[Pki-users] Possible bug or at least weird behaviour while listing DRM recovery request

Marcin Mierzejewski marcinmierzejewski1024 at gmail.com
Thu Oct 22 09:30:20 UTC 2015 

that's even  weirder becouse when I type:
# pki -c pass -n "PKI Administrator for localdomain" key-find --start 0
--size 100

I get list of all keys stored in DRM but this which keys were not filed
with keyUrl and keyId(when i list them with java code from start post) are
on the list with keyId, but without status.

...
  Key ID: 0x2d
  Algorithm: 1.2.840.113549.1.1.1
  Size: 2048
  Owner: UID=cachebroker...

  Key ID: 0x2e
  Algorithm: 1.2.840.113549.1.1.1
  Size: 2048
  Owner: UID=cachebroker6...
-----------------------------
Number of entries returned 46



2015-10-21 22:29 GMT+02:00 John Magne <jmagne at redhat.com>:

> Try something like this:
>
> pki  -d ./ -c Secret123 -n "PKI Administrator for localdomain" key-find
>
> This will list the keys and have the id like:
>
> Key ID: 0xe
>   Client Key ID: UUID: 123-45-6789 RKEK Wed Sep 16 14:16:07 PDT 2015
>   Status: active
>   Owner: kraadmin
>
>   Key ID: 0xf
>   Client Key ID: Symmetric Key #1234f Wed Sep 16 14:16:08 PDT 2015
>   Status: active
>   Algorithm: AES
>   Size: 128
>   Owner: kraadmin
>
>   Key ID: 0x10
>   Client Key ID: UUID: 123-45-6789 VEK Wed Sep 16 14:16:08 PDT 2015
>   Status: inactive
>   Algorithm: AES
>   Size: 128
>   Owner: kraadmin
>
>
> ----- Original Message -----
> From: "Marcin Mierzejewski" <marcinmierzejewski1024 at gmail.com>
> To: pki-users at redhat.com
> Sent: Wednesday, October 21, 2015 2:57:40 AM
> Subject: [Pki-users] Possible bug or at least weird behaviour while
> listing     DRM recovery request
>
> after requests a key recovery with:
>
>
>
> public RequestId requestRecoveryPrivateKey(KeyId keyID,String
> base64Certificate ) throws Exception
> {
> //trim header and footer from cert
> if ( base64Certificate .contains(CertData. HEADER )) {
> base64Certificate = base64Certificate .substring(CertData. HEADER
> .length(),
> base64Certificate .indexOf(CertData. FOOTER ));
> }
>
> log ( "Requesting X509 key recovery." + keyID);
> KeyRequestResponse response = keyClient .recoverKey(keyID, null , null ,
> null , base64Certificate );
> RequestId requestId = response.getRequestId();
> log ( "ask kra admins to approve request " +requestId);
>
>
> KeyRequestInfo info = keyClient .getRequestInfo(requestId);
> log ( "info about request to approve" );
> printRequestInfo (info);
>
> return requestId;
> }
>
> when I try to find request by keyId
> public List<KeyRequestInfo> findRecoveryRequest(KeyId keyid)
> {
> //        String requestState,
> //        String requestType,
> //        String clientID,
> //        RequestId start,
> //        Integer pageSize,
> //        Integer maxResults,
> //        Integer maxTime)
> ArrayList<KeyRequestInfo> result = new ArrayList<KeyRequestInfo>();
> KeyRequestInfoCollection requests = keyClient .listRequests( null ,
> "recovery" , null , null , 99999 , Integer. MAX_VALUE , 99999 );
> for (KeyRequestInfo keyRequestInfo : requests.getEntries()) {
> KeyId reqKeyId = keyRequestInfo.getKeyId();
> printRequestInfo (keyRequestInfo);
>
> log ( "req " +keyRequestInfo.getRequestId()+ " " +reqKeyId+ "==" +keyid);
> if (keyid.equals(keyRequestInfo.getKeyId()))
> {
> result.add(keyRequestInfo);
> }
> }
> log ( "found " + result.size() + " requests" );
> return result;
> }
>
> keyClient .listRequests( null , "recovery" , null , null , 99999 ,
> Integer. MAX_VALUE , 99999 );
> returns collection with null KeyUrl so getKeyId returns also a null
>
> but when I open requests with some null in KeyUrl in agent (
> https://localhost.localdomain:8443/kra/agent/kra/processReq?op=processReq&seqNum=113
> )
> I got all informations I need:
>
>
> Request 113 Request Status: pending Type: recovery Created on: 21/10/2015,
> 11:25:41 Updated by: kraagent Updated on: 21/10/2015, 11:25:41 Recovery
> Information Key identifier: 42 Recovery Initiating Agent: kraagent Recovery
> Approving Agents: Action Asynchronous Key Recovery: Grant
>
> How to get Key Identiver from keyClient?
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20151022/567e3d31/attachment.htm>

More information about the Pki-users mailing list