mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-26 00:41:25 -06:00
a1f260d021
The dnssec and secrets subpackages and the p11helper module depend on ipaplatform. Move them to ipaserver as they are used only on the server. https://fedorahosted.org/freeipa/ticket/6474 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
33 lines
897 B
Python
Executable File
33 lines
897 B
Python
Executable File
#!/usr/bin/python2
|
|
|
|
from __future__ import print_function
|
|
|
|
import os
|
|
import sys
|
|
|
|
from ipalib import constants
|
|
from ipalib.config import Env
|
|
from ipaplatform.paths import paths
|
|
from ipaserver.secrets.client import CustodiaClient
|
|
|
|
env = Env()
|
|
env._finalize()
|
|
|
|
keyname = "ca_wrapped/" + sys.argv[1]
|
|
servername = sys.argv[2]
|
|
|
|
service = constants.PKI_GSSAPI_SERVICE_NAME
|
|
client_keyfile = os.path.join(paths.PKI_TOMCAT, service + '.keys')
|
|
client_keytab = os.path.join(paths.PKI_TOMCAT, service + '.keytab')
|
|
|
|
# pylint: disable=no-member
|
|
client = CustodiaClient(
|
|
client_service='%s@%s' % (service, env.host), server=servername,
|
|
realm=env.realm, ldap_uri="ldaps://" + env.host,
|
|
keyfile=client_keyfile, keytab=client_keytab,
|
|
)
|
|
|
|
# Print the response JSON to stdout; it is already in the format
|
|
# that Dogtag's ExternalProcessKeyRetriever expects
|
|
print(client.fetch_key(keyname, store=False))
|