REST API
4.0.0
REST API for SafeNet Network HSMs
|
The indirect login capability of SafeNet Network HSM is a powerful feature used to provision PED-based HSMs. The following steps describe how to achieve indirect login with the REST API. For the purposes of the instructions, "adminHSMid" is the holder of the private key used for indirect login and "serviceHSMid" is the HSM to be provisioned as a service.
1. Log into partition on adminHSMid as the crypto officer ("co"). 2. GET /api/lunasa/hsms/{adminHSMid}/partitions/{partitionid}/indirect/key OUTPUT: BODY: "exponent": "AQAB", "modulus": "tGHiZBb/Ou+VVutU/I9XZhvF410zw307r+GjxuuTKO2e2g/p23EdiJK1ghF2ORGc5qpWBOr0w4V7KarxW/f1ERwLpdF8TEdqcu22qLKIcVKYNC1gV+LxR2EBtaUfsWLOktYQ62m9XF1esmMYoMXTA1CsXhNrXYDFbwZT/FPV+Lrod3ZMMrlxyKMxKrdP7fDYam0xOZ+wNKtCLW+Ec1R5gtqYip2Wtqx//ZdUATDbKMhGQ6moXhqloRE6qLk76k24ZCi/02LChlIneNXFqaJBtJkEoVFliv7kbwheaWc7hyKE81Ooy3BBbyPWL4ZDtD1fwu/YWkP5gW+H4ffB56UrEw==" 3. Log into serviceHSMid as Security Officer ("so") 4. POST /api/lunasa/hsms/{serviceHSMid}/indirect/key {"exponent":"<as above>","modulus":"<as above>"} OUTPUT: HDR: location: /api/lunasa/hsms/{serviceHSMid}/indirect/challenges 5. Log out of serviceHSMid
1. GET /api/lunasa/hsms/{adminHSMid}/certificate OUTPUT: BODY: "certificate": "AwAAADCCBAswggHzoAMCAQICAQAwDQYJKoZIhvcNAQEMBQAwJjEkMCIGA1UEAxMbSGFyZHdhcmUgT3JpZ2luIENlcnRpZmljYXRlMB4XDTEwMDgxMTAwMDAwMFoXDTE5MTIzMTAwMDAwMFowJTEjMCEGA1UEAxMaVG9rZW5XcmFwcGluZ0NlcnRpZmljYXRlVjMwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCoDtFWVHOTfNMCy1bPw5TS4JbziN83JSdEv3TcpN0CVOKdhqyfyYWYGTtilcqMA/yh70b1RMaFiWwn7gVQcFh3iG9B5Sm3MS44MSvvf90KeRVV3wcgMpsgik8jhSWJi3M4TqtauGXBjL6hGDNvFVT2nDkRWTZfve45DIGMSwxZZYl5lCNC6iZysILghaIbLmSCGN+04QlrFU5jDk+DIhIlC6gBVBF2xu2hJy7oYjvZUe9DN/mX4XoBk+uIFw65PMLkQS3TizTKnIv99GWCStoieOHndeVoeTxDER4rm7kUt5NYlxp/YK0WmG1vx2nQY+gxj/I6G3/71v0Njz4AlgpjAgEDo0cwRTAXBgNVHSUBAf8EDTALBgkrBgEEAeBfAQYwFAYJKwYBBAHgXwIBAQEABAThTAIAMBQGCSsGAQQB4F8