[RUBY] Part 3 Running e-Gov using the SmartHR library kiji (execution environment construction)

kiji is a library built into SmartHR and is published on GitHub. This library is OSS made in Ruby and can be obtained, modified and redistributed by anyone. SmartHR kiji

Here we develop a driver that calls kiji to generate signed xml.

1. 1. kiji folder structure

Download kiji from GitHub. The folder structure is as follows.

kiji-master folder structure


kiji-master/
        ├ bin/
        ├ lib/         #Complete development source
        │  └ kiji/
        └ spec/        #Complete test environment

The lib under kiji-master has a set of development sources, and the spec has a set of test environments. You can check the versions of other gem packages that kiji depends on by checking the kiji.gemspec directly under kiji-master.

As I will explain later, I built kiji in the local environment because I needed to modify some development sources. Since the file list was to be obtained from GitHub from spec.files of kiji.gemspec, it was changed to be obtained from the local folder.

The development source in lib is shown below.

lib folder structure


lib/
  ├ kiji.rb
  └ kiji/
       ├ access.rb
       ├ api.rb
       ├ authentication.rb
       ├ client.rb
       ├ digester.rb
       ├ signer.rb
       ├ version.rb
       └ zipper.rb

If you check kiji.rb, you can see that the application is directly populating version.rb, client.rb and zipper.rb.

kiji.rb


require 'kiji/version.rb'
require 'kiji/client.rb'
require 'kiji/zipper.rb'

2. About the structure of kiji

kiji consists of 4 classes and 2 modules.

structure of kiji


module kiji
  ├ class Zipper             #Zip it to a zip file
  ├ class Client             # e-Send to Gov external linkage API
  ├ class Signer             #Create signed xml
  ├ class Digester           #Digital signature creation
  ├ module Authentication    #Authentication related utilities
  └ module Access            # e-Gov related utilities

As for the hierarchy of four classes, class Zipper and class Client are at the top, followed by class Signer and class Digester. If you write it in a class diagram, it will be as follows. kijiクラス関連図.png

To apply for e-Gov electronically, follow the procedure below.

① Create signed xml (2) Fasten signed xml, attached files, etc. into a zip file ③ Encode the zip file in Base64 format and store it in the transmission data ④ Send after setting ③ in the http request body of the e-Gov external linkage API

The class Zipper has the functions of ①②, and the class Client has the functions of ③④.

This time, I decided to use class Zipper to perform ①② and use the curl command to send to e-Gov. This is to check the contents of the signed xml and the response from e-Gov.

3. 3. Fix kiji due to line feed code in windows environment

In zipper.rb, when calculating the hash value of the application form, there was a problem in reading the xml to be signed, and the code was corrected.

In the original code "app_doc = File.read (app_file_path)", xml is read in text mode, so the line feed code "\ r \ n" in windows format is automatically replaced with "\ n" internally. I was calculating the hash value for the result. Therefore, it has been modified to read in binary mode without replacing the line feed code.

zipper.rb


      #Find the hash value of the application form
      app_file_paths.each do |app_file_path|
-       app_doc = File.read(app_file_path)
+       f = File.open(app_file_path, "rb")
+       app_doc = f.read
        app_file_name = File.basename(app_file_path)
        signer.digest_file!(app_doc, id: app_file_name)
      end

This will create a local gem. After changing the spec.files of kiji.gemspec to the local destination, I built kiji and installed it in the local environment.

kiji build


\kiji-master>rake build
kiji 0.2.2 built to pkg/kiji-0.2.2.gem.


\kiji-master>dir pkg
2020/08/21  11:42    <DIR>          .
2020/08/21  11:42    <DIR>          ..
2020/08/16  20:54            13,312 kiji-0.2.2.gem


\kiji-master>gem install pkg\kiji-0.2.2.gem
Successfully installed kiji-0.2.2
Parsing documentation for kiji-0.2.2
Installing ri documentation for kiji-0.2.2
Done installing documentation for kiji after 0 seconds
1 gem installed

4. Prepare test data

Prepare the test data required when making a batch application. Test data includes standard format and individual file signature format. At this time, the public materials to be referred to are the materials related to the verification environment test procedure. The following information is included in the public document "List of API test procedures".

