From 0753e8dbd8db26b0997d35ae8e1d3b328a7183f6 Mon Sep 17 00:00:00 2001
From: Marco Fargetta <mfargett@redhat.com>
Date: Mon, 27 Nov 2023 12:04:13 +0100
Subject: [PATCH] Fix CRMFPopClient on FIPS environment

When FIPS is enabled RSA key generation cannot have both temporary and
sensitive to false.

Since temporary is defined from a command option the sensitive is set to
null so the default for the environment will be used (true if FIPS is
enabled and false if FIPS is disabled).

Fix BZ Bug 2250716
---
 .../src/main/java/com/netscape/cmstools/CRMFPopClient.java     | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/base/tools/src/main/java/com/netscape/cmstools/CRMFPopClient.java b/base/tools/src/main/java/com/netscape/cmstools/CRMFPopClient.java
index b275baba80d..0125142d577 100644
--- a/base/tools/src/main/java/com/netscape/cmstools/CRMFPopClient.java
+++ b/base/tools/src/main/java/com/netscape/cmstools/CRMFPopClient.java
@@ -484,7 +484,6 @@ public static void main(String args[]) throws Exception {
 
             if (algorithm.equals("rsa")) {
 
-                boolean sens = false;
                 boolean extract = true;
 
                 Usage[] usages = CryptoUtil.RSA_KEYPAIR_USAGES;
@@ -494,7 +493,7 @@ public static void main(String args[]) throws Exception {
                         token,
                         keySize,
                         temporary,
-                        sens,
+                        null,
                         extract,
                         usages,
                         usagesMask);