verifyEidas()

This call submits an eIDAS certificate for a business member already registered under the realm of a bank. If this member has not yet onboarded, a successful certificate verification will result in onboarding of the member. If the member already has a certificate on file, the result of this call is a certificate substitution/replacement.

Before making this call, ensure that:

  1. The member is created under the realm of a bank with which you are registered.
  2. An EIDAS-type alias with a value equal to authNumber from the certificate is added to the member.
  3. The realmId of the alias is equal to the member's realmId.

The request contains a payload and a signature for the payload. The certificate in the payload is your serialized eIDAS certificate and the algorithm is always “RS256”.

Java    JavaScript  

public static Member verifyEidas(

        Member member,

        String tppAuthNumber,

        String certificate,

        PrivateKey privateKey)

{

    // Suppose we already have a member registered under the realm of a bank with a

    // verified or not verified EIDAS alias.

    // Now we want to submit a new certificate (e.g. instead of an expired or invalid one)

    Algorithm signingAlgorithm = Algorithm.RS256;

    Crypto crypto = CryptoRegistry.getInstance().cryptoFor(signingAlgorithm);

    Signer signer = crypto.signer("eidas", privateKey);

 

    // create an eIDAS alias

    // (if the alias is verified you can just fetch it with member.aliasesBlocking())

    Alias eidasAlias = normalize(Alias.newBuilder()

        .setValue(tppAuthNumber)

        .setRealmId(member.realmId())

        .setType(EIDAS)

        .build());

 

    // construct a payload with all the required data

    VerifyEidasPayload payload = VerifyEidasPayload

        .newBuilder()

        .setAlgorithm(signingAlgorithm)

        .setAlias(eidasAlias)

        .setCertificate(certificate)

        .setMemberId(member.memberId())

        .build();

 

    // verify eIDAS

    VerifyEidasResponse response = member

        .verifyEidas(payload, signer.sign(payload))

        .blockingSingle();

 

    // get the verification status (useful if verifyEidas response has IN_PROGRESS status)

    GetEidasVerificationStatusResponse statusResponse = member

        .getEidasVerificationStatus(response.getVerificationId())

        .blockingSingle();

 

    return member;

}

SOURCE ↗

The response includes the eidasVerificationStatus() containing the ID of the certificate verification request, which can be used to check the verification status later, if verification is still IN_PROGRESS. The status will be one of the following possible values:

  • EIDAS_STATUS_SUCCESS – the certificate has been verified
  • EIDAS_STATUS_FAILURE – the certificate has failed verification
  • EIDAS_STATUS_ERROR – unable to validate the certificate due to an error
  • EIDAS_STATUS_PENDING – the certificate is pending verification.