Introducing Auto-Expiry and Time-to-Birth Features for APKAM Keys

[sitaram-kalluri]

Is your feature request related to a problem? Please describe.

Currently, the APKAM keys do not have an auto-expiry feature. Enhance the APKAM keys by allowing users to set an auto-expiry, after which the keys will no longer be valid for authentication.

Additionally, introduce a time-to-birth mechanism, enabling users to specify when the atKeys will become active, alongside the existing time-to-live functionality.

Describe the solution you'd like

• In the enrollment request, allow user to specify "TTL" and "TTB" which represents the time duration in minutes. When TTL represents "time to live", beyond which the APKAM keys will be inactive for usage.
• When TTL is met, the APKAM keys cannot be used for authentication and subsequently the enrollment data will be deleted from the keystore.

[sitaram-kalluri]

• Completed the code the changes in at_commons, at_auth packages and are published.
• Completed the code changes in at_secondary_server and changes are merged to trunk.
• Completed the code changes in at_onboarding_cli. Merged the changes in at_onboarding_cli to trunk.

[sitaram-kalluri]

Pending work on ticket is to publish at_onboarding_cli package.

[gkc]

Pending work on ticket is to publish at_onboarding_cli package.

@sitaram-kalluri at_onboarding_cli version 1.7.0 was published yesterday so it should include your changes. ( Version 1.8.0 will be published once the latest atServer canary release has been promoted to prod and rolled out )

[sitaram-kalluri]

The changes are published in at_onboarding_cli v1.7.0. Therefore, closing the ticket.