服务描述
提供数字签名的服务。
NDI: Digital Signing Service (DSS) 签名服务提供方。
Signing Type: Document Signing and Transaction Signing 文档签名和交易签名。
Action: 主要操作包括Sign和Status。
主要API
POST /ndi/transactions/sign
Transactions Sign。
就是用请求体中的transactionInstructions和transactionId生成Transaction Hash和JWS,并返回。
| 请求参数 | 描述 |
|---|---|
| transactionInstructions | String,最大长度512 |
| transactionId | String |
| 响应参数 | 描述 |
|---|---|
| nonce | String,10位随机字符串 |
| state | String,10位随机字符串 |
| transactionPayload | String,已签名的JWT,包括tranaction hash(通过transactionId:transactionInstructions的HASH计算得到) |
POST /ndi/transactions/status
Transactions Status. 校验sign code。
步骤:
1)通过state,查询transaction_details_v2表,获得Nonce。
2)通过配置文件获取subject、audience、issuer、issueTime、expirationTime、claim,生成jws。
3)调用singpass/txn-signature,传参jws和sign_code,返回token。
4)通过token,校验Nonce,是否过期,校验singpass_Id或legal_id。
5)从token解析出expiryTime、signatureTime、txnHash和txnHashSignature并返回。
| 请求参数 | 描述 |
|---|---|
| sign_code | String, received from NDI,随机字符串 |
| state | String, received from /ndi/transactions/sign,随机字符串 |
| 响应参数 | 描述 |
|---|---|
| signatureTime | String, signed time,签名时间 |
| expiryTime | String, expiry time,过期时间 |
| txnHashSignature | String, signed transaction hash,签名的交易hash |
| txnHash | String, transaction hash,交易hash |
POST /internal/ndi/doc/sign
not in use.
POST /internal/ndi/doc/hash
not in use.
GET /internal/ndi/doc/sign/{authorizationId}/status
POST /ndi/doc/callback
POST /internal/ndi/nca/json/ocsp
POST /internal/ndi/nca/ocsp
GET v1/.well-known/jwks.json
Retrieve JWKs.
| 请求参数 | 描述 |
|---|---|
| 响应参数 | 描述 |
|---|---|
流程
主要业务流程
主要架构设计方案
主要数据库设计
transaction_details_v2
| Field | Remark | Value |
|---|---|---|
| txn_id | txn_id | |
| nonce | ||
| state | ||
| jws | ||
| singpass_Id | UUID | |
| legal_id |
DOC_SIGNING_DETAILS
文档签名明细表。
| Field | Remark | Value |
|---|---|---|
| id | id | UUID |
| CHNL_CD | ||
| TRANSACTION_ID | ||
| USER_ID | ||
| SIGNPASS_UUID | ||
| LEGAL_ID | ||
| DOC_NAME | ||
| DOC_HASH | ||
| DOC_HASH_SIGNATURE | ||
| NOTIFICATION_TOKEN | ||
| CHALLENGE_CODE | ||
| NONCE | ||
| USER_CERT | ||
| EXPIRE_AT | ||
| ERROR_DETAILS | ||
| ERROR_CODE | ||
| ERROR_DESC | ||
| SIGNING_TIME | ||
| STS_CD | USER_ACTION - pending user to scan (no user certificate available) USER_APPROVAL - pending user to enter 6 digit challenge code and approve (user certificate available but no signature) APPROVED - approved and signed (signature available) FAILED - refer to error field for details | |
| VER_NBR | ||
| CRT_BY | ||
| CRT_TIME | ||
| UPT_BY | ||
| UPT_TIME |
PRIMARY_KEY (ID, CRT_TIME)
RANGE PARTITION (CRT_TIME)
遇到的问题和解决方案
优缺点和改进方案分析,业界对比
Attachments:
C5B856E0-CEB6-466F-8A76-5BF898AA6C60.png (image/png)
image2023-10-1_22-46-23.png (image/png)
image2023-10-1_22-28-53.png (image/png)
image2023-10-1_22-18-23.png (image/png)
image2025-4-7_22-3-5.png (image/png)
image2025-4-12_21-58-15.png (image/png)