usage: &'static str,
    account_number: u32,
    app_id: &'static str,
    card_number: u16,
}

#[derive(Serialize)]
#[serde(rename_all = "camelCase")]
struct LoginRequest {
    access_tool_usage: &'static str,
    account_number: u32,
    app_id: &'static str,
    card_number: u16,
    response: String,
    challenge_handle: String,
    challenge_device_details: String,
}

#[derive(Deserialize)]
#[serde(rename_all = "camelCase")]
struct Challenge {
    login_challenge: LoginChallenge,
}

impl Challenge {
    fn response(self, login: Login, token: &str) -> anyhow::Result<LoginRequest> {
        let obj = decode(&self.login_challenge.challenge)?;

        let mut out = BTreeMap::new();
        out.insert(1u8, vec![49u8]);
        out.insert(2, obj.get(&2).unwrap().clone());
        out.insert(3, obj.get(&3).unwrap().clone());
        out.insert(8, self.login_challenge.user_id.as_bytes().to_vec());
        out.insert(9, token.as_bytes().to_vec());
        let encoded = encode(out);

        let public_key = PublicKeyComponents {
            n: obj.get(&4).unwrap().as_slice(),
            e: obj.get(&5).unwrap().as_slice(),
        }
        .try_into()
        .map_err(|e| anyhow::anyhow!("failed to create RSA key: {e:?}"))?;

        let pkcs1_key = Pkcs1PublicEncryptingKey::new(public_key)
            .map_err(|e| anyhow::anyhow!("failed to create PKCS1 key: {e:?}"))?;

        let mut encrypted = vec![0u8; pkcs1_key.ciphertext_size()];
        pkcs1_key
            .encrypt(&encoded, &mut encrypted)
            .map_err(|e| anyhow::anyhow!("RSA encryption failed: {e:?}"))?;

        Ok(LoginRequest {
            access_tool_usage: login.access_tool_usage,
            account_number: login.account_number,
            app_id: login.app_id,
            card_number: login.card_number,
            response: hex::encode(&encrypted),
            challenge_handle: self.login_challenge.challenge_handle,
            challenge_device_details: self.login_challenge.challenge_device_details,
        })
    }
}

#[derive(Deserialize)]
#[serde(rename_all = "camelCase")]
struct LoginChallenge {
    challenge: String,
    user_id: String,
    challenge_handle: String,
    challenge_device_details: String,
}

fn decode(challenge: &str) -> anyhow::Result<HashMap<u8, Vec<u8>>> {
    let bytes = hex::decode(challenge).map_err(|e| anyhow::anyhow!("hex decode error: {e}"))?;
    let mut res = HashMap::new();
    let mut cur = 0;

    while cur < bytes.len() {
        let key = bytes[cur];
        let size = ((bytes[cur + 1] as usize) << 8) + (bytes[cur + 2] as usize);
        let value = bytes[cur + 3..cur + 3 + size].to_vec();
        res.insert(key, value);
        cur += 3 + size;
    }

    Ok(res)
}

fn encode(obj: BTreeMap<u8, Vec<u8>>) -> Vec<u8> {
    let mut res = Vec::new();

    for (k, v) in obj {
        res.push(k);
        res.push(((v.len() >> 8) & 0xFF) as u8);
        res.push((v.len() & 0xFF) as u8);
        res.extend_from_slice(&v);
    }

    res.extend_from_slice(&[0, 0, 0]);
    res
}

/// Error response from the ABN Amro API
#[derive(Debug, Deserialize, Serialize)]
pub struct ErrorResponse {
    /// Human-readable error message
    pub message: Option<String>,
    /// Error type or code
    pub error: Option<String>,
    /// HTTP status code associated with the error
    pub status: Option<u16>,
}

const BASE: &str = "https://www.abnamro.nl";
const START: &str =
    "https://www.abnamro.nl/portalserver/mijn-abnamro/mijn-overzicht/overzicht/index.html";
const SERVICE_VERSION_HEADER: &str = "x-aab-serviceversion";
const SERVICE_VERSION: &str = "v3";
const USER_AGENT_STR: &str = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36";