Running drmclient.py:

The python drmclient currently requires a little setup to be run.

1. Create a working directory - the code uses /tmp/drmtest
2. In that directory, create an NSS database.  In this doc, we will use the 
   password redhat123 as the password for the NSS db.

   certutil -N -d /tmp/drmtest

3. Add a password file /tmp/drmtest/pwdfile.txt.  It should contain the password for
   the NSS database.

4. Put the transport certificate in a file /tmp/drmtest/transport.crt in binary format.

   certutil -L -d /var/lib/pki-kra/alias -n "DRM Transport Certificate" -a > /tmp/drmtest/transport.asc
   AtoB /tmp/drmtest/transport.asc /tmp/drmtest/transport.crt

5. Import the transport certificate into the certificate databse in /tmp/drmtest.
   certutil -A -d /tmp/drmtest -n "DRM Transport Certificate" -i /tmp/drmtest/transport.asc

5. Run GeneratePKIArchiveOptions to generate some test data.   Specifically we will be 
   using it to generate a symmetric key and its associated PKIArchoveOptions structure
   to be archived.

   GeneratePKIArchiveOptions -k /tmp/drmtest/symkey.out -w redhat123 -t /tmp/drmtest -o /tmp/drmtest/options.out

6. Run the python code.  You will likely need some python modules - python-lxml, python-nss
   and ipapython.

   The code has the following usage:

usage: drmclient.py [-h] [-d WORK_DIR] [--options OPTIONS_FILE]
                    [--symkey SYMKEY_FILE] [--host KRA_HOST] [-p KRA_PORT]
                    [-n KRA_NICKNAME]

Sample Test execution

optional arguments:
  -h, --help            show this help message and exit
  -d WORK_DIR           Working directory
  --options OPTIONS_FILE
                        File containing test PKIArchiveOptions to be archived
  --symkey SYMKEY_FILE  File containing test symkey
  --host KRA_HOST       DRM hostname
  -p KRA_PORT           DRM Port
  -n KRA_NICKNAME       DRM Nickname

For example:
python pki/base/kra/functional/drmclient.py -d /tmp/drmtest -p 10200 -n "DRM Transport Certificate - alee eclipse domain 2"