API test procedure list


Procedure information
├ Procedure identifier
├Procedure name (name described in "procedure name tag" of configuration management XML)
├ Style ID
├ Application form name
├ Application form specification pattern
├ Reception administration ID
├ Classification
├ Information about the procedure as a template
│ ├ Procedure identifier
│ └ Procedure name
├ Procedure conditions
│ ├ Application type
│ ├ Application form (procedure identifier, application form version)
│ ├ Signature (presence / absence, maximum number of signatures)
│ ├ Attached documents (presence / absence, required/Any/Cannot be attached, document name, fixed/Any、書類名、送付方法)
│ ├ Submission destination (submission destination identifier, submission destination name, major classification, middle classification, minor classification)
│ ├ Single style/Multiple styles
│ ├ How to withdraw
│ ├ With or without ministry inquiry
│ ├ Fee type
│ ├ Reception period
│ ├ Style
│ ├ Procedure deletion flag
│ └ Status automatic transition target
└ Possible processing after arrival
├ Withdrawal (none, request, application)
├ Amendment (none, partial amendment, resubmission, amendment application)
├ Issuance of official documents (none, yes)
├ Fee registration(Deferred payment)(None, Yes)
├ Completion of procedure (notification, withdrawal, resubmission, final acquisition of official documents)
└ Comment notification (none, with message, with file)

In addition, the following information is posted for each new application, withdrawal request, withdrawal application, and amendment application in the public document "API test procedure status transition list".

API test procedure status transition list


Status transition list
├ Procedure identifier
├ Procedure name
├ Operation / processing for application
│ ├ Withdrawal
│ ├ Amendment application
│ ├ Comment notification
│ ├ Issuing official documents
│ └ Change payment status
├ Application status and actions
│ ├ Prior status of application
│ │ ├ Target application
│ │ └ Application status (application sub-status)
│ ├ Action
│ │ ├ Operation on the user side
│    │   └ e-Presence or absence of Gov side processing
│ └ Post-application status
│ ├ Target application
│ └ Application status (application sub-status)
└ Remarks

Use these materials as a reference to create test data so that you can perform the desired test.

4.1 Standard format

The procedure identifier "900A010200001000" is taken up as test data. This procedure is "Notification of qualification for employment insurance insured / electronic application". Attachments are required and no official documents will be issued.

The required files are as follows. Regarding the file name, the specifications are determined in the public document "External Linkage API Application Data Specifications Common Data Specifications", so follow the rules.

No file category File name Remarks
1 Configuration management XML kousei.xml
2 Application form XML 900A01020000100001_01.xml Form ID (18 single-byte alphanumeric characters) + "_01 "fixed
3 Attached document Attachment.docx

These files are in the following hierarchy:

File hierarchy


kousei.xml
      ├ 900A01020000100001_01.xml
└ Attachment.docx

The information required for the configuration management XML (kousei.xml) is as follows.

No item Contents Remarks
1 Procedure identifier 900A010200001000
2 Procedure name API test procedure (labor insurance related procedure) (communication) 0001 / API test procedure (labor insurance related procedure) (communication) 0001 Name to be described in "Procedure name tag" of configuration management XML
3 Form ID 900A01020000100001
4 Application form name API test procedure (labor insurance related procedure) (communication) 0001_01
5 Application form specification pattern 0001 Pattern in application form XML structure definition [API test procedure]
6 Reception administration ID 100900

The conditions related to the procedure described in the configuration management XML (kousei.xml) are as follows.

