Using BankID C Server
- S (Deactivated)
This chapter shows code examples for different use cases with BankID C Server.
The code does not contain any error handling or assertions and assumes all calls succeed.
Application start-up code
Before the BankID C Server API can be used, the application will need to establish a session.
The merchant application needs to perform the following action
- Call the function BID_Initialize() to initialize the API
- Call the function BID_OpenSession() to initialize a merchant session
Merchants not using HSM:
int sessioncontext; res = BID_Initialize(); res = BID_OpenSession(&sessioncontext, "C:\\merchant1\\merchant.bid", "passphrase", " C:\\merchant1\\merchant.cfg", NULL,NULL,NULL,NULL,NULL,NULL);
Merchants using HSM:
int sessioncontext;
res = BID_HSMInitialize("C:\\Programfiler\\LunaSA\\cryptoki.dll");
res = BID_HSMOpenSession(&sessioncontext,
"C:\\merchant1\\merchant.bid",
"passphrase",
" C:\\merchant1\\merchant.cfg",
NULL,NULL,NULL,NULL,NULL,NULL,"hsm_password");
The Merchant application can be written on behalf of a single merchant or several merchants. To configure the system, BID_Initialize must be called once for the whole system. BID_OpenSession is called for every merchant that will be running. In the code example above, the merchant has chosen to enter parameters via the configuration file merchant.cfg. Therefore all the parameters into the API are empty. When BID_OpenSession is called successfully, the merchant can use the services offered by BankID C Server.
Application shutdown code
When the merchant application has finished using BankID C Server, it should clean up all resources held by each merchant session and the BankID C Server globally.
The following must be done to clean up.
- Call the function BID_CloseSession for every merchant session running.
- Call the function BID_Finalize() to clean up global settings.
/* Do the below call for all merchant contexts */ res = BID_CloseSession(sessioncontext); res = BID_Finalize()
Initializing clients
Web-client
The code below shows an example of how the merchant initiates a transaction where the user uses the Web-client.
/* *This code only shows how to set the infoitems and call the* *BID_InitSession method. */ char *helperUri = NULL; char *tid = NULL; char *cid = NULL; ret = BID_SetInfoItem(handle, "action", "auth"); ret = BID_SetInfoItem(handle, "merchanturl", "https://url.no/handleBankIDCallbacks"); ret = BID_SetInfoItem(handle, "useragent", "WGET 4.0 like Mozilla"); ret = BID_SetInfoItem(handle, "localeId", "nb"); ret = BID_SetInfoItem(handle, "sid", "SuperUniqueSessionID-1234"); ret = BID_SetInfoItem(handle, "timeout", "40000"); ret = BID_SetInfoItem(handle, "nexturl", "https://url.no/gohereafterwards"); ret = BID_SetInfoItem(handle, "merchantFEDomain", "url.no"); ret = BID_SetInfoItem(handle, "withCredentials", "Y"); ret = BID_InitSession(handle, &helperUri, &tid, &cid); /* The data is received, use the helperuri to load the Web-client (using the cid), *verify that the tid is correct in subsequent requests received from the Web-client, *allow the user to authenticate, sign, pay or change password. */ ret = BID_RemoveInfoItems(handle); BID_Free(helperUri); BID_Free(tid); BID_Free(cid);
Web-client (BankID 2.1)
The code below shows an example of how the merchant initiates a transaction where the users uses the BankID 2.1 Web-client for signing.
