Check key usage digitalSignature only

pull/217/head
M66B 9 months ago
parent 51c47987ea
commit c954eea195

@ -4462,22 +4462,16 @@ public class FragmentCompose extends FragmentBase {
// Encrypting Key: Key Usage: Key Encipherment, Data Encipherment // Encrypting Key: Key Usage: Key Encipherment, Data Encipherment
boolean[] usage = chain[0].getKeyUsage(); boolean[] usage = chain[0].getKeyUsage();
if (usage != null && usage.length > 3) { if (usage != null && usage.length > 0) {
// https://datatracker.ietf.org/doc/html/rfc3280#section-4.2.1.3 // https://datatracker.ietf.org/doc/html/rfc3280#section-4.2.1.3
// https://datatracker.ietf.org/doc/html/rfc3850#section-4.4.2 // https://datatracker.ietf.org/doc/html/rfc3850#section-4.4.2
boolean digitalSignature = usage[0]; boolean digitalSignature = usage[0];
boolean keyEncipherment = usage[2];
if (!digitalSignature &&
if (EntityMessage.SMIME_SIGNONLY.equals(type)) { (EntityMessage.SMIME_SIGNONLY.equals(type) ||
if (!digitalSignature) EntityMessage.SMIME_SIGNENCRYPT.equals(type)))
throw new IllegalAccessException("Invalid key usage:" + throw new IllegalAccessException("Invalid key usage:" +
" digitalSignature=" + digitalSignature); " digitalSignature=" + digitalSignature);
} else if (EntityMessage.SMIME_SIGNENCRYPT.equals(type)) {
if (!digitalSignature || !keyEncipherment)
throw new IllegalAccessException("Invalid key usage:" +
" digitalSignature=" + digitalSignature +
" keyEncipherment=" + keyEncipherment);
}
} }
} }
} catch (CertificateException ex) { } catch (CertificateException ex) {

Loading…
Cancel
Save