-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Introduce time duration for apkam keys to auto expire #2085
base: trunk
Are you sure you want to change the base?
fix: Introduce time duration for apkam keys to auto expire #2085
Conversation
…o-expiry-and-time-to-birth-features-for-apkam-keys
…o-expiry-and-time-to-birth-features-for-apkam-keys
…rth-features-for-apkam-keys
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few things missing here:
- Enforcement to prevent a client from authenticating with an enrollment that has expired
- Test(s) to verify the same
- Enforcement in the verb handler(s) to terminate connections whose enrollment has expired
- Test(s) to verify the same
…o-expiry-and-time-to-birth-features-for-apkam-keys # Conflicts: # packages/at_secondary_server/test/enroll_verb_test.dart
…rth-features-for-apkam-keys
@gkc : Addressed the review comments and updated the PR description. Please review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. However, we need to be smarter in terms of dealing with enrollment records - checking every time is necessary, but means an extra fetch from the data store every time. We should create an EnrollmentManager class through which all interaction with enrollment records happens, and which can therefore make appropriate decisions regarding in-memory caching of enrollment records. Can you check the effort involved in doing that - if it's not huge then we should make those changes in this PR also.
- What I did
- How I did it
Duration apkamKeysExpiryDuration
to capture the time duration set by the user. This time duration is propagated to the secondary server.Duration apkamKeysExpiryDuration
in milliseconds. This will ensure that the key expires and is subsequently deleted from the keystore.- How to verify it
Added a unit test to verify the changes.
Added below functional tests:
- Description for the changelog