From 606027b188fee6d20c17323d7c464d6630024a20 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed, 23 Aug 2017 20:53:25 +1000
Subject: [PATCH] Fix regression in lightweight CA replication
Fixes: https://pagure.io/dogtagpki/issue/2796
Change-Id: Ic5e42b80156f777299f4e487932305160c2d48f6
---
base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
index eca8dddb6..2daf0d797 100644
--- a/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
+++ b/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java
@@ -2307,8 +2307,9 @@ public class CryptoUtil {
BIT_STRING encSymKey = encVal.getEncSymmKey();
BIT_STRING encPrivKey = encVal.getEncValue();
- SymmetricKey sk = unwrap(token, SymmetricKey.Type.DES3, 0, null, unwrappingKey, encSymKey.getBits(),
- KeyWrapAlgorithm.RSA);
+ SymmetricKey sk = unwrap(
+ token, SymmetricKey.Type.DES3, 0, SymmetricKey.Usage.UNWRAP,
+ unwrappingKey, encSymKey.getBits(), KeyWrapAlgorithm.RSA);
ASN1Value v = algId.getParameters();
v = ((ANY) v).decodeWith(new OCTET_STRING.Template());
--
2.13.5