diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Key.java b/jdk/src/share/classes/sun/security/pkcs11/P11Key.java index bcffaf0ae60..4892b7713b7 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11Key.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11Key.java @@ -90,6 +90,9 @@ abstract class P11Key implements Key, Length { // flags indicating whether the key is a token object, sensitive, extractable final boolean tokenObject, sensitive, extractable; + // flag indicating whether the current token is NSS + final transient boolean isNSS; + private final NativeKeyHolder keyIDHolder; private static final boolean DISABLE_NATIVE_KEYS_EXTRACTION; @@ -136,7 +139,7 @@ abstract class P11Key implements Key, Length { this.sensitive = sensitive; this.extractable = extractable; char[] tokenLabel = this.token.tokenInfo.label; - boolean isNSS = (tokenLabel[0] == 'N' && tokenLabel[1] == 'S' + isNSS = (tokenLabel[0] == 'N' && tokenLabel[1] == 'S' && tokenLabel[2] == 'S'); boolean extractKeyInfo = (!DISABLE_NATIVE_KEYS_EXTRACTION && isNSS && extractable && !tokenObject); @@ -225,7 +228,8 @@ protected Object writeReplace() throws ObjectStreamException { } else { // XXX short term serialization for unextractable keys throw new NotSerializableException - ("Cannot serialize sensitive and unextractable keys"); + ("Cannot serialize sensitive, unextractable " + (isNSS ? + ", and NSS token keys" : "keys")); } return new KeyRep(type, getAlgorithm(), format, getEncoded()); } @@ -440,7 +444,7 @@ private static class P11SecretKey extends P11Key implements SecretKey { } public String getFormat() { token.ensureValid(); - if (sensitive || (extractable == false)) { + if (sensitive || !extractable || (isNSS && tokenObject)) { return null; } else { return "RAW";