TSYSHCTerminalMgr Class

Properties Methods Events Config Settings Errors

The TSYSHCTerminalMgr class is used to authenticate and deactivate POS devices on the TSYS Host Capture System. This class makes authenticating and deactivating POS devices very easy.

Syntax

dpaymentssdk.Tsyshcterminalmgr

Remarks

This class allows for simple, direct, secure connection to the Vital/TSYS TLS/SSL gateway through a standard Internet connection. This class can be integrated into web pages or stand-alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the class, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.

The TSYSHCTerminalMgr class makes authenticating POS devices very easy by adding an additional layer of abstraction between the programmer and the protocol. There is no need to deal with raw sockets, TLS/SSL handshakes, or data packet formatting. The steps to setting up the class and authorizing a transaction are outlined below:

First, set the merchant properties with setup information acquired from your member bank or processor. For instance:

TSYSHCTerminalMgr1.MerchantId = "merchant_id" TSYSHCTerminalMgr1.RoutingId = "routing_id" TSYSHCTerminalMgr1.AuthenticationCode = "ABCD123456" TSYSHCTerminalMgr1.MerchantZip = "85284"

Finally, submit the transaction by calling the AuthenticateDevice method. The following code demonstrates authenticating a POS device:

TSYSHCTerminalMgr1.AuthenticateDevice()

When the class receives a response from the Vital/TSYS servers, the result of the authorization will be displayed in several Response properties. The Code indicates whether the transaction was approved. The GenKey contains the unique GenKey value generated by TSYS which must be stored on the POS device and sent in all subsequent requests.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.


AuthenticationCode	An alphanumeric code used during the POS device authentication process.
MerchantId	The unique ID that associates the POS device with the merchant account.
MerchantPhone	The merchant's phone number.
MerchantZip	The merchant's 5 digit US zip code or 6 character postal code.
Response	Contains the response to an authentication\\deactivation request.
RoutingId	The Routing ID assigned to the merchant by TSYS.
SSLAcceptServerCert	Instructs the class to unconditionally accept the server certificate that matches the supplied certificate.
SSLCert	The certificate to be used during SSL negotiation.
SSLProvider	This specifies the SSL/TLS implementation to use.
SSLServerCert	The server certificate for the last established connection.
Timeout	A timeout for the class.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.


AuthenticateDevice	Sends a POS device authentication request.
Config	Sets or retrieves a configuration setting.
DeactivateDevice	Sends a POS device deactivate request.
Interrupt	Interrupts the current action.
Reset	Clears all properties to their default values.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.


Error	Information about errors during data delivery.
SSLServerAuthentication	Fired after the server presents its certificate to the client.
SSLStatus	Fired when secure connection progress messages are available.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.


