Diplad (BeLawyer)

Introduction

Each lawyer in Belgium registered at the balie is obliged since 1/1/2018 to have an electronic lawyer card. This is declared in atr. 193bis of the Codex Deontologie voor Advocaten:

“De advocaat moet voor zijn identificatie en voor de authenticatie beschikken over de elektronische CCBE-advocatenkaart.”

More info at https://www.diplad.be/en-GB/t/23/elektronische-advocatenkaart.aspx.

Interface

Module

export interface AbstractEidDiplad {
  allData(filters: string[] | Options, callback?: (error: T1CLibException, data: TokenAllDataResponse) => void): Promise<TokenAllDataResponse>;
  allCerts(parseCerts?: boolean, filters?: string[] | Options, callback?: (error: T1CLibException, data: TokenAllCertsResponse) => void): Promise<TokenAllCertsResponse>;
  biometric(callback?: (error: T1CLibException, data: TokenBiometricDataResponse) => void): Promise<TokenBiometricDataResponse>;
  tokenData(callback?: (error: T1CLibException, data: TokenDataResponse) => void): Promise<TokenDataResponse>;
  address(callback?: (error: T1CLibException, data: TokenAddressResponse) => void): Promise<TokenAddressResponse>;
  picture(callback?: (error: T1CLibException, data: TokenPictureResponse) => void): Promise<TokenPictureResponse>;
  rootCertificate(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateResponse) => void): Promise<TokenCertificateResponse>;
  intermediateCertificates(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateResponse) => void): Promise<TokenCertificateResponse>;
  authenticationCertificate(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateResponse) => void): Promise<TokenCertificateResponse>;
  nonRepudiationCertificate(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateResponse) => void): Promise<TokenCertificateResponse>;
  encryptionCertificate(parseCerts?: boolean, callback?: (error: T1CLibException, data: TokenCertificateResponse) => void): Promise<TokenCertificateResponse>;
  verifyPin(body: TokenVerifyPinData, callback?: (error: T1CLibException, data: TokenVerifyPinResponse) => void): Promise<TokenVerifyPinResponse>;
  authenticate(body: TokenAuthenticateOrSignData, callback?: (error: T1CLibException, data: TokenAuthenticateResponse) => void): Promise<TokenAuthenticateResponse>;
  sign(body: TokenAuthenticateOrSignData, bulk?: boolean, callback?: (error: T1CLibException, data: TokenSignResponse) => void): Promise<TokenSignResponse>;
  allAlgoRefs(callback?: (error: T1CLibException, data: TokenAlgorithmReferencesResponse) => void): Promise<TokenAlgorithmReferencesResponse>
  resetBulkPin(callback?: (error: T1CLibException, data: BoolDataResponse) => void): Promise<BoolDataResponse>;
}

Models

All model information can be found in the Token typings model page

Examples

Initializing Diplad Module

T1cSdk.initialize(config).then(res => {
    const diplad = res.client.createEidDiplad(readerId);
}, err => {
    console.error(error)
});

All Data

diplad.allData().then(res => {
}, err => {
   console.log(err);
}

Response will look like:

{
  "data": {
    "biometric": {
      "cardNumber": "cardNumber",
      "cardValidityDateEnd": "2021-01-08",
      "chipNumber": "c57c0a3f-d034-46c9-831e-a208b2e44fb6",
      "firstNames": "Tom",
      "name": "Van Cammen",
      "nationality": "BE",
      "rawData": "BASE64_ENCODED_CARD_DATA",
      "version": "1",
      "issuer": ""
    },
    "picture": {
      "picture": "BASE64_ENCODED_BYTE_ARRAY"
    }
  },
  "success": true
}

Biometric Data

diplad.biometric().then(res => {
}, err => {
   console.log(err);
}

Response will look like:

{
  "data": {
    "cardNumber": "cardNumber",
    "cardValidityDateEnd": "2021-01-08",
    "chipNumber": "c57c0a3f-d034-46c9-831e-a208b2e44fb6",
    "firstNames": "Tom",
    "name": "Van Cammen",
    "nationality": "BE",
    "rawData": "BASE64_ENCODED_CARD_DATA",
    "version": "1",
    "issuer": ""
  },
  "success": true
}

Picture

diplad.picture().then(res => {
}, err => {
   console.log(err);
}

Response will look like:

{
  "data": {
    "picture": "BASE64_ENCODED_BYTE_ARRAY"
  },
  "success": true
}

All Certificates

When additional parsing of the certificate is needed you can add a boolean to indicate if you want to parse the certificate or not.

const filter = ['rootCertificate', 'authenticationCertificate', 'nonRepudiationCertificate'];
diplad.allCerts(parseCertsBoolean, filter).then(res => {
}, err => {
   console.log(err);
}

