diff options
Diffstat (limited to 'scripts/vault-server-archive.sh')
-rwxr-xr-x | scripts/vault-server-archive.sh | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/scripts/vault-server-archive.sh b/scripts/vault-server-archive.sh new file mode 100755 index 0000000..659c929 --- /dev/null +++ b/scripts/vault-server-archive.sh @@ -0,0 +1,90 @@ +#!/bin/python + +import getopt +import sys + +import pki +import pki.client +import pki.crypto +import pki.key +import pki.kra +import pki.systemcert + +def usage(): + print "usage: vault-server-archive --user-id <user ID> --secret-id <secret ID> --data <data>" + +def main(argv): + + try: + opts, _ = getopt.getopt(argv[1:], 'c:d:hv', [ + 'user-id=', 'secret-id=', 'data=', + 'verbose', 'help']) + + except getopt.GetoptError as e: + print 'ERROR: ' + str(e) + usage() + sys.exit(1) + + verbose = False + + nssdb_directory = "/root/.dogtag/pki-tomcat/ca/alias" + nssdb_password = "Secret123" + + transport_cert_nickname = "KRA Transport Certificate" + admin_cert = "/root/.dogtag/pki-tomcat/ca_admin_cert.pem" + + scheme = 'https' + host = 'localhost' + port = '8443' + subsystem = 'kra' + + user_id = None + secret_id = None + data = None + + for o, a in opts: + if o == '-v': + verbose = True + + elif o == '-d': + nssdb_directory = a + + elif o == '-c': + nssdb_password = a + + elif o == '--user-id': + user_id = a + + elif o == '--secret-id': + secret_id = a + + elif o == '--data': + data = a + + if user_id is None or secret_id is None or data is None: + usage() + sys.exit(1) + + client_key_id = "%s:%s" % (user_id, secret_id) + if verbose: + print "Client Key ID: " + client_key_id + + crypto = pki.crypto.NSSCryptoProvider(nssdb_directory, nssdb_password) + crypto.initialize() + + conn = pki.client.PKIConnection(scheme, host, port, subsystem) + conn.set_authentication_cert(admin_cert) + + kra_client = pki.kra.KRAClient(conn, crypto, transport_cert_nickname) + key_client = kra_client.keys + + response = key_client.archive_key( + client_key_id, + pki.key.KeyClient.PASS_PHRASE_TYPE, + data) + + if verbose: + print "Key ID: " + str(response.get_key_id()) + +if __name__ == '__main__': + main(sys.argv) |