freeipa/ipaserver/secrets
Fraser Tweedale 7e92e65190 IPASecStore: support extra key arguments
To support lightweight CA key replication using AES, while retaining
backwards compatibility with old servers, it is necessary to signal
support for AES.  Whereas we currently request a key with the path:

  /keys/ca_wrapped/<nickname>

and whereas paths with > 3 components are unsupported, add support
for handlers to signal that they support extra arguments (defaulting
to False), those arguments being conveyed as additional path
components, e.g.:

  # 2.16.840.1.101.3.4.1.2 = aes128-cbc
  /keys/ca_wrapped/<nickname>/2.16.840.1.101.3.4.1.2

This commit only adds the Custodia support for extra handler
arguments.  Work to support LWCA key replication with AES wrapping
will continue in subsequent commits.

Part of: https://pagure.io/freeipa/issue/8020

Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
2019-09-25 12:42:06 +10:00
..
handlers Don't create log files from help scripts 2019-09-24 15:23:30 +02:00
__init__.py ipapython: move dnssec, p11helper and secrets to ipaserver 2016-11-29 14:50:51 +01:00
client.py Fix CustodiaClient ccache handling 2019-06-18 10:36:24 +10:00
common.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
kem.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
service.py secrets: disable relative-imports for custodia 2017-09-08 15:42:07 +02:00
store.py IPASecStore: support extra key arguments 2019-09-25 12:42:06 +10:00