HSM Management.
See the HSM technical documentation.
◆ issueAToken()
Issues an Access Token for the user's session in the HSM.
This feature is suitable for granular control of application authentication, where token issuance is managed by the security officer.
The cleaning of expired Access Tokens takes place in 2 stages:
When a user who has expired Access Tokens logs in using Access Tokens. Clearing only the expired Access Tokens themselves.
Using the revokeAToken() function. Clears all expired Access Tok ens from the HSM.
The maximum limit of Access Tokens issued per HSM can be seen in the table below.
| Model | Maximum limit |
| Pocket | 1024 |
| XP | 1 Million |
| ST | 1 Million |
Notes: Access Tokens are kept in a volatile form, and are thus deleted when the HSM is restarted. Despite being volatile, Access Tokens are replicated between HSMs.
This operation is available starting with HSM firmware version 3.17. Implementation of Access Tokens prior to firmware version 3.17 is legacy. Applications using this functionality must update the HSM client to version 3.2.18 or higher, along with the HSM firmware to version 3.17 or higher. There is no compatibility between new and old versions of HSM client and firmware.
- Parameters
-
| lExpiration | Token expiration. Equivalent to time_t. Measured in seconds from EPOCH(00:00, Jan 1 1970 UTC). Use TacNDJavaLib.DN_A_TOKEN_INFINITE for token without expiration. |
- Return
- AToken for use in openSession.
- Exceptions
-
| TacException | Launched when an error occurs in the Access Token generation. |
◆ revokeAToken()
Revoke a user's Access Token session in the HSM.
- Parameters
-
| accessToken | Access Token to be revoked. |
- Exceptions
-
| TacException | Triggered when an error occurs when revoking the Access Token. |
◆ listAToken()
Lists the user's Access Tokens in the HSM.
- Return
- List of user ATokens.
- Exceptions
-
| TacException | Triggered when an error occurs when revoking the Access Token. |
◆ getATokenCounter()
Recovers the Access Token counter for the entire HSM.
- Return
- Total Access tokens for the entire HSM.
- Exceptions
-
| TacException | Posted in the event of an error. |
◆ runATokenGC()
Runs the Garbage Collector for HSM session tokens.
This method cleans up any Access Tokens in the HSM that are no longer valid.
The GC must be called periodically by the application to keep the Access Token cache levels under control. The GC's execution schedule should be programmed taking into account the times when the HSM is most heavily loaded.
- Exceptions
-
| TacException | Posted in the event of an error. |
◆ getStatInfo()
Retrieves HSM statistics information, such as session, CPU and memory usage figures.
- Return
- Statistical information.
- Exceptions
-
| TacException | Posted when an error occurs when retrieving information. |
◆ getHSMInfo()
Retrieves HSM status information.
- Return
- Statistical information.
- Exceptions
-
| TacException | Posted when an error occurs when retrieving information. |
◆ getHSMStringInfo()
Retrieves HSM status information.
- Return
- Information on the state of HSM.
- Exceptions
-
| TacException | Posted when an error occurs when retrieving information. |
◆ getFirmwareVersion()
Retrieves the HSM firmware version.
- Return
- HSM firmware version or null if this information is not available.
- Exceptions
-
| TacException | Posted when an error occurs when retrieving information. |
◆ getModel()
Recover the HSM model.
- Return
- HSM model or null if this information is not available.
- Exceptions
-
| TacException | Posted when an error occurs when retrieving information. |
◆ getSerialNumber()
Retrieves the HSM's serial number.
- Return
- HSM serial number or null if there is no such information.
- Exceptions
-
| TacException | Posted when an error occurs when retrieving information. |
