Java API
HSM Dinamo
|
Operations destined for the Pix of the SPI (Instant Payment System).
The Pix module APIs are designed to use Pix's HTTP request signing, verification, sending and receiving functionalities.
The HSM does not make direct access to the Pix/DICT servers, but is positioned on the network for use by the PSP's internal servers.
The Pix signature and verification APIs are based on the ISO 20.022 standard, and the DICT APIs follow the XMLDSig format, both defined by SPI in the document "Annex IV - Security Manual".
The API functions for use with Pix and DICT signing require the internal storage in the HSM of the digital certificates for digital signing and the complete chain of trust of the certificates for verification.
To write a digital certificate (or file) to the HSM, use the remote management console or the DWriteFile() API.
The digital certificate for signing must be encoded in ASN1 DER binary format and also follow the X.509 standard. The file containing the chain of trust for verifying the digital signature must be encoded in PKCS#7 format (Public Key Cryptography Standard #7 - Cryptographic Message Syntax Standard).
The JWS Pix signing and validation functions follow RFC 7515 and the SPI documentation.
The Pix HTTP request APIs provide secure HTTP communication with Pix or DICT servers, using the keys and certificates protected by the HSM.
The Pix standard secure communication functions that follow the definitions described in the following documents: "Annex IV - Security Manual", "Technical and business specifications of the Brazilian instant payment ecosystem" and "Annex III - Communication Interfaces Manual" defined in the SPI.
Operation
The secure connection is made between the PSP server and the Pix/DICT server, the HSM is only used to use PSP objects and private keys.
Access to the HSM only occurs during the TLS handshake. After the tunnel is closed, communication is only maintained between the PSP server and the Pix/DICT server.
An HTTP connection is associated with the HSM session handle that was used to open the HTTP session. This makes it possible to maintain the association and access to the connection objects (private key, certificate and certificate chain) within the HSM.
For example: suppose a POST operation is performed, the HTTP session is kept open within the HSM session handle. When the HSM session is closed (without disabling the session cache), the session is stored in the session cache along with the HTTP session. If a new session is requested, the cached session will be returned. When reusing the HSM session handle for a GET operation, the HTTP session is reused because it was stored in the HSM session handle.
Functions | |
byte[] | signPIX (String strKeyId, String strCertId, int nFlags, byte[] baUnsignedPIXEnvelope) throws TacException |
Digitally signs an XML in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System). | |
byte[] | signPIX (String strKeyId, String strCertId, byte[] baUnsignedPIXEnvelope) throws TacException |
Digitally signs an XML in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System). | |
byte[] | signPIXDict (String strKeyId, String strCertId, int nFlags, byte[] baUnsignedDictEnvelope) throws TacException |
Digitally signs an XML in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System). | |
byte[] | signPIXDict (String strKeyId, String strCertId, byte[] baUnsignedDictEnvelope) throws TacException |
Digitally signs an XML in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System). | |
boolean | verifyPIX (String strChainId, String strCRLId, int nFlags, byte[] baSignedPIXEnvelope) throws TacException |
Checks the signature of a digitally signed XML document in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System). | |
boolean | verifyPIX (String strChainId, String strCRLId, byte[] baSignedPIXEnvelope) throws TacException |
Checks the signature of a digitally signed XML document in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System). | |
boolean | verifyPIXDict (String strChainId, String strCRLId, int nFlags, byte[] baSignedDictEnvelope) throws TacException |
Checks the signature of a digitally signed XML document in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System). | |
boolean | verifyPIXDict (String strChainId, String strCRLId, byte[] baSignedDictEnvelope) throws TacException |
Checks the signature of a digitally signed XML document in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System). | |
byte[] | signPIXJWS (String strKeyId, byte[] baHeader, byte[] baPayload) throws TacException |
It makes a JWS RFC 7515 signature following the PIX standard defined in the SPI (Instant Payment System). | |
String | signPIXJWS (String strKeyId, String strHeader, String strPayload) throws TacException |
It makes a JWS RFC 7515 signature following the PIX standard defined in the SPI (Instant Payment System). | |
JwsComponents | checkPIXJWS (String strChainId, String strCRLId, byte[] baJWS, int nFlags) throws TacException |
Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System). | |
JwsComponents | checkPIXJWS (String strChainId, String strCRLId, String strJWS, int nFlags) throws TacException |
Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System). | |
boolean | checkPIXJWS (String strChainId, String strCRLId, byte[] baJWS) throws TacException |
Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System). | |
boolean | checkPIXJWS (String strChainId, String strCRLId, String strJWS) throws TacException |
Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System). | |
PIXResponse | postPIX (String strKeyId, String strCertId, String strPIXCertChainId, String strURL, String[] straRequestHeaderList, byte[] baRequestData, int nTimeOut, boolean bUseGzip, boolean bVerifyHostName) throws TacException |
It makes a secure HTTP POST request following the PIX standard defined in SPI (Instant Payment System). | |
PIXResponse | postPIX (String strKeyId, String strCertId, String strPIXCertChainId, String strURL, String[] straRequestHeaderList, byte[] baRequestData, int nTimeOut, int nParam) throws TacException |
It makes a secure HTTP POST request following the PIX standard defined in SPI (Instant Payment System). | |
PIXResponse | putPIX (String strKeyId, String strCertId, String strPIXCertChainId, String strURL, String[] straRequestHeaderList, byte[] baRequestData, int nTimeOut, boolean bUseGzip, boolean bVerifyHostName) throws TacException |
It makes a secure HTTP PUT request following the PIX standard defined in the SPI (Instant Payment System). | |
PIXResponse | putPIX (String strKeyId, String strCertId, String strPIXCertChainId, String strURL, String[] straRequestHeaderList, byte[] baRequestData, int nTimeOut, int nParam) throws TacException |
It makes a secure HTTP PUT request following the PIX standard defined in the SPI (Instant Payment System). | |
PIXResponse | getPIX (String strKeyId, String strCertId, String strPIXCertChainId, String strURL, String[] straRequestHeaderList, int nTimeOut, boolean bUseGzip, boolean bVerifyHostName) throws TacException |
It makes a secure HTTP GET request following the PIX standard defined in the SPI (Instant Payment System). | |
PIXResponse | getPIX (String strKeyId, String strCertId, String strPIXCertChainId, String strURL, String[] straRequestHeaderList, int nTimeOut, int nParam) throws TacException |
It makes a secure HTTP GET request following the PIX standard defined in the SPI (Instant Payment System). | |
PIXResponse | deletePIX (String strKeyId, String strCertId, String strPIXCertChainId, String strURL, String[] straRequestHeaderList, int nTimeOut, boolean bUseGzip, boolean bVerifyHostName) throws TacException |
It makes a secure HTTP DELETE request following the PIX standard defined in SPI (Instant Payment System). | |
PIXResponse | deletePIX (String strKeyId, String strCertId, String strPIXCertChainId, String strURL, String[] straRequestHeaderList, int nTimeOut, int nParam) throws TacException |
It makes a secure HTTP DELETE request following the PIX standard defined in SPI (Instant Payment System). | |
PIXHTTPReqDetails | getPIXHTTPReqDetails () throws TacException |
Retrieves the details of the last PIX HTTP request (POST, GET...) made in this session. | |
long | getPIXHTTPReqCode () throws TacException |
Retrieves the return code of the last PIX HTTP request (POST, GET...) made in this session. | |
byte[] signPIX | ( | String | strKeyId, |
String | strCertId, | ||
int | nFlags, | ||
byte[] | baUnsignedPIXEnvelope ) throws TacException |
Digitally signs an XML in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System).
strKeyId | Name of the private key used for signing. Corresponding to a CPIA certificate. | ||||
strCertId | Name of the digital certificate used for signing. Digital certificate of the PSP registered with SPI for signing, also known as CPIA or CERTPIA. | ||||
nFlags | Subscription options. Pass 0. If you need any additional options, the following values are accepted.
| ||||
baUnsignedPIXEnvelope | XML to be signed. |
TacException | Throws exception in case of signature errors |
byte[] signPIX | ( | String | strKeyId, |
String | strCertId, | ||
byte[] | baUnsignedPIXEnvelope ) throws TacException |
Digitally signs an XML in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System).
strKeyId | Name of the private key used for signing. Corresponding to a CPIA certificate. |
strCertId | Name of the digital certificate used for signing. Digital certificate of the PSP registered with SPI for signing, also known as CPIA or CERTPIA. |
baUnsignedPIXEnvelope | XML to be signed. |
TacException | Throws exception in case of signature errors |
byte[] signPIXDict | ( | String | strKeyId, |
String | strCertId, | ||
int | nFlags, | ||
byte[] | baUnsignedDictEnvelope ) throws TacException |
Digitally signs an XML in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System).
