Users

Detailed description

HSM user management.

See the HSM technical documentation.

Functions
void	deleteUser (String userId) throws TacException
	Remove a User.
String[]	listUsers () throws TacException
	List HSM users.
boolean	isExistUser (String user) throws TacException
	Check if the user exists in the HSM.
void	createUser (String userId, String userPwd, int authMask) throws TacException
	Create a User.
void	changePassword (String newPassword) throws TacException
	Change the current user's password.
void	setUserBlockStatus (String user, boolean isBlocked) throws TacException
	Sets a user's lock status.
void	blockUser (String user) throws TacException
	Block a user.
void	unblockUser (String user) throws TacException
	Unblocks a user.
boolean	isUserBlocked (String user) throws TacException
	Checks if the user is blocked.
int	getUserInvalidLoginAttempts (String user) throws TacException
	Recovers the number of invalid login attempts by a user.
HSMCounterInfo	getHSMCounterInfo () throws TacException
	Retrieves information from HSM system counters.
int	getUserACL (String user) throws TacException
	Gets the bitmask of the user's authorizations.
void	setUserAuthMask (String user, int authMask) throws TacException
	Defines the bitmask of user authorizations.
void	updateUserObjPermission (String user, boolean create, boolean read, boolean del, boolean update) throws TacException
	Updates the current user's object access authorizations for another user.
void	updateUserSysPermission (String user, boolean create, boolean list, boolean log, boolean backup, boolean firmware) throws TacException
	Updates a user's system authorizations.
void	setUserOperator (String user) throws TacException
	Transforms a user into an operator user.
void	assignUserOATHHotp (String user, byte[] seed) throws TacException
	It associates a HOTP token in the OATH standard with an HSM user for 2-factor authentication.
void	assignUserOATHHotp (String user, byte[] seed, byte truncationOffset, byte type) throws TacException
	It associates a HOTP token in the OATH standard with an HSM user for 2-factor authentication.
void	assignUserOATHTotp (String user, byte[] seed, byte truncationOffset, byte type, int timeStep, long t0) throws TacException
	It associates a TOTP token in the OATH standard with an HSM user for 2-factor authentication.
void	assignUserOATHTotp (String user, byte[] seed) throws TacException
	It associates a TOTP token in the OATH standard with an HSM user for 2-factor authentication.
void	unassignUserOATH (String user, int param) throws TacException
	Disassociates a TOTP token from an HSM user.
void	unassignUserOATH (String user) throws TacException
	Disassociates a TOTP token from an HSM user.
void	resynchUserOATH (String user, String otp1, String otp2, int param) throws TacException
	Resynchronizes an HSM user's HOTP(event) token.
void	resynchUserOATH (String user, String otp1, String otp2) throws TacException
	Resynchronizes an HSM user's HOTP(event) token.

Functions

deleteUser()

void deleteUser

(

String

userId

)

throws TacException

Remove a User.

Parameters

userId

User ID

Exceptions

TacException

listUsers()

String[] listUsers

(

)

throws TacException

List HSM users.

Return

Array of strings containing the list of users in the HSM.

Exceptions

TacException

isExistUser()

boolean isExistUser

(

String

user

)

throws TacException

Check if the user exists in the HSM.

Return

True if the User exists.

Exceptions

TacException

createUser()

void createUser	(	String	userId,
		String	userPwd,
		int	authMask ) throws TacException

Create a User.

Parameters

userId	User ID
userPwd	Password of the User to be created
authMask	The User authorization mask must be assembled by concatenating the values below: Value Meaning TacNDJavaLib.ACL_NOP User with ordinary authorizations only. TacNDJavaLib.ACL_OBJ_DEL Permission to remove and read objects. TacNDJavaLib.ACL_OBJ_READ Permission to read the contents of objects. TacNDJavaLib.ACL_OBJ_CREATE Permission to create and read objects. TacNDJavaLib.ACL_OBJ_UPDATE TacNDJavaLib.ACL_OBJ_WRITE Permission to update object attributes. TacNDJavaLib.ACL_OBJ_WRITE = TacNDJavaLib.ACL_OBJ_UPDATE TacNDJavaLib.ACL_USR_CREATE TacNDJavaLib.ACL_USR_DELETE Permission to create and remove Users. TacNDJavaLib.ACL_USR_DELETE = TacNDJavaLib.ACL_USR_CREATE TacNDJavaLib.ACL_USR_REMOTE_INFO Permission to receive remote log notifications. TacNDJavaLib.ACL_USR_LIST Permission to list Users. TacNDJavaLib.ACL_SYS_OPERATOR Permission to operate as the User 'master'. TacNDJavaLib.ACL_SYS_BACKUP TacNDJavaLib.ACL_SYS_RESTORE Permission to create and restore backup copies of HSM data. TacNDJavaLib.ACL_SYS_RESTORE = TacNDJavaLib.ACL_SYS_BACKUP TacNDJavaLib.ACL_SYS_UDATE_HSM Permission to update the firmware.

