summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/server/CMakeLists.txt11
-rwxr-xr-xbase/server/libexec/pki-ipa-retrieve-key45
-rw-r--r--specs/pki-core.spec1
3 files changed, 0 insertions, 57 deletions
diff --git a/base/server/CMakeLists.txt b/base/server/CMakeLists.txt
index 9e5b27833..5a6aea96a 100644
--- a/base/server/CMakeLists.txt
+++ b/base/server/CMakeLists.txt
@@ -81,17 +81,6 @@ install(
install(
DIRECTORY
- libexec/
- DESTINATION
- ${LIBEXEC_INSTALL_DIR}
- FILE_PERMISSIONS
- OWNER_EXECUTE OWNER_WRITE OWNER_READ
- GROUP_EXECUTE GROUP_READ
- WORLD_EXECUTE WORLD_READ
-)
-
-install(
- DIRECTORY
upgrade
DESTINATION
${DATA_INSTALL_DIR}/server/
diff --git a/base/server/libexec/pki-ipa-retrieve-key b/base/server/libexec/pki-ipa-retrieve-key
deleted file mode 100755
index 301f818b8..000000000
--- a/base/server/libexec/pki-ipa-retrieve-key
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/usr/bin/python
-
-from __future__ import print_function
-
-import ConfigParser
-import base64
-import os
-import sys
-
-from jwcrypto.common import json_decode
-
-from ipalib import constants
-from ipaplatform.paths import paths
-from ipapython.secrets.client import CustodiaClient
-
-conf = ConfigParser.ConfigParser()
-conf.read(paths.IPA_DEFAULT_CONF)
-hostname = conf.get('global', 'host')
-realm = conf.get('global', 'realm')
-
-keyname = "ca_wrapped/" + sys.argv[1]
-servername = sys.argv[2]
-
-service = constants.PKI_GSSAPI_SERVICE_NAME
-client_keyfile = os.path.join(paths.PKI_TOMCAT, service + '.keys')
-client_keytab = os.path.join(paths.PKI_TOMCAT, service + '.keytab')
-
-client = CustodiaClient(
- client=hostname, server=servername, realm=realm,
- ldap_uri="ldaps://" + hostname,
- client_servicename=service,
- keyfile=client_keyfile, keytab=client_keytab,
- )
-
-result_json = client.fetch_key(keyname, store=False)
-result = json_decode(result_json)
-certificate = result["certificate"]
-wrapped_key = base64.b64decode(result["wrapped_key"])
-
-# Custodia returns a PEM-encoded certificate and a base64-encoded
-# DER PKIArchiveOptions object. Output these values, separated by a
-# null byte (certificate first), to be read by the Java
-# IPACustodiaKeyRetriever that invoked this program.
-
-print(certificate, wrapped_key, sep='\0', end='')
diff --git a/specs/pki-core.spec b/specs/pki-core.spec
index 04baec4f8..cdd087c11 100644
--- a/specs/pki-core.spec
+++ b/specs/pki-core.spec
@@ -1016,7 +1016,6 @@ systemctl daemon-reload
%{_sbindir}/pki-server
%{_sbindir}/pki-server-nuxwdog
%{_sbindir}/pki-server-upgrade
-%{_libexecdir}/pki-ipa-retrieve-key
%{python2_sitelib}/pki/server/
%dir %{_datadir}/pki/deployment
%{_datadir}/pki/deployment/config/