EMVKeyMgr Class

Properties Methods Events Config Settings Errors

The EMVKeyMgr class simplifies the process of downloading EMV public keys for FDMS Rapid Connect and Paymentech.

Syntax

dpaymentssdk.Emvkeymgr

Remarks

This class connects with either FDMS Rapid Connect or Paymentech to check the status of, and download EMV public key information.

To begin set Platform to specify FDMS Rapid Connect or Paymentech. Next set the appropriate merchant properties for the selected platform.

FDMS Rapid Connect

After calling GetKeyInfo the KeyFileCRC, KeyFileSize, and KeyFileDate should all be saved for use when calling CheckForUpdate at a later time.

To check whether an update is available set KeyFileCRC, KeyFileSize, and KeyFileDate to the values from the current key. If no values are known simply leave these empty. Call CheckForUpdate to determine if an update is applicable. The UpdateAvailable property will be populated and can be queried to determine if an update is available. If an update is available simply call GetKeyInfo to obtain the new public key information.

After calling GetKeyInfo the KeyDetails property will hold details about each of the keys returned.

The applicable properties and methods for FDMS Rapid Connect are:

Properties:

ApplicationId
DatawireId
GroupId
KeyDetails
KeyFileCRC
KeyFileDate
KeyFileSize
MerchantId
MerchantTerminalNumber
Platform
STAN
TPPID
TransactionNumber
UpdateAvailable
URL

Methods:

CheckForUpdate
GetKeyInfo

EMVKeyMgr for FDMS Rapid Connect Code Example emvkeymgr.TPPID = "AAA000"; emvkeymgr.MerchantTerminalNumber = "00000001"; emvkeymgr.MerchantId = "1234"; emvkeymgr.GroupId = "20001"; emvkeymgr.DatawireId = "00011122233344455566"; emvkeymgr.ApplicationId = "RAPIDCONNECTVXN"; emvkeymgr.URL = "https://stg.dw.us.fdcnet.biz/rc"; emvkeymgr.STAN = "112"; emvkeymgr.TransactionNumber = "120013"; emvkeymgr.KeyFileDate = "03262014120000"; emvkeymgr.KeyFileSize = 123; emvkeymgr.KeyFileCRC = "0000"; //Check if an update is available emvkeymgr.CheckForUpdate(); if (emvkeymgr.UpdateAvailable) { emvkeymgr.GetKeyInfo(); //Save these values to provide in the next CheckForUpdate call string origKeyCRC = emvkeymgr.KeyFileCRC; int origKeySize = emvkeymgr.KeyFileSize; string origKeyDate = emvkeymgr.KeyFileDate; //Iterate over the key details for (int i = 0; i < emvkeymgr.KeyDetails.Count; i++) { Console.WriteLine("RID: " + emvkeymgr.KeyDetails[i].RID); Console.WriteLine("ExpDate: " + emvkeymgr.KeyDetails[i].ExpDate); Console.WriteLine("IndexStr: " + emvkeymgr.KeyDetails[i].IndexStr); Console.WriteLine("Checksum: " + emvkeymgr.KeyDetails[i].CheckSum); Console.WriteLine("Modulus: " + emvkeymgr.KeyDetails[i].Modulus); Console.WriteLine("Exponent: " + emvkeymgr.KeyDetails[i].Exponent); Console.WriteLine("********************************"); } }

Paymentech

Call the GetKeyInfo method to retrieve available public key information. After calling GetKeyInfo the KeyDetails property will hold details about each of the keys returned.

The applicable properties and methods for Paymentech are:

Properties:

ClientNumber
KeyDetails
MerchantId
MerchantTerminalNumber
Password
Platform
SequenceNumber
URL
UserId

Methods:

GetKeyInfo

Events:

DataPacketIn
DataPacketOut

EMVKeyMgr for Paymentech Code Example

emvkeymgr.Platform = EmvkeymgrPlatforms.kpPaymentech;
emvkeymgr.URL = "https://netconnectvar1.chasepaymentech.com/NetConnect/controller";
emvkeymgr.UserId = "userid";
emvkeymgr.Password = "password";
emvkeymgr.MerchantId = "700000000125";
emvkeymgr.MerchantTerminalNumber = "001";
emvkeymgr.ClientNumber = "0002";    

emvkeymgr.GetKeyInfo();

//Iterate over the key details
for (int i = 0; i < emvkeymgr.KeyDetails.Count; i++)
{
  Console.WriteLine("RID: " + emvkeymgr.KeyDetails[i].RID);
  Console.WriteLine("IndexStr: " + emvkeymgr.KeyDetails[i].IndexStr);
  Console.WriteLine("Checksum: " + emvkeymgr.KeyDetails[i].CheckSum);
  Console.WriteLine("Modulus: " + emvkeymgr.KeyDetails[i].Modulus);
  Console.WriteLine("Exponent: " + emvkeymgr.KeyDetails[i].Exponent);
  Console.WriteLine("Fallback Allowed: " + emvkeymgr.KeyDetails[i].FallbackAllowed);
  Console.WriteLine("********************************");
}

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.


ApplicationId	Identifies the merchant application to the Datawire System.
ClientNumber	Merchant configuration property, assigned by Paymentech.
DatawireId	Identifies the merchant to the Datawire System.
GroupId	The Id assigned by FDMS to identify the merchant or group of merchants.
KeyDetails	A collection of public key details.
KeyFileCRC	The CRC-16 checksum of the EMV public key.
KeyFileDate	The creation date of the EMV public key.
KeyFileSize	The total size of the EMV public key file in bytes.
MerchantId	A unique Id used to identify the merchant.
MerchantTerminalNumber	Used to identify a unique terminal within a merchant location.
Password	Password for authentication with the NetConnect Server .
Platform	The processing platform.
Proxy	This property includes a set of properties related to proxy access.
SequenceNumber	Sequence number of the transaction.
SSLAcceptServerCert	Instructs the class to unconditionally accept the server certificate that matches the supplied certificate.
SSLCert	The certificate to be used during SSL negotiation.
SSLProvider	This specifies the SSL/TLS implementation to use.
SSLServerCert	The server certificate for the last established connection.
STAN	The merchant assigned System Trace Audit Number(STAN).
Timeout	A timeout for the class.
TPPID	Third Party Processor Identifier assigned by FDMS.
TransactionNumber	Uniquely identifies the transaction.
UpdateAvailable	Whether updated public key information is available.
URL	Location of the server to which requests are sent.
UserId	UserId for authentication with the NetConnect Server .

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.


CheckForUpdate	Checks the key status to see if an update is required.
Config	Sets or retrieves a configuration setting.
GetKeyInfo	This method retrieves the EMV public key information.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.


Connected	This event is fired immediately after a connection completes (or fails).
DataPacketIn	Fired when receiving a data packet from the transaction server.
DataPacketOut	Fired when sending a data packet to the transaction server.
Disconnected	This event is fired when a connection is closed.
Error	Information about errors during data delivery.
SSLServerAuthentication	Fired after the server presents its certificate to the client.
SSLStatus	Shows the progress of the secure connection.
Status	Shows the progress of the FDMS/Datawire connection.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.


