verifyEidas()
This call submits an eIDAS certificate for a business member already registered under the realm of a bank. If this member has not yet onboarded, a successful certificate verification will result in onboarding of the member. If the member already has a certificate on file, the result of this call is a certificate substitution/replacement.
Before making this call, ensure that:
- The member is created under the realm of a bank with which you are registered.
- An EIDAS-type alias with a value equal to authNumber from the certificate is added to the member.
- The realmId of the alias is equal to the member's realmId.
The request contains a payload and a signature for the payload. The certificate in the payload is your serialized eIDAS certificate and the algorithm is always “RS256”.
public static
Member verifyEidas
(
Member member
,
String tppAuthNumber
,
String certificate
,
PrivateKey privateKey
)
{
// Suppose we already have a member registered under the realm of a bank with a
// verified or not verified EIDAS alias.
// Now we want to submit a new certificate (e.g. instead of an expired or invalid one)
Algorithm signingAlgorithm
= Algorithm.RS256
;
Crypto crypto
= CryptoRegistry.getInstance().cryptoFor(signingAlgorithm
);
Signer signer
= crypto.signer("eidas"
, privateKey
);
// create an eIDAS alias
// (if the alias is verified you can just fetch it with member.aliasesBlocking())
Alias eidasAlias
= normalize(Alias.newBuilder()
.setValue
(tppAuthNumber)
.setRealmId
(member.realmId())
.setType
(EIDAS)
.build
());
// construct a payload with all the required data
VerifyEidasPayload payload
= VerifyEidasPayload
.newBuilder
()
.setAlgorithm
(signingAlgorithm
)
.setAlias
(eidasAlias
)
.setCertificate
(certificate
)
.setMemberId
(member.memberId
())
.build
();
// verify eIDAS
VerifyEidasResponse response
= member
.verifyEidas
(payload, signer.sign
(payload
))
.blockingSingle
();
// get the verification status (useful if verifyEidas response has IN_PROGRESS status)
GetEidasVerificationStatusResponse statusResponse
= member
.getEidasVerificationStatus
(response.getVerificationId())
.blockingSingle
();
return
member
;
}
The response includes the eidasVerificationStatus() containing the ID of the certificate verification request, which can be used to check the verification status later, if verification is still IN_PROGRESS. The status will be one of the following possible values:
- EIDAS_STATUS_SUCCESS – the certificate has been verified
- EIDAS_STATUS_FAILURE – the certificate has failed verification
- EIDAS_STATUS_ERROR – unable to validate the certificate due to an error
- EIDAS_STATUS_PENDING – the certificate is pending verification.