[Pki-users] Possible bug or at least weird behaviour while listing DRM recovery request

John Magne jmagne at redhat.com
Wed Oct 21 20:29:34 UTC 2015 

Try something like this:

pki  -d ./ -c Secret123 -n "PKI Administrator for localdomain" key-find

This will list the keys and have the id like:

Key ID: 0xe
  Client Key ID: UUID: 123-45-6789 RKEK Wed Sep 16 14:16:07 PDT 2015
  Status: active
  Owner: kraadmin

  Key ID: 0xf
  Client Key ID: Symmetric Key #1234f Wed Sep 16 14:16:08 PDT 2015
  Status: active
  Algorithm: AES
  Size: 128
  Owner: kraadmin

  Key ID: 0x10
  Client Key ID: UUID: 123-45-6789 VEK Wed Sep 16 14:16:08 PDT 2015
  Status: inactive
  Algorithm: AES
  Size: 128
  Owner: kraadmin


----- Original Message -----
From: "Marcin Mierzejewski" <marcinmierzejewski1024 at gmail.com>
To: pki-users at redhat.com
Sent: Wednesday, October 21, 2015 2:57:40 AM
Subject: [Pki-users] Possible bug or at least weird behaviour while listing	DRM recovery request

after requests a key recovery with: 



public RequestId requestRecoveryPrivateKey(KeyId keyID,String base64Certificate ) throws Exception 
{ 
//trim header and footer from cert 
if ( base64Certificate .contains(CertData. HEADER )) { 
base64Certificate = base64Certificate .substring(CertData. HEADER .length(), 
base64Certificate .indexOf(CertData. FOOTER )); 
} 

log ( "Requesting X509 key recovery." + keyID); 
KeyRequestResponse response = keyClient .recoverKey(keyID, null , null , null , base64Certificate ); 
RequestId requestId = response.getRequestId(); 
log ( "ask kra admins to approve request " +requestId); 


KeyRequestInfo info = keyClient .getRequestInfo(requestId); 
log ( "info about request to approve" ); 
printRequestInfo (info); 

return requestId; 
} 

when I try to find request by keyId 
public List<KeyRequestInfo> findRecoveryRequest(KeyId keyid) 
{ 
//        String requestState, 
//        String requestType, 
//        String clientID, 
//        RequestId start, 
//        Integer pageSize, 
//        Integer maxResults, 
//        Integer maxTime) 
ArrayList<KeyRequestInfo> result = new ArrayList<KeyRequestInfo>(); 
KeyRequestInfoCollection requests = keyClient .listRequests( null , "recovery" , null , null , 99999 , Integer. MAX_VALUE , 99999 ); 
for (KeyRequestInfo keyRequestInfo : requests.getEntries()) { 
KeyId reqKeyId = keyRequestInfo.getKeyId(); 
printRequestInfo (keyRequestInfo); 

log ( "req " +keyRequestInfo.getRequestId()+ " " +reqKeyId+ "==" +keyid); 
if (keyid.equals(keyRequestInfo.getKeyId())) 
{ 
result.add(keyRequestInfo); 
} 
} 
log ( "found " + result.size() + " requests" ); 
return result; 
} 

keyClient .listRequests( null , "recovery" , null , null , 99999 , Integer. MAX_VALUE , 99999 ); 
returns collection with null KeyUrl so getKeyId returns also a null 

but when I open requests with some null in KeyUrl in agent ( https://localhost.localdomain:8443/kra/agent/kra/processReq?op=processReq&seqNum=113 ) 
I got all informations I need: 


Request 113 Request Status: pending Type: recovery Created on: 21/10/2015, 11:25:41 Updated by: kraagent Updated on: 21/10/2015, 11:25:41 Recovery Information Key identifier: 42 Recovery Initiating Agent: kraagent Recovery Approving Agents: Action Asynchronous Key Recovery: Grant 

How to get Key Identiver from keyClient? 

_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list