KeyBlockSize	The maximum block size when downloading the EMV public key.
KeyData	The EMV public key data.
RawRequest	Returns the request sent to the server for debugging purposes.
RawResponse	Returns the response received from the server for debugging purposes.
AcceptEncoding	Used to tell the server which types of content encodings the client supports.
AllowHTTPCompression	This property enables HTTP compression for receiving data.
AllowHTTPFallback	Whether HTTP/2 connections are permitted to fallback to HTTP/1.1.
AllowNTLMFallback	Whether to allow fallback from Negotiate to NTLM when authenticating.
Append	Whether to append data to LocalFile.
Authorization	The Authorization string to be sent to the server.
BytesTransferred	Contains the number of bytes transferred in the response data.
ChunkSize	Specifies the chunk size in bytes when using chunked encoding.
CompressHTTPRequest	Set to true to compress the body of a PUT or POST request.
EncodeURL	If set to True the URL will be encoded by the class.
FollowRedirects	Determines what happens when the server issues a redirect.
GetOn302Redirect	If set to True the class will perform a GET on the new location.
HTTP2HeadersWithoutIndexing	HTTP2 headers that should not update the dynamic header table with incremental indexing.
HTTPVersion	The version of HTTP used by the class.
IfModifiedSince	A date determining the maximum age of the desired document.
KeepAlive	Determines whether the HTTP connection is closed after completion of the request.
KerberosSPN	The Service Principal Name for the Kerberos Domain Controller.
LogLevel	The level of detail that is logged.
MaxHeaders	Instructs class to save the amount of headers specified that are returned by the server after a Header event has been fired.
MaxHTTPCookies	Instructs class to save the amount of cookies specified that are returned by the server when a SetCookie event is fired.
MaxRedirectAttempts	Limits the number of redirects that are followed in a request.
NegotiatedHTTPVersion	The negotiated HTTP version.
OtherHeaders	Other headers as determined by the user (optional).
ProxyAuthorization	The authorization string to be sent to the proxy server.
ProxyAuthScheme	The authorization scheme to be used for the proxy.
ProxyPassword	A password if authentication is to be used for the proxy.
ProxyPort	Port for the proxy server (default 80).
ProxyServer	Name or IP address of a proxy server (optional).
ProxyUser	A user name if authentication is to be used for the proxy.
SentHeaders	The full set of headers as sent by the client.
StatusCode	The status code of the last response from the server.
StatusLine	The first line of the last response from the server.
TransferredData	The contents of the last response from the server.
TransferredDataLimit	The maximum number of incoming bytes to be stored by the class.
TransferredHeaders	The full set of headers as received from the server.
TransferredRequest	The full request as sent by the client.
UseChunkedEncoding	Enables or Disables HTTP chunked encoding for transfers.
UseIDNs	Whether to encode hostnames to internationalized domain names.
UsePlatformDeflate	Whether to use the platform implementation to decompress compressed responses.
UsePlatformHTTPClient	Whether or not to use the platform HTTP client.
UseProxyAutoConfigURL	Whether to use a Proxy auto-config file when attempting a connection.
UserAgent	Information about the user agent (browser).
CloseStreamAfterTransfer	If true, the class will close the upload or download stream after the transfer.
CloseStreamAfterTransfer	If true, the class will close the upload or download stream after the transfer.
ConnectionTimeout	Sets a separate timeout value for establishing a connection.
ConnectionTimeout	Sets a separate timeout value for establishing a connection.
FirewallAutoDetect	Tells the class whether or not to automatically detect and use firewall system settings, if available.
FirewallAutoDetect	Tells the class whether or not to automatically detect and use firewall system settings, if available.
FirewallHost	Name or IP address of firewall (optional).
FirewallHost	Name or IP address of firewall (optional).
FirewallListener	If true, the class binds to a SOCKS firewall as a server (TCPClient only).
FirewallListener	If true, the class binds to a SOCKS firewall as a server (TCPClient only).
FirewallPassword	Password to be used if authentication is to be used when connecting through the firewall.
FirewallPassword	Password to be used if authentication is to be used when connecting through the firewall.
FirewallPort	The TCP port for the FirewallHost;.
FirewallPort	The TCP port for the FirewallHost;.
FirewallType	Determines the type of firewall to connect through.
FirewallType	Determines the type of firewall to connect through.
FirewallUser	A user name if authentication is to be used connecting through a firewall.
FirewallUser	A user name if authentication is to be used connecting through a firewall.
KeepAliveInterval	The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received.
KeepAliveInterval	The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received.
KeepAliveTime	The inactivity time in milliseconds before a TCP keep-alive packet is sent.
KeepAliveTime	The inactivity time in milliseconds before a TCP keep-alive packet is sent.
Linger	When set to True, connections are terminated gracefully.
Linger	When set to True, connections are terminated gracefully.
LingerTime	Time in seconds to have the connection linger.
LingerTime	Time in seconds to have the connection linger.
LocalHost	The name of the local host through which connections are initiated or accepted.
LocalHost	The name of the local host through which connections are initiated or accepted.
LocalPort	The port in the local host where the class binds.
LocalPort	The port in the local host where the class binds.
MaxLineLength	The maximum amount of data to accumulate when no EOL is found.
MaxLineLength	The maximum amount of data to accumulate when no EOL is found.
MaxTransferRate	The transfer rate limit in bytes per second.
MaxTransferRate	The transfer rate limit in bytes per second.
ProxyExceptionsList	A semicolon separated list of hosts and IPs to bypass when using a proxy.
ProxyExceptionsList	A semicolon separated list of hosts and IPs to bypass when using a proxy.
TCPKeepAlive	Determines whether or not the keep alive socket option is enabled.
TCPKeepAlive	Determines whether or not the keep alive socket option is enabled.
TcpNoDelay	Whether or not to delay when sending packets.
TcpNoDelay	Whether or not to delay when sending packets.
UseIPv6	Whether to use IPv6.
UseIPv6	Whether to use IPv6.
UseNTLMv2	Whether to use NTLM V2.
UseNTLMv2	Whether to use NTLM V2.
LogSSLPackets	Controls whether SSL packets are logged when using the internal security API.
LogSSLPackets	Controls whether SSL packets are logged when using the internal security API.
ReuseSSLSession	Determines if the SSL session is reused.
ReuseSSLSession	Determines if the SSL session is reused.
SSLCACerts	A newline separated list of CA certificate to use during SSL client authentication.
SSLCACerts	A newline separated list of CA certificate to use during SSL client authentication.
SSLCheckCRL	Whether to check the Certificate Revocation List for the server certificate.
SSLCheckCRL	Whether to check the Certificate Revocation List for the server certificate.
SSLCheckOCSP	Whether to use OCSP to check the status of the server certificate.
SSLCheckOCSP	Whether to use OCSP to check the status of the server certificate.
SSLCipherStrength	The minimum cipher strength used for bulk encryption.
SSLCipherStrength	The minimum cipher strength used for bulk encryption.
SSLContextProtocol	The protocol used when getting an SSLContext instance.
SSLContextProtocol	The protocol used when getting an SSLContext instance.
SSLEnabledCipherSuites	The cipher suite to be used in an SSL negotiation.
SSLEnabledCipherSuites	The cipher suite to be used in an SSL negotiation.
SSLEnabledProtocols	Used to enable/disable the supported security protocols.
SSLEnabledProtocols	Used to enable/disable the supported security protocols.
SSLEnableRenegotiation	Whether the renegotiation_info SSL extension is supported.
SSLEnableRenegotiation	Whether the renegotiation_info SSL extension is supported.
SSLIncludeCertChain	Whether the entire certificate chain is included in the SSLServerAuthentication event.
SSLIncludeCertChain	Whether the entire certificate chain is included in the SSLServerAuthentication event.
SSLKeyLogFile	The location of a file where per-session secrets are written for debugging purposes.
SSLKeyLogFile	The location of a file where per-session secrets are written for debugging purposes.
SSLNegotiatedCipher	Returns the negotiated cipher suite.
SSLNegotiatedCipher	Returns the negotiated cipher suite.
SSLNegotiatedCipherStrength	Returns the negotiated cipher suite strength.
SSLNegotiatedCipherStrength	Returns the negotiated cipher suite strength.
SSLNegotiatedCipherSuite	Returns the negotiated cipher suite.
SSLNegotiatedCipherSuite	Returns the negotiated cipher suite.
SSLNegotiatedKeyExchange	Returns the negotiated key exchange algorithm.
SSLNegotiatedKeyExchange	Returns the negotiated key exchange algorithm.
SSLNegotiatedKeyExchangeStrength	Returns the negotiated key exchange algorithm strength.
SSLNegotiatedKeyExchangeStrength	Returns the negotiated key exchange algorithm strength.
SSLNegotiatedVersion	Returns the negotiated protocol version.
SSLNegotiatedVersion	Returns the negotiated protocol version.
SSLServerCACerts	A newline separated list of CA certificate to use during SSL server certificate validation.
SSLServerCACerts	A newline separated list of CA certificate to use during SSL server certificate validation.
SSLTrustManagerFactoryAlgorithm	The algorithm to be used to create a TrustManager through TrustManagerFactory.
SSLTrustManagerFactoryAlgorithm	The algorithm to be used to create a TrustManager through TrustManagerFactory.
TLS12SignatureAlgorithms	Defines the allowed TLS 1.2 signature algorithms when SSLProvider is set to Internal.
TLS12SignatureAlgorithms	Defines the allowed TLS 1.2 signature algorithms when SSLProvider is set to Internal.
TLS12SupportedGroups	The supported groups for ECC.
TLS12SupportedGroups	The supported groups for ECC.
TLS13KeyShareGroups	The groups for which to pregenerate key shares.
TLS13KeyShareGroups	The groups for which to pregenerate key shares.
TLS13SignatureAlgorithms	The allowed certificate signature algorithms.
TLS13SignatureAlgorithms	The allowed certificate signature algorithms.
TLS13SupportedGroups	The supported groups for (EC)DHE key exchange.
TLS13SupportedGroups	The supported groups for (EC)DHE key exchange.
AbsoluteTimeout	Determines whether timeouts are inactivity timeouts or absolute timeouts.
AbsoluteTimeout	Determines whether timeouts are inactivity timeouts or absolute timeouts.
FirewallData	Used to send extra data to the firewall.
FirewallData	Used to send extra data to the firewall.
InBufferSize	The size in bytes of the incoming queue of the socket.
InBufferSize	The size in bytes of the incoming queue of the socket.
OutBufferSize	The size in bytes of the outgoing queue of the socket.
OutBufferSize	The size in bytes of the outgoing queue of the socket.
BuildInfo	Information about the product's build.
GUIAvailable	Tells the class whether or not a message loop is available for processing events.
LicenseInfo	Information about the current license.
MaskSensitive	Whether sensitive data is masked in log messages.
UseDaemonThreads	Whether threads created by the class are daemon threads.
UseInternalSecurityAPI	Tells the class whether or not to use the system security libraries or an internal implementation.

