diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-07-20 08:03:44 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-20 08:03:44 +0200 |
| commit | d57fd66d687211a0fa62ad515872749d2946bb8e (patch) | |
| tree | 8b1f3233e66da75ad764888aefa6e1ee533cc82d /scripts/vault-server-remove.sh | |
| parent | f0f39288d640a0b0a755c49fdc08f1219c386ca7 (diff) | |
| download | pki-dev-d57fd66d687211a0fa62ad515872749d2946bb8e.tar.gz pki-dev-d57fd66d687211a0fa62ad515872749d2946bb8e.tar.xz pki-dev-d57fd66d687211a0fa62ad515872749d2946bb8e.zip | |
Added vault scripts.
Diffstat (limited to 'scripts/vault-server-remove.sh')
| -rwxr-xr-x | scripts/vault-server-remove.sh | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/scripts/vault-server-remove.sh b/scripts/vault-server-remove.sh new file mode 100755 index 0000000..a66f2cf --- /dev/null +++ b/scripts/vault-server-remove.sh @@ -0,0 +1,76 @@ +#!/bin/python + +import getopt +import sys + +import pki +import pki.client +import pki.crypto +import pki.key +import pki.kra +import pki.systemcert + +def usage(): + print "usage: vault-server-remove --user-id <user ID> --secret-id <secret ID>" + +def main(argv): + + try: + opts, _ = getopt.getopt(argv[1:], 'c:d:hv', [ + 'user-id=', 'secret-id=', + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + usage() + sys.exit(1) + + nssdb_directory = "/root/.dogtag/pki-tomcat/ca/alias" + nssdb_password = "Secret123" + + transport_cert_nickname = "KRA Transport Certificate" + admin_cert = "/root/.dogtag/pki-tomcat/ca_admin_cert.pem" + + scheme = 'https' + host = 'localhost' + port = '8443' + subsystem = 'kra' + + user_id = None + secret_id = None + + for o, a in opts: + if o == '-d': + nssdb_directory = a + + elif o == '-c': + nssdb_password = a + + elif o == '--user-id': + user_id = a + + elif o == '--secret-id': + secret_id = a + + if user_id is None or secret_id is None: + usage() + sys.exit(1) + + client_key_id = '%s:%s' % (user_id, secret_id) + + crypto = pki.crypto.NSSCryptoProvider(nssdb_directory, nssdb_password) + crypto.initialize() + + conn = pki.client.PKIConnection(scheme, host, port, subsystem) + conn.set_authentication_cert(admin_cert) + + kra_client = pki.kra.KRAClient(conn, crypto, transport_cert_nickname) + key_client = kra_client.keys + + key_info = key_client.get_active_key_info(client_key_id) + key_id = key_info.get_key_id() + + key_client.modify_key_status(key_id, pki.key.KeyClient.KEY_STATUS_INACTIVE) + +if __name__ == '__main__': + main(sys.argv) |