Re: [Pki-users] Possible bug or at least weird behaviour while listing DRM recovery request

Wednesday, 21 October 2015

Try something like this:

pki  -d ./ -c Secret123 -n "PKI Administrator for localdomain" key-find

This will list the keys and have the id like:

Key ID: 0xe
  Client Key ID: UUID: 123-45-6789 RKEK Wed Sep 16 14:16:07 PDT 2015
  Status: active
  Owner: kraadmin

  Key ID: 0xf
  Client Key ID: Symmetric Key #1234f Wed Sep 16 14:16:08 PDT 2015
  Status: active
  Algorithm: AES
  Size: 128
  Owner: kraadmin

  Key ID: 0x10
  Client Key ID: UUID: 123-45-6789 VEK Wed Sep 16 14:16:08 PDT 2015
  Status: inactive
  Algorithm: AES
  Size: 128
  Owner: kraadmin

----- Original Message -----
From: "Marcin Mierzejewski" <marcinmierzejewski1024(a)gmail.com&gt;
To: pki-users(a)redhat.com
Sent: Wednesday, October 21, 2015 2:57:40 AM
Subject: [Pki-users] Possible bug or at least weird behaviour while listing	DRM recovery
request

after requests a key recovery with: 

public RequestId requestRecoveryPrivateKey(KeyId keyID,String base64Certificate ) throws
Exception 
{ 
//trim header and footer from cert 
if ( base64Certificate .contains(CertData. HEADER )) { 
base64Certificate = base64Certificate .substring(CertData. HEADER .length(), 
base64Certificate .indexOf(CertData. FOOTER )); 
} 

log ( "Requesting X509 key recovery." + keyID); 
KeyRequestResponse response = keyClient .recoverKey(keyID, null , null , null ,
base64Certificate ); 
RequestId requestId = response.getRequestId(); 
log ( "ask kra admins to approve request " +requestId); 

KeyRequestInfo info = keyClient .getRequestInfo(requestId); 
log ( "info about request to approve" ); 
printRequestInfo (info); 

return requestId; 
} 

when I try to find request by keyId 
public List<KeyRequestInfo> findRecoveryRequest(KeyId keyid) 
{ 
//        String requestState, 
//        String requestType, 
//        String clientID, 
//        RequestId start, 
//        Integer pageSize, 
//        Integer maxResults, 
//        Integer maxTime) 
ArrayList<KeyRequestInfo> result = new ArrayList<KeyRequestInfo>(); 
KeyRequestInfoCollection requests = keyClient .listRequests( null , "recovery" ,
null , null , 99999 , Integer. MAX_VALUE , 99999 ); 
for (KeyRequestInfo keyRequestInfo : requests.getEntries()) { 
KeyId reqKeyId = keyRequestInfo.getKeyId(); 
printRequestInfo (keyRequestInfo); 

log ( "req " +keyRequestInfo.getRequestId()+ " " +reqKeyId+
"==" +keyid); 
if (keyid.equals(keyRequestInfo.getKeyId())) 
{ 
result.add(keyRequestInfo); 
} 
} 
log ( "found " + result.size() + " requests" ); 
return result; 
} 

keyClient .listRequests( null , "recovery" , null , null , 99999 , Integer.
MAX_VALUE , 99999 ); 
returns collection with null KeyUrl so getKeyId returns also a null 

but when I open requests with some null in KeyUrl in agent (
https://localhost.localdomain:8443/kra/agent/kra/processReq?op=processReq... )

I got all informations I need: 

Request 113 Request Status: pending Type: recovery Created on: 21/10/2015, 11:25:41
Updated by: kraagent Updated on: 21/10/2015, 11:25:41 Recovery Information Key identifier:
42 Recovery Initiating Agent: kraagent Recovery Approving Agents: Action Asynchronous Key
Recovery: Grant 

How to get Key Identiver from keyClient? 

_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [Pki-users] Possible bug or at least weird behaviour while listing DRM recovery request