[Pki-users] How to retrieve private key in DRM

Marcin Mierzejewski marcinmierzejewski1024 at gmail.com
Sun Nov 1 13:48:46 UTC 2015


Hi all, I got lots of problems with dogtag(ekhmmm... almost 20 threads in
october : ) if somebody not notice) but this is propably the last one:D

It happens if recovery needs more than one agent approval.

I get request accepted by admins and problem is I can retrieve private key
from browser code, but if I am trying to do this in code it throws PKI
Exception and creates new recovery request

//creates new recovery request "recover"  throws:  PKIException
"Unauthorized request."
Key recoveredX509Key = keyClient.retrieveKeyByPKCS12(keyid,cert,password);

//creates new recovery request "securityDataRecovery" and throws:
"RuntimeException com.netscape.certsrv.base.PKIException: Unauthorized
request.  Recovery request not approved."
Key recoveredX509Key = keyClient.retrieveKey(keyid);


but for this same key when I open it in browser I got form to retrieve
key to pk12 and it works perfectly. I check logs and it shows me where
this form data goes:

            [01/lis/2015:13:29:04][http-bio-8443-exec-2]:
CMSServlet:service() uri = /kra/agent/kra/getAsyncPk12
            [01/lis/2015:13:29:04][http-bio-8443-exec-2]:
CMSServlet::service() param name='seqNum' value='339'
            [01/lis/2015:13:29:04][http-bio-8443-exec-2]:
CMSServlet::service() param name='p12Password' value='(sensitive)'
            [01/lis/2015:13:29:04][http-bio-8443-exec-2]:
CMSServlet::service() param name='p12PasswordAgain'
value='(sensitive)'
            [01/lis/2015:13:29:04][http-bio-8443-exec-2]:
CMSServlet::service() param name='op' value='getAsyncPk12'
            [01/lis/2015:13:29:04][http-bio-8443-exec-2]:
CMSServlet::service() param name='reqID' value='339'

Anyone have idea what I'm doing wrong? Is there any way to execute
getAsyncPk12 service from code? If You need more code or context, give
me a note.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20151101/193cb3f2/attachment.htm>


More information about the Pki-users mailing list