1PKI-PYTHON-CLIENT(1)       Dogtag Certificate System      PKI-PYTHON-CLIENT(1)
2
3
4

NAME

6       pki-python-client - Dogtag Python Client API
7
8       Dogtag  is  an enterprise software system designed to manage enterprise
9       Public Key Infrastructure (PKI) deployments.  These pages document  the
10       Python  client  API that can be used to interact with Dogtag's REST API
11       to request and issue certificates, store secrets in the KRA etc.
12

PKI PACKAGE

14   pki Package
15       This module contains top-level classes and functions used by the Dogtag
16       project.
17
18       class pki.Attribute(name, value)
19              Bases: object
20
21              Class representing a key/value pair.
22
23              This object is the basis of the representation of a ResourceMes‐
24              sage.
25
26       class pki.AttributeList
27              Bases: object
28
29              Class representing a list of attributes.
30
31              This class is needed because of a JavaMapper used  in  the  REST
32              API.
33
34       exception  pki.BadRequestException(message,  exception=None, code=None,
35       class_name=None)
36              Bases: pki.PKIException
37
38              Bad Request Exception: return code = 400
39
40       exception pki.CertNotFoundException(message, exception=None, code=None,
41       class_name=None)
42              Bases: pki.ResourceNotFoundException
43
44              Cert Not Found Exception: return code = 404
45
46       exception   pki.ConflictingOperationException(message,  exception=None,
47       code=None, class_name=None)
48              Bases: pki.PKIException
49
50              Conflicting Operation Exception: return code = 409
51
52       exception  pki.ForbiddenException(message,  exception=None,  code=None,
53       class_name=None)
54              Bases: pki.PKIException
55
56              Forbidden Exception: return code = 403
57
58       exception      pki.GroupNotFoundException(message,      exception=None,
59       code=None, class_name=None)
60              Bases: pki.ResourceNotFoundException
61
62              Group Not Found Exception: return code = 404
63
64       exception  pki.HTTPGoneException(message,  exception=None,   code=None,
65       class_name=None)
66              Bases: pki.PKIException
67
68              Gone Exception: return code = 410
69
70       exception  pki.KeyNotFoundException(message, exception=None, code=None,
71       class_name=None)
72              Bases: pki.ResourceNotFoundException
73
74              Key Not Found Exception: return code 404
75
76       class pki.Link
77              Bases: object
78
79              Stores the information of the  resteasy's Link  object  sent  by
80              the server for a resource.
81
82              classmethod from_json(attr_list)
83                     Generate Link from JSON
84
85                     Parameters
86                            attr_list (str) -- JSON representation of Link
87
88                     Returns
89                            pki.Link
90
91       exception    pki.PKIException(message,    exception=None,    code=None,
92       class_name=None)
93              Bases: exceptions.Exception, pki.ResourceMessage
94
95              Base exception class for REST Interface
96
97              classmethod from_json(json_value)
98                     Construct PKIException  from  JSON.   :param  json_value:
99                     JSON  representation of the exception.  :type json_value:
100                     str :return: pki.PKIException
101
102       exception     pki.ProfileNotFoundException(message,     exception=None,
103       code=None, class_name=None)
104              Bases: pki.ResourceNotFoundException
105
106              Profile Not Found Exception: return code = 404
107
108       class pki.PropertyFile(filename, delimiter='=')
109              Bases: object
110
111              Class  to  manage  property  files  The contents of the property
112              file are maintained internally as a list of properties.
113
114              Properties are strings of the format <name> <delimiter>  <value>
115              where '=' is the default delimiter.
116
117              get(name)
118                     Get the value of the specified property.
119
120                     Parameters
121                            name (str) -- name of property to be fetched.
122
123                     Returns
124                            str -- value of property
125
126              index(name)
127                     Find  the  index  (position)  of a property in a property
128                     file.
129
130                     Parameters
131                            name (str) -- name of property
132
133                     Returns
134                            int -- index of property.
135
136              insert_line(index, line)
137                     Insert property into the list of properties maintained by
138                     this object at the specified location (index).
139
140                     Parameters
141
142                            · index (int) -- point at which to insert value.
143
144                            · line (str) -- value to be inserted.
145
146                     Returns
147                            None
148
149              read() Read from property file into the list of properties main‐
150                     tained by this object.
151
152                     Returns
153                            None
154
155              remove(name)
156                     Remove property from list  of  properties  maintained  by
157                     this object.
158
159                     Parameters
160                            name (str) -- name of property to be removed.
161
162                     Returns
163                            None
164
165              remove_line(index)
166                     Remove  property  at  specified index from the properties
167                     list.
168
169                     Parameters
170                            index (int) -- location of property to be removed.
171
172                     Returns
173                            None
174
175              set(name, value, index=None)
176                     Set value of specified property.
177
178                     Parameters
179
180                            · name (str) -- name of property to set.
181
182                            · value (str) -- value to set
183
184                            · index (int) -- (optional) position of property
185
186                     Returns
187                            None
188
189              show() Print the contents of the list of  properties  maintained
190                     by this object to STDOUT.
191
192                     Returns
193                            None
194
195              write()
196                     Write the list of properties maintained by this object to
197                     the property file.
198
199                     Returns
200                            None
201
202       exception     pki.RequestNotFoundException(message,     exception=None,
203       code=None, class_name=None)
204              Bases: pki.ResourceNotFoundException
205
206              Request Not Found Exception: return code = 404
207
208       class pki.ResourceMessage(class_name)
209              Bases: object
210
211              This  class  is the basis for the various types of key requests.
212              It is essentially a list of attributes.
213
214              add_attribute(name, value)
215                     Add an attribute to the list.
216
217                     Parameters
218
219                            · name (str) -- name of attribute to add
220
221                            · value (str) -- value to add
222
223                     Returns
224                            None
225
226              get_attribute_value(name)
227                     Get the value of a given attribute.
228
229                     Parameters
230                            name (str) -- name of attribute to retrieve
231
232                     Returns
233                            str -- value of parameter
234
235       exception    pki.ResourceNotFoundException(message,     exception=None,
236       code=None, class_name=None)
237              Bases: pki.PKIException
238
239              Not Found Exception: return code = 404
240
241       exception pki.UnauthorizedException(message, exception=None, code=None,
242       class_name=None)
243              Bases: pki.PKIException
244
245              Unauthorized Exception: return code = 401
246
247       exception pki.UserNotFoundException(message, exception=None, code=None,
248       class_name=None)
249              Bases: pki.ResourceNotFoundException
250
251              User Not Found Exception: return code = 404
252
253       pki.convert_x509_name_to_dn(name)
254              Convert X.509 Name into NSS-style DN string.
255
256              See                            also:                           -
257              https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Name
258              -
259              https://cryptography.io/en/latest/x509/reference/#cryptography.x509.NameAttribute
260              -
261              https://cryptography.io/en/latest/x509/reference/#cryptography.x509.ObjectIdentifier
262
263              Parameters
264                     name (cryptography.x509.Name) -- X.509 Name
265
266              Returns
267                     str -- DN string.
268
269       pki.generate_password()
270              This function generates FIPS-compliant password.
271
272              See     sftk_newPinCheck()     in     the     following    file:
273              https://dxr.mozilla.org/nss/source/nss/lib/softoken/fipstokn.c
274
275              The minimum password length is FIPS_MIN_PIN Unicode characters.
276
277              The password must contain at least 3 character classes:
278
279                     · digits (string.digits)
280
281                     · ASCII lowercase letters (string.ascii_lowercase)
282
283                     · ASCII uppercase letters (string.ascii_uppercase)
284
285                     · ASCII non-alphanumeric characters (PUNCTUATIONS)
286
287                     · non-ASCII characters
288
289              If an ASCII uppercase letter is the first character of the pass‐
290              word,  the  uppercase letter is not counted toward its character
291              class.
292
293              If a digit is the last character of the password, the  digit  is
294              not counted toward its character class.
295
296              The   FIPS_MIN_PIN   is   defined   in   the   following   file:
297              https://dxr.mozilla.org/nss/source/nss/lib/softoken/pkcs11i.h
298
299              #define FIPS_MIN_PIN 7
300
301       pki.handle_exceptions()
302              Decorator handling exceptions from REST methods.
303
304       pki.implementation_version()
305              Return implementation version.
306
307              Returns
308                     str --implementation version
309
310       pki.read_text(message,   options=None,   default=None,   delimiter=':',
311       allow_empty=True, case_sensitive=True)
312              Get  an  input  from  the  user.  This  is used, for example, in
313              pkispawn and pkidestroy to obtain user input.
314
315              Parameters
316
317                     · message (str) -- prompt to display to the user
318
319                     · options (list) -- list of possible inputs by the user.
320
321                     · default (str)  --  default  value  of  parameter  being
322                       prompted.
323
324                     · delimiter  (str)  -- delimiter to be used at the end of
325                       the prompt.
326
327                     · allow_empty (boolean -- True/False) -- Allow  input  to
328                       be empty.
329
330                     · case_sensitive  (boolean  -- True/False) -- Allow input
331                       to be case sensitive.
332
333              Returns
334                     str -- value obtained from user input.
335
336   account Module
337       class pki.account.AccountClient(connection)
338              Class used to associate an authentication session variable  with
339              a connection.
340
341              To use this class:
342
343                     · set the authentication credentials with the connection,
344
345                     · create an AccountClient and then call login().
346
347                     · further  operations  in  this session will use the same
348                       authentication credentials without re-authentication.
349
350                     · call logout() to invalidate the session.
351
352              login(inst, *args, **kwargs)
353                     Login to account REST interface.  If login is successful,
354                     an authentication session variable is associated with the
355                     connection.
356
357                     Returns
358                            None
359
360              logout(inst, *args, **kwargs)
361                     Logs out of the session.   Authentication  session  vari‐
362                     ables are invalidated for the connection
363
364                     Returns
365                            None
366
367   cert Module
368       class pki.cert.CertClient(connection)
369              Bases: object
370
371              Class  encapsulating  and  mirroring  the  functionality  in the
372              CertResource Java interface class defining the REST API for Cer‐
373              tificate resources.