char *helperUri = NULL; char *tid = NULL; char *cid = NULL; ret = BID_SetInfoItem(handle, "action", "sign"); ret = BID_SetInfoItem(handle, "merchanturl", "https://url.no/handleBankIDCallbacks"); ret = BID_SetInfoItem(handle, "useragent", "WGET 4.0 like Mozilla"); ret = BID_SetInfoItem(handle, "localeId", "nb"); ret = BID_SetInfoItem(handle, "sid", "SuperUniqueSessionID-1234"); ret = BID_SetInfoItem(handle, "timeout", "40000"); ret = BID_SetInfoItem(handle, "nexturl", "https://url.no/gohereafterwards"); ret = BID_SetInfoItem(handle, "docDisplayMode", "window"); ret = BID_SetInfoItem(handle, "merchantFEDomain", "url.no"); ret = BID_SetInfoItem(handle, "merchantFEAncestors", "domain1, domain2, domain3"); ret = BID_SetInfoItem(handle, "withCredentials", "Y"); ret = BID_SetInfoItem(handle, "showUnderstanding", "Y"); ret = BID_SetInfoItem(handle, "showConfirmation", "Y"); ret = BID_SetInfoItem(handle, "clientVersion", "2.1"); ret = BID_SetInfoItem(handle, "clientProxyURL", https://url.to/clientproxy); ret = BID_SetInfoItem(handle, "clientProxyPublicKey", "hexencoded modulus"); ret = BID_InitSession(handle, &helperUri, &tid, &cid); ret = BID_RemoveInfoItems(handle); BID_Free(helperUri); BID_Free(tid); BID_Free(cid);
BankID on mobile
The code below shows an example of how the merchant can initiate a bankid on mobile transaction.
char *transactionreference = NULL; char *merchantref = NULL; int retcode = 0; retcode = BID_GenerateMerchantReference(sessioncontext, "no_NO", &merchantref); retcode = BID_SetInfoItem(sessioncontext, "phonenumber", "12341234"); retcode = BID_SetInfoItem(sessioncontext, "phonealias", "010170"); retcode = BID_SetInfoItem(sessioncontext, "action", "auth"); retcode = BID_SetInfoItem(sessioncontext, "sid", "sessionid"); retcode = BID_SetInfoItem(sessioncontext, "merchantReference", merchantref); retcode = BID_RequestMobileAction(sessioncontext, &transactionreference); BID_RemoveInfoItems(sessioncontext); BID_Free(transactionreference); BID_Free(merchantref);
Authentication process
The code below shows an example of an authentication (login) use case.
char* encryptedresponse=NULL; char* serverchallenge=NULL; char* socialno = NULL; char* clientIp = NULL; /* When using the Web-client, the traceid must be set before calling the * BID_InitTransaction method. */ res = BID_SetInfoItem(sessioncontext,"traceid", "<traceid from initsession response>"); /* Authentication step 1 * Retrieve operation, encKey, encData and encAuth from client */ res = BID_InitTransaction(sessioncontext, encKey, encData, encAuth, operation, NULL, &encryptedresponse); res = BID_GetInfoItem(sessioncontext, "serverchallenge", &serverchallenge); /* Return encryptedresponse to client, clean up state data */ res = BID_RemoveInfoItems(sessioncontext); res = BID_Free(encryptedresponse); res = BID_Free(clientIp); res = BID_Free(serverChallenge); /* End of step 1 */ /* Authentication step 2 * Retrieve operation, encKey, encData and encAuth from client */ res = BID_SetInfoItem(sessioncontext, "serverchallenge", serverchallenge); /* When using the Web-client, the traceid must be set before calling the * BID_VerifyTransactionRequest method. /* res = BID_SetInfoItem(sessioncontext,"traceid", "<traceid from initsession response>"); /* To retrieve additional certificate information, add infoitems here. * Possible values: "addsocialno", "addaccountno" and "addorganisationno" */ res = BID_SetInfoItem(sessioncontext, "addsocialno", "true"); res = BID_VerifyTransactionRequest(sessioncontext, encKey, encData, encAuth, operation, NULL); /* Now it is possible to retrieve certificate information here */ res = BID_GetInfoItem(sessioncontext, "socialno"); res = BID_RemoveInfoItems(sessioncontext); /* An error code must be set if something went wrong * res = BID_SetInfoItem(sessioncontext, "errorCode", "some error code"); */ res = BID_SetInfoItem(sessioncontext,"nexturl","https://some URL"); res = BID_VerifyTransactionResponse(sessioncontext, &encryptedresponse ); /* Return encrypted response to client, clean up state data */ res = BID_RemoveInfoItems(sessioncontext); res = BID_Free(encryptedresponse); /* End of step 2 */
Signing process without SEID SDO
The below code shows an example of a signing use case where no SDO is created.
