Re: [Pki-users] Possible bug or at least weird behaviour while listing DRM recovery request

Thursday, 22 October 2015

I think this is because the symmetric type keys have the status exposed in the rest
interface but not for the RSA / asym type keys:

Take a look at this url , which will show the xml output of your keys:

https://localhost.localdomain:8443/kra/rest/agent/keys

Off the top of my head, I"m not sure if this was the original intent, thus it may be
a bug.

----- Original Message -----
From: "Marcin Mierzejewski" <marcinmierzejewski1024(a)gmail.com&gt;
To: "John Magne" <jmagne(a)redhat.com&gt;
Cc: pki-users(a)redhat.com
Sent: Thursday, 22 October, 2015 2:30:20 AM
Subject: Re: [Pki-users] Possible bug or at least weird behaviour while listing DRM
recovery request

that's even  weirder becouse when I type:
# pki -c pass -n "PKI Administrator for localdomain" key-find --start 0
--size 100

I get list of all keys stored in DRM but this which keys were not filed
with keyUrl and keyId(when i list them with java code from start post) are
on the list with keyId, but without status.

...
  Key ID: 0x2d
  Algorithm: 1.2.840.113549.1.1.1
  Size: 2048
  Owner: UID=cachebroker...

  Key ID: 0x2e
  Algorithm: 1.2.840.113549.1.1.1
  Size: 2048
  Owner: UID=cachebroker6...
-----------------------------
Number of entries returned 46

2015-10-21 22:29 GMT+02:00 John Magne <jmagne(a)redhat.com&gt;:

...
 Try something like this:

 pki  -d ./ -c Secret123 -n "PKI Administrator for localdomain" key-find

 This will list the keys and have the id like:

 Key ID: 0xe
   Client Key ID: UUID: 123-45-6789 RKEK Wed Sep 16 14:16:07 PDT 2015
   Status: active
   Owner: kraadmin

   Key ID: 0xf
   Client Key ID: Symmetric Key #1234f Wed Sep 16 14:16:08 PDT 2015
   Status: active
   Algorithm: AES
   Size: 128
   Owner: kraadmin

   Key ID: 0x10
   Client Key ID: UUID: 123-45-6789 VEK Wed Sep 16 14:16:08 PDT 2015
   Status: inactive
   Algorithm: AES
   Size: 128
   Owner: kraadmin

 ----- Original Message -----
 From: "Marcin Mierzejewski" <marcinmierzejewski1024(a)gmail.com&gt;
 To: pki-users(a)redhat.com
 Sent: Wednesday, October 21, 2015 2:57:40 AM
 Subject: [Pki-users] Possible bug or at least weird behaviour while
 listing     DRM recovery request

 after requests a key recovery with:

 public RequestId requestRecoveryPrivateKey(KeyId keyID,String
 base64Certificate ) throws Exception
 {
 //trim header and footer from cert
 if ( base64Certificate .contains(CertData. HEADER )) {
 base64Certificate = base64Certificate .substring(CertData. HEADER
 .length(),
 base64Certificate .indexOf(CertData. FOOTER ));
 }

 log ( "Requesting X509 key recovery." + keyID);
 KeyRequestResponse response = keyClient .recoverKey(keyID, null , null ,
 null , base64Certificate );
 RequestId requestId = response.getRequestId();
 log ( "ask kra admins to approve request " +requestId);

 KeyRequestInfo info = keyClient .getRequestInfo(requestId);
 log ( "info about request to approve" );
 printRequestInfo (info);

 return requestId;
 }

 when I try to find request by keyId
 public List<KeyRequestInfo> findRecoveryRequest(KeyId keyid)
 {
 //        String requestState,
 //        String requestType,
 //        String clientID,
 //        RequestId start,
 //        Integer pageSize,
 //        Integer maxResults,
 //        Integer maxTime)
 ArrayList<KeyRequestInfo> result = new ArrayList<KeyRequestInfo>();
 KeyRequestInfoCollection requests = keyClient .listRequests( null ,
 "recovery" , null , null , 99999 , Integer. MAX_VALUE , 99999 );
 for (KeyRequestInfo keyRequestInfo : requests.getEntries()) {
 KeyId reqKeyId = keyRequestInfo.getKeyId();
 printRequestInfo (keyRequestInfo);

 log ( "req " +keyRequestInfo.getRequestId()+ " " +reqKeyId+
"==" +keyid);
 if (keyid.equals(keyRequestInfo.getKeyId()))
 {
 result.add(keyRequestInfo);
 }
 }
 log ( "found " + result.size() + " requests" );
 return result;
 }

 keyClient .listRequests( null , "recovery" , null , null , 99999 ,
 Integer. MAX_VALUE , 99999 );
 returns collection with null KeyUrl so getKeyId returns also a null

 but when I open requests with some null in KeyUrl in agent (
 https://localhost.localdomain:8443/kra/agent/kra/processReq?op=processReq...
 )
 I got all informations I need:

 Request 113 Request Status: pending Type: recovery Created on: 21/10/2015,
 11:25:41 Updated by: kraagent Updated on: 21/10/2015, 11:25:41 Recovery
 Information Key identifier: 42 Recovery Initiating Agent: kraagent Recovery
 Approving Agents: Action Asynchronous Key Recovery: Grant

 How to get Key Identiver from keyClient?

 _______________________________________________
 Pki-users mailing list
 Pki-users(a)redhat.com
 https://www.redhat.com/mailman/listinfo/pki-users

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [Pki-users] Possible bug or at least weird behaviour while listing DRM recovery request