Refactor CryptoService and introduce SignOnlyCryptoService

Description

There are cases when existing CryptoService is used for signing data only, i.e. there is no use case for calling generateKeyPair(). One example of it is Bridge/Float during normal operation post initial registration - it signs plenty of data but never generates any new key pairs.

It is therefore proposed to create a parent interface SignOnlyCryptoService which will have all the methods except generateKeyPair() and use SignOnlyCryptoService whenever possible instead of more powerful CryptoService which will also have an option to generate key pairs. So CryptoService will extend from SignOnlyCryptoService.

Going forward it would be even possible to create implementations of SignOnlyCryptoService more simply than full CryptoService. E.g. SignOnlyCryptoService will not require x500PrincipalForCerts as it will never self sign anything.

Status

Assignee

Viktor Kolomeyko

Reporter

Viktor Kolomeyko

Labels

Feature Team

Enterprise Robustness

Story Points

5

Fix versions

None

Ported to...

None

Priority

Medium

Affects versions

Configure