ApplicationId Property (EMVKeyMgr Class)

Identifies the merchant application to the Datawire System.

Syntax


public String getApplicationId();


public void setApplicationId(String applicationId);

Default Value

"NSOFTDIRECTPXML"

Remarks

The Application Id identifies the application that has generated and is sending the transaction. This is a 15 character alphanumeric code that identifies each application and is provided by the Datawire Secure Transport Vendor Integration Team

This property may be validated along with the DatawireId as connection credentials.

The default value of this property is a value used for testing with Rapid Connect. You may be required to have a new ApplicationId assigned for the software you create with this class.

This property is only applicable when Platform is set to FDMS Rapid Connect.

ClientNumber Property (EMVKeyMgr Class)

Merchant configuration property, assigned by Paymentech.

Syntax


public String getClientNumber();


public void setClientNumber(String clientNumber);

Default Value

Remarks

The ClientNumber will be supplied to you by Paymentech.

This property is only applicable when Platform is set to Paymentech.

DatawireId Property (EMVKeyMgr Class)

Identifies the merchant to the Datawire System.

Syntax


public String getDatawireId();


public void setDatawireId(String datawireId);

Default Value

Remarks

The Datawire Id is a unique customer identifier generated by Datawire and returned to the client after successfully registering the merchant (using the FDMSRegister class). This Id (which is sent in all subsequent transactions) allows a transaction, to pass through the Datawire system and be correctly routed to the FDMS Payment processor.

The maximum length for this property is 32 characters.

This property is only applicable when Platform is set to FDMS Rapid Connect.

GroupId Property (EMVKeyMgr Class)

The Id assigned by FDMS to identify the merchant or group of merchants.

Syntax


public String getGroupId();


public void setGroupId(String groupId);

Default Value

Remarks

This property specifies the FDMS assigned group Id. This Id identifies the merchant or group of merchants. This property is required.

This property is only applicable when Platform is set to FDMS Rapid Connect.

KeyDetails Property (EMVKeyMgr Class)

A collection of public key details.

Syntax


public KeyDetailsList getKeyDetails();


public void setKeyDetails(KeyDetailsList keyDetails);

Remarks

This property holds information about each of the public keys.

Applicable KeyDetail fields for FDMS Rapid Connect:

RID
IndexStr
Exponent
Modulus
Checksum
ExpDate

Applicable KeyDetail fields for Paymentech:

RID
IndexStr
Exponent
Modulus
Checksum
FallbackAllowed

This property is not available at design time.

Please refer to the KeyDetails type for a complete list of fields.

KeyFileCRC Property (EMVKeyMgr Class)

The CRC-16 checksum of the EMV public key.

Syntax


public String getKeyFileCRC();


public void setKeyFileCRC(String keyFileCRC);

Default Value

Remarks

This property specifies the 4 character CRC-16 checksum of the EMV public key. This is a hexadecimal value representation of two bytes, for instance "AA02".

This property should be set to the checksum of the current public key before calling CheckForUpdate. If no previous key has been downloaded leave this setting empty.

This property will be populated with values returned by the server after calling CheckForUpdate or GetKeyInfo.

This property is only applicable when Platform is set to FDMS Rapid Connect.

KeyFileDate Property (EMVKeyMgr Class)

The creation date of the EMV public key.

Syntax


public String getKeyFileDate();


public void setKeyFileDate(String keyFileDate);

Default Value

Remarks

This setting specifies the creation date of the EMV public key file. The format for this value is "MMddyyyyHHmmss".

This property should be set to the date of the current public key before calling CheckForUpdate. If no previous key has been downloaded leave this setting empty.

This property will be populated with values returned by the server after calling CheckForUpdate or GetKeyInfo.

This property is only applicable when Platform is set to FDMS Rapid Connect.

KeyFileSize Property (EMVKeyMgr Class)

The total size of the EMV public key file in bytes.

Syntax


public int getKeyFileSize();


public void setKeyFileSize(int keyFileSize);

Default Value

Remarks

This property specifies the total size of the file in bytes. This may be up to 5 digits in length.

This property should be set to the size of the current public key before calling CheckForUpdate. If no previous key has been downloaded set this to 0.

This property will be populated with values returned by the server after calling CheckForUpdate or GetKeyInfo.

This property is only applicable when Platform is set to FDMS Rapid Connect.

MerchantId Property (EMVKeyMgr Class)

A unique Id used to identify the merchant.

Syntax


public String getMerchantId();


public void setMerchantId(String merchantId);

Default Value

Remarks

This property holds the assigned Merchant Id assigned.

FDMS Rapid Connect

The value is an alphanumeric value up to 16 characters in length.

Paymentech

The value is 12 digits in length.

MerchantTerminalNumber Property (EMVKeyMgr Class)

Used to identify a unique terminal within a merchant location.

Syntax


public String getMerchantTerminalNumber();


public void setMerchantTerminalNumber(String merchantTerminalNumber);

Default Value

Remarks

This property contains the assigned merchant terminal number.

FDMS Rapid Connect

This value is a number assigned by FDMS to uniquely identify a terminal within a merchant location. The value is numeric and may be up to 8 digits in length.

Paymentech

This value is a 3-digit field assigned by Paymentech.

Password Property (EMVKeyMgr Class)

Password for authentication with the NetConnect Server .

Syntax


public String getPassword();


public void setPassword(String password);

Default Value

Remarks

The Password will be supplied to you by Paymentech.

This property is only applicable when Platform is set to Paymentech.

Platform Property (EMVKeyMgr Class)

The processing platform.

Syntax


public int getPlatform();


public void setPlatform(int platform);


Enumerated values:
  public final static int kpFDMSRapidConnect = 0;
  public final static int kpPaymentech = 1;

Default Value

Remarks

This property specifies the processing platform to which requests are made. Possible values are:


0 (kpFDMSRapidConnect - default)	FDMS Rapid Connect
1 (kpPaymentech)	Paymentech

Proxy Property (EMVKeyMgr Class)

This property includes a set of properties related to proxy access.

Syntax


public Proxy getProxy();


public void setProxy(Proxy proxy);

Remarks

This property contains fields describing the proxy through which the class will attempt to connect.

Please refer to the Proxy type for a complete list of fields.

SequenceNumber Property (EMVKeyMgr Class)

Sequence number of the transaction.

Syntax


public int getSequenceNumber();


public void setSequenceNumber(int sequenceNumber);

Default Value

Remarks

This field is user definable and can be used at the users discretion. The sequence number may be any numeric value 0 to 2400. This is an optional field and you may choose to send a unique number or simply send every transaction with zeros.

If set this value should be incremented for each transaction. When the sequence number reaches 2400, the SequenceNumber should then start over at 1 again.

This property is only applicable when Platform is set to Paymentech.

SSLAcceptServerCert Property (EMVKeyMgr Class)

Instructs the class to unconditionally accept the server certificate that matches the supplied certificate.

Syntax


public Certificate getSSLAcceptServerCert();


public void setSSLAcceptServerCert(Certificate SSLAcceptServerCert);

Remarks

If it finds any issues with the certificate presented by the server, the class will normally terminate the connection with an error.

You may override this behavior by supplying a value for SSLAcceptServerCert. If the certificate supplied in SSLAcceptServerCert is the same as the certificate presented by the server, then the server certificate is accepted unconditionally, and the connection will continue normally.

Please note that this functionality is provided only for cases where you otherwise know that you are communicating with the right server. If used improperly, this property may create a security breach. Use it at your own risk.

Please refer to the Certificate type for a complete list of fields.

SSLCert Property (EMVKeyMgr Class)

The certificate to be used during SSL negotiation.

Syntax


public Certificate getSSLCert();


public void setSSLCert(Certificate SSLCert);

Remarks

The digital certificate that the class will use during SSL negotiation. Set this property to a valid certificate before starting SSL negotiation. To set a certificate, you may set the Encoded field to the encoded certificate. To select a certificate, use the store and subject fields.

Please refer to the Certificate type for a complete list of fields.

SSLProvider Property (EMVKeyMgr Class)

This specifies the SSL/TLS implementation to use.

Syntax


public int getSSLProvider();


public void setSSLProvider(int SSLProvider);


Enumerated values:
  public final static int sslpAutomatic = 0;
  public final static int sslpPlatform = 1;
  public final static int sslpInternal = 2;

Default Value

Remarks

This property specifies the SSL/TLS implementation to use. In most cases the default value of 0 (Automatic) is recommended and should not be changed. When set to 0 (Automatic) the class will select whether to use the platform implementation or the internal implementation depending on the operating system as well as the TLS version being used.

Possible values are:


0 (sslpAutomatic - default)	Automatically selects the appropriate implementation.
1 (sslpPlatform)	Uses the platform/system implementation.
2 (sslpInternal)	Uses the internal implementation.

Additional Notes

In most cases using the default value (Automatic) is recommended. The class will select a provider depending on the current platform.

When Automatic is selected the platform implementation is used by default. When TLS 1.3 is enabled via SSLEnabledProtocols the internal implementation is used.

SSLServerCert Property (EMVKeyMgr Class)

The server certificate for the last established connection.

Syntax


public Certificate getSSLServerCert();

Remarks

SSLServerCert contains the server certificate for the last established connection.

SSLServerCert is reset every time a new connection is attempted.

This property is read-only.

Please refer to the Certificate type for a complete list of fields.

STAN Property (EMVKeyMgr Class)

The merchant assigned System Trace Audit Number(STAN).

Syntax


public String getSTAN();


public void setSTAN(String STAN);

Default Value

Remarks

This property represents a six digit number assigned by the merchant to uniquely reference the transaction. This number must be unique within a day per Merchant ID and Terminal ID.

Valid values are from 000001 to 999999 inclusive.

This property is only applicable when Platform is set to FDMS Rapid Connect.

Timeout Property (EMVKeyMgr Class)

A timeout for the class.

Syntax


public int getTimeout();


public void setTimeout(int timeout);

Default Value

Remarks

If Timeout is set to a positive value, and an operation cannot be completed immediately, the class will return with an error after Timeout seconds.

The default value for Timeout is 30 (seconds).

TPPID Property (EMVKeyMgr Class)

Third Party Processor Identifier assigned by FDMS.

Syntax


public String getTPPID();


public void setTPPID(String TPPID);

Default Value

Remarks

The Third Party Processor Identifier (TPPID. Also sometimes referred to as a "Vendor Id") is assigned by FDMS to each third party who is processing transactions. Each merchant will receive a TPPID from FDMS.

The default value is "" (empty string). This should be set to the FDMS assigned TPPID.

A VisaIdentifier is also required for Visa transactions.

This property is only applicable when Platform is set to FDMS Rapid Connect.

TransactionNumber Property (EMVKeyMgr Class)

Uniquely identifies the transaction.

Syntax


public String getTransactionNumber();


public void setTransactionNumber(String transactionNumber);

Default Value

Remarks

The TransactionNumber (otherwise known as the Client Reference Number, or ClientRef) uniquely identifies the packet sent by the application to the Datawire system. This parameter stores some unique token of information, and is used to match the response to the initial request sent. For example, the client application could use a static counter that is increased with the each executed request.

For all classs except FDMSGiftCard the maximum length of this property is 14 alphanumeric characters.

The FDMS recommended format is "tttttttVnnnnrrr" where ttttttt is a 7 digit transaction id, V is a constant, and nnn is a 3 digit version number and rrr is a 3 digit revision number. The 6 digit version number is typically static but unique for an application (Example: Version 2.5 = tttttttV002500).

For the Rapid Connect platform, the 6 character version number should be your Project/TPPID value. The entire TransactionNumber must be unique within a 24 hour time period.

The FDMSGiftCard also passes this value to the FDMS Closed Loop Gift Card system as a transaction id, and therefore the following restrictions are enforced: The maximum length is 7 characters. If the first character is an 'X', the remaining characters must be in the range '0' through 'F', indicating a hexadecimal number. Otherwise the FDMS Closed Loop Gift Card system only allows digits in this property.

This property is only applicable when Platform is set to FDMS Rapid Connect.

UpdateAvailable Property (EMVKeyMgr Class)

Whether updated public key information is available.

Syntax


public boolean isUpdateAvailable();

Default Value

False

Remarks

This property may be queried after calling CheckForUpdate to determine if new public key information is available from FDMS.

This property is only applicable when Platform is set to FDMS Rapid Connect.

This property is read-only.

URL Property (EMVKeyMgr Class)

Location of the server to which requests are sent.

Syntax


public String getURL();


public void setURL(String URL);

Default Value

"https://staging1.datawire.net/sd/"

Remarks

This is the URL to which all requests are sent. The default value is "https://staging1.datawire.net/sd/".

FDMS Rapid Connect

This URL is acquired by using the FDMSRegister class. Once you Register and Activate the merchant using the FDMSRegister class, you may then do a Service Discovery. After sending a Service Discovery transaction, the Datawire system will return a list of transaction URLs. The URL from this list with the shortest round-trip transit time from a ping is the URL you should use here.

Paymentech

The URL is provided by Paymentech. The test server URL is "https://netconnectvar1.chasepaymentech.com/NetConnect/controller".

UserId Property (EMVKeyMgr Class)

UserId for authentication with the NetConnect Server .

Syntax


public String getUserId();


public void setUserId(String userId);

Default Value

Remarks

The UserId will be supplied to you by PaymenTech.

This property is only applicable when Platform is set to Paymentech.

CheckForUpdate Method (Emvkeymgr Class)

Checks the key status to see if an update is required.

Syntax

public void checkForUpdate();

Remarks

This method checks the status of the EMV public key to determine if an update is required. This method is only applicable when Platform is set to FDMS Rapid Connect.

Before calling this method specify KeyFileCRC, KeyFileSize, and KeyFileDate with values for the current EMV public key. If no details are known leave these properties empty.

After calling this method check UpdateAvailable to determine if an updated is required. If an update is required call GetKeyInfo.

This method will populate KeyFileCRC, KeyFileSize, and KeyFileDate with the values returned by the server for the latest EMV public key.

This method is only applicable when Platform is set to FDMS Rapid Connect.

Config Method (Emvkeymgr Class)

Sets or retrieves a configuration setting.

Syntax

public String config(String configurationString);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

GetKeyInfo Method (Emvkeymgr Class)

This method retrieves the EMV public key information.

Syntax

public void getKeyInfo();

Remarks

This method retrieves the EMV public key information.

After calling this method check the KeyDetails property for information about each of the public keys returned.

Applicable KeyDetail fields for FDMS Rapid Connect:

RID
IndexStr
Exponent
Modulus
Checksum
ExpDate

Applicable KeyDetail fields for Paymentech:

RID
IndexStr
Exponent
Modulus
Checksum
FallbackAllowed

In addition to the key details the following properties will be populated when working with FDMS:

KeyFileCRC
KeyFileDate
KeyFileSize

These values should be saved for use when calling CheckForUpdate at a later time.

Connected Event (Emvkeymgr Class)

This event is fired immediately after a connection completes (or fails).

Syntax

public class DefaultEmvkeymgrEventListener implements EmvkeymgrEventListener {
  ...
  public void connected(EmvkeymgrConnectedEvent e) {}
  ...
}

public class EmvkeymgrConnectedEvent {
  public int statusCode;
  public String description;
}

Remarks

If the connection is made normally, StatusCode is 0 and Description is "OK".

If the connection fails, StatusCode has the error code returned by the Transmission Control Protocol (TCP)/IP stack. Description contains a description of this code. The value of StatusCode is equal to the value of the error.

Please refer to the Error Codes section for more information.

DataPacketIn Event (Emvkeymgr Class)

Fired when receiving a data packet from the transaction server.

Syntax

public class DefaultEmvkeymgrEventListener implements EmvkeymgrEventListener {
  ...
  public void dataPacketIn(EmvkeymgrDataPacketInEvent e) {}
  ...
}

public class EmvkeymgrDataPacketInEvent {
  public byte[] dataPacket;
}

Remarks

This event fires when a packet is received. The entire data packet (including all framing and error detection characters) is contained in the parameter "DataPacket". This parameter may be inspected for advanced troubleshooting, or to extract additional response properties beyond the scope of this class.