CAgEBAAQEAQAAADANBgkqhkiG9w0BAQwFAAOCAgEARS08qBAKKCprb5zUgXCBN+JBSbmltGUOCw+plQTjSCrt8XfZ1rH5drN9n/Q2FE2uA94Lg3B579ylClTtzh51QrlVUIHAaJqz6Kp9lahJia7SV+B3OlGho2V4wrUWVwox+f/DWyPZTlfxPwl3q6rJk1en8UolhHTzsAQXsDYBtT4oD+0IcEv2PGgWPACMzchgPW8fuXop2whFq7PO4cjySdMENak82IQ1QkNTl1cMKSoGgpM4On54kSXSOaAUJpt7C0KUrq5tXBlAE0J//WJxYdDEpUwUIswmIxZn+FAlYaVrgDzTawTBh8jdn22DdEL/Z5klySmBzJ75dqnN291vMK0DH82CUUqwt6X8o9XT8/HXkrlI0bSkPbzwanqorYbyYi2FMs4O3cr+khoB0LYdSorqUtxv3FYh9tVlI5LwyeEkDBY6oEe/Ma4eLgStA6XbVTQ6pts4fEc+XetRvS9XN49RlwJlUq4KeQMrIh1sADAtckp/vmlvstghaV13fbBM3qxjDGN95q2GMR+lSzzMFoixP9hI1lslBM0tWYbycWlpGLymxUdIHI3YwLm7BPV7vedguEgerroT+h1TH9QOZ4WcKgjdy/bZWqmdEp/GSedTKw+N27WIxL/iBHOEIHLQkqWRjVQ/AMdwwgq2M5ePk1ecbY0jV4sdapavD39LM+AwggVDMIIDK6ADAgECAgcBOKcAAkzhMA0GCSqGSIb3DQEBDAUAMIGCMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xDzANBgNVBAcTBk90dGF3YTEUMBIGA1UEChMLU2FmZU5ldC1JbmMxGDAWBgNVBAsTD0hTTSBFbmdpbmVlcmluZzElMCMGA1UEAxMcTWFudWZhY3R1cmluZyBJbnRlZ3JpdHlfMjAxMDAeFw0xMDA4MTEwMDAwMDBaFw0xOTEyMzEwMDAwMDBaMCYxJDAiBgNVBAMTG0hhcmR3YXJlIE9yaWdpbiBDZXJ0aWZpY2F0ZTCCAiAwDQYJKoZIhvcNAQEBBQADggINADCCAggCggIBAMALN4Biv4YuT9WvFXYGJK+0OX5VGcJH210kI3fEEPLIiT0wYAthoFnGB6UWcCGwjRBjOwmHaVIv+oyc7DcEbPFkdmKV+/2E2KzwbdaSvZroMrynrsAJ30lROmdGY0slAmruUAAUf5jn+PzL1lhX8SyefywVRIV42uvn/lbhb3aRn2e439dqJfdQXRrmD+J6RRruiNm10LH4gPQEwZAanPPiutR/3L8SEdRGAgjwa1nabe00XCkAfFJaEOTAmVGLPJYsJDQ+XuAlUCal4bp2FRG0sGzzIuy/sVFKUbdy79/tw8TA4M+ic9wDmERiupnTMXit7/883QTIIxq0+5g8x0KevPQtSCq+ekYmNmaHgikxLNxGISSN+LkZ37hPrUowpaxIPVG/298LBsCUyE4B0SZQ7elHIMc6u5CYV/FjhdtFqH2SU17DjkB6VfGHXF25db6oyEpIUqjlJKmqY5kuCxptEEJH6455LqlJbl4//S1YZELjl6JhkjJNmxclcbO9u/to7zYiVdzHEEkqjRzKbTD+tueVgY/0zYc2+USDq85QrXAxsP+LZpP4WdeT4RaZBmfGfJ0oSd6zN7Gdn+/yiHTwKoQM4lIKcXacfNAWg8nkDDVpyQk7Yy/rXWQxpjBGqqTDMuQ3Kyr48ymC8qJ4r1npYj49UHEqOJ29uG2hdaMvAgEDoxswGTAXBgNVHSUBAf8EDTALBgkrBgEEAeBfAQgwDQYJKoZIhvcNAQEMBQADggIBAJEMjZ1sFhoaSI0uy/UWHFNKFde7Pd7i8wdRFeepcDEyqntw5hCrnRI/wg89KoeZiaSVU1wJkWgwEOAFokuMFmjrIDfRVzUiU+byzky/hIORXJxaJV72oewXDIcdZOYh18+SbSCuTWT+C5GIGqGzc/ka68n9MG52+fLanhCVL81btkdWBMJV2tF3//6BXWZJAcSO8KRSDkEkijqHlK3mSzvSyDLIjCoV2Bmb7rpRQK2LC+roxfqjj8p90aKdhx2U5/qW1hOTAH6xsjPPIzPyrJsYBFfS3uR1zq4q3KtIfnhFfGd6sJa1Pp0NOe+bsaJAlI+ERUktTeopSOSyZ5zZhGY3UCQgSE8Y2nPqpry9JPBsLYfDayfLcwysp9PvEIcwPYo1NWDscvclI2+p/8WGbBRhMxdNmAKcaOXMDMqJ5Ni7ood9Y6YnAKbtdQAOPtbZnOZwqMK1X/2u0QRfQdLztrK3PrbtErtgotiRLlZM91fDh72uh2aSbAyFaH7TXwSxZtoqBaPDe+uQUD/4BuIbkS9VSogSHrhgKzjfL61OKFF23Fcx0piUk+WIAWufekBOJKlgpjD6RjEvuMQ6c+EpHoqVu92IQqMvJeHuK7Cb2BfOhIJKdsCB173Z03soYUC5I66QVV/7hvMLTSHwgLtvQeLJoDsL5yKLAtSPlgBPxNsEMIIFhzCCA2+gAwIBAgIHAIBFAAAAAjANBgkqhkiG9w0BAQwFADBqMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMRswGQYDVQQKExJDaHJ5c2FsaXMtSVRTIEluYy4xGzAZBgNVBAMTEkNocnlzYWxpcy1JVFMgUm9vdDAeFw0xMDA4MTEwMDAwMDBaFw0xOTEyMzEwMDAwMDBaMIGCMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xDzANBgNVBAcTBk90dGF3YTEUMBIGA1UEChMLU2FmZU5ldC1JbmMxGDAWBgNVBAsTD0hTTSBFbmdpbmVlcmluZzElMCMGA1UEAxMcTWFudWZhY3R1cmluZyBJbnRlZ3JpdHlfMjAxMDCCAiAwDQYJKoZIhvcNAQEBBQADggINADCCAggCggIBAMa7hVqlaHa0/TZaT2bHtazql7B6HySIJNR3qtES4KTMTi83VPT5qZJGUpZ7d12SvxrT+anp9XTgffxJEJCyOmT2hzF50da7UPAlkXoS4716XI8bPozPYEGBtryZFkRHsdIa+MIOt7Xuc92l0DNBv2sQ51OyW0oMLff1Q2BpMBGKJtyB7qA3YYKHLyxOcZ6q1sGDiXP+laV7Rsxi0owdJKDMPev2PZffNmXTf42TpZAu5K4pCA3mOPH0SXUKY7enOF3b9Xpp3QZDd2TMlKOZpr8fXKvB5HpS1mYlqA8kmSbIoXxehSkUiB1TkpyZsA22HS3iVy55hpHWX7lVmeaKl1MvlHrr2N/H7YceL8ErFQCIG8Gp3z6sd6rdgCz/DJ5AsvIJnruTlw2jcoM8Cb7ETKpmDuKA1zcSmkK4r+3yfsqlrb60vswW8nWgRE85+mlbgBVPENCSGGzlMZLRfg4jG4jv/dnLkgKq5RKYYG678BO+nG3T8n8uIOJMTk90jrILdBrnbAo+Xo6fkZsE87sacG6UqDgvvEeBVyTYwUdjxPhc/OipkGH3jAr5X8qADNQmoXiKUUsW4NHP3acnFFMq439Rb2OP+WZoWH0Bu6OjVjek8BQoVIFH0N2ooL1Bpf5NGCVX0Y4flQTgMkMFB7477wgNlcXp4IJarJEilX9QpBBvAgEDoxswGTAXBgNVHSUBAf8EDTALBgkrBgEEAeBfAQcwDQYJKoZIhvcNAQEMBQADggIBAKivNJiESPIJzhMEKUDM/+q/AH8sVbk0/J1+uFSwDxdTxsRg533xDMXyjmGaUBNIN1izFH/tU5U4pGb+uWzwcgipmDSQynsqx4eh2eduBjkQ9YmSu4i/xKhV1tGN4NW1meTXydu/uPRdTEcWCaGtCyy1sNCXsk5EIKzRtT5emS9hnbVy5NiGeuRdHZpHe/zW21sn4EjQ+wqFwLoaCSSRIjk34cKfbBfAevEot61/cY4voGK+U5q14DVrJ+po6gFDjqUUruH15X/miI4dIAa4Qpap2VIk+yLgyuN75QMtKKuRi0HXYMOZi193M959aimlmnzPhxBH20X7JBnqOT0gbvKk6uvNucKFGzfaNn6IQPixS7DswhJUahmo76N944U3EWFXVsAww3mRPZKYUtrAO8rV+sV/PHdnXXtKLwmg6dqtSFstNctuBnJsrph+bM79LSSplJUSWmKJJjo/LaduJ9KU93PFzP8i7M8WKmBkAWYRcbcREyYgwFdcMyuidvUzGw7jMOnCOrGcoPbAh9uC+Xg9BcyyTrmzDoY3cmEHFJRwMbpoWKvUEB1WdTD3JLLnO1xIktCgSYq8po5XLKmKZJrz6TwP16mTs4PZjYQgy7pz+d3Usp7N+mmpuixEgkIuYQjDEaQ+dOpTokYKQ5YAJg+u13ioi9qiMepke5bYLqn6" 2. POST /api/lunasa/hsms/{serviceHSMid}/indirect/challenges {"role":"so", "ped":"1", "certificate":"<as above>"} OUTPUT: HDR: location: /api/lunasa/hsms/{serviceHSMid}/indirect/challenges/{challengeid} BODY: "challenge": "AAEAAHlUqZ5blhyvdl/bW9EqXwY9xwlVA/D700rVrErljxLwQznRV6NxGUN4ry3yvi67vcC6agdelBNQL20NMb9qI59WBezTYY0G2FpOGsYS93V/+SlpPf4lmowGfYK8SELmHC64pPPTjhCTLuFwght6tT8/fUZR6DXn804nhjSBUZ82ySmV9hNDhvRRjg7xqvmDS0I1jgDCWPoIFPiEoaaHOqj1+pXAsCfTgkX76v9qhBFXEaO2dZBzbg8lBJsAQw8toHQULjX+ISWAHFsRX3cvqNLkUKH//yXDI9OI2q6CFIs1NV26kaEFPzae/f635JoSGvoNvIHehXK4BB7vxnqaxOQAAQAAD+56VxCXxidDyjTLs1DU73Ohv6PCw7bMgfXsmWyTv44lBQjrfjAtJEOMOTJM0hcoooFiAotAruxAkuX7ClNClfhmV1K1iB6NtoeZxr3QOwfH+BRfCKukEahlscfTnx5AQ09q107T5Lj2U+20sSjqhECMOhUinG+WSpbOzmT7eB7n0A74aD2bc+eMrg+fW69/pFxoJH5KreIwlXzIJneiQx4pQBlBTKjs7lAbKd1BClM8FyfDL/dqbZdDHMvD27RBcTKEz62+2IF3p3jWhQr83kvSXCvMh4J1HCKfoauMSO/XjGDnPwaapVFehdjLipEZvnwOBgQqXmwgp0tvug8ccQ=="
Notes
3. POST /api/lunasa/hsms/{adminHSMid}/partitions/{partitionid}/indirect/responses {"challenge":"<as above>"} OUTPUT: HDR: location: /api/lunasa/hsms/{adminHSMid}/indirect/responses/{reponseid} BODY: "response": "GZvvxqRYqk6LD3fRKm6MtikoBLjUOsgfMdclectEvoo="
Notes
4. POST /api/lunasa/hsms/{serviceHSMid}/login {"response":"<as above>"} HDR: location: /api/lunasa/hsms/{adminHSMid}/roles/{roleid}
At this step, you should now be logged into the serviceHSMid as the Security Officer ("so").