Key recovery using externalReg fails with java null pointer exception on KRA
Steps to Reproduce:
1. Enable externalReg and recover a cert/key onto a token (non-FIPS and non-HSM)
Actual results:
key recovery failed
Metadata Update from @mharmsen: - Custom field component adjusted to General - Custom field feature adjusted to '' - Custom field origin adjusted to Community - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1458043 - Custom field type adjusted to defect - Custom field version adjusted to '' - Issue priority set to: critical
Metadata Update from @mharmsen: - Issue assigned to vakwetu
commit 08bf26f786b8d233382c6fedfad5d33d8c11d78f Author: Ade Lee alee@redhat.com Date: Thu Jun 1 17:46:27 2017 -0400
Fix NPE in audit log invocation Some audit log objects take a RequestId or KeyId, on which we call toString(). In some cases, we were creating a KeyId or RequestId with null values, resulting in an NPE. We fix these in this patch. Bugzilla BZ# 1458043 Change-Id: I38d5a20e9920966c8414d56afd7690dc3c11a1db
Metadata Update from @vakwetu: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @mharmsen: - Issue set to the milestone: 10.4.7 (was: 10.4)
Metadata Update from @mharmsen: - Custom field fixedinversion adjusted to pki-core-10.4.7-1.fc27
Author: Ade Lee alee@redhat.com Date: Fri Jun 16 14:48:27 2017 -0400
Fix 3DES archival A previous commit mistakenly conflated the wrapping parameters for DES and DES3 cases, resulting in incorrect data being stored if the storage was successful at all. This broke ipa vault and probably also token key archival and recovery. This patch sets the right parameters for the 3DES case again. Part of BZ# 1458043 Change-Id: Iae884715a0f510a4d492d64fac3d82cb8100deb4
Ade Lee 2017-06-16 19:35:17 EDT
commit a91b457abfd61c39e1e4318c2443e38b2dd93c5c Author: Ade Lee alee@redhat.com Date: Fri Jun 16 19:25:05 2017 -0400
Fix token enrollment and recovery ivs In encryption mode, the archival of the geenrated key uses the wrapIV, while the recovery uses the encryptIV. To make sure these are consistent, they need to be set to be the same. Bugzilla BZ #1458043 Change-Id: I1ecece74bd6e486c0f37b5e1df4929744fac262b
Metadata Update from @mharmsen: - Issue set to the milestone: 10.4.8 (was: 10.4.7)
Metadata Update from @mharmsen: - Custom field fixedinversion adjusted to pki-core-10.4.1-10.el7 (was: pki-core-10.4.7-1.fc27)
Metadata Update from @mharmsen: - Custom field fixedinversion reset (from pki-core-10.4.1-10.el7)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2841
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.