8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE"

Reviewed-by: hchao, weijun
2021-12-22 19:50:51 +00:00 · 2021-12-22 19:50:51 +00:00 · d64820dfef
commit d64820dfef
parent f1fbba23eb
2 changed files with 7 additions and 5 deletions
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
@ -90,6 +90,9 @@ abstract class P11Key implements Key, Length {
    // flags indicating whether the key is a token object, sensitive, extractable
    final boolean tokenObject, sensitive, extractable;

+    // flag indicating whether the current token is NSS
+    final transient boolean isNSS;
+
    @SuppressWarnings("serial") // Type of field is not Serializable
    private final NativeKeyHolder keyIDHolder;

@ -138,7 +141,7 @@ abstract class P11Key implements Key, Length {
        this.sensitive = sensitive;
        this.extractable = extractable;
        char[] tokenLabel = this.token.tokenInfo.label;
-        boolean isNSS = (tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
+        isNSS = (tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
                && tokenLabel[2] == 'S');
        boolean extractKeyInfo = (!DISABLE_NATIVE_KEYS_EXTRACTION && isNSS &&
                extractable && !tokenObject);
@ -239,7 +242,8 @@ abstract class P11Key implements Key, Length {
        } else {
            // XXX short term serialization for unextractable keys
            throw new NotSerializableException
-                ("Cannot serialize sensitive and unextractable keys");
+                    ("Cannot serialize sensitive, unextractable " + (isNSS ?
+                    ", and NSS token keys" : "keys"));
        }
        return new KeyRep(type, getAlgorithm(), format, getEncodedInternal());
    }
@ -448,7 +452,7 @@ abstract class P11Key implements Key, Length {

        public String getFormat() {
            token.ensureValid();
-            if (sensitive || (extractable == false)) {
+            if (sensitive || !extractable || (isNSS && tokenObject)) {
                return null;
            } else {
                return "RAW";
--- a/test/jdk/ProblemList.txt
+++ b/test/jdk/ProblemList.txt
@ -646,8 +646,6 @@ javax/net/ssl/DTLS/CipherSuite.java                             8202059 macosx-x

 sun/security/provider/KeyStore/DKSTest.sh                       8180266 windows-all

-sun/security/pkcs11/KeyStore/SecretKeysBasic.java                 8209398 generic-all
-
 security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java  8224768 generic-all

 sun/security/smartcardio/TestChannel.java                       8039280 generic-all