1PKI-PYTHON-CLIENT(1)       Dogtag Certificate System      PKI-PYTHON-CLIENT(1)
2
3
4

NAME

6       pki-python-client - Dogtag Python Client API
7
8       Dogtag  is  an enterprise software system designed to manage enterprise
9       Public Key Infrastructure (PKI) deployments.  These pages document  the
10       Python  client  API that can be used to interact with Dogtag's REST API
11       to request and issue certificates, store secrets in the KRA etc.
12

PKI PACKAGE

14   pki Package
15       This module contains top-level classes and functions used by the Dogtag
16       project.
17
18       class pki.Attribute(name, value)
19              Bases: object
20
21              Class representing a key/value pair.
22
23              This object is the basis of the representation of a ResourceMes‐
24              sage.
25
26       class pki.AttributeList
27              Bases: object
28
29              Class representing a list of attributes.
30
31              This class is needed because of a JavaMapper used  in  the  REST
32              API.
33
34       exception  pki.BadRequestException(message,  exception=None, code=None,
35       class_name=None)
36              Bases: PKIException
37
38              Bad Request Exception: return code = 400
39
40       exception pki.CertNotFoundException(message, exception=None, code=None,
41       class_name=None)
42              Bases: ResourceNotFoundException
43
44              Cert Not Found Exception: return code = 404
45
46       exception   pki.ConflictingOperationException(message,  exception=None,
47       code=None, class_name=None)
48              Bases: PKIException
49
50              Conflicting Operation Exception: return code = 409
51
52       class pki.FIPS
53              Bases: object
54
55              static is_enabled()
56
57       exception  pki.ForbiddenException(message,  exception=None,  code=None,
58       class_name=None)
59              Bases: PKIException
60
61              Forbidden Exception: return code = 403
62
63       exception      pki.GroupNotFoundException(message,      exception=None,
64       code=None, class_name=None)
65              Bases: ResourceNotFoundException
66
67              Group Not Found Exception: return code = 404
68
69       exception  pki.HTTPGoneException(message,  exception=None,   code=None,
70       class_name=None)
71              Bases: PKIException
72
73              Gone Exception: return code = 410
74
75       exception  pki.KeyNotFoundException(message, exception=None, code=None,
76       class_name=None)
77              Bases: ResourceNotFoundException
78
79              Key Not Found Exception: return code 404
80
81       exception    pki.PKIException(message,    exception=None,    code=None,
82       class_name=None)
83              Bases: Exception, ResourceMessage
84
85              Base exception class for REST Interface
86
87              classmethod from_json(json_value)
88                     Construct  PKIException  from  JSON.   :param json_value:
89                     JSON representation of the exception.  :type  json_value:
90                     str :return: pki.PKIException
91
92       exception     pki.ProfileNotFoundException(message,     exception=None,
93       code=None, class_name=None)
94              Bases: ResourceNotFoundException
95
96              Profile Not Found Exception: return code = 404
97
98       class pki.PropertyFile(filename, delimiter='=')
99              Bases: object
100
101              Class to manage property files  The  contents  of  the  property
102              file are maintained internally as a list of properties.
103
104              Properties  are strings of the format <name> <delimiter> <value>
105              where '=' is the default delimiter.
106
107              get(name)
108                     Get the value of the specified property.
109
110                     Parameters
111                            name (str) -- name of property to be fetched.
112
113                     Returns
114                            str -- value of property
115
116              index(name)
117                     Find the index (position) of a  property  in  a  property
118                     file.
119
120                     Parameters
121                            name (str) -- name of property
122
123                     Returns
124                            int -- index of property.
125
126              insert_line(index, line)
127                     Insert property into the list of properties maintained by
128                     this object at the specified location (index).
129
130                     Parameters
131
132index (int) -- point at which to insert value.
133
134line (str) -- value to be inserted.
135
136                     Returns
137                            None
138
139              read() Read from property file into the list of properties main‐
140                     tained by this object.
141
142                     Returns
143                            None
144
145              remove(name)
146                     Remove  property  from  list  of properties maintained by
147                     this object.
148
149                     Parameters
150                            name (str) -- name of property to be removed.
151
152                     Returns
153                            None
154
155              remove_line(index)
156                     Remove property at specified index  from  the  properties
157                     list.
158
159                     Parameters
160                            index (int) -- location of property to be removed.
161
162                     Returns
163                            None
164
165              set(name, value, index=None)
166                     Set value of specified property.
167
168                     Parameters
169
170name (str) -- name of property to set.
171
172value (str) -- value to set
173
174index (int) -- (optional) position of property
175
176                     Returns
177                            None
178
179              show() Print  the  contents of the list of properties maintained
180                     by this object to STDOUT.
181
182                     Returns
183                            None
184
185              write()
186                     Write the list of properties maintained by this object to
187                     the property file.
188
189                     Returns
190                            None
191
192       exception     pki.RequestNotFoundException(message,     exception=None,
193       code=None, class_name=None)
194              Bases: ResourceNotFoundException
195
196              Request Not Found Exception: return code = 404
197
198       class pki.ResourceMessage(class_name)
199              Bases: object
200
201              This class is the basis for the various types of  key  requests.
202              It is essentially a list of attributes.
203
204              add_attribute(name, value)
205                     Add an attribute to the list.
206
207                     Parameters
208
209name (str) -- name of attribute to add
210
211value (str) -- value to add
212
213                     Returns
214                            None
215
216              get_attribute_value(name)
217                     Get the value of a given attribute.
218
219                     Parameters
220                            name (str) -- name of attribute to retrieve
221
222                     Returns
223                            str -- value of parameter
224
225       exception     pki.ResourceNotFoundException(message,    exception=None,
226       code=None, class_name=None)
227              Bases: PKIException
228
229              Not Found Exception: return code = 404
230
231       exception pki.UnauthorizedException(message, exception=None, code=None,
232       class_name=None)
233              Bases: PKIException
234
235              Unauthorized Exception: return code = 401
236
237       exception pki.UserNotFoundException(message, exception=None, code=None,
238       class_name=None)
239              Bases: ResourceNotFoundException
240
241              User Not Found Exception: return code = 404
242
243       pki.convert_x509_name_to_dn(name)
244              Convert X.509 Name into NSS-style DN string.
245
246              See                           also:                            -
247              https://cryptography.io/en/latest/x509/reference.html#cryptography.x509.Name
248              -
249              https://cryptography.io/en/latest/x509/reference.html#cryptography.x509.RelativeDistinguishedName
250              -
251              https://cryptography.io/en/latest/x509/reference.html#cryptography.x509.NameAttribute
252              -
253              https://cryptography.io/en/latest/x509/reference.html#cryptography.x509.ObjectIdentifier
254
255              Parameters
256                     name (cryptography.x509.Name) -- X.509 Name
257
258              Returns
259                     str -- DN string.
260
261       pki.generate_password(charset='0123456789abcdefghijklmnopqrstuvwxyz‐
262       ABCDEFGHIJKLMNOPQRSTUVWXYZ!#*+,-./:;^_|~', length=12)
263              This function generates FIPS-compliant password.
264
265              See     sftk_newPinCheck()     in     the     following    file:
266              https://dxr.mozilla.org/nss/source/nss/lib/softoken/fipstokn.c
267
268              The minimum password length is FIPS_MIN_PIN Unicode characters.
269
270              The password must contain at least 3 character classes:
271
272                     • digits (string.digits)
273
274                     • ASCII lowercase letters (string.ascii_lowercase)
275
276                     • ASCII uppercase letters (string.ascii_uppercase)
277
278                     • ASCII non-alphanumeric characters (PUNCTUATIONS)
279
280                     • non-ASCII characters
281
282              If an ASCII uppercase letter is the first character of the pass‐
283              word,  the  uppercase letter is not counted toward its character
284              class.
285
286              If a digit is the last character of the password, the  digit  is
287              not counted toward its character class.
288
289              The   FIPS_MIN_PIN   is   defined   in   the   following   file:
290              https://dxr.mozilla.org/nss/source/nss/lib/softoken/pkcs11i.h
291
292              #define FIPS_MIN_PIN 7
293
294       pki.get_info(name)
295
296       pki.handle_exceptions()
297              Decorator handling exceptions from REST methods.
298
299       pki.implementation_version()
300              Return implementation version.
301
302              Returns
303                     str -- implementation version
304
305       pki.specification_version()
306              Return specification version.
307
308              Returns
309                     str -- specification version
310
311   account Module
312       class pki.account.AccountClient(connection, subsystem=None)
313              Bases: object
314
315              Class used to associate an authentication session variable  with
316              a connection.
317
318              To use this class:
319
320                     • set the authentication credentials with the connection,
321
322                     • create an AccountClient and then call login().
323
324                     • further  operations  in  this session will use the same
325                       authentication credentials without re-authentication.
326
327                     • call logout() to invalidate the session.
328
329              login()
330                     Login to account REST interface.  If login is successful,
331                     an authentication session variable is associated with the
332                     connection.
333
334                     Returns
335                            None
336
337              logout()
338                     Logs out of the session.   Authentication  session  vari‐
339                     ables are invalidated for the connection
340
341                     Returns
342                            None
343
344   cert Module
345       class pki.cert.CertClient(connection)
346              Bases: object
347
348              Class  encapsulating  and  mirroring  the  functionality  in the
349              CertResource Java interface class defining the REST API for Cer‐
350              tificate resources.
351
352              approve_request(request_id, cert_review_response=None)
353                     Approves  a  certificate enrollment request.  If cert_re‐
354                     view_response is None, a review request operation is per‐
355                     formed  to fetch the CertReviewResponse object.  Requires
356                     as agent level authentication.
357
358              assign_request(request_id, cert_review_response)
359                     Assigns a certificate enrollment  request.   If  cert_re‐
360                     view_response is None, a review request operation is per‐
361                     formed to fetch the CertReviewResponse object.   Requires
362                     as agent level authentication.
363
364              cancel_request(request_id, cert_review_response=None)
365                     Cancels  a  certificate  enrollment request.  If cert_re‐
366                     view_response is None, a review request operation is per‐
367                     formed  to fetch the CertReviewResponse object.  Requires
368                     as agent level authentication.
