freeipa/ipaplatform
Fraser Tweedale 4660bb7ff0 Add custodia store for lightweight CA key replication
Due to limitations in Dogtag's use of NSSDB, importing private keys
must be done by the Dogtag Java process itself.  This requires a
PKIArchiveOptions format (signing key wrapped with host CA key) -
PKCS #12 cannot be used because that would require decrypting the
key in Dogtag's memory, albeit temporarily.

Add a new custodia store that executes a 'pki' command to acquire
the wrapped key.

Part of: https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-06-09 09:04:27 +02:00
..
base Add custodia store for lightweight CA key replication 2016-06-09 09:04:27 +02:00
fedora Use module variables for timedate_services 2015-12-23 07:57:55 +01:00
redhat ipaplatform.redhat: Use bytestrings when calling rpm.so for version comparison 2016-05-30 16:44:08 +02:00
rhel Use module variables for timedate_services 2015-12-23 07:57:55 +01:00
__init__.py.in Server Upgrade: Verify version and platform 2015-05-04 11:16:26 +00:00
setup.py.in Remove unused imports 2015-12-23 07:59:22 +01:00