const char* contract ="I lease a Ford Focus from 01.11.2004-01.11.2005";
char* b64contract=NULL;
char* signeddata=NULL;
/*
* Signing step 1
* Retrieve operation, encKey, encData and encAuth from client
*/
res = BID_Base64Encode(sessioncontext,
contract,
strlen(contract),
&b64contract);
res = BID_SetInfoItem(sessioncontext, "data", b64contract);
res = BID_SetInfoItem(sessioncontext, "mimetype", "text/plain");
res = BID_SetInfoItem(sessioncontext, "datadescription", "Contract");
/* When using the Web-client, the traceid must be set before calling the
* BID_InitTransaction method. /*
res = BID_SetInfoItem(sessioncontext,"traceid", "<traceid from initsession response>");
res = BID_InitTransaction(sessioncontext,
encKey,
encData,
encAuth,
operation,
NULL,
&encryptedresponse);
res = BID_GetInfoItem("signeddata", &signeddata);
/* Return encrypted response to client */
res = BID_RemoveInfoItems(sessioncontext);
res = BID_Free(encryptedresponse);
res = BID_Free(b64contract);
/* signing step 1 end */
/*
* signing step 2 start
* Retrieve operation, encKey, encData and encAuth from client
*/
res = BID_SetInfoItem(sessioncontext, "signeddata", signeddata);
/* When using the Web-client, the traceid must be set before calling the
* BID_VerifyTransactionRequest method.
*/
res = BID_SetInfoItem(sessioncontext,"traceid", "<traceid from initsession response>");
res = BID_VerifyTransactionRequest(sessioncontext,
encKey,
encData,
encAuth,
operation,
NULL);
res = BID_Free(signeddata);
/*
* An error code must be set if something went wrong
* res = BID_SetInfoItem(sessioncontext, "errorCode", "some error code");
*/
res = BID_SetInfoItem(sessioncontext, "nextUrl", "https://some url");
res = BID_VerifyTransactionResponse(sessioncontext, &encryptedresponse);
/* Return encrypted response to client */
res = BID_RemoveInfoItems(sessioncontext);
res = BID_Free(encryptedresponse);
Signing process with SEID SDO
The below code shows an example of a signing use-case where an SDO is created.
const char contract = "This is the contract"; char b64contract = NULL; char serverpkcs7 = NULL; char serverocsp = NULL; char clientpkcs7 = NULL; char clientocsp = NULL; char sdoxml = NULL; char b64sdoxml = NULL; BID_SEIDSDO seidsdo = NULL; char signeddata = NULL; char encryptedResponse = NULL; /* * Signing step 1 * Retrieve operation, encKey, encData and encAuth from client */ res = BID_Base64Encode(sessioncontext, contract, strlen(contract), &b64contract); res = BID_SetInfoItem(sessioncontext, "data", b64contract); res = BID_SetInfoItem(sessioncontext, "mimetype", "text/plain"); res = BID_SetInfoItem(sessioncontext, "datadescription", "Contract"); /* When using the Web-client, the traceid must be set before calling the * BID_InitTransaction method. */ res = BID_SetInfoItem(sessioncontext,"traceid", "<traceid from initsession response>"); res = BID_InitTransaction(sessioncontext, encKey, encData, encAuth, operation, NULL, &encryptedresponse); res = BID_GetInfoItem(sessioncontext, "signeddata", &signeddata); res = BID_GetInfoItem(sessioncontext, "pkcs7", &serverpkcs7); /* * Return the encryptedresponse to the client */ res = BID_RemoveInfoItems(sessioncontext); res = BID_Free(encryptedresponse); res = BID_Free(b64contract); /* * Signing step 2 * Retrieve operation, encKey, encData and encAuth from client */ res = BID_SetInfoItem(sessioncontext, "signeddata", signeddata); /* When using the Web-client, the traceid must be set before calling the * BID_VerifyTransactionRequest method. */ res = BID_SetInfoItem(sessioncontext,"traceid", "<traceid from initsession response>"); res = BID_VerifyTransactionRequest(sessioncontext, encKey, encData, encAuth, operation, NULL); res = BID_GetInfoItem(sessioncontext, "serverOcsp", &serverocsp); res = BID_GetInfoItem(sessioncontext, "clientPkcs7", &clientpkcs7); res = BID_GetInfoItem(sessioncontext, "clientOcsp", &clientocsp); res = BID_CreateSDO(sessioncontext, &seidsdo, signeddata, "text/plain", "a contract", clientPkcs7, serverPkcs7, clientocsp, serverocsp); res = BID_Free(signedData); res = BID_Free(serverpkcs7); res = BID_Free(serverocsp); res = BID_Free(clientpkcs7); res = BID_Free(clientocsp); res = BID_SDOToXMLEx(sessioncontext, seidsdo, &sdoxml); res = BID_SDOFree(sessioncontext, seidsdo); res = BID_Base64Encode(sessioncontext, sdoxml, strlen(sdoxml), &b64sdoxml); res = BID_Free(sdoxml); /* * Do not add the data to the sdo by calling BID_SDOAddData before the response is sent * back to the client. The client already has the transaction data. */ res = BID_SetInfoItem(sessioncontext,"sdo", b64sdoxml); res = BID_Free(b64sdoxml); /* * An error code must be set if something went wrong * res = BID_SetInfoItem(sessioncontext,"errorCode","someErrorCode"); */ res = BID_SetInfoItem(sessioncontext,"nextUrl","https://someUrl"); res = BID_VerifyTransactionResponse(sessioncontext, &encryptedresponse ); /* Return encrypted response to client */ res = BID_RemoveInfoItems(sessioncontext); res = BID_Free(encryptedresponse);
Signing process with Dynamic SEID SDO
The below code shows an example of a signing use-case where a Dynamic SDO is created.
BID_Signature signature;
BID_Signature signature2;
BID_Signature signature3;
BID_SEIDSDO* seidsdo = NULL;
char* b64contract = NULL;
char* ocsp = NULL;
/*
* Step 1.
* Retrieve 3 pkcs7 signatures with corresponding ocsp response via B2B or some
* legacy system. Create a signature structure
*/
signature.pkcs7 = retrievedpkcs7_1;
signature.ocsp = retrievedocsp_1;
signature.next = &signature2;
signature2.pkcs7 = retrievedpkcs7_2;
signature2.ocsp = retrievedocsp_2;
signature2.next = &signature3;
signature3.pkcs7 = retrievedpkcs7_3;
signature3.ocsp = retrievedocsp_3;
/*
* Step 2. Retrieve the contract that was signed.
*/
b64contract = retrievedcontract;
/*
* Step 3. Create the dynamic SDO. This SDO will not be sealed.
* It will contain three signatures.
*/
res = BID_CreateDynamicSDO(sessioncontext,
&seidsdo,
b64contract,
"text/plain",
"a contract",
&signature);
/*
* Step 4. Retrieve another pkcs#7 signature and ocsp response via B2B or some
* legacy system. The retrieved signature shall be added to the created SDO.
*/
signature.pkcs7 = secondretrievedpkcs7;
signature.ocsp = secondretrievedocsp;
signature.next = NULL;
res = BID_SDOAddSignature( sessioncontext,
seidsdo,
&signature
b64contract);
/*
* Step 5. All signatures that shall be contained in the SDO are retrieved.
* Now seal the SDO.
