/// <summary> /// Recovers a TPP member and verifies its EIDAS alias using eIDAS certificate. /// /// </summary> /// <param name="client">token client</param> /// <param name="memberId">id of the member to be recovered</param> /// <param name="tppAuthNumber">authNumber of the TPP</param> /// <param name="certificate">base64 encoded eIDAS certificate</param> /// <param name="certificatePrivateKey">private key corresponding to the public key in the certificate</param> /// <returns>verified business member</returns> public static Member RecoverEidas( Tokenio.Tpp.TokenClient client, string memberId, string tppAuthNumber, string certificate, byte[] certificatePrivateKey) { // create a signer using the certificate private key Algorithm signingAlgorithm = Algorithm.Rs256; ISigner payloadSigner = new Rs256Signer("eidas", certificatePrivateKey); // generate a new privileged key to add to the member ICryptoEngine cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore()); Key newKey = cryptoEngine.GenerateKey(Level.Privileged); // construct a payload with all the required data EidasRecoveryPayload payload = new EidasRecoveryPayload { MemberId = memberId, Certificate = certificate, Algorithm = signingAlgorithm, Key = newKey }; Tokenio.Tpp.Member recoveredMember = client .RecoverEidasMember(payload, payloadSigner.Sign(payload), cryptoEngine) .Result; // the eidas alias becomes unverified after the recovery, so we need to verify it again Alias eidasAlias = new Alias { Value = tppAuthNumber.Trim(), RealmId = recoveredMember.RealmId(), Type = Alias.Types.Type.Eidas }; VerifyEidasPayload verifyPayload = new VerifyEidasPayload { MemberId = memberId, Alias = eidasAlias, Certificate = certificate, Algorithm = signingAlgorithm }; VerifyEidasResponse response = recoveredMember .VerifyEidas(verifyPayload, payloadSigner.Sign(verifyPayload)) .Result; return(recoveredMember); }