374
375              approve_request(request_id, cert_review_response=None)
376                     Approves    a   certificate   enrollment   request.    If
377                     cert_review_response is None, a review request  operation
378                     is  performed  to  fetch  the  CertReviewResponse object.
379                     Requires as agent level authentication.
380
381              assign_request(request_id, cert_review_response)
382                     Assigns   a   certificate   enrollment    request.     If
383                     cert_review_response  is None, a review request operation
384                     is performed  to  fetch  the  CertReviewResponse  object.
385                     Requires as agent level authentication.
386
387              cancel_request(request_id, cert_review_response=None)
388                     Cancels    a    certificate   enrollment   request.    If
389                     cert_review_response is None, a review request  operation
390                     is  performed  to  fetch  the  CertReviewResponse object.
391                     Requires as agent level authentication.
392
393              create_enrollment_request(inst, *args, **kwargs)
394                     Fetches the enrollment request object for the given  pro‐
395                     file  and  sets values to its attributes using the values
396                     provided in the inputs dictionary.  Returns  the  CertEn‐
397                     rollmentRequest  object, which can be submitted to enroll
398                     a certificate.
399
400              enroll_cert(inst, *args, **kwargs)
401                     A convenience method for enrolling a  certificate  for  a
402                     given  profile id.  The inputs parameter should be a dic‐
403                     tionary with values for the  profile  attributes  for  an
404                     enrollment request.
405
406                     Calling  this  method  with  valid  arguments, creates an
407                     enrollment request, submits it to  the  server,  approves
408                     the certificate requests generated for the enrollment and
409                     returns a list of CertData objects for all  the  certifi‐
410                     cates generated as part of this enrollment.
411
412                     Note:  This  method  supports only certificate enrollment
413                     where only one agent approval is sufficient.
414
415                     Requires an agent level authentication.  Returns  a  list
416                     of CertEnrollmentResult objects.
417
418              get_cert(inst, *args, **kwargs)
419                     Return a CertData object for a particular certificate.
420
421              get_enrollment_template(inst, *args, **kwargs)
422                     Fetch  the  enrollment template for the given profile id.
423                     For the first time, the request is sent  to  the  server.
424                     The retrieved CertEnrollmentRequest object is then cached
425                     locally for future requests.  Returns a  CerEnrollmentRe‐
426                     quest object.
427
428              get_request(inst, *args, **kwargs)
429                     Get  information  of a certificate request with the given
430                     request ID.  Returns a CertRequestInfo object.
431
432              hold_cert(inst, *args, **kwargs)
433                     Places a  certificate  on-hold.   Calls  the  revoke_cert
434                     method  with  reason  - CertRevokeRequest.REASON_CERTIFI‐
435                     CATE_HOLD.   Returns  a  CertRequestInfo  object.    This
436                     method  requires  an  agent's  authentication cert in the
437                     connection object.
438
439              list_certs(inst, *args, **kwargs)
440                     Return a CertDataInfoCollection object with a information
441                     about all the certificates that satisfy the search crite‐
442                     ria.  If cert_search_request=None, returns all  the  cer‐
443                     tificates.
444
445              list_enrollment_templates(inst, *args, **kwargs)
446                     Gets  the  list of profile templates supported by the CA.
447                     The values for start and  size  arguments  determine  the
448                     starting  point  and  the  length of the list.  Returns a
449                     ProfileDataInfoCollection object.
450
451              list_requests(inst, *args, **kwargs)
452                     Query for a list  of  certificates  using  the  arguments
453                     passed.  Returns a CertRequestInfoCollection object.
454
455              reject_request(request_id, cert_review_response=None)
456                     Rejects    a    certificate   enrollment   request.    If
457                     cert_review_response is None, a review request  operation
458                     is  performed  to  fetch  the  CertReviewResponse object.
459                     Requires as agent level authentication.
460
461              review_cert(inst, *args, **kwargs)
462                     Reviews a certificate. Returns a CertData object  with  a
463                     nonce.   This  method  requires an agent's authentication
464                     cert in the connection object.
465
466              review_request(inst, *args, **kwargs)
467                     Reviews a  certificate  enrollment  request.   Returns  a
468                     CertReviewResponse  object  which contains the nonce from
469                     the server needed to perform an action on the request.
470
471              revoke_ca_cert(inst, *args, **kwargs)
472                     Revokes a  CA  certificate.   Returns  a  CertRequestInfo
473                     object  with  information about the request.  This method
474                     requires an agent's authentication cert in the connection
475                     object.
476
477              revoke_cert(inst, *args, **kwargs)
478                     Revokes  a certificate.  Returns a CertRequestInfo object
479                     with information about the request.  This method requires
480                     an agent's authentication cert in the connection object.
481
482              submit_enrollment_request(inst, *args, **kwargs)
483                     Submits  the  CertEnrollmentRequest object to the server.
484                     Returns a CertRequestInfoCollection object with  informa‐
485                     tion about the certificate requests enrolled at the CA.
486
487              unassign_request(request_id, cert_review_response)
488                     Un-assigns   a   certificate   enrollment   request.   If
489                     cert_review_response is None, a review request  operation
490                     is  performed  to  fetch  the  CertReviewResponse object.
491                     Requires as agent level authentication.
492
493              unrevoke_cert(inst, *args, **kwargs)
494                     Un-revokes a  revoked  certificate.   Returns  a  CertRe‐
495                     questInfo   object.   This  method  requires  an  agent's
496                     authentication cert in the connection object.
497
498              update_request(request_id, cert_review_response)
499                     Updates   a   certificate   enrollment    request.     If
500                     cert_review_response  is None, a review request operation
501                     is performed  to  fetch  the  CertReviewResponse  object.
502                     Requires as agent level authentication.
503
504              validate_request(request_id, cert_review_response)
505                     Validates   a   certificate   enrollment   request.    If
506                     cert_review_response is None, a review request  operation
507                     is  performed  to  fetch  the  CertReviewResponse object.
508                     Requires as agent level authentication.
509
510       class pki.cert.CertData
511              Bases: object
512
513              Class containing certificate data as returned from getCert()
514
515              classmethod from_json(attr_list)
516                     Return CertData object from JSON dict
517
518              json_attribute_names =  {'Nonce':  'nonce',  'SubjectDN':  'sub‐
519              ject_dn',  'NotBefore':  'not_before',  'IssuerDN': 'issuer_dn',
520              'NotAfter': 'not_after', 'id': 'serial_number', 'Status':  'sta‐
521              tus',   'PKCS7CertChain':   'pkcs7_cert_chain',   'PrettyPrint':
522              'pretty_repr', 'Link': 'link', 'Encoded': 'encoded'}
523
524       class pki.cert.CertDataInfo
525              Bases: object
526
527              Class containing information contained in a  CertRecord  on  the
528              CA.   This  data  is returned when searching/listing certificate
529              records.
530
531              classmethod from_json(attr_list)
532                     Return CertDataInfo object from JSON dict
533
534              json_attribute_names =  {'IssuedOn':  'issued_on',  'SubjectDN':
535              'subject_dn',  'NotValidBefore':  'not_valid_before', 'Version':
536              'version',  'Type':  'type',  'id':  'serial_number',  'Status':
537              'status',    'NotValidAfter':   'not_valid_after',   'IssuedBy':
538              'issued_by', 'KeyLength': 'key_length', 'Link': 'link',  'KeyAl‐
539              gorithmOID': 'key_algorithm_oid'}
540
541       class pki.cert.CertDataInfoCollection
542              Bases: object
543
544              Class  containing list of CertDataInfo objects and their respec‐
545              tive link objects.  This data is returned when searching/listing
546              certificate records in the CA.
547
548              classmethod from_json(json_value)
549                     Populate object from JSON input
550
551       class   pki.cert.CertEnrollmentRequest(profile_id=None,  renewal=False,
552       serial_number=None, remote_host=None, remote_address=None, inputs=None,
553       outputs=None)
554              Bases: object
555
556              This  class  encapsulates the parameters required for a certifi‐
557              cate
558                     enrollment request.
559
560              add_input(profile_input)
561
562              add_output(profile_output)
563
564              classmethod from_json(attr_list)
565
566              get_input(profile_input_name)
567
568              get_output(profile_output_name)
569
570              json_attribute_names   =   {'RemoteAddress':   'remote_address',
571              'RemoteHost':  'remote_host',  'SerialNumber':  'serial_number',
572              'Output': 'outputs', 'Input':  'inputs',  'Renewal':  'renewal',
573              'ProfileID': 'profile_id'}
574
575              remove_input(profile_input_name)
576
577              remove_output(profile_output_name)
578
579       class pki.cert.CertEnrollmentResult(request, cert)
580              Bases: object
581
582              Class containing results of an enrollment request.
583
584              This  structure contains information about the cert request gen‐
585              erated and any certificates issued.
586
587       class pki.cert.CertRequestInfo
588              Bases: object
589
590              An object of this class stores represents a certificate request.
591
592              classmethod from_json(attr_list)
593
594              json_attribute_names = {'certRequestType':  'cert_request_type',
595              'certId':   'cert_id',   'operationResult':  'operation_result',
596              'requestType':  'request_type',  'requestStatus':  'request_sta‐
597              tus',     'errorMessage':     'error_message',     'requestURL':
598              'request_url', 'certURL': 'cert_url'}
599
600       class pki.cert.CertRequestInfoCollection
601              Bases: object
602
603              Class containing list of CertRequestInfo objects.  This data  is
604              returned when listing certificate request records in the CA.
