From 661e611d14ac744154c9b493876d373826e6b24a Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tkrizek@redhat.com>
Date: Aug 30 2017 14:00:23 +0000
Subject: dnssec: fix localhsm.py utility script


See e6b2ed6b68589ff7ee39b95559836af54f39e2de for details.

Fixes https://pagure.io/freeipa/issue/7116

Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

---

diff --git a/ipaserver/dnssec/localhsm.py b/ipaserver/dnssec/localhsm.py
index 50a1171..ab5b965 100755
--- a/ipaserver/dnssec/localhsm.py
+++ b/ipaserver/dnssec/localhsm.py
@@ -10,13 +10,14 @@ import collections
 import os
 from pprint import pprint
 
+from ipalib.constants import SOFTHSM_DNSSEC_TOKEN_LABEL
 from ipaplatform.paths import paths
-
 from ipaserver import p11helper as _ipap11helper
 from ipaserver.dnssec.abshsm import (attrs_name2id, attrs_id2name, AbstractHSM,
                                      keytype_id2name, keytype_name2id,
                                      ldap2p11helper_api_params)
 
+
 private_key_api_params = set(["label", "id", "data", "unwrapping_key",
     "wrapping_mech", "key_type", "cka_always_authenticate", "cka_copyable",
     "cka_decrypt", "cka_derive", "cka_extractable", "cka_modifiable",
@@ -188,7 +189,7 @@ class LocalHSM(AbstractHSM):
 if __name__ == '__main__':
     if 'SOFTHSM2_CONF' not in os.environ:
         os.environ['SOFTHSM2_CONF'] = paths.DNSSEC_SOFTHSM2_CONF
-    localhsm = LocalHSM(paths.LIBSOFTHSM2_SO, 0,
+    localhsm = LocalHSM(paths.LIBSOFTHSM2_SO, SOFTHSM_DNSSEC_TOKEN_LABEL,
             open(paths.DNSSEC_SOFTHSM_PIN).read())
 
     print('replica public keys: CKA_WRAP = TRUE')