Key recovery using externalReg fails with java null pointer exception on KRA

[pki-bot]

This issue was migrated from Pagure Issue #2721. Originally filed by mharmsen (@mharmsen) on 2017-06-01 16:51:23:

• Closed at 2017-06-02 13:50:30 as fixed
• Assigned to vakwetu (@vakwetu)
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1458043

---

Key recovery using externalReg fails with java null pointer exception on KRA

Steps to Reproduce:

1. Enable externalReg and recover a cert/key onto a token (non-FIPS and non-HSM)

Actual results:

key recovery failed

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-06-01 16:52:27

Metadata Update from @mharmsen:

• Custom field component adjusted to General
• Custom field feature adjusted to ''
• Custom field origin adjusted to Community
• Custom field proposedmilestone adjusted to ''
• Custom field proposedpriority adjusted to ''
• Custom field reviewer adjusted to ''
• Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1458043
• Custom field type adjusted to defect
• Custom field version adjusted to ''
• Issue priority set to: critical

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-06-01 16:52:48

Metadata Update from @mharmsen:

• Issue assigned to vakwetu

[pki-bot]

Comment from vakwetu (@vakwetu) at 2017-06-02 13:50:09

commit 08bf26f
Author: Ade Lee alee@redhat.com
Date: Thu Jun 1 17:46:27 2017 -0400

Fix NPE in audit log invocation

Some audit log objects take a RequestId or KeyId, on which we call
toString().  In some cases, we were creating a KeyId or RequestId
with null values, resulting in an NPE.  We fix these in this patch.

Bugzilla BZ# 1458043

Change-Id: I38d5a20e9920966c8414d56afd7690dc3c11a1db

[pki-bot]

Comment from vakwetu (@vakwetu) at 2017-06-02 13:50:30

Metadata Update from @vakwetu:

• Issue close_status updated to: fixed
• Issue status updated to: Closed (was: Open)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-06-02 13:51:46

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.4.7 (was: 10.4)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-06-07 18:09:40

Metadata Update from @mharmsen:

• Custom field fixedinversion adjusted to pki-core-10.4.7-1.fc27

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-06-16 19:46:44

Author: Ade Lee alee@redhat.com
Date: Fri Jun 16 14:48:27 2017 -0400

Fix 3DES archival

A previous commit mistakenly conflated the wrapping parameters for
DES and DES3 cases, resulting in incorrect data being stored if the
storage was successful at all.  This broke ipa vault and probably
also token key archival and recovery.

This patch sets the right parameters for the 3DES case again.
Part of BZ# 1458043

Change-Id: Iae884715a0f510a4d492d64fac3d82cb8100deb4

Ade Lee 2017-06-16 19:35:17 EDT

commit a91b457
Author: Ade Lee alee@redhat.com
Date: Fri Jun 16 19:25:05 2017 -0400

Fix token enrollment and recovery ivs

In encryption mode, the archival of the geenrated key uses the
wrapIV, while the recovery uses the encryptIV.  To make sure
these are consistent, they need to be set to be the same.

Bugzilla BZ 1458043

Change-Id: I1ecece74bd6e486c0f37b5e1df4929744fac262b

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-06-16 19:46:45

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.4.8 (was: 10.4.7)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-06-20 21:24:05

Metadata Update from @mharmsen:

• Custom field fixedinversion adjusted to pki-core-10.4.1-10.el7 (was: pki-core-10.4.7-1.fc27)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-06-20 21:25:37

Metadata Update from @mharmsen:

• Custom field fixedinversion reset (from pki-core-10.4.1-10.el7)