[RUBY] Part 3 Running e-Gov using the SmartHR library kiji (execution environment construction)
kiji is a library built into SmartHR and is published on GitHub. This library is OSS made in Ruby and can be obtained, modified and redistributed by anyone. SmartHR kiji
Here we develop a driver that calls kiji to generate signed xml.
1. 1. kiji folder structure
Download kiji from GitHub. The folder structure is as follows.
kiji-master folder structure
kiji-master/
├ bin/
├ lib/ #Complete development source
│ └ kiji/
└ spec/ #Complete test environment
The lib under kiji-master has a set of development sources, and the spec has a set of test environments. You can check the versions of other gem packages that kiji depends on by checking the kiji.gemspec directly under kiji-master.
As I will explain later, I built kiji in the local environment because I needed to modify some development sources. Since the file list was to be obtained from GitHub from spec.files of kiji.gemspec, it was changed to be obtained from the local folder.
The development source in lib is shown below.
lib folder structure
lib/
├ kiji.rb
└ kiji/
├ access.rb
├ api.rb
├ authentication.rb
├ client.rb
├ digester.rb
├ signer.rb
├ version.rb
└ zipper.rb
If you check kiji.rb, you can see that the application is directly populating version.rb, client.rb and zipper.rb.
kiji.rb
require 'kiji/version.rb'
require 'kiji/client.rb'
require 'kiji/zipper.rb'
2. About the structure of kiji
kiji consists of 4 classes and 2 modules.
structure of kiji
module kiji
├ class Zipper #Zip it to a zip file
├ class Client # e-Send to Gov external linkage API
├ class Signer #Create signed xml
├ class Digester #Digital signature creation
├ module Authentication #Authentication related utilities
└ module Access # e-Gov related utilities
As for the hierarchy of four classes, class Zipper and class Client are at the top, followed by class Signer and class Digester. If you write it in a class diagram, it will be as follows.
To apply for e-Gov electronically, follow the procedure below.
① Create signed xml (2) Fasten signed xml, attached files, etc. into a zip file ③ Encode the zip file in Base64 format and store it in the transmission data ④ Send after setting ③ in the http request body of the e-Gov external linkage API
The class Zipper has the functions of ①②, and the class Client has the functions of ③④.
This time, I decided to use class Zipper to perform ①② and use the curl command to send to e-Gov. This is to check the contents of the signed xml and the response from e-Gov.
3. 3. Fix kiji due to line feed code in windows environment
In zipper.rb, when calculating the hash value of the application form, there was a problem in reading the xml to be signed, and the code was corrected.
In the original code "app_doc = File.read (app_file_path)", xml is read in text mode, so the line feed code "\ r \ n" in windows format is automatically replaced with "\ n" internally. I was calculating the hash value for the result. Therefore, it has been modified to read in binary mode without replacing the line feed code.
zipper.rb
#Find the hash value of the application form
app_file_paths.each do |app_file_path|
- app_doc = File.read(app_file_path)
+ f = File.open(app_file_path, "rb")
+ app_doc = f.read
app_file_name = File.basename(app_file_path)
signer.digest_file!(app_doc, id: app_file_name)
end
This will create a local gem. After changing the spec.files of kiji.gemspec to the local destination, I built kiji and installed it in the local environment.
kiji build
\kiji-master>rake build
kiji 0.2.2 built to pkg/kiji-0.2.2.gem.
\kiji-master>dir pkg
2020/08/21 11:42 <DIR> .
2020/08/21 11:42 <DIR> ..
2020/08/16 20:54 13,312 kiji-0.2.2.gem
\kiji-master>gem install pkg\kiji-0.2.2.gem
Successfully installed kiji-0.2.2
Parsing documentation for kiji-0.2.2
Installing ri documentation for kiji-0.2.2
Done installing documentation for kiji after 0 seconds
1 gem installed
4. Prepare test data
Prepare the test data required when making a batch application. Test data includes standard format and individual file signature format. At this time, the public materials to be referred to are the materials related to the verification environment test procedure. The following information is included in the public document "List of API test procedures".