605
606              classmethod from_json(json_value)
607                     Populate object from JSON input
608
609       class pki.cert.CertRequestStatus
610              Bases: object
611
612              Class containing valid cert statuses.
613
614              CANCELED = 'canceled'
615
616              COMPLETE = 'complete'
617
618              PENDING = 'pending'
619
620              REJECTED = 'rejected'
621
622       class    pki.cert.CertReviewResponse(profile_id=None,    renewal=False,
623       serial_number=None, remote_host=None, remote_address=None, inputs=None,
624       outputs=None,     nonce=None,    request_id=None,    request_type=None,
625       request_status=None,  request_owner=None,   request_creation_time=None,
626       request_modification_time=None,         request_notes=None,        pro‐
627       file_approval_by=None,  profile_set_id=None,   profile_is_visible=None,
628       profile_name=None,  profile_description=None, profile_remote_host=None,
629       profile_remote_address=None, policy_sets=None)
630              Bases: pki.cert.CertEnrollmentRequest
631
632              An object of this class represent the response from  the  server
633              when  reviewing a certificate enrollment request.  It contains a
634              nonce required to perform action on the request.
635
636              classmethod from_json(attr_list)
637
638              json_attribute_names = {'ProfilePolicySet': 'policy_sets', 'pro‐
639              fileSetId': 'profile_set_id', 'RemoteAddress': 'remote_address',
640              'requestType':  'request_type',   'RemoteHost':   'remote_host',
641              'SerialNumber':      'serial_number',     'requestCreationTime':
642              'request_creation_time',    'requestOwner':     'request_owner',
643              'Input':   'inputs',  'Output':  'outputs',  'profileIsVisible':
644              'profile_is_visible', 'requestStatus':  'request_status',  'pro‐
645              fileRemoteHost':   'profile_remote_host',   'profileApprovedBy':
646              'profile_approved_by',     'requestNotes':      'request_notes',
647              'Renewal':  'renewal',  'profileDescription':  'profile_descrip‐
648              tion',  'profileRemoteAddr':   'profile_remote_address',   'Pro‐
649              fileID':  'profile_id', 'profileName': 'profile_name', 'request‐
650              ModificationTime':   'request_modification_time',   'requestId':
651              'request_id'}
652
653       class     pki.cert.CertRevokeRequest(nonce,    reason=None,    invalid‐
654       ity_date=None, comments=None)
655              Bases: object
656
657              An object of this class encapsulates all the parameters required
658              for revoking a certificate.
659
660              Valid values for reasons for revoking a request are:
661                     'Unspecified', 'Key_Compromise', 'CA_Compromise', 'Affil‐
662                     iation_Changed', 'Superseded',  'Cessation_of_Operation',
663                     'Certificate_Hold',  'Remove_from_CRL',  'Privilege_With‐
664                     drawn', 'AA_Compromise'
665
666              reasons  =  ['Unspecified',  'Key_Compromise',  'CA_Compromise',
667              'Affiliation_Changed',  'Superseded',  'Cessation_of_Operation',
668              'Certificate_Hold',  'Remove_from_CRL',   'Privilege_Withdrawn',
669              'AA_Compromise']
670
671       class pki.cert.CertSearchRequest(**cert_search_params)
672              Bases: object
673
674              An  object  of this class is used to store the search parameters
675              and send them to server.
676
677              search_params = {'valid_not_before_from':  'validNotBeforeFrom',
678              'cert_type_ssl_client':    'certTypeSSLClient',   'common_name':
679              'commonName', 'serial_to': 'serialTo', 'validity_unit': 'validi‐
680              tyUnit',  'cert_type_sub_ssl_ca': 'certTypeSubSSLCA', 'user_id':
681              'userID',   'locality':   'locality',   'org_unit':   'orgUnit',
682              'issued_by':  'issuedBy',  'revocation_reason':  'revocationRea‐
683              son', 'state':  'state',  'validity_operation':  'validityOpera‐
684              tion',      'email':      'eMail',      'status':      'status',
685              'valid_not_after_from':  'validNotAfterFrom',   'match_exactly':
686              'matchExactly',    'valid_not_before_to':    'validNotBeforeTo',
687              'revoked_on_from': 'revokedOnFrom', 'validity_count': 'validity‐
688              Count',   'org':   'org',   'cert_type_ssl_server':   'certType‐
689              SSLServer',          'issued_on_from':           'issuedOnFrom',
690              'cert_type_sub_email_ca':  'certTypeSubEmailCA',  'serial_from':
691              'serialFrom',  'country':  'country',  'issued_on_to':   'issue‐
692              dOnTo', 'revoked_by': 'revokedBy', 'valid_not_after_to': 'valid‐
693              NotAfterTo',  'cert_type_secure_email':   'certTypeSecureEmail',
694              'revoked_on_to': 'revokedOnTo'}
695
696       pki.cert.main()
697
698   client Module
699       class  pki.client.PKIConnection(protocol='http',  hostname='localhost',
700       port='8080', subsystem='ca', accept='application/json', trust_env=None)
701              Class to encapsulate the connection between  the  client  and  a
702              Dogtag subsystem.
703
704              authenticate(username=None, password=None)
705                     Set  the  parameters  used  for  authentication  if user‐
706                     name/password is to be used.  Both username and  password
707                     must  not  be  None.  Note that this method only sets the
708                     parameters.  Actual authentication occurs when  the  con‐
709                     nection is attempted,
710
711                     Parameters
712
713                            · username -- username to authenticate connection
714
715                            · password -- password to authenticate connection
716
717                     Returns
718                            None
719
720              delete(*args, **kwargs)
721                     Uses  python-requests  to  issue  a  DEL  request  to the
722                     server.
723
724                     Parameters
725
726                            · path (str) -- path URI for the DEL request
727
728                            · headers (dict) -- headers for the DEL request
729
730                            · use_root_uri (boolean) -- use root  URI  instead
731                              of subsystem URI as base
732
733                     Returns
734                            request.response -- response from the server
735
736                     Raises Exception from python-requests in case the DEL was
737                            not successful, or returns an error code.
738
739              get(*args, **kwargs)
740                     Uses python-requests  to  issue  a  GET  request  to  the
741                     server.
742
743                     Parameters
744
745                            · path (str) -- path URI for the GET request
746
747                            · headers (dict) -- headers for the GET request
748
749                            · params  (dict  or bytes) -- Query parameters for
750                              the GET request
751
752                            · payload (dict, bytes, file-like object) --  data
753                              to be sent in the body of the request
754
755                            · use_root_uri  (boolean)  -- use root URI instead
756                              of subsystem URI as base
757
758                     Returns
759                            request.response -- response from the server
760
761                     Raises Exception from python-requests in case the GET was
762                            not successful, or returns an error code.
763
764              post(*args, **kwargs)
765                     Uses  python-requests  to  issue  a  POST  request to the
766                     server.
767
768                     Parameters
769
770                            · path (str) -- path URI for the POST request
771
772                            · payload (dict, bytes, file-like object) --  data
773                              to be sent in the body of the request
774
775                            · headers (dict) -- headers for the POST request
776
777                            · params  (dict  or bytes) -- Query parameters for
778                              the POST request
779
780                            · use_root_uri (boolean) -- use root  URI  instead
781                              of subsystem URI as base
782
783                     Returns
784                            request.response -- response from the server
785
786                     Raises Exception  from  python-requests  in case the POST
787                            was not successful, or returns an error code.
788
789              put(*args, **kwargs)
790                     Uses python-requests  to  issue  a  PUT  request  to  the
791                     server.
792
793                     Parameters
794
795                            · path (str) -- path URI for the PUT request
796
797                            · payload  (dict, bytes, file-like object) -- data
798                              to be sent in the body of the request
799
800                            · headers (dict) -- headers for the PUT request
801
802                            · use_root_uri (boolean) -- use root  URI  instead
803                              of subsystem URI as base
804
805                     Returns
806                            request.response -- response from the server
807
808                     Raises Exception from python-requests in case the PUT was
809                            not successful, or returns an error code.
810
811              set_authentication_cert(pem_cert_path, pem_key_path=None)
812                     Set the path to the PEM file containing  the  certificate
813                     and private key for the client certificate to be used for
814                     authentication to the  server,  when  client  certificate
815                     authentication  is  required. The private key may option‐
816                     ally be stored in a different path.
817
818                     Parameters
819
820                            · pem_cert_path (str) -- path to the PEM file
821
822                            · pem_key_path (str) -- path to the  PEM-formatted
823                              private key file
824
825                     Returns
826                            None
827
828                     Raises Exception if path is empty or None.
829
830       pki.client.catch_insecure_warning(func)
831              Temporary silence InsecureRequestWarning
832
833              PKIConnection  is not able to verify HTTPS connections yet. This
834              decorator catches the warning.
835
836              See    https://fedorahosted.org/pki/ticket/1253
837
838       pki.client.main()
839              Test code for the PKIConnection class.  :return: None
840
841   crypto Module
842       Module containing crypto classes.
843
844       class pki.crypto.CryptoProvider
845              Bases: object
846
847              Abstract class containing methods  to  do  cryptographic  opera‐
848              tions.
849
850              asymmetric_wrap(data, wrapping_cert, mechanism=None)
851                     encrypt  a  symmetric key with the public key of a trans‐
852                     port cert.
853
854                     The  mechanism  is  the  type  of  symmetric  key,  which
855                     defaults to a 56 bit DES3 key.
856
857              generate_nonce_iv(mechanism)
858                     Create a random initialization vector
859
860              generate_session_key()
861                     Generate  a  session  key to be used for wrapping data to
862                     the DRM This must return a 3DES 168 bit key
863
864              generate_symmetric_key(mechanism=None, size=0)
865                     Generate and return a symmetric key
866
867              get_cert(cert_nick)
868                     Get the certificate for the specified cert_nick.
869
870              get_supported_algorithm_keyset()
871                     returns highest supported algorithm keyset
872
873              initialize()
874                     Initialization code
875
876              key_unwrap(mechanism, data, wrapping_key, nonce_iv)
877                     Unwrap data that has been key wrapped using AES KeyWrap
878
879              set_algorithm_keyset(level)
880                     sets required keyset
881
882              symmetric_unwrap(data,       wrapping_key,       mechanism=None,
883              nonce_iv=None)
884                     decrypt  data  originally  encrypted  with  symmetric key
885                     (wrapping key)
886
887                     We expect the data  and  nonce_iv  values  to  be  base64
888                     encoded.  The mechanism is the type of key used to do the
889                     wrapping.  It defaults to a 56 bit DES3 key.