Exceptions

TacException

changePassword()

void changePassword

(

String

newPassword

)

throws TacException

Change the current user's password.

For security reasons, it is not possible for HSM to Dinamo to change the password for a user other than the one currently logged in.

Parameters

newPassword

New password

Exceptions

TacException

setUserBlockStatus()

void setUserBlockStatus	(	String	user,
		boolean	isBlocked ) throws TacException

Sets a user's lock status.

Parameters

user	User name.
isBlocked	true for locked and false for unlocked.

Exceptions

TacException

blockUser()

void blockUser

(

String

user

)

throws TacException

Block a user.

Parameters

user	User name.

Exceptions

TacException

unblockUser()

void unblockUser

(

String

user

)

throws TacException

Unblocks a user.

Parameters

user	User name.

Exceptions

TacException

isUserBlocked()

boolean isUserBlocked

(

String

user

)

throws TacException

Checks if the user is blocked.

Parameters

user	User name.

Exceptions

TacException

Return

The user's lock status.

getUserInvalidLoginAttempts()

int getUserInvalidLoginAttempts

(

String

user

)

throws TacException

Recovers the number of invalid login attempts by a user.

This option is returned when the invalid login attempts password policy is enabled.

Parameters

user	User name.

Exceptions

TacException

Return

The number of invalid login attempts.

getHSMCounterInfo()

HSMCounterInfo getHSMCounterInfo

(

)

throws TacException

Retrieves information from HSM system counters.

Exceptions

TacException

Return

HSM system counter information.

getUserACL()

int getUserACL

(

String

user

)

throws TacException

Gets the bitmask of the user's authorizations.

This call obtains system authorizations.

Parameters

user	User name.

Return

The bitmask of user authorizations.

Exceptions

TacException

setUserAuthMask()

void setUserAuthMask	(	String	user,
		int	authMask ) throws TacException

Defines the bitmask of user authorizations.

This call defines system and user authorizations.

Parameters

user	Name of the user who will have their permissions set.
authMask	Permissions bitmask.

Exceptions

TacException

updateUserObjPermission()

void updateUserObjPermission	(	String	user,
		boolean	create,
		boolean	read,
		boolean	del,
		boolean	update ) throws TacException

Updates the current user's object access authorizations for another user.

Parameters

user	Name of the user who will be given permission to access the current user's objects.
create	Releases access to create and read objects.
read	Releases object read access.
del	Unlocks delete and read access to objects.
update	Releases write/alter access to objects.

Exceptions

TacException

updateUserSysPermission()

void updateUserSysPermission	(	String	user,
		boolean	create,
		boolean	list,
		boolean	log,
		boolean	backup,
		boolean	firmware ) throws TacException

Updates a user's system authorizations.

If the user is an operator, they will automatically lose this privilege and become an ordinary user.

Parameters

user	Name of the user who will receive system permissions.
create	Releases user creation/removal access.
list	Release user list access.
log	Unlocks access to retrieve the HSM's remote log.
backup	Releases access to backup/restore the HSM.
firmware	Release access to update the HSM firmware.

Exceptions

TacException

setUserOperator()

void setUserOperator

(

String

user

)

throws TacException

Transforms a user into an operator user.

Parameters

user	Name of the user who will receive the operator permission.

Exceptions

TacException

assignUserOATHHotp() [1/2]

void assignUserOATHHotp	(	String	user,
		byte[]	seed ) throws TacException

It associates a HOTP token in the OATH standard with an HSM user for 2-factor authentication.

Parameters

user	User who will have the associated token.
seed	Seed OATH of the token.

