Exemple #1
0
        /// <summary>
        /// Recovers a TPP member and verifies its EIDAS alias using eIDAS certificate.
        ///
        /// </summary>
        /// <param name="client">token client</param>
        /// <param name="memberId">id of the member to be recovered</param>
        /// <param name="tppAuthNumber">authNumber of the TPP</param>
        /// <param name="certificate">base64 encoded eIDAS certificate</param>
        /// <param name="certificatePrivateKey">private key corresponding to the public key in the certificate</param>
        /// <returns>verified business member</returns>
        public static Member RecoverEidas(
            Tokenio.Tpp.TokenClient client,
            string memberId,
            string tppAuthNumber,
            string certificate,
            byte[] certificatePrivateKey)
        {
            // create a signer using the certificate private key
            Algorithm signingAlgorithm = Algorithm.Rs256;
            ISigner   payloadSigner    = new Rs256Signer("eidas", certificatePrivateKey);

            // generate a new privileged key to add to the member
            ICryptoEngine cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore());
            Key           newKey       = cryptoEngine.GenerateKey(Level.Privileged);

            // construct a payload with all the required data
            EidasRecoveryPayload payload = new EidasRecoveryPayload
            {
                MemberId    = memberId,
                Certificate = certificate,
                Algorithm   = signingAlgorithm,
                Key         = newKey
            };

            Tokenio.Tpp.Member recoveredMember = client
                                                 .RecoverEidasMember(payload, payloadSigner.Sign(payload), cryptoEngine)
                                                 .Result;

            // the eidas alias becomes unverified after the recovery, so we need to verify it again
            Alias eidasAlias = new Alias
            {
                Value   = tppAuthNumber.Trim(),
                RealmId = recoveredMember.RealmId(),
                Type    = Alias.Types.Type.Eidas
            };

            VerifyEidasPayload verifyPayload = new VerifyEidasPayload
            {
                MemberId    = memberId,
                Alias       = eidasAlias,
                Certificate = certificate,
                Algorithm   = signingAlgorithm
            };

            VerifyEidasResponse response = recoveredMember
                                           .VerifyEidas(verifyPayload, payloadSigner.Sign(verifyPayload))
                                           .Result;

            return(recoveredMember);
        }