Package io.token.tpp
Class TokenClient
- java.lang.Object
-
- io.token.TokenClient
-
- io.token.tpp.TokenClient
-
- All Implemented Interfaces:
java.io.Closeable
,java.lang.AutoCloseable
public class TokenClient extends io.token.TokenClient
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
TokenClient.Builder
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static TokenClient.Builder
builder()
Creates a newTokenClient.Builder
instance that is used to configure and build aTokenClient
instance.io.reactivex.Observable<Member>
completeRecovery(java.lang.String memberId, java.util.List<io.token.proto.common.member.MemberProtos.MemberRecoveryOperation> recoveryOperations, io.token.proto.common.security.SecurityProtos.Key privilegedKey, io.token.security.CryptoEngine cryptoEngine)
Completes account recovery.Member
completeRecoveryBlocking(java.lang.String memberId, java.util.List<io.token.proto.common.member.MemberProtos.MemberRecoveryOperation> recoveryOperations, io.token.proto.common.security.SecurityProtos.Key privilegedKey, io.token.security.CryptoEngine cryptoEngine)
Completes account recovery.io.reactivex.Observable<Member>
completeRecoveryWithDefaultRule(java.lang.String memberId, java.lang.String verificationId, java.lang.String code, io.token.security.CryptoEngine cryptoEngine)
Completes account recovery if the default recovery rule was set.Member
completeRecoveryWithDefaultRuleBlocking(java.lang.String memberId, java.lang.String verificationId, java.lang.String code, io.token.security.CryptoEngine cryptoEngine)
Completes account recovery if the default recovery rule was set.static TokenClient
create(io.token.TokenClient.TokenCluster cluster, java.lang.String developerKey)
Creates a new instance ofTokenClient
that's configured to use the specified environment.static TokenClient
create(io.token.TokenClient.TokenCluster cluster, java.lang.String developerKey, io.token.security.CryptoEngineFactory cryptoEngineFactory)
Creates a new instance ofTokenClient
that's configured to use the specified environment and crypto engine factory.io.reactivex.Observable<Member>
createMember(io.token.proto.common.alias.AliasProtos.Alias alias)
Creates a new Token member with a set of auto-generated keys, an alias, and member type.io.reactivex.Observable<Member>
createMember(io.token.proto.common.alias.AliasProtos.Alias alias, java.lang.String partnerId)
Creates a new Token member with a set of auto-generated keys, an alias, and member type.io.reactivex.Observable<Member>
createMember(io.token.proto.common.alias.AliasProtos.Alias alias, java.lang.String partnerId, java.lang.String realmId)
Creates a new Token member with a set of auto-generated keys, an alias, and member type.Member
createMemberBlocking(io.token.proto.common.alias.AliasProtos.Alias alias)
Creates a new Token member with a set of auto-generated keys, an alias, and member type.Member
createMemberBlocking(io.token.proto.common.alias.AliasProtos.Alias alias, java.lang.String partnerId)
Creates a new business-use Token member with a set of auto-generated keys and and an alias.io.reactivex.Observable<Member>
createMemberInRealm(io.token.proto.common.alias.AliasProtos.Alias alias, java.lang.String realmId)
Creates a new Token member in the provided realm with a set of auto-generated keys, an alias, and member type.Member
createMemberInRealmBlocking(io.token.proto.common.alias.AliasProtos.Alias alias, java.lang.String realmId)
Creates a new Token member in the provided realm with a set of auto-generated keys, an alias, and member type.Member
createMemberWithEidas(java.lang.String bankId, EidasKeyStore keyStore, long timeout, java.util.concurrent.TimeUnit timeUnit)
Creates a TPP member under realm of a bank and registers it with the provided eIDAS certificate.io.reactivex.Observable<java.lang.String>
generateTokenRequestUrl(java.lang.String requestId)
Generate a Token request URL from a request ID.java.lang.String
generateTokenRequestUrlBlocking(java.lang.String requestId)
Generate a Token request URL from a request ID, and state.io.reactivex.Observable<Member>
getMember(java.lang.String memberId)
Return a Member set up to use some Token member's keys (assuming we have them).Member
getMemberBlocking(java.lang.String memberId)
