summaryrefslogtreecommitdiffstats
path: root/base/kra/functional/drmclient.readme.txt
diff options
context:
space:
mode:
Diffstat (limited to 'base/kra/functional/drmclient.readme.txt')
-rw-r--r--base/kra/functional/drmclient.readme.txt50
1 files changed, 50 insertions, 0 deletions
diff --git a/base/kra/functional/drmclient.readme.txt b/base/kra/functional/drmclient.readme.txt
new file mode 100644
index 000000000..833c5ce3c
--- /dev/null
+++ b/base/kra/functional/drmclient.readme.txt
@@ -0,0 +1,50 @@
+Running drmclient.py:
+
+The python drmclient currently requires a little setup to be run.
+
+1. Create a working directory - the code uses /tmp/drmtest
+2. In that directory, create an NSS database. In this doc, we will use the
+ password redhat123 as the password for the NSS db.
+
+ certutil -N -d /tmp/drmtest
+
+3. Add a password file /tmp/drmtest/pwdfile.txt. It should contain the password for
+ the NSS database.
+
+4. Put the transport certificate in a file /tmp/drmtest/transport.crt in binary format.
+
+ certutil -L -d /var/lib/pki-kra/alias -n "DRM Transport Certificate" -a > /tmp/drmtest/transport.asc
+ AtoB /tmp/drmtest/transport.asc /tmp/drmtest/transport.crt
+
+5. Import the transport certificate into the certificate databse in /tmp/drmtest.
+ certutil -A -d /tmp/drmtest -n "DRM Transport Certificate" -i /tmp/drmtest/transport.asc
+
+5. Run GeneratePKIArchiveOptions to generate some test data. Specifically we will be
+ using it to generate a symmetric key and its associated PKIArchoveOptions structure
+ to be archived.
+
+ GeneratePKIArchiveOptions -k /tmp/drmtest/symkey.out -w redhat123 -t /tmp/drmtest -o /tmp/drmtest/options.out
+
+6. Run the python code. You will likely need some python modules - python-lxml, python-nss
+ and ipapython.
+
+ The code has the following usage:
+
+usage: drmclient.py [-h] [-d WORK_DIR] [--options OPTIONS_FILE]
+ [--symkey SYMKEY_FILE] [--host KRA_HOST] [-p KRA_PORT]
+ [-n KRA_NICKNAME]
+
+Sample Test execution
+
+optional arguments:
+ -h, --help show this help message and exit
+ -d WORK_DIR Working directory
+ --options OPTIONS_FILE
+ File containing test PKIArchiveOptions to be archived
+ --symkey SYMKEY_FILE File containing test symkey
+ --host KRA_HOST DRM hostname
+ -p KRA_PORT DRM Port
+ -n KRA_NICKNAME DRM Nickname
+
+For example:
+python pki/base/kra/functional/drmclient.py -d /tmp/drmtest -p 10200 -n "DRM Transport Certificate - alee eclipse domain 2"
generated by cgit (git 2.34.1) at 2024-05-05 03:05:40 +0000