369
370              create_enrollment_request(profile_id, inputs)
371                     Fetches the enrollment request object for the given  pro‐
372                     file  and  sets values to its attributes using the values
373                     provided in the inputs dictionary.  Returns  the  CertEn‐
374                     rollmentRequest  object, which can be submitted to enroll
375                     a certificate.
376
377              enroll_cert(profile_id, inputs, authority=None)
378                     A convenience method for enrolling a  certificate  for  a
379                     given  profile id.  The inputs parameter should be a dic‐
380                     tionary with values for the profile attributes for an en‐
381                     rollment request.
382
383                     Calling  this method with valid arguments, creates an en‐
384                     rollment request, submits it to the server, approves  the
385                     certificate requests generated for the enrollment and re‐
386                     turns a list of CertData objects for all the certificates
387                     generated as part of this enrollment.
388
389                     Note:  This  method  supports only certificate enrollment
390                     where only one agent approval is sufficient.
391
392                     Requires an agent level authentication.  Returns  a  list
393                     of CertEnrollmentResult objects.
394
395              get_cert(cert_serial_number)
396                     Return a CertData object for a particular certificate.
397
398              get_enrollment_template(profile_id)
399                     Fetch  the  enrollment template for the given profile id.
400                     For the first time, the request is sent  to  the  server.
401                     The retrieved CertEnrollmentRequest object is then cached
402                     locally for future requests.  Returns a  CerEnrollmentRe‐
403                     quest object.
404
405              get_request(request_id)
406                     Get  information  of a certificate request with the given
407                     request ID.  Returns a CertRequestInfo object.
408
409              hold_cert(cert_serial_number, comments=None, authority=None)
410                     Places a  certificate  on-hold.   Calls  the  revoke_cert
411                     method  with  reason  - CertRevokeRequest.REASON_CERTIFI‐
412                     CATE_HOLD.   Returns  a  CertRequestInfo  object.    This
413                     method  requires  an  agent's  authentication cert in the
414                     connection object.
415
416              list_certs(max_results=None,     max_time=None,      start=None,
417              size=None, **cert_search_params)
418                     Return a CertDataInfoCollection object with a information
419                     about all the certificates that satisfy the search crite‐
420                     ria.   If  cert_search_request=None, returns all the cer‐
421                     tificates.
422
423              list_enrollment_templates(start=None, size=None)
424                     Gets the list of profile templates supported by  the  CA.
425                     The  values  for  start  and size arguments determine the
426                     starting point and the length of  the  list.   Returns  a
427                     ProfileDataInfoCollection object.
428
429              list_requests(request_status=None,  request_type=None,  from_re‐
430              quest_id=None, size=None, max_results=None, max_time=None)
431                     Query for a list  of  certificates  using  the  arguments
432                     passed.  Returns a CertRequestInfoCollection object.
433
434              reject_request(request_id, cert_review_response=None)
435                     Rejects  a  certificate  enrollment request.  If cert_re‐
436                     view_response is None, a review request operation is per‐
437                     formed  to fetch the CertReviewResponse object.  Requires
438                     as agent level authentication.
439
440              review_cert(cert_serial_number)
441                     Reviews a certificate. Returns a CertData object  with  a
442                     nonce.   This  method  requires an agent's authentication
443                     cert in the connection object.
444
445              review_request(request_id)
446                     Reviews a  certificate  enrollment  request.   Returns  a
447                     CertReviewResponse  object  which contains the nonce from
448                     the server needed to perform an action on the request.
449
450              revoke_ca_cert(cert_serial_number, revocation_reason=None, inva‐
451              lidity_date=None, comments=None, nonce=None, authority=None)
452                     Revokes  a CA certificate.  Returns a CertRequestInfo ob‐
453                     ject with information about the request.  This method re‐
454                     quires  an  agent's authentication cert in the connection
455                     object.
456
457              revoke_cert(cert_serial_number, revocation_reason=None, invalid‐
458              ity_date=None, comments=None, nonce=None, authority=None)
459                     Revokes  a certificate.  Returns a CertRequestInfo object
460                     with information about the request.  This method requires
461                     an agent's authentication cert in the connection object.
462
463              submit_enrollment_request(enrollment_request, authority=None)
464                     Submits  the  CertEnrollmentRequest object to the server.
465                     Returns a CertRequestInfoCollection object with  informa‐
466                     tion about the certificate requests enrolled at the CA.
467
468              unassign_request(request_id, cert_review_response)
469                     Un-assigns a certificate enrollment request.  If cert_re‐
470                     view_response is None, a review request operation is per‐
471                     formed  to fetch the CertReviewResponse object.  Requires
472                     as agent level authentication.
473
474              unrevoke_cert(cert_serial_number, authority=None)
475                     Un-revokes a  revoked  certificate.   Returns  a  CertRe‐
476                     questInfo  object.   This  method requires an agent's au‐
477                     thentication cert in the connection object.
478
479              update_request(request_id, cert_review_response)
480                     Updates a certificate enrollment  request.   If  cert_re‐
481                     view_response is None, a review request operation is per‐
482                     formed to fetch the CertReviewResponse object.   Requires
483                     as agent level authentication.
484
485              validate_request(request_id, cert_review_response)
486                     Validates  a certificate enrollment request.  If cert_re‐
487                     view_response is None, a review request operation is per‐
488                     formed  to fetch the CertReviewResponse object.  Requires
489                     as agent level authentication.
490
491       class pki.cert.CertData
492              Bases: object
493
494              Class containing certificate data as returned from getCert()
495
496              classmethod from_json(attr_list)
497                     Return CertData object from JSON dict
498
499              json_attribute_names = {'Encoded': 'encoded',  'IssuerDN':  'is‐
500              suer_dn',  'Nonce':  'nonce',  'NotAfter':  'not_after', 'NotBe‐
501              fore':   'not_before',   'PKCS7CertChain':   'pkcs7_cert_chain',
502              'PrettyPrint':  'pretty_repr',  'Status': 'status', 'SubjectDN':
503              'subject_dn', 'id': 'serial_number'}
504
505       class pki.cert.CertDataInfo
506              Bases: object
507
508              Class containing information contained in a  CertRecord  on  the
509              CA.   This  data  is returned when searching/listing certificate
510              records.
511
512              classmethod from_json(attr_list)
513                     Return CertDataInfo object from JSON dict
514
515              json_attribute_names  =  {'IssuedBy':  'issued_by',  'IssuedOn':
516              'issued_on',       'KeyAlgorithmOID':       'key_algorithm_oid',
517              'KeyLength': 'key_length',  'NotValidAfter':  'not_valid_after',
518              'NotValidBefore':  'not_valid_before', 'Status': 'status', 'Sub‐
519              jectDN': 'subject_dn',  'Type':  'type',  'Version':  'version',
520              'id': 'serial_number'}
521
522       class pki.cert.CertDataInfoCollection
523              Bases: object
524
525              Class  containing list of CertDataInfo objects and their respec‐
526              tive link objects.  This data is returned when searching/listing
527              certificate records in the CA.
528
529              classmethod from_json(json_value)
530                     Populate object from JSON input
531
532       class   pki.cert.CertEnrollmentRequest(profile_id=None,  renewal=False,
533       serial_number=None, remote_host=None, remote_address=None, inputs=None,
534       outputs=None)
535              Bases: object
536
537              This  class  encapsulates the parameters required for a certifi‐
538              cate
539                     enrollment request.
540
541              add_input(profile_input)
542
543              add_output(profile_output)
544
545              classmethod from_json(attr_list)
546
547              get_input(profile_input_name)
548
549              get_output(profile_output_name)
550
551              json_attribute_names = {'Input': 'inputs', 'Output':  'outputs',
552              'ProfileID':  'profile_id',  'RemoteAddress':  'remote_address',
553              'RemoteHost': 'remote_host', 'Renewal':  'renewal',  'SerialNum‐
554              ber': 'serial_number'}
555
556              remove_input(profile_input_name)
557
558              remove_output(profile_output_name)
559
560       class pki.cert.CertEnrollmentResult(request, cert)
561              Bases: object
562
563              Class containing results of an enrollment request.
564
565              This  structure contains information about the cert request gen‐
566              erated and any certificates issued.
567
568       class pki.cert.CertRequestInfo
569              Bases: object
570
571              An object of this class stores represents a certificate request.
572
573              classmethod from_json(attr_list)
574
575              json_attribute_names = {'certId': 'cert_id',  'certRequestType':
576              'cert_request_type', 'certURL': 'cert_url', 'errorMessage': 'er‐
577              ror_message', 'operationResult':  'operation_result',  'request‐
578              Status':  'request_status',  'requestType': 'request_type', 're‐
579              questURL': 'request_url'}
580
581       class pki.cert.CertRequestInfoCollection
582              Bases: object
583
584              Class containing list of CertRequestInfo objects.  This data  is
585              returned when listing certificate request records in the CA.
586
587              classmethod from_json(json_value)
588                     Populate object from JSON input
589
590       class pki.cert.CertRequestStatus
591              Bases: object
592
593              Class containing valid cert statuses.
594
595              CANCELED = 'canceled'
596
597              COMPLETE = 'complete'
598
599              PENDING = 'pending'
600
601              REJECTED = 'rejected'
602
603       class  pki.cert.CertReviewResponse(profile_id=None,  renewal=False, se‐
604       rial_number=None, remote_host=None,  remote_address=None,  inputs=None,
605       outputs=None,   nonce=None,   request_id=None,  request_type=None,  re‐
606       quest_status=None, request_owner=None, request_creation_time=None,  re‐
607       quest_modification_time=None,      request_notes=None,      profile_ap‐
608       proval_by=None,  profile_set_id=None,   profile_is_visible=None,   pro‐
609       file_name=None,   profile_description=None,   profile_remote_host=None,
610       profile_remote_address=None, policy_sets=None)
611              Bases: CertEnrollmentRequest
612
613              An object of this class represent the response from  the  server
614              when  reviewing a certificate enrollment request.  It contains a
615              nonce required to perform action on the request.