This event is only applicable when Platform is set to Paymentech.

DataPacketOut Event (Emvkeymgr Class)

Fired when sending a data packet to the transaction server.

Syntax

public class DefaultEmvkeymgrEventListener implements EmvkeymgrEventListener {
  ...
  public void dataPacketOut(EmvkeymgrDataPacketOutEvent e) {}
  ...
}

public class EmvkeymgrDataPacketOutEvent {
  public byte[] dataPacket;
}

Remarks

This event fires right before each data packet is sent. The entire data packet (including all framing and error detection characters) is contained in the parameter "DataPacket". This parameter may be inspected for advanced troubleshooting, or may be modified to support additional features beyond the scope of this class.

This event is only applicable when Platform is set to Paymentech.

Disconnected Event (Emvkeymgr Class)

This event is fired when a connection is closed.

Syntax

public class DefaultEmvkeymgrEventListener implements EmvkeymgrEventListener {
  ...
  public void disconnected(EmvkeymgrDisconnectedEvent e) {}
  ...
}

public class EmvkeymgrDisconnectedEvent {
  public int statusCode;
  public String description;
}

Remarks

If the connection is broken normally, StatusCode is 0 and Description is "OK".

If the connection is broken for any other reason, StatusCode has the error code returned by the Transmission Control Protocol (TCP/IP) subsystem. Description contains a description of this code. The value of StatusCode is equal to the value of the TCP/IP error.

Please refer to the Error Codes section for more information.

Error Event (Emvkeymgr Class)

Information about errors during data delivery.

Syntax

public class DefaultEmvkeymgrEventListener implements EmvkeymgrEventListener {
  ...
  public void error(EmvkeymgrErrorEvent e) {}
  ...
}

public class EmvkeymgrErrorEvent {
  public int errorCode;
  public String description;
}

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the class throws an exception.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

SSLServerAuthentication Event (Emvkeymgr Class)

Fired after the server presents its certificate to the client.

Syntax

public class DefaultEmvkeymgrEventListener implements EmvkeymgrEventListener {
  ...
  public void SSLServerAuthentication(EmvkeymgrSSLServerAuthenticationEvent e) {}
  ...
}

public class EmvkeymgrSSLServerAuthenticationEvent {
  public byte[] certEncoded;
  public String certSubject;
  public String certIssuer;
  public String status;
  public boolean accept;
}

Remarks

This event is where the client can decide whether to continue with the connection process or not. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether to continue or not.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string "OK"). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

SSLStatus Event (Emvkeymgr Class)

Shows the progress of the secure connection.

Syntax

public class DefaultEmvkeymgrEventListener implements EmvkeymgrEventListener {
  ...
  public void SSLStatus(EmvkeymgrSSLStatusEvent e) {}
  ...
}

public class EmvkeymgrSSLStatusEvent {
  public String message;
}

Remarks

The event is fired for informational and logging purposes only. Used to track the progress of the connection.

Status Event (Emvkeymgr Class)

Shows the progress of the FDMS/Datawire connection.

Syntax

public class DefaultEmvkeymgrEventListener implements EmvkeymgrEventListener {
  ...
  public void status(EmvkeymgrStatusEvent e) {}
  ...
}

public class EmvkeymgrStatusEvent {
  public String message;
}

Remarks

The event is fired for informational and logging purposes only. Used to track the progress of the connection.

Certificate Type

This is the digital certificate being used.

Remarks

This type describes the current digital certificate. The certificate may be a public or private key. The fields are used to identify or select certificates.

Fields

EffectiveDate
String (read-only)
Default Value: ""

This is the date on which this certificate becomes valid. Before this date, it is not valid. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

Encoded
String
Default Value: ""

This is the certificate (PEM/base64 encoded). This field is used to assign a specific certificate. The Store and Subject fields also may be used to specify a certificate.

When Encoded is set, a search is initiated in the current Store for the private key of the certificate. If the key is found, Subject is updated to reflect the full subject of the selected certificate; otherwise, Subject is set to an empty string.

EncodedB
byte[]
Default Value: ""

This is the certificate (PEM/base64 encoded). This field is used to assign a specific certificate. The Store and Subject fields also may be used to specify a certificate.

ExpirationDate
String (read-only)
Default Value: ""

This is the date the certificate expires. After this date, the certificate will no longer be valid. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

ExtendedKeyUsage
String
Default Value: ""

This is a comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

Fingerprint
String (read-only)
Default Value: ""

This is the hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

FingerprintSHA1
String (read-only)
Default Value: ""

This is the hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

FingerprintSHA256
String (read-only)
Default Value: ""

This is the hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

Issuer
String (read-only)
Default Value: ""

This is the issuer of the certificate. This field contains a string representation of the name of the issuing authority for the certificate.

KeyPassword
String
Default Value: ""

This is the password for the certificate's private key (if any).

Some certificate stores may individually protect certificates' private keys, separate from the standard protection offered by the StorePassword. KeyPassword. This field can be used to read such password-protected private keys.

Note: this property defaults to the value of StorePassword. To clear it, you must set the property to the empty string (""). It can be set at any time, but when the private key's password is different from the store's password, then it must be set before calling PrivateKey.

PrivateKey
String (read-only)
Default Value: ""

This is the private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The PrivateKey may be available but not exportable. In this case, PrivateKey returns an empty string.

PrivateKeyAvailable
boolean (read-only)
Default Value: False

This field shows whether a PrivateKey is available for the selected certificate. If PrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

PrivateKeyContainer
String (read-only)
Default Value: ""

This is the name of the PrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

PublicKey
String (read-only)
Default Value: ""

This is the public key of the certificate. The key is provided as PEM/Base64-encoded data.

PublicKeyAlgorithm
String
Default Value: ""

This field contains the textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

PublicKeyLength
int (read-only)
Default Value: 0

This is the length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

SerialNumber
String (read-only)
Default Value: ""

This is the serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

SignatureAlgorithm
String (read-only)
Default Value: ""

The field contains the text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

Store
String
Default Value: "MY"

This is the name of the certificate store for the client certificate.

The StoreType field denotes the type of the certificate store specified by Store. If the store is password protected, specify the password in StorePassword.

Store is used in conjunction with the Subject field to specify client certificates. If Store has a value, and Subject or Encoded is set, a search for a certificate is initiated. Please see the Subject field for details.

Designations of certificate stores are platform-dependent.

The following are designations of the most common User and Machine certificate stores in Windows:


MY	A certificate store holding personal certificates with their associated private keys.
CA	Certifying authority certificates.
ROOT	Root certificates.

In Java, the certificate store normally is a file containing certificates and optional private keys.

When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).

StoreB
byte[]
Default Value: "MY"

This is the name of the certificate store for the client certificate.

The StoreType field denotes the type of the certificate store specified by Store. If the store is password protected, specify the password in StorePassword.

Designations of certificate stores are platform-dependent.

The following are designations of the most common User and Machine certificate stores in Windows:


MY	A certificate store holding personal certificates with their associated private keys.
CA	Certifying authority certificates.
ROOT	Root certificates.

In Java, the certificate store normally is a file containing certificates and optional private keys.

StorePassword
String
Default Value: ""

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

StoreType
int
Default Value: 0

This is the type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used the class will automatically determine the type. This field can take one of the following values:


0 (cstUser - default)	For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: this store type is not available in Java.
1 (cstMachine)	For Windows, this specifies that the certificate store is a machine store. Note: this store type is not available in Java.
2 (cstPFXFile)	The certificate store is the name of a PFX (PKCS12) file containing certificates.
3 (cstPFXBlob)	The certificate store is a string (binary or base64-encoded) representing a certificate store in PFX (PKCS12) format.
4 (cstJKSFile)	The certificate store is the name of a Java Key Store (JKS) file containing certificates. Note: this store type is only available in Java.
5 (cstJKSBlob)	The certificate store is a string (binary or base64-encoded) representing a certificate store in Java Key Store (JKS) format. Note: this store type is only available in Java.
6 (cstPEMKeyFile)	The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)	The certificate store is a string (binary or base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)	The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)	The certificate store is a string (binary or base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)	The certificate store is a string (binary or base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)	The certificate store is the name of a PKCS7 file containing certificates.
12 (cstP7BBlob)	The certificate store is a string (binary) representing a certificate store in PKCS7 format.
13 (cstSSHPublicKeyFile)	The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)	The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)	The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)	The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)	The certificate store is a string that contains a certificate in XML format.
18 (cstJWKFile)	The certificate store is the name of a file that contains a JWK (JSON Web Key).
19 (cstJWKBlob)	The certificate store is a string that contains a JWK (JSON Web Key).
21 (cstBCFKSFile)	The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store). Note: this store type is only available in Java and .NET.
22 (cstBCFKSBlob)	The certificate store is a string (binary or base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format. Note: this store type is only available in Java and .NET.
23 (cstPKCS11)	The certificate is present on a physical security key accessible via a PKCS11 interface. To use a security key the necessary data must first be collected using the CertMgr class. The ListStoreCertificates method may be called after setting CertStoreType to `cstPKCS11`, CertStorePassword to the PIN, and CertStore to the full path of the PKCS11 dll. The certificate information returned in the CertList event's `CertEncoded` parameter may be saved for later use. When using a certificate, pass the previously saved security key information as the Store and set StorePassword to the PIN. Code Example: SSH Authentication with Security Key `certmgr.CertStoreType = CertStoreTypes.cstPKCS11; certmgr.OnCertList += (s, e) => { secKeyBlob = e.CertEncoded; }; certmgr.CertStore = @"C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"; certmgr.CertStorePassword = "123456"; //PIN certmgr.ListStoreCertificates(); sftp.SSHCert = new Certificate(CertStoreTypes.cstPKCS11, secKeyBlob, "123456", "*"); sftp.SSHUser = "test"; sftp.SSHLogon("myhost", 22);`
99 (cstAuto)	The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically.

Subject
String
Default Value: ""

This is the subject of the certificate used for client authentication.

This field will be populated with the full subject of the loaded certificate. When loading a certificate the subject is used to locate the certificate in the store.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma separated list of distinguished name fields and values. For instance "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are displayed below.


Field	Meaning
CN	Common Name. This is commonly a host name like www.server.com.
O	Organization
OU	Organizational Unit
L	Locality
S	State
C	Country
E	Email Address

If a field value contains a comma it must be quoted.

SubjectAltNames
String (read-only)
Default Value: ""

This field contains comma-separated lists of alternative subject names for the certificate.

ThumbprintMD5
String (read-only)
Default Value: ""

This field contains the MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

ThumbprintSHA1
String (read-only)
Default Value: ""

This field contains the SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

ThumbprintSHA256
String (read-only)
Default Value: ""

This field contains the SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

Usage
String
Default Value: ""

This field contains the text description of UsageFlags.

This value will be of one or more of the following strings and will be separated by commas:

Digital Signatures
Key Authentication
Key Encryption
Data Encryption
Key Agreement
Certificate Signing
Key Signing

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

UsageFlags
int
Default Value: 0

This field contains the flags that show intended use for the certificate. The value of UsageFlags is a combination of the following flags:


0x80	Digital Signatures
0x40	Key Authentication (Non-Repudiation)
0x20	Key Encryption
0x10	Data Encryption
0x08	Key Agreement
0x04	Certificate Signing
0x02	Key Signing

Please see the Usage field for a text representation of UsageFlags.

This functionality currently is not available when the provider is OpenSSL.

Version
String (read-only)
Default Value: ""

This field contains the certificate's version number. The possible values are the strings "V1", "V2", and "V3".

Constructors

public Certificate();

Creates a Certificate instance whose properties can be set. This is useful for use with CERTMGR when generating new certificates.

public Certificate( certificateFile);

Opens CertificateFile and reads out the contents as an X509 public key.

public Certificate( certificateData);

Parses CertificateData as an X509 public key.

public Certificate( certStoreType,  store,  storePassword,  subject);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate( certStoreType,  store,  storePassword,  subject,  configurationString);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. ConfigurationString is a newline separated list of name-value pairs that may be used to modify the default behavior. Possible values include "PersistPFXKey", which shows whether or not the PFX key is persisted after performing operations with the private key. This correlates to the PKCS12_NO_PERSIST_KEY CyrptoAPI option. The default value is True (the key is persisted). "Thumbprint" - a MD5, SHA1, or SHA256 thumbprint of the certificate to load. When specified, this value is used to select the certificate in the store. This is applicable to cstUser, cstMachine, cstPublicKeyFile, and cstPFXFile store types. "UseInternalSecurityAPI" shows whether the platform (default) or the internal security API is used when performing certificate-related operations. After the store has been successfully opened, the class will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate( certStoreType,  store,  storePassword,  encoded);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will load Encoded as an X509 certificate and search the opened store for a corresponding private key.

public Certificate( certStoreType,  storeBlob,  storePassword,  subject);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. StoreBlob is a string (binary- or base64-encoded) containing the certificate data. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate( certStoreType,  storeBlob,  storePassword,  subject,  configurationString);

public Certificate( certStoreType,  storeBlob,  storePassword,  encoded);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a string (binary- or base64-encoded) containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will load Encoded as an X509 certificate and search the opened store for a corresponding private key.

KeyDetails Type

A collection of public key details.

Remarks

This type contains details about each public key.

Fields

CheckSum
String (read-only)
Default Value: ""

The checksum of the public key values.

ExpDate
String (read-only)
Default Value: ""

The expiration date of the public key. The format is MMDDYYYY. For instance "06312014".

This property is only applicable when Platform is set to FDMS Rapid Connect.

Exponent
String (read-only)
Default Value: ""

The exponent of the public key.

FallbackAllowed
boolean (read-only)
Default Value: False

Whether the terminal is allowed to fall back to magnetic stripe when there is a problem reading the chip.

This property is only applicable when Platform is set to Paymentech.

IndexStr
String (read-only)
Default Value: "0"

This field identifies the public key in conjunction with RID.

Modulus
String (read-only)
Default Value: ""

The modulus of the public key.

RID
String (read-only)
Default Value: ""

The registered application provider identifier (RID) for which the public key applies. For instance "A000000003".

Constructors

public KeyDetails();

Proxy Type

This is the proxy the class will connect to.

Remarks

When connecting through a proxy, this type is used to specify different properties of the proxy, such as the Server and the AuthScheme.

Fields

AuthScheme
int
Default Value: 0

This field is used to tell the class which type of authorization to perform when connecting to the proxy. This is used only when the User and Password fields are set.

AuthScheme should be set to authNone (3) when no authentication is expected.

By default, AuthScheme is authBasic (0), and if the User and Password fields are set, the component will attempt basic authentication.

If AuthScheme is set to authDigest (1), digest authentication will be attempted instead.

If AuthScheme is set to authProprietary (2), then the authorization token will not be generated by the class. Look at the configuration file for the class being used to find more information about manually setting this token.

If AuthScheme is set to authNtlm (4), NTLM authentication will be used.

For security reasons, setting this field will clear the values of User and Password.

AutoDetect
boolean
Default Value: False

This field tells the class whether or not to automatically detect and use proxy system settings, if available. The default value is false.

Note: This setting is applicable only in Windows.

Password
String
Default Value: ""

This field contains a password if authentication is to be used for the proxy.

If AuthScheme is set to Basic Authentication, the User and Password are Base64 encoded and the proxy authentication token will be generated in the form Basic [encoded-user-password].

If AuthScheme is set to Digest Authentication, the User and Password fields are used to respond to the Digest Authentication challenge from the server.

If AuthScheme is set to NTLM Authentication, the User and Password fields are used to authenticate through NTLM negotiation.

Port
int
Default Value: 80

This field contains the Transmission Control Protocol (TCP) port for the proxy Server (default 80). See the description of the Server field for details.

Server
String
Default Value: ""

If a proxy Server is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.

If the Server field is set to a domain name, a DNS request is initiated. Upon successful termination of the request, the Server field is set to the corresponding address. If the search is not successful, an error is returned.

SSL
int
Default Value: 0

This field determines when to use a Secure Sockets Layer (SSL) for the connection to the proxy. The applicable values are as follows:


psAutomatic (0)	Default setting. If the URL is an `https` URL, the class will use the `psTunnel` option. If the URL is an `http` URL, the class will use the `psNever` option.
psAlways (1)	The connection is always SSL enabled.
psNever (2)	The connection is not SSL enabled.
psTunnel (3)	The connection is made through a tunneling (HTTP) proxy.

User
String
Default Value: ""

This field contains a user name, if authentication is to be used for the proxy.

If AuthScheme is set to Basic Authentication, the User and Password are Base64 encoded and the proxy authentication token will be generated in the form Basic [encoded-user-password].

If AuthScheme is set to Digest Authentication, the User and Password fields are used to respond to the Digest Authentication challenge from the server.

If AuthScheme is set to NTLM Authentication, the User and Password fields are used to authenticate through NTLM negotiation.

