getServerIdentity

Obtain a server identity (private key + certificate chain) of a particular type.

First, consult the server configuration. Setting "server_identities" if present, must be a JSON object. Field with the name serverIdentity.jsonName, if present, must contain a serialized AsymmetricKey that holds the required identity.

Otherwise, an previously-created identity is looked up in the database.

Otherwise, if "self_enroll" setting is set to true or the server is running with localhost url, a new private key is generated and a certificate is created locally on this server (signed using key obtained using getRootIdentity function).

Otherwise, a request is made to an enrollment server (set by "enrollment_server_url" setting, "https://issuer.multipaz.org/records" by default) to issue a new certificate using Enrollment interface.

The private key alias and the certificate chain are then stored in the database, so they can be used in the future.