616
617              classmethod from_json(attr_list)
618
619              json_attribute_names = {'Input': 'inputs', 'Output':  'outputs',
620              'ProfileID':  'profile_id',  'ProfilePolicySet':  'policy_sets',
621              'RemoteAddress': 'remote_address', 'RemoteHost':  'remote_host',
622              'Renewal':  'renewal',  'SerialNumber':  'serial_number',  'pro‐
623              fileApprovedBy':  'profile_approved_by',   'profileDescription':
624              'profile_description', 'profileIsVisible': 'profile_is_visible',
625              'profileName': 'profile_name', 'profileRemoteAddr': 'profile_re‐
626              mote_address', 'profileRemoteHost': 'profile_remote_host', 'pro‐
627              fileSetId':   'profile_set_id',   'requestCreationTime':    're‐
628              quest_creation_time', 'requestId': 'request_id', 'requestModifi‐
629              cationTime': 'request_modification_time',  'requestNotes':  're‐
630              quest_notes',  'requestOwner': 'request_owner', 'requestStatus':
631              'request_status', 'requestType': 'request_type'}
632
633       class    pki.cert.CertRevokeRequest(nonce,    reason=None,     invalid‐
634       ity_date=None, comments=None)
635              Bases: object
636
637              An object of this class encapsulates all the parameters required
638              for revoking a certificate.
639
640              Valid values for reasons for revoking a request are:
641                     'Unspecified', 'Key_Compromise', 'CA_Compromise', 'Affil‐
642                     iation_Changed',  'Superseded', 'Cessation_of_Operation',
643                     'Certificate_Hold',  'Remove_from_CRL',  'Privilege_With‐
644                     drawn', 'AA_Compromise'
645
646              reasons  =  ['Unspecified',  'Key_Compromise',  'CA_Compromise',
647              'Affiliation_Changed',  'Superseded',  'Cessation_of_Operation',
648              'Certificate_Hold',   'Remove_from_CRL',  'Privilege_Withdrawn',
649              'AA_Compromise']
650
651       class pki.cert.CertSearchRequest(**cert_search_params)
652              Bases: object
653
654              An object of this class is used to store the  search  parameters
655              and send them to server.
656
657              search_params    =    {'cert_type_secure_email':    'certTypeSe‐
658              cureEmail',     'cert_type_ssl_client':     'certTypeSSLClient',
659              'cert_type_ssl_server':                     'certTypeSSLServer',
660              'cert_type_sub_email_ca':                  'certTypeSubEmailCA',
661              'cert_type_sub_ssl_ca': 'certTypeSubSSLCA', 'common_name': 'com‐
662              monName', 'country': 'country', 'email':  'eMail',  'issued_by':
663              'issuedBy',  'issued_on_from':  'issuedOnFrom',  'issued_on_to':
664              'issuedOnTo', 'locality': 'locality', 'match_exactly': 'matchEx‐
665              actly',  'org':  'org',  'org_unit': 'orgUnit', 'revocation_rea‐
666              son':  'revocationReason',   'revoked_by':   'revokedBy',   're‐
667              voked_on_from': 'revokedOnFrom', 'revoked_on_to': 'revokedOnTo',
668              'serial_from': 'serialFrom', 'serial_to':  'serialTo',  'state':
669              'state', 'status': 'status', 'user_id': 'userID', 'valid_not_af‐
670              ter_from': 'validNotAfterFrom', 'valid_not_after_to':  'validNo‐
671              tAfterTo',     'valid_not_before_from':    'validNotBeforeFrom',
672              'valid_not_before_to':   'validNotBeforeTo',   'validity_count':
673              'validityCount', 'validity_operation': 'validityOperation', 'va‐
674              lidity_unit': 'validityUnit'}
675
676       pki.cert.main()
677
678   client Module
679       class  pki.client.PKIConnection(protocol='http',  hostname='localhost',
680       port='8080', subsystem=None, accept='application/json', trust_env=None,
681       verify=True, cert_paths=None)
682              Bases: object
683
684              Class to encapsulate the connection between  the  client  and  a
685              Dogtag subsystem.
686
687              authenticate(username=None, password=None)
688                     Set  the  parameters  used  for  authentication  if user‐
689                     name/password is to be used.  Both username and  password
690                     must  not  be  None.  Note that this method only sets the
691                     parameters.  Actual authentication occurs when  the  con‐
692                     nection is attempted,
693
694                     Parameters
695
696username -- username to authenticate connection
697
698password -- password to authenticate connection
699
700                     Returns
701                            None
702
703              delete(path, headers=None, use_root_uri=False)
704                     Uses  python-requests  to  issue  a  DEL  request  to the
705                     server.
706
707                     Parameters
708
709path (str) -- path URI for the DEL request
710
711headers (dict) -- headers for the DEL request
712
713use_root_uri (boolean) -- use root  URI  instead
714                              of subsystem URI as base
715
716                     Returns
717                            request.response -- response from the server
718
719                     Raises Exception from python-requests in case the DEL was
720                            not successful, or returns an error code.
721
722              get(path,     headers=None,      params=None,      payload=None,
723              use_root_uri=False, timeout=None)
724                     Uses  python-requests  to  issue  a  GET  request  to the
725                     server.
726
727                     Parameters
728
729path (str) -- path URI for the GET request
730
731headers (dict) -- headers for the GET request
732
733params (dict or bytes) -- Query  parameters  for
734                              the GET request
735
736payload  (dict, bytes, file-like object) -- data
737                              to be sent in the body of the request
738
739use_root_uri (boolean) -- use root  URI  instead
740                              of subsystem URI as base
741
742                     Returns
743                            request.response -- response from the server
744
745                     Raises Exception from python-requests in case the GET was
746                            not successful, or returns an error code.
747
748              post(path,       payload,       headers=None,       params=None,
749              use_root_uri=False)
750                     Uses  python-requests  to  issue  a  POST  request to the
751                     server.
752
753                     Parameters
754
755path (str) -- path URI for the POST request
756
757payload (dict, bytes, file-like object) --  data
758                              to be sent in the body of the request
759
760headers (dict) -- headers for the POST request
761
762params  (dict  or bytes) -- Query parameters for
763                              the POST request
764
765use_root_uri (boolean) -- use root  URI  instead
766                              of subsystem URI as base
767
768                     Returns
769                            request.response -- response from the server
770
771                     Raises Exception  from  python-requests  in case the POST
772                            was not successful, or returns an error code.
773
774              put(path, payload, headers=None, use_root_uri=False)
775                     Uses python-requests  to  issue  a  PUT  request  to  the
776                     server.
777
778                     Parameters
779
780path (str) -- path URI for the PUT request
781
782payload  (dict, bytes, file-like object) -- data
783                              to be sent in the body of the request
784
785headers (dict) -- headers for the PUT request
786
787use_root_uri (boolean) -- use root  URI  instead
788                              of subsystem URI as base
789
790                     Returns
791                            request.response -- response from the server
792
793                     Raises Exception from python-requests in case the PUT was
794                            not successful, or returns an error code.
795
796              set_authentication_cert(pem_cert_path, pem_key_path=None)
797                     Set the path to the PEM file containing  the  certificate
798                     and private key for the client certificate to be used for
799                     authentication to the server, when client certificate au‐
800                     thentication  is required. The private key may optionally
801                     be stored in a different path.
802
803                     Parameters
804
805pem_cert_path (str) -- path to the PEM file
806
807pem_key_path (str) -- path to the  PEM-formatted
808                              private key file
809
810                     Returns
811                            None
812
813                     Raises Exception if path is empty or None.
814
815       class    pki.client.SSLContextAdapter(pool_connections=10,    pool_max‐
816       size=10, max_retries=0, pool_block=False, verify=True, cert_paths=None)
817              Bases: HTTPAdapter
818
819              Custom SSLContext Adapter for requests
820
821              init_poolmanager(connections,       maxsize,        block=False,
822              **pool_kwargs)
823                     Initializes a urllib3 PoolManager.
824
825                     This  method  should not be called from user code, and is
826                     only exposed for use when subclassing the HTTPAdapter.
827
828                     Parameters
829
830connections -- The number of urllib3  connection
831                              pools to cache.
832
833maxsize  -- The maximum number of connections to
834                              save in the pool.
835
836block -- Block  when  no  free  connections  are
837                              available.
838
839pool_kwargs  --  Extra keyword arguments used to
840                              initialize the Pool Manager.
841
842       pki.client.catch_insecure_warning(func)
843              Temporary silence InsecureRequestWarning
844
845              PKIConnection is not able to verify HTTPS connections yet.  This
846              decorator catches the warning.
847
848              See    https://fedorahosted.org/pki/ticket/1253
849
850       pki.client.main()
851              Test code for the PKIConnection class.  :return: None
852
853   crypto Module
854       Module containing crypto classes.
855
856       class pki.crypto.CryptoProvider
857              Bases: object
858
859              Abstract  class  containing  methods  to do cryptographic opera‐
860              tions.
861
862              abstract asymmetric_wrap(data, wrapping_cert, mechanism=None)
863                     encrypt a symmetric key with the public key of  a  trans‐
864                     port cert.
865
866                     The  mechanism  is  the  type of symmetric key, which de‐
867                     faults to a 56 bit DES3 key.
868
869              abstract generate_nonce_iv(mechanism)
870                     Create a random initialization vector
871
872              abstract generate_session_key()
873                     Generate a session key to be used for  wrapping  data  to
874                     the DRM This must return a 3DES 168 bit key
875
876              abstract generate_symmetric_key(mechanism=None, size=0)
877                     Generate and return a symmetric key
878
879              abstract get_cert(cert_nick)
880                     Get the certificate for the specified cert_nick.
881
882              abstract get_supported_algorithm_keyset()
883                     returns highest supported algorithm keyset
884
885              abstract initialize()
886                     Initialization code
887
888              abstract key_unwrap(mechanism, data, wrapping_key, nonce_iv)
889                     Unwrap data that has been key wrapped using AES KeyWrap
890
891              abstract set_algorithm_keyset(level)
892                     sets required keyset
893
894              abstract  symmetric_unwrap(data,  wrapping_key,  mechanism=None,
895              nonce_iv=None)
896                     decrypt data  originally  encrypted  with  symmetric  key
897                     (wrapping key)
898
899                     We  expect  the data and nonce_iv values to be base64 en‐
900                     coded.  The mechanism is the type of key used to  do  the
901                     wrapping.  It defaults to a 56 bit DES3 key.
