REST API  16
REST API for Luna Network HSMs
POST /api/lunasa/packageFiles

POST /api/lunasa/packageFiles?VerifyOnly=true

POST /api/lunasa/packageFiles?VerifyOnly=false

Verify or Update a secure package on appliances. This resource supports url query string. If user does not use OpenSSL EVP, you need HSM SO authentication.
The resource works in two different ways:

  • User can upload the package and update/verify using this single resource. Package operation from this method will take less time when performed in good network.
  • User can also provide the name of package file that has already been uploaded in user's home directory. The package can be uploaded through POST /users/{userid}/files.

User Privileges

Users with the following role privileges can perform this command:

  • admin

Queries

VerifyOnly

This query string specifies if this request is only to verify the package. When the value is set to "true", only verification is performed. Otherwise, the package will be verified and updated on appliances.

Header for uploading and update/verify the package

Content-Type

application/vnd.safenetinc.lunasa+multipart;version=

Note: Before calling this API, it is advised to check maxFileSize using GET /api/lunasa/webServer and update via PATCH /api/lunasa/webServer based on the file size.

Header for providing file name to update/verify the package

Content-Type

application/vnd.safenetinc.lunasa+json;version=

Parameters for uploading and update/verify the package

The request takes in file

authCode

This parameter specifies the authcode of the secure package. Each secure package should have its own authcode for verification or update purpose.

Use: Required

JSON Schema: 

    Object
    type: string
    minLength: 16
    maxLength: 16
    pattern: [A-Za-z0-9/]

useDes3

This parameters specifies if DES3 Cipher is used for package update or verify. It cannot be used simultaneously with EVP.

Use: Not Required

JSON Schema: 

    Object
    type: boolean

useEvp

This parameters specifies if OpenSSL EVP is used to decrypt and validate the package. If so, SO authentication is not required. It cannot be used simultaneously with Des3.

Use: Not Required

JSON Schema: 

    Object
    type: boolean

Parameters for providing file name to update/verify the package

authCode

This parameter specifies the authcode of the secure package. Each secure package should have its own authcode for verification or update purpose.

Use: Required

JSON Schema: 

    Object
    type: string
    minLength: 16
    maxLength: 16
    pattern: [A-Za-z0-9/]

file

The name of the update package file that should be uploaded in user's home directory.

Use: Required

JSON Schema: 

   Object
   type: string
   minLength: 1
   maxLength: 64
   pattern: [a-zA-Z0-9_. -]

Note: The file name should match the following criteria:

  1. File with .spkg extension and contains valid package, can be accepted as package file
  2. File name should not start with dot character(.) and end with space

useDes3

This parameters specifies if DES3 Cipher is used for package update or verify. It cannot be used simultaneously with EVP.

Use: Not Required

JSON Schema: 

    Object
    type: boolean

useEvp

This parameters specifies if OpenSSL EVP is used to decrypt and validate the package. If so, SO authentication is not required. It cannot be used simultaneously with Des3.

Use: Not Required

JSON Schema: 

    Object
    type: boolean

Responses

204

No Content, Success.

400

PACKAGE_MANAGEMENT_OPERATION_FAILED

If operation fails

APPLIANCE_REQUIRE_SO_LOGIN

If HSM SO has not logged in

PACKAGE_CAN_NOT_USE_BOTH_EVP_AND_DES3

If user use both EVP and DES3

APPLIANCE_FILENAME_NOT_VALID

If user has provided restricted package name.

SERVER_REQUEST_NOT_APPROPRIATE

If user has not used multipart request for attaching file.

403

FRAMEWORK_CRITICAL_OPERATION_RUNNING

Critical Operation currently in Progress.

404

SERVERPLUGIN_FILEID_DOES_NOT_EXIST

If package provided does not exist

413

SERVER_REQUEST_TOO_LARGE

If package size is larger than configured maxFileSize. Refer GET /api/lunasa/webServer

Example Request for updating the appliance if user wants to upload the package and updating the appliance using this resource.

The content type of the request needs to be application/vnd.safenetinc.luna+multipart. Here is an example of sending such a request using python library requests.

import requests

import os

import json

payload = {"authCode": "x7JTA/KPqJd56xY7", "useEvp": False, "useDes3": False}

files = { 'json': (None, json.dumps(payload), 'application/json') 'file': (None, open("pathToSecurePackageFile", 'rb'), 'appliaction/octet-stream') }

headers = {'content-type': 'application/vnd.safenetinc.luna+multipart;version=6'}

r = requests.request("POST", "https://1.2.3.4:8443/api/lunasa/packageFiles?VerifyOnly=false", files=files,headers=headers, verify=False)

Example Request for updating the appliance if package has already been uploaded in user's home directory.

    POST
    https://1.2.3.4:8443/api/lunasa/packageFiles?VerifyOnly=false
    {
      "authCode":"5ERd79MAGdHG9EY5",
      "file":"lunasa_update-7.1.0.spkg"
    }

Example Result

Result may also be a task.

{
}

Note: Before calling this API for multipart request, it is advised to check maxFileSize using GET /api/lunasa/webServer and update via PATCH /api/lunasa/webServer based on the file size.

REST API for Luna Network HSMs VERSION" Reference Guide
007-013322-007 Rev. A Copyright 2023  Thales. All rights reserved.