blob: 833c5ce3cd5043455ac84b89a2780e8d8f4404c9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
Running drmclient.py:
The python drmclient currently requires a little setup to be run.
1. Create a working directory - the code uses /tmp/drmtest
2. In that directory, create an NSS database. In this doc, we will use the
password redhat123 as the password for the NSS db.
certutil -N -d /tmp/drmtest
3. Add a password file /tmp/drmtest/pwdfile.txt. It should contain the password for
the NSS database.
4. Put the transport certificate in a file /tmp/drmtest/transport.crt in binary format.
certutil -L -d /var/lib/pki-kra/alias -n "DRM Transport Certificate" -a > /tmp/drmtest/transport.asc
AtoB /tmp/drmtest/transport.asc /tmp/drmtest/transport.crt
5. Import the transport certificate into the certificate databse in /tmp/drmtest.
certutil -A -d /tmp/drmtest -n "DRM Transport Certificate" -i /tmp/drmtest/transport.asc
5. Run GeneratePKIArchiveOptions to generate some test data. Specifically we will be
using it to generate a symmetric key and its associated PKIArchoveOptions structure
to be archived.
GeneratePKIArchiveOptions -k /tmp/drmtest/symkey.out -w redhat123 -t /tmp/drmtest -o /tmp/drmtest/options.out
6. Run the python code. You will likely need some python modules - python-lxml, python-nss
and ipapython.
The code has the following usage:
usage: drmclient.py [-h] [-d WORK_DIR] [--options OPTIONS_FILE]
[--symkey SYMKEY_FILE] [--host KRA_HOST] [-p KRA_PORT]
[-n KRA_NICKNAME]
Sample Test execution
optional arguments:
-h, --help show this help message and exit
-d WORK_DIR Working directory
--options OPTIONS_FILE
File containing test PKIArchiveOptions to be archived
--symkey SYMKEY_FILE File containing test symkey
--host KRA_HOST DRM hostname
-p KRA_PORT DRM Port
-n KRA_NICKNAME DRM Nickname
For example:
python pki/base/kra/functional/drmclient.py -d /tmp/drmtest -p 10200 -n "DRM Transport Certificate - alee eclipse domain 2"
|