Overview

This page describes key services used by IPA.

pki.key.KeyClient

KeyClient is used in vault_del.post_callback():

response = kra_client.keys.list_keys(
    client_key_id, pki.key.KeyClient.KEY_STATUS_ACTIVE)

for key_info in response.key_infos:
    kra_client.keys.modify_key_status(
        key_info.get_key_id(),
        pki.key.KeyClient.KEY_STATUS_INACTIVE)

KeyClient is used in vault_archive_internal.execute():

response = kra_client.keys.list_keys(
    client_key_id,
    pki.key.KeyClient.KEY_STATUS_ACTIVE)

for key_info in response.key_infos:
    kra_client.keys.modify_key_status(
        key_info.get_key_id(),
        pki.key.KeyClient.KEY_STATUS_INACTIVE)

kra_client.keys.archive_encrypted_data(
    client_key_id,
    pki.key.KeyClient.PASS_PHRASE_TYPE,
    wrapped_vault_data,
    wrapped_session_key,
    algorithm_oid=algorithm_oid,
    nonce_iv=nonce)

KeyClient is used in vault_retrieve_internal.execute():

response = kra_client.keys.list_keys(
    client_key_id,
    pki.key.KeyClient.KEY_STATUS_ACTIVE)

if not len(response.key_infos):
    raise errors.NotFound(reason=_('No archived data.'))

key_info = response.key_infos[0]

kra_client.keys.encrypt_alg_oid = algorithm_oid

key = kra_client.keys.retrieve_key(
    key_info.get_key_id(),
    wrapped_session_key)

Key Services - dogtagpki/freeipa GitHub Wiki

Overview

pki.key.KeyClient

⚠️ GitHub.com Fallback ⚠️

Key Services - dogtagpki/freeipa GitHub Wiki

Overview

pki.key.KeyClient

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️