*/
res = BID_GetOwnCertStatus( sessioncontext, &ocsp);
res = BID_SDOSeal(sessiocontext, sdo, ocsp, b64contract);
/*
* Step 6. Validate the final SDO. We require 4 signatures in the sdo and
* demands that it is sealed.
*/
res = BIDDynamicSDOValidate( sessioncontext, sdo, b64contract, 4, 0);
BankID 2.1 Sign
The code below shows how to perform a BankID 2.1 sign operation with 2 documents.
/* init sign */
res = BID_AddDocumentText(sessioncontext,
B64Encode("this is a small test"),
"Description1");
res = BID_AddDocumentText(sessioncontext,
B64Encode("this is a another test"),
"descr2");
res = BID_SetInfoItem(sessioncontext, "traceId", traceid);
res = BID_InitTransaction(sessioncontext,
encKey,
encData,
encAuth,
operation,
NULL,
&encryptedresponse);
/* send response ... */
BID_Free(encryptedresponse);
/* fetch signed data and signatures */
res = BID_GetSignedData(sessioncontext, 0, &signed_data, &signature);
res = BID_GetSignedData(sessioncontext, 1, &signed_data2, &signature2);
/* remove infoitems and stuff */
BID_RemoveInfoItems(sessioncontext);
/* verify sign */
/* set data that should have been signed – order is important! */
res = BID_SetSignedData(sessioncontext, signed_data);
res = BID_SetSignedData(sessioncontext, signed_data2);
res = BID_VerifyTransactionRequest(sessioncontext,
encKey,
encData,
encAuth,
operation,
NULL);
/* retrieve merchant ocsp */
res = BID_GetInfoItem(sessioncontext, "serverOcsp", &serverOcsp);
/* retrieve signatures and ocsp */
res = BID_GetSignatureAndOCSP(sessioncontext, 0, &clientsignature, &clientocsp);
res = BID_GetSignatureAndOCSP(sessioncontext, 0, &clientsignature2, &clientocsp2);
/* retrieve rtReport */
res = BID_GetReportData(sessioncontext, "", &report);
BankID 2.0 Signing and creation of PDF Signature (PAdES)
The code below shows how to enable creation of PAdES outside BankID Server by configuring BankID Server and the COI to produce compatible CMS (PKCS#7) and OCSP response formats during a sign operation.
const char* contract =”Read a PDF with an empty Signature Dictionary”;
char* b64contract = NULL;
char* signeddata = NULL;
char* clientpkcs7 = NULL;
char* clientbasicocsp = NULL;
char* clientfullocsp = NULL;
/*
* Signing step 1
* Retrieve operation, encKey, encData and encAuth from client
*/
res = BID_Base64Encode(sessioncontext,
contract,
strlen(contract),
&b64contract);
res = BID_SetInfoItem(sessioncontext, “data”, b64contract);
res = BID_SetInfoItem(sessioncontext, “mimetype”, “application/pdf”);
res = BID_SetInfoItem(sessioncontext, “datadescription”, “Contract”);
res = BID_SetInfoItem(sessioncontext, “extPDFUrl”, “https://www.mercant.com/pdf”);
/* Configure use of CMS and OCSP formats compatible with PAdES */
res = BID_SetInfoItem(sessioncontext, “cmsFormat”, “PKCS7_ISO320001”);
res = BID_SetInfoItem(sessioncontext, “ocspFormat”, “OCSP_RFC6960_COMPATIBLE”);
/* When using the Web-client, the traceid must be set before calling the
* BID_InitTransaction method. */
res = BID_SetInfoItem(sessioncontext,”traceid”, “<traceid from initsession response>”);
res = BID_InitTransaction(sessioncontext,
encKey,
encData,
encAuth,
operation,
NULL,
&encryptedresponse);
res = BID_GetInfoItem(“signeddata”, &signeddata);
/* Return encrypted response to client */
res = BID_RemoveInfoItems(sessioncontext);
res = BID_Free(encryptedresponse);
res = BID_Free(b64contract);
/* signing step 1 end */
/*
* signing step 2 start
