private void DecodeExtension()
{
var sequence = DerConvert.Decode(RawData) as DerAsnSequence;
_Psd2Type = new Psd2QcStatement(sequence.Value).ExtractAttributes();
_decoded = true;
}
/// <summary>
/// Deserializes the raw data into the concrete class <see cref="Psd2CertificateAttributes"/>.
/// </summary>
/// <returns>Deserilized contents</returns>
public Psd2CertificateAttributes ExtractAttributes()
{
var attributes = new Psd2CertificateAttributes();
var typeSequence = Value.Where(x => x is DerAsnSequence).FirstOrDefault() as DerAsnSequence;
var roleSequence = typeSequence?.Value.Where(x => x is DerAsnSequence).FirstOrDefault() as DerAsnSequence;
var ncaName = typeSequence?.Value[1] as DerAsnUtf8String;
var ncaId = typeSequence?.Value[2] as DerAsnUtf8String;
attributes.AuthorityName = ncaName.Value;
attributes.AuthorizationNumber = NCAId.Parse(ncaId.Value, false);
foreach (var item in roleSequence.Value)
{
if (!(item is DerAsnSequence))
{
continue;
}
var role = item as DerAsnSequence;
var roleOid = role.Value[0] as DerAsnObjectIdentifier;
var roleOidString = string.Join(".", roleOid.Value);
switch (roleOidString)
{
case Oid_PSD2_Roles_PSP_AS: attributes.HasAccountServicing = true; break;
case Oid_PSD2_Roles_PSP_PI: attributes.HasPaymentInitiation = true; break;
case Oid_PSD2_Roles_PSP_AI: attributes.HasAccountInformation = true; break;
case Oid_PSD2_Roles_PSP_IC: attributes.HasIssuingOfCardBasedPaymentInstruments = true; break;
}
}
return(attributes);
}
/// <summary>
/// Creates a QWAC certificate on the fly
/// </summary>
/// <param name="request"></param>
/// <param name="privateKey"></param>
/// <returns></returns>
public X509Certificate2 CreateQWACs(Psd2CertificateRequest request, out RSA privateKey)
{
var notBefore = DateTimeOffset.UtcNow.AddDays(-1);
var notAfter = DateTimeOffset.UtcNow.AddDays(request.ValidityInDays);
var authorizationNumber = new NCAId(request.CountryCode, request.AuthorityId, request.AuthorizationNumber);
var subject = new SubjectBuilder().AddCommonName(request.CommonName)
.AddOrganization(request.Organization, request.OrganizationUnit)
.AddLocation(request.CountryCode, request.State, request.City)
.AddOrganizationIdentifier(authorizationNumber.ToString())
.Build();
var extensions = new List <X509Extension>();
var psd2Type = new Psd2CertificateAttributes()
{
AuthorityName = request.AuthorityName,
AuthorizationNumber = authorizationNumber,
HasAccountInformation = request.Roles.Aisp,
HasPaymentInitiation = request.Roles.Pisp,
HasIssuingOfCardBasedPaymentInstruments = request.Roles.Piisp,
HasAccountServicing = request.Roles.Aspsp,
};
var psd2Extension = new QualifiedCertificateStatementsExtension(psd2Type, critical: false);
extensions.Add(psd2Extension);
var certificate = CreateCertificate(CreateRootCACertificate(), subject, extensions, notBefore, notAfter, out privateKey);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
certificate.FriendlyName = "Qualified website authentication certificate QWAC";
}
return(certificate.CopyWithPrivateKey(privateKey));
}
/// <summary>
/// Used to create the extension from typed model
/// </summary>
/// <param name="psd2Type"></param>
/// <param name="critical"></param>
public QualifiedCertificateStatementsExtension(Psd2CertificateAttributes psd2Type, bool critical)
{
Oid = new Oid(Oid_QC_Statements, "Qualified Certificate Statements");
Critical = critical;
RawData = DerConvert.Encode(new Psd2QcStatement(psd2Type)).ToArray();
_Psd2Type = psd2Type;
_decoded = true;
}
/// <summary>
/// Constructs the QcStatement from <see cref="Psd2CertificateAttributes "/>.
/// </summary>
/// <param name="type"></param>
public Psd2QcStatement(Psd2CertificateAttributes type) : base(new DerAsnType[0])
{
var rolesList = new List <DerAsnSequence>();
foreach (var roleName in type.Roles)
{
var id = new DerAsnObjectIdentifier(DerAsnIdentifiers.Primitive.ObjectIdentifier, Oid2Array(GetPsd2Oid(roleName)));
var name = new DerAsnUtf8String(roleName);
var role = new DerAsnSequence(new DerAsnType[] { id, name });
rolesList.Add(role);
}
var rolesOfPSP = new DerAsnSequence(rolesList.ToArray()); //RolesOfPSP ::= SEQUENCE OF RoleOfPSP
var ncaName = new DerAsnUtf8String(type.AuthorityName);
var ncaId = new DerAsnUtf8String(type.AuthorizationNumber.ToString());
var typeSequence = new DerAsnSequence(new DerAsnType[] { rolesOfPSP, ncaName, ncaId });
var psd2QstatementOid = new DerAsnObjectIdentifier(DerAsnIdentifiers.Primitive.ObjectIdentifier, Oid2Array(Oid_PSD2_QcStatement));
Value = new DerAsnType[] { psd2QstatementOid, typeSequence };
}