API test procedure list
Procedure information
├ Procedure identifier
├Procedure name (name described in "procedure name tag" of configuration management XML)
├ Style ID
├ Application form name
├ Application form specification pattern
├ Reception administration ID
├ Classification
├ Information about the procedure as a template
│ ├ Procedure identifier
│ └ Procedure name
├ Procedure conditions
│ ├ Application type
│ ├ Application form (procedure identifier, application form version)
│ ├ Signature (presence / absence, maximum number of signatures)
│ ├ Attached documents (presence / absence, required/Any/Cannot be attached, document name, fixed/Any、書類名、送付方法)
│ ├ Submission destination (submission destination identifier, submission destination name, major classification, middle classification, minor classification)
│ ├ Single style/Multiple styles
│ ├ How to withdraw
│ ├ With or without ministry inquiry
│ ├ Fee type
│ ├ Reception period
│ ├ Style
│ ├ Procedure deletion flag
│ └ Status automatic transition target
└ Possible processing after arrival
├ Withdrawal (none, request, application)
├ Amendment (none, partial amendment, resubmission, amendment application)
├ Issuance of official documents (none, yes)
├ Fee registration(Deferred payment)(None, Yes)
├ Completion of procedure (notification, withdrawal, resubmission, final acquisition of official documents)
└ Comment notification (none, with message, with file)
In addition, the following information is posted for each new application, withdrawal request, withdrawal application, and amendment application in the public document "API test procedure status transition list".
API test procedure status transition list
Status transition list
├ Procedure identifier
├ Procedure name
├ Operation / processing for application
│ ├ Withdrawal
│ ├ Amendment application
│ ├ Comment notification
│ ├ Issuing official documents
│ └ Change payment status
├ Application status and actions
│ ├ Prior status of application
│ │ ├ Target application
│ │ └ Application status (application sub-status)
│ ├ Action
│ │ ├ Operation on the user side
│ │ └ e-Presence or absence of Gov side processing
│ └ Post-application status
│ ├ Target application
│ └ Application status (application sub-status)
└ Remarks
Use these materials as a reference to create test data so that you can perform the desired test.
4.1 Standard format
The procedure identifier "900A010200001000" is taken up as test data. This procedure is "Notification of qualification for employment insurance insured / electronic application". Attachments are required and no official documents will be issued.
The required files are as follows. Regarding the file name, the specifications are determined in the public document "External Linkage API Application Data Specifications Common Data Specifications", so follow the rules.
| No | file category | File name | Remarks |
|---|---|---|---|
| 1 | Configuration management XML | kousei.xml | |
| 2 | Application form XML | 900A01020000100001_01.xml | Form ID (18 single-byte alphanumeric characters) + "_01 "fixed |
| 3 | Attached document | Attachment.docx |
These files are in the following hierarchy:
File hierarchy
kousei.xml
├ 900A01020000100001_01.xml
└ Attachment.docx
The information required for the configuration management XML (kousei.xml) is as follows.
| No | item | Contents | Remarks |
|---|---|---|---|
| 1 | Procedure identifier | 900A010200001000 | |
| 2 | Procedure name | API test procedure (labor insurance related procedure) (communication) 0001 / API test procedure (labor insurance related procedure) (communication) 0001 | Name to be described in "Procedure name tag" of configuration management XML |
| 3 | Form ID | 900A01020000100001 | |
| 4 | Application form name | API test procedure (labor insurance related procedure) (communication) 0001_01 | |
| 5 | Application form specification pattern | 0001 | Pattern in application form XML structure definition [API test procedure] |
| 6 | Reception administration ID | 100900 |
The conditions related to the procedure described in the configuration management XML (kousei.xml) are as follows.
| No | item | Contents | Remarks |
|---|---|---|---|
| 1 | Application type | Normal application | |
| 2 | Application form-Procedure identifier (application form) | 900A010200001000 | |
| 3 | Application form-Application form version | 0003 | |
| 4 | signature-Presence or absence | signatureあり(単署) | |
| 5 | signature-Maximum number of signatures | 1 | |
| 6 | Attached document-Presence or absence | Yes | |
| 7 | Attached document-Mandatory/Any | Mandatory | |
| 8 | Attached document-Document name fixed/Any | Document name fixed | Name the document "Test Attachment 1" |
| 9 | Attached document-Document name | Test attachment 1 | |
| 10 | Attached document-Sending method | Attachment | |
| 11 | Submission destination-Submission identifier | 900API00000000001001001 | |
| 12 | Submission destination-Submission name | Ministry of Internal Affairs and Communications,Administrative Management Bureau,API |
Embed this information in the configuration management XML (kousei.xml) tag.