890
891              symmetric_wrap(data,        wrapping_key,        mechanism=None,
892              nonce_iv=None)
893                     encrypt data using a symmetric key (wrapping key)
894
895       class pki.crypto.CryptographyCryptoProvider(transport_cert_nick, trans‐
896       port_cert,    backend=<cryptography.hazmat.backends.multibackend.Multi‐
897       Backend object at 0xf5c539ac>)
898              Bases: pki.crypto.CryptoProvider
899
900              Class that defines python-cryptography implementation of Crypto‐
901              Provider.  Requires a PEM file containing the agent cert  to  be
902              initialized.
903
904              Note that all inputs and outputs are unencoded.
905
906              asymmetric_wrap(data, wrapping_cert, mechanism=None)
907                     :param  data              Data to be wrapped :param wrap‐
908                     ping_cert    Public key to  wrap  data  :param  mechanism
909                     algorithm of symmetric key to be wrapped
910
911                     Wrap (encrypt) data using the supplied asymmetric key
912
913              generate_nonce_iv(mechanism='AES')
914                     Create a random initialization vector
915
916              generate_session_key()
917                     Returns  a  session  key to be used when wrapping secrets
918                     for the DRM.
919
920              generate_symmetric_key(mechanism=None, size=0)
921                     Returns a symmetric key.
922
923              get_cert(cert_nick)
924                     :param cert_nick  Nickname  for  the  certificate  to  be
925                     returned.
926
927              get_supported_algorithm_keyset()
928                     returns highest supported algorithm keyset
929
930              initialize()
931                     Any  operations  here  that  need  to be performed before
932                     crypto operations.
933
934              key_unwrap(mechanism, data, wrapping_key, nonce_iv)
935                     :param mechanism         key  wrapping  mechanism  :param
936                     data:             data  to  unwrap  :param  wrapping_key:
937                     AES key used to wrap data :param  nonce_iv          Nonce
938                     data :return:                unwrapped data
939
940                     Unwrap  the encrypted data which has been wrapped using a
941                     KeyWrap mechanism.
942
943              set_algorithm_keyset(level)
944                     sets required keyset
945
946              symmetric_unwrap(data,       wrapping_key,       mechanism=None,
947              nonce_iv=None)
948                     :param  data            Data to be unwrapped :param wrap‐
949                     ping_key    Symmetric key to unwrap data :param mechanism
950                     Mechanism   to   use   when  unwrapping  :param  nonce_iv
951                     iv data
952
953                     Unwrap (decrypt) data using the supplied symmetric key
954
955              symmetric_wrap(data,        wrapping_key,        mechanism=None,
956              nonce_iv=None)
957                     :param  data             Data  to be wrapped :param wrap‐
958                     ping_key    Symmetric key to wrap data  :param  mechanism
959                     Mechanism   to  use  for  wrapping  key  :param  nonce_iv
960                     Nonce for initialization vector
961
962                     Wrap (encrypt) data using the supplied symmetric key
963
964       class  pki.crypto.NSSCryptoProvider(certdb_dir,   certdb_password=None,
965       password_file=None)
966              Bases: pki.crypto.CryptoProvider
967
968              Class   that   defines  NSS  implementation  of  CryptoProvider.
969              Requires an NSS database to have been set up and initialized.
970
971              Note that all inputs and outputs are unencoded.
972
973              asymmetric_wrap(data, wrapping_cert, mechanism=310)
974                     :param data             Data to be wrapped  :param  wrap‐
975                     ping_cert     Public  key  to  wrap data :param mechanism
976                     algorithm of symmetric key to be wrapped
977
978                     Wrap (encrypt) data using the supplied asymmetric key
979
980              generate_nonce_iv(mechanism=310)
981                     Create a random initialization vector
982
983              generate_session_key()
984                     Returns a session key to be used  when  wrapping  secrets
985                     for the DRM This will return a 168 bit 3DES key.
986
987              generate_symmetric_key(mechanism=310, size=0)
988                     Returns a symmetric key.
989
990                     Note that for fixed length keys, this length should be 0.
991                     If no length is provided, then the function  will  either
992                     use  0  (for  fixed length keys) or the maximum available
993                     length for that algorithm and the token.
994
995              get_cert(cert_nick)
996                     :param cert_nick       Nickname for the certificate to be
997                     returned
998
999                     Searches NSS database and returns SecItem object for this
1000                     certificate.
1001
1002              get_supported_algorithm_keyset()
1003                     returns highest supported algorithm keyset
1004
1005              import_cert(cert_nick, cert, trust=', ')
1006                     Import a certificate into the nss database
1007
1008              initialize()
1009                     Initialize the nss db. Must be  done  before  any  crypto
1010                     operations
1011
1012              key_unwrap(mechanism, data, wrapping_key, nonce_iv)
1013                     :param  mechanism         Key  wrapping  mechanism :param
1014                     data:             Data  to  be  unwrapped  :param   wrap‐
1015                     ping_key:     Wrapping  Key :param nonce_iv         Nonce
1016                     data :return:                Unwrapped data
1017
1018                     Return unwrapped data for data that has been  keywrapped.
1019                     For  NSS,  we  only  support 3DES - so something that has
1020                     been keywrapped can be decrypted.  This is precisely what
1021                     we used to do before.
1022
1023              set_algorithm_keyset(level)
1024                     sets required keyset
1025
1026              classmethod setup_contexts(mechanism, sym_key, nonce_iv)
1027                     Set  up  contexts  to do wrapping/unwrapping by symmetric
1028                     keys.
1029
1030              static setup_database(db_dir,  password=None,  over_write=False,
1031              password_file=None)
1032                     Create an NSS database
1033
1034              symmetric_unwrap(data,        wrapping_key,       mechanism=310,
1035              nonce_iv=None)
1036                     :param data            Data to be unwrapped :param  wrap‐
1037                     ping_key    Symmetric key to unwrap data :param mechanism
1038                     Mechanism to use when wrapping :param nonce_iv         iv
1039                     data
1040
1041                     Unwrap (decrypt) data using the supplied symmetric key
1042
1043              symmetric_wrap(data, wrapping_key, mechanism=310, nonce_iv=None)
1044                     :param  data             Data  to be wrapped :param wrap‐
1045                     ping_key    Symmetric key to wrap data  :param  mechanism
1046                     Mechanism   to   user   when   wrapping  :param  nonce_iv
1047                     Nonce to use when wrapping
1048
1049                     Wrap (encrypt) data using the supplied symmetric key
1050
1051   encoder Module
1052       pki.encoder.CustomTypeDecoder(dct)
1053
1054       class pki.encoder.CustomTypeEncoder(skipkeys=False,  ensure_ascii=True,
1055       check_circular=True, allow_nan=True, sort_keys=False, indent=None, sep‐
1056       arators=None, encoding='utf-8', default=None)
1057              Bases: json.encoder.JSONEncoder
1058
1059              A custom JSONEncoder class that knows how to encode core  custom
1060              objects.
1061
1062              Custom  objects  are encoded as JSON object literals (ie, dicts)
1063              with one key, 'TypeName' where 'TypeName' is the actual name  of
1064              the  type  to which the object belongs.  That single key maps to
1065              another object literal which is just the __dict__ of the  object
1066              encoded.
1067
1068              Reason  for ignoring the error: E0202 - An attribute affected in
1069              json.encoder line 157 hide this method reported by pylint:
1070
1071              The error is in  json.encoder.JSONEncoder  class.   There  is  a
1072              default  method  (which  is  overridden  here)  and also a class
1073              attribute self.default initialized in the  init  method  of  the
1074              class.   The intention of such usage being that a custom default
1075              method object can be passed to init when creating an instance of
1076              JSONEncoder,  which  is then assigned to class's default method.
1077              (which is valid) But pylint raises an issue due to the usage  of
1078              same  name  for  a  method  and  an  attribute in which case the
1079              attribute definition hides the method.  The reason  and  example
1080              for the issue: (top rated comment)
1081                 http://stackoverflow.com/questions/12949064/python-what-happens-
1082                 when-instance-variable-name-is-same-as-method-name
1083
1084              static attr_name_conversion(attr_dict, object_class)
1085
1086              default(o)
1087
1088       pki.encoder.decode_cert(data)
1089              base64 decode X.509 certificate
1090
1091              Parameters
1092                     data (str, bytes) -- data as bytes or ASCII text
1093
1094              Return type
1095                     bytes
1096
1097       pki.encoder.encode_cert(data)
1098              base64 encode X.509 certificate
1099
1100              Python 3's base64.b64encode() doesn't support ASCII text.
1101
1102              Parameters
1103                     data (str, bytes) -- data as bytes or ASCII text
1104
1105              Return type
1106                     bytes
1107
1108   key Module
1109       Module containing the Python  client  classes  for  the  KeyClient  and
1110       KeyRequestClient REST API on a DRM
1111
1112       class              pki.key.AsymKeyGenerationRequest(client_key_id=None,
1113       key_size=None, key_algorithm=None, key_usages=None,  trans_wrapped_ses‐
1114       sion_key=None, realm=None)
1115              Bases: pki.ResourceMessage
1116
1117              Class  representing the data sent to the DRM when generating and
1118              archiving asymmetric keys in the DRM.
1119
1120              DECRYPT_USAGE = 'decrypt'
1121
1122              DERIVE_USAGE = 'derive'
1123
1124              ENCRYPT_USAGE = 'encrypt'
1125
1126              SIGN_RECOVER_USAGE = 'sign_recover'
1127
1128              SIGN_USAGE = 'sign'
1129
1130              UNWRAP_USAGE = 'unwrap'
1131
1132              VERIFY_RECOVER_USAGE = 'verify_recover'
1133
1134              VERIFY_USAGE = 'verify'
1135
1136              WRAP_USAGE = 'wrap'
1137
1138       class pki.key.Key(key_data)
1139              Bases: object
1140
1141              An instance of this class stores the  decoded  encrypted  secret
1142              present  in  the  KeyData object passed in the constructor.  All
1143              the key retrieval requests return this object.
