registerWithEidas()

This method creates a TPP member under the realm of a bank and registers it with the eIDAS certificate provided. The created member has a registered PRIVILEGED-level RSA key from the certificate and an EIDAS alias with value equal to the certificate's authNumber.

Note: As with the method above — createMemberWithEidas() — the tokenClient needs to be created with a CryptoEngine backed by a key store containing a key pair for the eIDAS certificate to use for the registration, as discussed under Step 2 of Onboarding.

/**

 * Creates a TPP member under realm of a bank and registers it with the provided eIDAS

 * certificate. The created member has a registered PRIVILEGED-level RSA key from the provided

 * certificate and an EIDAS alias with value equal to authNumber from the certificate.<br><br>

 * Note, that tokenClient needs to be created with a CryptoEngine backed by a key store

 * that contains a key pair for the eIDAS certificate to use for the registration:<br><br>

 * <pre>

 * EidasKeyStore keyStore = new InMemoryEidasKeyStore(certificate, privateKey);

 * TokenClient tokenClient = TokenClient.builder()

 * .connectTo(SANDBOX)

 * .withCryptoEngine(new EidasCryptoEngineFactory(keyStore))

 * .build();

 * </pre>

 *

 * @param tokenClient token client

 * @param keyStore a key store that is used by token client and contains eIDAS key pair for the

 * provided certificate

 * @param bankId id of the bank the TPP trying to get access to

 * @return a newly created member, which might not be onboarded yet

 * @throws Exception if an exception occurs

 */

public static Member registerWithEidas(

        TokenClient tokenClient,

        EidasKeyStore keyStore,

        String bankId) throws Exception {

 

    // create a signer using the certificate private key

    SecretKey keyPair = keyStore.getKey();

    Signer payloadSigner = CryptoRegistry

        .getInstance()

        .cryptoFor(RS256)

        .signer(keyPair.getId(), keyPair.getPrivateKey());

 

    RegisterWithEidasPayload payload = RegisterWithEidasPayload

        .newBuilder()

        .setCertificate(base64().encode(keyStore.getCertificate().getEncoded()))

        .setBankId(bankId)

        .build();

 

    RegisterWithEidasResponse resp = tokenClient

        .registerWithEidas(payload, payloadSigner.sign(payload))

        .blockingSingle();

 

    // now we can load a member and also check a status of the certificate verification

    Member member = tokenClient.getMemberBlocking(resp.getMemberId());

    GetEidasVerificationStatusResponse statusResp = member

        .getEidasVerificationStatus(resp.getVerificationId())

        .blockingSingle();

 

    return member;

}