Detailed description

HSM user management.

Data Structures
struct	DinamoClient.UserTrustInfo

Functions
void	ChangePasswordUser (string szPassword)

void	ChangeUserPassword (string szPassword)
	Changes the current user's password.

void	AssignEventToken (string szUserId, byte[] byKey)
	It associates a standard event OTP token OATH with a user. After this call, the user will only authenticate with username, password and OTP.

void	AssignTimeToken (string szUserId, byte[] byKey, UInt64 iInitialTime, Int16 iStep)
	It associates a standard time OTP token OATH with a user. After this call, the user will only authenticate with username, password and OTP.

void	UnassignToken (string szUserId)
	Disassociates OTP authentication from a user. After this call, the user will only authenticate with username and password.

void	OATHResync (string szUser, string szOTP1, string szOTP2)
	Re-synchronizes an event token, standard OATH, associated with an HSM user. It receives two consecutive OTPs, generated by the token, to synchronize the state of the token in the HSM user.

int	GetUserAuthMask (string szUserName)
	Retrieves the user's authorization mask.

UserTrustInfo[]	ListUserTrusts (string user, byte bType)
	Recover the user's relationships of trust.

string[]	ListUsers ()
	Lists HSM users.

void	BlockUser (string szUserName, bool bBlock)
	Blocks or unblocks a user.

void	SetUserAuthMask (string szUserName, int iACL)
	Defines a user's authorization mask.

int	GetUserInvalidLoginAttempts (string szUserName)
	Recovers the number of invalid login attempts since the last successful authentication.

bool	IsUserBlocked (string szUserName)
	Checks if a user is blocked.

void	CreateUser (string UserId, string Password)
	Creates an ordinary user, without system permissions.

void	RemoveUser (string UserId)
	Remove a user.

Functions

◆ ChangePasswordUser()

void ChangePasswordUser ( string szPassword )

inline

Obsolete:: API discontinued. Please use ChangeUserPassword.

◆ ChangeUserPassword()

void ChangeUserPassword ( string szPassword )

inline

Changes the current user's password.

Parameters

szPassword New password.

Exceptions

DinamoException Throws exception in case of error.

◆ AssignEventToken()

void AssignEventToken	(	string	szUserId,
		byte[]	byKey
	)

inline

It associates a standard event OTP token OATH with a user. After this call, the user will only authenticate with username, password and OTP.

Parameters

szUserId	User name.
byKey	Key(seed) used to define the standard OTP OATH.

Exceptions

DinamoException Throws exception in case of error.

◆ AssignTimeToken()

void AssignTimeToken	(	string	szUserId,
		byte[]	byKey,
		UInt64	iInitialTime,
		Int16	iStep
	)

inline

It associates a standard time OTP token OATH with a user. After this call, the user will only authenticate with username, password and OTP.

Parameters

szUserId User name.

byKey Key(seed) used to define the standard OTP OATH.

iInitialTime

T0 used by the token. Defined in seconds.

Value	Meaning
DinamoApi.OATH_SA_v2_default_T0_Epoch	Use HSM's default value.

Parameters

iStep

Time step value in seconds. In addition to setting the time step in seconds for TOTP blobs, the following values are also supported.

Value	Meaning
DinamoApi.OATH_SA_v2_default_TIME_STEP	Use the default HSM time step value, currently 30 secs.

Exceptions

DinamoException Throws exception in case of error.

Notes: As of firmware version 4.0.2, the size of the authentication look-ahead window is set to the default of 10 intervals more or less. In the case of HOTP tokens, the intervals will be counted by the number of events, while in the case of TOTP tokens, they will be counted by the number of time-steps.

◆ UnassignToken()

void UnassignToken ( string szUserId )

inline

Disassociates OTP authentication from a user. After this call, the user will only authenticate with username and password.

Parameters

szUserId User name.

Exceptions

DinamoException Throws exception in case of error.

◆ OATHResync()

void OATHResync	(	string	szUser,
		string	szOTP1,
		string	szOTP2
	)

inline

Re-synchronizes an event token, standard OATH, associated with an HSM user. It receives two consecutive OTPs, generated by the token, to synchronize the state of the token in the HSM user.

Parameters

szUser	User name.
szOTP1	First OTP, for synchronization, generated by the token.
szOTP2	Second OTP, for synchronization, generated by the token.

Exceptions

DinamoException Throws exception in case of error.

◆ GetUserAuthMask()

int GetUserAuthMask ( string szUserName )

inline

Retrieves the user's authorization mask.

Parameters

szUserName User name.

Return: User authorization mask.