kousei.xml
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet href="999000000000000001.xsl" type="text/xsl"?>
<DataRoot>
<Form ID>999000000000000001</Form ID>
<Style version>0001</Style version>
<STYLESHEET>999000000000000001.xsl</STYLESHEET>
<Configuration information ID="Configuration information">
<Management information>
<Procedure number>
<Reception administration ID>100900</Reception administration ID>
<Procedure ID>900A010200001000</Procedure ID>
</Procedure number>
<Procedure name>API test procedure (labor insurance related procedure) (communication) 0001 / API test procedure (labor insurance related procedure) (communication) 0001</Procedure name>
<First reception number/>
<Application type>New application</Application type>
<Applicant contact information>
<Applicant information>
<Full name>Hoge Hoge</Full name>
<Name Frigana>Pretending Gana</Name Frigana>
<Position/>
<Corporate organization name/>
<Corporate organization name Frigana/>
<Department name/>
<Department name Frigana/>
<Postal code>1200001</Postal code>
<Street address>Oyata, Adachi-ku, Tokyo</Street address>
<Address Frigana>Tokyo Adachi Kuoyata</Address Frigana>
<phone number>12-232-1232</phone number>
<Fax number/>
<e-mail address>[email protected]</e-mail address>
</Applicant information>
<contact info>
<Full name>Chinese characters</Full name>
<Name Frigana>Pretending Gana</Name Frigana>
<Position/>
<Corporate organization name/>
<Corporate organization name Frigana/>
<Department name/>
<Department name Frigana/>
<Postal code>1200001</Postal code>
<Street address>Oyata, Adachi-ku, Tokyo</Street address>
<Address Frigana>Tokyo Adachi Kuoyata</Address Frigana>
<phone number>12-232-1232</phone number>
<Fax number/>
<e-mail address>[email protected]</e-mail address>
</contact info>
<Delegation registration slip attachment information>
<issue number/>
<Delegation registration form name/>
<Delegation registration slip file name/>
</Delegation registration slip attachment information>
</Applicant contact information>
</Management information>
<Attachment attribute information>
<Attachment type>Attachment</Attachment type>
<Attachment name>Test attachment 1</Attachment name>
<Attachment file name>Attachment.docx</Attachment file name>
<Submission information>1</Submission information>
</Attachment attribute information>
<Fee information>
<Fee 1>
<Fee identifier/>
<Abbreviated subject code/>
<Abbreviated subject name/>
<Transfer amount of money/>
</Fee 1>
<Fee 2>
<Fee identifier/>
<Abbreviated subject code/>
<Abbreviated subject name/>
<Transfer amount of money/>
</Fee 2>
<Fee 3>
<Fee identifier/>
<Abbreviated subject code/>
<Abbreviated subject name/>
<Transfer amount of money/>
</Fee 3>
<Fee 4>
<Fee identifier/>
<Abbreviated subject code/>
<Abbreviated subject name/>
<Transfer amount of money/>
</Fee 4>
<Fee 5>
<Fee identifier/>
<Abbreviated subject code/>
<Abbreviated subject name/>
<Transfer amount of money/>
</Fee 5>
<Fee 6>
<Fee identifier/>
<Abbreviated subject code/>
<Abbreviated subject name/>
<Transfer amount of money/>
</Fee 6>
</Fee information>
<Communication column/>
<Ministry inquiry information>
<Ministry inquiry 1>
<Ministry inquiry information label/>
<Ministry inquiry information/>
</Ministry inquiry 1>
<Ministry inquiry 2>
<Ministry inquiry information label/>
<Ministry inquiry information/>
</Ministry inquiry 2>
<Ministry inquiry 3>
<Ministry inquiry information label/>
<Ministry inquiry information/>
</Ministry inquiry 3>
<Ministry inquiry 4>
<Ministry inquiry information label/>
<Ministry inquiry information/>
</Ministry inquiry 4>
<Ministry inquiry 5>
<Ministry inquiry information label/>
<Ministry inquiry information/>
</Ministry inquiry 5>
<Ministry inquiry 6>
<Ministry inquiry information label/>
<Ministry inquiry information/>
</Ministry inquiry 6>
<Ministry inquiry 7>
<Ministry inquiry information label/>
<Ministry inquiry information/>
</Ministry inquiry 7>
<Ministry inquiry 8>
<Ministry inquiry information label/>
<Ministry inquiry information/>
</Ministry inquiry 8>
<Ministry inquiry 9>
<Ministry inquiry information label/>
<Ministry inquiry information/>
</Ministry inquiry 9>
<Ministry inquiry 10>
<Ministry inquiry information label/>
<Ministry inquiry information/>
</Ministry inquiry 10>
</Ministry inquiry information>
<Submission information>
<Submission identifier>900API00000000001001001</Submission identifier>
<Submission name>Ministry of Internal Affairs and Communications,Administrative Management Bureau,API</Submission name>
</Submission information>
<Application form attribute information><Application form ID>900A01020000100001</Application form ID><Application form version>0003</Application form version>
<Application form name>API test procedure (labor insurance related procedure) (communication) 0001_01</Application form name><Application file name>900A01020000100001_01.xml</Application file name></Application form attribute information></Configuration information>
</DataRoot>
Create the application XML (900A01020000100001_01.xml) as follows.