Language	Indicates the language to be used in formatting the authorization response text message.
RawRequest	Returns the request sent to the server for debugging purposes.
RawResponse	Returns the response received from the server for debugging purposes.
ServerURL	The server to which transactions are posted.
AcceptEncoding	Used to tell the server which types of content encodings the client supports.
AllowHTTPCompression	This property enables HTTP compression for receiving data.
AllowHTTPFallback	Whether HTTP/2 connections are permitted to fallback to HTTP/1.1.
AllowNTLMFallback	Whether to allow fallback from Negotiate to NTLM when authenticating.
Append	Whether to append data to LocalFile.
Authorization	The Authorization string to be sent to the server.
BytesTransferred	Contains the number of bytes transferred in the response data.
ChunkSize	Specifies the chunk size in bytes when using chunked encoding.
CompressHTTPRequest	Set to true to compress the body of a PUT or POST request.
EncodeURL	If set to True the URL will be encoded by the class.
FollowRedirects	Determines what happens when the server issues a redirect.
GetOn302Redirect	If set to True the class will perform a GET on the new location.
HTTP2HeadersWithoutIndexing	HTTP2 headers that should not update the dynamic header table with incremental indexing.
HTTPVersion	The version of HTTP used by the class.
IfModifiedSince	A date determining the maximum age of the desired document.
KeepAlive	Determines whether the HTTP connection is closed after completion of the request.
KerberosSPN	The Service Principal Name for the Kerberos Domain Controller.
LogLevel	The level of detail that is logged.
MaxHeaders	Instructs class to save the amount of headers specified that are returned by the server after a Header event has been fired.
MaxHTTPCookies	Instructs class to save the amount of cookies specified that are returned by the server when a SetCookie event is fired.
MaxRedirectAttempts	Limits the number of redirects that are followed in a request.
NegotiatedHTTPVersion	The negotiated HTTP version.
OtherHeaders	Other headers as determined by the user (optional).
ProxyAuthorization	The authorization string to be sent to the proxy server.
ProxyAuthScheme	The authorization scheme to be used for the proxy.
ProxyPassword	A password if authentication is to be used for the proxy.
ProxyPort	Port for the proxy server (default 80).
ProxyServer	Name or IP address of a proxy server (optional).
ProxyUser	A user name if authentication is to be used for the proxy.
SentHeaders	The full set of headers as sent by the client.
StatusCode	The status code of the last response from the server.
StatusLine	The first line of the last response from the server.
TransferredData	The contents of the last response from the server.
TransferredDataLimit	The maximum number of incoming bytes to be stored by the class.
TransferredHeaders	The full set of headers as received from the server.
TransferredRequest	The full request as sent by the client.
UseChunkedEncoding	Enables or Disables HTTP chunked encoding for transfers.
UseIDNs	Whether to encode hostnames to internationalized domain names.
UsePlatformDeflate	Whether to use the platform implementation to decompress compressed responses.
UsePlatformHTTPClient	Whether or not to use the platform HTTP client.
UseProxyAutoConfigURL	Whether to use a Proxy auto-config file when attempting a connection.
UserAgent	Information about the user agent (browser).
CloseStreamAfterTransfer	If true, the class will close the upload or download stream after the transfer.
ConnectionTimeout	Sets a separate timeout value for establishing a connection.
FirewallAutoDetect	Tells the class whether or not to automatically detect and use firewall system settings, if available.
FirewallHost	Name or IP address of firewall (optional).
FirewallListener	If true, the class binds to a SOCKS firewall as a server (TCPClient only).
FirewallPassword	Password to be used if authentication is to be used when connecting through the firewall.
FirewallPort	The TCP port for the FirewallHost;.
FirewallType	Determines the type of firewall to connect through.
FirewallUser	A user name if authentication is to be used connecting through a firewall.
KeepAliveInterval	The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received.
KeepAliveTime	The inactivity time in milliseconds before a TCP keep-alive packet is sent.
Linger	When set to True, connections are terminated gracefully.
LingerTime	Time in seconds to have the connection linger.
LocalHost	The name of the local host through which connections are initiated or accepted.
LocalPort	The port in the local host where the class binds.
MaxLineLength	The maximum amount of data to accumulate when no EOL is found.
MaxTransferRate	The transfer rate limit in bytes per second.
ProxyExceptionsList	A semicolon separated list of hosts and IPs to bypass when using a proxy.
TCPKeepAlive	Determines whether or not the keep alive socket option is enabled.
TcpNoDelay	Whether or not to delay when sending packets.
UseIPv6	Whether to use IPv6.
UseNTLMv2	Whether to use NTLM V2.
LogSSLPackets	Controls whether SSL packets are logged when using the internal security API.
ReuseSSLSession	Determines if the SSL session is reused.
SSLCACerts	A newline separated list of CA certificate to use during SSL client authentication.
SSLCheckCRL	Whether to check the Certificate Revocation List for the server certificate.
SSLCheckOCSP	Whether to use OCSP to check the status of the server certificate.
SSLCipherStrength	The minimum cipher strength used for bulk encryption.
SSLContextProtocol	The protocol used when getting an SSLContext instance.
SSLEnabledCipherSuites	The cipher suite to be used in an SSL negotiation.
SSLEnabledProtocols	Used to enable/disable the supported security protocols.
SSLEnableRenegotiation	Whether the renegotiation_info SSL extension is supported.
SSLIncludeCertChain	Whether the entire certificate chain is included in the SSLServerAuthentication event.
SSLKeyLogFile	The location of a file where per-session secrets are written for debugging purposes.
SSLNegotiatedCipher	Returns the negotiated cipher suite.
SSLNegotiatedCipherStrength	Returns the negotiated cipher suite strength.
SSLNegotiatedCipherSuite	Returns the negotiated cipher suite.
SSLNegotiatedKeyExchange	Returns the negotiated key exchange algorithm.
SSLNegotiatedKeyExchangeStrength	Returns the negotiated key exchange algorithm strength.
SSLNegotiatedVersion	Returns the negotiated protocol version.
SSLServerCACerts	A newline separated list of CA certificate to use during SSL server certificate validation.
SSLTrustManagerFactoryAlgorithm	The algorithm to be used to create a TrustManager through TrustManagerFactory.
TLS12SignatureAlgorithms	Defines the allowed TLS 1.2 signature algorithms when SSLProvider is set to Internal.
TLS12SupportedGroups	The supported groups for ECC.
TLS13KeyShareGroups	The groups for which to pregenerate key shares.
TLS13SignatureAlgorithms	The allowed certificate signature algorithms.
TLS13SupportedGroups	The supported groups for (EC)DHE key exchange.
AbsoluteTimeout	Determines whether timeouts are inactivity timeouts or absolute timeouts.
FirewallData	Used to send extra data to the firewall.
InBufferSize	The size in bytes of the incoming queue of the socket.
OutBufferSize	The size in bytes of the outgoing queue of the socket.
BuildInfo	Information about the product's build.
GUIAvailable	Whether or not a message loop is available for processing events.
LicenseInfo	Information about the current license.
MaskSensitive	Whether sensitive data is masked in log messages.
UseDaemonThreads	Whether threads created by the class are daemon threads.
UseInternalSecurityAPI	Whether or not to use the system security libraries or an internal implementation.

AuthenticationCode Property (TSYSHCTerminalMgr Class)

An alphanumeric code used during the POS device authentication process.