strKeyId | Name of the private key used for signing. Corresponding to a CPIA certificate. |
strCertId | Name of the digital certificate used for signing. Digital certificate of the PSP registered with SPI for signing, also known as CPIA or CERTPIA. |
nFlags | Reserved for future use (must be 0). |
baUnsignedDictEnvelope | XML to be signed. |
TacException | Throws exception in case of signature errors |
byte[] signPIXDict | ( | String | strKeyId, |
String | strCertId, | ||
byte[] | baUnsignedDictEnvelope ) throws TacException |
Digitally signs an XML in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System).
strKeyId | Name of the private key used for signing. Corresponding to a CPIA certificate. |
strCertId | Name of the digital certificate used for signing. Digital certificate of the PSP registered with SPI for signing, also known as CPIA or CERTPIA. |
baUnsignedDictEnvelope | XML to be signed. |
TacException | Throws exception in case of signature errors |
boolean verifyPIX | ( | String | strChainId, |
String | strCRLId, | ||
int | nFlags, | ||
byte[] | baSignedPIXEnvelope ) throws TacException |
Checks the signature of a digitally signed XML document in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System).
strChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the actual certificate used in the signature. This formatting is necessary because the Pix XML message does not contain the certificate used in the signature. Optionally, only the X.509 certificate used for signing can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
strCRLId | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
nFlags | Reserved for future use (must be 0). |
baSignedPIXEnvelope | Signed XML. |
TacException |
boolean verifyPIX | ( | String | strChainId, |
String | strCRLId, | ||
byte[] | baSignedPIXEnvelope ) throws TacException |
Checks the signature of a digitally signed XML document in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System).
strChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the actual certificate used in the signature. This formatting is necessary because the Pix XML message does not contain the certificate used in the signature. Optionally, only the X.509 certificate used for signing can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
strCRLId | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
baSignedPIXEnvelope | Signed XML. |
TacException |
boolean verifyPIXDict | ( | String | strChainId, |
String | strCRLId, | ||
int | nFlags, | ||
byte[] | baSignedDictEnvelope ) throws TacException |
Checks the signature of a digitally signed XML document in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System).
strChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the actual certificate used in the signature. This formatting is necessary because the Pix XML message does not contain the certificate used in the signature. Optionally, only the X.509 certificate used for signing can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
strCRLId | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
nFlags | Reserved for future use (must be 0). |
baSignedDictEnvelope | Signed XML. |
TacException |
boolean verifyPIXDict | ( | String | strChainId, |
String | strCRLId, | ||
byte[] | baSignedDictEnvelope ) throws TacException |
Checks the signature of a digitally signed XML document in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System).
strChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the actual certificate used in the signature. This formatting is necessary because the Pix XML message does not contain the certificate used in the signature. Optionally, only the X.509 certificate used for signing can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
strCRLId | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
baSignedDictEnvelope | Signed XML. |
TacException |
byte[] signPIXJWS | ( | String | strKeyId, |
byte[] | baHeader, | ||
byte[] | baPayload ) throws TacException |
It makes a JWS RFC 7515 signature following the PIX standard defined in the SPI (Instant Payment System).
strKeyId | Name of the private key used for signing. As defined in the PIX security manual | ||||||||||||||||||||
baHeader | JWS header for signature. At least the header parameter alg must be informed. Accepted values for alg.
| ||||||||||||||||||||
baPayload | JWS payload for subscription. |
TacException | Throws exception in case of signature errors |
String signPIXJWS | ( | String | strKeyId, |
String | strHeader, | ||
String | strPayload ) throws TacException |
It makes a JWS RFC 7515 signature following the PIX standard defined in the SPI (Instant Payment System).
strKeyId | Name of the private key used for signing. As defined in the PIX security manual | ||||||||||||||||||||
strHeader | JWS header for signature. At least the header parameter alg must be informed. Accepted values for alg.
| ||||||||||||||||||||
strPayload | JWS payload for subscription. |
TacException | Throws exception in case of signature errors |
JwsComponents checkPIXJWS | ( | String | strChainId, |
String | strCRLId, | ||
byte[] | baJWS, | ||
int | nFlags ) throws TacException |
Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System).
strChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the actual certificate used in the signature. This formatting is necessary because the Pix XML message does not contain the certificate used in the signature. Optionally, only the X.509 certificate used for signing can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
strCRLId | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
baJWS | JWS signed. |
nFlags | Check options. It should be 0. |
TacException |
JwsComponents checkPIXJWS | ( | String | strChainId, |
String | strCRLId, | ||
String | strJWS, | ||
int | nFlags ) throws TacException |
Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System).
strChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the actual certificate used in the signature. This formatting is necessary because the Pix XML message does not contain the certificate used in the signature. Optionally, only the X.509 certificate used for signing can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
strCRLId | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
strJWS | JWS signed. |
nFlags | Check options. It should be 0. |
TacException |
boolean checkPIXJWS | ( | String | strChainId, |
String | strCRLId, | ||
byte[] | baJWS ) throws TacException |
Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System).
strChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the actual certificate used in the signature. This formatting is necessary because the Pix XML message does not contain the certificate used in the signature. Optionally, only the X.509 certificate used for signing can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
strCRLId | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
baJWS | JWS signed. |
TacException |
boolean checkPIXJWS | ( | String | strChainId, |
String | strCRLId, | ||
String | strJWS ) throws TacException |
Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System).
strChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the actual certificate used in the signature. This formatting is necessary because the Pix XML message does not contain the certificate used in the signature. Optionally, only the X.509 certificate used for signing can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
strCRLId | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
strJWS | JWS signed. |
TacException |
PIXResponse postPIX | ( | String | strKeyId, |
String | strCertId, | ||
String | strPIXCertChainId, | ||
String | strURL, | ||
String[] | straRequestHeaderList, | ||
byte[] | baRequestData, | ||
int | nTimeOut, | ||
boolean | bUseGzip, | ||
boolean | bVerifyHostName ) throws TacException |
It makes a secure HTTP POST request following the PIX standard defined in SPI (Instant Payment System).
Uses the basic initial HTTP header.
strKeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. |
strCertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. |
strPIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several strings. |
strURL | URL of the PIX server (ICOM or DICT). |
straRequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept: ).To include a header without content, use ; instead of : (Ex. Accept; ).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent and Content-Length. |
baRequestData | Data sent in the request. |
nTimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. |
bUseGzip | Automatically gzips the request data. Automatically includes the necessary headers (Content-Encoding and Accept-Encoding). |
bVerifyHostName | Checks certificate with host name. |
TacException | Throws exception in case of signature errors |
PIXResponse postPIX | ( | String | strKeyId, |
String | strCertId, | ||
String | strPIXCertChainId, | ||
String | strURL, | ||
String[] | straRequestHeaderList, | ||
byte[] | baRequestData, | ||
int | nTimeOut, | ||
int | nParam ) throws TacException |
It makes a secure HTTP POST request following the PIX standard defined in SPI (Instant Payment System).
strKeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. | ||||||||||
strCertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. | ||||||||||
strPIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several strings. | ||||||||||
strURL | URL of the PIX server (ICOM or DICT). | ||||||||||
straRequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept: ).To include a header without content, use ; instead of : (Ex. Accept; ).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent, Accept, Accept-Encoding, Content-Type, Expect and Content-Length. | ||||||||||
baRequestData | Data sent in the request. | ||||||||||
nTimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. | ||||||||||
nParam |
|
TacException | Throws exception in case of signature errors |
PIXResponse putPIX | ( | String | strKeyId, |
String | strCertId, | ||
String | strPIXCertChainId, | ||
String | strURL, | ||
String[] | straRequestHeaderList, | ||
byte[] | baRequestData, | ||
int | nTimeOut, | ||
boolean | bUseGzip, | ||
boolean | bVerifyHostName ) throws TacException |
It makes a secure HTTP PUT request following the PIX standard defined in the SPI (Instant Payment System).
Uses the basic initial HTTP header.
strKeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. |
strCertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. |
strPIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several strings. |
strURL | URL of the PIX server (ICOM or DICT). |
straRequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept: ).To include a header without content, use ; instead of : (Ex. Accept; ).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent and Content-Length. |
baRequestData | Data sent in the request. |
nTimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. |
bUseGzip | Automatically gzips the request data. Automatically includes the necessary headers (Content-Encoding and Accept-Encoding). |
bVerifyHostName | Checks certificate with host name. |
TacException | Throws exception in case of signature errors |
PIXResponse putPIX | ( | String | strKeyId, |
String | strCertId, | ||
String | strPIXCertChainId, | ||
String | strURL, | ||
String[] | straRequestHeaderList, | ||
byte[] | baRequestData, | ||
int | nTimeOut, | ||
int | nParam ) throws TacException |
It makes a secure HTTP PUT request following the PIX standard defined in the SPI (Instant Payment System).
strKeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. | ||||||||||
strCertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. | ||||||||||
strPIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several strings. | ||||||||||
strURL | URL of the PIX server (ICOM or DICT). | ||||||||||
straRequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept: ).To include a header without content, use ; instead of : (Ex. Accept; ).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent, Accept, Accept-Encoding, Expect and Content-Length. | ||||||||||
baRequestData | Data sent in the request. | ||||||||||
nTimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. | ||||||||||
nParam |
|
TacException | Throws exception in case of signature errors |
PIXResponse getPIX | ( | String | strKeyId, |
String | strCertId, | ||
String | strPIXCertChainId, | ||
String | strURL, | ||
String[] | straRequestHeaderList, | ||
int | nTimeOut, | ||
boolean | bUseGzip, | ||
boolean | bVerifyHostName ) throws TacException |
It makes a secure HTTP GET request following the PIX standard defined in the SPI (Instant Payment System).
Uses the basic initial HTTP header.
strKeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. |
strCertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. |
strPIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several strings. |
strURL | URL of the PIX server (ICOM or DICT). |
straRequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept: ).To include a header without content, use ; instead of : (Ex. Accept; ).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent, Accept, Accept-Encoding. |
nTimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. |
bUseGzip | Includes the Accept-Encoding: gzip header if basic header is enabled. |
bVerifyHostName | Checks certificate with host name. |
TacException | Throws exception in case of signature errors |
PIXResponse getPIX | ( | String | strKeyId, |
String | strCertId, | ||
String | strPIXCertChainId, | ||
String | strURL, | ||
String[] | straRequestHeaderList, | ||
int | nTimeOut, | ||
int | nParam ) throws TacException |
It makes a secure HTTP GET request following the PIX standard defined in the SPI (Instant Payment System).
strKeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. | ||||||||||
strCertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. | ||||||||||
strPIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several strings. | ||||||||||
strURL | URL of the PIX server (ICOM or DICT). | ||||||||||
straRequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept: ).To include a header without content, use ; instead of : (Ex. Accept; ).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent, Accept, Accept-Encoding. | ||||||||||
nTimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. | ||||||||||
nParam |
|
TacException | Throws exception in case of signature errors |
PIXResponse deletePIX | ( | String | strKeyId, |
String | strCertId, | ||
String | strPIXCertChainId, | ||
String | strURL, | ||
String[] | straRequestHeaderList, | ||
int | nTimeOut, | ||
boolean | bUseGzip, | ||
boolean | bVerifyHostName ) throws TacException |
It makes a secure HTTP DELETE request following the PIX standard defined in SPI (Instant Payment System).
Uses the basic initial HTTP header.
strKeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. |
strCertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. |
strPIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several strings. |
strURL | URL of the PIX server (ICOM or DICT). |
straRequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept: ).To include a header without content, use ; instead of : (Ex. Accept; ).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The default initial header includes Host and User-Agent. |
nTimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. |
bUseGzip | Includes the Accept-Encoding: gzip header if basic header is enabled. |
bVerifyHostName | Checks certificate with host name. |
TacException | Throws exception in case of signature errors |
PIXResponse deletePIX | ( | String | strKeyId, |
String | strCertId, | ||
String | strPIXCertChainId, | ||
String | strURL, | ||
String[] | straRequestHeaderList, | ||
int | nTimeOut, | ||
int | nParam ) throws TacException |
It makes a secure HTTP DELETE request following the PIX standard defined in SPI (Instant Payment System).
strKeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. | ||||||||||
strCertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. | ||||||||||
strPIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several strings. | ||||||||||
strURL | URL of the PIX server (ICOM or DICT). | ||||||||||
straRequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept: ).To include a header without content, use ; instead of : (Ex. Accept; ).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent, Accept, Accept-Encoding. | ||||||||||
nTimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. | ||||||||||
nParam |
|
TacException | Throws exception in case of signature errors |
PIXHTTPReqDetails getPIXHTTPReqDetails | ( | ) | throws TacException |
Retrieves the details of the last PIX HTTP request (POST, GET...) made in this session.
This operation must be called immediately after calling the PIX request API. It must be called using the same session. Do not perform other operations between these calls.
TacException | Throws exception in case of signature errors |
long getPIXHTTPReqCode | ( | ) | throws TacException |
Retrieves the return code of the last PIX HTTP request (POST, GET...) made in this session.
This operation must be called immediately after calling the PIX request API. It must be called using the same session. Do not perform other operations between these calls.
TacException | Throws exception in case of error |