1144
1145       class  pki.key.KeyArchivalRequest(client_key_id=None,   data_type=None,
1146       wrapped_private_data=None,    trans_wrapped_session_key=None,   pki_ar‐
1147       chive_options=None, algorithm_oid=None,  symkey_params=None,  key_algo‐
1148       rithm=None, key_size=None, realm=None)
1149              Bases: pki.ResourceMessage
1150
1151              Class  representing  the object sent to the DRM when archiving a
1152              secret.
1153
1154       class pki.key.KeyClient(connection,  crypto,  transport_cert_nick=None,
1155       info_client=None)
1156              Bases: object
1157
1158              Class  that encapsulates and mirrors the functions in the KeyRe‐
1159              source and KeyRequestResource Java classes in the DRM REST API.
1160
1161              AES_ALGORITHM = 'AES'
1162
1163              ASYMMETRIC_KEY_TYPE = 'asymmetricKey'
1164
1165              DES3_ALGORITHM = 'DES3'
1166
1167              DESEDE_ALGORITHM = 'DESede'
1168
1169              DES_ALGORITHM = 'DES'
1170
1171              DSA_ALGORITHM = 'DSA'
1172
1173              KEY_STATUS_ACTIVE = 'active'
1174
1175              KEY_STATUS_INACTIVE = 'inactive'
1176
1177              PASS_PHRASE_TYPE = 'passPhrase'
1178
1179              RC2_ALGORITHM = 'RC2'
1180
1181              RC4_ALGORITHM = 'RC4'
1182
1183              RSA_ALGORITHM = 'RSA'
1184
1185              SYMMETRIC_KEY_TYPE = 'symmetricKey'
1186
1187              approve_request(inst, *args, **kwargs)
1188                     Approve a secret recovery request
1189
1190              archive_encrypted_data(inst, *args, **kwargs)
1191                     Archive a secret (symmetric key  or  passphrase)  on  the
1192                     DRM.
1193
1194                     Refer  to  archive_key()  comments  for  a description of
1195                     client_key_id, data_type, key_algorithm and key_size.
1196
1197                     The following parameters are also required:
1198
1199                            · encrypted_data - which is the data encrypted  by
1200                              a session key (168 bit 3DES symmetric key)
1201
1202                            · wrapped_session_key  -  the  above  session  key
1203                              wrapped by the DRM transport certificate  public
1204                              key.
1205
1206                            · the  algorithm_oid  string for the symmetric key
1207                              wrap
1208
1209                            · the nonce_iv for the symmetric key wrap
1210
1211                     This function is useful if the caller wants to  do  their
1212                     own  wrapping  of the secret, or if the secret was gener‐
1213                     ated on a separate client machine and  the  wrapping  was
1214                     done there.
1215
1216                     The function returns a KeyRequestResponse object contain‐
1217                     ing  a  KeyRequestInfo  object  with  details  about  the
1218                     archival request and key archived.
1219
1220              archive_key(inst, *args, **kwargs)
1221                     Archive  a  secret  (symmetric  key or passphrase) on the
1222                     DRM.
1223
1224                     Requires a user-supplied client ID.  There  can  be  only
1225                     one  active  key with a specified client ID.  If a record
1226                     for a duplicate active key exists, a  BadRequestException
1227                     is thrown.
1228
1229                     data_type can be one of the following:
1230                            KeyClient.SYMMETRIC_KEY_TYPE,   KeyClient.ASYMMET‐
1231                            RIC_KEY_TYPE, KeyClient.PASS_PHRASE_TYPE
1232
1233                     key_algorithm and key_size are  applicable  to  symmetric
1234                     keys  only.   If a symmetric key is being archived, these
1235                     parameters are required.
1236
1237                     private_data is the raw secret to be archived.   It  will
1238                     be wrapped and sent to the DRM.
1239
1240                     The function returns a KeyRequestResponse object contain‐
1241                     ing  a  KeyRequestInfo  object  with  details  about  the
1242                     archival request and key archived.
1243
1244              archive_pki_options(inst, *args, **kwargs)
1245                     Archive  a  secret  (symmetric  key or passphrase) on the
1246                     DRM.
1247
1248                     Refer to archive_key()  comments  for  a  description  of
1249                     client_key_id, data_type, key_algorithm and key_size.
1250
1251                     pki_archive_options is the data to be archived wrapped in
1252                     a PKIArchiveOptions structure,
1253
1254                     The function returns a KeyRequestResponse object contain‐
1255                     ing  a  KeyRequestInfo  object  with  details  about  the
1256                     archival request and key archived.
1257
1258              cancel_request(inst, *args, **kwargs)
1259                     Cancel a secret recovery request
1260
1261              generate_asymmetric_key(inst, *args, **kwargs)
1262                     Generate and archive asymmetric keys in  the  DRM.   Sup‐
1263                     ports  algorithms  RSA and DSA.  Valid key size for RSA =
1264                     256 + (16 * n), where n: 0-496 Valid key size for  DSA  =
1265                     512, 768, 1024. p,q,g params are not supported.
1266
1267                     Return  a  KeyRequestResponse  which  contains  a  KeyRe‐
1268                     questInfo object that describes the URL for  the  request
1269                     and generated keys.
1270
1271              generate_symmetric_key(inst, *args, **kwargs)
1272                     Generate and archive a symmetric key on the DRM.
1273
1274                     Return  a  KeyRequestResponse  which  contains  a  KeyRe‐
1275                     questInfo object that describes the URL for  the  request
1276                     and generated key.
1277
1278              get_active_key_info(inst, *args, **kwargs)
1279                     Get  the  info  in the KeyRecord for the active secret in
1280                     the DRM.
1281
1282              get_client_keyset()
1283
1284              get_key_info(inst, *args, **kwargs)
1285                     Get the info in the KeyRecord for a  specific  secret  in
1286                     the DRM.
1287
1288              get_request_info(inst, *args, **kwargs)
1289                     Return a KeyRequestInfo object for a specific request.
1290
1291              get_server_keyset()
1292
1293              list_keys(inst, *args, **kwargs)
1294                     List/Search archived secrets in the DRM.
1295
1296                     See  KRAClient.list_keys  for the valid values of status.
1297                     Returns a KeyInfoCollection object.
1298
1299              list_requests(inst, *args, **kwargs)
1300                     List/Search key requests in the DRM.
1301
1302                     See  KRAClient.list_requests  for  the  valid  values  of
1303                     request_state  and request_type.  Returns a KeyRequestIn‐
1304                     foCollection object.
1305
1306              modify_key_status(inst, *args, **kwargs)
1307                     Modify the status of a key
1308
1309              process_returned_key(inst, *args, **kwargs)
1310                     Decrypt the returned key and place in key.data
1311
1312                     The data will either by  encrypted  using  an  encryption
1313                     algorithm  -  in which case, the key data will contain an
1314                     encryption algorithm OID, or it will be key wrapped -  in
1315                     which  case,  the key data will contain a key wrap mecha‐
1316                     nism name.
1317
1318                     Only one of these should be present.  If we  are  talking
1319                     to  an  older server, and none is present, we will assume
1320                     encryption.
1321
1322              recover_key(inst, *args, **kwargs)
1323                     Create a request to recover a secret.
1324
1325                     To retrieve a  symmetric  key  or  passphrase,  the  only
1326                     parameter  that is required is the keyId.  It is possible
1327                     (but not required) to pass in the session keys/passphrase
1328                     and  nonceData  for  the  retrieval  at this time.  Those
1329                     parameters  are   documented   in   the   docstring   for
1330                     retrieve_key below.
1331
1332                     To  retrieve  an  asymmetric  key,  the keyId and the the
1333                     base-64 encoded certificate is required.
1334
1335              reject_request(inst, *args, **kwargs)
1336                     Reject a secret recovery request.
1337
1338              retrieve_key(inst, *args, **kwargs)
1339                     Retrieve a secret (passphrase or symmetric key) from  the
1340                     DRM.
1341
1342                     This  method  will  retrieve a key from the KRA given the
1343                     key_id or request_id (one of which  must  be  specified).
1344                     The data is returned as a KeyData object (which is recast
1345                     to a Key object).
1346
1347                     If request_id is specified, then the value of  key_id  is
1348                     ignored.   Exceptions will be thrown if the caller is not
1349                     the originator of the request,  or  the  request  is  not
1350                     approved.
1351
1352                     If  key_id  is  specified instead, the following behavior
1353                     applies:
1354
1355                     · If the key can be retrieved synchronously  -  ie.  only
1356                       one agent's approval is required, then the KeyData will
1357                       include the secret.
1358
1359                     · If the key cannot be retrieved synchronously -  ie.  if
1360                       more  than  one  approval  is  needed, then the KeyData
1361                       object will include  the  request  ID  for  a  recovery
1362                       request  that  was  created  on  the server.  When that
1363                       request is approved, callers can retrieve the key using
1364                       retrieve_key() and setting the request_id.
1365
1366                     To  ensure  data  security  in  transit, the data will be
1367                     returned encrypted by a session key (168 bit 3DES symmet‐
1368                     ric key) - which is first wrapped (encrypted) by the pub‐
1369                     lic key of the DRM  transport  certificate  before  being
1370                     sent to the DRM.  The parameter trans_wrapped_session_key
1371                     refers to this wrapped session key.
1372
1373                     If the trans_wrapped_session_key is not provided by call‐
1374                     er, the method will call CryptoProvider methods to gener‐
1375                     ate and wrap the session key.  The function  will  return
1376                     the  KeyData  object  with a private_data attribute which
1377                     stores the unwrapped key information.
1378
1379                     If the trans_wrapped_session_key is provided by the call‐
1380                     er,  the method will simply pass the data to the KRA, and
1381                     will return the secret wrapped in the session  key.   The
1382                     secret  will  still  need  to be unwrapped by the caller.
1383                     The function will return the KeyData  object,  where  the
1384                     KeyData  structure  includes  the wrapped secret and some
1385                     nonce data to be used as a salt when unwrapping.