Syntax


public String getAuthenticationCode();


public void setAuthenticationCode(String authenticationCode);

Default Value

Remarks

An alphanumeric code, provided to the POS user by TSYS, which is used during the POS device authentication process. Note that this property is required when calling AuthenticateDevice.

MerchantId Property (TSYSHCTerminalMgr Class)

The unique ID that associates the POS device with the merchant account.

Syntax


public String getMerchantId();


public void setMerchantId(String merchantId);

Default Value

Remarks

The unique ID, also known as the POS ID, that associates the POS device with the merchant account.

This property is required to be specified in every transaction performed.

MerchantPhone Property (TSYSHCTerminalMgr Class)

The merchant's phone number.

Syntax


public String getMerchantPhone();


public void setMerchantPhone(String merchantPhone);

Default Value

Remarks

The merchant's phone number used during the POS device authentication process. The specified value should not contain dashes (-).

This property is required when calling AuthenticateDevice if MerchantZip is not specified.

Note: North American phone numbers should include the area code.

MerchantZip Property (TSYSHCTerminalMgr Class)

The merchant's 5 digit US zip code or 6 character postal code.

Syntax


public String getMerchantZip();


public void setMerchantZip(String merchantZip);

Default Value

Remarks

The merchant's 5 digit US zip code or 6 character postal code.

This property is required when calling AuthenticateDevice if MerchantPhone is not specified.

Response Property (TSYSHCTerminalMgr Class)

Contains the response to an authentication\\deactivation request.

Syntax


public TSYSHCTerminalResponse getResponse();

Remarks

This property will contain the response returned from the TSYS host capture system. It should be inspected (and logged) after an authentication\deactivation to determine if the request was approved. The TSYSHCTerminalResponse type contains the following fields:


BatchNumber	Contains the incrementing ID assigned by TSYS to identify a merchant batch.
Code	Indicates the status of the authorization request.
GenKey	Contains the unique GenKey value generated by TSYS and returned upon successfully authenticating a POS device.
Text	Text information that describes each response code.

This property is read-only.

Please refer to the TSYSHCTerminalResponse type for a complete list of fields.

RoutingId Property (TSYSHCTerminalMgr Class)

The Routing ID assigned to the merchant by TSYS.

Syntax


public String getRoutingId();


public void setRoutingId(String routingId);

Default Value

Remarks

This property is used to specify the six alphanumeric character routing ID assigned to you via TSYS.

This property is required to be set for every transaction request.

SSLAcceptServerCert Property (TSYSHCTerminalMgr Class)

Instructs the class to unconditionally accept the server certificate that matches the supplied certificate.

Syntax


public Certificate getSSLAcceptServerCert();


public void setSSLAcceptServerCert(Certificate SSLAcceptServerCert);

Remarks

If it finds any issues with the certificate presented by the server, the class will normally terminate the connection with an error.

You may override this behavior by supplying a value for SSLAcceptServerCert. If the certificate supplied in SSLAcceptServerCert is the same as the certificate presented by the server, then the server certificate is accepted unconditionally, and the connection will continue normally.

Please note that this functionality is provided only for cases where you otherwise know that you are communicating with the right server. If used improperly, this property may create a security breach. Use it at your own risk.

Please refer to the Certificate type for a complete list of fields.

SSLCert Property (TSYSHCTerminalMgr Class)

The certificate to be used during SSL negotiation.

Syntax


public Certificate getSSLCert();


public void setSSLCert(Certificate SSLCert);

Remarks

The digital certificate that the class will use during SSL negotiation. Set this property to a valid certificate before starting SSL negotiation. To set a certificate, you may set the Encoded field to the encoded certificate. To select a certificate, use the store and subject fields.

Please refer to the Certificate type for a complete list of fields.

SSLProvider Property (TSYSHCTerminalMgr Class)

This specifies the SSL/TLS implementation to use.

Syntax


public int getSSLProvider();


public void setSSLProvider(int SSLProvider);


Enumerated values:
  public final static int sslpAutomatic = 0;
  public final static int sslpPlatform = 1;
  public final static int sslpInternal = 2;

Default Value

Remarks

This property specifies the SSL/TLS implementation to use. In most cases the default value of 0 (Automatic) is recommended and should not be changed. When set to 0 (Automatic) the class will select whether to use the platform implementation or the internal implementation depending on the operating system as well as the TLS version being used.

Possible values are:


0 (sslpAutomatic - default)	Automatically selects the appropriate implementation.
1 (sslpPlatform)	Uses the platform/system implementation.
2 (sslpInternal)	Uses the internal implementation.

Additional Notes

In most cases using the default value (Automatic) is recommended. The class will select a provider depending on the current platform.

When Automatic is selected the platform implementation is used by default. When TLS 1.3 is enabled via SSLEnabledProtocols the internal implementation is used.

SSLServerCert Property (TSYSHCTerminalMgr Class)

The server certificate for the last established connection.

Syntax


public Certificate getSSLServerCert();

Remarks

SSLServerCert contains the server certificate for the last established connection.

