-
-
Notifications
You must be signed in to change notification settings - Fork 35
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
HSM 3: PKCS#11 walking skeleton (#727)
Initial PKCS#11 signer support (#689) * Adds new `Pkcs11Signer` and `MockSigner` signers. * Temporarily extends `KrillSigner` with an `alternate_config` mode to avoid failing to initialize/login to the same PKCS#11 library twice in one process, until configuration based selection of signers is supported. * Improves the `SignerInfo` aggregate store to: * Store the `PublicKey` directly thus avoiding unecessary (de)serialization. * Avoid unnecessary and confusing complexity by using generated UUIDs for signer handles instead of `<key_identifier>-<internal_private_key_id>`. * Extracts common backend "probing" functionality out of the KMIP signer to a generic testable dedicated module. * Improves the `SignerRouter` with: * Additional trace level logging. * A set of tests using the new `MockSigner`. * Standardizes key deletion error handling across signers. * Consolidates signer implementations in `<signer>/signer.rs` rather than `internal.rs`. * Extends the GitHub Actions CI test to: * Also test Krill in PKCS#11 mode against SoftHSMv2. * Always dump HSM logs at the end of the test. * Replaces the `hsm-tests` Rust feature with separate `hsm-tests-kmip` and `hsm-tests-pkcs11` Rust features. * Test with the same Rust versions as the normal CI build. * Fixes compilation failure under Rust 1.47.0 (which also bumps the kmip-dependency to v0.4.1). * Renames confusing error codes: * SignerUnavailable -> TemporarilyUnavailable * SignerUnusable -> PermanentlyUnusable
- Loading branch information
Showing
30 changed files
with
3,871 additions
and
1,133 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.