Return a Member set up to use some Token member's keys (assuming we have them).io.reactivex.Observable<io.token.tokenrequest.TokenRequestResult>
getTokenRequestResult(java.lang.String tokenRequestId)
Get the token request result based on a token's tokenRequestId.io.token.tokenrequest.TokenRequestResult
getTokenRequestResultBlocking(java.lang.String tokenRequestId)
Get the token request result based on a token's tokenRequestId.TokenRequestTransferDestinationsCallbackParameters
parseSetTransferDestinationsUrl(java.lang.String url)
Parse the Set Transfer Destinations Url callback parameters to extract state, region and supported .TokenRequestTransferDestinationsCallbackParameters
parseSetTransferDestinationsUrlParams(java.util.Map<java.lang.String,java.util.List<java.lang.String>> urlParams)
Parse the Set Transfer Destinations Url callback parameters to extract country, bank and supported payments.io.reactivex.Observable<TokenRequestCallback>
parseTokenRequestCallbackParams(java.util.Map<java.lang.String,java.lang.String> callbackParams, java.lang.String csrfToken)
Deprecated.TokenRequestCallback
parseTokenRequestCallbackParamsBlocking(java.util.Map<java.lang.String,java.lang.String> callbackParams, java.lang.String csrfToken)
Deprecated.io.reactivex.Observable<TokenRequestCallback>
parseTokenRequestCallbackUrl(java.lang.String callbackUrl, java.lang.String csrfToken)
Deprecated.TokenRequestCallback
parseTokenRequestCallbackUrlBlocking(java.lang.String callbackUrl, java.lang.String csrfToken)
Deprecated.io.reactivex.Observable<Member>
recoverEidasMember(io.token.proto.common.eidas.EidasProtos.EidasRecoveryPayload payload, java.lang.String signature, io.token.security.CryptoEngine cryptoEngine)
Recovers an eIDAS-verified member with eIDAS payload.io.reactivex.Observable<io.token.proto.gateway.Gateway.RegisterWithEidasResponse>
registerWithEidas(io.token.proto.common.eidas.EidasProtos.RegisterWithEidasPayload payload, java.lang.String signature)
Creates a business member under realm of a bank with an EIDAS alias (with value equal to the authNumber from the certificate) and a PRIVILEGED-level public key taken from the certificate.io.reactivex.Observable<io.token.tokenrequest.TokenRequest>
retrieveTokenRequest(java.lang.String requestId)
Return a TokenRequest that was previously stored.io.token.tokenrequest.TokenRequest
retrieveTokenRequestBlocking(java.lang.String requestId)
Return a TokenRequest that was previously stored.io.reactivex.Observable<Member>
setUpMember(io.token.proto.common.alias.AliasProtos.Alias alias, java.lang.String memberId)
Sets up a member given a specific ID of a member that already exists in the system.-
Methods inherited from class io.token.TokenClient
beginRecovery, beginRecoveryBlocking, close, completeRecoveryImpl, completeRecoveryWithDefaultRuleImpl, createMemberImpl, createRecoveryAuthorization, createRecoveryAuthorizationBlocking, getBanks, getBanks, getBanks, getBanks, getBanksBlocking, getBanksBlocking, getBanksBlocking, getCountries, getCountriesBlocking, getMemberId, getMemberIdBlocking, getMemberImpl, getRecoveryAuthorization, getRecoveryAuthorizationBlocking, resolveAlias, resolveAliasBlocking, setUpMemberImpl, trace
-
-
-
-
Method Detail
-
builder
public static TokenClient.Builder builder()
Creates a newTokenClient.Builder
instance that is used to configure and build aTokenClient
instance.- Returns:
- builder
-
create
public static TokenClient create(io.token.TokenClient.TokenCluster cluster, java.lang.String developerKey)
Creates a new instance ofTokenClient
that's configured to use the specified environment.- Parameters:
cluster
- token cluster to connect todeveloperKey
- developer key- Returns:
TokenClient
instance
-
create
public static TokenClient create(io.token.TokenClient.TokenCluster cluster, java.lang.String developerKey, io.token.security.CryptoEngineFactory cryptoEngineFactory)
Creates a new instance ofTokenClient
that's configured to use the specified environment and crypto engine factory.- Parameters:
cluster
- token cluster to connect todeveloperKey
- developer keycryptoEngineFactory
- crypto engine factory to use- Returns:
TokenClient
instance
-
createMember
public io.reactivex.Observable<Member> createMember(io.token.proto.common.alias.AliasProtos.Alias alias)