SSLServerCert is reset every time a new connection is attempted.

This property is read-only.

Please refer to the Certificate type for a complete list of fields.

Timeout Property (TSYSHCTerminalMgr Class)

A timeout for the class.

Syntax


public int getTimeout();


public void setTimeout(int timeout);

Default Value

Remarks

If Timeout is set to a positive value, and an operation cannot be completed immediately, the class will retry the operation for a maximum of Timeout seconds.

The default value for Timeout is 30 (seconds).

AuthenticateDevice Method (Tsyshcterminalmgr Class)

Sends a POS device authentication request.

Syntax

public void authenticateDevice();

Remarks

This method sends a POS device authentication request to TSYS host capture system. If the authentication request was successful, the Code property will contain "100". Upon a successful authentication, TSYS will return a unique GenKey which can be retrieved via GenKey.

The retrieved GenKey value should be stored on your POS device and used in all subsequent transaction requests.

Required properties:

RoutingId
MerchantId
AuthenticationCode
MerchantPhone or MerchantZip

Config Method (Tsyshcterminalmgr Class)

Sets or retrieves a configuration setting.

Syntax

public String config(String configurationString);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

DeactivateDevice Method (Tsyshcterminalmgr Class)

Sends a POS device deactivate request.

Syntax

public void deactivateDevice(String genKey);

Remarks

This method sends a POS device deactivation request to TSYS host capture system. If the deactivation request was successful, the Code property will contain "103".

Required properties:

RoutingId
MerchantId

Interrupt Method (Tsyshcterminalmgr Class)

Interrupts the current action.

Syntax

public void interrupt();

Remarks

This method interrupts any processing that the class is currently executing.

Reset Method (Tsyshcterminalmgr Class)

Clears all properties to their default values.

Syntax

public void reset();

Remarks

This method clears all properties to their default values.

Error Event (Tsyshcterminalmgr Class)

Information about errors during data delivery.

Syntax

public class DefaultTsyshcterminalmgrEventListener implements TsyshcterminalmgrEventListener {
  ...
  public void error(TsyshcterminalmgrErrorEvent e) {}
  ...
}

public class TsyshcterminalmgrErrorEvent {
  public int errorCode;
  public String description;
}

Remarks

The Error event is fired in case of exceptional conditions during message processing.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

SSLServerAuthentication Event (Tsyshcterminalmgr Class)

Fired after the server presents its certificate to the client.

Syntax

public class DefaultTsyshcterminalmgrEventListener implements TsyshcterminalmgrEventListener {
  ...
  public void SSLServerAuthentication(TsyshcterminalmgrSSLServerAuthenticationEvent e) {}
  ...
}

public class TsyshcterminalmgrSSLServerAuthenticationEvent {
  public byte[] certEncoded;
  public String certSubject;
  public String certIssuer;
  public String status;
  public boolean accept;
}

Remarks

During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

SSLStatus Event (Tsyshcterminalmgr Class)

Fired when secure connection progress messages are available.

Syntax

public class DefaultTsyshcterminalmgrEventListener implements TsyshcterminalmgrEventListener {
  ...
  public void SSLStatus(TsyshcterminalmgrSSLStatusEvent e) {}
  ...
}

public class TsyshcterminalmgrSSLStatusEvent {
  public String message;
}

Remarks

The event is fired for informational and logging purposes only. This event tracks the progress of the connection.

Certificate Type

This is the digital certificate being used.

Remarks

This type describes the current digital certificate. The certificate may be a public or private key. The fields are used to identify or select certificates.

Fields

EffectiveDate
String (read-only)
Default Value: ""

This is the date on which this certificate becomes valid. Before this date, it is not valid. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

Encoded
String
Default Value: ""

This is the certificate (PEM/Base64 encoded). This field is used to assign a specific certificate. The Store and Subject fields also may be used to specify a certificate.

When Encoded is set, a search is initiated in the current Store for the private key of the certificate. If the key is found, Subject is updated to reflect the full subject of the selected certificate; otherwise, Subject is set to an empty string.

EncodedB
byte[]
Default Value: ""

This is the certificate (PEM/Base64 encoded). This field is used to assign a specific certificate. The Store and Subject fields also may be used to specify a certificate.

ExpirationDate
String (read-only)
Default Value: ""

This is the date the certificate expires. After this date, the certificate will no longer be valid. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

ExtendedKeyUsage
String
Default Value: ""

This is a comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

Fingerprint
String (read-only)
Default Value: ""

This is the hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

FingerprintSHA1
String (read-only)
Default Value: ""

This is the hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

FingerprintSHA256
String (read-only)
Default Value: ""

This is the hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

Issuer
String (read-only)
Default Value: ""

This is the issuer of the certificate. This field contains a string representation of the name of the issuing authority for the certificate.

KeyPassword
String
Default Value: ""

This is the password for the certificate's private key (if any).

Some certificate stores may individually protect certificates' private keys, separate from the standard protection offered by the StorePassword. KeyPassword. This field can be used to read such password-protected private keys.

