[Pki-users] Possible bug or at least weird behaviour while listing DRM recovery request
Marcin Mierzejewski
marcinmierzejewski1024 at gmail.com
Thu Oct 22 09:30:20 UTC 2015
that's even weirder becouse when I type:
# pki -c pass -n "PKI Administrator for localdomain" key-find --start 0
--size 100
I get list of all keys stored in DRM but this which keys were not filed
with keyUrl and keyId(when i list them with java code from start post) are
on the list with keyId, but without status.
...
Key ID: 0x2d
Algorithm: 1.2.840.113549.1.1.1
Size: 2048
Owner: UID=cachebroker...
Key ID: 0x2e
Algorithm: 1.2.840.113549.1.1.1
Size: 2048
Owner: UID=cachebroker6...
-----------------------------
Number of entries returned 46
2015-10-21 22:29 GMT+02:00 John Magne <jmagne at redhat.com>:
> Try something like this:
>
> pki -d ./ -c Secret123 -n "PKI Administrator for localdomain" key-find
>
> This will list the keys and have the id like:
>
> Key ID: 0xe
> Client Key ID: UUID: 123-45-6789 RKEK Wed Sep 16 14:16:07 PDT 2015
> Status: active
> Owner: kraadmin
>
> Key ID: 0xf
> Client Key ID: Symmetric Key #1234f Wed Sep 16 14:16:08 PDT 2015
> Status: active
> Algorithm: AES
> Size: 128
> Owner: kraadmin
>
> Key ID: 0x10
> Client Key ID: UUID: 123-45-6789 VEK Wed Sep 16 14:16:08 PDT 2015
> Status: inactive
> Algorithm: AES
> Size: 128
> Owner: kraadmin
>
>
> ----- Original Message -----
> From: "Marcin Mierzejewski" <marcinmierzejewski1024 at gmail.com>
> To: pki-users at redhat.com
> Sent: Wednesday, October 21, 2015 2:57:40 AM
> Subject: [Pki-users] Possible bug or at least weird behaviour while
> listing DRM recovery request
>
> after requests a key recovery with:
>
>
>
> public RequestId requestRecoveryPrivateKey(KeyId keyID,String
> base64Certificate ) throws Exception
> {
> //trim header and footer from cert
> if ( base64Certificate .contains(CertData. HEADER )) {
> base64Certificate = base64Certificate .substring(CertData. HEADER
> .length(),
> base64Certificate .indexOf(CertData. FOOTER ));
> }
>
> log ( "Requesting X509 key recovery." + keyID);
> KeyRequestResponse response = keyClient .recoverKey(keyID, null , null ,
> null , base64Certificate );
> RequestId requestId = response.getRequestId();
> log ( "ask kra admins to approve request " +requestId);
>
>
> KeyRequestInfo info = keyClient .getRequestInfo(requestId);
> log ( "info about request to approve" );
> printRequestInfo (info);
>
> return requestId;
> }
>
> when I try to find request by keyId
> public List<KeyRequestInfo> findRecoveryRequest(KeyId keyid)
> {
> // String requestState,
> // String requestType,
> // String clientID,
> // RequestId start,
> // Integer pageSize,
> // Integer maxResults,
> // Integer maxTime)
> ArrayList<KeyRequestInfo> result = new ArrayList<KeyRequestInfo>();
> KeyRequestInfoCollection requests = keyClient .listRequests( null ,
> "recovery" , null , null , 99999 , Integer. MAX_VALUE , 99999 );
> for (KeyRequestInfo keyRequestInfo : requests.getEntries()) {
> KeyId reqKeyId = keyRequestInfo.getKeyId();
> printRequestInfo (keyRequestInfo);
>
> log ( "req " +keyRequestInfo.getRequestId()+ " " +reqKeyId+ "==" +keyid);
> if (keyid.equals(keyRequestInfo.getKeyId()))
> {
> result.add(keyRequestInfo);
> }
> }
> log ( "found " + result.size() + " requests" );
> return result;
> }
>
> keyClient .listRequests( null , "recovery" , null , null , 99999 ,
> Integer. MAX_VALUE , 99999 );
> returns collection with null KeyUrl so getKeyId returns also a null
>
> but when I open requests with some null in KeyUrl in agent (
> https://localhost.localdomain:8443/kra/agent/kra/processReq?op=processReq&seqNum=113
> )
> I got all informations I need:
>
>
> Request 113 Request Status: pending Type: recovery Created on: 21/10/2015,
> 11:25:41 Updated by: kraagent Updated on: 21/10/2015, 11:25:41 Recovery
> Information Key identifier: 42 Recovery Initiating Agent: kraagent Recovery
> Approving Agents: Action Asynchronous Key Recovery: Grant
>
> How to get Key Identiver from keyClient?
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20151022/567e3d31/attachment.htm>
More information about the Pki-users
mailing list