/// <summary>
/// Verifies eIDAS alias with an eIDAS certificate, containing auth number equal to the value
/// of the alias.Before making this call make sure that:<ul>
/// <li>The member is under the realm of a bank(the one tpp tries to gain access to)</li>
/// <li>An eIDAS-type alias with the value equal to auth number of the TPP is added
/// to the member</li>
/// <li>The realmId of the alias is equal to the member's realmId</li>
/// </ul>
/// </summary>
/// <returns>The eidas.</returns>
/// <param name="payload">payload payload containing the member id and the certificate in PEM format.</param>
/// <param name="signature">signature the payload signed with a private key corresponding to the certificate.</param>
/// <returns>a result of the verification process</returns>
public Task <VerifyEidasResponse> VerifyEidas(
VerifyEidasPayload payload,
string signature)
{
return(client.VerifyEidas(payload,
signature));
}
/// <summary>
/// Verifies eIDAS certificate.
/// </summary>
/// <returns>The eidas.</returns>
/// <param name="payload">payload payload containing member id and the certificate.</param>
/// <param name="signature">signature payload signed with the private key corresponding to the certificate.</param>
public Task VerifyEidas(
VerifyEidasPayload payload,
string signature)
{
var request = new VerifyEidasRequest
{
Payload = payload,
Signature = signature
};
return(gateway(authenticationContext())
.VerifyEidasAsync(request).ToTask());
}
/// <summary>
/// Recovers a TPP member and verifies its EIDAS alias using eIDAS certificate.
///
/// </summary>
/// <param name="client">token client</param>
/// <param name="memberId">id of the member to be recovered</param>
/// <param name="tppAuthNumber">authNumber of the TPP</param>
/// <param name="certificate">base64 encoded eIDAS certificate</param>
/// <param name="certificatePrivateKey">private key corresponding to the public key in the certificate</param>
/// <returns>verified business member</returns>
public static Member RecoverEidas(
Tokenio.Tpp.TokenClient client,
string memberId,
string tppAuthNumber,
string certificate,
byte[] certificatePrivateKey)
{
// create a signer using the certificate private key
Algorithm signingAlgorithm = Algorithm.Rs256;
ISigner payloadSigner = new Rs256Signer("eidas", certificatePrivateKey);
// generate a new privileged key to add to the member
ICryptoEngine cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore());
Key newKey = cryptoEngine.GenerateKey(Level.Privileged);
// construct a payload with all the required data
EidasRecoveryPayload payload = new EidasRecoveryPayload
{
MemberId = memberId,
Certificate = certificate,
Algorithm = signingAlgorithm,
Key = newKey
};
Tokenio.Tpp.Member recoveredMember = client
.RecoverEidasMember(payload, payloadSigner.Sign(payload), cryptoEngine)
.Result;
// the eidas alias becomes unverified after the recovery, so we need to verify it again
Alias eidasAlias = new Alias
{
Value = tppAuthNumber.Trim(),
RealmId = recoveredMember.RealmId(),
Type = Alias.Types.Type.Eidas
};
VerifyEidasPayload verifyPayload = new VerifyEidasPayload
{
MemberId = memberId,
Alias = eidasAlias,
Certificate = certificate,
Algorithm = signingAlgorithm
};
VerifyEidasResponse response = recoveredMember
.VerifyEidas(verifyPayload, payloadSigner.Sign(verifyPayload))
.Result;
return(recoveredMember);
}
/// <summary>
/// Creates a TPP member and verifies it using eIDAS certificate.
///
/// </summary>
/// <param name="client">token client</param>
/// <param name="tppAuthNumber">authNumber of the TPP</param>
/// <param name="certificate">base64 encoded eIDAS certificate</param>
/// <param name="bankId">id of the bank the TPP trying to get access to</param>
/// <param name="privateKey">private key corresponding to the public key in the certificate</param>
/// <returns>verified business member</returns>
public static Member VerifyEidas(
Tokenio.Tpp.TokenClient client,
string tppAuthNumber,
string certificate,
string bankId,
byte[] privateKey)
{
Algorithm signingAlgorithm = Algorithm.Rs256;
ISigner signer = new Rs256Signer("eidas", privateKey);
// resolve memberId of the bank TPP is trying to get access to
string bankMemberId = client
.ResolveAliasBlocking(new Alias {
Value = bankId, Type = Alias.Types.Type.Bank
})
.Id;
// create an eIDAS alias under realm of the target bank
Alias eidasAlias = new Alias
{
Value = tppAuthNumber.Trim(),
RealmId = bankMemberId,
Type = Alias.Types.Type.Eidas
};
// create a member under realm of the bank with eIDAS alias
Tokenio.Tpp.Member tpp = client.CreateMember(eidasAlias, null, bankMemberId).Result;
// construct a payload with all the required data
VerifyEidasPayload payload = new VerifyEidasPayload
{
Algorithm = signingAlgorithm,
Alias = eidasAlias,
Certificate = certificate,
MemberId = tpp.MemberId()
};
// verify eIDAS
VerifyEidasResponse response = tpp
.VerifyEidas(payload, signer.Sign(payload))
.Result;
return(tpp);
}
