diff options
Diffstat (limited to 'base/kra/src/com/netscape/kra/NetkeyKeygenService.java')
-rw-r--r-- | base/kra/src/com/netscape/kra/NetkeyKeygenService.java | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java index f068a4a81..636e93ed0 100644 --- a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java +++ b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java @@ -41,6 +41,7 @@ import org.mozilla.jss.util.Base64OutputStream; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.MetaInfo; import com.netscape.certsrv.base.SessionContext; import com.netscape.certsrv.dbs.keydb.IKeyRecord; @@ -155,6 +156,9 @@ public class NetkeyKeygenService implements IService { IVParameterSpec algParam = new IVParameterSpec(iv); + IConfigStore configStore = CMS.getConfigStore(); + boolean allowEncDecrypt_archival = configStore.getBoolean("kra.allowEncDecrypt.archival", false); + wrapped_des_key = null; boolean archive = true; byte[] publicKeyData = null; @@ -405,8 +409,7 @@ public class NetkeyKeygenService implements IService { WrappingParams params = null; try { - // TODO(alee) What happens if key wrap algorithm is not supported? - params = mStorageUnit.getWrappingParams(); + params = mStorageUnit.getWrappingParams(allowEncDecrypt_archival); privateKeyData = mStorageUnit.wrap((org.mozilla.jss.crypto.PrivateKey) privKey, params); } catch (Exception e) { request.setExtData(IRequest.RESULT, Integer.valueOf(4)); |