Note: this property defaults to the value of StorePassword. To clear it, you must set the property to the empty string (""). It can be set at any time, but when the private key's password is different from the store's password, then it must be set before calling PrivateKey.

PrivateKey
String (read-only)
Default Value: ""

This is the private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The PrivateKey may be available but not exportable. In this case, PrivateKey returns an empty string.

PrivateKeyAvailable
boolean (read-only)
Default Value: False

This field shows whether a PrivateKey is available for the selected certificate. If PrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).

PrivateKeyContainer
String (read-only)
Default Value: ""

This is the name of the PrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

PublicKey
String (read-only)
Default Value: ""

This is the public key of the certificate. The key is provided as PEM/Base64-encoded data.

PublicKeyAlgorithm
String
Default Value: ""

This field contains the textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

PublicKeyLength
int (read-only)
Default Value: 0

This is the length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

SerialNumber
String (read-only)
Default Value: ""

This is the serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

SignatureAlgorithm
String (read-only)
Default Value: ""

The field contains the text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

Store
String
Default Value: "MY"

This is the name of the certificate store for the client certificate.

The StoreType field denotes the type of the certificate store specified by Store. If the store is password protected, specify the password in StorePassword.

Store is used in conjunction with the Subject field to specify client certificates. If Store has a value, and Subject or Encoded is set, a search for a certificate is initiated. Please see the Subject field for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:


MY	A certificate store holding personal certificates with their associated private keys.
CA	Certifying authority certificates.
ROOT	Root certificates.

In Java, the certificate store normally is a file containing certificates and optional private keys.

When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

StoreB
byte[]
Default Value: "MY"

This is the name of the certificate store for the client certificate.

The StoreType field denotes the type of the certificate store specified by Store. If the store is password protected, specify the password in StorePassword.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:


MY	A certificate store holding personal certificates with their associated private keys.
CA	Certifying authority certificates.
ROOT	Root certificates.

In Java, the certificate store normally is a file containing certificates and optional private keys.

StorePassword
String
Default Value: ""

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

StoreType
int
Default Value: 0

This is the type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This field can take one of the following values:


0 (cstUser - default)	For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: This store type is not available in Java.
1 (cstMachine)	For Windows, this specifies that the certificate store is a machine store. Note: This store type is not available in Java.
2 (cstPFXFile)	The certificate store is the name of a PFX (PKCS#12) file containing certificates.
3 (cstPFXBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format.
4 (cstJKSFile)	The certificate store is the name of a Java Key Store (JKS) file containing certificates. Note: This store type is only available in Java.
5 (cstJKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format. Note: this store type is only available in Java.
6 (cstPEMKeyFile)	The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)	The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)	The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)	The certificate store is the name of a PKCS#7 file containing certificates.
12 (cstP7BBlob)	The certificate store is a string (binary) representing a certificate store in PKCS#7 format.
13 (cstSSHPublicKeyFile)	The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)	The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)	The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)	The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)	The certificate store is a string that contains a certificate in XML format.
18 (cstJWKFile)	The certificate store is the name of a file that contains a JWK (JSON Web Key).
19 (cstJWKBlob)	The certificate store is a string that contains a JWK (JSON Web Key).
21 (cstBCFKSFile)	The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store). Note: This store type is only available in Java and .NET.
22 (cstBCFKSBlob)	The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format. Note: This store type is only available in Java and .NET.
23 (cstPKCS11)	The certificate is present on a physical security key accessible via a PKCS#11 interface. To use a security key, the necessary data must first be collected using the CertMgr class. The ListStoreCertificates method may be called after setting CertStoreType to `cstPKCS11`, CertStorePassword to the PIN, and CertStore to the full path of the PKCS#11 DLL. The certificate information returned in the CertList event's `CertEncoded` parameter may be saved for later use. When using a certificate, pass the previously saved security key information as the Store and set StorePassword to the PIN. Code Example. SSH Authentication with Security Key: `certmgr.CertStoreType = CertStoreTypes.cstPKCS11; certmgr.OnCertList += (s, e) => { secKeyBlob = e.CertEncoded; }; certmgr.CertStore = @"C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll"; certmgr.CertStorePassword = "123456"; //PIN certmgr.ListStoreCertificates(); sftp.SSHCert = new Certificate(CertStoreTypes.cstPKCS11, secKeyBlob, "123456", "*"); sftp.SSHUser = "test"; sftp.SSHLogon("myhost", 22);`
99 (cstAuto)	The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically.

Subject
String
Default Value: ""

This is the subject of the certificate used for client authentication.

This field will be populated with the full subject of the loaded certificate. When loading a certificate the subject is used to locate the certificate in the store.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:


Field	Meaning
CN	Common Name. This is commonly a hostname like www.server.com.
O	Organization
OU	Organizational Unit
L	Locality
S	State
C	Country
E	Email Address

If a field value contains a comma, it must be quoted.

SubjectAltNames
String (read-only)
Default Value: ""

This field contains comma-separated lists of alternative subject names for the certificate.

