mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
7e92e65190
To support lightweight CA key replication using AES, while retaining backwards compatibility with old servers, it is necessary to signal support for AES. Whereas we currently request a key with the path: /keys/ca_wrapped/<nickname> and whereas paths with > 3 components are unsupported, add support for handlers to signal that they support extra arguments (defaulting to False), those arguments being conveyed as additional path components, e.g.: # 2.16.840.1.101.3.4.1.2 = aes128-cbc /keys/ca_wrapped/<nickname>/2.16.840.1.101.3.4.1.2 This commit only adds the Custodia support for extra handler arguments. Work to support LWCA key replication with AES wrapping will continue in subsequent commits. Part of: https://pagure.io/freeipa/issue/8020 Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>