No item Contents Remarks
1 Application type Normal application
2 Application form-Procedure identifier (application form) 900A010200001000
3 Application form-Application form version 0003
4 signature-Presence or absence signatureあり(単署)
5 signature-Maximum number of signatures 1
6 Attached document-Presence or absence Yes
7 Attached document-Mandatory/Any Mandatory
8 Attached document-Document name fixed/Any Document name fixed Name the document "Test Attachment 1"
9 Attached document-Document name Test attachment 1
10 Attached document-Sending method Attachment
11 Submission destination-Submission identifier 900API00000000001001001
12 Submission destination-Submission name Ministry of Internal Affairs and Communications,Administrative Management Bureau,API

Embed this information in the configuration management XML (kousei.xml) tag.

kousei.xml


<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet href="999000000000000001.xsl" type="text/xsl"?>
<DataRoot>
  <Form ID>999000000000000001</Form ID>
  <Style version>0001</Style version>
  <STYLESHEET>999000000000000001.xsl</STYLESHEET>
  <Configuration information ID="Configuration information">
    <Management information>
      <Procedure number>
        <Reception administration ID>100900</Reception administration ID>
        <Procedure ID>900A010200001000</Procedure ID>
      </Procedure number>
      <Procedure name>API test procedure (labor insurance related procedure) (communication) 0001 / API test procedure (labor insurance related procedure) (communication) 0001</Procedure name>
      <First reception number/>
      <Application type>New application</Application type>
      <Applicant contact information>
        <Applicant information>
          <Full name>Hoge Hoge</Full name>
          <Name Frigana>Pretending Gana</Name Frigana>
          <Position/>
          <Corporate organization name/>
          <Corporate organization name Frigana/>
          <Department name/>
          <Department name Frigana/>
          <Postal code>1200001</Postal code>
          <Street address>Oyata, Adachi-ku, Tokyo</Street address>
          <Address Frigana>Tokyo Adachi Kuoyata</Address Frigana>
          <phone number>12-232-1232</phone number>
          <Fax number/>
          <e-mail address>[email protected]</e-mail address>
        </Applicant information>
        <contact info>
          <Full name>Chinese characters</Full name>
          <Name Frigana>Pretending Gana</Name Frigana>
          <Position/>
          <Corporate organization name/>
          <Corporate organization name Frigana/>
          <Department name/>
          <Department name Frigana/>
          <Postal code>1200001</Postal code>
          <Street address>Oyata, Adachi-ku, Tokyo</Street address>
          <Address Frigana>Tokyo Adachi Kuoyata</Address Frigana>
          <phone number>12-232-1232</phone number>
          <Fax number/>
          <e-mail address>[email protected]</e-mail address>
        </contact info>
        <Delegation registration slip attachment information>
          <issue number/>
          <Delegation registration form name/>
          <Delegation registration slip file name/>
        </Delegation registration slip attachment information>
      </Applicant contact information>
    </Management information>
    <Attachment attribute information>
      <Attachment type>Attachment</Attachment type>
      <Attachment name>Test attachment 1</Attachment name>
      <Attachment file name>Attachment.docx</Attachment file name>
      <Submission information>1</Submission information>
    </Attachment attribute information>
    <Fee information>
      <Fee 1>
        <Fee identifier/>
        <Abbreviated subject code/>
        <Abbreviated subject name/>
        <Transfer amount of money/>
      </Fee 1>
      <Fee 2>
        <Fee identifier/>
        <Abbreviated subject code/>
        <Abbreviated subject name/>
        <Transfer amount of money/>
      </Fee 2>
      <Fee 3>
        <Fee identifier/>
        <Abbreviated subject code/>
        <Abbreviated subject name/>
        <Transfer amount of money/>
      </Fee 3>
      <Fee 4>
        <Fee identifier/>
        <Abbreviated subject code/>
        <Abbreviated subject name/>
        <Transfer amount of money/>
      </Fee 4>
      <Fee 5>
        <Fee identifier/>
        <Abbreviated subject code/>
        <Abbreviated subject name/>
        <Transfer amount of money/>
      </Fee 5>
      <Fee 6>
        <Fee identifier/>
        <Abbreviated subject code/>
        <Abbreviated subject name/>
        <Transfer amount of money/>
      </Fee 6>
    </Fee information>
    <Communication column/>
    <Ministry inquiry information>
      <Ministry inquiry 1>
        <Ministry inquiry information label/>
        <Ministry inquiry information/>
      </Ministry inquiry 1>
      <Ministry inquiry 2>
        <Ministry inquiry information label/>
        <Ministry inquiry information/>
      </Ministry inquiry 2>
      <Ministry inquiry 3>
        <Ministry inquiry information label/>
        <Ministry inquiry information/>
      </Ministry inquiry 3>
      <Ministry inquiry 4>
        <Ministry inquiry information label/>
        <Ministry inquiry information/>
      </Ministry inquiry 4>
      <Ministry inquiry 5>
        <Ministry inquiry information label/>
        <Ministry inquiry information/>
      </Ministry inquiry 5>
      <Ministry inquiry 6>
        <Ministry inquiry information label/>
        <Ministry inquiry information/>
      </Ministry inquiry 6>
      <Ministry inquiry 7>
        <Ministry inquiry information label/>
        <Ministry inquiry information/>
      </Ministry inquiry 7>
      <Ministry inquiry 8>
        <Ministry inquiry information label/>
        <Ministry inquiry information/>
      </Ministry inquiry 8>
      <Ministry inquiry 9>
        <Ministry inquiry information label/>
        <Ministry inquiry information/>
      </Ministry inquiry 9>
      <Ministry inquiry 10>
        <Ministry inquiry information label/>
        <Ministry inquiry information/>
      </Ministry inquiry 10>
    </Ministry inquiry information>
    <Submission information>
      <Submission identifier>900API00000000001001001</Submission identifier>
      <Submission name>Ministry of Internal Affairs and Communications,Administrative Management Bureau,API</Submission name>
    </Submission information>
  <Application form attribute information><Application form ID>900A01020000100001</Application form ID><Application form version>0003</Application form version>
  <Application form name>API test procedure (labor insurance related procedure) (communication) 0001_01</Application form name><Application file name>900A01020000100001_01.xml</Application file name></Application form attribute information></Configuration information>
</DataRoot>

