REST API  4.0.0
REST API for SafeNet Network HSMs
Indirect Login

Indirect Login

The indirect login capability of SafeNet Network HSM is a powerful feature used to provision PED-based HSMs. The following steps describe how to achieve indirect login with the REST API. For the purposes of the instructions, "adminHSMid" is the holder of the private key used for indirect login and "serviceHSMid" is the HSM to be provisioned as a service.

Setup 

1. Log into partition on adminHSMid as the crypto officer ("co").

2. GET /api/lunasa/hsms/{adminHSMid}/partitions/{partitionid}/indirect/key

   OUTPUT:

   BODY:  "exponent": "AQAB",
          "modulus": "tGHiZBb/Ou+VVutU/I9XZhvF410zw307r+GjxuuTKO2e2g/p23EdiJK1ghF2ORGc5qpWBOr0w4V7KarxW/f1ERwLpdF8TEdqcu22qLKIcVKYNC1gV+LxR2EBtaUfsWLOktYQ62m9XF1esmMYoMXTA1CsXhNrXYDFbwZT/FPV+Lrod3ZMMrlxyKMxKrdP7fDYam0xOZ+wNKtCLW+Ec1R5gtqYip2Wtqx//ZdUATDbKMhGQ6moXhqloRE6qLk76k24ZCi/02LChlIneNXFqaJBtJkEoVFliv7kbwheaWc7hyKE81Ooy3BBbyPWL4ZDtD1fwu/YWkP5gW+H4ffB56UrEw=="

3. Log into serviceHSMid as Security Officer ("so")

4. POST /api/lunasa/hsms/{serviceHSMid}/indirect/key {"exponent":"<as above>","modulus":"<as above>"}

   OUTPUT:

   HDR: location: /api/lunasa/hsms/{serviceHSMid}/indirect/challenges

5. Log out of serviceHSMid

Use Indirect Login 

1. GET /api/lunasa/hsms/{adminHSMid}/certificate

   OUTPUT:

   BODY: "certificate": "AwAAADCCBAswggHzoAMCAQICAQAwDQYJKoZIhvcNAQEMBQAwJjEkMCIGA1UEAxMbSGFyZHdhcmUgT3JpZ2luIENlcnRpZmljYXRlMB4XDTEwMDgxMTAwMDAwMFoXDTE5MTIzMTAwMDAwMFowJTEjMCEGA1UEAxMaVG9rZW5XcmFwcGluZ0NlcnRpZmljYXRlVjMwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCoDtFWVHOTfNMCy1bPw5TS4JbziN83JSdEv3TcpN0CVOKdhqyfyYWYGTtilcqMA/yh70b1RMaFiWwn7gVQcFh3iG9B5Sm3MS44MSvvf90KeRVV3wcgMpsgik8jhSWJi3M4TqtauGXBjL6hGDNvFVT2nDkRWTZfve45DIGMSwxZZYl5lCNC6iZysILghaIbLmSCGN+04QlrFU5jDk+DIhIlC6gBVBF2xu2hJy7oYjvZUe9DN/mX4XoBk+uIFw65PMLkQS3TizTKnIv99GWCStoieOHndeVoeTxDER4rm7kUt5NYlxp/YK0WmG1vx2nQY+gxj/I6G3/71v0Njz4AlgpjAgEDo0cwRTAXBgNVHSUBAf8EDTALBgkrBgEEAeBfAQYwFAYJKwYBBAHgXwIBAQEABAThTAIAMBQGCSsGAQQB4F8CAgEBAAQEAQAAADANBgkqhkiG9w0BAQwFAAOCAgEARS08qBAKKCprb5zUgXCBN+JBSbmltGUOCw+plQTjSCrt8XfZ1rH5drN9n/Q2FE2uA94Lg3B579ylClTtzh51QrlVUIHAaJqz6Kp9lahJia7SV+B3OlGho2V4wrUWVwox+f/DWyPZTlfxPwl3q6rJk1en8UolhHTzsAQXsDYBtT4oD+0IcEv2PGgWPACMzchgPW8fuXop2whFq7PO4cjySdMENak82IQ1QkNTl1cMKSoGgpM4On54kSXSOaAUJpt7C0KUrq5tXBlAE0J//WJxYdDEpUwUIswmIxZn+FAlYaVrgDzTawTBh8jdn22DdEL/Z5klySmBzJ75dqnN291vMK0DH82CUUqwt6X8o9XT8/HXkrlI0bSkPbzwanqorYbyYi2FMs4O3cr+khoB0LYdSorqUtxv3FYh9tVlI5LwyeEkDBY6oEe/Ma4eLgStA6XbVTQ6pts4fEc+XetRvS9XN49RlwJlUq4KeQMrIh1sADAtckp/vmlvstghaV13fbBM3qxjDGN95q2GMR+lSzzMFoixP9hI1lslBM0tWYbycWlpGLymxUdIHI3YwLm7BPV7vedguEgerroT+h1TH9QOZ4WcKgjdy/bZWqmdEp/GSedTKw+N27WIxL/iBHOEIHLQkqWRjVQ/AMdwwgq2M5ePk1ecbY0jV4sdapavD39LM+AwggVDMIIDK6ADAgECAgcBOKcAAkzhMA0GCSqGSIb3DQEBDAUAMIGCMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xDzANBgNVBAcTBk90dGF3YTEUMBIGA1UEChMLU2FmZU5ldC1JbmMxGDAWBgNVBAsTD0hTTSBFbmdpbmVlcmluZzElMCMGA1UEAxMcTWFudWZhY3R1cmluZyBJbnRlZ3JpdHlfMjAxMDAeFw0xMDA4MTEwMDAwMDBaFw0xOTEyMzEwMDAwMDBaMCYxJDAiBgNVBAMTG0hhcmR3YXJlIE9yaWdpbiBDZXJ0aWZpY2F0ZTCCAiAwDQYJKoZIhvcNAQEBBQADggINADCCAggCggIBAMALN4Biv4YuT9WvFXYGJK+0OX5VGcJH210kI3fEEPLIiT0wYAthoFnGB6UWcCGwjRBjOwmHaVIv+oyc7DcEbPFkdmKV+/2E2KzwbdaSvZroMrynrsAJ30lROmdGY0slAmruUAAUf5jn+PzL1lhX8SyefywVRIV42uvn/lbhb3aRn2e439dqJfdQXRrmD+J6RRruiNm10LH4gPQEwZAanPPiutR/3L8SEdRGAgjwa1nabe00XCkAfFJaEOTAmVGLPJYsJDQ+XuAlUCal4bp2FRG0sGzzIuy/sVFKUbdy79/tw8TA4M+ic9wDmERiupnTMXit7/883QTIIxq0+5g8x0KevPQtSCq+ekYmNmaHgikxLNxGISSN+LkZ37hPrUowpaxIPVG/298LBsCUyE4B0SZQ7elHIMc6u5CYV/FjhdtFqH2SU17DjkB6VfGHXF25db6oyEpIUqjlJKmqY5kuCxptEEJH6455LqlJbl4//S1YZELjl6JhkjJNmxclcbO9u/to7zYiVdzHEEkqjRzKbTD+tueVgY/0zYc2+USDq85QrXAxsP+LZpP4WdeT4RaZBmfGfJ0oSd6zN7Gdn+/yiHTwKoQM4lIKcXacfNAWg8nkDDVpyQk7Yy/rXWQxpjBGqqTDMuQ3Kyr48ymC8qJ4r1npYj49UHEqOJ29uG2hdaMvAgEDoxswGTAXBgNVHSUBAf8EDTALBgkrBgEEAeBfAQgwDQYJKoZIhvcNAQEMBQADggIBAJEMjZ1sFhoaSI0uy/UWHFNKFde7Pd7i8wdRFeepcDEyqntw5hCrnRI/wg89KoeZiaSVU1wJkWgwEOAFokuMFmjrIDfRVzUiU+byzky/hIORXJxaJV72oewXDIcdZOYh18+SbSCuTWT+C5GIGqGzc/ka68n9MG52+fLanhCVL81btkdWBMJV2tF3//6BXWZJAcSO8KRSDkEkijqHlK3mSzvSyDLIjCoV2Bmb7rpRQK2LC+roxfqjj8p90aKdhx2U5/qW1hOTAH6xsjPPIzPyrJsYBFfS3uR1zq4q3KtIfnhFfGd6sJa1Pp0NOe+bsaJAlI+ERUktTeopSOSyZ5zZhGY3UCQgSE8Y2nPqpry9JPBsLYfDayfLcwysp9PvEIcwPYo1NWDscvclI2+p/8WGbBRhMxdNmAKcaOXMDMqJ5Ni7ood9Y6YnAKbtdQAOPtbZnOZwqMK1X/2u0QRfQdLztrK3PrbtErtgotiRLlZM91fDh72uh2aSbAyFaH7TXwSxZtoqBaPDe+uQUD/4BuIbkS9VSogSHrhgKzjfL61OKFF23Fcx0piUk+WIAWufekBOJKlgpjD6RjEvuMQ6c+EpHoqVu92IQqMvJeHuK7Cb2BfOhIJKdsCB173Z03soYUC5I66QVV/7hvMLTSHwgLtvQeLJoDsL5yKLAtSPlgBPxNsEMIIFhzCCA2+gAwIBAgIHAIBFAAAAAjANBgkqhkiG9w0BAQwFADBqMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMRswGQYDVQQKExJDaHJ5c2FsaXMtSVRTIEluYy4xGzAZBgNVBAMTEkNocnlzYWxpcy1JVFMgUm9vdDAeFw0xMDA4MTEwMDAwMDBaFw0xOTEyMzEwMDAwMDBaMIGCMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xDzANBgNVBAcTBk90dGF3YTEUMBIGA1UEChMLU2FmZU5ldC1JbmMxGDAWBgNVBAsTD0hTTSBFbmdpbmVlcmluZzElMCMGA1UEAxMcTWFudWZhY3R1cmluZyBJbnRlZ3JpdHlfMjAxMDCCAiAwDQYJKoZIhvcNAQEBBQADggINADCCAggCggIBAMa7hVqlaHa0/TZaT2bHtazql7B6HySIJNR3qtES4KTMTi83VPT5qZJGUpZ7d12SvxrT+anp9XTgffxJEJCyOmT2hzF50da7UPAlkXoS4716XI8bPozPYEGBtryZFkRHsdIa+MIOt7Xuc92l0DNBv2sQ51OyW0oMLff1Q2BpMBGKJtyB7qA3YYKHLyxOcZ6q1sGDiXP+laV7Rsxi0owdJKDMPev2PZffNmXTf42TpZAu5K4pCA3mOPH0SXUKY7enOF3b9Xpp3QZDd2TMlKOZpr8fXKvB5HpS1mYlqA8kmSbIoXxehSkUiB1TkpyZsA22HS3iVy55hpHWX7lVmeaKl1MvlHrr2N/H7YceL8ErFQCIG8Gp3z6sd6rdgCz/DJ5AsvIJnruTlw2jcoM8Cb7ETKpmDuKA1zcSmkK4r+3yfsqlrb60vswW8nWgRE85+mlbgBVPENCSGGzlMZLRfg4jG4jv/dnLkgKq5RKYYG678BO+nG3T8n8uIOJMTk90jrILdBrnbAo+Xo6fkZsE87sacG6UqDgvvEeBVyTYwUdjxPhc/OipkGH3jAr5X8qADNQmoXiKUUsW4NHP3acnFFMq439Rb2OP+WZoWH0Bu6OjVjek8BQoVIFH0N2ooL1Bpf5NGCVX0Y4flQTgMkMFB7477wgNlcXp4IJarJEilX9QpBBvAgEDoxswGTAXBgNVHSUBAf8EDTALBgkrBgEEAeBfAQcwDQYJKoZIhvcNAQEMBQADggIBAKivNJiESPIJzhMEKUDM/+q/AH8sVbk0/J1+uFSwDxdTxsRg533xDMXyjmGaUBNIN1izFH/tU5U4pGb+uWzwcgipmDSQynsqx4eh2eduBjkQ9YmSu4i/xKhV1tGN4NW1meTXydu/uPRdTEcWCaGtCyy1sNCXsk5EIKzRtT5emS9hnbVy5NiGeuRdHZpHe/zW21sn4EjQ+wqFwLoaCSSRIjk34cKfbBfAevEot61/cY4voGK+U5q14DVrJ+po6gFDjqUUruH15X/miI4dIAa4Qpap2VIk+yLgyuN75QMtKKuRi0HXYMOZi193M959aimlmnzPhxBH20X7JBnqOT0gbvKk6uvNucKFGzfaNn6IQPixS7DswhJUahmo76N944U3EWFXVsAww3mRPZKYUtrAO8rV+sV/PHdnXXtKLwmg6dqtSFstNctuBnJsrph+bM79LSSplJUSWmKJJjo/LaduJ9KU93PFzP8i7M8WKmBkAWYRcbcREyYgwFdcMyuidvUzGw7jMOnCOrGcoPbAh9uC+Xg9BcyyTrmzDoY3cmEHFJRwMbpoWKvUEB1WdTD3JLLnO1xIktCgSYq8po5XLKmKZJrz6TwP16mTs4PZjYQgy7pz+d3Usp7N+mmpuixEgkIuYQjDEaQ+dOpTokYKQ5YAJg+u13ioi9qiMepke5bYLqn6"

