diff options
| author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-10-22 19:09:25 +0000 |
|---|---|---|
| committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-10-22 19:09:25 +0000 |
| commit | 0acd942a0ff6558eb2b34b97188c7f80603911df (patch) | |
| tree | be52dd916c8ac91c9bccf82b2209436570306eba /pki/base/kra | |
| parent | 93a2f2630e5c10b3e1744df4daf8f0291203b17b (diff) | |
| download | pki-0acd942a0ff6558eb2b34b97188c7f80603911df.tar.gz pki-0acd942a0ff6558eb2b34b97188c7f80603911df.tar.xz pki-0acd942a0ff6558eb2b34b97188c7f80603911df.zip | |
Bug 744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1)
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2274 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/kra')
| -rw-r--r-- | pki/base/kra/src/com/netscape/kra/RecoveryService.java | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/pki/base/kra/src/com/netscape/kra/RecoveryService.java b/pki/base/kra/src/com/netscape/kra/RecoveryService.java index 5e0c77e25..da3c3a87c 100644 --- a/pki/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/pki/base/kra/src/com/netscape/kra/RecoveryService.java @@ -126,11 +126,21 @@ public class RecoveryService implements IService { cm = CryptoManager.getInstance(); config = CMS.getConfigStore(); tokName = config.getString("kra.storageUnit.hardware", "internal"); - CMS.debug("RecoveryService: tokenName="+tokName); - ct = cm.getTokenByName(tokName); + if (tokName.equals("internal")) { + CMS.debug("RecoveryService: serviceRequest: use internal token "); + ct = cm.getInternalCryptoToken(); + } else { + CMS.debug("RecoveryService: serviceRequest: tokenName="+tokName); + ct = cm.getTokenByName(tokName); + } allowEncDecrypt_recovery = config.getBoolean("kra.allowEncDecrypt.recovery", false); } catch (Exception e) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString())); + CMS.debug("RecoveryService exception: use internal token :" + + e.toString()); + ct = cm.getInternalCryptoToken(); + } + if (ct == null) { + throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR"+ "cannot get crypto token")); } IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats"); @@ -413,6 +423,7 @@ public class RecoveryService implements IService { */ public void createPFX(IRequest request, Hashtable params, PrivateKey priKey, CryptoToken ct) throws EBaseException { + CMS.debug("RecoverService: createPFX() allowEncDecrypt_recovery=false"); try { // create p12 X509Certificate x509cert = @@ -421,6 +432,7 @@ public class RecoveryService implements IService { // add certificate mKRA.log(ILogger.LL_INFO, "KRA adds certificate to P12"); + CMS.debug("RecoverService: createPFX() adds certificate to P12"); SEQUENCE encSafeContents = new SEQUENCE(); ASN1Value cert = new OCTET_STRING(x509cert.getEncoded()); String nickname = request.getExtDataInString(ATTR_NICKNAME); @@ -440,6 +452,7 @@ public class RecoveryService implements IService { // add key mKRA.log(ILogger.LL_INFO, "KRA adds key to P12"); + CMS.debug("RecoverService: createPFX() adds key to P12"); org.mozilla.jss.util.Password pass = new org.mozilla.jss.util.Password( pwd.toCharArray()); @@ -536,6 +549,7 @@ public class RecoveryService implements IService { */ public void createPFX(IRequest request, Hashtable params, byte priData[]) throws EBaseException { + CMS.debug("RecoverService: createPFX() allowEncDecrypt_recovery=true"); try { // create p12 X509Certificate x509cert = |