Create the application XML (900A01020000100001_01.xml) as follows.

900A01020000100001_01.xml


<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="900A01020000100001.xsl" ?>
<DataRoot>
  <Form ID>900A01020000100001</Form ID>
  <Style version>0003</Style version>
  <STYLESHEET>900A01020000100001.xsl</STYLESHEET>
  <Form copy information>0</Form copy information>
  <Doctype>1</Doctype>
  <G00005-A-250045-001_1>
  <Form type>13101</Form type>
  <Insured number>
    <Insured number 4 digits></Insured number 4 digits>
    <Insured number 6 digits></Insured number 6 digits>
    <Insured number CD></Insured number CD>
  </Insured number>
  <Get>1</Get>
  <Insured name>Epee Ai Taro</Insured name>
  <Insured name Frigana>API Taro</Insured name Frigana>
  <Name after change></Name after change>
  <Name after change Frigana></Name after change Frigana>
  <sex>Man</sex>
  <Birthday>
    <Year>Showa</Year>
    <Year>59</Year>
    <Month>5</Month>
    <Day>23</Day>
  </Birthday>
  <Office number>
    <Office number 4 digits>1111</Office number 4 digits>
    <Business office number 6 digits>222222</Business office number 6 digits>
    <Office number CD>3</Office number CD>
  </Office number>
  <Qualification date>
    <Year>Heisei</Year>
    <Year>27</Year>
    <Month>4</Month>
    <Day>9</Day>
  </Qualification date>
  <Cause of becoming an insured person>1</Cause of becoming an insured person>
  <wage>
    <Payment mode>1</Payment mode>
    <Monthly wage>500</Monthly wage>
  </wage>
  <Employment status>7</Employment status>
  <Occupation>1</Occupation>
  <Insured person type classification at the time of acquisition/>
  <No need to check for multiple numbers/>
  <Provision of contract period>Yes</Provision of contract period>
  <Whether or not the contract period is set>
    <There is a fixed contract period>
      <Contract period start>
        <Year>Heisei</Year>
        <Year>27</Year>
        <Month>4</Month>
        <Day>9</Day>
      </Contract period start>
      <End of contract period>
        <Year>Heisei</Year>
        <Year>28</Year>
        <Month>3</Month>
        <Day>31</Day>
      </End of contract period>
      <Existence of contract renewal clause>Yes</Existence of contract renewal clause>
    </There is a fixed contract period>
  </Whether or not the contract period is set>
  <Scheduled working hours per week>
    <time>40</time>
    <Minutes>0</Minutes>
  </Scheduled working hours per week>
  <Business name>Examination Co., Ltd.</Business name>
  <Remarks column_Applicant>
    <Country of Citizenship/>
    <Status of residence/>
    <Period of stay>
      <Year/>
      <Month/>
      <Day/>
    </Period of stay>
    <Whether or not there is permission for activities outside the qualification/>
    <Dispatched contract worker/>
    <Remarks/>
  </Remarks column_Applicant>
  <Business owner>
    <Street address>Tokyo</Street address>
    <Full name>Test owner</Full name>
    <phone number>
      <Area code>03</Area code>
      <City code>3030</City code>
      <Subscriber number>3333</Subscriber number>
    </phone number>
  </Business owner>
  <Notification date>
    <Year>Heisei</Year>
    <Year>27</Year>
    <Month>4</Month>
    <Day>1</Day>
  </Notification date>
  <address>Shinagawa</address>
  <Social insurance labor consultant entry column>
    <Date of creation>
      <Year>Heisei</Year>
      <Year></Year>
      <Month></Month>
      <Day></Day>
    </Date of creation>
    <Submission agent Display of administrative agent></Submission agent Display of administrative agent>
    <Full name></Full name>
    <phone number>
      <Area code></Area code>
      <City code></City code>
      <Subscriber number></Subscriber number>
    </phone number>
    <Supplementary column></Supplementary column>
  </Social insurance labor consultant entry column>
  <Remarks column_Staff>
    <Remarks></Remarks>
    <Confirmation notification date>
      <Year>Heisei</Year>
      <Year></Year>
      <Month></Month>
      <Day></Day>
    </Confirmation notification date>
  </Remarks column_Staff>
  <Xmit>0</Xmit>
</G00005-A-250045-001_1>
</DataRoot>

