Remove KSBA from dependecies

[libisds.git] / doc / user_web_services

User web services specification
===============================

Source: Provozní řád ISDS, version 2010-01-22, Pages 14–15
Source: Webové služby ISDS pro manipulaci s datovými zprávami,
    version 2.6 (2010-01-18)
Source: Webové služby ISDS pro vyhledávání datových schránek,
    version 2.7 (2009-12-18)


These services are intended for working with messages inside a box by
a regular user.

SOAP web services defined in: dm_operations.wsdl, dm_info.wsdl, db_search.wsdl
(Appendix 2 of Provozní řád ISDS)

Data types: dmBaseTypes.xsd (Appendix 1)

Documentation: DataMessage_ws.pdf, DBSearch_ws.pdf (Appendix 2)

List of SOAP requests follows. Those marked with asterisk DOES NOT MARK
noncommercial incoming messages as delivered.


dm_operations.wsdl
==================

URL postfix: dz
Constraints: Client must be authenticated in Access Manager

CreateMessage (*)
    Create and send a message
CreateMultipleMessage (*)
    Create and send a message to multiple recipients
MessageDownload
    Download incoming message
SignedMessageDownload
    Download incoming message with digital signature of ministery of interiors
SignedSentMessageDownload
    Download outgoing message with digital signature of ministery of interiors
DummyOperation
    Void operation used to log in and to keep connection alive


dm_info.wsdl
============

URL postfix: dx
Constraints: Client must be authenticated in Access Manager

VerifyMessage
    Verify local copy of message with remote original stored in ISDS
MessageEnvelopeDownload
    Download envelope of incoming message
MarkMessageAsDownloaded
    Mark message as read
ConfirmDelivery
    Mark commercial message as accepted by recipient
GetDeliveryInfo
    Download infosheet about message post and delivery
GetSignedDeliveryInfo
    Download infosheet about message post and delivery with signature of
    ministery of interiors
GetListOfRecievedMessages
    Download list of incoming messages
GetListOfSentMessages
    Download list of outgoing messages


db_search.wsdl
==============

URL postfix: df

FindDataBox (*)
    Find boxes conforming to serch criteria
CheckDataBox (*)
    Return state of given box


CreateMessage (*)
=============

Create and send a message.

Envelope of outgoing message must contain dbIDRecipient and dmAnnotation.
Other elements are optional (dmRecipientOrgUnit, dmRecipientOrgUnitNum,
dmSenderOrgUnit, dmSenderOrgUnitNum, dmToHands, dmPersonalDelivery,
dmAllowSubstDelivery, dmRecipientRefNumber, dmRecipientIdent,
dmSenderRefNumber, dmSenderIdent, dmLegalTitleLaw, dmLegalTitleYear,
dmLegalTitleSect, dmLegalTitlePar, dmLegalTitlePoint, dmOVM).

Constraints: Sender must have PRIVIL_CREATE_DM permission.
Constraints: Exactly one document in message must be main type.
Constraints: Total size of all documents must not be bigger than 10 MB.

Identifier of just sent message assigned by system is returned.

Error codes:
    0000    Message sent successfully
Non-normative error codes:
    1214    Document desciption is not a filename with acceptable file name
            extension
    1214    Document description extension does not match document content
    1214    Provided MIME type does not match document
    2010    First document structure invalid
    2032    Message does not carry any document
    9005    Message not valid (probably)

In case of positive virus detection (processed after sending), infected
document is removed, message state is set to value 3 (from point of view of
recipient) and sender get new message originated by server.


CreateMultipleMessage (*)
=====================

Create and send a message to multiple recipients.

Input composes of nonempty list of recipients (maximal count is 50),
one envelope (different from envelope for CreateMessage, misses elements from
dmRecipient) and list of documents to send to all of them to each recipient.

Only dbIDRecipient and dmToHands are mandatory. Other dmRecipient childs are
optional.

Structure:
CreateMultipleMessage
    + dmRecipients
    |   + dmRecipient
    |   |   + dbIDRecipient – recipient box ID
    |   |   + dmRecipientOrgUnit
    |   |   + dmRecipientOrgUnitNum
    |   |   + dmToHands – can be empty, but must not missing
    |   + dmRecipient
    |   ⋮ 
    + dmEnvelope
    |   + <other elements, usually empty>: dmSenderOrgUnit, dmSenderOrgUnitNum,
    |   |   dmAnnotation, dmRecipientRefNumber, dmSenderRefNumber,
    |   |   dmRecipientIdent, dmSenderIdent, dmLegalTitleLaw,
    |   |   dmLegalTitleYear, dmLegalTitleSect, dmLegalTitlePar,
    |   |   dmLegalTitlePoint, dmPersonalDelivery, dmAllowSubstDelivery
    |   + dmOVM – optional
    + dmFiles

ISDS outputs list of assigned message IDs (each copy gets independent ID),
list of sent status for each message ID and one cumulative status of
whole CreateMultipleMessage operation.