ThumbprintMD5
String (read-only)
Default Value: ""

This field contains the MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

ThumbprintSHA1
String (read-only)
Default Value: ""

This field contains the SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

ThumbprintSHA256
String (read-only)
Default Value: ""

This field contains the SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

Usage
String
Default Value: ""

This field contains the text description of UsageFlags.

This value will be of one or more of the following strings and will be separated by commas:

Digital Signatures
Key Authentication
Key Encryption
Data Encryption
Key Agreement
Certificate Signing
Key Signing

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

UsageFlags
int
Default Value: 0

This field contains the flags that show intended use for the certificate. The value of UsageFlags is a combination of the following flags:


0x80	Digital Signatures
0x40	Key Authentication (Non-Repudiation)
0x20	Key Encryption
0x10	Data Encryption
0x08	Key Agreement
0x04	Certificate Signing
0x02	Key Signing

Please see the Usage field for a text representation of UsageFlags.

This functionality currently is not available when the provider is OpenSSL.

Version
String (read-only)
Default Value: ""

This field contains the certificate's version number. The possible values are the strings "V1", "V2", and "V3".

Constructors

public Certificate();

Creates a Certificate instance whose properties can be set. This is useful for use with CERTMGR when generating new certificates.

public Certificate( certificateFile);

Opens CertificateFile and reads out the contents as an X.509 public key.

public Certificate( certificateData);

Parses CertificateData as an X.509 public key.

public Certificate( certStoreType,  store,  storePassword,  subject);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X.509 certificate's subject Distinguished Name (DN).

public Certificate( certStoreType,  store,  storePassword,  subject,  configurationString);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. ConfigurationString is a newline separated list of name-value pairs that may be used to modify the default behavior. Possible values include "PersistPFXKey", which shows whether or not the PFX key is persisted after performing operations with the private key. This correlates to the PKCS12_NO_PERSIST_KEY CryptoAPI option. The default value is True (the key is persisted). "Thumbprint" - an MD5, SHA-1, or SHA-256 thumbprint of the certificate to load. When specified, this value is used to select the certificate in the store. This is applicable to cstUser, cstMachine, cstPublicKeyFile, and cstPFXFile store types. "UseInternalSecurityAPI" shows whether the platform (default) or the internal security API is used when performing certificate-related operations. After the store has been successfully opened, the class will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X.509 certificate's subject Distinguished Name (DN).

public Certificate( certStoreType,  store,  storePassword,  encoded);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will load Encoded as an X.509 certificate and search the opened store for a corresponding private key.

public Certificate( certStoreType,  storeBlob,  storePassword,  subject);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. StoreBlob is a string (binary- or Base64-encoded) containing the certificate data. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X.509 certificate's subject Distinguished Name (DN).

public Certificate( certStoreType,  storeBlob,  storePassword,  subject,  configurationString);

public Certificate( certStoreType,  storeBlob,  storePassword,  encoded);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a string (binary- or Base64-encoded) containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the class will load Encoded as an X.509 certificate and search the opened store for a corresponding private key.

TSYSHCTerminalResponse Type

Contains the response to an authentication\deactivation request.

Remarks

This type contains the results of a transaction made with the TSYSHCTerminalMgr class. The fields contained by this type are listed below.

Fields

BatchNumber
int (read-only)
Default Value: 0

Contains the incrementing ID assigned by TSYS to identify a merchant batch.

The batch number that is returned by the host is the current batch number. This will typically the same batch number used by TSYSHCBatchMgr to close the batch.

Note that if CaptureMode is set to Delay, Hold, or Capture the value here may not necessarily be the final batch number when captured. See CaptureMode for more details.

Code
String (read-only)
Default Value: ""

Indicates the status of the authorization request.

This field contains the response code indicating the status of the authorization request. The Point of Sale (POS) system must evaluate this response code and NOT the Text to determine nature of a response message. A response code of "00" represents an approval. A response code of "10" indicates that the transaction was partially approved for a lesser amount (AuthorizedAmount). All other response codes represent non-approved requests. Do NOT interpret all non-approved response codes as "DECLINED".

A list of valid result Codes are listed in the table of contents.

GenKey
String (read-only)
Default Value: ""

Contains the unique GenKey value generated by TSYS and returned upon successfully authenticating a POS device.

This value should be stored on your POS device and used in all subsequent transaction requests.

Text
String (read-only)
Default Value: ""

Text information that describes each response code.

This field contains a 16-character response or display text message. This message is used by the terminal to display the authorization result. The display text must not be used to determine the nature of a response message. VisaNet will translate the response according to the merchant's selected language.

The English-language response text messages are listed in the table of contents.

Constructors

public TSYSHCTerminalResponse();

Config Settings (Tsyshcterminalmgr Class)

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

TSYSHCTerminalMgr Config Settings

Language: Indicates the language to be used in formatting the authorization response text message.

This field allows you to specify the two-character indicator to indicate the format of the authorization response text message. The current possible values are:


00	English
01	Spanish
02	Portuguese

RawRequest: Returns the request sent to the server for debugging purposes.

After an operation this setting may be queried to return the request as it was sent to the server. This is useful for debugging purposes.