If you comply with the restrictions such as whether data can be omitted in each tag, the number of characters, and the character type, the format check etc. will pass without problems. Since it is test data, fictitious content is fine.

4.2 Individual file signature format

The procedure identifier "950A102200039000" is taken up as test data. This procedure is "National Pension Insured Qualification Acquisition / Type Change / Type Confirmation (No. 3 Insured Person Applicable) Notification / Electronic Application". No attachments are required and official documents will be issued.

The required files are as follows.

No file category File name Remarks
1 Configuration management XML kousei.xml
2 Application form XML ① 950A10220003900001_01.xml Form ID (18 single-byte alphanumeric characters) + "_01 "fixed
3 Configuration information XML for application form ① kousei20200716142110000.xml ‘kousei’+ yyyyMMddHHmmssSSS
4 Application form XML② 950A10220003900002_01.xml
5 Configuration information XML for application form ② kousei20200716142115000.xml

"YyyyMMddHHmmssSSS" in the configuration information XML for the application form is the creation date and time (in hundredths of a second) of the file to be added to make the file name unique in the application matter folder. This is also described in the public document "External Linkage API Application Data Specification Common Data Specification".

These files have the following hierarchy.

File hierarchy


kousei.xml
      ├ 950A10220003900001_01.xml
      ├ kousei20200716142110000.xml
      ├ 950A10220003900002_01.xml
      └ kousei20200716142115000.xml

The specific contents of xml will be omitted.

5. About data conversion tools

In the future, when creating test data and checking the operation, Data conversion tool will be used. With this tool, you can calculate the hash value, encode or decode in Base64 format, and output the encoded or decoded result to a file. Use the tool in the following cases.

--Verify the hash value calculated by the signed xml generation driver --Encode Zip format application dataset to Base64 format to create application data --Decode the official document downloaded from e-Gov in Base64 format and output it to a file.

6. Create a signed xml generation driver

This time, we will create a signed xml generation driver for user registration / authentication and batch application. In the batch application, the files to be signed differ between the standard format and the individual file signature format, so create a driver corresponding to each.

