Use exportable=true when reading certificate from db

[Problem] Key manager allows creating a cert chain from not exportable
certificates.
[Solution] CKMLogic::readCertificateHelper modified to use exportable flag
equal to 'true'.

[Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST

Change-Id: Ib13811282eb9d1267c26741a578d8c2111bdecbb

diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index 8736fd5..0e33727 100644 (file)
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -1383,7 +1383,14 @@ int CKMLogic::readCertificateHelper(
     for (auto &i: labelNameVector) {
         // certificates can't be protected with custom user password
         Crypto::GObjUPtr obj;
-        int ec = readDataHelper(false, cred, DataType::CERTIFICATE, i.second, i.first, Password(), obj);
+        int ec;
+        ec = readDataHelper(true,
+                            cred,
+                            DataType::CERTIFICATE,
+                            i.second,
+                            i.first,
+                            Password(),
+                            obj);
         if (ec != CKM_API_SUCCESS)
             return ec;
 
@@ -1391,7 +1398,13 @@ int CKMLogic::readCertificateHelper(
 
         // try to read chain certificates (if present)
         Crypto::GObjUPtrVector caChainObjs;
-        ec = readDataHelper(false, cred, DataType::DB_CHAIN_FIRST, i.second, i.first, CKM::Password(), caChainObjs);
+        ec = readDataHelper(true,
+                            cred,
+                            DataType::DB_CHAIN_FIRST,
+                            i.second,
+                            i.first,
+                            CKM::Password(),
+                            caChainObjs);
         if(ec != CKM_API_SUCCESS && ec != CKM_API_ERROR_DB_ALIAS_UNKNOWN)
             return ec;
         for(auto &caCertObj : caChainObjs)