Exceptions

DinamoException Throws exception in case of error.

◆ ListUserTrusts()

UserTrustInfo[] ListUserTrusts	(	string	user,
		byte	bType
	)

inline

Recover the user's relationships of trust.

Parameters

user	User name.
bType	Operation type: DinamoApi.OP_LST_USR_TRUSTERS to list the users who trust the specified user. DinamoApi.OP_LST_USR_TRUSTEES to list the users that the current user trusts.

Return: User authorization mask.

Exceptions

DinamoException Throws exception in case of error.

◆ ListUsers()

string[] ListUsers ( )

inline

Lists HSM users.

Return: String array containing user names.

Exceptions

DinamoException Throws exception in case of error.

◆ BlockUser()

void BlockUser	(	string	szUserName,
		bool	bBlock
	)

inline

Blocks or unblocks a user.

Parameters

szUserName	User name.
bBlock	true to block and false to unblock.

Exceptions

DinamoException Throws exception in case of error.

◆ SetUserAuthMask()

void SetUserAuthMask	(	string	szUserName,
		int	iACL
	)

inline

Defines a user's authorization mask.

Parameters

szUserName User name.

iACL

The user's authorization mask must be assembled by concatenating the values below:

Value	Meaning
DinamoApi.ACL_NOP	User with ordinary authorizations only.
DinamoApi.ACL_OBJ_CREATE	Permission to create objects. Read permission (DinamoApi.ACL_OBJ_READ) is assigned implicitly.
DinamoApi.ACL_OBJ_DEL	Permission to remove objects. Read permission (DinamoApi.ACL_OBJ_READ) is assigned implicitly.
DinamoApi.ACL_OBJ_READ	Permission to read the contents of objects.
DinamoApi.ACL_OBJ_UPDATE DinamoApi.ACL_OBJ_WRITE	Permission to update object attributes. DinamoApi.ACL_OBJ_UPDATE = DinamoApi.ACL_OBJ_WRITE
DinamoApi.ACL_USR_CREATE DinamoApi.ACL_USR_DELETE	Permission to create and remove users. DinamoApi.ACL_USR_CREATE = DinamoApi.ACL_USR_DELETE
DinamoApi.ACL_USR_REMOTE_LOG	Permission to receive remote log notifications.
DinamoApi.ACL_USR_LIST	Permission to list users.
DinamoApi.ACL_SYS_OPERATOR	Permission to operate as the 'master' user.
DinamoApi.ACL_SYS_BACKUP DinamoApi.ACL_SYS_RESTORE	Permission to create and restore backup copies of HSM data. DinamoApi.ACL_SYS_BACKUP = DinamoApi.ACL_SYS_RESTORE
DinamoApi.ACL_SYS_UDATE_HSM	Permission to update the firmware.

Exceptions

DinamoException Throws exception in case of error.

◆ GetUserInvalidLoginAttempts()

int GetUserInvalidLoginAttempts ( string szUserName )

inline

Recovers the number of invalid login attempts since the last successful authentication.

Parameters

szUserName User name.

Return: Number of invalid login attempts.

Exceptions

DinamoException Throws exception in case of error.

◆ IsUserBlocked()

bool IsUserBlocked ( string szUserName )

inline

Checks if a user is blocked.

Parameters

szUserName User name.

Return: Lock status.

Exceptions

DinamoException Throws exception in case of error.

◆ CreateUser()

void CreateUser	(	string	UserId,
		string	Password
	)

inline

Creates an ordinary user, without system permissions.

Parameters

UserId	User name. It must be unique, made up of alphanumeric characters. Uppercase and lowercase characters are case-sensitive. Maximum size of DinamoApi.MAX_USR_LEN
Password	User password. Uppercase and lowercase characters are case-sensitive. Maximum size of DinamoApi.MAX_USR_PWD

Exceptions

DinamoException Throws exception in case of error.

◆ RemoveUser()

void RemoveUser ( string UserId )

inline

Remove a user.

Parameters

UserId User name.

Exceptions

DinamoException Throws exception in case of error.

Detailed description

Data Structures

Functions

Functions

◆ ChangePasswordUser()

◆ ChangeUserPassword()

◆ AssignEventToken()

◆ AssignTimeToken()

◆ UnassignToken()

◆ OATHResync()

◆ GetUserAuthMask()

◆ ListUserTrusts()

◆ ListUsers()

◆ BlockUser()

◆ SetUserAuthMask()

◆ GetUserInvalidLoginAttempts()

◆ IsUserBlocked()

◆ CreateUser()

◆ RemoveUser()