From c5685a52bee2c073142b2116f9c637a45c53e63d Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Wed, 16 Sep 2020 17:01:29 +0200
Subject: [PATCH] Check ca_wrapped in ipa-custodia-check

ca_wrapped uses Dogtag's pki tool (written in Java) to wrap key
material. Add checks to custodia to verify that key wrapping works.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
---
 install/tools/ipa-custodia-check.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/install/tools/ipa-custodia-check.in b/install/tools/ipa-custodia-check.in
index 5143dc4983..66f8f1d723 100644
--- a/install/tools/ipa-custodia-check.in
+++ b/install/tools/ipa-custodia-check.in
@@ -49,6 +49,8 @@ KEYS = [
     'dm/DMHash',
     'ra/ipaCert',
     'ca/auditSigningCert cert-pki-ca',
+    'ca_wrapped/auditSigningCert cert-pki-ca',
+    'ca_wrapped/auditSigningCert cert-pki-ca/1.2.840.113549.3.7',
     'ca/caSigningCert cert-pki-ca',
     'ca/ocspSigningCert cert-pki-ca',
     'ca/subsystemCert cert-pki-ca',