If operation failes before replicating messages for each recipient
(i.e. sending), global error code will be non-zero. If operation fails on some
message copies (i.e. while sending) special global error code 0004 will be
returned and errornous recipients can be gather by recipient specific error
code (failed ones will have non-zero code). If all messages are sent
successfully, global error code will be 0000.

Structure:
CreateMultipleMessageResponse
    + dmMultipleStatus
    |   + dmSingleStatus
    |   |   + dmID – assigned message ID, optional, missing if error occured
    |   |   + dmStatus – message local error code and textual desciption
    |   + dmSingleStatus
    |   ⋮
    + dmStatus – global error code and textual description

Global error codes:
    0000    Messages sent successfully
    0004    Some message failed while sending


MessageDownload
===============

Retrieve incoming message identified by message ID.

Commercial message must be accepted manually by ConfirmDelivery before.
Commetcial message has set dmReturnedMessage/@dmType="K".

Error codes:
    0000    Message sent successfully
Non-normative error codes:
    1219    Message with ID does not exist in ISDS in current box.


SignedMessageDownload
=====================

Download incoming message with digital signature of ministery of interiors
identified by message ID.

Return PKCS#7 structure containing data as defined in MessageDownload and
digital signature of the message by ministery.

The data are XML document with mangled ISDS name space:
http://isds.czechpoint.cz/v20/ vs. http://isds.czechpoint.cz/v20/message:

<q:MessageDownloadResponse
     xmlns:q="http://isds.czechpoint.cz/v20/message">
  <q:dmReturnedMessage>
     <p:dmDm xmlns:p="http://isds.czechpoint.cz/v20">
         <p:dmID>151916</p:dmID>
         ...
     </p:dmDm>
     <q:dmHash algorithm="SHA-1">...</q:dmHash>
     ...
     <q:dmAttachmentSize>260</q:dmAttachmentSize>
  </q:dmReturnedMessage>
</q:MessageDownloadResponse>

Commercial message must be accepted manually by ConfirmDelivery before.


SignedSentMessageDownload
=========================

Download outgoing message with digital signature of ministery of interiors
identified by ID.

Return PKCS#7 structure containing data as defined in MessageDownload and
digital signature of the message by ministery.

The data are XML document with mangled ISDS name space:
http://isds.czechpoint.cz/v20/ vs. http://isds.czechpoint.cz/v20/SentMessage:

<q:MessageDownloadResponse
     xmlns:q="http://isds.czechpoint.cz/v20/SentMessage">
  <q:dmReturnedMessage>
     <p:dmDm xmlns:p="http://isds.czechpoint.cz/v20">
         <p:dmID>151916</p:dmID>
         ...
     </p:dmDm>
     <q:dmHash algorithm="SHA-1">...</q:dmHash>
     ...
     <q:dmAttachmentSize>260</q:dmAttachmentSize>
  </q:dmReturnedMessage>
</q:MessageDownloadResponse>


GetListOfRecievedMessages
=========================

Download list of incoming messages matching search criteria.

See GetListOfSentMessages for more details.


GetListOfSentMessages
=====================

Download list of outgoing messages matching search criteria.

Criteria are: delivery time not before, not after, organisation unit number of
sender, message status filter, offset of first message in a list and limit on 
number of messages to get.

Message status filter is union of distinct message states expressed as
exponents of 2. Effectively it's a polynom \sum_{x \in message_statux} 2^x.
Special value -1 means all messages. Meaning for value 1 or 0 is undefined.

Messages are sorted in order of delivery time. Message type is stored in
dmRecord/@dmType.

Offset starts on 1. Limit defaults to 1000.

Non-normative error codes:
    2017    Syntax error in date-time


VerifyMessage
=============

Retrieve message hash (dmHash element) for given message from ISDS.

Works for not yet deleted messages only.

Only SHA-1 algorithm is in use currently. SHA-2 family is expected after
2010 year begining.

Hash input is isds:dmDM subtree procesed as raw bit stream without XML
canonicalization. Authoritative isds:dmDM element can be get via
MessageDownload service. God bless ISDS developers to not change XML
serialization.