900A01020000100001_01.xml
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="900A01020000100001.xsl" ?>
<DataRoot>
<Form ID>900A01020000100001</Form ID>
<Style version>0003</Style version>
<STYLESHEET>900A01020000100001.xsl</STYLESHEET>
<Form copy information>0</Form copy information>
<Doctype>1</Doctype>
<G00005-A-250045-001_1>
<Form type>13101</Form type>
<Insured number>
<Insured number 4 digits></Insured number 4 digits>
<Insured number 6 digits></Insured number 6 digits>
<Insured number CD></Insured number CD>
</Insured number>
<Get>1</Get>
<Insured name>Epee Ai Taro</Insured name>
<Insured name Frigana>API Taro</Insured name Frigana>
<Name after change></Name after change>
<Name after change Frigana></Name after change Frigana>
<sex>Man</sex>
<Birthday>
<Year>Showa</Year>
<Year>59</Year>
<Month>5</Month>
<Day>23</Day>
</Birthday>
<Office number>
<Office number 4 digits>1111</Office number 4 digits>
<Business office number 6 digits>222222</Business office number 6 digits>
<Office number CD>3</Office number CD>
</Office number>
<Qualification date>
<Year>Heisei</Year>
<Year>27</Year>
<Month>4</Month>
<Day>9</Day>
</Qualification date>
<Cause of becoming an insured person>1</Cause of becoming an insured person>
<wage>
<Payment mode>1</Payment mode>
<Monthly wage>500</Monthly wage>
</wage>
<Employment status>7</Employment status>
<Occupation>1</Occupation>
<Insured person type classification at the time of acquisition/>
<No need to check for multiple numbers/>
<Provision of contract period>Yes</Provision of contract period>
<Whether or not the contract period is set>
<There is a fixed contract period>
<Contract period start>
<Year>Heisei</Year>
<Year>27</Year>
<Month>4</Month>
<Day>9</Day>
</Contract period start>
<End of contract period>
<Year>Heisei</Year>
<Year>28</Year>
<Month>3</Month>
<Day>31</Day>
</End of contract period>
<Existence of contract renewal clause>Yes</Existence of contract renewal clause>
</There is a fixed contract period>
</Whether or not the contract period is set>
<Scheduled working hours per week>
<time>40</time>
<Minutes>0</Minutes>
</Scheduled working hours per week>
<Business name>Examination Co., Ltd.</Business name>
<Remarks column_Applicant>
<Country of Citizenship/>
<Status of residence/>
<Period of stay>
<Year/>
<Month/>
<Day/>
</Period of stay>
<Whether or not there is permission for activities outside the qualification/>
<Dispatched contract worker/>
<Remarks/>
</Remarks column_Applicant>
<Business owner>
<Street address>Tokyo</Street address>
<Full name>Test owner</Full name>
<phone number>
<Area code>03</Area code>
<City code>3030</City code>
<Subscriber number>3333</Subscriber number>
</phone number>
</Business owner>
<Notification date>
<Year>Heisei</Year>
<Year>27</Year>
<Month>4</Month>
<Day>1</Day>
</Notification date>
<address>Shinagawa</address>
<Social insurance labor consultant entry column>
<Date of creation>
<Year>Heisei</Year>
<Year></Year>
<Month></Month>
<Day></Day>
</Date of creation>
<Submission agent Display of administrative agent></Submission agent Display of administrative agent>
<Full name></Full name>
<phone number>
<Area code></Area code>
<City code></City code>
<Subscriber number></Subscriber number>
</phone number>
<Supplementary column></Supplementary column>
</Social insurance labor consultant entry column>
<Remarks column_Staff>
<Remarks></Remarks>
<Confirmation notification date>
<Year>Heisei</Year>
<Year></Year>
<Month></Month>
<Day></Day>
</Confirmation notification date>
</Remarks column_Staff>
<Xmit>0</Xmit>
</G00005-A-250045-001_1>
</DataRoot>
If you comply with the restrictions such as whether data can be omitted in each tag, the number of characters, and the character type, the format check etc. will pass without problems. Since it is test data, fictitious content is fine.