The filter is optional

Response will look like:

{
    success: true,
    data: {
       authenticationCertificate?: {
             certificate?: string,
             certificates?: Array<string>,
             certificateType?: string,
             id?: string,
             parsedCertificate?: Certificate,
             parsedCertificates?: Array<Certificate>
       },
       
       nonRepudiationCertificate?: {
             certificate?: string,
             certificates?: Array<string>,
             certificateType?: string,
             id?: string,
             parsedCertificate?: Certificate,
             parsedCertificates?: Array<Certificate>
       },
       rootCertificate?: {
             certificate?: string,
             certificates?: Array<string>,
             certificateType?: string,
             id?: string,
             parsedCertificate?: Certificate,
             parsedCertificates?: Array<Certificate>
       },
    }
}

Root Certificate

When additional parsing of the certificate is needed you can add a boolean to indicate if you want to parse the certificate or not.

diplad.rootCertificate(parseCertsBoolean).then(res => {
}, err => {
   console.log(err);
}

Response will look like:

{
    success: true,
    data: {
        certificate?: string,
        certificates?: Array<string>,
        certificateType?: string,
        id?: string,
        parsedCertificate?: Certificate,
        parsedCertificates?: Array<Certificate>
    }    
}

Authentication Certificate

When additional parsing of the certificate is needed you can add a boolean to indicate if you want to parse the certificate or not.

diplad.authenticationCertificate(parseCertsBoolean).then(res => {
}, err => {
   console.log(err);
}

Response will look like:

{
    success: true,
    data: {
        certificate?: string,
        certificates?: Array<string>,
        certificateType?: string,
        id?: string,
        parsedCertificate?: Certificate,
        parsedCertificates?: Array<Certificate>
    }    
}

Non-Repudiation Certificate

When additional parsing of the certificate is needed you can add a boolean to indicate if you want to parse the certificate or not.

diplad.nonRepudiationCertificate(parseCertsBoolean).then(res => {
}, err => {
   console.log(err);
}

Response will look like:

{
    success: true,
    data: {
        certificate?: string,
        certificates?: Array<string>,
        certificateType?: string,
        id?: string,
        parsedCertificate?: Certificate,
        parsedCertificates?: Array<Certificate>
    }    
}

Verify PIN

  • If the card reader has a PIN pad, the PIN must always be entered via the card-reader PIN pad.

  • If the card reader has no PIN pad:

    • If the osDialog property is set to true, a OS dialog window will be displayed for the user the enter their PIN

    • If the pin property is defined, that value is used

    • If osDialog is set to false, and pin is undefined, an error will be returned

const data = {
    pin: "1234", // optional
    osDialog: true // optional
}
diplad.verifyPin(data).then(res => {
}, err => {
    console.error(err)
})

Response will look like:

{
    "success": true,
    "data": {
      "verified": true
    }    
}

Sign

To sign data, an algorithm must be specified in the algorithm property (see Supported Algorithms), and a Base64-encoded string representation of the digest bytes of the same algorithm in the data property.

Additionally, it is possible to bulk sign data without having to re-enter the PIN by adding an optional bulk parameter set to true to the request. Subsequent sign requests will not require the PIN to be re-entered until a request with bulk being set to false is sent, or the Bulk PIN Reset method is called.

The PIN can provided/entered in the same way as Verify PIN

const data = {
    algorithm: "sha256",
    data: "E1uHACbPvhLew0gGmBH83lvtKIAKxU2/RezfBOsT6Vs=",
    pin: "1234"
}
const bulk = false;
diplad.sign(data, bulk).then(res => {
}, err => {
    console.error(err)
})

Response will look like:

{
    "success": true,
    "data": {
      "data": "..."
    }    
}

Authenticate

To sign data, an algorithm must be specified in the algorithm property (see Supported Algorithms), and a Base64-encoded string representation of the digest bytes of the same algorithm in the data property.

The PIN can provided/entered in the same way as Verify PIN

const data = {
    algorithm: "sha256",
    data: "E1uHACbPvhLew0gGmBH83lvtKIAKxU2/RezfBOsT6Vs=",
    pin: "1234"
}
diplad.authenticate(data).then(res => {
}, err => {
    console.error(err)
})

Response will look like:

{
    "success": true,
    "data": {
      "data": "..."
    }    
}

Get Supported Algorithms

diplad.allAlgoRefs().then(res => {
}, err => {
    console.error(err)
})

Response will look like:

{
    "success": true,
    "data": {
      "ref": ["sha1", "sha256", "sha512"]
    }    
}

Bulk PIN Reset

The PIN set for bulk signing can be reset by calling this method.

diplad.resetBulkPin().then(res => {
}, err => {
    console.error(err)
})

Response will look like:

{
    "success": true,
    "data": true
}

Last updated

Was this helpful?