Constructors

public Proxy();

public Proxy( server,  port);

public Proxy( server,  port,  user,  password);

Config Settings (Emvkeymgr Class)

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

EMVKeyMgr Config Settings

KeyBlockSize: The maximum block size when downloading the EMV public key.

This setting species the maximum block size used when downloading the EMV public key from FDMS. If the key exceeds this size multiple requests will be made by the class to download the key. Valid values are from 100 to 999. The default value is 999. This is only applicable when Platform is set to FDMS.

KeyData: The EMV public key data.

The EMV public key data returned after calling GetKeyInfo.

RawRequest: Returns the request sent to the server for debugging purposes.

After an operation this setting may be queried to return the request as it was sent to the server. This is useful for debugging purposes.

RawResponse: Returns the response received from the server for debugging purposes.

After an operation this setting may be queried to return the response as it was received from the server. This is useful for debugging purposes.

HTTP Config Settings

AcceptEncoding: Used to tell the server which types of content encodings the client supports.

When AllowHTTPCompression is True, the class adds an Accept-Encoding header to the request being sent to the server. By default, this header's value is "gzip, deflate". This configuration setting allows you to change the value of the Accept-Encoding header. Note: The class only supports gzip and deflate decompression algorithms.

AllowHTTPCompression: This property enables HTTP compression for receiving data.

This configuration setting enables HTTP compression for receiving data. When set to True (default), the class will accept compressed data. It then will uncompress the data it has received. The class will handle data compressed by both gzip and deflate compression algorithms.

When True, the class adds an Accept-Encoding header to the outgoing request. The value for this header can be controlled by the AcceptEncoding configuration setting. The default value for this header is "gzip, deflate".

The default value is True.

AllowHTTPFallback: Whether HTTP/2 connections are permitted to fallback to HTTP/1.1.

This configuration setting controls whether HTTP/2 connections are permitted to fall back to HTTP/1.1 when the server does not support HTTP/2. This setting is applicable only when HTTPVersion is set to "2.0".

If set to True (default), the class will automatically use HTTP/1.1 if the server does not support HTTP/2. If set to False, the class throws an exception if the server does not support HTTP/2.

The default value is True.

AllowNTLMFallback: Whether to allow fallback from Negotiate to NTLM when authenticating.

This configuration setting applies only when AuthScheme is set to Negotiate. If set to True, the class will automatically use New Technology LAN Manager (NTLM) if the server does not support Negotiate authentication. Note: The server must indicate that it supports NTLM authentication through the WWW-Authenticate header for the fallback from Negotiate to NTLM to take place. The default value is False.

Append: Whether to append data to LocalFile.

This configuration setting determines whether data will be appended when writing to LocalFile. When set to True, downloaded data will be appended to LocalFile. This may be used in conjunction with Range to resume a failed download. This is applicable only when LocalFile is set. The default value is False.

Authorization: The Authorization string to be sent to the server.

If the Authorization property contains a nonempty string, an Authorization HTTP request header is added to the request. This header conveys Authorization information to the server.

This property is provided so that the HTTP class can be extended with other security schemes in addition to the authorization schemes already implemented by the class.

The AuthScheme property defines the authentication scheme used. In the case of HTTP Basic Authentication (default), every time User and Password are set, they are Base64 encoded, and the result is put in the Authorization property in the form "Basic [encoded-user-password]".

BytesTransferred: Contains the number of bytes transferred in the response data.

This configuration setting returns the raw number of bytes from the HTTP response data, before the component processes the data, whether it is chunked or compressed. This returns the same value as the Transfer event, by BytesTransferred.

ChunkSize: Specifies the chunk size in bytes when using chunked encoding.

This is applicable only when UseChunkedEncoding is True. This setting specifies the chunk size in bytes to be used when posting data. The default value is 16384.

CompressHTTPRequest: Set to true to compress the body of a PUT or POST request.

If set to True, the body of a PUT or POST request will be compressed into gzip format before sending the request. The "Content-Encoding" header is also added to the outgoing request.

The default value is False.

EncodeURL: If set to True the URL will be encoded by the class.

If set to True, the URL passed to the class will be URL encoded. The default value is False.

FollowRedirects: Determines what happens when the server issues a redirect.

This option determines what happens when the server issues a redirect. Normally, the class returns an error if the server responds with an "Object Moved" message. If this property is set to 1 (always), the new URL for the object is retrieved automatically every time.

If this property is set to 2 (Same Scheme), the new URL is retrieved automatically only if the URL Scheme is the same; otherwise, the class throws an exception.

Note: Following the HTTP specification, unless this option is set to 1 (Always), automatic redirects will be performed only for GET or HEAD requests. Other methods potentially could change the conditions of the initial request and create security vulnerabilities.

Furthermore, if either the new URL server or port are different from the existing one, User and Password are also reset to empty, unless this property is set to 1 (Always), in which case the same credentials are used to connect to the new server.

A Redirect event is fired for every URL the product is redirected to. In the case of automatic redirections, the Redirect event is a good place to set properties related to the new connection (e.g., new authentication parameters).

The default value is 0 (Never). In this case, redirects are never followed, and the class throws an exception instead.

Following are the valid options:

0 - Never
1 - Always
2 - Same Scheme

GetOn302Redirect: If set to True the class will perform a GET on the new location.

The default value is False. If set to True, the class will perform a GET on the new location. Otherwise, it will use the same HTTP method again.

HTTP2HeadersWithoutIndexing: HTTP2 headers that should not update the dynamic header table with incremental indexing.

HTTP/2 servers maintain a dynamic table of headers and values seen over the course of a connection. Typically, these headers are inserted into the table through incremental indexing (also known as HPACK, defined in RFC 7541). To tell the component not to use incremental indexing for certain headers, and thus not update the dynamic table, set this configuration option to a comma-delimited list of the header names.

HTTPVersion: The version of HTTP used by the class.

This property specifies the HTTP version used by the class. Possible values are as follows:

"1.0"
"1.1" (default)
"2.0"
"3.0"

When using HTTP/2 ("2.0"), additional restrictions apply. Please see the following notes for details.

HTTP/2 Notes

When using HTTP/2, a secure Secure Sockets Layer/Transport Layer Security (TLS/SSL) connection is required. Attempting to use a plaintext URL with HTTP/2 will result in an error.

If the server does not support HTTP/2, the class will automatically use HTTP/1.1 instead. This is done to provide compatibility without the need for any additional settings. To see which version was used, check NegotiatedHTTPVersion after calling a method. The AllowHTTPFallback setting controls whether this behavior is allowed (default) or disallowed.

HTTP/2 is supported on all platforms. The class will use the internal security implementation in all cases when connecting.

HTTP/3 Notes

HTTP/3 is supported only in .NET and Java.

When using HTTP/3, a secure (TLS/SSL) connection is required. Attempting to use a plaintext URL with HTTP/3 will result in an error.

IfModifiedSince: A date determining the maximum age of the desired document.

If this setting contains a nonempty string, an If-Modified-Since HTTP header is added to the request. The value of this header is used to make the HTTP request conditional: if the requested documented has not been modified since the time specified in the field, a copy of the document will not be returned from the server; instead, a 304 (not modified) response will be returned by the server and the component throws an exception

The format of the date value for IfModifiedSince is detailed in the HTTP specs. For example: Sat, 29 Oct 2017 19:43:31 GMT.

KeepAlive: Determines whether the HTTP connection is closed after completion of the request.

If true, the component will not send the Connection: Close header. The absence of the Connection header indicates to the server that HTTP persistent connections should be used if supported. Note: Not all servers support persistent connections. If false, the connection will be closed immediately after the server response is received.

The default value for KeepAlive is false.

KerberosSPN: The Service Principal Name for the Kerberos Domain Controller.

If the Service Principal Name on the Kerberos Domain Controller is not the same as the URL that you are authenticating to, the Service Principal Name should be set here.

LogLevel: The level of detail that is logged.

This configuration setting controls the level of detail that is logged through the Log event. Possible values are as follows:


0 (None)	No events are logged.
1 (Info - default)	Informational events are logged.
2 (Verbose)	Detailed data are logged.
3 (Debug)	Debug data are logged.

The value 1 (Info) logs basic information, including the URL, HTTP version, and status details.

The value 2 (Verbose) logs additional information about the request and response.

The value 3 (Debug) logs the headers and body for both the request and response, as well as additional debug information (if any).

MaxHeaders: Instructs class to save the amount of headers specified that are returned by the server after a Header event has been fired.