2. POST /api/lunasa/hsms/{serviceHSMid}/indirect/challenges {"role":"so", "ped":"1", "certificate":"<as above>"}

   OUTPUT:

   HDR: location: /api/lunasa/hsms/{serviceHSMid}/indirect/challenges/{challengeid}

   BODY:

  "challenge": "AAEAAHlUqZ5blhyvdl/bW9EqXwY9xwlVA/D700rVrErljxLwQznRV6NxGUN4ry3yvi67vcC6agdelBNQL20NMb9qI59WBezTYY0G2FpOGsYS93V/+SlpPf4lmowGfYK8SELmHC64pPPTjhCTLuFwght6tT8/fUZR6DXn804nhjSBUZ82ySmV9hNDhvRRjg7xqvmDS0I1jgDCWPoIFPiEoaaHOqj1+pXAsCfTgkX76v9qhBFXEaO2dZBzbg8lBJsAQw8toHQULjX+ISWAHFsRX3cvqNLkUKH//yXDI9OI2q6CFIs1NV26kaEFPzae/f635JoSGvoNvIHehXK4BB7vxnqaxOQAAQAAD+56VxCXxidDyjTLs1DU73Ohv6PCw7bMgfXsmWyTv44lBQjrfjAtJEOMOTJM0hcoooFiAotAruxAkuX7ClNClfhmV1K1iB6NtoeZxr3QOwfH+BRfCKukEahlscfTnx5AQ09q107T5Lj2U+20sSjqhECMOhUinG+WSpbOzmT7eB7n0A74aD2bc+eMrg+fW69/pFxoJH5KreIwlXzIJneiQx4pQBlBTKjs7lAbKd1BClM8FyfDL/dqbZdDHMvD27RBcTKEz62+2IF3p3jWhQr83kvSXCvMh4J1HCKfoauMSO/XjGDnPwaapVFehdjLipEZvnwOBgQqXmwgp0tvug8ccQ=="


Notes

  • This object is persistent for the duration of the session.
  • There is no GET indirect/challenges to obtain a list of objects.
  • The challenge can be retrieved with GET /api/lunasa/hsms/{serviceHSMid}/indirect/challenges/{challengeid}.



3. POST /api/lunasa/hsms/{adminHSMid}/partitions/{partitionid}/indirect/responses {"challenge":"<as above>"}

   OUTPUT:

   HDR: location: /api/lunasa/hsms/{adminHSMid}/indirect/responses/{reponseid}
  
   BODY: "response": "GZvvxqRYqk6LD3fRKm6MtikoBLjUOsgfMdclectEvoo="


Notes

  • This object is persistent for the duration of the session.
  • There is no GET indirect/responses to obtain a list of objects.
  • The response can be retrieved with GET /api/lunasa/hsms/{serviceHSMid}/indirect/ responses/{responseid}.



4. POST /api/lunasa/hsms/{serviceHSMid}/login {"response":"<as above>"}

   HDR: location: /api/lunasa/hsms/{adminHSMid}/roles/{roleid}



At this step, you should now be logged into the serviceHSMid as the Security Officer ("so").

REST API for SafeNet Network HSMs 4.0.0 Reference Guide
007-013322-005 Rev. B Copyright 2016  Gemalto. All rights reserved.