902
903              abstract   symmetric_wrap(data,   wrapping_key,  mechanism=None,
904              nonce_iv=None)
905                     encrypt data using a symmetric key (wrapping key)
906
907       class pki.crypto.CryptographyCryptoProvider(transport_cert_nick, trans‐
908       port_cert,  backend=<OpenSSLBackend(version:  OpenSSL 3.0.5 5 Jul 2022,
909       FIPS: False)>)
910              Bases: CryptoProvider
911
912              Class that defines python-cryptography implementation of Crypto‐
913              Provider.   Requires  a PEM file containing the agent cert to be
914              initialized.
915
916              Note that all inputs and outputs are unencoded.
917
918              asymmetric_wrap(data, wrapping_cert, mechanism=None)
919                     :param data             Data to be wrapped  :param  wrap‐
920                     ping_cert     Public  key  to  wrap data :param mechanism
921                     algorithm of symmetric key to be wrapped
922
923                     Wrap (encrypt) data using the supplied asymmetric key
924
925              generate_nonce_iv(mechanism='AES')
926                     Create a random initialization vector
927
928              generate_session_key()
929                     Returns a session key to be used  when  wrapping  secrets
930                     for the DRM.
931
932              generate_symmetric_key(mechanism=None, size=0)
933                     Returns a symmetric key.
934
935              get_cert(cert_nick)
936                     :param  cert_nick  Nickname for the certificate to be re‐
937                     turned.
938
939              get_supported_algorithm_keyset()
940                     returns highest supported algorithm keyset
941
942              initialize()
943                     Any operations here that  need  to  be  performed  before
944                     crypto operations.
945
946              key_unwrap(mechanism, data, wrapping_key, nonce_iv)
947                     :param  mechanism         key  wrapping  mechanism :param
948                     data:             data  to  unwrap  :param  wrapping_key:
949                     AES  key  used to wrap data :param nonce_iv         Nonce
950                     data :return:                unwrapped data
951
952                     Unwrap the encrypted data which has been wrapped using  a
953                     KeyWrap mechanism.
954
955              set_algorithm_keyset(level)
956                     sets required keyset
957
958              symmetric_unwrap(data,       wrapping_key,       mechanism=None,
959              nonce_iv=None)
960                     :param data            Data to be unwrapped :param  wrap‐
961                     ping_key    Symmetric key to unwrap data :param mechanism
962                     Mechanism  to  use  when   unwrapping   :param   nonce_iv
963                     iv data
964
965                     Unwrap (decrypt) data using the supplied symmetric key
966
967              symmetric_wrap(data,        wrapping_key,        mechanism=None,
968              nonce_iv=None)
969                     :param data            Data to be  wrapped  :param  wrap‐
970                     ping_key     Symmetric  key to wrap data :param mechanism
971                     Mechanism  to  use  for  wrapping  key  :param   nonce_iv
972                     Nonce for initialization vector
973
974                     Wrap (encrypt) data using the supplied symmetric key
975
976   encoder Module
977       pki.encoder.CustomTypeDecoder(dct)
978
979       class      pki.encoder.CustomTypeEncoder(*,     skipkeys=False,     en‐
980       sure_ascii=True, check_circular=True, allow_nan=True,  sort_keys=False,
981       indent=None, separators=None, default=None)
982              Bases: JSONEncoder
983
984              A  custom JSONEncoder class that knows how to encode core custom
985              objects.
986
987              Custom objects are encoded as JSON object literals  (ie,  dicts)
988              with  one key, 'TypeName' where 'TypeName' is the actual name of
989              the type to which the object belongs.  That single key  maps  to
990              another  object literal which is just the __dict__ of the object
991              encoded.
992
993              Reason for ignoring the error: E0202 - An attribute affected  in
994              json.encoder line 157 hide this method reported by pylint:
995
996              The  error is in json.encoder.JSONEncoder class.  There is a de‐
997              fault method (which is overridden here) and also a class  attri‐
998              bute  self.default  initialized in the init method of the class.
999              The intention of such usage being that a custom  default  method
1000              object  can  be passed to init when creating an instance of JSO‐
1001              NEncoder, which is then  assigned  to  class's  default  method.
1002              (which  is valid) But pylint raises an issue due to the usage of
1003              same name for a method and an attribute in which case the attri‐
1004              bute  definition  hides  the method.  The reason and example for
1005              the issue: (top rated comment)
1006                 http://stackoverflow.com/questions/12949064/python-what-happens-
1007                 when-instance-variable-name-is-same-as-method-name
1008
1009              static attr_name_conversion(attr_dict, object_class)
1010
1011              default(o)
1012                     Implement  this method in a subclass such that it returns
1013                     a serializable object for o, or calls the base  implemen‐
1014                     tation (to raise a TypeError).
1015
1016                     For  example,  to  support arbitrary iterators, you could
1017                     implement default like this:
1018
1019                        def default(self, o):
1020                            try:
1021                                iterable = iter(o)
1022                            except TypeError:
1023                                pass
1024                            else:
1025                                return list(iterable)
1026                            # Let the base class default method raise the TypeError
1027                            return JSONEncoder.default(self, o)
1028
1029       pki.encoder.decode_cert(data)
1030              base64 decode X.509 certificate
1031
1032              Parameters
1033                     data (str, bytes) -- data as bytes or ASCII text
1034
1035              Return type
1036                     bytes
1037
1038       pki.encoder.encode_cert(data)
1039              base64 encode X.509 certificate
1040
1041              Python 3's base64.b64encode() doesn't support ASCII text.
1042
1043              Parameters
1044                     data (str, bytes) -- data as bytes or ASCII text
1045
1046              Return type
1047                     bytes
1048
1049   key Module
1050       Module containing the Python  client  classes  for  the  KeyClient  and
1051       KeyRequestClient REST API on a DRM
1052
1053       class              pki.key.AsymKeyGenerationRequest(client_key_id=None,
1054       key_size=None, key_algorithm=None, key_usages=None,  trans_wrapped_ses‐
1055       sion_key=None, realm=None)
1056              Bases: ResourceMessage
1057
1058              Class  representing the data sent to the DRM when generating and
1059              archiving asymmetric keys in the DRM.
1060
1061              DECRYPT_USAGE = 'decrypt'
1062
1063              DERIVE_USAGE = 'derive'
1064
1065              ENCRYPT_USAGE = 'encrypt'
1066
1067              SIGN_RECOVER_USAGE = 'sign_recover'
1068
1069              SIGN_USAGE = 'sign'
1070
1071              UNWRAP_USAGE = 'unwrap'
1072
1073              VERIFY_RECOVER_USAGE = 'verify_recover'
1074
1075              VERIFY_USAGE = 'verify'
1076
1077              WRAP_USAGE = 'wrap'
1078
1079       class pki.key.Key(key_data)
1080              Bases: object
1081
1082              An instance of this class stores the  decoded  encrypted  secret
1083              present  in  the  KeyData object passed in the constructor.  All
1084              the key retrieval requests return this object.
1085
1086       class  pki.key.KeyArchivalRequest(client_key_id=None,   data_type=None,
1087       wrapped_private_data=None,    trans_wrapped_session_key=None,   pki_ar‐
1088       chive_options=None, algorithm_oid=None,  symkey_params=None,  key_algo‐
1089       rithm=None, key_size=None, realm=None)
1090              Bases: ResourceMessage
1091
1092              Class  representing  the object sent to the DRM when archiving a
1093              secret.
1094
1095       class pki.key.KeyClient(connection,  crypto,  transport_cert_nick=None,
1096       info_client=None)
1097              Bases: object
1098
1099              Class  that encapsulates and mirrors the functions in the KeyRe‐
1100              source and KeyRequestResource Java classes in the DRM REST API.
1101
1102              AES_ALGORITHM = 'AES'
1103
1104              ASYMMETRIC_KEY_TYPE = 'asymmetricKey'
1105
1106              DES3_ALGORITHM = 'DES3'
1107
1108              DESEDE_ALGORITHM = 'DESede'
1109
1110              DES_ALGORITHM = 'DES'
1111
1112              DSA_ALGORITHM = 'DSA'
1113
1114              KEY_STATUS_ACTIVE = 'active'
1115
1116              KEY_STATUS_INACTIVE = 'inactive'
1117
1118              PASS_PHRASE_TYPE = 'passPhrase'
1119
1120              RC2_ALGORITHM = 'RC2'
1121
1122              RC4_ALGORITHM = 'RC4'
1123
1124              RSA_ALGORITHM = 'RSA'
1125
1126              SYMMETRIC_KEY_TYPE = 'symmetricKey'
1127
1128              approve_request(request_id)
1129                     Approve a secret recovery request
1130
1131              archive_encrypted_data(client_key_id, data_type, encrypted_data,
1132              wrapped_session_key,  algorithm_oid=None, nonce_iv=None, key_al‐
1133              gorithm=None, key_size=None, realm=None)
1134                     Archive a secret (symmetric key  or  passphrase)  on  the
1135                     DRM.
1136
1137                     Refer  to  archive_key()  comments  for  a description of
1138                     client_key_id, data_type, key_algorithm and key_size.
1139
1140                     The following parameters are also required:
1141
1142                            • encrypted_data - which is the data encrypted  by
1143                              a session key (168 bit 3DES symmetric key)
1144
1145                            • wrapped_session_key  -  the  above  session  key
1146                              wrapped by the DRM transport certificate  public
1147                              key.
1148
1149                            • the  algorithm_oid  string for the symmetric key
1150                              wrap
1151
1152                            • the nonce_iv for the symmetric key wrap
1153
1154                     This function is useful if the caller wants to  do  their
1155                     own  wrapping  of the secret, or if the secret was gener‐
1156                     ated on a separate client machine and  the  wrapping  was
1157                     done there.
1158
1159                     The function returns a KeyRequestResponse object contain‐
1160                     ing  a  KeyRequestInfo  object  with  details  about  the
1161                     archival request and key archived.