Creates a new Token member with a set of auto-generated keys, an alias, and member type.- Parameters:
alias
- nullable member alias to use, must be unique. If null, then no alias will be created with the member.- Returns:
- newly created member
-
createMember
public io.reactivex.Observable<Member> createMember(io.token.proto.common.alias.AliasProtos.Alias alias, java.lang.String partnerId)
Creates a new Token member with a set of auto-generated keys, an alias, and member type.- Parameters:
alias
- nullable member alias to use, must be unique. If null, then no alias will be created with the member.partnerId
- ID of partner member.- Returns:
- newly created member
-
createMember
public io.reactivex.Observable<Member> createMember(io.token.proto.common.alias.AliasProtos.Alias alias, @Nullable java.lang.String partnerId, @Nullable java.lang.String realmId)
Creates a new Token member with a set of auto-generated keys, an alias, and member type.- Parameters:
alias
- nullable member alias to use, must be unique. If null, then no alias will be created with the member.partnerId
- ID of partner memberrealmId
- member Id of existing member to which this new member is associated with- Returns:
- newly created member
-
createMemberBlocking
public Member createMemberBlocking(io.token.proto.common.alias.AliasProtos.Alias alias)
Creates a new Token member with a set of auto-generated keys, an alias, and member type.- Parameters:
alias
- nullable member alias to use, must be unique. If null, then no alias will be created with the member.- Returns:
- newly created member
-
createMemberBlocking
public Member createMemberBlocking(io.token.proto.common.alias.AliasProtos.Alias alias, java.lang.String partnerId)
Creates a new business-use Token member with a set of auto-generated keys and and an alias.- Parameters:
alias
- alias to associate with memberpartnerId
- ID of partner member- Returns:
- newly created member
-
createMemberInRealm
public io.reactivex.Observable<Member> createMemberInRealm(io.token.proto.common.alias.AliasProtos.Alias alias, java.lang.String realmId)
Creates a new Token member in the provided realm with a set of auto-generated keys, an alias, and member type.- Parameters:
alias
- nullable member alias to use, must be unique. If null, then no alias will be created with the member.realmId
- member id of an existing Member to whose realm this new member belongs.- Returns:
- newly created member
-
createMemberInRealmBlocking
public Member createMemberInRealmBlocking(io.token.proto.common.alias.AliasProtos.Alias alias, java.lang.String realmId)
Creates a new Token member in the provided realm with a set of auto-generated keys, an alias, and member type.- Parameters:
alias
- nullable member alias to use, must be unique. If null, then no alias will be created with the member.realmId
- member id of the Member whose realm this new Member belongs.- Returns:
- newly created member
-
setUpMember
public io.reactivex.Observable<Member> setUpMember(io.token.proto.common.alias.AliasProtos.Alias alias, java.lang.String memberId)
Sets up a member given a specific ID of a member that already exists in the system. If the member ID already has keys, this will not succeed. Used for testing since this gives more control over the member creation process.Adds an alias and a set of auto-generated keys to the member.
- Parameters:
alias
- nullable member alias to use, must be unique. If null, then no alias will be created with the membermemberId
- member id- Returns:
- newly created member
-
getMember
public io.reactivex.Observable<Member> getMember(java.lang.String memberId)
Return a Member set up to use some Token member's keys (assuming we have them).- Parameters:
memberId
- member id- Returns:
- member
-
getMemberBlocking
public Member getMemberBlocking(java.lang.String memberId)
Return a Member set up to use some Token member's keys (assuming we have them).- Parameters:
memberId
- member id- Returns:
- member
-
completeRecovery
public io.reactivex.Observable<Member> completeRecovery(java.lang.String memberId, java.util.List<io.token.proto.common.member.MemberProtos.MemberRecoveryOperation> recoveryOperations, io.token.proto.common.security.SecurityProtos.Key privilegedKey, io.token.security.CryptoEngine cryptoEngine)
