From d57fd66d687211a0fa62ad515872749d2946bb8e Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Thu, 20 Jul 2017 08:03:44 +0200
Subject: Added vault scripts.

---
 scripts/vault-server-retrieve.sh | 77 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100755 scripts/vault-server-retrieve.sh

(limited to 'scripts/vault-server-retrieve.sh')

diff --git a/scripts/vault-server-retrieve.sh b/scripts/vault-server-retrieve.sh
new file mode 100755
index 0000000..84652b1
--- /dev/null
+++ b/scripts/vault-server-retrieve.sh
@@ -0,0 +1,77 @@
+#!/bin/python
+
+import getopt
+import sys
+
+import pki
+import pki.client
+import pki.crypto
+import pki.key
+import pki.kra
+
+def usage():
+    print "usage: vault-server-retrieve --user-id <user ID> --secret-id <secret ID>"
+
+def main(argv):
+
+    try:
+        opts, _ = getopt.getopt(argv[1:], 'c:d:hv', [
+            'user-id=', 'secret-id=',
+            'verbose', 'help'])
+
+    except getopt.GetoptError as e:
+        print 'ERROR: ' + str(e)
+        usage()
+        sys.exit(1)
+
+    nssdb_directory = "/root/.dogtag/pki-tomcat/ca/alias"
+    nssdb_password = "Secret123"
+
+    transport_cert_nickname = "KRA Transport Certificate"
+    admin_cert = "/root/.dogtag/pki-tomcat/ca_admin_cert.pem"
+
+    scheme = 'https'
+    host = 'localhost'
+    port = '8443'
+    subsystem = 'kra'
+
+    user_id = None
+    secret_id = None
+
+    for o, a in opts:
+        if o == '-d':
+            nssdb_directory = a
+
+        elif o == '-c':
+            nssdb_password = a
+
+        elif o == '--user-id':
+            user_id = a
+
+        elif o == '--secret-id':
+            secret_id = a
+
+    if user_id is None or secret_id is None:
+        usage()
+        sys.exit(1)
+
+    client_key_id = '%s:%s' % (user_id, secret_id)
+
+    crypto = pki.crypto.NSSCryptoProvider(nssdb_directory, nssdb_password)
+    crypto.initialize()
+
+    conn = pki.client.PKIConnection(scheme, host, port, subsystem)
+    conn.set_authentication_cert(admin_cert)
+
+    kra_client = pki.kra.KRAClient(conn, crypto, transport_cert_nickname)
+    key_client = kra_client.keys
+
+    key_info = key_client.get_active_key_info(client_key_id)
+    key_id = key_info.get_key_id()
+
+    response = key_client.retrieve_key(key_id)
+
+    print response.data
+
+if __name__ == '__main__':
+    main(sys.argv)
-- 
cgit