1162
1163              archive_key(client_key_id,  data_type,  private_data,  key_algo‐
1164              rithm=None, key_size=None, realm=None)
1165                     Archive a secret (symmetric key  or  passphrase)  on  the
1166                     DRM.
1167
1168                     Requires  a  user-supplied  client ID.  There can be only
1169                     one active key with a specified client ID.  If  a  record
1170                     for  a duplicate active key exists, a BadRequestException
1171                     is thrown.
1172
1173                     data_type can be one of the following:
1174                            KeyClient.SYMMETRIC_KEY_TYPE,   KeyClient.ASYMMET‐
1175                            RIC_KEY_TYPE, KeyClient.PASS_PHRASE_TYPE
1176
1177                     key_algorithm  and  key_size  are applicable to symmetric
1178                     keys only.  If a symmetric key is being  archived,  these
1179                     parameters are required.
1180
1181                     private_data  is  the raw secret to be archived.  It will
1182                     be wrapped and sent to the DRM.
1183
1184                     The function returns a KeyRequestResponse object contain‐
1185                     ing  a  KeyRequestInfo  object  with  details  about  the
1186                     archival request and key archived.
1187
1188              archive_pki_options(client_key_id,  data_type,   pki_archive_op‐
1189              tions, key_algorithm=None, key_size=None, realm=None)
1190                     Archive  a  secret  (symmetric  key or passphrase) on the
1191                     DRM.
1192
1193                     Refer to archive_key()  comments  for  a  description  of
1194                     client_key_id, data_type, key_algorithm and key_size.
1195
1196                     pki_archive_options is the data to be archived wrapped in
1197                     a PKIArchiveOptions structure,
1198
1199                     The function returns a KeyRequestResponse object contain‐
1200                     ing  a  KeyRequestInfo  object  with  details  about  the
1201                     archival request and key archived.
1202
1203              cancel_request(request_id)
1204                     Cancel a secret recovery request
1205
1206              generate_asymmetric_key(client_key_id,           algorithm=None,
1207              key_size=None,    usages=None,   trans_wrapped_session_key=None,
1208              realm=None)
1209                     Generate and archive asymmetric keys in  the  DRM.   Sup‐
1210                     ports  algorithms  RSA and DSA.  Valid key size for RSA =
1211                     256 + (16 * n), where n: 0-496 Valid key size for  DSA  =
1212                     512, 768, 1024. p,q,g params are not supported.
1213
1214                     Return  a  KeyRequestResponse  which  contains  a  KeyRe‐
1215                     questInfo object that describes the URL for  the  request
1216                     and generated keys.
1217
1218              generate_symmetric_key(client_key_id, algorithm=None, size=None,
1219              usages=None, trans_wrapped_session_key=None, realm=None)
1220                     Generate and archive a symmetric key on the DRM.
1221
1222                     Return  a  KeyRequestResponse  which  contains  a  KeyRe‐
1223                     questInfo  object  that describes the URL for the request
1224                     and generated key.
1225
1226              get_active_key_info(client_key_id)
1227                     Get the info in the KeyRecord for the  active  secret  in
1228                     the DRM.
1229
1230              get_client_keyset()
1231
1232              get_key_info(key_id)
1233                     Get  the  info  in the KeyRecord for a specific secret in
1234                     the DRM.
1235
1236              get_request_info(request_id)
1237                     Return a KeyRequestInfo object for a specific request.
1238
1239              get_server_keyset()
1240
1241              list_keys(client_key_id=None,   status=None,   max_results=None,
1242              max_time=None, start=None, size=None, realm=None)
1243                     List/Search archived secrets in the DRM.
1244
1245                     See  KRAClient.list_keys  for the valid values of status.
1246                     Returns a KeyInfoCollection object.
1247
1248              list_requests(request_state=None,             request_type=None,
1249              client_key_id=None,    start=None,    page_size=None,    max_re‐
1250              sults=None, max_time=None, realm=None)
1251                     List/Search key requests in the DRM.
1252
1253                     See KRAClient.list_requests for the valid values  of  re‐
1254                     quest_state  and request_type.  Returns a KeyRequestInfo‐
1255                     Collection object.
1256
1257              modify_key_status(key_id, status)
1258                     Modify the status of a key
1259
1260              process_returned_key(key, session_key)
1261                     Decrypt the returned key and place in key.data
1262
1263                     The data will either by encrypted using an encryption al‐
1264                     gorithm - in which case, the key data will contain an en‐
1265                     cryption algorithm OID, or it will be key  wrapped  -  in
1266                     which  case,  the key data will contain a key wrap mecha‐
1267                     nism name.
1268
1269                     Only one of these should be present.  If we  are  talking
1270                     to  an  older server, and none is present, we will assume
1271                     encryption.
1272
1273              recover_key(key_id,            request_id=None,             ses‐
1274              sion_wrapped_passphrase=None,    trans_wrapped_session_key=None,
1275              b64certificate=None, nonce_data=None)
1276                     Create a request to recover a secret.
1277
1278                     To retrieve a symmetric key or passphrase, the  only  pa‐
1279                     rameter  that  is  required is the keyId.  It is possible
1280                     (but not required) to pass in the session keys/passphrase
1281                     and  nonceData for the retrieval at this time.  Those pa‐
1282                     rameters are documented in the docstring for retrieve_key
1283                     below.
1284
1285                     To  retrieve  an  asymmetric  key,  the keyId and the the
1286                     base-64 encoded certificate is required.
1287
1288              reject_request(request_id)
1289                     Reject a secret recovery request.
1290
1291              retrieve_key(key_id=None,  trans_wrapped_session_key=None,   re‐
1292              quest_id=None)
1293                     Retrieve  a secret (passphrase or symmetric key) from the
1294                     DRM.
1295
1296                     This method will retrieve a key from the  KRA  given  the
1297                     key_id  or  request_id  (one of which must be specified).
1298                     The data is returned as a KeyData object (which is recast
1299                     to a Key object).
1300
1301                     If  request_id  is specified, then the value of key_id is
1302                     ignored.  Exceptions will be thrown if the caller is  not
1303                     the  originator of the request, or the request is not ap‐
1304                     proved.
1305
1306                     If key_id is specified instead,  the  following  behavior
1307                     applies:
1308
1309                     • If  the  key  can be retrieved synchronously - ie. only
1310                       one agent's approval is required, then the KeyData will
1311                       include the secret.
1312
1313                     • If  the  key cannot be retrieved synchronously - ie. if
1314                       more than one approval is needed, then the KeyData  ob‐
1315                       ject will include the request ID for a recovery request
1316                       that was created on the server.  When that  request  is
1317                       approved,  callers  can  retrieve  the  key  using  re‐
1318                       trieve_key() and setting the request_id.
1319
1320                     To ensure data security in transit, the data will be  re‐
1321                     turned encrypted by a session key (168 bit 3DES symmetric
1322                     key) - which is first wrapped (encrypted) by  the  public
1323                     key of the DRM transport certificate before being sent to
1324                     the DRM.  The parameter trans_wrapped_session_key  refers
1325                     to this wrapped session key.
1326
1327                     If  the  trans_wrapped_session_key  is  not  provided  by
1328                     caller, the method will call  CryptoProvider  methods  to
1329                     generate and wrap the session key.  The function will re‐
1330                     turn the KeyData object  with  a  private_data  attribute
1331                     which stores the unwrapped key information.
1332
1333                     If  the  trans_wrapped_session_key  is  provided  by  the
1334                     caller, the method will simply pass the data to the  KRA,
1335                     and  will  return  the secret wrapped in the session key.
1336                     The secret will still need to be unwrapped by the caller.
1337                     The  function  will  return the KeyData object, where the
1338                     KeyData structure includes the wrapped  secret  and  some
1339                     nonce data to be used as a salt when unwrapping.
1340
1341              retrieve_key_by_passphrase(key_id=None,         request_id=None,
1342              passphrase=None,      trans_wrapped_session_key=None,       ses‐
1343              sion_wrapped_passphrase=None, nonce_data=None)
1344                     Retrieve  a secret (passphrase or symmetric key) from the
1345                     DRM using a passphrase.
1346
1347                     This function generates a key recovery request,  approves
1348                     it, and retrieves the secret referred to by key_id.  This
1349                     assumes that only one approval is required  to  authorize
1350                     the recovery.
1351
1352                     The  secret  is secured in transit by wrapping the secret
1353                     with a passphrase using PBE encryption.
1354
1355                     There are two ways of using this function:
1356
1357                     1. A passphrase is provided by the caller.
1358
1359                        In this case, CryptoProvider methods will be called to
1360                        create the data to securely send the passphrase to the
1361                        DRM.  Basically, three pieces of data will be sent:
1362
1363                        • the passphrase wrapped by a 168 bit  3DES  symmetric
1364                          key  (the  session key).  This is referred to as the
1365                          parameter session_wrapped_passphrase.
1366
1367                        • the session key wrapped with the public key  in  the
1368                          DRM  transport  certificate.  This is referred to as
1369                          the trans_wrapped_session_key.
1370
1371                        • ivps nonce data, referred to as nonce_data
1372
1373                        The function  will  return  the  tuple  (KeyData,  un‐
1374                        wrapped_secret)
1375
1376                     2. The  caller  provides  the  trans_wrapped_session_key,
1377                        session_wrapped_passphrase and nonce_data.
1378
1379                        In this case, the data will simply be  passed  to  the
1380                        DRM.  The function will return the secret encrypted by
1381                        the passphrase using PBE Encryption.  The secret  will
1382                        still need to be decrypted by the caller.
1383
1384                        The function will return the tuple (KeyData, None)
1385
1386              retrieve_key_by_pkcs12(key_id, certificate, passphrase)
1387                     Retrieve  an  asymmetric  private  key  and  return it as
1388                     PKCS12 data.
1389
1390                     This function generates a key recovery request,  approves
1391                     it,  and  retrieves the secret referred to by key_id in a
1392                     PKCS12 file.  This assumes that only one approval is  re‐
1393                     quired to authorize the recovery.
1394
1395                     This function requires the following parameters: - key_id
1396                     : the ID of the key - certificate: the certificate  asso‐
1397                     ciated  with  the  private key - passphrase: A passphrase
1398                     for the pkcs12 file.
