ЕСОЗ - публічна документація

(Deprected) IL.Sign declaration request

Owned by Aleksandr Virny (Unlicensed)
Last updated: Mar 02, 2023 by Serhii Boldin (SoE eHealth)
3 min read


The process is initiated by any employee with necessary scopes in this legal entity and involves the transfer of a signed declaration with electronic digital signature. 

Process is asynchronous. If all validations are successfully completed, the asynchronous process of creating a declaration starts by processing the message.

Authorize user

  1. Verify the validity of access token
  2. Check user scopes in order to perform this action
    1. In case error - generate 401 response

Digital signature

Decode content that is encrypted in an electronic digital signature.
Use Digital signature WS. Method checks digital signature and returns result.
See service specification

Validate DRFO

  1. Check that DRFO in Certificate details exists and not empty
  2. Check that DRFO in Certificate details is equal to DRFO in Party
    1. Get party.tax_id using employee_id in declaration payload
    2. Compare DRFO in Certificate with party.tax_id
      1. Convert DRFO and TAX_ID to uppercase
      2. Compare DRFO and TAX_ID as Cyrillic letters
      3. Convert DRFO to Cyrillic and compare as Cyrillic letters
    3. In case validation fails - generate 422 error

Latin to Cyrillic mapping

%{"A" => "А", "B" => "В", "C" => "С", "E" => "Е", "H" => "Н", "I" => "І", "K" => "К", "M" => "М", "O" => "О", "P" => "Р", "T" => "Т", "X" => "Х"}


Validate request

  1. Validate request using JSON schema (See specification)
    1. In case validation fails - generate 422 error
  2. Check declaration request status
    1. If status is not APPROVED, - returned error 'Incorrect status'

Check signed content

Check decoded signed content with previously created on IL.db.

SELECT data
FROM declaration_requests
WHERE id = {:id}

In case if they are not equal - generate 422 error (message: "Signed content does not match the previously created content")

Check employee

Declaration_request can be signed by any employee with necessery scopes in equal legal_entity_id.

  1. Extract legal_entity_id (client_id) from token
  2. Extract employee_id from request
  3. Check if $.client_id=employees.legal_entity_id 
    1. in case error return 422 

Check patient_signed flag

  • If "patient_signed" is not present in request, return 422 ("required property patient_signed was not present")

  • If "patient_signed"=false in request, return 422 ("Patient must sign declaration form")

Validate human readable declaration number

Search declaration_number in declarations.declaration_number.

  • if exists return 422 - message 'Declaration with the same declaration_number is already exist in DB' 

Save signed declaration to media storage

  1. Get url for declaration upload.
    Use Request a Secret WS

    ParameterSource
    action'GET'
    bucket'DECLARATIONS'
    resource_id: DECLARATION_ID
    resource_name: DECLARATION_NAME
  2. Upload signed declaration to media storage

Create/update person

If person.id is in request then add mpi_id to declaration request. Update MPI.persons with new parameters.

If person.id is not in request then create new person (do not search again for declarations in status ACTIVE or APPROVED)

Get active declarations

Search for active declarations using MPI ID

    1. If found, - terminate them and create new declaration.
    2. If not found - create new declaration.

Terminate declaration

In case active declarations found - terminate all by changing status to INACTIVE.

Create declaration

  1. Check authentication_method_current

    SELECT authentication_method_current
FROM declaration_requests
WHERE id = {:id}
    1. If "type" = "OFFLINE"
      1.  set declaration status to "PENDING_VERIFICATION"
      2. set reason to 'offline'
    2. if "type" = "OTP" - set declaration status to "ACTIVE" 
  2. Check persons 'no_tax_id' flag
    1. if 'no_tax_id'=true 
      1. set declaration status to "PENDING_VERIFICATION"
      2. set reason to 'no_tax_id'
  3. Create a new declaration by adding a new entity to the declarations table ops_db without declaration_id.
    1. if there is existing record in the declarations table with the same id and declaration_request_id, return ok to IL

Mapping:

DestinationSource
employee_iddeclaration_request.data.employee.id
person_id:mpi_id
start_datedeclaration_request.data.start_date
end_datedeclaration_request.data.end_date
statusACTIVE / PENDING_VERIFICATION
signed_at:timestamp
is_active

true

scopedeclaration_request.data.scope
division_iddeclaration_request.data.division.id
legal_entity_iddeclaration_request.data.legal_entity.id


Update declaration request status

Update declaration request:

UPDATE declaration_requests
SET status = 'SIGNED'
WHERE id = {:id}


Generate link for personal online cabinet 

Extract person.email from request

  1. if person.email is not null
    1. generate link to personal online cabinet - TBD

ЕСОЗ - публічна документація