This configuration setting should be set when the TransferredHeaders collection is to be populated when a Header event has been fired. This value represents the number of headers that are to be saved in the collection.

To save all items to the collection, set this configuration setting to -1. If no items are wanted, set this to 0, which will not save any items to the collection. The default for this configuration setting is -1, so all items will be included in the collection.

MaxHTTPCookies: Instructs class to save the amount of cookies specified that are returned by the server when a SetCookie event is fired.

This configuration setting should be set when populating the Cookies collection as a result of an HTTP request. This value represents the number of cookies that are to be saved in the collection.

MaxRedirectAttempts: Limits the number of redirects that are followed in a request.

When FollowRedirects is set to any value other than frNever, the class will follow redirects until this maximum number of redirect attempts are made. The default value is 20.

NegotiatedHTTPVersion: The negotiated HTTP version.

This configuration setting may be queried after the request is complete to indicate the HTTP version used. When HTTPVersion is set to "2.0" (if the server does not support "2.0"), then the class will fall back to using "1.1" automatically. This setting will indicate which version was used.

OtherHeaders: Other headers as determined by the user (optional).

This configuration setting can be set to a string of headers to be appended to the HTTP request headers.

The headers must follow the format "header: value" as described in the HTTP specifications. Header lines should be separated by CRLF ("\r\n") .

Use this configuration setting with caution. If this configuration setting contains invalid headers, HTTP requests may fail.

This configuration setting is useful for extending the functionality of the class beyond what is provided.

ProxyAuthorization: The authorization string to be sent to the proxy server.

This is similar to the Authorization configuration setting, but is used for proxy authorization. If this configuration setting contains a nonempty string, a Proxy-Authorization HTTP request header is added to the request. This header conveys proxy Authorization information to the server. If User and Password are specified, this value is calculated using the algorithm specified by AuthScheme.

ProxyAuthScheme: The authorization scheme to be used for the proxy.

This configuration setting is provided for use by classs that do not directly expose Proxy properties.

ProxyPassword: A password if authentication is to be used for the proxy.

This configuration setting is provided for use by classs that do not directly expose Proxy properties.

ProxyPort: Port for the proxy server (default 80).

This configuration setting is provided for use by classs that do not directly expose Proxy properties.

ProxyServer: Name or IP address of a proxy server (optional).

This configuration setting is provided for use by classs that do not directly expose Proxy properties.

ProxyUser: A user name if authentication is to be used for the proxy.

This configuration setting is provided for use by classs that do not directly expose Proxy properties.

SentHeaders: The full set of headers as sent by the client.

This configuration setting returns the complete set of raw headers as sent by the client.

StatusCode: The status code of the last response from the server.

This configuration setting contains the result code of the last response from the server.

StatusLine: The first line of the last response from the server.

This setting contains the first line of the last response from the server. The format of the line will be [HTTP version] [Result Code] [Description].

TransferredData: The contents of the last response from the server.

This configuration setting contains the contents of the last response from the server.

TransferredDataLimit: The maximum number of incoming bytes to be stored by the class.

If TransferredDataLimit is set to 0 (default), no limits are imposed. Otherwise, this reflects the maximum number of incoming bytes that can be stored by the class.

TransferredHeaders: The full set of headers as received from the server.

This configuration setting returns the complete set of raw headers as received from the server.

TransferredRequest: The full request as sent by the client.

This configuration setting returns the full request as sent by the client. For performance reasons, the request is not normally saved. Set this configuration setting to ON before making a request to enable it. Following are examples of this request:

.NET Http http = new Http(); http.Config("TransferredRequest=on"); http.PostData = "body"; http.Post("http://someserver.com"); Console.WriteLine(http.Config("TransferredRequest")); C++ HTTP http; http.Config("TransferredRequest=on"); http.SetPostData("body", 5); http.Post("http://someserver.com"); printf("%s\r\n", http.Config("TransferredRequest"));

UseChunkedEncoding: Enables or Disables HTTP chunked encoding for transfers.

If UseChunkedEncoding is set to True, the class will use HTTP-chunked encoding when posting, if possible. HTTP-chunked encoding allows large files to be sent in chunks instead of all at once. If set to False, the class will not use HTTP-chunked encoding. The default value is False.

Note: Some servers (such as the ASP.NET Development Server) may not support chunked encoding.

UseIDNs: Whether to encode hostnames to internationalized domain names.

This configuration setting specifies whether hostnames containing non-ASCII characters are encoded to internationalized domain names. When set to True, if a hostname contains non-ASCII characters, it is encoded using Punycode to an IDN (internationalized domain name).

The default value is False and the hostname will always be used exactly as specified.

UsePlatformDeflate: Whether to use the platform implementation to decompress compressed responses.

This configuration setting specifies whether the platform's deflate-algorithm implementation is used to decompress responses that use compression. If set to True (default), the platform implementation is used. If set to False, an internal implementation is used.

UsePlatformHTTPClient: Whether or not to use the platform HTTP client.

When using this configuration setting, if True, the component will use the default HTTP client for the platform (URLConnection in Java, WebRequest in .NET, or CFHTTPMessage in Mac/iOS) instead of the internal HTTP implementation. This is important for environments in which direct access to sockets is limited or not allowed (e.g., in the Google AppEngine).

UseProxyAutoConfigURL: Whether to use a Proxy auto-config file when attempting a connection.

This configuration specifies whether the class will attempt to use the Proxy auto-config URL when establishing a connection and AutoDetect is set to True.

When True (default), the class will check for the existence of a Proxy auto-config URL, and if found, will determine the appropriate proxy to use.

UserAgent: Information about the user agent (browser).

This is the value supplied in the HTTP User-Agent header. The default setting is "IPWorks HTTP Component - www.nsoftware.com".

Override the default with the name and version of your software.

TCPClient Config Settings

CloseStreamAfterTransfer: If true, the component will close the upload or download stream after the transfer.

This setting determines whether the input or output stream is closed after the transfer completes. When set to True (default), all streams will be closed after a transfer is completed. In order to keep streams open after the transfer of data, set this to False. the default value is True. If true, the component will close the upload or download stream after the transfer.

CloseStreamAfterTransfer: If true, the component will close the upload or download stream after the transfer.

ConnectionTimeout: Sets a separate timeout value for establishing a connection.

When set, this configuration setting allows you to specify a different timeout value for establishing a connection. Otherwise, the class will use Timeout for establishing a connection and transmitting/receiving data. Sets a separate timeout value for establishing a connection.

ConnectionTimeout: Sets a separate timeout value for establishing a connection.

FirewallAutoDetect: Tells the class whether or not to automatically detect and use firewall system settings, if available.

This configuration setting is provided for use by classs that do not directly expose Firewall properties. Tells the class whether or not to automatically detect and use firewall system settings, if available.

This configuration setting is provided for use by classs that do not directly expose Firewall properties.

FirewallAutoDetect: Tells the class whether or not to automatically detect and use firewall system settings, if available.

This configuration setting is provided for use by classs that do not directly expose Firewall properties.

FirewallHost: Name or IP address of firewall (optional).

If a FirewallHost is given, requested connections will be authenticated through the specified firewall when connecting.

If the FirewallHost setting is set to a Domain Name, a DNS request is initiated. Upon successful termination of the request, the FirewallHost setting is set to the corresponding address. If the search is not successful, an error is returned.

Note: This setting is provided for use by classs that do not directly expose Firewall properties.

Name or IP address of firewall (optional).

If a FirewallHost is given, requested connections will be authenticated through the specified firewall when connecting.

Note: This setting is provided for use by classs that do not directly expose Firewall properties.

FirewallHost: Name or IP address of firewall (optional).

If a FirewallHost is given, requested connections will be authenticated through the specified firewall when connecting.

Note: This setting is provided for use by classs that do not directly expose Firewall properties.

Name or IP address of firewall (optional).

If a FirewallHost is given, requested connections will be authenticated through the specified firewall when connecting.

Note: This setting is provided for use by classs that do not directly expose Firewall properties.

FirewallListener: If true, the component binds to a SOCKS firewall as a server (TCPClient only).

This entry is for TCPClient only and does not work for other components that descend from TCPClient.

If this entry is set, the class acts as a server. RemoteHost and RemotePort are used to tell the SOCKS firewall in which address and port to listen to. The firewall rules may ignore RemoteHost, and it is recommended that RemoteHost be set to empty string in this case.

RemotePort is the port in which the firewall will listen to. If set to 0, the firewall will select a random port. The binding (address and port) is provided through the ConnectionStatus event.

The connection to the firewall is made by calling the Connect method.

If true, the component binds to a SOCKS firewall as a server (TCPClient only).