summaryrefslogtreecommitdiffstats
path: root/ipaserver/secrets
diff options
context:
space:
mode:
Diffstat (limited to 'ipaserver/secrets')
-rw-r--r--ipaserver/secrets/kem.py11
1 files changed, 11 insertions, 0 deletions
diff --git a/ipaserver/secrets/kem.py b/ipaserver/secrets/kem.py
index 28fb4d31b..74ae70d5d 100644
--- a/ipaserver/secrets/kem.py
+++ b/ipaserver/secrets/kem.py
@@ -24,6 +24,7 @@ import ldap
IPA_REL_BASE_DN = 'cn=custodia,cn=ipa,cn=etc'
IPA_KEYS_QUERY = '(&(ipaKeyUsage={usage:s})(memberPrincipal={princ:s}))'
+IPA_CHECK_QUERY = '(cn=enc/{host:s})'
RFC5280_USAGE_MAP = {KEY_USAGE_SIG: 'digitalSignature',
KEY_USAGE_ENC: 'dataEncipherment'}
@@ -78,6 +79,16 @@ class KEMLdap(iSecLdap):
jwk['use'] = KEY_USAGE_MAP[usage]
return json_encode(jwk)
+ def check_host_keys(self, host):
+ conn = self.connect()
+ scope = ldap.SCOPE_SUBTREE
+
+ ldap_filter = self.build_filter(IPA_CHECK_QUERY, {'host': host})
+ r = conn.search_s(self.keysbase, scope, ldap_filter)
+ if len(r) != 1:
+ raise ValueError("Incorrect number of results (%d) searching for"
+ "public key for %s" % (len(r), host))
+
def _format_public_key(self, key):
if isinstance(key, str):
jwkey = json_decode(key)
generated by cgit (git 2.34.1) at 2025-09-01 16:08:31 +0000