Merge branch 'hsm' into issue-547-pkcs11-walking-skeleton

NLnetLabs · Nov 23, 2021 · 7bc195e · 7bc195e
2 parents 5e9bc55 + 76a2bc0
commit 7bc195e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/src/commons/crypto/signing/dispatch/signerinfo.rs b/src/commons/crypto/signing/dispatch/signerinfo.rs
@@ -396,7 +396,6 @@ impl SignerMapper {
     }
 
     pub fn change_signer_name(&self, signer_handle: &Handle, signer_name: &str) -> KrillResult<()> {
-        // TODO: should version be something other than None here?
         let cmd = SignerInfoCommand::change_signer_name(signer_handle, None, signer_name);
         self.store.command(cmd)?;
         Ok(())
@@ -416,22 +415,19 @@ impl SignerMapper {
     }
 
     pub fn change_signer_info(&self, signer_handle: &Handle, signer_info: &str) -> KrillResult<()> {
-        // TODO: should version be something other than None here?
         let cmd = SignerInfoCommand::change_signer_info(signer_handle, None, signer_info);
         self.store.command(cmd)?;
         Ok(())
     }
 
     /// Record the owner of a Krill key and its corresponding signer specific internal id.
     pub fn add_key(&self, signer_handle: &Handle, key_id: &KeyIdentifier, internal_key_id: &str) -> KrillResult<()> {
-        // TODO: should version be something other than None here?
         let cmd = SignerInfoCommand::add_key(signer_handle, None, key_id, internal_key_id);
         self.store.command(cmd)?;
         Ok(())
     }
 
     pub fn remove_key(&self, signer_handle: &Handle, key_id: &KeyIdentifier) -> KrillResult<()> {
-        // TODO: should version be something other than None here?
         let cmd = SignerInfoCommand::remove_key(signer_handle, None, key_id);
         self.store.command(cmd)?;
         Ok(())

diff --git a/src/commons/crypto/signing/signers/kmip/internal.rs b/src/commons/crypto/signing/signers/kmip/internal.rs
@@ -473,6 +473,14 @@ impl KmipSigner {
     }
 
     /// Make the given KMIP private and public key pair ready for use by Krill.
+    /// 
+    /// Note that this function renames the created keys but this is not needed for correct functioning of Krill, it
+    /// is rather done to aid the KMIP server operator when administering the HSM.
+    /// 
+    /// It also activates the private key. Without this the key cannot be used for signing. An alternate approach could
+    /// be to set the activation date of the key when creating it thereby avoiding the extra activation step, or to
+    /// perform the activation operation as part of a bulk request also containing the create key operation, thereby
+    /// reducing the number of round trips to the server.
     fn prepare_keypair_for_use(&self, private_key_id: &str, public_key_id: &str) -> Result<PublicKey, SignerError> {
         // Create a public key object for the public key
         let public_key = self.get_public_key_from_id(&public_key_id)?;