# Sample one-time crypto worker for short-lived key usage.
#
# This configuration assumes there already exists a crypto worker called
# "CryptoTokenP11".
# See pkcs11-crypto.properties.
#

# Type of worker and implementation
WORKERGENID1.TYPE=CRYPTO_WORKER

WORKERGENID1.IMPLEMENTATION_CLASS=org.signserver.module.onetime.cryptoworker.OneTimeCryptoWorker

# Name for other workers to reference this worker:
WORKERGENID1.NAME=CryptoTokenP12OneTimeSelfSigned
#WORKERGENID1.NAME=CryptoTokenP12OneTimeEjbcaWS
#WORKERGENID1.NAME=CryptoTokenP11OneTimeSelfSigned
#WORKERGENID1.NAME=CryptoTokenP11OneTimeEjbcaWS

# References a CryptoToken
WORKERGENID1.CRYPTOTOKEN=CryptoTokenP12
#WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11

# Key generation
WORKERGENID1.KEYALG=RSA
WORKERGENID1.KEYSPEC=2048
WORKERGENID1.KEYALIAS_PREFIX=

# CA Connector: Self-signed demo connector (not using a real CA)
WORKERGENID1.CACONNECTOR_IMPLEMENTATION=org.signserver.module.onetime.caconnector.SelfSignedCAConnector

# CA Connector: EjbcaPeers (using EJBCA through Peers connector)
#WORKERGENID1.CACONNECTOR_IMPLEMENTATION=org.signserver.module.onetime.caconnector.EjbcaPeersCAConnector

# CA Connector: EjbcaWS (using EJBCA through Web Services)
#WORKERGENID1.CACONNECTOR_IMPLEMENTATION=org.signserver.module.onetime.caconnector.EjbcaWSCAConnector
#WORKERGENID1.TRUSTSTORETYPE=JKS
#WORKERGENID1.TRUSTSTOREVALUE=
#WORKERGENID1.TRUSTSTOREPATH=/opt/jboss-eap-6.4-ca/standalone/configuration/keystore/truststore.jks
#WORKERGENID1.TRUSTSTOREPASSWORD=changeit
#WORKERGENID1.TLSCLIENTKEY=ra00001
#WORKERGENID1.EJBCAWSURL=https\://localhost\:9443/ejbca
#WORKERGENID1.CANAME=DSSSubCA11
#WORKERGENID1.ENDENTITYPROFILE=EMPTY
#WORKERGENID1.CERTIFICATEPROFILE=ENDUSER
#WORKERGENID1.USERNAME_PATTERN=onetime-${transactionId}
#WORKERGENID1.SUBJECTDN_PATTERN=CN=User ${username},UID=${transactionId},O=SignServer Testing,C=SE
#WORKERGENID1.SUBJECTALTNAME_PATTERN=
#WORKERGENID1.CERTIFICATESTARTTIME=
#WORKERGENID1.CERTIFICATEENDTIME=

# CSR Signing
WORKERGENID1.CERTSIGNATUREALGORITHM=SHA256WithRSA