Completes account recovery.- Parameters:
memberId
- the member idrecoveryOperations
- the member recovery operationsprivilegedKey
- the privileged public key in the member recovery operationscryptoEngine
- the new crypto engine- Returns:
- an observable of the updated member
-
completeRecoveryBlocking
public Member completeRecoveryBlocking(java.lang.String memberId, java.util.List<io.token.proto.common.member.MemberProtos.MemberRecoveryOperation> recoveryOperations, io.token.proto.common.security.SecurityProtos.Key privilegedKey, io.token.security.CryptoEngine cryptoEngine)
Completes account recovery.- Parameters:
memberId
- the member idrecoveryOperations
- the member recovery operationsprivilegedKey
- the privileged public key in the member recovery operationscryptoEngine
- the new crypto engine- Returns:
- an observable of the updated member
-
completeRecoveryWithDefaultRule
public io.reactivex.Observable<Member> completeRecoveryWithDefaultRule(java.lang.String memberId, java.lang.String verificationId, java.lang.String code, io.token.security.CryptoEngine cryptoEngine)
Completes account recovery if the default recovery rule was set.- Parameters:
memberId
- the member idverificationId
- the verification idcode
- the codecryptoEngine
- the new crypto engine- Returns:
- the new member
-
completeRecoveryWithDefaultRuleBlocking
public Member completeRecoveryWithDefaultRuleBlocking(java.lang.String memberId, java.lang.String verificationId, java.lang.String code, io.token.security.CryptoEngine cryptoEngine)
Completes account recovery if the default recovery rule was set.- Parameters:
memberId
- the member idverificationId
- the verification idcode
- the codecryptoEngine
- the new crypto engine- Returns:
- the new member
-
recoverEidasMember
public io.reactivex.Observable<Member> recoverEidasMember(io.token.proto.common.eidas.EidasProtos.EidasRecoveryPayload payload, java.lang.String signature, io.token.security.CryptoEngine cryptoEngine)
Recovers an eIDAS-verified member with eIDAS payload.- Parameters:
payload
- a payload containing member id, the certificate and a new key to add to the membersignature
- a payload signature with the private key corresponding to the certificatecryptoEngine
- a crypto engine that must contain the privileged key that is included in the payload (if it does not contain keys for other levels they will be generated)- Returns:
- an observable of a new member
-
registerWithEidas
public io.reactivex.Observable<io.token.proto.gateway.Gateway.RegisterWithEidasResponse> registerWithEidas(io.token.proto.common.eidas.EidasProtos.RegisterWithEidasPayload payload, java.lang.String signature)
Creates a business member under realm of a bank with an EIDAS alias (with value equal to the authNumber from the certificate) and a PRIVILEGED-level public key taken from the certificate. Then onboards the member with the provided certificate. A successful onboarding includes verifying the member and the alias and adding permissions based on the certificate.
The call is idempotent.
If you need to submit another certificate for an existing member, please use VerifyEidas call instead.
Note, that the call is asynchronous and the newly created member might not be onboarded at the time the call returns. You can check the verification status using member.getEidasVerificationStatus call with the verification id returned by this call.- Parameters:
payload
- payload with eIDAS certificate and bank idsignature
- payload signed with the private key corresponding to the certificate * public key- Returns:
- member id, registered key id and id of the certificate verification request
-
createMemberWithEidas
public Member createMemberWithEidas(java.lang.String bankId, EidasKeyStore keyStore, long timeout, java.util.concurrent.TimeUnit timeUnit) throws java.security.cert.CertificateEncodingException, java.lang.InterruptedException, EidasTimeoutException
Creates a TPP member under realm of a bank and registers it with the provided eIDAS certificate. The created member has a registered PRIVILEGED-level RSA key from the provided certificate (key ID is set to the decimal String representation of the certificate's serial number) and an EIDAS alias with value equal to authNumber from the certificate.