1399
1400                     The function returns a KeyData object.
1401
1402              retrieve_key_data(data)
1403                     Retrieve a secret from the DRM.
1404
1405                     @param: data - a KeyRecoveryRequest containing the  keyId
1406                     of  the secret being retrieved, the request_id of the ap‐
1407                     proved recovery request and a wrapping  mechanism.   More
1408                     details at KRAClient.retrieve_key.
1409
1410                     Returns a KeyData object containing the wrapped secret.
1411
1412              set_crypto_algorithms()
1413
1414              set_transport_cert(transport_cert_nick)
1415                     Set the transport certificate for crypto operations
1416
1417              submit_request(request)
1418                     Submit an archival, recovery or key generation request to
1419                     the DRM.
1420
1421                     @param request - is either a  KeyArchivalRequest,  KeyRe‐
1422                     coverRequest,  SymKeyGenerationRequest  or AsymKeyGenera‐
1423                     tionRequest.
1424
1425                     returns a KeyRequestResponse object.
1426
1427       class pki.key.KeyData
1428              Bases: object
1429
1430              This is the object that contains the encoded wrapped secret when
1431              that secret is retrieved. It is used by the DRM to send informa‐
1432              tion of the key in the key retrieval requests.
1433
1434              classmethod from_json(attr_list)
1435                     Return a KeyData object from a JSON dict
1436
1437              json_attribute_names  =  {'encryptAlgorithmOID':  'encrypt_algo‐
1438              rithm_oid',   'nonceData':   'nonce_data',   'publicKey':  'pub‐
1439              lic_key', 'requestID': 'request_id', 'wrapAlgorithm':  'wrap_al‐
1440              gorithm', 'wrappedPrivateData': 'wrapped_private_data'}
1441
1442       class pki.key.KeyInfo
1443              Bases: object
1444
1445              This is the object that contains information stored in the data‐
1446              base record for an archived secret.  It does not contain the se‐
1447              cret itself.
1448
1449              classmethod from_json(attr_list)
1450                     Return KeyInfo from JSON dict
1451
1452              get_key_id()
1453                     Return the key ID as parsed from key URL
1454
1455              json_attribute_names    =    {'clientKeyID':    'client_key_id',
1456              'keyURL':  'key_url',  'ownerName':  'owner_name',  'publicKey':
1457              'public_key'}
1458
1459       class pki.key.KeyInfoCollection
1460              Bases: object
1461
1462              This  class  represents  data  returned  when  searching the DRM
1463              archived secrets.  Essentially, its a list of KeyInfo objects.
1464
1465              classmethod from_json(json_value)
1466                     Return a KeyInfoCollection object from its JSON represen‐
1467                     tation
1468
1469       class      pki.key.KeyRecoveryRequest(key_id=None,     request_id=None,
1470       trans_wrapped_session_key=None,        session_wrapped_passphrase=None,
1471       nonce_data=None,   certificate=None,   passphrase=None,   payload_wrap‐
1472       ping_name=None, payload_encryption_oid=None)
1473              Bases: ResourceMessage
1474
1475              Class representing the data sent to the DRM when either creating
1476              a  request for the recovery of a secret, or, once the request is
1477              approved, retrieving the secret.
1478
1479       class pki.key.KeyRequestInfo
1480              Bases: object
1481
1482              This class represents data about key requests (archival,  recov‐
1483              ery, key generation etc.) in the DRM.
1484
1485              classmethod from_json(attr_list)
1486                     Return a KeyRequestInfo object from a JSON dict.
1487
1488              get_key_id()
1489                     Return the ID of the secret referred to by this request.
1490
1491              get_request_id()
1492                     Return the request ID by parsing the request URL.
1493
1494              json_attribute_names  =  {'keyURL':  'key_url', 'requestStatus':
1495              'request_status', 'requestType':  'request_type',  'requestURL':
1496              'request_url'}
1497
1498       class pki.key.KeyRequestInfoCollection
1499              Bases: object
1500
1501              This  class  represents the data returned when searching the key
1502              requests in the DRM.  Essentially, its a list of  KeyRequestInfo
1503              objects.
1504
1505              classmethod from_json(json_value)
1506                     Return  a  KeyRequestInfoCollection  object from its JSON
1507                     representation.
1508
1509       class pki.key.KeyRequestResponse
1510              Bases: object
1511
1512              This class is returned when an archival, recovery or key genera‐
1513              tion  request  is  created.  It includes a KeyRequestInfo object
1514              with information about the created request, and a KeyData struc‐
1515              ture  which  contains  the  wrapped secret (if that operation is
1516              supported).
1517
1518              classmethod from_json(json_value)
1519                     Return a KeyRequestResponse object from its  JSON  repre‐
1520                     sentation.
1521
1522              get_key_id()
1523                     Return  the  id for the key archived, recovered or gener‐
1524                     ated
1525
1526              get_request_id()
1527                     Return the id for the created request
1528
1529       class pki.key.RequestId(req_id)
1530              Bases: object
1531
1532              Class representing a Request ID
1533
1534       class               pki.key.SymKeyGenerationRequest(client_key_id=None,
1535       key_size=None,  key_algorithm=None, key_usages=None, trans_wrapped_ses‐
1536       sion_key=None, realm=None)
1537              Bases: ResourceMessage
1538
1539              Class representing the data sent to the DRM when generating  and
1540              archiving a symmetric key in the DRM.
1541
1542              DECRYPT_USAGE = 'decrypt'
1543
1544              ENCRYPT_USAGE = 'encrypt'
1545
1546              SIGN_USAGE = 'sign'
1547
1548              UNWRAP_USAGE = 'unwrap'
1549
1550              VERIFY_USAGE = 'verify'
1551
1552              WRAP_USAGE = 'wrap'
1553
1554       pki.key.main()
1555              Some unit tests - basically printing different types of requests
1556
1557   kra Module
1558       Module containing KRAClient class.  This class should be used by Python
1559       clients to interact with the DRM to expose  the  functionality  of  the
1560       KeyClient and KeyRequestResource REST APIs.
1561
1562       class pki.kra.KRAClient(connection, crypto, transport_cert_nick=None)
1563              Bases: object
1564
1565              Client  class  that models interactions with a KRA using the Key
1566              and KeyRequest REST APIs.
1567
1568   profile Module
1569       class  pki.profile.Descriptor(syntax=None,  constraint=None,   descrip‐
1570       tion=None, default_value=None)
1571              Bases: object
1572
1573              This class represents the description of a ProfileAttribute.  It
1574              stores information such as the syntax,  constraint  and  default
1575              value of a profile attribute.
1576
1577              classmethod from_json(attr_list)
1578
1579              json_attribute_names  =  {'Constraint':  'constraint', 'Default‐
1580              Value': 'default_value', 'Description': 'description', 'Syntax':
1581              'syntax'}
1582
1583       class     pki.profile.PolicyConstraint(name=None,     description=None,
1584       class_id=None, policy_constraint_values=None)
1585              Bases: object
1586
1587              An object of this class contains the policy constraints  applied
1588              to a ProfileInput used by a certificate enrollment request.
1589
1590              add_constraint_value(policy_constraint_value)
1591                     Add a PolicyConstraintValue to the policy_constraint_val‐
1592                     ues list.
1593
1594              classmethod from_json(attr_list)
1595
1596              get_constraint_value(policy_constraint_value_name)
1597                     Returns a PolicyConstraintValue  object  with  the  given
1598                     name.  None, if there is no match.
1599
1600              json_attribute_names  =  {'classId':  'class_id',  'constraint':
1601              'policy_constraint_values', 'id': 'name'}
1602
1603              remove_constraint_value(policy_constraint_value_name)
1604                     Removes a PolicyConstraintValue with the given name  form
1605                     the policy_constraint_values list.
1606
1607       class pki.profile.PolicyConstraintValue(name=None, value=None, descrip‐
1608       tor=None)
1609              Bases: object
1610
1611              Represents a PolicyConstraintValue
1612
1613              classmethod from_json(attr_list)
1614
1615              property name
1616
1617       class  pki.profile.PolicyDefault(name=None,   class_id=None,   descrip‐
1618       tion=None, policy_attributes=None, policy_params=None)
1619              Bases: object
1620
1621              An  object of this class contains information of the default us‐
1622              age of a specific ProfileInput.
1623
1624              add_attribute(policy_attribute)
1625                     Add a policy attribute to  the  attribute  list.   @param
1626                     policy_attribute - A ProfileAttribute object
1627
1628              add_parameter(policy_parameter)
1629                     Add  a  profile parameter to the parameters list.  @param
1630                     policy_parameter - A ProfileParameter object.
1631
1632              classmethod from_json(attr_list)
1633
1634              get_attribute(policy_attribute_name)
1635                     Fetch the policy attribute with the given name  from  the
1636                     attributes list.
1637
1638              get_parameter(profile_parameter_name)
1639                     Fetch  a  profile  parameter with the given name from the
1640                     parameters list.
1641
1642              json_attribute_names =  {'classId':  'class_id',  'id':  'name',
1643              'params':    'policy_params',   'policyAttribute':   'policy_at‐
1644              tributes'}
1645
1646              remove_attribute(policy_attribute_name)
1647                     Remove a policy attribute with the given  name  from  the
1648                     attributes list.
1649
1650              remove_parameter(profile_parameter_name)
1651                     Remove  a  profile parameter with the given name from the
1652                     parameters list.
1653
1654       class pki.profile.PolicySet(name=None, policy_list=None)
1655              Bases: object
1656
1657              An object of this class contains a name value pair of the policy
1658              name and the ProfilePolicy object.
1659
1660              add_policy(profile_policy)
1661                     Add a ProfilePolicy object to the policy_list
1662
1663              classmethod from_json(attr_list)
1664
1665              get_policy(policy_id)
1666                     Returns a ProfilePolicy object with the given profile id.
1667
1668              json_attribute_names = {'id': 'name', 'value': 'policy_list'}
1669
1670              remove_policy(policy_id)
1671                     Removes  a ProfilePolicy with the given ID from the Poli‐
1672                     cySet.
