8325254: CKA_TOKEN private and secret keys are not necessarily sensitive

Reviewed-by: valeriep
2024-02-06 19:49:30 +00:00 · 2024-02-06 19:49:30 +00:00 · 0f5f3c9b97
commit 0f5f3c9b97
parent 4b1e367eda
1 changed files with 3 additions and 2 deletions
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
@ -395,8 +395,9 @@ abstract class P11Key implements Key, Length {
                    new CK_ATTRIBUTE(CKA_EXTRACTABLE),
        });

-        boolean keySensitive = (attrs[0].getBoolean() ||
-                attrs[1].getBoolean() || !attrs[2].getBoolean());
+        boolean keySensitive =
+                (attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
+                attrs[1].getBoolean() || !attrs[2].getBoolean();

        return switch (algorithm) {
            case "RSA" -> P11RSAPrivateKeyInternal.of(session, keyID, algorithm,