1 files changed, 23 insertions, 3 deletions

diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyRetrieveCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyRetrieveCLI.java
index 92389c021..555faa00d 100644
--- a/base/java-tools/src/com/netscape/cmstools/key/KeyRetrieveCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/key/KeyRetrieveCLI.java
@@ -15,6 +15,7 @@ import org.apache.commons.cli.ParseException;
 import com.netscape.certsrv.dbs.keydb.KeyId;
 import com.netscape.certsrv.key.Key;
 import com.netscape.certsrv.key.KeyRecoveryRequest;
+import com.netscape.certsrv.request.RequestId;
 import com.netscape.cmstools.cli.CLI;
 import com.netscape.cmstools.cli.MainCLI;
 import com.netscape.cmsutil.util.Utils;
@@ -39,6 +40,10 @@ public class KeyRetrieveCLI extends CLI {
         option.setArgName("Key Identifier");
         options.addOption(option);
 
+        option = new Option(null, "requestID", true, "Request Identifier for approved recovery request.");
+        option.setArgName("Recovery Request Identifier");
+        options.addOption(option);
+
         option = new Option(null, "passphrase", true, "Passphrase to encrypt the key information.");
         option.setArgName("Passphrase");
         options.addOption(option);
@@ -125,12 +130,27 @@ public class KeyRetrieveCLI extends CLI {
             // Using command line options.
             String keyId = cmd.getOptionValue("keyID");
             String passphrase = cmd.getOptionValue("passphrase");
+            String requestId = cmd.getOptionValue("requestID");
 
-            if (passphrase != null) {
-                keyData = keyCLI.keyClient.retrieveKeyByPassphrase(new KeyId(keyId), passphrase);
+            if ((requestId == null) && (keyId == null)) {
+                System.out.println("Either requestID or keyID must be specified");
+                System.exit(1);
+            }
 
+            if (passphrase != null) {
+                if (requestId != null) {
+                    keyData = keyCLI.keyClient.retrieveKeyByRequestWithPassphrase(
+                            new RequestId(requestId), passphrase);
+                } else {
+                    keyData = keyCLI.keyClient.retrieveKeyByPassphrase(new KeyId(keyId), passphrase);
+                }
             } else {
-                keyData = keyCLI.keyClient.retrieveKey(new KeyId(keyId));
+                if (requestId != null) {
+                    keyData = keyCLI.keyClient.retrieveKeyByRequest(new RequestId(requestId));
+                } else {
+                    keyData = keyCLI.keyClient.retrieveKey(new KeyId(keyId));
+                }
+
                 clientEncryption = false;
 
                 // No need to return the encrypted data since encryption