/usr/lib/ipa/ipa-pki-retrieve-key

This file is indexed.

/usr/lib/ipa/ipa-pki-retrieve-key is in freeipa-server 4.7.0~pre1+git20180411-2ubuntu2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

#!/usr/bin/python

from __future__ import print_function

import os
import sys
import traceback

from ipalib import constants
from ipalib.config import Env
from ipaplatform.paths import paths
from ipaserver.secrets.client import CustodiaClient


def main():
    env = Env()
    env._finalize()

    keyname = "ca_wrapped/" + sys.argv[1]
    servername = sys.argv[2]

    service = constants.PKI_GSSAPI_SERVICE_NAME
    client_keyfile = os.path.join(paths.PKI_TOMCAT, service + '.keys')
    client_keytab = os.path.join(paths.PKI_TOMCAT, service + '.keytab')

    # pylint: disable=no-member
    client = CustodiaClient(
        client_service='%s@%s' % (service, env.host), server=servername,
        realm=env.realm, ldap_uri="ldaps://" + env.host,
        keyfile=client_keyfile, keytab=client_keytab,
        )

    # Print the response JSON to stdout; it is already in the format
    # that Dogtag's ExternalProcessKeyRetriever expects
    print(client.fetch_key(keyname, store=False))


try:
    main()
except BaseException:
    traceback.print_exc()
    sys.exit(1)

freeipa-server 4.7.0~pre1+git20180411-2ubuntu2 / usr / lib / ipa / ipa-pki-retrieve-key