Detailed description

HSM user management.

Functions
void	deleteUser (String userId) throws TacException
	Remove a User.

String[]	listUsers () throws TacException
	List HSM users.

boolean	isExistUser (String user) throws TacException
	Check if the user exists in the HSM.

void	createUser (String userId, String userPwd, int authMask) throws TacException
	Create a User.

void	changePassword (String newPassword) throws TacException
	Change the current user's password.

void	setUserBlockStatus (String user, boolean isBlocked) throws TacException
	Sets a user's lock status.

void	blockUser (String user) throws TacException
	Block a user.

void	unblockUser (String user) throws TacException
	Unblocks a user.

boolean	isUserBlocked (String user) throws TacException
	Checks if the user is blocked.

int	getUserInvalidLoginAttempts (String user) throws TacException
	Recovers the number of invalid login attempts by a user.

HSMCounterInfo	getHSMCounterInfo () throws TacException
	Retrieves information from HSM system counters.

int	getUserACL (String user) throws TacException
	Gets the bitmask of the user's authorizations.

void	setUserAuthMask (String user, int authMask) throws TacException
	Defines the bitmask of user authorizations.

void	updateUserObjPermission (String user, boolean create, boolean read, boolean del, boolean update) throws TacException
	Updates the current user's object access authorizations for another user.

void	updateUserSysPermission (String user, boolean create, boolean list, boolean log, boolean backup, boolean firmware) throws TacException
	Updates a user's system authorizations.

void	setUserOperator (String user) throws TacException
	Transforms a user into an operator user.

void	assignUserOATHHotp (String user, byte[] seed) throws TacException
	It associates a HOTP token in the OATH standard with an HSM user for 2-factor authentication.

void	assignUserOATHHotp (String user, byte[] seed, byte truncationOffset, byte type) throws TacException
	It associates a HOTP token in the OATH standard with an HSM user for 2-factor authentication.

void	assignUserOATHTotp (String user, byte[] seed, byte truncationOffset, byte type, int timeStep, long t0) throws TacException
	It associates a TOTP token in the OATH standard with an HSM user for 2-factor authentication.

void	assignUserOATHTotp (String user, byte[] seed) throws TacException
	It associates a TOTP token in the OATH standard with an HSM user for 2-factor authentication.

void	unassignUserOATH (String user, int param) throws TacException
	Disassociates a TOTP token from an HSM user.

void	unassignUserOATH (String user) throws TacException
	Disassociates a TOTP token from an HSM user.

void	resynchUserOATH (String user, String otp1, String otp2, int param) throws TacException
	Resynchronizes an HSM user's HOTP(event) token.

void	resynchUserOATH (String user, String otp1, String otp2) throws TacException
	Resynchronizes an HSM user's HOTP(event) token.

Functions

◆ deleteUser()

void deleteUser ( String userId ) throws TacException

Remove a User.

Parameters

userId User ID

Exceptions

TacException

◆ listUsers()

String[] listUsers ( ) throws TacException

List HSM users.

Return: Array of strings containing the list of users in the HSM.

Exceptions

TacException

◆ isExistUser()

boolean isExistUser ( String user ) throws TacException

Check if the user exists in the HSM.

Return: True if the User exists.

Exceptions

TacException

◆ createUser()

void createUser	(	String	userId,
		String	userPwd,
		int	authMask ) throws TacException

Create a User.

Parameters

userId User ID

userPwd Password of the User to be created

authMask

The User authorization mask must be assembled by concatenating the values below:

Value	Meaning
TacNDJavaLib.ACL_NOP	User with ordinary authorizations only.
TacNDJavaLib.ACL_OBJ_DEL	Permission to remove and read objects.
TacNDJavaLib.ACL_OBJ_READ	Permission to read the contents of objects.
TacNDJavaLib.ACL_OBJ_CREATE	Permission to create and read objects.
TacNDJavaLib.ACL_OBJ_UPDATE TacNDJavaLib.ACL_OBJ_WRITE	Permission to update object attributes. TacNDJavaLib.ACL_OBJ_WRITE = TacNDJavaLib.ACL_OBJ_UPDATE
TacNDJavaLib.ACL_USR_CREATE TacNDJavaLib.ACL_USR_DELETE	Permission to create and remove Users. TacNDJavaLib.ACL_USR_DELETE = TacNDJavaLib.ACL_USR_CREATE
TacNDJavaLib.ACL_USR_REMOTE_INFO	Permission to receive remote log notifications.
TacNDJavaLib.ACL_USR_LIST	Permission to list Users.
TacNDJavaLib.ACL_SYS_OPERATOR	Permission to operate as the 'master' User.
TacNDJavaLib.ACL_SYS_BACKUP TacNDJavaLib.ACL_SYS_RESTORE	Permission to create and restore backup copies of HSM data. TacNDJavaLib.ACL_SYS_RESTORE =
TacNDJavaLib.ACL_SYS_BACKUP TacNDJavaLib.ACL_SYS_UDATE_HSM	Permission to update the firmware.

