diff options
author | Petr Spacek <pspacek@redhat.com> | 2015-12-15 14:13:23 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-01-07 14:13:23 +0100 |
commit | 3c9c37cec1180fb6adcb8d59e367cf022d73aef1 (patch) | |
tree | 28c009188cea9505c84b3bc2a0cf390fd51c6f7b /ipapython/dnssec/ldapkeydb.py | |
parent | e9cdaa19924a16e811ebbdd04d5a305b0608304a (diff) | |
download | freeipa-3c9c37cec1180fb6adcb8d59e367cf022d73aef1.tar.gz freeipa-3c9c37cec1180fb6adcb8d59e367cf022d73aef1.tar.xz freeipa-3c9c37cec1180fb6adcb8d59e367cf022d73aef1.zip |
DNSSEC: add debug mode to ldapkeydb.py
ldapkeydb.py can be executed directly now. In that case it will print
out key metadata as obtained using IPA LDAP API.
Kerberos credential cache has to be filled with principal posessing
appropriate access rights before the script is execured.
https://fedorahosted.org/freeipa/ticket/5348
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipapython/dnssec/ldapkeydb.py')
-rw-r--r-- | ipapython/dnssec/ldapkeydb.py | 54 |
1 files changed, 52 insertions, 2 deletions
diff --git a/ipapython/dnssec/ldapkeydb.py b/ipapython/dnssec/ldapkeydb.py index 7895832d5..3f9fbcfa7 100644 --- a/ipapython/dnssec/ldapkeydb.py +++ b/ipapython/dnssec/ldapkeydb.py @@ -4,9 +4,12 @@ from binascii import hexlify import collections +from pprint import pprint import ipalib from ipapython.dn import DN +from ipapython import ipaldap +from ipapython import ipa_log_manager from ipapython.dnssec.abshsm import ( attrs_name2id, @@ -134,8 +137,12 @@ class Key(collections.MutableMapping): def __len__(self): return len(self.entry) - def __str__(self): - return str(self.entry) + def __repr__(self): + sanitized = dict(self.entry) + for attr in ['ipaPrivateKey', 'ipaPublicKey', 'ipk11publickeyinfo']: + if attr in sanitized: + del sanitized[attr] + return repr(sanitized) def _cleanup_key(self): """remove default values from LDAP entry""" @@ -346,3 +353,46 @@ class LdapKeyDB(AbstractHSM): '(&(objectClass=ipk11PrivateKey)(objectClass=ipaPrivateKeyObject)(objectClass=ipk11PublicKey)(objectClass=ipaPublicKeyObject))')) return self.cache_zone_keypairs + +if __name__ == '__main__': + # this is debugging mode + # print information we think are useful to stdout + # other garbage goes via logger to stderr + ipa_log_manager.standard_logging_setup(debug=True) + log = ipa_log_manager.root_logger + + # IPA framework initialization + ipalib.api.bootstrap(in_server=True, log=None) # no logging to file + ipalib.api.finalize() + + # LDAP initialization + dns_dn = DN(ipalib.api.env.container_dns, ipalib.api.env.basedn) + ldap = ipaldap.LDAPClient(ipalib.api.env.ldap_uri) + log.debug('Connecting to LDAP') + # GSSAPI will be used, used has to be kinited already + ldap.gssapi_bind() + log.debug('Connected') + + ldapkeydb = LdapKeyDB(log, ldap, DN(('cn', 'keys'), ('cn', 'sec'), + ipalib.api.env.container_dns, + ipalib.api.env.basedn)) + + print('replica public keys: CKA_WRAP = TRUE') + print('====================================') + for pubkey_id, pubkey in ldapkeydb.replica_pubkeys_wrap.items(): + print(hexlify(pubkey_id)) + pprint(pubkey) + + print('') + print('master keys') + print('===========') + for mkey_id, mkey in ldapkeydb.master_keys.items(): + print(hexlify(mkey_id)) + pprint(mkey) + + print('') + print('zone key pairs') + print('==============') + for key_id, key in ldapkeydb.zone_keypairs.items(): + print(hexlify(key_id)) + pprint(key) |