As a Security Server Administrator I want to be able to configure specific slotIndexes for the tokenmanager to scan

[JyrgenSuvalov]

Affected components: xroad-signer Affected documentation: ig-ss, ug-syspar Estimated delivery: N/A External reference: N/A

Problem With some HSM drivers, it is not possible to configure specific slots for the server to use. With the current tokenmanager logic, this can result in scanning a lot of unnecessary slots.

For example, if the client is using an Utimaco HSM and their private keys are on slot 16, they would have to configure the driver like this:

/etc/utimaco/cs_pkcs11_R2.cfg SlotCount = 16

Following the logic in https://github.com/ria-ee/X-Road/blob/fdc335c9dc0f65eafd97dfa8d17804aef7520458/src/addons/hwtoken/src/main/java/ee/ria/xroad/signer/tokenmanager/module/HardwareModuleWorker.java#L112

for (int slotIndex = 0; slotIndex < slots.length; slotIndex++) { TokenType token = createToken(slots, slotIndex);

The tokenmanager will scan all slots from 0-16.

Adding a configurable hsm_slot_indexes parameter would prevent this

Acceptance criteria

• optional configuration of specific slot indexes is implemented
• ig-ss and ug-syspar are updated

[JyrgenSuvalov]

This has also been addressed here: https://github.com/zpotoloom/X-Road/commit/e2162d8b30294ba0223b7f7ffd02a9574c5da8dc

[JyrgenSuvalov]

Transferred to X-Road Service Desk as an enhancement request.