Exceptions

TacException

◆ changePassword()

void changePassword ( String newPassword ) throws TacException

Change the current user's password.

For security reasons, it is not possible for HSM to Dinamo to change the password for a user other than the one currently logged in.

Parameters

newPassword New password

Exceptions

TacException

◆ setUserBlockStatus()

void setUserBlockStatus	(	String	user,
		boolean	isBlocked ) throws TacException

Sets a user's lock status.

Parameters

user	User name.
isBlocked	true for locked and false for unlocked.

Exceptions

TacException

◆ blockUser()

void blockUser ( String user ) throws TacException

Block a user.

Parameters

user	User name.

Exceptions

TacException

◆ unblockUser()

void unblockUser ( String user ) throws TacException

Unblocks a user.

Parameters

user	User name.

Exceptions

TacException

◆ isUserBlocked()

boolean isUserBlocked ( String user ) throws TacException

Checks if the user is blocked.

Parameters

user	User name.

Exceptions

TacException

Return: The user's lock status.

◆ getUserInvalidLoginAttempts()

int getUserInvalidLoginAttempts ( String user ) throws TacException

Recovers the number of invalid login attempts by a user.

This option is returned when the invalid login attempts password policy is enabled.

Parameters

user	User name.

Exceptions

TacException

Return: The number of invalid login attempts.

◆ getHSMCounterInfo()

HSMCounterInfo get HSMCounterInfo ( ) throws TacException

Retrieves information from HSM system counters.

Exceptions

TacException

Return: HSM system counter information.

◆ getUserACL()

int getUserACL ( String user ) throws TacException

Gets the bitmask of the user's authorizations.

This call obtains system authorizations.

Parameters

user	User name.

Return: The bitmask of user authorizations.

Exceptions

TacException

◆ setUserAuthMask()

void setUserAuthMask	(	String	user,
		int	authMask ) throws TacException

Defines the bitmask of user authorizations.

This call defines system and user authorizations.

Parameters

user	Name of the user who will have their permissions set.
authMask	Permissions bitmask.

Exceptions

TacException

◆ updateUserObjPermission()

void updateUserObjPermission	(	String	user,
		boolean	create,
		boolean	read,
		boolean	del,
		boolean	update ) throws TacException

Updates the current user's object access authorizations for another user.

Parameters

user	Name of the user who will be given permission to access the current user's objects.
create	Releases access to create and read objects.
read	Releases object read access.
del	Unlocks delete and read access to objects.
update	Releases write/alter access to objects.

Exceptions

TacException

◆ updateUserSysPermission()

void updateUserSysPermission	(	String	user,
		boolean	create,
		boolean	list,
		boolean	log,
		boolean	backup,
		boolean	firmware ) throws TacException

Updates a user's system authorizations.

If the user is an operator, they will automatically lose this privilege and become an ordinary user.

Parameters

user	Name of the user who will receive system permissions.
create	Releases user creation/removal access.
list	Release user list access.
log	Unlocks access to retrieve the HSM's remote log.
backup	Releases access to backup/restore the HSM.
firmware	Release access to update the HSM firmware.

Exceptions

TacException

◆ setUserOperator()

void setUserOperator ( String user ) throws TacException

Transforms a user into an operator user.

Parameters

user	Name of the user who will receive the operator permission.

Exceptions

TacException

◆ assignUserOATHHotp() [1/2]

void assignUserOATHHotp	(	String	user,
		byte[]	seed ) throws TacException

It associates a HOTP token in the OATH standard with an HSM user for 2-factor authentication.

Parameters

user	User who will have the associated token.
seed	Seed OATH of the token.

Exceptions

TacException

Notes: As of firmware version 4.0.2, the size of the authentication look-ahead window is set to the default of 10 intervals more or less. In the case of HOTP tokens, the intervals will be counted by the number of events, while in the case of TOTP tokens they will be counted by the number of time-steps.

