fn add_system_wide_keys(
nethsm: &NetHsm,
admin_credentials: &AdminCredentials,
users: &[UserMapping],
) -> Result<(), Error>Expand description
Sets up all system-wide keys.
Creates any missing keys and adds the configured tags for all of them. If keys exist already, deletes all tags and adds the configured ones for them.
§Note
It is assumed that all required R-Administrators have already been set up (see
add_system_wide_admins) before calling this function.
This function uses the nethsm with the default
R-Administrator.
This function does not fail on mismatching keys, as it is assumed that keys are added
intentionally and should not be deleted or altered.
However, warnings are emitted if an existing key has a mismatching [KeyType] or
[KeyMechanisms][KeyMechanism] from what is configured in the Signstar configuration file.
§Errors
Returns an error if
- the default system-wide R-Administrator cannot be retrieved or used for authentication,
- the list of available keys on the NetHSM backend cannot be retrieved,
- information about a single key cannot be retrieved from the NetHSM backend,
- if a tag cannot be removed from an existing key,
- if a tag cannot be added to an existing key,
- or if a missing key cannot be created.