6.1 User registration / authentication

In the case of user registration / authentication, the hash value is calculated for the range enclosed by the \ tag of kousei.xml and the hash value is signed without using the template xml. Is the point.

Before executing the tool, it is necessary to set the user ID specified in the e-Gov verification environment usage application in the environment variable "EGOV_USER_ID".

The signed xml generation driver is:

make_register_xml.rb


require 'kiji'

egov_env = {
  "KEY" => File.expand_path("./Certificate/e-GovEE01_sha2.pfx"),
  "KEY_PASSWORD" => "gpkitest",
}

user_id = ENV["EGOV_USER_ID"]

pkcs12 = OpenSSL::PKCS12.new(File.open(egov_env["KEY"], "rb"),egov_env["KEY_PASSWORD"])

#Set user ID
appl_data = Nokogiri::XML::Builder.new do |xml|
  xml.DataRoot {
    xml.ApplData(Id: 'ApplData') {
      xml.UserID user_id
    }
  }
end

doc = appl_data.to_xml(save_with:  0)

signer = Kiji::Signer.new(doc) do |s|
  s.cert = pkcs12.certificate
  s.private_key = pkcs12.key
  s.digest_algorithm           = :sha256
  s.signature_digest_algorithm = :sha256
end

signer.security_node = signer.document.root

#Calculate the digest value
signer.document.xpath('/DataRoot/ApplData').each do |node|
  signer.digest!(node, id: '#ApplData')
end

#Sign
signer.sign!(issuer_serial: true)

#Write to xml
File.write("register.xml", signer.to_xml)

6.2 Bulk application

(1) Standard format

In the standard format, the point is that the configuration management XML becomes a signed xml. Follow the steps below to sign.

  1. Create a zipper instance
  2. Create a signed configuration management XML by passing the configuration management XML to the first argument (signature output destination) of zipper and the file path of the application XML (+ attachment) to the second argument (signing target).
  3. Consolidate the signed configuration management XML and application XML (+ attachment) into a zip file
  4. If there are multiple procedures, repeat 2 for each procedure and then perform 3 at the end.

The driver to be created is make_zip_file_standard_format.rb. Regarding driver input / output, there is ./zip_data/standard/ in the folder where the driver is located, and there are in and out folders under it.

In the in folder, there is a 900A010200001000 (1) folder, and there are the following 3 files. ・ This is the reason. xml ・ 900A01020000100001_01.xml ・ Attachment .docx

For the certificate file, create a certificate folder directly under the folder where the driver is located, and place e-GovEE01_sha2.pfx in it.

Before running the driver, the out folder is empty. When you run the driver, a 900A010200001000 (1) folder, apply_data.zip will be created. The 900A010200001000 (1) folder has the same files as the in folder, and the kousei.xml here is a signed xml. About apply_data.zip, it is a zip format of 900A010200001000 (1) folder.

Encode apply_data.zip into Base64 format using the Data Conversion Tool (https://hogehoge.tk/tool/). Insert the encoding result into the \ tag of apply_data.xml to complete the application data that can be sent to e-Gov.

apply_data_xml.png

After executing the driver, the execution environment will be in the following state.

Standard format layout


Execution environment/ 
     ├ make_zip_file_standard_format.rb
├ Certificate/
     │    └ e-GovEE01_sha2.pfx
     └ zip_data/
             └ standard/
                     ├ in/
                     │  └ 900A010200001000(1)/
                     │              ├ kousei.xml
                     │              ├ 900A01020000100001_01.xml
│ └ Attachment.docx
                     └ out/
                         ├ 900A010200001000(1)/
                         │          ├ kousei.xml
                         │          ├ 900A01020000100001_01.xml
│ └ Attachment.docx
                         └ apply_data.zip

The signed xml generation driver is:

make_zip_file_standard_format.rb


require 'fileutils'
require 'zip'
require "cgi"
require 'date' 
require 'kiji'

#Signature file, password
Key = "./Certificate/e-GovEE01_sha2.pfx"
password = "gpkitest"

