# Sample configuration of a Fortanix crypto worker

# Type of worker and implementation
WORKERGENID1.TYPE=PROCESSABLE
WORKERGENID1.IMPLEMENTATION_CLASS=org.signserver.module.signumsigner.SignumSigner
WORKERGENID1.AUTHTYPE=org.signserver.server.managed.ManagedAuthorizer

# Uses a Fortanix cloud key vault
WORKERGENID1.CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.server.enterprise.cryptotokens.FortanixCryptoToken

# Name for other workers to reference this worker:
WORKERGENID1.NAME=CryptoTokenFortanix

# Exposes the worker through the Managed REST API
WORKERGENID1.MANAGED_VISIBLE=true
#WORKERGENID1.MANAGED_VISIBLE=false

# The base URL for the Fortanix DSM REST API (optional)
WORKERGENID1.FORTANIX_BASE_ADDRESS=
#WORKERGENID1.FORTANIX_BASE_ADDRESS=https://apps.smartkey.io

# Optional password of the slot. If specified the token is "auto-activated".
WORKERGENID1.PIN=

# If a default key is configured, activation is tested by using the default key. If there is no configured default key,
# the activation is tested by a test connection to the Fortanix instance.
#WORKERGENID1.DEFAULTKEY=testkey0
#WORKERGENID1.DEFAULTKEY=

# If the signer should by default use client-side hashing (the request data
# to the signer is implied to be the pre-computed digest), this requires
# the ACCEPTED_HASH_DIGEST_ALGORITHMS property to be set
WORKERGENID1.CLIENTSIDEHASHING=true

# If the signer should allow overriding whether the request is using a client-
# side digest or not (by a request metadata parameter)
#WORKERGENID1.ALLOW_CLIENTSIDEHASHING_OVERRIDE=true

# Accepted digest hash algorithms used when the request is using a client-side
# hash, this is required if any of CLIENTSIDEHASHING,
# or ALLOW_CLIENTSIDEHASHING_OVERRIDE is defined and set to "true"
WORKERGENID1.ACCEPTED_HASH_DIGEST_ALGORITHMS=SHA-256,SHA-384,SHA-512 

# If the key usage counter is disabled
WORKERGENID1.DISABLEKEYUSAGECOUNTER=true