4.2 Individual file signature format
The procedure identifier "950A102200039000" is taken up as test data. This procedure is "National Pension Insured Qualification Acquisition / Type Change / Type Confirmation (No. 3 Insured Person Applicable) Notification / Electronic Application". No attachments are required and official documents will be issued.
The required files are as follows.
| No | file category | File name | Remarks |
|---|---|---|---|
| 1 | Configuration management XML | kousei.xml | |
| 2 | Application form XML ① | 950A10220003900001_01.xml | Form ID (18 single-byte alphanumeric characters) + "_01 "fixed |
| 3 | Configuration information XML for application form ① | kousei20200716142110000.xml | ‘kousei’+ yyyyMMddHHmmssSSS |
| 4 | Application form XML② | 950A10220003900002_01.xml | |
| 5 | Configuration information XML for application form ② | kousei20200716142115000.xml |
"YyyyMMddHHmmssSSS" in the configuration information XML for the application form is the creation date and time (in hundredths of a second) of the file to be added to make the file name unique in the application matter folder. This is also described in the public document "External Linkage API Application Data Specification Common Data Specification".
These files have the following hierarchy.
File hierarchy
kousei.xml
├ 950A10220003900001_01.xml
├ kousei20200716142110000.xml
├ 950A10220003900002_01.xml
└ kousei20200716142115000.xml
The specific contents of xml will be omitted.
5. About data conversion tools
In the future, when creating test data and checking the operation, Data conversion tool will be used. With this tool, you can calculate the hash value, encode or decode in Base64 format, and output the encoded or decoded result to a file. Use the tool in the following cases.
--Verify the hash value calculated by the signed xml generation driver --Encode Zip format application dataset to Base64 format to create application data --Decode the official document downloaded from e-Gov in Base64 format and output it to a file.
6. Create a signed xml generation driver
This time, we will create a signed xml generation driver for user registration / authentication and batch application. In the batch application, the files to be signed differ between the standard format and the individual file signature format, so create a driver corresponding to each.
6.1 User registration / authentication
In the case of user registration / authentication, the hash value is calculated for the range enclosed by the \
Before executing the tool, it is necessary to set the user ID specified in the e-Gov verification environment usage application in the environment variable "EGOV_USER_ID".
The signed xml generation driver is:
make_register_xml.rb
require 'kiji'
egov_env = {
"KEY" => File.expand_path("./Certificate/e-GovEE01_sha2.pfx"),
"KEY_PASSWORD" => "gpkitest",
}
user_id = ENV["EGOV_USER_ID"]
pkcs12 = OpenSSL::PKCS12.new(File.open(egov_env["KEY"], "rb"),egov_env["KEY_PASSWORD"])
#Set user ID
appl_data = Nokogiri::XML::Builder.new do |xml|
xml.DataRoot {
xml.ApplData(Id: 'ApplData') {
xml.UserID user_id
}
}
end
doc = appl_data.to_xml(save_with: 0)
signer = Kiji::Signer.new(doc) do |s|
s.cert = pkcs12.certificate
s.private_key = pkcs12.key
s.digest_algorithm = :sha256
s.signature_digest_algorithm = :sha256
end
signer.security_node = signer.document.root
#Calculate the digest value
signer.document.xpath('/DataRoot/ApplData').each do |node|
signer.digest!(node, id: '#ApplData')
end
#Sign
signer.sign!(issuer_serial: true)
#Write to xml
File.write("register.xml", signer.to_xml)
6.2 Bulk application
(1) Standard format
In the standard format, the point is that the configuration management XML becomes a signed xml. Follow the steps below to sign.
- Create a zipper instance
- Create a signed configuration management XML by passing the configuration management XML to the first argument (signature output destination) of zipper and the file path of the application XML (+ attachment) to the second argument (signing target).
- Consolidate the signed configuration management XML and application XML (+ attachment) into a zip file
- If there are multiple procedures, repeat 2 for each procedure and then perform 3 at the end.