#Define the input / output destination path
input_base_path = "./zip_data/standard/in/"
output_base_path = "./zip_data/standard/out/"

#Define file path for input / output data
Procedure = Struct.new(:folder, :kousei_xml, :application_xml, :attachment_file)
proc = Procedure.new("900A010200001000(1)","kousei.xml","900A01020000100001_01.xml","Attachment.docx")

input_path = "#{input_base_path}/#{proc.folder}"
output_path = "#{output_base_path}/#{proc.folder}"

signed_xml_path = "#{input_path}/#{proc.kousei_xml}"
style_file_path = "#{input_path}/#{proc.application_xml}"
attachment_file_path = "#{input_path}/#{proc.attachment_file}"
app_files_path = ["#{style_file_path}", "#{attachment_file_path}"]

#Delete the output destination folder, file, etc.
Dir.glob("#{output_base_path}/*") do |f|
  FileUtils.rm_r(f)
end

#Zipper generation
pkcs12 = OpenSSL::PKCS12.new(File.open(Key, "rb"),password)
zipper = Kiji::Zipper.new() do |s|
  s.cert = pkcs12.certificate
  s.private_key = pkcs12.key
end

#Sign
signer = zipper.sign(signed_xml_path, app_files_path)

#Create an application folder
FileUtils.mkdir_p(output_path)

#Export signed xml
File.write("#{output_path}/#{proc.kousei_xml}", signer.to_xml)

#Copy the application XML and attachments
app_files_path.each do |f|
  FileUtils.cp(f, output_path)
end

#Zip the output folder
zipper.write_zip(output_base_path, "#{output_base_path}/apply_data.zip")

(2) Individual file signature format

In the individual file signature format, the point is that "configuration information XML for application ①" and "configuration information XML for application ②" are signed xml respectively (kousei.xml is not signed xml). .. Follow the steps below to sign.

  1. Create a zipper instance
  2. Pass the file path of "application form (1) configuration information XML" to the first argument (signature output destination) of zipper and "application form (2) XML" to the second argument (signature target), and "configuration information for application form (1)". Add a signature to "XML"
  3. Pass the file path of "application form ② XML" to the first argument (signature output destination) of zipper and "application form ② XML" to the second argument (signature target), and "configuration information for application form ②". Add a signature to "XML"
  4. Configure configuration management XML, configuration information XML for application (1), application (1) XML, configuration information XML for application (2), and application (2) XML in a zip file.
  5. If there are multiple procedures, repeat steps 2 and 3 for each procedure, and finally do 4.

The driver to be created is make_zip_file_individual_signature_format.rb. Regarding driver input / output, there is ./zip_data/indivisual/ in the folder where the driver is located, and there are in and out folders under it. In the in folder, there is a 950A102200039000 (1) folder, and there are the following 5 files. ・ Kousei.xml // Configuration management XML ・ 950A10220003900001_01.xml // Application XML ① ・ Kousei20200716142110000.xml // Configuration information XML for application XML ① ・ 950A10220003900002_01.xml // Application form XML② ・ Kousei20200716142115000.xml // Configuration information XML for application XML②

For the certificate file, create a certificate folder directly under the folder where the driver is located, and place e-GovEE01_sha2.pfx in it.

Before running the driver, the out folder is empty. When you run the driver, a 950A102200039000 (1) folder, apply_data.zip will be created. The 950A102200039000 (1) folder has the same files as the in folder. However, kousei20200716142110000.xml and kousei20200716142115000.xml here are signed xml. About apply_data.zip, it is a zip format of the 950A102200039000 (1) folder.

Encode apply_data.zip into Base64 format using the Data Conversion Tool (https://hogehoge.tk/tool/). Insert the encoding result into the \ tag of apply_data.xml to complete the application data that can be sent to e-Gov. The format of apply_data.xml is the same as the standard format.

After executing the driver, the execution environment will be in the following state.