* Retrieve operation, encKey, encData and encAuth from client
*/
res = BID_SetInfoItem(sessioncontext, “signeddata”, signeddata);
/* When using the Web-client, the traceid must be set before calling the
* BID_VerifyTransactionRequest method. /*
res = BID_SetInfoItem(sessioncontext,”traceid”, “<traceid from initsession response>”);
/* Configure use of OCSP format compatible with PAdES */
res = BID_SetInfoItem(sessioncontext, “ocspFormat”, “OCSP_RFC6960_COMPATIBLE”);
res = BID_VerifyTransactionRequest(sessioncontext,
encKey,
encData,
encAuth,
operation,
NULL);
res = BID_GetInfoItem(sessioncontext, “clientPkcs7”, &clientpkcs7);
res = BID_GetInfoItem(sessioncontext, “clientOcsp”, &clientbasicocsp);
res = BID_GetInfoItem(sessioncontext, “clientFullOcsp”, &clientfullocsp);
/*Add PAdES signature to the PDF with clientpkcs7 and clientbasicocsp or clientfullocsp*/
res = BID_Free(signeddata);
/*
* An error code must be set if something went wrong
* res = BID_SetInfoItem(sessioncontext, “errorCode”, “some error code”);
*/
res = BID_SetInfoItem(sessioncontext, “nextUrl”, “https://some url”);
res = BID_VerifyTransactionResponse(sessioncontext, &encryptedresponse);
/* Return encrypted response to client */
res = BID_RemoveInfoItems(sessioncontext);
res = BID_Free(encryptedresponse);
BankID 2.1 Signing and creation of PDF Signature (PAdES)
The code below shows how to enable creation of PAdES outside BankID Server by configuring BankID Server and the COI to produce compatible CMS (PKCS#7) and OCSP response formats during a sign operation.
/* init sign */
res = BID_AddDocumentPDF(sessioncontext,
B64Encode(“PDF char including an empty Signature Dictionary”),
“Description1”);
res = BID_SetInfoItem(sessioncontext, “traceId”, traceid);
/* Configure use of CMS and OCSP formats compatible with PAdES */
res = BID_SetInfoItem(sessioncontext, “cmsFormat”, “PKCS7_ISO320001”);
res = BID_SetInfoItem(sessioncontext, “ocspFormat”, “OCSP_RFC6960_COMPATIBLE”);
res = BID_InitTransaction(sessioncontext,
encKey,
encData,
encAuth,
operation,
NULL,
&encryptedresponse);
/* send response ... */
BID_Free(encryptedresponse);
/* fetch signed data and signatures */
res = BID_GetSignedData(sessioncontext, 0, &signed_data, &signature);
/* remove infoitems and stuff */
BID_RemoveInfoItems(sessioncontext);
/* verify sign */
/* set data that should have been signed */
res = BID_SetSignedData(sessioncontext, signed_data);
/* Configure use of OCSP format compatible with PAdES */
res = BID_SetInfoItem(sessioncontext, “ocspFormat”, “OCSP_RFC6960_COMPATIBLE”);
res = BID_VerifyTransactionRequest(sessioncontext,
encKey,
encData,
encAuth,
operation,
NULL);
/* retrieve signature and ocsp. Choose function for retrieving information based on if
a basic or full OCSP response is needed*/
res = BID_GetSignatureAndOCSP(sessioncontext, 0, &clientsignature, &clientbasicocsp);
res = BID_GetSignatureAndFullOCSP(sessioncontext, 0, &clientsignature, &clientfullocsp);
/*Add clientsignature and clientbasicocsp or clientfullocsp as signature elements
in the PDF*/
Retrieve certificate status from VA
The code below shows an example of how to retrieve the status of a certificate from VA.
char *ocspresponse = NULL;
res = BID_GetCertStatus(sessioncontext, clientPkcs7, &ocspresponse);
res = BID_RemoveInfoItems(sessioncontext);
BID_Free(ocspresponse);
Retrieve additional information from VA
See [5.4] for the recommended way of retrieving additional information from VA.
