1 files changed, 20 insertions, 15 deletions

diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index 7d322289..36f2ea77 100644
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -993,33 +993,38 @@ int CKMLogic::getPKCS12Helper(
 	retCode = readDataHelper(true, cred, DataType::DB_KEY_FIRST, name, label,
 							 keyPassword, keyObj);
 
-	if (retCode != CKM_API_SUCCESS)
-		return retCode;
-
-	privKey = CKM::Key::create(keyObj->getBinary());
+	if (retCode != CKM_API_SUCCESS) {
+		if (retCode != CKM_API_ERROR_NOT_EXPORTABLE)
+			return retCode;
+	} else {
+		privKey = CKM::Key::create(keyObj->getBinary());
+	}
 
 	// read certificate (mandatory)
 	Crypto::GObjUPtr certObj;
 	retCode = readDataHelper(true, cred, DataType::CERTIFICATE, name, label,
 							 certPassword, certObj);
 
-	if (retCode != CKM_API_SUCCESS)
-		return retCode;
-
-	cert = CKM::Certificate::create(certObj->getBinary(), DataFormat::FORM_DER);
+	if (retCode != CKM_API_SUCCESS) {
+		if (retCode != CKM_API_ERROR_NOT_EXPORTABLE)
+			return retCode;
+	} else {
+		cert = CKM::Certificate::create(certObj->getBinary(), DataFormat::FORM_DER);
+	}
 
 	// read CA cert chain (optional)
 	Crypto::GObjUPtrVector caChainObjs;
 	retCode = readDataHelper(true, cred, DataType::DB_CHAIN_FIRST, name, label,
 							 certPassword, caChainObjs);
 
-	if (retCode != CKM_API_SUCCESS &&
-			retCode != CKM_API_ERROR_DB_ALIAS_UNKNOWN)
-		return retCode;
-
-	for (auto &caCertObj : caChainObjs)
-		caChain.push_back(CKM::Certificate::create(caCertObj->getBinary(),
-						  DataFormat::FORM_DER));
+	if (retCode != CKM_API_SUCCESS && retCode != CKM_API_ERROR_DB_ALIAS_UNKNOWN) {
+		if (retCode != CKM_API_ERROR_NOT_EXPORTABLE)
+			return retCode;
+	} else {
+		for (auto &caCertObj : caChainObjs)
+			caChain.push_back(CKM::Certificate::create(caCertObj->getBinary(),
+													   DataFormat::FORM_DER));
+	}
 
 	// if anything found, return it
 	if (privKey || cert || caChain.size() > 0)