Note, that the TokenClient used to make this call needs to be backed by the EidasKeyStore passed to this method, which contains a certificate and a key:
EidasKeyStore keyStore = new InMemoryEidasKeyStore(certificate, privateKey); TokenClient tokenClient = TokenClient.builder() .connectTo(SANDBOX) .withCryptoEngine(new EidasCryptoEngineFactory(keyStore)) .build();
IMPORTANT: this method is blocking, and a member will be returned only if it is successfully onboarded. Otherwise a EidasRegistrationException or EidasTimeoutException will be thrown. For asynchronous call seeregisterWithEidas(io.token.proto.common.eidas.EidasProtos.RegisterWithEidasPayload, java.lang.String)
.- Parameters:
bankId
- id of the bank the TPP trying to get access tokeyStore
- a key store containing an eIDAS certificate and a private key for ittimeout
- a time period within which a certificate verification is expected to finishtimeUnit
- the time unit for the timeout- Returns:
- a registered member
- Throws:
EidasRegistrationException
- if certificate verification failedEidasTimeoutException
- if a verification has not finished within expected time periodjava.security.cert.CertificateEncodingException
- if an encoding error occursjava.lang.InterruptedException
- if any thread has interrupted the current thread
-
generateTokenRequestUrl
public io.reactivex.Observable<java.lang.String> generateTokenRequestUrl(java.lang.String requestId)
Generate a Token request URL from a request ID.- Parameters:
requestId
- request id- Returns:
- token request url
-
generateTokenRequestUrlBlocking
public java.lang.String generateTokenRequestUrlBlocking(java.lang.String requestId)
Generate a Token request URL from a request ID, and state. This does not set a CSRF token or pass in a state.- Parameters:
requestId
- request id- Returns:
- token request url
-
parseTokenRequestCallbackUrl
@Deprecated public io.reactivex.Observable<TokenRequestCallback> parseTokenRequestCallbackUrl(java.lang.String callbackUrl, java.lang.String csrfToken)
Deprecated.Deprecated: The callback will contain request-id only. tokenId and state will be removed.- Parameters:
callbackUrl
- token request callback urlcsrfToken
- csrfToken- Returns:
- TokenRequestCallback object containing the token id and the original state
-
parseSetTransferDestinationsUrl
public TokenRequestTransferDestinationsCallbackParameters parseSetTransferDestinationsUrl(java.lang.String url)
Parse the Set Transfer Destinations Url callback parameters to extract state, region and supported . Check the CSRF token against the initial request and verify the signature.- Parameters:
url
- token request callback url- Returns:
- TokenRequestSetTransferDestinationUrl object containing the token id and the original state
-
parseTokenRequestCallbackUrlBlocking
@Deprecated public TokenRequestCallback parseTokenRequestCallbackUrlBlocking(java.lang.String callbackUrl, java.lang.String csrfToken)
Deprecated.Deprecated: The callback will contain request-id only. tokenId and state will be removed.- Parameters:
callbackUrl
- token request callback urlcsrfToken
- csrfToken- Returns:
- TokenRequestCallback object containing the token id and the original state
-
parseTokenRequestCallbackParams
@Deprecated public io.reactivex.Observable<TokenRequestCallback> parseTokenRequestCallbackParams(java.util.Map<java.lang.String,java.lang.String> callbackParams, java.lang.String csrfToken)
Deprecated.Deprecated: The callback will contain request-id only. tokenId and state will be removed.- Parameters:
callbackParams
- callback parameter mapcsrfToken
- CSRF token- Returns:
- TokenRequestCallback object containing the token ID and the original state
-
parseSetTransferDestinationsUrlParams
public TokenRequestTransferDestinationsCallbackParameters parseSetTransferDestinationsUrlParams(java.util.Map<java.lang.String,java.util.List<java.lang.String>> urlParams)
Parse the Set Transfer Destinations Url callback parameters to extract country, bank and supported payments.- Parameters:
urlParams
- url parameters- Returns:
- TokenRequestSetTransferDestinationUrl object containing region
-
parseTokenRequestCallbackParamsBlocking
@Deprecated public TokenRequestCallback parseTokenRequestCallbackParamsBlocking(java.util.Map<java.lang.String,java.lang.String> callbackParams, java.lang.String csrfToken)
Deprecated.Parse the token request callback parameters to extract the state and the token ID. Check the CSRF token against the initial request and verify the signature.- Parameters:
callbackParams
- callback parameter mapcsrfToken
- CSRF token- Returns:
- TokenRequestCallback object containing the token ID and the original state
-
getTokenRequestResult
public io.reactivex.Observable<io.token.tokenrequest.TokenRequestResult> getTokenRequestResult(java.lang.String tokenRequestId)
Get the token request result based on a token's tokenRequestId.- Parameters:
tokenRequestId
- token request id- Returns:
- token request result
-
getTokenRequestResultBlocking
public io.token.tokenrequest.TokenRequestResult getTokenRequestResultBlocking(java.lang.String tokenRequestId)
Get the token request result based on a token's tokenRequestId.- Parameters:
tokenRequestId
- token request id- Returns:
- token request result
-
retrieveTokenRequest
public io.reactivex.Observable<io.token.tokenrequest.TokenRequest> retrieveTokenRequest(java.lang.String requestId)
Return a TokenRequest that was previously stored.- Parameters:
requestId
- request id- Returns:
- token request that was stored with the request id
-
retrieveTokenRequestBlocking
public io.token.tokenrequest.TokenRequest retrieveTokenRequestBlocking(java.lang.String requestId)
Return a TokenRequest that was previously stored.- Parameters:
requestId
- request id- Returns:
- token request that was stored with the request id
-
-