Check key usage digitalSignature only

9 months ago · c954eea195
parent 51c47987ea
commit c954eea195
1 changed files with 7 additions and 13 deletions
--- a/app/src/main/java/eu/faircode/email/FragmentCompose.java
+++ b/app/src/main/java/eu/faircode/email/FragmentCompose.java
@ -4462,22 +4462,16 @@ public class FragmentCompose extends FragmentBase {
                            // Encrypting Key: Key Usage: Key Encipherment, Data Encipherment
                            boolean[] usage = chain[0].getKeyUsage();
-                            if (usage != null && usage.length > 3) {
+                            if (usage != null && usage.length > 0) {
                                // https://datatracker.ietf.org/doc/html/rfc3280#section-4.2.1.3
                                // https://datatracker.ietf.org/doc/html/rfc3850#section-4.4.2
                                boolean digitalSignature = usage[0];
-                                boolean keyEncipherment = usage[2];
+
-
+                                if (!digitalSignature &&
-                                if (EntityMessage.SMIME_SIGNONLY.equals(type)) {
+                                        (EntityMessage.SMIME_SIGNONLY.equals(type) ||
-                                    if (!digitalSignature)
+                                                EntityMessage.SMIME_SIGNENCRYPT.equals(type)))
-                                        throw new IllegalAccessException("Invalid key usage:" +
+                                    throw new IllegalAccessException("Invalid key usage:" +
-                                                " digitalSignature=" + digitalSignature);
+                                            " digitalSignature=" + digitalSignature);
                                } else if (EntityMessage.SMIME_SIGNENCRYPT.equals(type)) {
                                    if (!digitalSignature || !keyEncipherment)
                                        throw new IllegalAccessException("Invalid key usage:" +
                                                " digitalSignature=" + digitalSignature +
                                                " keyEncipherment=" + keyEncipherment);
                                }
                            }
                        }
                    } catch (CertificateException ex) {