e0ab38
From 3daffad0d0e14790147fb7a3ba9be7072b79f3e2 Mon Sep 17 00:00:00 2001
e0ab38
From: Petr Spacek <pspacek@redhat.com>
e0ab38
Date: Tue, 15 Dec 2015 14:13:23 +0100
e0ab38
Subject: [PATCH] DNSSEC: add debug mode to ldapkeydb.py
e0ab38
e0ab38
ldapkeydb.py can be executed directly now. In that case it will print
e0ab38
out key metadata as obtained using IPA LDAP API.
e0ab38
e0ab38
Kerberos credential cache has to be filled with principal posessing
e0ab38
appropriate access rights before the script is execured.
e0ab38
e0ab38
https://fedorahosted.org/freeipa/ticket/5348
e0ab38
e0ab38
Reviewed-By: Martin Basti <mbasti@redhat.com>
e0ab38
Reviewed-By: Martin Basti <mbasti@redhat.com>
e0ab38
---
e0ab38
 ipapython/dnssec/ldapkeydb.py | 54 +++++++++++++++++++++++++++++++++++++++++--
e0ab38
 1 file changed, 52 insertions(+), 2 deletions(-)
e0ab38
e0ab38
diff --git a/ipapython/dnssec/ldapkeydb.py b/ipapython/dnssec/ldapkeydb.py
e0ab38
index 74371ae19ca2fb7564a343cc79be20798b99f6d2..54a1fba1d2db8f27c9c9b881ff42201365852587 100644
e0ab38
--- a/ipapython/dnssec/ldapkeydb.py
e0ab38
+++ b/ipapython/dnssec/ldapkeydb.py
e0ab38
@@ -4,6 +4,8 @@
e0ab38
 
e0ab38
 from binascii import hexlify
e0ab38
 import collections
e0ab38
+import logging
e0ab38
+from pprint import pprint
e0ab38
 import sys
e0ab38
 import time
e0ab38
 
e0ab38
@@ -11,6 +13,7 @@ import ipalib
e0ab38
 from ipapython.dn import DN
e0ab38
 from ipapython import ipaldap
e0ab38
 from ipapython import ipautil
e0ab38
+from ipapython import ipa_log_manager
e0ab38
 from ipaplatform.paths import paths
e0ab38
 
e0ab38
 from abshsm import attrs_name2id, attrs_id2name, bool_attr_names, populate_pkcs11_metadata, AbstractHSM
e0ab38
@@ -135,8 +138,12 @@ class Key(collections.MutableMapping):
e0ab38
     def __len__(self):
e0ab38
         return len(self.entry)
e0ab38
 
e0ab38
-    def __str__(self):
e0ab38
-        return str(self.entry)
e0ab38
+    def __repr__(self):
e0ab38
+        sanitized = dict(self.entry)
e0ab38
+        for attr in ['ipaPrivateKey', 'ipaPublicKey', 'ipk11publickeyinfo']:
e0ab38
+            if attr in sanitized:
e0ab38
+                del sanitized[attr]
e0ab38
+        return repr(sanitized)
e0ab38
 
e0ab38
     def _cleanup_key(self):
e0ab38
         """remove default values from LDAP entry"""
e0ab38
@@ -347,3 +354,46 @@ class LdapKeyDB(AbstractHSM):
e0ab38
                 '(&(objectClass=ipk11PrivateKey)(objectClass=ipaPrivateKeyObject)(objectClass=ipk11PublicKey)(objectClass=ipaPublicKeyObject))'))
e0ab38
 
e0ab38
         return self.cache_zone_keypairs
e0ab38
+
e0ab38
+if __name__ == '__main__':
e0ab38
+    # this is debugging mode
e0ab38
+    # print information we think are useful to stdout
e0ab38
+    # other garbage goes via logger to stderr
e0ab38
+    ipa_log_manager.standard_logging_setup(debug=True)
e0ab38
+    log = ipa_log_manager.root_logger
e0ab38
+
e0ab38
+    # IPA framework initialization
e0ab38
+    ipalib.api.bootstrap(in_server=True, log=None)  # no logging to file
e0ab38
+    ipalib.api.finalize()
e0ab38
+
e0ab38
+    # LDAP initialization
e0ab38
+    dns_dn = DN(ipalib.api.env.container_dns, ipalib.api.env.basedn)
e0ab38
+    ldap = ipaldap.LDAPClient(ipalib.api.env.ldap_uri)
e0ab38
+    log.debug('Connecting to LDAP')
e0ab38
+    # GSSAPI will be used, used has to be kinited already
e0ab38
+    ldap.gssapi_bind()
e0ab38
+    log.debug('Connected')
e0ab38
+
e0ab38
+    ldapkeydb = LdapKeyDB(log, ldap, DN(('cn', 'keys'), ('cn', 'sec'),
e0ab38
+                          ipalib.api.env.container_dns,
e0ab38
+                          ipalib.api.env.basedn))
e0ab38
+
e0ab38
+    print('replica public keys: CKA_WRAP = TRUE')
e0ab38
+    print('====================================')
e0ab38
+    for pubkey_id, pubkey in ldapkeydb.replica_pubkeys_wrap.items():
e0ab38
+        print(hexlify(pubkey_id))
e0ab38
+        pprint(pubkey)
e0ab38
+
e0ab38
+    print('')
e0ab38
+    print('master keys')
e0ab38
+    print('===========')
e0ab38
+    for mkey_id, mkey in ldapkeydb.master_keys.items():
e0ab38
+        print(hexlify(mkey_id))
e0ab38
+        pprint(mkey)
e0ab38
+
e0ab38
+    print('')
e0ab38
+    print('zone key pairs')
e0ab38
+    print('==============')
e0ab38
+    for key_id, key in ldapkeydb.zone_keypairs.items():
e0ab38
+        print(hexlify(key_id))
e0ab38
+        pprint(key)
e0ab38
-- 
e0ab38
2.4.3
e0ab38