summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--base/kra/src/com/netscape/kra/RecoveryService.java14
1 files changed, 13 insertions, 1 deletions
diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java
index 9158db847..fd49480c8 100644
--- a/base/kra/src/com/netscape/kra/RecoveryService.java
+++ b/base/kra/src/com/netscape/kra/RecoveryService.java
@@ -459,11 +459,20 @@ public class RecoveryService implements IService {
SEQUENCE safeContents = new SEQUENCE();
PasswordConverter passConverter = new
PasswordConverter();
- byte salt[] = {0x01, 0x01, 0x01, 0x01};
+ Random ran = new SecureRandom();
+ byte[] salt = new byte[20];
+ ran.nextBytes(salt);
ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
PBEAlgorithm.PBE_SHA1_DES3_CBC,
pass, salt, 1, passConverter, priKey, ct);
+ CMS.debug("RecoverService: createPFX() EncryptedPrivateKeyInfo.createPBE() returned");
+ if (key == null) {
+ CMS.debug("RecoverService: createPFX() key null");
+ throw new EBaseException("EncryptedPrivateKeyInfo.createPBE() failed");
+ } else {
+ CMS.debug("RecoverService: createPFX() key not null");
+ }
SET keyAttrs = createBagAttrs(
x509cert.getSubjectDN().toString(),
@@ -501,8 +510,11 @@ public class RecoveryService implements IService {
// put final PKCS12 into volatile request
params.put(ATTR_PKCS12, fos.toByteArray());
+ CMS.debug("RecoverService: createPFX() completed.");
} catch (Exception e) {
mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_CONSTRUCT_P12", e.toString()));
+ CMS.debug("RecoverService: createPFX() exception caught:"+
+ e.toString());
throw new EKRAException(CMS.getUserMessage("CMS_KRA_PKCS12_FAILED_1", e.toString()));
}
generated by cgit (git 2.34.1) at 2024-05-24 02:02:20 +0000