The below code shows an example of how to retrieve the status of a certificate and at the same time retrieve additional information about the certificate holder.
/*
* This code assumes that all three additional information items are available for the
* requested certificate
*/
char* socialno=NULL;
char* accountno=NULL;
char* organisationno=NULL;
ret = BID_SetInfoItem(sessioncontext, "addsocialno", "true");
ret = BID_SetInfoItem(sessioncontext, "addaccountno", "true");
ret = BID_SetInfoItem(sessioncontext, "addorganisationno", "true");
res = BID_GetCertStatus(sessioncontext, clientpkcs7, NULL);
ret = BID_GetInfoItem(sessioncontext, "socialno", &socialno);
ret = BID_GetInfoItem(sessioncontext, "accountno", &accountno);
ret = BID_GetInfoItem(sessioncontext, "organisationno", &organisationno);
/*
* If BID_GetInfoItem doesn’t return the requested infoitem, the merchant might call
* BID_GetInfoItem with the item concatenated with "err" to find the reason.
* res = BID_GetInfoItem(sessioncontext, "socialnoerr", &socialnoerr);
*/
BID_Free(socialno);
BID_Free(accountno);
BID_Free(organisationno);
BID_RemoveInfoItems(sessioncontext);
The infoitems addsocialno, addaccountno and addorganisationno must have value "true" to have any effect.
The BID_VerifyTransactionRequest method checks the certificate status, thus the BID_GetCertStatus method is no longer necessary to use if you use the BID_VerifyTransactionRequest method.
For multiple document signing the request for AI will be sent for the first document only. As described in the example above, the AI will be accessible to the merchant as infoitems.
char* encryptedresponse=NULL; char* serverchallenge=NULL; char* socialno = NULL; char* clientIp = NULL;
/* When using the Web-client, the traceid must be set before calling the * BID_InitTransaction method. /* res = BID_SetInfoItem(sessioncontext,”traceid”, “<traceid from initsession response>”);
/* Authentication step 1 * Retrieve operation, encKey, encData and encAuth from client */ res = BID_InitTransaction(sessioncontext, encKey, encData, encAuth, operation, NULL, &encryptedresponse);
res = BID_GetInfoItem(sessioncontext, “serverchallenge”, &serverchallenge);
/* Return encryptedresponse to client, clean up state data */
res = BID_RemoveInfoItems(sessioncontext); res = BID_Free(encryptedresponse); res = BID_Free(clientIp); res = BID_Free(serverChallenge); /* End of step 1 */
/* Authentication step 2 * Retrieve operation, encKey, encData and encAuth from client */ res = BID_SetInfoItem(sessioncontext, ”serverchallenge”, serverchallenge);
/* When using the Web-client, the traceid must be set before calling the * BID_VerifyTransactionRequest method. /* res = BID_SetInfoItem(sessioncontext,”traceid”, “<traceid from initsession response>”);
/* To retrieve additional certificate information, add infoitems here. * Possible values: “addsocialno”, “addaccountno” and “addorganisationno” */ res = BID_SetInfoItem(sessioncontext, “addsocialno”, “true”); res = BID_VerifyTransactionRequest(sessioncontext, encKey, encData, encAuth, operation, NULL); /* Now it is possible to retrieve certificate information here */ res = BID_GetInfoItem(sessioncontext, “socialno”); res = BID_RemoveInfoItems(sessioncontext);
/* An error code must be set if something went wrong * res = BID_SetInfoItem(sessioncontext, “errorCode”, “some error code”); */ res = BID_SetInfoItem(sessioncontext,”nexturl”,”https://some URL”); res = BID_VerifyTransactionResponse(sessioncontext, &encryptedresponse );
/* Return encrypted response to client, clean up state data */ res = BID_RemoveInfoItems(sessioncontext); res = BID_Free(encryptedresponse);
/* End of step 2 */ |