The driver to be created is make_zip_file_standard_format.rb. Regarding driver input / output, there is ./zip_data/standard/ in the folder where the driver is located, and there are in and out folders under it.
In the in folder, there is a 900A010200001000 (1) folder, and there are the following 3 files. ・ This is the reason. xml ・ 900A01020000100001_01.xml ・ Attachment .docx
For the certificate file, create a certificate folder directly under the folder where the driver is located, and place e-GovEE01_sha2.pfx in it.
Before running the driver, the out folder is empty. When you run the driver, a 900A010200001000 (1) folder, apply_data.zip will be created. The 900A010200001000 (1) folder has the same files as the in folder, and the kousei.xml here is a signed xml. About apply_data.zip, it is a zip format of 900A010200001000 (1) folder.
Encode apply_data.zip into Base64 format using the Data Conversion Tool (https://hogehoge.tk/tool/). Insert the encoding result into the \
After executing the driver, the execution environment will be in the following state.
Standard format layout
Execution environment/
├ make_zip_file_standard_format.rb
├ Certificate/
│ └ e-GovEE01_sha2.pfx
└ zip_data/
└ standard/
├ in/
│ └ 900A010200001000(1)/
│ ├ kousei.xml
│ ├ 900A01020000100001_01.xml
│ └ Attachment.docx
└ out/
├ 900A010200001000(1)/
│ ├ kousei.xml
│ ├ 900A01020000100001_01.xml
│ └ Attachment.docx
└ apply_data.zip
The signed xml generation driver is:
make_zip_file_standard_format.rb
require 'fileutils'
require 'zip'
require "cgi"
require 'date'
require 'kiji'
#Signature file, password
Key = "./Certificate/e-GovEE01_sha2.pfx"
password = "gpkitest"
#Define the input / output destination path
input_base_path = "./zip_data/standard/in/"
output_base_path = "./zip_data/standard/out/"
#Define file path for input / output data
Procedure = Struct.new(:folder, :kousei_xml, :application_xml, :attachment_file)
proc = Procedure.new("900A010200001000(1)","kousei.xml","900A01020000100001_01.xml","Attachment.docx")
input_path = "#{input_base_path}/#{proc.folder}"
output_path = "#{output_base_path}/#{proc.folder}"
signed_xml_path = "#{input_path}/#{proc.kousei_xml}"
style_file_path = "#{input_path}/#{proc.application_xml}"
attachment_file_path = "#{input_path}/#{proc.attachment_file}"
app_files_path = ["#{style_file_path}", "#{attachment_file_path}"]
#Delete the output destination folder, file, etc.
Dir.glob("#{output_base_path}/*") do |f|
FileUtils.rm_r(f)
end
#Zipper generation
pkcs12 = OpenSSL::PKCS12.new(File.open(Key, "rb"),password)
zipper = Kiji::Zipper.new() do |s|
s.cert = pkcs12.certificate
s.private_key = pkcs12.key
end
#Sign
signer = zipper.sign(signed_xml_path, app_files_path)
#Create an application folder
FileUtils.mkdir_p(output_path)
#Export signed xml
File.write("#{output_path}/#{proc.kousei_xml}", signer.to_xml)
#Copy the application XML and attachments
app_files_path.each do |f|
FileUtils.cp(f, output_path)
end
#Zip the output folder
zipper.write_zip(output_base_path, "#{output_base_path}/apply_data.zip")
(2) Individual file signature format
In the individual file signature format, the point is that "configuration information XML for application ①" and "configuration information XML for application ②" are signed xml respectively (kousei.xml is not signed xml). .. Follow the steps below to sign.
- Create a zipper instance
- Pass the file path of "application form (1) configuration information XML" to the first argument (signature output destination) of zipper and "application form (2) XML" to the second argument (signature target), and "configuration information for application form (1)". Add a signature to "XML"
- Pass the file path of "application form ② XML" to the first argument (signature output destination) of zipper and "application form ② XML" to the second argument (signature target), and "configuration information for application form ②". Add a signature to "XML"
- Configure configuration management XML, configuration information XML for application (1), application (1) XML, configuration information XML for application (2), and application (2) XML in a zip file.
- If there are multiple procedures, repeat steps 2 and 3 for each procedure, and finally do 4.
