Detailed description

Administrative management of HSM.

Administrative management of HSM. More...

Functions
TacAccessToken	issueAToken (long lExpiration) throws TacException
	Issues an Access Token for the user's session in the HSM.

void	revokeAToken (TacAccessToken accessToken) throws TacException
	Revoke a user's Access Token session in the HSM.

TacAccessToken[]	listAToken () throws TacException
	Lists the user's Access Tokens in the HSM.

int	getATokenCounter () throws TacException
	Recovers the Access Token counter for the entire HSM.

void	runATokenGC () throws TacException
	Runs the Garbage Collector for HSM session tokens.

HSMStatInfo	getStatInfo () throws TacException
	Retrieves HSM statistics information, such as session, CPU and memory usage figures.

HSMAllInfo	getHSMInfo () throws TacException
	Retrieves HSM status information.

String	getHSMStringInfo () throws TacException
	Retrieves HSM status information.

String	getFirmwareVersion () throws TacException
	Retrieves the HSM firmware version.

String	getModel () throws TacException
	Recover the HSM model.

String	getSerialNumber () throws TacException
	Retrieves the HSM's serial number.

void	backup (String file, String password) throws TacException
	Creates a backup of the objects (keys, certificates, etc.) stored internally in the Dinamo.

void	restoreWithoutNetConfig (String file, String password) throws TacException
	Restores the backup of objects (keys, certificates, etc.) saved internally in the Dinamo.

void	restoreWithNetConfig (String file, String password) throws TacException
	Restores the backup of objects (keys, certificates, etc.) saved internally in the Dinamo.

void	backupData (String file, String password, int direction) throws TacException
	Creates or restores the backup of objects (keys, certificates, etc.) stored internally in the Dinamo.

Functions

◆ issueAToken()

TacAccessToken issueAToken ( long lExpiration ) throws TacException

Issues an Access Token for the user's session in the HSM.

This feature is suitable for granular control of application authentication, where token issuance is managed by the security officer.
The cleaning of expired Access Tokens takes place in 2 stages:
When a user who has expired Access Tokens logs in using Access Tokens. Clearing only the expired Access Tokens themselves.
Using the revokeAToken() function. Clears all expired Access Tok ens from the HSM.

The maximum limit of Access Tokens issued per HSM can be seen in the table below.

Model	Maximum limit
Pocket	1024
XP	1 Million
ST	1 Million

Notes: Access Tokens are kept in a volatile form, and are thus deleted when the HSM is restarted. Despite being volatile, Access Tokens are replicated between HSMs.

This operation is available starting with HSM firmware version 3.17. Implementation of Access Tokens prior to firmware version 3.17 is legacy. Applications using this functionality must update the HSM client to version 3.2.18 or higher, along with the HSM firmware to version 3.17 or higher. There is no compatibility between new and old versions of HSM client and firmware.

Parameters

lExpiration Token expiration. Equivalent to time_t. Measured in seconds from EPOCH(00:00, Jan 1 1970 UTC). Use TacNDJavaLib.DN_A_TOKEN_INFINITE for token without expiration.

Return: AToken for use in openSession.

Exceptions

TacException Launched when an error occurs in the Access Token generation.

◆ revokeAToken()

void revokeAToken ( TacAccessToken accessToken ) throws TacException

Revoke a user's Access Token session in the HSM.

Parameters

accessToken Access Token to be revoked.

Exceptions

TacException Triggered when an error occurs when revoking the Access Token.

◆ listAToken()

TacAccessToken[] listAToken ( ) throws TacException

Lists the user's Access Tokens in the HSM.

Return: List of user ATokens.

Exceptions

TacException Triggered when an error occurs when revoking the Access Token.

◆ getATokenCounter()

int getATokenCounter ( ) throws TacException

Recovers the Access Token counter for the entire HSM.

Return: Total Access tokens for the entire HSM.

Exceptions

TacException Posted in the event of an error.

◆ runATokenGC()

void runATokenGC ( ) throws TacException

Runs the Garbage Collector for HSM session tokens.

This method cleans up any Access Tokens in the HSM that are no longer valid.
The GC must be called periodically by the application to keep the Access Token cache levels under control. The GC's execution schedule should be programmed taking into account the times when the HSM is most heavily loaded.

Exceptions

TacException Posted in the event of an error.

◆ getStatInfo()

HSMStatInfo getStatInfo ( ) throws TacException

Retrieves HSM statistics information, such as session, CPU and memory usage figures.

Return: Statistical information.

Exceptions