◆ assignUserOATHHotp() [2/2]

void assignUserOATHHotp	(	String	user,
		byte[]	seed,
		byte	truncationOffset,
		byte	type ) throws TacException

It associates a HOTP token in the OATH standard with an HSM user for 2-factor authentication.

Parameters

user User who will have the associated token.

seed Seed OATH of the token.

truncationOffset

The following amount is supported:

Value	Meaning
TacNDJavaLib.ISSUE_OATH_DYN_TRUNC	Defines the "truncation" algorithm as dynamic.

type

At the moment this value should be as defined in the table.

Value	Meaning
TacNDJavaLib.OATH_SA_v1_type_SHA1	Set the type to SHA1.

Exceptions

TacException

Notes: As of firmware version 4.0.2, the size of the authentication look-ahead window is set to the default of 10 intervals more or less. In the case of HOTP tokens, the intervals will be counted by the number of events, while in the case of TOTP tokens they will be counted by the number of time-steps.

◆ assignUserOATHTotp() [1/2]

void assignUserOATHTotp	(	String	user,
		byte[]	seed,
		byte	truncationOffset,
		byte	type,
		int	timeStep,
		long	t0 ) throws TacException

It associates a TOTP token in the OATH standard with an HSM user for 2-factor authentication.

Parameters

user User who will have the associated token.

seed Seed OATH of the token.

truncationOffset

The following amount is supported:

Value	Meaning
TacNDJavaLib.ISSUE_OATH_DYN_TRUNC	Defines the "truncation" algorithm as dynamic.

type

Value	Meaning
TacNDJavaLib.OATH_SA_v1_type_SHA1	Set the type to SHA1.

timeStep

Time step value in seconds.
In addition to setting the time step in seconds for TOTP blobs, the following values are also supported.

Value	Meaning
TacNDJavaLib.OATH_SA_v2_default_TIME_STEP	Use the default HSM time step value, currently 30 secs.

t0

Initial time value.

Value	Meaning
TacNDJavaLib.OATH_SA_v2_default_T0_Epoch	Use HSM's default value.

Exceptions

TacException

Notes: As of firmware version 4.0.2, the size of the authentication look-ahead window is set to the default of 10 intervals more or less. In the case of HOTP tokens, the intervals will be counted by the number of events, while in the case of TOTP tokens they will be counted by the number of time-steps.

◆ assignUserOATHTotp() [2/2]

void assignUserOATHTotp	(	String	user,
		byte[]	seed ) throws TacException

It associates a TOTP token in the OATH standard with an HSM user for 2-factor authentication.

Parameters

user	User who will have the associated token.
seed	Seed OATH of the token.

Exceptions

TacException

Notes: As of firmware version 4.0.2, the size of the authentication look-ahead window is set to the default of 10 intervals more or less. In the case of HOTP tokens, the intervals will be counted by the number of events, while in the case of TOTP tokens they will be counted by the number of time-steps.

◆ unassignUserOATH() [1/2]

void unassignUserOATH	(	String	user,
		int	param ) throws TacException

Disassociates a TOTP token from an HSM user.

Parameters

user User whose token will be disassociated.

stop

Type of operation to be carried out.

Value	Meaning
TacNDJavaLib.AT_OATH_TOKEN	Token OATH HOTP.
TacNDJavaLib.AT_OATH_TOKEN_TOTP	Token OATH TOTP.

Exceptions

TacException

◆ unassignUserOATH() [2/2]

void unassignUserOATH ( String user ) throws TacException

Disassociates a TOTP token from an HSM user.

Parameters

user	User whose token will be disassociated.

Exceptions

TacException

◆ resynchUserOATH() [1/2]

void resynchUserOATH	(	String	user,
		String	otp1,
		String	otp2,
		int	param ) throws TacException

Resynchronizes an HSM user's HOTP(event) token.

Parameters

user	User to be resynchronized.
otp1	First OTP.
otp2	Second OTP.
stop	Reserved for future use.

Exceptions

TacException

◆ resynchUserOATH() [2/2]

void resynchUserOATH	(	String	user,
		String	otp1,
		String	otp2 ) throws TacException

Resynchronizes an HSM user's HOTP(event) token.

Parameters

user	User to be resynchronized.
otp1	First OTP.
otp2	Second OTP.

Exceptions

TacException