1386
1387              retrieve_key_by_passphrase(inst, *args, **kwargs)
1388                     Retrieve a secret (passphrase or symmetric key) from  the
1389                     DRM using a passphrase.
1390
1391                     This  function generates a key recovery request, approves
1392                     it, and retrieves the secret referred to by key_id.  This
1393                     assumes  that  only one approval is required to authorize
1394                     the recovery.
1395
1396                     The secret is secured in transit by wrapping  the  secret
1397                     with a passphrase using PBE encryption.
1398
1399                     There are two ways of using this function:
1400
1401                     1. A passphrase is provided by the caller.
1402
1403                        In this case, CryptoProvider methods will be called to
1404                        create the data to securely send the passphrase to the
1405                        DRM.  Basically, three pieces of data will be sent:
1406
1407                        · the  passphrase  wrapped by a 168 bit 3DES symmetric
1408                          key (the session key).  This is referred to  as  the
1409                          parameter session_wrapped_passphrase.
1410
1411                        · the  session  key wrapped with the public key in the
1412                          DRM transport certificate.  This is referred  to  as
1413                          the trans_wrapped_session_key.
1414
1415                        · ivps nonce data, referred to as nonce_data
1416
1417                        The   function   will   return   the  tuple  (KeyData,
1418                        unwrapped_secret)
1419
1420                     2. The  caller  provides  the  trans_wrapped_session_key,
1421                        session_wrapped_passphrase and nonce_data.
1422
1423                        In  this  case,  the data will simply be passed to the
1424                        DRM.  The function will return the secret encrypted by
1425                        the  passphrase using PBE Encryption.  The secret will
1426                        still need to be decrypted by the caller.
1427
1428                        The function will return the tuple (KeyData, None)
1429
1430              retrieve_key_by_pkcs12(inst, *args, **kwargs)
1431                     Retrieve an asymmetric  private  key  and  return  it  as
1432                     PKCS12 data.
1433
1434                     This  function generates a key recovery request, approves
1435                     it, and retrieves the secret referred to by key_id  in  a
1436                     PKCS12  file.   This  assumes  that  only one approval is
1437                     required to authorize the recovery.
1438
1439                     This function requires the following parameters: - key_id
1440                     :  the ID of the key - certificate: the certificate asso‐
1441                     ciated with the private key -  passphrase:  A  passphrase
1442                     for the pkcs12 file.
1443
1444                     The function returns a KeyData object.
1445
1446              retrieve_key_data(inst, *args, **kwargs)
1447                     Retrieve a secret from the DRM.
1448
1449                     @param:  data - a KeyRecoveryRequest containing the keyId
1450                     of the secret being  retrieved,  the  request_id  of  the
1451                     approved recovery request and a wrapping mechanism.  More
1452                     details at KRAClient.retrieve_key.
1453
1454                     Returns a KeyData object containing the wrapped secret.
1455
1456              set_crypto_algorithms(inst, *args, **kwargs)
1457
1458              set_transport_cert(transport_cert_nick)
1459                     Set the transport certificate for crypto operations
1460
1461              submit_request(inst, *args, **kwargs)
1462                     Submit an archival, recovery or key generation request to
1463                     the DRM.
1464
1465                     @param  request  - is either a KeyArchivalRequest, KeyRe‐
1466                     coverRequest, SymKeyGenerationRequest  or  AsymKeyGenera‐
1467                     tionRequest.
1468
1469                     returns a KeyRequestResponse object.
1470
1471       class pki.key.KeyData
1472              Bases: object
1473
1474              This is the object that contains the encoded wrapped secret when
1475              that secret is retrieved. It is used by the DRM to send informa‐
1476              tion of the key in the key retrieval requests.
1477
1478              classmethod from_json(attr_list)
1479                     Return a KeyData object from a JSON dict
1480
1481              json_attribute_names   =   {'wrappedPrivateData':  'wrapped_pri‐
1482              vate_data',   'encryptAlgorithmOID':    'encrypt_algorithm_oid',
1483              'publicKey':     'public_key',     'nonceData':    'nonce_data',
1484              'requestID': 'request_id', 'wrapAlgorithm': 'wrap_algorithm'}
1485
1486       class pki.key.KeyInfo
1487              Bases: object
1488
1489              This is the object that contains information stored in the data‐
1490              base  record  for  an  archived secret.  It does not contain the
1491              secret itself.
1492
1493              classmethod from_json(attr_list)
1494                     Return KeyInfo from JSON dict
1495
1496              get_key_id()
1497                     Return the key ID as parsed from key URL
1498
1499              json_attribute_names  =  {'publicKey':   'public_key',   'clien‐
1500              tKeyID':  'client_key_id',  'ownerName': 'owner_name', 'keyURL':
1501              'key_url'}
1502
1503       class pki.key.KeyInfoCollection
1504              Bases: object
1505
1506              This class represents  data  returned  when  searching  the  DRM
1507              archived secrets.  Essentially, its a list of KeyInfo objects.
1508
1509              classmethod from_json(json_value)
1510                     Return a KeyInfoCollection object from its JSON represen‐
1511                     tation
1512
1513       class     pki.key.KeyRecoveryRequest(key_id=None,      request_id=None,
1514       trans_wrapped_session_key=None,        session_wrapped_passphrase=None,
1515       nonce_data=None,   certificate=None,   passphrase=None,   payload_wrap‐
1516       ping_name=None, payload_encryption_oid=None)
1517              Bases: pki.ResourceMessage
1518
1519              Class representing the data sent to the DRM when either creating
1520              a request for the recovery of a secret, or, once the request  is
1521              approved, retrieving the secret.
1522
1523       class pki.key.KeyRequestInfo
1524              Bases: object
1525
1526              This  class represents data about key requests (archival, recov‐
1527              ery, key generation etc.) in the DRM.
1528
1529              classmethod from_json(attr_list)
1530                     Return a KeyRequestInfo object from a JSON dict.
1531
1532              get_key_id()
1533                     Return the ID of the secret referred to by this request.
1534
1535              get_request_id()
1536                     Return the request ID by parsing the request URL.
1537
1538              json_attribute_names = {'requestType': 'request_type', 'request‐
1539              Status':    'request_status',    'requestURL':    'request_url',
1540              'keyURL': 'key_url'}
1541
1542       class pki.key.KeyRequestInfoCollection
1543              Bases: object
1544
1545              This class represents the data returned when searching  the  key
1546              requests  in the DRM.  Essentially, its a list of KeyRequestInfo
1547              objects.
1548
1549              classmethod from_json(json_value)
1550                     Return a KeyRequestInfoCollection object  from  its  JSON
1551                     representation.
1552
1553       class pki.key.KeyRequestResponse
1554              Bases: object
1555
1556              This class is returned when an archival, recovery or key genera‐
1557              tion request is created.  It includes  a  KeyRequestInfo  object
1558              with information about the created request, and a KeyData struc‐
1559              ture which contains the wrapped secret  (if  that  operation  is
1560              supported).
1561
1562              classmethod from_json(json_value)
1563                     Return  a  KeyRequestResponse object from its JSON repre‐
1564                     sentation.
1565
1566              get_key_id()
1567                     Return the id for the key archived, recovered  or  gener‐
1568                     ated
1569
1570              get_request_id()
1571                     Return the id for the created request
1572
1573       class pki.key.RequestId(req_id)
1574              Bases: object
1575
1576              Class representing a Request ID
1577
1578       class               pki.key.SymKeyGenerationRequest(client_key_id=None,
1579       key_size=None, key_algorithm=None, key_usages=None,  trans_wrapped_ses‐
1580       sion_key=None, realm=None)
1581              Bases: pki.ResourceMessage
1582
1583              Class  representing the data sent to the DRM when generating and
1584              archiving a symmetric key in the DRM.
1585
1586              DECRYPT_USAGE = 'decrypt'
1587
1588              ENCRYPT_USAGE = 'encrypt'
1589
1590              SIGN_USAGE = 'sign'
1591
1592              UNWRAP_USAGE = 'unwrap'
1593
1594              VERIFY_USAGE = 'verify'
1595
1596              WRAP_USAGE = 'wrap'
1597
1598       pki.key.main()
1599              Some unit tests - basically printing different types of requests
1600
1601   kra Module
1602       Module containing KRAClient class.  This class should be used by Python
1603       clients  to  interact  with  the DRM to expose the functionality of the
1604       KeyClient and KeyRequestResource REST APIs.
1605
1606       class pki.kra.KRAClient(connection, crypto, transport_cert_nick=None)
1607              Bases: object
1608
1609              Client class that models interactions with a KRA using  the  Key
1610              and KeyRequest REST APIs.
1611
1612   profile Module
1613       class   pki.profile.Descriptor(syntax=None,  constraint=None,  descrip‐
1614       tion=None, default_value=None)
1615              Bases: object
1616
1617              This class represents the description of a ProfileAttribute.  It
1618              stores  information  such  as the syntax, constraint and default
1619              value of a profile attribute.
1620
1621              classmethod from_json(attr_list)
1622
1623              json_attribute_names = {'DefaultValue':  'default_value',  'Con‐
1624              straint':  'constraint', 'Description': 'description', 'Syntax':
1625              'syntax'}
1626
1627       class     pki.profile.PolicyConstraint(name=None,     description=None,
1628       class_id=None, policy_constraint_values=None)
1629              Bases: object
1630
1631              An  object of this class contains the policy constraints applied
1632              to a ProfileInput used by a certificate enrollment request.
1633
1634              add_constraint_value(policy_constraint_value)
1635                     Add a PolicyConstraintValue to the policy_constraint_val‐
1636                     ues list.
1637
1638              classmethod from_json(attr_list)
1639
1640              get_constraint_value(policy_constraint_value_name)
1641                     Returns  a  PolicyConstraintValue  object  with the given
1642                     name.  None, if there is no match.
1643
1644              json_attribute_names =  {'classId':  'class_id',  'id':  'name',
1645              'constraint': 'policy_constraint_values'}
1646
1647              remove_constraint_value(policy_constraint_value_name)
1648                     Removes  a PolicyConstraintValue with the given name form
1649                     the policy_constraint_values list.
