In situations when the key generation operation needs to managed outside of SignServer (i.e. because of dual control requirements on key generation or for HSM:s where keys needs to be generated in an other way like with EJBCA Client Tool Box or vendor tools), we could introduce an option to completely disable the key generation function.
- [x] Add a deploy-time configuration property in signserver_deploy.properties, like disableKeyGeneration=true/false (default false)
- [x] When true, deny the WorkerSession.generateSignerKey operation.
- [x] In the AdminWeb, hide or display a disabled Renew Key buttons and/or display a message about the key generation being disabled
- [x] Check all places accessing cryptotoken.generate function (in case there is some more place than in workersession)
- [x] Updated documentation: http://confluence.primekey.com/display/SIGNDS/.Deploy-time+Configuration+v5.2.0
- [x] System test calling worker session
- [x] System test using CLI
- [x] Manual test case for AdminWeb (buttons hidden etc): DSSQA-111
- [x] Modify the existing tests to either expect this setting to true or to skip this test (use something like test.disablekeygen.disabled=true/false in test-config.properties + AssumeTrue in JUnit)