Check ca_wrapped in ipa-custodia-check

ca_wrapped uses Dogtag's pki tool (written in Java) to wrap key material. Add checks to custodia to verify that key wrapping works. Related: https://pagure.io/freeipa/issue/8488 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Francois Cami <fcami@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-09-16 17:01:29 +02:00
parent a96b89388d
commit fbb6484dbe
5 changed files with 20 additions and 0 deletions
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -395,6 +395,7 @@ class BasePathNamespace:
    IPA_CUSTODIA_SOCKET = '/run/httpd/ipa-custodia.sock'
    IPA_CUSTODIA_AUDIT_LOG = '/var/log/ipa-custodia.audit.log'
    IPA_CUSTODIA_HANDLER = "/usr/libexec/ipa/custodia"
+    IPA_CUSTODIA_CHECK = "/usr/libexec/ipa/ipa-custodia-check"
    IPA_GETKEYTAB = '/usr/sbin/ipa-getkeytab'
    EXTERNAL_SCHEMA_DIR = '/usr/share/ipa/schema.d'
    GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf'