[Pki-devel] [PATCH] 0179 KRA: do not accumulate recovered keys in token
Fraser Tweedale
ftweedal at redhat.com
Thu Apr 6 07:22:34 UTC 2017
The attached patch fixes a regression (I think?) where recovered
keys accumulate in the key storage token.
Thanks,
Fraser
-------------- next part --------------
From ab470a00827673f327d5f171ff3fdf1baea4ae5e Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Thu, 6 Apr 2017 16:07:07 +1000
Subject: [PATCH] KRA: do not accumulate recovered keys in token
When using token-based unwrapping of archived keys, the key is being
stored in the token. We do not want to accumulate the keys here;
make them temporary.
Part of: https://pagure.io/dogtagpki/issue/2610
---
base/kra/src/com/netscape/kra/RecoveryService.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java
index c89e2f388f037bb8608b24389b26f8076511adf7..817f3f01586e851007d25e0724c03d213f0b6c4a 100644
--- a/base/kra/src/com/netscape/kra/RecoveryService.java
+++ b/base/kra/src/com/netscape/kra/RecoveryService.java
@@ -409,7 +409,7 @@ public class RecoveryService implements IService {
privKey = mStorageUnit.unwrap(
keyRecord.getPrivateKeyData(),
pubkey,
- false,
+ true /* temporary */,
keyRecord.getWrappingParams(mKRA.getStorageKeyUnit().getOldWrappingParams()));
} catch (Exception e) {
mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PRIVATE_KEY_NOT_FOUND"));
--
2.9.3
More information about the Pki-devel
mailing list