swedenconnect / credentials-support Goto Github PK

Make a Java8 build of the repository as well (it will be used in some Java8-projects).

There has been an identified need to add functionalities to handle key generation inside an HSM slot for 2 major use cases

1. Generating keys and adding associated certificate to a HSM slot using script (not requiring a HSM using application to be present)
2. Generating and managing keys and associated certificate in a dedicated HSM slot from within the application using the HSM

Use-case 2 is primarily relevant for sign services where a user key is generated, used and destroyed without ever leaving the HSM.

In addition to this there is also a need for supporting scripts to automatically extract service keys from key stores and to load them into a SoftHSM token to test application usage with PKCS#11 for HSM support.

If an OpenSamlCredential wraps a hardware based credential it will still answer false to the isHardwareBased predicate...

Spring 6 is included since we have open version ranges. This is not what we want.

Fix it.

Upgrade to OpenSAML 5 and Java 17

In some cases, for example in a CA, the key pair is first generated, and then the certificate is issued. We should make sure that this case can be handled.

Include certificate chain. May be useful in some cases.

In some cases we might want to know whether a specific PkiCredential resides on hardware or software. We should introduce a isHardwareBased predicate.

Can not assign both 'certificate' and 'certificates' ...

The POM includes the slf4j-simple in compile scope. Should be changed to 'test'.

As it is now it is defined by the abstract base class.

Currently, the docker example project can not be used since it uses a JRE 11 docker image. We need to fix this.

It should be the caller's responsibility to decide which key to generate.

When using the PkiCredentialConfigurationProperties it should be possible to use keyPassword and specify an encrypted privateKey.

Some minor adjustments are needed to allow the SoftHSM scripts to work properly in all cases.

When using PkiCredentialConfigurationProperties to configure a PkiCredential it should be possible to supply a key password to unlock an encrypted key file.