The attached patch fixes a regression (I think?) where recovered keys accumulate in the key storage token.
Thanks, Fraser
From ab470a00827673f327d5f171ff3fdf1baea4ae5e Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Thu, 6 Apr 2017 16:07:07 +1000 Subject: [PATCH] KRA: do not accumulate recovered keys in token When using token-based unwrapping of archived keys, the key is being stored in the token. We do not want to accumulate the keys here; make them temporary. Part of: https://pagure.io/dogtagpki/issue/2610 --- base/kra/src/com/netscape/kra/RecoveryService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/kra/src/com/netscape/kra/RecoveryService.java b/base/kra/src/com/netscape/kra/RecoveryService.java index c89e2f388f037bb8608b24389b26f8076511adf7..817f3f01586e851007d25e0724c03d213f0b6c4a 100644 --- a/base/kra/src/com/netscape/kra/RecoveryService.java +++ b/base/kra/src/com/netscape/kra/RecoveryService.java @@ -409,7 +409,7 @@ public class RecoveryService implements IService { privKey = mStorageUnit.unwrap( keyRecord.getPrivateKeyData(), pubkey, - false, + true /* temporary */, keyRecord.getWrappingParams(mKRA.getStorageKeyUnit().getOldWrappingParams())); } catch (Exception e) { mKRA.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_KRA_PRIVATE_KEY_NOT_FOUND")); -- 2.9.3
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
