diff options
Diffstat (limited to 'base/kra')
-rw-r--r-- | base/kra/src/com/netscape/kra/RecoveryService.java | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java index 7fbefd776..19d6b5157 100644 --- a/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/base/kra/src/com/netscape/kra/RecoveryService.java @@ -20,10 +20,10 @@ package com.netscape.kra; import java.io.ByteArrayOutputStream; import java.io.CharConversionException; import java.math.BigInteger; -import java.security.SecureRandom; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; +import java.security.SecureRandom; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Hashtable; @@ -194,6 +194,9 @@ public class RecoveryService implements IService { byte pubData[] = keyRecord.getPublicKeyData(); X509Certificate x509cert = request.getExtDataInCert(ATTR_USER_CERT); + if (x509cert == null) { + throw new EKRAException(CMS.getUserMessage("CMS_KRA_INVALID_KEYRECORD")); + } byte inputPubData[] = x509cert.getPublicKey().getEncoded(); if (inputPubData.length != pubData.length) { @@ -380,7 +383,7 @@ public class RecoveryService implements IService { throws EBaseException { CMS.debug("RecoverService: recoverKey: key to recover is RSA? "+ - isRSA); + isRSA); try { if (CMS.getConfigStore().getBoolean("kra.keySplitting")) { |