1650
1651       class pki.profile.PolicyConstraintValue(name=None, value=None, descrip‐
1652       tor=None)
1653              Bases: object
1654
1655              Represents a PolicyConstraintValue
1656
1657              classmethod from_json(attr_list)
1658
1659              name
1660
1661       class   pki.profile.PolicyDefault(name=None,   class_id=None,  descrip‐
1662       tion=None, policy_attributes=None, policy_params=None)
1663              Bases: object
1664
1665              An object of this class  contains  information  of  the  default
1666              usage of a specific ProfileInput.
1667
1668              add_attribute(policy_attribute)
1669                     Add  a  policy  attribute  to the attribute list.  @param
1670                     policy_attribute - A ProfileAttribute object
1671
1672              add_parameter(policy_parameter)
1673                     Add a profile parameter to the parameters  list.   @param
1674                     policy_parameter - A ProfileParameter object.
1675
1676              classmethod from_json(attr_list)
1677
1678              get_attribute(policy_attribute_name)
1679                     Fetch  the  policy attribute with the given name from the
1680                     attributes list.
1681
1682              get_parameter(profile_parameter_name)
1683                     Fetch a profile parameter with the given  name  from  the
1684                     parameters list.
1685
1686              json_attribute_names  =  {'classId': 'class_id', 'params': 'pol‐
1687              icy_params',    'id':    'name',    'policyAttribute':     'pol‐
1688              icy_attributes'}
1689
1690              remove_attribute(policy_attribute_name)
1691                     Remove  a  policy  attribute with the given name from the
1692                     attributes list.
1693
1694              remove_parameter(profile_parameter_name)
1695                     Remove a profile parameter with the given name  from  the
1696                     parameters list.
1697
1698       class pki.profile.PolicySet(name=None, policy_list=None)
1699              Bases: object
1700
1701              An object of this class contains a name value pair of the policy
1702              name and the ProfilePolicy object.
1703
1704              add_policy(profile_policy)
1705                     Add a ProfilePolicy object to the policy_list
1706
1707              classmethod from_json(attr_list)
1708
1709              get_policy(policy_id)
1710                     Returns a ProfilePolicy object with the given profile id.
1711
1712              json_attribute_names = {'id': 'name', 'value': 'policy_list'}
1713
1714              remove_policy(policy_id)
1715                     Removes a ProfilePolicy with the given ID from the  Poli‐
1716                     cySet.
1717
1718       class pki.profile.PolicySetList(policy_sets=None)
1719              Bases: object
1720
1721              An object of this class stores a list of ProfileSet objects.
1722
1723              add_policy_set(policy_set)
1724                     Add a PolicySet object to the policy_sets list.
1725
1726              classmethod from_json(attr_list)
1727
1728              get_policy_set(policy_set_name)
1729                     Fetch  the  PolicySet object for the given name.  Returns
1730                     None, if not found.
1731
1732              policy_sets
1733
1734              remove_policy_set(policy_set_name)
1735                     Remove a PolicySet object with the given  name  from  the
1736                     policy_sets list.
1737
1738       class  pki.profile.Profile(profile_id=None,  class_id=None,  name=None,
1739       description=None, enabled=None, visible=None, enabled_by=None,  authen‐
1740       ticator_id=None, authorization_acl=None, renewal=None, xml_output=None,
1741       inputs=None, outputs=None, policy_set_list=None, link=None)
1742              Bases: object
1743
1744              This class represents an enrollment profile.
1745
1746              add_input(profile_input)
1747                     Add a ProfileInput object to the inputs list of the  Pro‐
1748                     file.
1749
1750              add_output(profile_output)
1751                     Add  a  ProfileOutput  object  to the outputs list of the
1752                     Profile.
1753
1754              add_policy_set(policy_set)
1755                     Add a PolicySet object to the  policy_sets  list  of  the
1756                     Profile.
1757
1758              classmethod from_json(attr_list)
1759
1760              get_input(profile_input_id)
1761                     Fetches  a  ProfileInput  with the given ProfileInput id.
1762                     Returns None, if there is no matching input.
1763
1764              get_output(profile_output_id)
1765                     Fetches a ProfileOutput with the given ProfileOutput  id.
1766                     Returns None, if there is no matching output.
1767
1768              get_policy_set(policy_set_name)
1769                     Fetches  a  ProfileInput  with the given ProfileInput id.
1770                     Returns None, if there is no matching input.
1771
1772              static get_profile_data_from_file(path_to_file)
1773                     Reads the file for the serialized Profile  object.   Cur‐
1774                     rently supports only data format in json.
1775
1776              json_attribute_names   =  {'classId':  'class_id',  'authentica‐
1777              torId': 'authenticator_id', 'Output':  'outputs',  'PolicySets':
1778              'policy_set_list',    'xmlOutput':   'xml_output',   'authzAcl':
1779              'authorization_acl',   'enabledBy':    'enabled_by',    'Input':
1780              'inputs', 'id': 'profile_id'}
1781
1782              remove_input(profile_input_id)
1783                     Remove  a  ProfileInput  from the inputs list of the Pro‐
1784                     file.
1785
1786              remove_output(profile_output_id)
1787                     Remove a ProfileOutput from the outputs list of the  Pro‐
1788                     file.
1789
1790              remove_policy_set(policy_set_name)
1791                     Remove  a PolicySet from the policy_sets list of the Pro‐
1792                     file.
1793
1794       class  pki.profile.ProfileAttribute(name=None,   value=None,   descrip‐
1795       tor=None)
1796              Bases: object
1797
1798              Represents a profile attribute of a ProfileInput.
1799
1800              classmethod from_json(attr_list)
1801
1802              json_attribute_names  =  {'Descriptor':  'descriptor',  'Value':
1803              'value'}
1804
1805       class pki.profile.ProfileClient(connection)
1806              Bases: object
1807
1808              This class consists of  methods  for  accessing  the  ProfileRe‐
1809              source.
1810
1811              create_profile(inst, *args, **kwargs)
1812                     Create a new profile for the given Profile object.
1813
1814              create_profile_from_file(path_to_file)
1815                     Reads  the  file for the serialized Profile object.  Per‐
1816                     forms the profile create operation.   Currently  supports
1817                     only data format in json.
1818
1819              delete_profile(inst, *args, **kwargs)
1820                     Delete a profile with the given Profile Id.
1821
1822              disable_profile(inst, *args, **kwargs)
1823                     Disables a profile.
1824
1825              enable_profile(inst, *args, **kwargs)
1826                     Enables a profile.
1827
1828              get_profile(inst, *args, **kwargs)
1829                     Fetches information for the profile for the given profile
1830                     id.  Returns a ProfileData object.
1831
1832              list_profiles(inst, *args, **kwargs)
1833                     Fetches the list of profiles.  The start and  size  argu‐
1834                     ments  provide  pagination  support.   Returns a Profile‐
1835                     DataInfoCollection object.
1836
1837              modify_profile(inst, *args, **kwargs)
1838                     Modify an existing profile with the given Profile object.
1839
1840              modify_profile_from_file(path_to_file)
1841                     Reads the file for the serialized Profile  object.   Per‐
1842                     forms  the  profile modify operation.  Currently supports
1843                     only data format in json.
1844
1845       class pki.profile.ProfileDataInfo
1846              Bases: object
1847
1848              Stores information about a profile
1849
1850              classmethod from_json(attr_list)
1851
1852              json_attribute_names = {'profileDescription':  'profile_descrip‐
1853              tion',  'profileId':  'profile_id', 'profileURL': 'profile_url',
1854              'profileName': 'profile_name'}
1855
1856       class pki.profile.ProfileDataInfoCollection
1857              Bases: object
1858
1859              Represents a collection of ProfileDataInfo objects.  Also encap‐
1860              sulates the links for the list of the objects stored.
1861
1862              classmethod from_json(attr_list)
1863
1864       class   pki.profile.ProfileInput(profile_input_id=None,  class_id=None,
1865       name=None, text=None, attributes=None, config_attributes=None)
1866              Bases: object
1867
1868              This class encapsulates all the attributes of a profile to  gen‐
1869              erate  a  specific property of a certificate.  Ex. Subject name,
1870              Requestor Information etc.
1871
1872              add_attribute(profile_attribute)
1873                     Add a ProfileAttribute object to the attributes list.
1874
1875              add_config_attribute(profile_attribute)
1876                     Add a ProfileAttribute object  to  the  config_attributes
1877                     list.
1878
1879              classmethod from_json(attr_list)
1880
1881              get_attribute(profile_attribute_name)
1882                     Returns  a  ProfileAttribute  object  for the given name.
1883                     None, if no match.
1884
1885              get_config_attribute(config_attribute_name)
1886                     Returns a ProfileAttribute object with  the  given  name.
1887                     None, if there is no match in the config_attributes list.
1888
1889              json_attribute_names  =  {'ClassID': 'class_id', 'Name': 'name',
1890              'Text':    'text',    'ConfigAttribute':    'config_attributes',
1891              'Attribute': 'attributes', 'id': 'profile_input_id'}
1892
1893              remove_attribute(profile_attribute_name)
1894                     Remove a ProfileAttribute object with the given name from
1895                     the attributes list.
1896
1897              remove_config_attribute(config_attribute_name)
1898                     Remove a ProfileAttribute object with the given name from
1899                     the config_attributes list.
1900
1901       class    pki.profile.ProfileOutput(profile_output_id=None,   name=None,
1902       text=None, class_id=None, attributes=None)
1903              Bases: object
1904
1905              This class  defines  the  output  of  a  certificate  enrollment
1906              request using a profile.
1907
1908              add_attribute(profile_attribute)
1909                     Add a ProfileAttribute object to the attributes list.
1910
1911              classmethod from_json(attr_list)
1912
1913              get_attribute(profile_attribute_name)
1914                     Returns  a  ProfileAttribute  object  for the given name.
1915                     None, if no match.
1916
1917              json_attribute_names  =  {'classId':  'class_id',  'id':   'pro‐
1918              file_output_id'}
1919
1920              remove_attribute(profile_attribute_name)
1921                     Remove a ProfileAttribute object with the given name from
1922                     the attributes list.
