recoverEidas()
This method recovers a TPP member and verifies its EIDAS alias using an eIDAS certification.
/**
* Recovers a TPP member and verifies its EIDAS alias using eIDAS certificate.
*
* @param client token client
* @param memberId id of the member to be recovered
* @param tppAuthNumber authNumber of the TPP
* @param certificate base64 encoded eIDAS certificate (a single line, no header and footer)
* @param certificatePrivateKey private key corresponding to the public key in the certificate
* @return verified business member
*/
public static
Member recoverEidas
(
TokenClient client,
String memberId,
String tppAuthNumber,
String certificate,
PrivateKey certificatePrivateKey) {
// create a signer using the certificate private key
Algorithm
signingAlgorithm = Algorithm.RS256
;
Crypto
crypto = CryptoRegistry.getInstance().cryptoFor(signingAlgorithm
);
Signer
payloadSigner = crypto.signer("eidas"
, certificatePrivateKey
);
// generate a new privileged key to add to the member
CryptoEngine
cryptoEngine = new
TokenCryptoEngine(memberId
, new
InMemoryKeyStore());
SecurityProtos.Key
newKey = cryptoEngine.generateKey
(PRIVILEGED
);
// construct a payload with all the required data
EidasRecoveryPayload
payload = EidasRecoveryPayload
.newBuilder
()
.setMemberId
(memberId)
.setCertificate
(certificate)
.setAlgorithm
(signingAlgorithm)
.setKey
(newKey)
.build
();
Member
recoveredMember = client
.recoverEidasMember
(payload, payloadSigner.sign(payload), cryptoEngine)
.blockingSingle
();
// the eidas alias becomes unverified after the recovery, so we need to verify it again
Alias
eidasAlias = normalize(Alias.newBuilder
()
.setValue
(tppAuthNumber
)
.setRealmId
(recoveredMember.realmId
())
.setType
(EIDAS
)
.build());
VerifyEidasPayload
verifyPayload = VerifyEidasPayload.newBuilder
()
.setMemberId
(memberId
)
.setAlias
(eidasAlias
)
.setCertificate
(certificate
)
.setAlgorithm
(signingAlgorithm
)
.build
();
recoveredMember
.verifyEidas
(verifyPayload, payloadSigner.sign(verifyPayload))
.blockingSingle
();
return
recoveredMember
;
}