[Pki-users] How to retrieve private key in DRM
Marcin Mierzejewski
marcinmierzejewski1024 at gmail.com
Sun Nov 1 13:48:46 UTC 2015
Hi all, I got lots of problems with dogtag(ekhmmm... almost 20 threads in
october : ) if somebody not notice) but this is propably the last one:D
It happens if recovery needs more than one agent approval.
I get request accepted by admins and problem is I can retrieve private key
from browser code, but if I am trying to do this in code it throws PKI
Exception and creates new recovery request
//creates new recovery request "recover" throws: PKIException
"Unauthorized request."
Key recoveredX509Key = keyClient.retrieveKeyByPKCS12(keyid,cert,password);
//creates new recovery request "securityDataRecovery" and throws:
"RuntimeException com.netscape.certsrv.base.PKIException: Unauthorized
request. Recovery request not approved."
Key recoveredX509Key = keyClient.retrieveKey(keyid);
but for this same key when I open it in browser I got form to retrieve
key to pk12 and it works perfectly. I check logs and it shows me where
this form data goes:
[01/lis/2015:13:29:04][http-bio-8443-exec-2]:
CMSServlet:service() uri = /kra/agent/kra/getAsyncPk12
[01/lis/2015:13:29:04][http-bio-8443-exec-2]:
CMSServlet::service() param name='seqNum' value='339'
[01/lis/2015:13:29:04][http-bio-8443-exec-2]:
CMSServlet::service() param name='p12Password' value='(sensitive)'
[01/lis/2015:13:29:04][http-bio-8443-exec-2]:
CMSServlet::service() param name='p12PasswordAgain'
value='(sensitive)'
[01/lis/2015:13:29:04][http-bio-8443-exec-2]:
CMSServlet::service() param name='op' value='getAsyncPk12'
[01/lis/2015:13:29:04][http-bio-8443-exec-2]:
CMSServlet::service() param name='reqID' value='339'
Anyone have idea what I'm doing wrong? Is there any way to execute
getAsyncPk12 service from code? If You need more code or context, give
me a note.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20151101/193cb3f2/attachment.htm>
More information about the Pki-users
mailing list