diff options
| -rw-r--r-- | base/server/CMakeLists.txt | 11 | ||||
| -rwxr-xr-x | base/server/libexec/pki-ipa-retrieve-key | 45 | ||||
| -rw-r--r-- | specs/pki-core.spec | 1 |
3 files changed, 0 insertions, 57 deletions
diff --git a/base/server/CMakeLists.txt b/base/server/CMakeLists.txt index 9e5b27833..5a6aea96a 100644 --- a/base/server/CMakeLists.txt +++ b/base/server/CMakeLists.txt @@ -81,17 +81,6 @@ install( install( DIRECTORY - libexec/ - DESTINATION - ${LIBEXEC_INSTALL_DIR} - FILE_PERMISSIONS - OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ -) - -install( - DIRECTORY upgrade DESTINATION ${DATA_INSTALL_DIR}/server/ diff --git a/base/server/libexec/pki-ipa-retrieve-key b/base/server/libexec/pki-ipa-retrieve-key deleted file mode 100755 index 301f818b8..000000000 --- a/base/server/libexec/pki-ipa-retrieve-key +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/python - -from __future__ import print_function - -import ConfigParser -import base64 -import os -import sys - -from jwcrypto.common import json_decode - -from ipalib import constants -from ipaplatform.paths import paths -from ipapython.secrets.client import CustodiaClient - -conf = ConfigParser.ConfigParser() -conf.read(paths.IPA_DEFAULT_CONF) -hostname = conf.get('global', 'host') -realm = conf.get('global', 'realm') - -keyname = "ca_wrapped/" + sys.argv[1] -servername = sys.argv[2] - -service = constants.PKI_GSSAPI_SERVICE_NAME -client_keyfile = os.path.join(paths.PKI_TOMCAT, service + '.keys') -client_keytab = os.path.join(paths.PKI_TOMCAT, service + '.keytab') - -client = CustodiaClient( - client=hostname, server=servername, realm=realm, - ldap_uri="ldaps://" + hostname, - client_servicename=service, - keyfile=client_keyfile, keytab=client_keytab, - ) - -result_json = client.fetch_key(keyname, store=False) -result = json_decode(result_json) -certificate = result["certificate"] -wrapped_key = base64.b64decode(result["wrapped_key"]) - -# Custodia returns a PEM-encoded certificate and a base64-encoded -# DER PKIArchiveOptions object. Output these values, separated by a -# null byte (certificate first), to be read by the Java -# IPACustodiaKeyRetriever that invoked this program. - -print(certificate, wrapped_key, sep='\0', end='') diff --git a/specs/pki-core.spec b/specs/pki-core.spec index 04baec4f8..cdd087c11 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -1016,7 +1016,6 @@ systemctl daemon-reload %{_sbindir}/pki-server %{_sbindir}/pki-server-nuxwdog %{_sbindir}/pki-server-upgrade -%{_libexecdir}/pki-ipa-retrieve-key %{python2_sitelib}/pki/server/ %dir %{_datadir}/pki/deployment %{_datadir}/pki/deployment/config/ |