signstar_config::nethsm

Module backend

Source
Expand description

Backend handling for [NetHsm].

Based on a [NetHsm], AdminCredentials and a HermeticParallelConfig this module offers the ability to populate a [NetHsm] backend with the help of the NetHsmBackend struct.

Using NetHsmBackend::sync all users and keys configured in HermeticParallelConfig are created and adapted to changes upon re-run. With the help of NetHsmBackend::state the current State of a [NetHsm] backend can be created and compared with e.g. the State representation of a HermeticParallelConfig.

ยงNote

This module only works with data for the same iteration (i.e. the iteration of the AdminCredentials and those of the [NetHsm] backend must match).

Structsยง

KeySetupComparison ๐Ÿ”’
Comparable components of a key setup between a [NetHsm] backend and a Signstar config.
NetHsmBackend
A NetHSM backend that provides full control over its data.

Functionsยง

add_namespace_admins ๐Ÿ”’
Sets up all N-Administrators and their respective namespaces.
add_namespaced_keys ๐Ÿ”’
Sets up all namespaced keys and tags them.
add_namespaced_non_administrative_users ๐Ÿ”’
Sets up all namespaced non-administrative users.
add_namespaced_openpgp_certificates ๐Ÿ”’
Adds OpenPGP certificates for namespaced keys that are used for OpenPGP signing.
add_non_administrative_users ๐Ÿ”’
Sets up all system-wide, non-administrative users based on provided credentials.
add_system_wide_admins ๐Ÿ”’
Creates all R-Administrators on a [NetHsm].
add_system_wide_keys ๐Ÿ”’
Sets up all system-wide keys.
add_system_wide_openpgp_certificates ๐Ÿ”’
Adds OpenPGP certificates for system-wide keys that are used for OpenPGP signing.
compare_key_setups ๐Ÿ”’
Compares the key setups of a key from a Signstar config and that of a NetHSM backend.
get_first_available_namespace_admin ๐Ÿ”’
Retrieves the first available user in the [Administrator][UserRole::Administrator] (N-Administrator) role in a namespace.
get_key_certificate_state ๐Ÿ”’
Retrieve the state of a key certificate.
get_key_states ๐Ÿ”’
Retrieves the state for all keys on a [NetHsm] backend.
get_user_states ๐Ÿ”’
Retrieves the state for all users on a [NetHsm] backend.