The driver to be created is make_zip_file_individual_signature_format.rb. Regarding driver input / output, there is ./zip_data/indivisual/ in the folder where the driver is located, and there are in and out folders under it. In the in folder, there is a 950A102200039000 (1) folder, and there are the following 5 files. ・ Kousei.xml // Configuration management XML ・ 950A10220003900001_01.xml // Application XML ① ・ Kousei20200716142110000.xml // Configuration information XML for application XML ① ・ 950A10220003900002_01.xml // Application form XML② ・ Kousei20200716142115000.xml // Configuration information XML for application XML②
For the certificate file, create a certificate folder directly under the folder where the driver is located, and place e-GovEE01_sha2.pfx in it.
Before running the driver, the out folder is empty. When you run the driver, a 950A102200039000 (1) folder, apply_data.zip will be created. The 950A102200039000 (1) folder has the same files as the in folder. However, kousei20200716142110000.xml and kousei20200716142115000.xml here are signed xml. About apply_data.zip, it is a zip format of the 950A102200039000 (1) folder.
Encode apply_data.zip into Base64 format using the Data Conversion Tool (https://hogehoge.tk/tool/). Insert the encoding result into the \
After executing the driver, the execution environment will be in the following state.
Individual file signature format layout configuration
Execution environment/
├ make_zip_file_individual_signature_format.rb
├ Certificate/
│ └ e-GovEE01_sha2.pfx
└ zip_data/
└ indivisual/
├ in/
│ └ 950A102200039000(1)/
│ ├ kousei.xml
│ ├ 950A10220003900001_01.xml
│ ├ kousei20200716142110000.xml
│ ├ 950A10220003900002_01.xml
│ └ kousei20200716142115000.xml
└ out/
├ 950A102200039000(1)/
│ ├ kousei.xml
│ ├ 950A10220003900001_01.xml
│ ├ kousei20200716142110000.xml
│ ├ 950A10220003900002_01.xml
│ └ kousei20200716142115000.xml
└ apply_data.zip
The signed xml generation driver is:
make_zip_file_individual_signature_format.rb
require 'fileutils'
require 'zip'
require "cgi"
require 'date'
require 'kiji'
#Define signature file and password
Key = "./Certificate/e-GovEE01_sha2.pfx"
password = "gpkitest"
#Define the input / output destination path
input_base_path = "./zip_data/indivisual/in/"
output_base_path = "./zip_data/indivisual/out/"
#Delete the output destination folder, file, etc.
Dir.glob("#{output_base_path}/*") do |f|
FileUtils.rm_r(f)
end
#Define file path for input / output data
Procedure = Struct.new(:folder, :kousei_xml,
:config_info_appl_xml, :application_xml,
:config_info_appl_xml_2, :application_xml_2)
proc = Procedure.new("950A102200039000(1)","kousei.xml",
"kousei20200716142110000.xml","950A10220003900001_01.xml",
"kousei20200716142115000.xml","950A10220003900002_01.xml")
input_path = "#{input_base_path}/#{proc.folder}"
output_path = "#{output_base_path}/#{proc.folder}"
#Create an application folder
FileUtils.mkdir_p(output_path)
#Zipper generation
pkcs12 = OpenSSL::PKCS12.new(File.open(Key, "rb"),password)
zipper = Kiji::Zipper.new() do |s|
s.cert = pkcs12.certificate
s.private_key = pkcs12.key
end
#Sign the configuration information XML for Application Form 1
signed_xml_path = "#{input_path}/#{proc.config_info_appl_xml}"
style_file_path = ["#{input_path}/#{proc.application_xml}"]
signer = zipper.sign(signed_xml_path, style_file_path)
#Export signed xml
File.write("#{output_path}/#{proc.config_info_appl_xml}", signer.to_xml)
#Sign the configuration information XML for application form 2.
signed_xml_path_2 = "#{input_path}/#{proc.config_info_appl_xml_2}"
style_file_path_2 = ["#{input_path}/#{proc.application_xml_2}"]
signer = zipper.sign(signed_xml_path_2, style_file_path_2)
#Export signed xml
File.write("#{output_path}/#{proc.config_info_appl_xml_2}", signer.to_xml)
#List the application XML and attachments to copy
copy_files_path = ["#{input_path}/#{proc.kousei_xml}", style_file_path, style_file_path_2]
#Copy the application XML and attachments
copy_files_path.each do |f|
FileUtils.cp(f, output_path)
end
#Zip the output list
zipper.write_zip(output_base_path, output_base_path + "apply_data.zip")
Recommended Posts