HSM Management.
|
| string | GetErrorString (Int32 _errorCode) |
| | Returns the message with the error description.
|
| |
| DateTime | GetHSMDate () |
| | Returns the date/time of the HSM.
|
| |
| void | SetHSMDateTime (DateTime stDateTime) |
| | Sets the date/time of the HSM.
|
| |
| DinamoApi.SYS_COUNTER_INFO | GetHSMCounterInfo () |
| | Retrieves information from HSM system counters.
|
| |
| void | GetHSMHardwareInfo () |
| | Retrieves hardware information from the HSM.
|
| |
| void | Backup (string DestFile, string Pin) |
| | Recover an HSM backup.
|
| |
| void | Restore (string SourceFile, string Pin, bool IncludeNetworkParameters) |
| | Restore a backup in HSM.
|
| |
| int | GetLogSize () |
| | Retrieves the size of the HSM logs.
|
| |
| byte[] | DGetStatLog () |
| | Recover the HSM logs.
|
| |
| byte[] | DGetStatLog (int StartPos, int BytesToRead) |
| | Recover the HSM logs.
|
| |
| int | IPFilterOperationStatus () |
| | Retrieves the status of the HSM IP filter.
|
| |
| int | IPFilterOperationAdd (string szUser, string szIP) |
| | Adds an IP/user set to the HSM IP whitelist.
|
| |
| int | IPFilterOperationRemove (string szUser, string szIP) |
| | Removes an IP/user set from the HSM IP whitelist.
|
| |
| int | IPFilterSetStatus (bool bStatus) |
| | Sets the status of the HSM IP filter.
|
| |
| int | IPFilterOptList(DinamoApi.ListIpFilterCallback filterIpCallBack, IntPtr param) |
| | Retrieves the list from the HSM IP filter.
|
| |
| void | SaveLog (string fileName) |
| | Saves HSM logs to a file.
|
| |
| void | ClearLog () |
| | Clears HSM logs.
|
| |
| string | EmitAuthenticationToken (DateTime expirationDate) |
| |
| string | IssueAToken (ulong expiration) |
| | This functionality is suitable for granular control of application authentication, where the issuing oftokens is managed by the security officer.
Expired Access Tok ens are cleared in 2 stages:
When a user who has expired Access Tokens logs in using Access Tokens. It cleans only the expired Access Tokens themselves.
Using the RunATokenGC() function. Clears all expired Access Tok ens from the HSM.
|
| |
| string | IssueAToken (long expiration) |
| | /overload void IssueAToken(ulong expiration)
|
| |
| string | IssueAToken (DateTime expiration) |
| | /overload void IssueAToken(ulong expiration)
|
| |
| void | RevokeAToken (string aToken) |
| | Revoke an HSM authentication token.
|
| |
| void | RevokeAuthenticationToken (string strToken) |
| |
| DinamoApi.DN_A_TOKEN_FULL[] | ListATokenFull () |
| | Lists the user's Access Tokens in the HSM.
|
| |
| void | RunATokenGC () |
| | Runs the Garbage Collector for HSM session tokens. This method cleans up any HSM Access Tokens that are no longer valid.
The GC should be called periodically by the application to keep the Access Token cache levels under control. The GC's execution schedule should be programmed to take into account the times of the HSM's greatest workloads.
|
| |
| uint | GetATokenCounter () |
| | Recovers the Access Token counter for the entire HSM.
|
| |
| string IssueAToken |
( |
ulong | expiration | ) |
|
|
inline |
This functionality is suitable for granular control of application authentication, where the issuing oftokens is managed by the security officer.
Expired Access Tok ens are cleared in 2 stages:
When a user who has expired Access Tokens logs in using Access Tokens. It only clears the expired Access Tokens themselves.
Using the RunATokenGC() function. Clears all expired Access Tok ens from the HSM.
The maximum limit of Access Tokens issued per HSM can be seen in the table below.
| Model | Maximum limit |
| Pocket | 1024 |
| XP | 1 Million |
| ST | 1 Million |
Notes: Access Tokens are kept in a volatile form, and are thus deleted when the HSM is restarted. Despite being volatile, Access Tokens are replicated between HSMs.
This operation is available from version 3.17 of the HSM firmware. The implementation of Access Tokens prior to version 3.17 of the firmware is legacy. Applications that use this functionality must update the HSM client to version 3.2.18 or higher, along with the HSM firmware to version 3.17 or higher. There is no compatibility between new and old versions of the HSM client and firmware.
- Parameters
-
| expiration | Token expiration. Equivalent to time_t. Measured in seconds from EPOCH(00:00, Jan 1 1970 UTC). Use DinamoApi.DN_A_TOKEN_INFINITE for tokens with no expiry. |
- Return
- AToken for use in Connect().
- Exceptions
-
- Examples
- atoken.cs.
