Uploaded image for project: 'SignServer'
  1. SignServer
  2. DSS-1976

Option to disable key generation operation

    Details

    • Sprint:
      SignServer-Sprint 102, SignServer-Sprint 103

      Description

      In situations when the key generation operation needs to managed outside of SignServer (i.e. because of dual control requirements on key generation or for HSM:s where keys needs to be generated in an other way like with EJBCA Client Tool Box or vendor tools), we could introduce an option to completely disable the key generation function.

       

      • [x] Add a deploy-time configuration property in signserver_deploy.properties, like disableKeyGeneration=true/false (default false)
      • [x] When true, deny the WorkerSession.generateSignerKey operation.
      • [x] In the AdminWeb, hide or display a disabled Renew Key buttons and/or display a message about the key generation being disabled
      • [x] Check all places accessing cryptotoken.generate function (in case there is some more place than in workersession)
      • [x] Updated documentation: http://confluence.primekey.com/display/SIGNDS/.Deploy-time+Configuration+v5.2.0
      • [x] System test calling worker session
      • [x] System test using CLI
      • [x] Manual test case for AdminWeb (buttons hidden etc): DSSQA-111
      • [x] Modify the existing tests to either expect this setting to true or to skip this test (use something like test.disablekeygen.disabled=true/false in test-config.properties + AssumeTrue in JUnit)

       

        Attachments

          Activity

            People

            Assignee:
            markus Markus Kilås
            Reporter:
            markus Markus Kilås
            Verified by:
            Marcus Lundblad
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 1 day
                1d
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours, 20 minutes Time Not Required
                2h 20m