RawResponse: Returns the response received from the server for debugging purposes.

After an operation this setting may be queried to return the response as it was received from the server. This is useful for debugging purposes.

ServerURL: The server to which transactions are posted.

This is name of the server to which all transactions are posted. Do not use an IP address, use the actual name, as a server's IP address may change. The default (Live) TSYS server is "https://ssl2.vitalps.net/scripts/gateway.dll?transact", but you may use "https://ssltest.tsysacquiring.net/scripts/gateway.dll?transact" for testing.

HTTP Config Settings

AcceptEncoding: Used to tell the server which types of content encodings the client supports.

When AllowHTTPCompression is True, the class adds an Accept-Encoding header to the request being sent to the server. By default, this header's value is "gzip, deflate". This configuration setting allows you to change the value of the Accept-Encoding header. Note: The class only supports gzip and deflate decompression algorithms.

AllowHTTPCompression: This property enables HTTP compression for receiving data.

This configuration setting enables HTTP compression for receiving data. When set to True (default), the class will accept compressed data. It then will uncompress the data it has received. The class will handle data compressed by both gzip and deflate compression algorithms.

When True, the class adds an Accept-Encoding header to the outgoing request. The value for this header can be controlled by the AcceptEncoding configuration setting. The default value for this header is "gzip, deflate".

The default value is True.

AllowHTTPFallback: Whether HTTP/2 connections are permitted to fallback to HTTP/1.1.

This configuration setting controls whether HTTP/2 connections are permitted to fall back to HTTP/1.1 when the server does not support HTTP/2. This setting is applicable only when HTTPVersion is set to "2.0".

If set to True (default), the class will automatically use HTTP/1.1 if the server does not support HTTP/2. If set to False, the class throws an exception if the server does not support HTTP/2.

The default value is True.

AllowNTLMFallback: Whether to allow fallback from Negotiate to NTLM when authenticating.

This configuration setting applies only when AuthScheme is set to Negotiate. If set to True, the class will automatically use New Technology LAN Manager (NTLM) if the server does not support Negotiate authentication. Note: The server must indicate that it supports NTLM authentication through the WWW-Authenticate header for the fallback from Negotiate to NTLM to take place. The default value is False.

Append: Whether to append data to LocalFile.

This configuration setting determines whether data will be appended when writing to LocalFile. When set to True, downloaded data will be appended to LocalFile. This may be used in conjunction with Range to resume a failed download. This is applicable only when LocalFile is set. The default value is False.

Authorization: The Authorization string to be sent to the server.

If the Authorization property contains a nonempty string, an Authorization HTTP request header is added to the request. This header conveys Authorization information to the server.

This property is provided so that the HTTP class can be extended with other security schemes in addition to the authorization schemes already implemented by the class.

The AuthScheme property defines the authentication scheme used. In the case of HTTP Basic Authentication (default), every time User and Password are set, they are Base64 encoded, and the result is put in the Authorization property in the form "Basic [encoded-user-password]".

BytesTransferred: Contains the number of bytes transferred in the response data.

This configuration setting returns the raw number of bytes from the HTTP response data, before the component processes the data, whether it is chunked or compressed. This returns the same value as the Transfer event, by BytesTransferred.

ChunkSize: Specifies the chunk size in bytes when using chunked encoding.

This is applicable only when UseChunkedEncoding is True. This setting specifies the chunk size in bytes to be used when posting data. The default value is 16384.

CompressHTTPRequest: Set to true to compress the body of a PUT or POST request.

If set to True, the body of a PUT or POST request will be compressed into gzip format before sending the request. The "Content-Encoding" header is also added to the outgoing request.

The default value is False.

EncodeURL: If set to True the URL will be encoded by the class.

If set to True, the URL passed to the class will be URL encoded. The default value is False.

FollowRedirects: Determines what happens when the server issues a redirect.

This option determines what happens when the server issues a redirect. Normally, the class returns an error if the server responds with an "Object Moved" message. If this property is set to 1 (always), the new URL for the object is retrieved automatically every time.

If this property is set to 2 (Same Scheme), the new URL is retrieved automatically only if the URL Scheme is the same; otherwise, the class throws an exception.

Note: Following the HTTP specification, unless this option is set to 1 (Always), automatic redirects will be performed only for GET or HEAD requests. Other methods potentially could change the conditions of the initial request and create security vulnerabilities.

Furthermore, if either the new URL server or port are different from the existing one, User and Password are also reset to empty, unless this property is set to 1 (Always), in which case the same credentials are used to connect to the new server.

A Redirect event is fired for every URL the product is redirected to. In the case of automatic redirections, the Redirect event is a good place to set properties related to the new connection (e.g., new authentication parameters).

The default value is 0 (Never). In this case, redirects are never followed, and the class throws an exception instead.

Following are the valid options:

0 - Never
1 - Always
2 - Same Scheme

GetOn302Redirect: If set to True the class will perform a GET on the new location.

The default value is False. If set to True, the class will perform a GET on the new location. Otherwise, it will use the same HTTP method again.

