registerWithEidas()
This method creates a TPP member under the realm of a bank and registers it with the eIDAS certificate provided. The created member has a registered PRIVILEGED-level RSA key from the certificate and an EIDAS alias with value equal to the certificate's authNumber.
Note: As with the method above — createMemberWithEidas() — the tokenClient needs to be created with a CryptoEngine backed by a key store containing a key pair for the eIDAS certificate to use for the registration, as discussed under Step 2 of Onboarding.
/**
* Creates a TPP member under realm of a bank and registers it with the provided eIDAS
* certificate. The created member has a registered PRIVILEGED-level RSA key from the provided
* certificate and an EIDAS alias with value equal to authNumber from the certificate.<br><br>
* Note, that tokenClient needs to be created with a CryptoEngine backed by a key store
* that contains a key pair for the eIDAS certificate to use for the registration:<br><br>
* <pre>
* EidasKeyStore keyStore = new InMemoryEidasKeyStore(certificate, privateKey);
* TokenClient tokenClient = TokenClient.builder()
* .connectTo(SANDBOX)
* .withCryptoEngine(new EidasCryptoEngineFactory(keyStore))
* .build();
* </pre>
*
* @param tokenClient token client
* @param keyStore a key store that is used by token client and contains eIDAS key pair for the
* provided certificate
* @param bankId id of the bank the TPP trying to get access to
* @return a newly created member, which might not be onboarded yet
* @throws Exception if an exception occurs
*/
public static
Member registerWithEidas
(
TokenClient tokenClient,
EidasKeyStore keyStore,
String bankId) throws
Exception {
// create a signer using the certificate private key
SecretKey
keyPair = keyStore.getKey
();
Signer
payloadSigner = CryptoRegistry
.getInstance
()
.cryptoFor
(RS256)
.signer
(keyPair.getId
(), keyPair.getPrivateKey
());
RegisterWithEidasPayload
payload = RegisterWithEidasPayload
.newBuilder
()
.setCertificate
(base64().encode(keyStore.getCertificate
().getEncoded()))
.setBankId
(bankId
)
.build
();
RegisterWithEidasResponse
resp = tokenClient
.registerWithEidas
(payload, payloadSigner.sign(payload))
.blockingSingle
();
// now we can load a member and also check a status of the certificate verification
Member member = tokenClient.getMemberBlocking(resp.getMemberId());
GetEidasVerificationStatusResponse
statusResp = member
.getEidasVerificationStatus
(resp.getVerificationId())
.blockingSingle
();
return
member
;
}