1923
1924       class pki.profile.ProfileParameter(name=None, value=None)
1925              Bases: object
1926
1927              classmethod from_json(attr_list)
1928
1929       class  pki.profile.ProfilePolicy(policy_id=None,   policy_default=None,
1930       policy_constraint=None)
1931              Bases: object
1932
1933              This  class  represents  the  policy  a  profile adheres to.  An
1934              object of this class stores the default values for  profile  and
1935              the  constraints  present on the values of the attributes of the
1936              profile submitted for an enrollment request.
1937
1938              classmethod from_json(attr_list)
1939
1940              json_attribute_names  =   {'id':   'policy_id',   'def':   'pol‐
1941              icy_default', 'constraint': 'policy_constraint'}
1942
1943       class pki.profile.ProfilePolicySet
1944              Bases: object
1945
1946              Stores a list of ProfilePolicy objects.
1947
1948              classmethod from_json(attr_list)
1949
1950       pki.profile.main()
1951
1952   system Module
1953       class pki.system.ConfigurationRequest
1954              Bases: object
1955
1956              Class  used to represent a configuration request to be submitted
1957              to  the  Java  installation  servlet  during  the  execution  of
1958              pkispawn.
1959
1960              This  class is the python equivalent of the Java class: com.net‐
1961              scape.certsrv.system.ConfigurationRequest
1962
1963       class pki.system.ConfigurationResponse
1964              Bases: object
1965
1966              Class used to represent the response from the Java configuration
1967              servlet during the execution of pkispawn.
1968
1969              This  class is the python equivalent of the Java class: com.net‐
1970              scape.certsrv.system.ConfigurationRequest
1971
1972       class pki.system.SecurityDomainClient(connection)
1973              Bases: object
1974
1975              Client used to get the security domain from  a  security  domain
1976              CA.  The connection details for the security domain CA are spec‐
1977              ified in a PKIConnection object used to construct this client.
1978
1979              get_old_security_domain_info()
1980                     Contact the security domain CA specified in  the  connec‐
1981                     tion  object  used  to  construct this client and get the
1982                     security domain using the  old  servlet-based  interface.
1983                     This  method  is useful when contacting old servers which
1984                     do not provide the REST API.
1985
1986                     Returns
1987                            pki.system.SecurityDomainInfo
1988
1989              get_security_domain_info()
1990                     Contact the security domain CA specified in  the  connec‐
1991                     tion  object  used  to  construct this client and get the
1992                     security domain using the REST API.
1993
1994                     Returns
1995                            pki.system.SecurityDomainInfo
1996
1997       class pki.system.SecurityDomainHost
1998              Bases: object
1999
2000              Class representing a security domain host.
2001
2002              classmethod from_json(json_value)
2003                     Constructs a SecurityDomainHost object from JSON.
2004
2005                     Parameters
2006                            json_value (str) --  JSON  string  representing  a
2007                            security domain host.
2008
2009                     Returns
2010                            SecurityDomainHost
2011
2012       class pki.system.SecurityDomainInfo
2013              Bases: object
2014
2015              Class  representing  the entire security domain.  This is essen‐
2016              tially a list of SecurityDomainSubsystem components.
2017
2018              classmethod from_json(json_value)
2019                     Create a SecurityDomainInfo object from JSON.
2020
2021                     Parameters
2022                            json_value (str) -- JSON representation of a secu‐
2023                            rity domain.
2024
2025                     Returns
2026                            SecurityDomainInfo
2027
2028       class pki.system.SecurityDomainSubsystem
2029              Bases: object
2030
2031              Class  representing a security domain subsystem.  This is essen‐
2032              tially a list of SecurityDomainHost objects of a particular sub‐
2033              system type (ca, kra, tps, tks, ocsp).
2034
2035              classmethod from_json(json_value)
2036                     Constructs  a  SecurityDomainSubsystem from a JSON repre‐
2037                     sentation.
2038
2039                     Parameters
2040                            json_value (str) --  JSON  representation  of  the
2041                            Security Domain Subsystem
2042
2043                     Returns
2044                            SecurityDomainSubsystem
2045
2046       class pki.system.SystemCertData
2047              Bases: object
2048
2049              Class used to represent the data for a system certificate, which
2050              is used in the data passed  into  and  returned  from  the  Java
2051              installation servlet during the execution of pkispawn.
2052
2053              This  class is the python equivalent of the Java class: com.net‐
2054              scape.certsrv.system.SystemCertData
2055
2056       class pki.system.SystemConfigClient(connection)
2057              Bases: object
2058
2059              Client used to interact with the Java configuration  servlet  to
2060              configure a Dogtag subsystem during the execution of pkispawn.
2061
2062              The  connection  details  for  the  system  being configured are
2063              passed in the PKIConnection object used when  constructing  this
2064              object.
2065
2066              configure(data)
2067                     Contacts  the  server  and invokes the Java configuration
2068                     REST API to configure a Dogtag subsystem.
2069
2070                     Parameters
2071                            data   (ConfigurationRequest)   --   Configuration
2072                            request containing all the input needed to config‐
2073                            ure the subsystem
2074
2075                     Returns
2076                            ConfigurationResponse -- response from  configura‐
2077                            tion servlet.
2078
2079       class pki.system.SystemStatusClient(connection)
2080              Bases: object
2081
2082              Client used to check the status of a Dogtag subsystem.
2083
2084              get_status()
2085                     Checks the status of the subsystem by calling the getSta‐
2086                     tus() servlet.  This is used to determine if  the  server
2087                     is up and ready to receive and process requests.
2088
2089                     Returns
2090                            str - getStatus response
2091
2092   systemcert Module
2093       Module containing the Python client classes for the SystemCert REST API
2094
2095       class pki.systemcert.SystemCertClient(connection)
2096              Bases: object
2097
2098              Class  encapsulating and mirroring the functionality in the Sys‐
2099              temCertResource Java interface class defining the REST  API  for
2100              system certificate resources.
2101
2102              get_transport_cert(inst, *args, **kwargs)
2103                     Return transport certificate.
2104
2105                     Returns
2106                            pki.cert.CertData -- transport certificate data
2107
2108   upgrade Module
2109       class pki.upgrade.PKIUpgradeScriptlet
2110              Bases: object
2111
2112              backup(path)
2113
2114              can_upgrade()
2115
2116              get_backup_dir()
2117
2118              init()
2119
2120              revert()
2121
2122              update_tracker()
2123
2124              upgrade()
2125
2126              upgrade_system()
2127
2128       class pki.upgrade.PKIUpgradeTracker(name, filename, delimiter='=', ver‐
2129       sion_key='PKI_VERSION', index_key='PKI_UPGRADE_INDEX')
2130              Bases: object
2131
2132              get_index()
2133
2134              get_version()
2135
2136              remove()
2137
2138              remove_index()
2139
2140              remove_version()
2141
2142              set(version)
2143
2144              set_index(index)
2145
2146              set_version(version)
2147
2148              show()
2149
2150       class     pki.upgrade.PKIUpgrader(upgrade_dir='/usr/share/pki/upgrade',
2151       version=None, index=None, silent=False)
2152              Bases: object
2153
2154              all_versions()
2155
2156              get_current_version()
2157
2158              get_target_version()
2159
2160              get_tracker()
2161
2162              is_complete()
2163
2164              remove_tracker()
2165
2166              reset_tracker()
2167
2168              revert()
2169
2170              revert_version(version)
2171
2172              scriptlets(version)
2173
2174              set_tracker(version)
2175
2176              show_tracker()
2177
2178              status()
2179
2180              upgrade()
2181
2182              upgrade_version(version)
2183
2184              version_dir(version)
2185
2186              versions()
2187
2188   util Module
2189       Module  containing  utility functions and classes for the Dogtag python
2190       code
2191
2192       class pki.util.Version(obj)
2193              Bases: object
2194
2195       pki.util.chmod(path, perms)
2196              Change permissions of a file or folder recursively.
2197
2198       pki.util.chown(path, uid, gid)
2199              Change ownership of a file or folder recursively.
2200
2201       pki.util.copy(source, dest)
2202              Copy a file or a folder and its contents.
2203
2204       pki.util.copydirs(source, dest)
2205              Copy a folder and its parents while preserving their attributes.
2206
2207       pki.util.copyfile(source, dest, overwrite=True)
2208              Copy a file or link while preserving its attributes.
2209
2210       pki.util.copytree(src, dst, symlinks=False, ignore=None)
2211              Recursively copy a directory tree using copy2().
2212
2213              PATCH: This code was copied from 'shutil.py' and patched to
2214                     allow 'The destination directory to already exist.'
2215
2216              If exception(s) occur, an Error is raised with a  list  of  rea‐
2217              sons.
2218
2219              If  the  optional  symlinks  flag is true, symbolic links in the
2220              source tree result in symbolic links in the destination tree; if
2221              it  is  false,  the contents of the files pointed to by symbolic
2222              links are copied.
2223
2224              The optional ignore argument is a  callable.  If  given,  it  is
2225              called with the src parameter, which is the directory being vis‐
2226              ited by copytree(), and names which is the list of src contents,
2227              as returned by os.listdir():
2228                 callable(src, names) -> ignored_names
2229
2230              Since  copytree()  is  called  recursively, the callable will be
2231              called once for each directory that is copied. It returns a list
2232              of  names  relative  to  the  src  directory  that should not be
2233              copied.
2234
2235              Consider this example code rather than the ultimate tool.
2236
2237       pki.util.customize_file(input_file, output_file, params)
2238              Customize a file with specified parameters.
2239
2240       pki.util.load_properties(filename, properties)
2241
2242       pki.util.read_environment_files(env_file_list=None)
2243
2244       pki.util.store_properties(filename, properties)
2245
2246       · genindex
2247
2248       · modindex
2249
2250       · search
2251

AUTHOR

2253       Dogtag PKI Project Team
2254
2256       2014, Dogtag PKI Team
2257
2258
2259
2260
2261@APPLICATION_VERSION@           March 14, 2019            PKI-PYTHON-CLIENT(1)
Impressum