recoverEidas()
This method recovers a TPP member and verifies its EIDAS alias using an eIDAS certification.
/**
* Recovers a TPP member and verifies its EIDAS alias using eIDAS certificate.
*
* @param client token client
* @param memberId id of the member to be recovered
* @param tppAuthNumber authNumber of the TPP
* @param certificate base64 encoded eIDAS certificate (a single line, no header and footer)
* @param certificatePrivateKey private key corresponding to the public key in the certificate
* @return verified business member
*/
public static Member recoverEidas(
TokenClient client,
String memberId,
String tppAuthNumber,
String certificate,
PrivateKey certificatePrivateKey) {
// create a signer using the certificate private key
Algorithm signingAlgorithm = Algorithm.RS256;
Crypto crypto = CryptoRegistry.getInstance().cryptoFor(signingAlgorithm);
Signer payloadSigner = crypto.signer("eidas", certificatePrivateKey);
// generate a new privileged key to add to the member
CryptoEngine cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore());
SecurityProtos.Key newKey = cryptoEngine.generateKey(PRIVILEGED);
// construct a payload with all the required data
EidasRecoveryPayload payload = EidasRecoveryPayload
.newBuilder()
.setMemberId(memberId)
.setCertificate(certificate)
.setAlgorithm(signingAlgorithm)
.setKey(newKey)
.build();
Member recoveredMember = client
.recoverEidasMember(payload, payloadSigner.sign(payload), cryptoEngine)
.blockingSingle();
// the eidas alias becomes unverified after the recovery, so we need to verify it again
Alias eidasAlias = normalize(Alias.newBuilder()
.setValue(tppAuthNumber)
.setRealmId(recoveredMember.realmId())
.setType(EIDAS)
.build());
VerifyEidasPayload verifyPayload = VerifyEidasPayload.newBuilder()
.setMemberId(memberId)
.setAlias(eidasAlias)
.setCertificate(certificate)
.setAlgorithm(signingAlgorithm)
.build();
recoveredMember
.verifyEidas(verifyPayload, payloadSigner.sign(verifyPayload))
.blockingSingle();
return recoveredMember;
}