Entrust SAM Crypto Token Properties
EntrustSAMCryptoToken implements the Entrust SAM and requires access to the Entrust SAM interface and nShield HSM.
Once configured, it can be used to create remote signatures on behalf of the users. The EntrustSAMCryptoToken can be attached to any Signer implementation.
The implementation class of the EntrustSAMCryptoToken requires the following properties to be defined:
IMPLEMENTATION_CLASS=com.czertainly.signserver.module.entrustsam.EntrustSAMCryptoWorker
CRYPTOTOKEN_IMPLEMENTATION_CLASS=com.czertainly.signserver.module.entrustsam.EntrustSAMCryptoToken
The Crypto Token seamlessly integrates with the Entrust SAM interface. The EntrustSAMCryptoToken will check the following configuration properties.
| Property | Description | Default Value | Mandatory |
|---|---|---|---|
| ENTRUST_SAM_SERVER | End point to access Entrust SAM service functions. | NONE | YES |
| ENTRUST_TRUST_SELF_SIGNED | True if the self-signed certificate of the Entrust SAM can be trusted. False otherwise. | false | NO |
| ENTRUST_CONNECTION_POOL_SIZE | Number as the maximum size of the pooled connections with the Entrust SAM. This value can be fine-tuned to optimize the performance of the signing process. | 100 | NO |
| OTHER_SIGNERS | Sets the reference to the Crypto Token containing the key that is used to authenticate to the Entrust SAM. Only one value should be specified for this attribute. In case it contains multiple comma separated references to Crypto Token, the first one is taken. | NONE | YES |
| ENTRUST_CLIENT_AUTHENTICATION_KEY_ALIAS | Identification of the key, based on alias, that should be used to authenticate to the Entrust SAM interface. The key alias is taken from the OTHER_SIGNERS Crypto Token configuration. | NONE | YES |
| SAD_PROVIDER_IMPLEMENTATION_CLASS | Implementation class for Signature Activation Protocol handling between the Signature Integration Component and the Signature Activation Module. This is the interface for providing the Signature Activation Data to be used in order to execute signing operation. | NONE See SAD Providers for more information. | YES |
| ENTRUST_MAX_CONNECTIONS_PER_ROUTE | Number defining the maximum number of pooled connections per route (per target host). Increasing this value can improve concurrency when multiple requests are executed in parallel. | 80 | NO |
| ENTRUST_CONNECTION_REQUEST_TIMEOUT | Number (in seconds) defining how long to wait for a connection to become available from the connection pool before timing out. | 5 | NO |
| ENTRUST_CONNECT_TIMEOUT | Number (in seconds) defining the maximum time to establish a TCP connection. This includes the time to complete the socket handshake. | 10 | NO |
| ENTRUST_SOCKET_TIMEOUT | Number (in seconds) defining the maximum period of inactivity when waiting for data on an established socket connection. | 30 | NO |
| ENTRUST_RESPONSE_TIMEOUT | Number (in seconds) defining the maximum total time to wait for the entire HTTP response once the request has been sent. | 30 | NO |