From 606027b188fee6d20c17323d7c464d6630024a20 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed, 23 Aug 2017 20:53:25 +1000
Subject: [PATCH] Fix regression in lightweight CA replication

Fixes: https://pagure.io/dogtagpki/issue/2796
Change-Id: Ic5e42b80156f777299f4e487932305160c2d48f6
---
 base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
index eca8dddb6..2daf0d797 100644
--- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
+++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
@@ -2307,8 +2307,9 @@ public class CryptoUtil {
         BIT_STRING encSymKey = encVal.getEncSymmKey();
         BIT_STRING encPrivKey = encVal.getEncValue();
 
-        SymmetricKey sk = unwrap(token, SymmetricKey.Type.DES3, 0, null, unwrappingKey, encSymKey.getBits(),
-                KeyWrapAlgorithm.RSA);
+        SymmetricKey sk = unwrap(
+                token, SymmetricKey.Type.DES3, 0, SymmetricKey.Usage.UNWRAP,
+                unwrappingKey, encSymKey.getBits(), KeyWrapAlgorithm.RSA);
 
         ASN1Value v = algId.getParameters();
         v = ((ANY) v).decodeWith(new OCTET_STRING.Template());
-- 
2.13.5