Individual file signature format layout configuration


Execution environment/
     ├ make_zip_file_individual_signature_format.rb
├ Certificate/
     │    └ e-GovEE01_sha2.pfx
     └ zip_data/
             └ indivisual/
                    ├ in/
                    │  └ 950A102200039000(1)/
                    │            ├ kousei.xml
                    │            ├ 950A10220003900001_01.xml
                    │            ├ kousei20200716142110000.xml
                    │            ├ 950A10220003900002_01.xml
                    │            └ kousei20200716142115000.xml
                    └ out/
                       ├ 950A102200039000(1)/
                       │         ├ kousei.xml
                       │         ├ 950A10220003900001_01.xml
                       │         ├ kousei20200716142110000.xml
                       │         ├ 950A10220003900002_01.xml
                       │         └ kousei20200716142115000.xml
                       └ apply_data.zip

The signed xml generation driver is:

make_zip_file_individual_signature_format.rb


require 'fileutils'
require 'zip'
require "cgi"
require 'date' 
require 'kiji'

#Define signature file and password
Key = "./Certificate/e-GovEE01_sha2.pfx"
password = "gpkitest"

#Define the input / output destination path
input_base_path = "./zip_data/indivisual/in/"
output_base_path = "./zip_data/indivisual/out/"

#Delete the output destination folder, file, etc.
Dir.glob("#{output_base_path}/*") do |f|
  FileUtils.rm_r(f)
end

#Define file path for input / output data
Procedure = Struct.new(:folder, :kousei_xml, 
                       :config_info_appl_xml, :application_xml, 
                       :config_info_appl_xml_2, :application_xml_2)
proc = Procedure.new("950A102200039000(1)","kousei.xml",
                     "kousei20200716142110000.xml","950A10220003900001_01.xml",
                     "kousei20200716142115000.xml","950A10220003900002_01.xml")

input_path = "#{input_base_path}/#{proc.folder}"
output_path = "#{output_base_path}/#{proc.folder}"

#Create an application folder
FileUtils.mkdir_p(output_path)

#Zipper generation
pkcs12 = OpenSSL::PKCS12.new(File.open(Key, "rb"),password)
zipper = Kiji::Zipper.new() do |s|
  s.cert = pkcs12.certificate
  s.private_key = pkcs12.key
end

#Sign the configuration information XML for Application Form 1
signed_xml_path = "#{input_path}/#{proc.config_info_appl_xml}"
style_file_path = ["#{input_path}/#{proc.application_xml}"]
signer = zipper.sign(signed_xml_path, style_file_path)

#Export signed xml
File.write("#{output_path}/#{proc.config_info_appl_xml}", signer.to_xml)

#Sign the configuration information XML for application form 2.
signed_xml_path_2 = "#{input_path}/#{proc.config_info_appl_xml_2}"
style_file_path_2 = ["#{input_path}/#{proc.application_xml_2}"]
signer = zipper.sign(signed_xml_path_2, style_file_path_2)

#Export signed xml
File.write("#{output_path}/#{proc.config_info_appl_xml_2}", signer.to_xml)

#List the application XML and attachments to copy
copy_files_path = ["#{input_path}/#{proc.kousei_xml}", style_file_path, style_file_path_2]

#Copy the application XML and attachments
copy_files_path.each do |f|
  FileUtils.cp(f, output_path)
end

#Zip the output list
zipper.write_zip(output_base_path, output_base_path + "apply_data.zip")

Recommended Posts

Part 3 Running e-Gov using the SmartHR library kiji (execution environment construction)
Part 1 Running e-Gov using the SmartHR library kiji (e-Gov specifications)
Part 2 Using the SmartHR library kiji to run e-Gov (e-Gov public materials)
Part 2 Using the SmartHR library kiji to run e-Gov (e-Gov public materials)
Part 1 Running e-Gov using the SmartHR library kiji (e-Gov specifications)
Part 3 Running e-Gov using the SmartHR library kiji (execution environment construction)
pynq-z1 From purchase to operation check
Tokenize using the Hugging Face library
Using Chainer with CentOS7 [Environment construction]
Python3.6 environment construction (using Win environment Anaconda)
Installation method using the pip command of the Python package (library) Mac environment
Notify using Notification Center when the execution environment is macOS in Python