Exceptions

TacException

Notes

As of firmware version 4.0.2, the size of the authentication look-ahead window is set to the default of 10 intervals more or less. In the case of HOTP tokens, the intervals will be counted by the number of events, while in the case of TOTP tokens they will be counted by the number of time-steps.

assignUserOATHHotp() [2/2]

void assignUserOATHHotp	(	String	user,
		byte[]	seed,
		byte	truncationOffset,
		byte	type ) throws TacException

It associates a HOTP token in the OATH standard with an HSM user for 2-factor authentication.

Parameters

user	User who will have the associated token.
seed	Seed OATH of the token.
truncationOffset	The following amount is supported: Value Meaning TacNDJavaLib.ISSUE_OATH_DYN_TRUNC Defines the "truncation" algorithm as dynamic.
type	At the moment this value should be as defined in the table. Value Meaning TacNDJavaLib.OATH_SA_v1_type_SHA1 Set the type to SHA1.

Exceptions

TacException

Notes

As of firmware version 4.0.2, the size of the authentication look-ahead window is set to the default of 10 intervals more or less. In the case of HOTP tokens, the intervals will be counted by the number of events, while in the case of TOTP tokens they will be counted by the number of time-steps.

assignUserOATHTotp() [1/2]

void assignUserOATHTotp	(	String	user,
		byte[]	seed,
		byte	truncationOffset,
		byte	type,
		int	timeStep,
		long	t0 ) throws TacException

It associates a TOTP token in the OATH standard with an HSM user for 2-factor authentication.

Parameters

user	User who will have the associated token.
seed	Seed OATH of the token.
truncationOffset	The following amount is supported: Value Meaning TacNDJavaLib.ISSUE_OATH_DYN_TRUNC Defines the "truncation" algorithm as dynamic.
type	Value Meaning TacNDJavaLib.OATH_SA_v1_type_SHA1 Set the type to SHA1.
timeStep	Time step value in seconds. In addition to setting the time step in seconds for TOTP blobs, the following values are also supported. Value Meaning TacNDJavaLib.OATH_SA_v2_default_TIME_STEP Use the default HSM time step value, currently 30 secs.
t0	Initial time value. Value Meaning TacNDJavaLib.OATH_SA_v2_default_T0_Epoch Use HSM's default value.

Exceptions

TacException

Notes

As of firmware version 4.0.2, the size of the authentication look-ahead window is set to the default of 10 intervals more or less. In the case of HOTP tokens, the intervals will be counted by the number of events, while in the case of TOTP tokens they will be counted by the number of time-steps.

assignUserOATHTotp() [2/2]

void assignUserOATHTotp	(	String	user,
		byte[]	seed ) throws TacException

It associates a TOTP token in the OATH standard with an HSM user for 2-factor authentication.

Parameters

user	User who will have the associated token.
seed	Seed OATH of the token.

Exceptions

TacException

Notes

As of firmware version 4.0.2, the size of the authentication look-ahead window is set to the default of 10 intervals more or less. In the case of HOTP tokens, the intervals will be counted by the number of events, while in the case of TOTP tokens they will be counted by the number of time-steps.

unassignUserOATH() [1/2]

void unassignUserOATH	(	String	user,
		int	param ) throws TacException

Disassociates a TOTP token from an HSM user.

Parameters

user	User whose token will be disassociated.
param	Type of operation to be carried out. Value Meaning TacNDJavaLib.AT_OATH_TOKEN Token OATH HOTP. TacNDJavaLib.AT_OATH_TOKEN_TOTP Token OATH TOTP.

Exceptions

TacException

unassignUserOATH() [2/2]

void unassignUserOATH

(

String

user

)

throws TacException

Disassociates a TOTP token from an HSM user.

Parameters

user	User whose token will be disassociated.

Exceptions

TacException

resynchUserOATH() [1/2]

void resynchUserOATH	(	String	user,
		String	otp1,
		String	otp2,
		int	param ) throws TacException

Resynchronizes an HSM user's HOTP(event) token.

Parameters

user	User to be resynchronized.
otp1	First OTP.
otp2	Second OTP.
param	Reserved for future use.

Exceptions

TacException

resynchUserOATH() [2/2]

void resynchUserOATH	(	String	user,
		String	otp1,
		String	otp2 ) throws TacException

Resynchronizes an HSM user's HOTP(event) token.

Parameters

user	User to be resynchronized.
otp1	First OTP.
otp2	Second OTP.

Exceptions

TacException