Non-normative error codes:
    1219    Message with ID does not exist in ISDS.


MessageEnvelopeDownload
=======================

Download envelope of incoming message. That is message without documents.
Message type is stored in dmReturnedMessageEnvelope/@dmType.

Returend hash and timestamp are computed from whole message. You must get
complete message inluding documents to be able to verify them.


MarkMessageAsDownloaded
=======================

Change status of a message identidied by its ID as read.

That means next GetListOfRecievedMessages service can exclude such message if
only unread messages requested.


ConfirmDelivery
===============

Mark commercial message as accepted by recipient.

Changes message state from delivered (4) to accepted (6). Appliable only to
commercial messages. Messages from public offices (municipalities, government
etc.) are accepted automatically by login on interactive web portal or by
triggering most of SOAP operations.

Must be called before downloading (signed or unsigned) incoming message
[Signed]MessageDownload.


GetDeliveryInfo
===============

Download infosheet about incoming or outgoing message post and delivery or
deliver impossibility. The message is specified by message ID.

It returns complete message envelope, hash, timestamp. Delivery time and
acceptance time only if message has been delivered to recipient box or
accepted by recipient. Precise status of message is returned too.

In addition, non-empty list of events is attached. Each event compounds of
ISO time and text description. The text description has well-known prefix to
distinguishe the event meaning. Following prefixes are defined:

    Prefix  Meaning
    -----------------------------------------------------
    EV1:    Message has been accepted by recipient action
    EV2:    Message has been delivered to box and is considered as accepted by
            no-user-action time out (through fiction)
    EV3:    Recipient box has been made unaccessible retrospectively
            (even after successful delivery or acceptance,
            this event is retroactive). In this case special system-generated
            message is sent to sender in addition.
    EV4:    Commercial message has been accepted by recipient confirmation


GetSignedDeliveryInfo
=====================

Download infosheet about incoming or outgoing message post and delivery or
deliver impossibility as signed PKCS#7 structure. See GetDeliveryInfo for
details about returned data.

The PKCS#7 structure carries digital signature made by ministery of interiours.

There is mangled namespace again: http://isds.czechpoint.cz/v20/ vs.
http://isds.czechpoint.cz/v20/delivery:

<q:GetDeliveryInfoResponse xmlns:q="http://isds.czechpoint.cz/v20/delivery">
  <q:dmDelivery>
    <p:dmDm xmlns:p="http://isds.czechpoint.cz/v20">
      <p:dmID>170272</p:dmID>
      ...
    </p:dmDm>
    <q:dmHash algorithm="SHA-1">...</q:dmHash>
    ...
    </q:dmEvents>...</q:dmEvents>
  </q:dmDelivery>
</q:GetDeliveryInfoResponse>
             

FindDataBox (*)
===========

Find boxes conforming to serch criteria or exact ID and returns corresponding
(possibly truncated) list of boxes.

Returned boxes exist, but it does not mean they can recieve messages. Use
CheckDataBox to figure out.

There are three different search cases distinguished in this order:

    – If dbID is filled in request, will search only for exact box, other
    criteria will be ignored.

    – If identifier and registryCode are filled, will search only for exact
    box, other criteria will be ignored.

    – Otherwise search against other criteria.

Returns list of boxes (possibly empty).

List can be truncated or search request refused because of not enought
specific criteria to protect user privacy. There are following contrains
differentiated by box type now:

Gross Box type  Constraints (requried search criteria)
------------------------------------------------------
FO              pnLastName or pnLastNameAtBirth
PFO             ic or pnLastName or pnLastNameAtBirth
PO              ic or prefix (at least 3 characters) of firmName
OVM             ic or prefix of firmName

String search criteria are matched case insensitive.

Search results depends or logged-in user type. Users of boxes with open
addressing can search other open-addressing boxes, otherwise only OVM type
boxes can be searched. Search based on exact box identifier finder unlimited.

Error codes:
    0002    No box suits to search request (by other criteria)
    0003    To much boxes suit to search request (by other criteria),
            response truncated. Returned list of boxes is still valid.
    5001    No such box exists (by box ID or registry identifier)
Non-normative error codes:
    1101    Box type (dbType) must be specified
    2017    Syntax error in date (biDate)


CheckDataBox (*)
============

Return state of one box identified by dbID.

State of the box is stored in dbStatus element. Only state 1 means box is
capable of receiving messages.

Error codes:
    5001    Box does not exist
Non-normative:
    2011    Box ID malformed