diff options
author | Christina Fu <cfu@redhat.com> | 2012-05-02 16:48:19 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2012-05-02 16:48:19 -0700 |
commit | f103db30263625858736595902863f93cff808fe (patch) | |
tree | aca862f0bb9e930d39916c995a7cfec88cf8b054 | |
parent | 98fed48e7731d46b93e92871dfeeb5e2d8c7337d (diff) | |
download | pki-f103db30263625858736595902863f93cff808fe.tar.gz pki-f103db30263625858736595902863f93cff808fe.tar.xz pki-f103db30263625858736595902863f93cff808fe.zip |
Bug 744207 - Key archival fails when KRA is configured with lunasa
- The real fix is in JSS alone; This patch only adds better error handling and non-static salt.
-rw-r--r-- | base/kra/src/com/netscape/kra/RecoveryService.java | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java index 9158db847..fd49480c8 100644 --- a/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/base/kra/src/com/netscape/kra/RecoveryService.java @@ -459,11 +459,20 @@ public class RecoveryService implements IService { SEQUENCE safeContents = new SEQUENCE(); PasswordConverter passConverter = new PasswordConverter(); - byte salt[] = {0x01, 0x01, 0x01, 0x01}; + Random ran = new SecureRandom(); + byte[] salt = new byte[20]; + ran.nextBytes(salt); ASN1Value key = EncryptedPrivateKeyInfo.createPBE( PBEAlgorithm.PBE_SHA1_DES3_CBC, pass, salt, 1, passConverter, priKey, ct); + CMS.debug("RecoverService: createPFX() EncryptedPrivateKeyInfo.createPBE() returned"); + if (key == null) { + CMS.debug("RecoverService: createPFX() key null"); + throw new EBaseException("EncryptedPrivateKeyInfo.createPBE() failed"); + } else { + CMS.debug("RecoverService: createPFX() key not null"); + } SET keyAttrs = createBagAttrs( x509cert.getSubjectDN().toString(), @@ -501,8 +510,11 @@ public class RecoveryService implements IService { // put final PKCS12 into volatile request params.put(ATTR_PKCS12, fos.toByteArray()); + CMS.debug("RecoverService: createPFX() completed."); } catch (Exception e) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_CONSTRUCT_P12", e.toString())); + CMS.debug("RecoverService: createPFX() exception caught:"+ + e.toString()); throw new EKRAException(CMS.getUserMessage("CMS_KRA_PKCS12_FAILED_1", e.toString())); } |