1673
1674       class pki.profile.PolicySetList(policy_sets=None)
1675              Bases: object
1676
1677              An object of this class stores a list of ProfileSet objects.
1678
1679              add_policy_set(policy_set)
1680                     Add a PolicySet object to the policy_sets list.
1681
1682              classmethod from_json(attr_list)
1683
1684              get_policy_set(policy_set_name)
1685                     Fetch the PolicySet object for the given  name.   Returns
1686                     None, if not found.
1687
1688              property policy_sets
1689
1690              remove_policy_set(policy_set_name)
1691                     Remove  a  PolicySet  object with the given name from the
1692                     policy_sets list.
1693
1694       class  pki.profile.Profile(profile_id=None,  class_id=None,  name=None,
1695       description=None,  enabled=None, visible=None, enabled_by=None, authen‐
1696       ticator_id=None, authorization_acl=None, renewal=None, xml_output=None,
1697       inputs=None, outputs=None, policy_set_list=None, link=None)
1698              Bases: object
1699
1700              This class represents an enrollment profile.
1701
1702              add_input(profile_input)
1703                     Add  a ProfileInput object to the inputs list of the Pro‐
1704                     file.
1705
1706              add_output(profile_output)
1707                     Add a ProfileOutput object to the  outputs  list  of  the
1708                     Profile.
1709
1710              add_policy_set(policy_set)
1711                     Add  a  PolicySet  object  to the policy_sets list of the
1712                     Profile.
1713
1714              classmethod from_json(attr_list)
1715
1716              get_input(profile_input_id)
1717                     Fetches a ProfileInput with the  given  ProfileInput  id.
1718                     Returns None, if there is no matching input.
1719
1720              get_output(profile_output_id)
1721                     Fetches  a ProfileOutput with the given ProfileOutput id.
1722                     Returns None, if there is no matching output.
1723
1724              get_policy_set(policy_set_name)
1725                     Fetches a ProfileInput with the  given  ProfileInput  id.
1726                     Returns None, if there is no matching input.
1727
1728              static get_profile_data_from_file(path_to_file)
1729                     Reads  the  file for the serialized Profile object.  Cur‐
1730                     rently supports only data format in json.
1731
1732              json_attribute_names = {'Input': 'inputs', 'Output':  'outputs',
1733              'PolicySets': 'policy_set_list', 'authenticatorId': 'authentica‐
1734              tor_id', 'authzAcl': 'authorization_acl', 'classId': 'class_id',
1735              'enabledBy':   'enabled_by',  'id':  'profile_id',  'xmlOutput':
1736              'xml_output'}
1737
1738              remove_input(profile_input_id)
1739                     Remove a ProfileInput from the inputs list  of  the  Pro‐
1740                     file.
1741
1742              remove_output(profile_output_id)
1743                     Remove  a ProfileOutput from the outputs list of the Pro‐
1744                     file.
1745
1746              remove_policy_set(policy_set_name)
1747                     Remove a PolicySet from the policy_sets list of the  Pro‐
1748                     file.
1749
1750       class   pki.profile.ProfileAttribute(name=None,   value=None,  descrip‐
1751       tor=None)
1752              Bases: object
1753
1754              Represents a profile attribute of a ProfileInput.
1755
1756              classmethod from_json(attr_list)
1757
1758              json_attribute_names  =  {'Descriptor':  'descriptor',  'Value':
1759              'value'}
1760
1761       class pki.profile.ProfileClient(connection)
1762              Bases: object
1763
1764              This  class  consists  of  methods  for accessing the ProfileRe‐
1765              source.
1766
1767              create_profile(profile_data)
1768                     Create a new profile for the given Profile object.
1769
1770              create_profile_from_file(path_to_file)
1771                     Reads the file for the serialized Profile  object.   Per‐
1772                     forms  the  profile create operation.  Currently supports
1773                     only data format in json.
1774
1775              delete_profile(profile_id)
1776                     Delete a profile with the given Profile Id.
1777
1778              disable_profile(profile_id)
1779                     Disables a profile.
1780
1781              enable_profile(profile_id)
1782                     Enables a profile.
1783
1784              get_profile(profile_id)
1785                     Fetches information for the profile for the given profile
1786                     id.  Returns a ProfileData object.
1787
1788              list_profiles(start=None, size=None)
1789                     Fetches  the  list of profiles.  The start and size argu‐
1790                     ments provide pagination  support.   Returns  a  Profile‐
1791                     DataInfoCollection object.
1792
1793              modify_profile(profile_data)
1794                     Modify an existing profile with the given Profile object.
1795
1796              modify_profile_from_file(path_to_file)
1797                     Reads  the  file for the serialized Profile object.  Per‐
1798                     forms the profile modify operation.   Currently  supports
1799                     only data format in json.
1800
1801       class pki.profile.ProfileDataInfo
1802              Bases: object
1803
1804              Stores information about a profile
1805
1806              classmethod from_json(attr_list)
1807
1808              json_attribute_names  = {'profileDescription': 'profile_descrip‐
1809              tion', 'profileId': 'profile_id', 'profileName': 'profile_name',
1810              'profileURL': 'profile_url'}
1811
1812       class pki.profile.ProfileDataInfoCollection
1813              Bases: object
1814
1815              Represents a collection of ProfileDataInfo objects.  Also encap‐
1816              sulates the links for the list of the objects stored.
1817
1818              classmethod from_json(attr_list)
1819
1820       class  pki.profile.ProfileInput(profile_input_id=None,   class_id=None,
1821       name=None, text=None, attributes=None, config_attributes=None)
1822              Bases: object
1823
1824              This  class encapsulates all the attributes of a profile to gen‐
1825              erate a specific property of a certificate.  Ex.  Subject  name,
1826              Requestor Information etc.
1827
1828              add_attribute(profile_attribute)
1829                     Add a ProfileAttribute object to the attributes list.
1830
1831              add_config_attribute(profile_attribute)
1832                     Add  a  ProfileAttribute  object to the config_attributes
1833                     list.
1834
1835              classmethod from_json(attr_list)
1836
1837              get_attribute(profile_attribute_name)
1838                     Returns a ProfileAttribute object  for  the  given  name.
1839                     None, if no match.
1840
1841              get_config_attribute(config_attribute_name)
1842                     Returns  a  ProfileAttribute  object with the given name.
1843                     None, if there is no match in the config_attributes list.
1844
1845              json_attribute_names =  {'Attribute':  'attributes',  'ClassID':
1846              'class_id',   'ConfigAttribute':   'config_attributes',  'Name':
1847              'name', 'Text': 'text', 'id': 'profile_input_id'}
1848
1849              remove_attribute(profile_attribute_name)
1850                     Remove a ProfileAttribute object with the given name from
1851                     the attributes list.
1852
1853              remove_config_attribute(config_attribute_name)
1854                     Remove a ProfileAttribute object with the given name from
1855                     the config_attributes list.
1856
1857       class   pki.profile.ProfileOutput(profile_output_id=None,    name=None,
1858       text=None, class_id=None, attributes=None)
1859              Bases: object
1860
1861              This  class  defines  the output of a certificate enrollment re‐
1862              quest using a profile.
1863
1864              add_attribute(profile_attribute)
1865                     Add a ProfileAttribute object to the attributes list.
1866
1867              classmethod from_json(attr_list)
1868
1869              get_attribute(profile_attribute_name)
1870                     Returns a ProfileAttribute object  for  the  given  name.
1871                     None, if no match.
1872
1873              json_attribute_names   =  {'classId':  'class_id',  'id':  'pro‐
1874              file_output_id'}
1875
1876              remove_attribute(profile_attribute_name)
1877                     Remove a ProfileAttribute object with the given name from
1878                     the attributes list.
1879
1880       class pki.profile.ProfileParameter(name=None, value=None)
1881              Bases: object
1882
1883              classmethod from_json(attr_list)
1884
1885       class   pki.profile.ProfilePolicy(policy_id=None,  policy_default=None,
1886       policy_constraint=None)
1887              Bases: object
1888
1889              This class represents the policy a profile adheres to.   An  ob‐
1890              ject of this class stores the default values for profile and the
1891              constraints present on the values of the attributes of the  pro‐
1892              file submitted for an enrollment request.
1893
1894              classmethod from_json(attr_list)
1895
1896              json_attribute_names   =   {'constraint':   'policy_constraint',
1897              'def': 'policy_default', 'id': 'policy_id'}
1898
1899       class pki.profile.ProfilePolicySet
1900              Bases: object
1901
1902              Stores a list of ProfilePolicy objects.
1903
1904              classmethod from_json(attr_list)
1905
1906       pki.profile.main()
1907
1908   system Module
1909       class pki.system.AdminSetupRequest
1910              Bases: object
1911
1912       class pki.system.AdminSetupResponse
1913              Bases: object
1914
1915       class pki.system.CertificateSetupRequest
1916              Bases: object
1917
1918       class pki.system.CertificateSetupResponse
1919              Bases: object
1920
1921       class pki.system.DomainInfo
1922              Bases: object
1923
1924              Class representing the entire security domain.  This  is  essen‐
1925              tially a list of SecurityDomainSubsystem components.
1926
1927              classmethod from_json(json_value)
1928                     Create a DomainInfo object from JSON.
1929
1930                     Parameters
1931                            json_value (str) -- JSON representation of a secu‐
1932                            rity domain.
1933
1934                     Returns
1935                            DomainInfo
1936
1937              property systems
1938
1939       class pki.system.InstallToken
1940              Bases: object
1941
1942              classmethod from_json(json_value)
1943
1944       class pki.system.SecurityDomainClient(connection)
1945              Bases: object
1946
1947              Client used to get the security domain from  a  security  domain
1948              CA.  The connection details for the security domain CA are spec‐
1949              ified in a PKIConnection object used to construct this client.
1950
1951              get_domain_info()
1952                     Contact the security domain CA specified in  the  connec‐
1953                     tion object used to construct this client and get the se‐
1954                     curity domain using the REST API.
