Hi all, I got lots of problems with dogtag(ekhmmm... almost 20 threads in october : ) if somebody not notice) but this is propably the last one:D

It happens if recovery needs more than one agent approval.

I get request accepted by admins and problem is I can retrieve private key from browser code, but if I am trying to do this in code it throws PKI Exception and creates new recovery request
//creates new recovery request "recover"  throws:  PKIException "Unauthorized request."
Key recoveredX509Key = keyClient.retrieveKeyByPKCS12(keyid,cert,password);

//creates new recovery request "securityDataRecovery" and throws: "RuntimeException com.netscape.certsrv.base.PKIException: Unauthorized request. Recovery request not approved."
Key recoveredX509Key = keyClient.retrieveKey(keyid);

but for this same key when I open it in browser I got form to retrieve key to pk12 and it works perfectly. I check logs and it shows me where this form data goes:

[01/lis/2015:13:29:04][http-bio-8443-exec-2]: CMSServlet:service() uri = /kra/agent/kra/getAsyncPk12
[01/lis/2015:13:29:04][http-bio-8443-exec-2]: CMSServlet::service() param name='seqNum' value='339'
[01/lis/2015:13:29:04][http-bio-8443-exec-2]: CMSServlet::service() param name='p12Password' value='(sensitive)'
[01/lis/2015:13:29:04][http-bio-8443-exec-2]: CMSServlet::service() param name='p12PasswordAgain' value='(sensitive)'
[01/lis/2015:13:29:04][http-bio-8443-exec-2]: CMSServlet::service() param name='op' value='getAsyncPk12'
[01/lis/2015:13:29:04][http-bio-8443-exec-2]: CMSServlet::service() param name='reqID' value='339'

Anyone have idea what I'm doing wrong? Is there any way to execute getAsyncPk12 service from code? If You need more code or context, give me a note.