/// <summary>
/// Deserializes the raw data into the concrete class <see cref="Psd2CertificateAttributes"/>.
/// </summary>
/// <returns>Deserilized contents</returns>
public Psd2CertificateAttributes ExtractAttributes()
{
var attributes = new Psd2CertificateAttributes();
var typeSequence = Value.Where(x => x is DerAsnSequence).FirstOrDefault() as DerAsnSequence;
var roleSequence = typeSequence?.Value.Where(x => x is DerAsnSequence).FirstOrDefault() as DerAsnSequence;
var ncaName = typeSequence?.Value[1] as DerAsnUtf8String;
var ncaId = typeSequence?.Value[2] as DerAsnUtf8String;
attributes.AuthorityName = ncaName.Value;
attributes.AuthorizationNumber = NCAId.Parse(ncaId.Value, false);
foreach (var item in roleSequence.Value)
{
if (!(item is DerAsnSequence))
{
continue;
}
var role = item as DerAsnSequence;
var roleOid = role.Value[0] as DerAsnObjectIdentifier;
var roleOidString = string.Join(".", roleOid.Value);
switch (roleOidString)
{
case Oid_PSD2_Roles_PSP_AS: attributes.HasAccountServicing = true; break;
case Oid_PSD2_Roles_PSP_PI: attributes.HasPaymentInitiation = true; break;
case Oid_PSD2_Roles_PSP_AI: attributes.HasAccountInformation = true; break;
case Oid_PSD2_Roles_PSP_IC: attributes.HasIssuingOfCardBasedPaymentInstruments = true; break;
}
}
return(attributes);
}
/// <summary>
/// Creates a QWAC certificate on the fly
/// </summary>
/// <param name="request"></param>
/// <param name="privateKey"></param>
/// <returns></returns>
public X509Certificate2 CreateQWACs(Psd2CertificateRequest request, out RSA privateKey)
{
var notBefore = DateTimeOffset.UtcNow.AddDays(-1);
var notAfter = DateTimeOffset.UtcNow.AddDays(request.ValidityInDays);
var authorizationNumber = new NCAId(request.CountryCode, request.AuthorityId, request.AuthorizationNumber);
var subject = new SubjectBuilder().AddCommonName(request.CommonName)
.AddOrganization(request.Organization, request.OrganizationUnit)
.AddLocation(request.CountryCode, request.State, request.City)
.AddOrganizationIdentifier(authorizationNumber.ToString())
.Build();
var extensions = new List <X509Extension>();
var psd2Type = new Psd2CertificateAttributes()
{
AuthorityName = request.AuthorityName,
AuthorizationNumber = authorizationNumber,
HasAccountInformation = request.Roles.Aisp,
HasPaymentInitiation = request.Roles.Pisp,
HasIssuingOfCardBasedPaymentInstruments = request.Roles.Piisp,
HasAccountServicing = request.Roles.Aspsp,
};
var psd2Extension = new QualifiedCertificateStatementsExtension(psd2Type, critical: false);
extensions.Add(psd2Extension);
var certificate = CreateCertificate(CreateRootCACertificate(), subject, extensions, notBefore, notAfter, out privateKey);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
certificate.FriendlyName = "Qualified website authentication certificate QWAC";
}
return(certificate.CopyWithPrivateKey(privateKey));
}