1955
1956                     Returns
1957                            pki.system.DomainInfo
1958
1959              get_install_token(hostname, subsystem)
1960
1961                     Returns
1962                            pki.system.InstallToken
1963
1964              get_old_domain_info()
1965                     Contact the security domain CA specified in  the  connec‐
1966                     tion object used to construct this client and get the se‐
1967                     curity domain  using  the  old  servlet-based  interface.
1968                     This  method  is useful when contacting old servers which
1969                     do not provide the REST API.
1970
1971                     Returns
1972                            pki.system.DomainInfo
1973
1974              get_security_domain_info()
1975
1976       class pki.system.SecurityDomainHost
1977              Bases: object
1978
1979              Class representing a security domain host.
1980
1981              classmethod from_json(json_value)
1982                     Constructs a SecurityDomainHost object from JSON.
1983
1984                     Parameters
1985                            json_value (str) -- JSON string representing a se‐
1986                            curity domain host.
1987
1988                     Returns
1989                            SecurityDomainHost
1990
1991       class pki.system.SecurityDomainSubsystem
1992              Bases: object
1993
1994              Class  representing a security domain subsystem.  This is essen‐
1995              tially a list of SecurityDomainHost objects of a particular sub‐
1996              system type (ca, kra, tps, tks, ocsp).
1997
1998              classmethod from_json(json_value)
1999                     Constructs  a  SecurityDomainSubsystem from a JSON repre‐
2000                     sentation.
2001
2002                     Parameters
2003                            json_value (str) -- JSON representation of the Se‐
2004                            curity Domain Subsystem
2005
2006                     Returns
2007                            SecurityDomainSubsystem
2008
2009              get_host(hostname, secure_port)
2010
2011       class pki.system.SystemCertData
2012              Bases: object
2013
2014              Class used to represent the data for a system certificate, which
2015              is used in the data passed into and returned from the  Java  in‐
2016              stallation servlet during the execution of pkispawn.
2017
2018              This  class is the python equivalent of the Java class: com.net‐
2019              scape.certsrv.system.SystemCertData
2020
2021       class pki.system.SystemConfigClient(connection, subsystem=None)
2022              Bases: object
2023
2024              Client used to interact with the Java configuration  servlet  to
2025              configure a Dogtag subsystem during the execution of pkispawn.
2026
2027              The  connection  details  for  the  system  being configured are
2028              passed in the PKIConnection object used when  constructing  this
2029              object.
2030
2031              createCert(request)
2032                     Create certificate.
2033
2034                     Parameters
2035                            request  (CertificateSetupRequest)  -- Certificate
2036                            setup request
2037
2038                     Returns
2039                            SystemCertData
2040
2041              createCertID(request)
2042                     Create certificate ID.
2043
2044                     Parameters
2045                            request (CertificateSetupRequest)  --  Certificate
2046                            setup request
2047
2048                     Returns
2049                            SystemCertData
2050
2051              createRequestID(request)
2052                     Create certificate request ID.
2053
2054                     Parameters
2055                            request  (CertificateSetupRequest)  -- Certificate
2056                            setup request
2057
2058                     Returns
2059                            SystemCertData
2060
2061              initSubsystem(request)
2062                     Initialize subsystem.
2063
2064                     Parameters
2065                            request (CertificateSetupRequest)  --  Certificate
2066                            setup request
2067
2068       class pki.system.SystemStatusClient(connection, subsystem=None)
2069              Bases: object
2070
2071              Client used to check the status of a Dogtag subsystem.
2072
2073              get_status(timeout=None)
2074                     Checks the status of the subsystem by calling the getSta‐
2075                     tus() servlet.  This is used to determine if  the  server
2076                     is up and ready to receive and process requests.
2077
2078                     Returns
2079                            str - getStatus response
2080
2081   systemcert Module
2082       Module containing the Python client classes for the SystemCert REST API
2083
2084       class pki.systemcert.SystemCertClient(connection, subsystem=None)
2085              Bases: object
2086
2087              Class  encapsulating and mirroring the functionality in the Sys‐
2088              temCertResource Java interface class defining the REST  API  for
2089              system certificate resources.
2090
2091              get_transport_cert()
2092                     Return transport certificate.
2093
2094                     Returns
2095                            pki.cert.CertData -- transport certificate data
2096
2097   upgrade Module
2098       class pki.upgrade.PKIUpgradeScriptlet
2099              Bases: object
2100
2101              backup(path)
2102
2103              get_backup_dir()
2104
2105              upgrade_system()
2106
2107       class pki.upgrade.PKIUpgradeTracker(name, filename, delimiter='=', ver‐
2108       sion_key='PKI_VERSION', index_key='PKI_UPGRADE_INDEX')
2109              Bases: object
2110
2111              get_index()
2112
2113              get_version()
2114
2115              remove()
2116
2117              remove_index()
2118
2119              remove_version()
2120
2121              set(version)
2122
2123              set_index(index)
2124
2125              set_version(version)
2126
2127              show()
2128
2129       class pki.upgrade.PKIUpgrader(upgrade_dir='/usr/share/pki/upgrade')
2130              Bases: object
2131
2132              all_versions()
2133
2134              backup(scriptlet, path)
2135
2136              copydirs(source, dest, force=False)
2137
2138              copyfile(source, dest, force=False)
2139
2140              get_current_version()
2141
2142              get_target_version()
2143
2144              get_tracker()
2145
2146              init_scriptlet(scriptlet)
2147
2148              is_complete()
2149
2150              makedirs(path, exist_ok=False)
2151
2152              record(scriptlet, path)
2153
2154              remove_tracker()
2155
2156              reset_tracker()
2157
2158              revert()
2159
2160              revert_scriptlet(scriptlet)
2161
2162              revert_version(version)
2163
2164              run_scriptlet(scriptlet)
2165
2166              scriptlets(version)
2167
2168              set_tracker(version)
2169
2170              show_tracker()
2171
2172              status()
2173
2174              touch(path)
2175
2176              update_tracker(scriptlet)
2177
2178              upgrade()
2179
2180              upgrade_version(version)
2181
2182              validate()
2183
2184              version_dir(version)
2185
2186              versions()
2187
2188   util Module
2189       Module containing utility functions and classes for the  Dogtag  python
2190       code
2191
2192       class pki.util.Version(obj)
2193              Bases: object
2194
2195       pki.util.chmod(path, mode)
2196              Change permissions of a file, link, or folder recursively.
2197
2198       pki.util.chown(path, uid, gid)
2199              Change ownership of a file, link, or folder recursively.
2200
2201       pki.util.copy(source,   dest,   uid=-   1,   gid=-   1,  dir_mode=None,
2202       file_mode=None, force=False)
2203              Copy a file or a folder and its contents.
2204
2205       pki.util.copydirs(source,  dest,   uid=-   1,   gid=-   1,   mode=None,
2206       force=False)
2207              Copy  a folder and its parents (without the contents) while pre‐
2208              serving their attributes.
2209
2210       pki.util.copyfile(source,  dest,  slots=None,  params=None,   uid=None,
2211       gid=None, mode=None, force=False)
2212              Copy a file or link while preserving its attributes.
2213
2214       pki.util.copytree(src, dst, symlinks=False, ignore=None)
2215              Recursively copy a directory tree using copy2().
2216
2217              PATCH: This code was copied from 'shutil.py' and patched to
2218                     allow 'The destination directory to already exist.'
2219
2220              If  exception(s)  occur,  an Error is raised with a list of rea‐
2221              sons.
2222
2223              If the optional symlinks flag is true,  symbolic  links  in  the
2224              source tree result in symbolic links in the destination tree; if
2225              it is false, the contents of the files pointed  to  by  symbolic
2226              links are copied.
2227
2228              The  optional  ignore  argument  is  a callable. If given, it is
2229              called with the src parameter, which is the directory being vis‐
2230              ited by copytree(), and names which is the list of src contents,
2231              as returned by os.listdir():
2232                 callable(src, names) -> ignored_names
2233
2234              Since copytree() is called recursively,  the  callable  will  be
2235              called once for each directory that is copied. It returns a list
2236              of names relative to  the  src  directory  that  should  not  be
2237              copied.
2238
2239              Consider this example code rather than the ultimate tool.
2240
2241       pki.util.customize_file(input_file, output_file, params)
2242              Customize a file with specified parameters.
2243
2244       pki.util.load_properties(filename, properties)
2245
2246       pki.util.makedirs(path,  mode=511,  exist_ok=False,  uid=-  1, gid=- 1,
2247       force=False)
2248
2249       pki.util.read_environment_files(env_file_list=None)
2250
2251       pki.util.read_text(message, options=None, default=None,  delimiter=':',
2252       case_sensitive=True, password=False, required=False)
2253              Get  an  input  from  the  user.  This  is used, for example, in
2254              pkispawn and pkidestroy to obtain user input.
2255
2256              Parameters
2257
2258message (str) -- prompt to display to the user
2259
2260options (list) -- list of possible inputs by the user.
2261
2262default (str)  --  default  value  of  parameter  being
2263                       prompted.
2264
2265delimiter  (str)  -- delimiter to be used at the end of
2266                       the prompt.
2267
2268case_sensitive (boolean -- True/False) --  Allow  input
2269                       to be case sensitive.
2270
2271password  (boolean  --  True/False) -- Input is a pass‐
2272                       word. Don't show the value.
2273
2274required (boolean  --  True/False)  --  Input  must  be
2275                       non-empty.
2276
2277              Returns
2278                     str -- value obtained from user input.
2279
2280       pki.util.remove(path, force=False)
2281
2282       pki.util.replace_params(line, params=None)
2283              Replace all occurrences of [param] in the line with the value of
2284              the parameter.
2285
2286       pki.util.rmtree(path, force=False)
2287
2288       pki.util.set_property(properties, name, value)
2289
2290       pki.util.store_properties(filename, properties)
2291
2292       pki.util.symlink(source, dest, uid=- 1, gid=- 1, force=False)
2293
2294       pki.util.unlink(link, force=False)
2295
2296Index
2297
2298Module Index
2299
2300Search Page
2301

AUTHOR

2303       Dogtag PKI Project Team
2304
2306       2022, Dogtag PKI Team
2307
2308
2309
2310
2311@APPLICATION_VERSION@            Jul 29, 2022             PKI-PYTHON-CLIENT(1)
Impressum