HTTP2HeadersWithoutIndexing: HTTP2 headers that should not update the dynamic header table with incremental indexing.

HTTP/2 servers maintain a dynamic table of headers and values seen over the course of a connection. Typically, these headers are inserted into the table through incremental indexing (also known as HPACK, defined in RFC 7541). To tell the component not to use incremental indexing for certain headers, and thus not update the dynamic table, set this configuration option to a comma-delimited list of the header names.

HTTPVersion: The version of HTTP used by the class.

This property specifies the HTTP version used by the class. Possible values are as follows:

"1.0"
"1.1" (default)
"2.0"
"3.0"

When using HTTP/2 ("2.0"), additional restrictions apply. Please see the following notes for details.

HTTP/2 Notes

When using HTTP/2, a secure Secure Sockets Layer/Transport Layer Security (TLS/SSL) connection is required. Attempting to use a plaintext URL with HTTP/2 will result in an error.

If the server does not support HTTP/2, the class will automatically use HTTP/1.1 instead. This is done to provide compatibility without the need for any additional settings. To see which version was used, check NegotiatedHTTPVersion after calling a method. The AllowHTTPFallback setting controls whether this behavior is allowed (default) or disallowed.

HTTP/2 is supported on all platforms. The class will use the internal security implementation in all cases when connecting.

HTTP/3 Notes

HTTP/3 is supported only in .NET and Java.

When using HTTP/3, a secure (TLS/SSL) connection is required. Attempting to use a plaintext URL with HTTP/3 will result in an error.

IfModifiedSince: A date determining the maximum age of the desired document.

If this setting contains a nonempty string, an If-Modified-Since HTTP header is added to the request. The value of this header is used to make the HTTP request conditional: if the requested documented has not been modified since the time specified in the field, a copy of the document will not be returned from the server; instead, a 304 (not modified) response will be returned by the server and the component throws an exception

The format of the date value for IfModifiedSince is detailed in the HTTP specs. For example: Sat, 29 Oct 2017 19:43:31 GMT.

KeepAlive: Determines whether the HTTP connection is closed after completion of the request.

If true, the component will not send the Connection: Close header. The absence of the Connection header indicates to the server that HTTP persistent connections should be used if supported. Note: Not all servers support persistent connections. If false, the connection will be closed immediately after the server response is received.

The default value for KeepAlive is false.

KerberosSPN: The Service Principal Name for the Kerberos Domain Controller.

If the Service Principal Name on the Kerberos Domain Controller is not the same as the URL that you are authenticating to, the Service Principal Name should be set here.

LogLevel: The level of detail that is logged.

This configuration setting controls the level of detail that is logged through the Log event. Possible values are as follows:


0 (None)	No events are logged.
1 (Info - default)	Informational events are logged.
2 (Verbose)	Detailed data are logged.
3 (Debug)	Debug data are logged.

The value 1 (Info) logs basic information, including the URL, HTTP version, and status details.

The value 2 (Verbose) logs additional information about the request and response.

The value 3 (Debug) logs the headers and body for both the request and response, as well as additional debug information (if any).

MaxHeaders: Instructs class to save the amount of headers specified that are returned by the server after a Header event has been fired.

This configuration setting should be set when the TransferredHeaders collection is to be populated when a Header event has been fired. This value represents the number of headers that are to be saved in the collection.

To save all items to the collection, set this configuration setting to -1. If no items are wanted, set this to 0, which will not save any items to the collection. The default for this configuration setting is -1, so all items will be included in the collection.

MaxHTTPCookies: Instructs class to save the amount of cookies specified that are returned by the server when a SetCookie event is fired.

This configuration setting should be set when populating the Cookies collection as a result of an HTTP request. This value represents the number of cookies that are to be saved in the collection.

MaxRedirectAttempts: Limits the number of redirects that are followed in a request.

When FollowRedirects is set to any value other than frNever, the class will follow redirects until this maximum number of redirect attempts are made. The default value is 20.

NegotiatedHTTPVersion: The negotiated HTTP version.

This configuration setting may be queried after the request is complete to indicate the HTTP version used. When HTTPVersion is set to "2.0" (if the server does not support "2.0"), then the class will fall back to using "1.1" automatically. This setting will indicate which version was used.

OtherHeaders: Other headers as determined by the user (optional).

This configuration setting can be set to a string of headers to be appended to the HTTP request headers.

The headers must follow the format "header: value" as described in the HTTP specifications. Header lines should be separated by CRLF ("\r\n") .

Use this configuration setting with caution. If this configuration setting contains invalid headers, HTTP requests may fail.

This configuration setting is useful for extending the functionality of the class beyond what is provided.

ProxyAuthorization: The authorization string to be sent to the proxy server.

This is similar to the Authorization configuration setting, but is used for proxy authorization. If this configuration setting contains a nonempty string, a Proxy-Authorization HTTP request header is added to the request. This header conveys proxy Authorization information to the server. If User and Password are specified, this value is calculated using the algorithm specified by AuthScheme.

ProxyAuthScheme: The authorization scheme to be used for the proxy.