msb-public
/
FairEmail
mirror of https://github.com/M66B/FairEmail.git
1
0
Code Issues Projects Releases Wiki Activity

Check key usage digitalSignature only

Browse Source
pull/217/head
M66B 9 months ago
parent 51c47987ea
commit c954eea195
1 changed files with 7 additions and 13 deletions
Show Stats Download Patch File Download Diff File

20
app/src/main/java/eu/faircode/email/FragmentCompose.java
Unescape View File

@ -4462,22 +4462,16 @@ public class FragmentCompose extends FragmentBase {
// Encrypting Key: Key Usage: Key Encipherment, Data Encipherment
boolean[] usage = chain[0].getKeyUsage();
if (usage != null && usage.length > 3) {
if (usage != null && usage.length > 0) {
// https://datatracker.ietf.org/doc/html/rfc3280#section-4.2.1.3
// https://datatracker.ietf.org/doc/html/rfc3850#section-4.4.2
boolean digitalSignature = usage[0];
boolean keyEncipherment = usage[2];
if (EntityMessage.SMIME_SIGNONLY.equals(type)) {
if (!digitalSignature)
throw new IllegalAccessException("Invalid key usage:" +
" digitalSignature=" + digitalSignature);
} else if (EntityMessage.SMIME_SIGNENCRYPT.equals(type)) {
if (!digitalSignature || !keyEncipherment)
throw new IllegalAccessException("Invalid key usage:" +
" digitalSignature=" + digitalSignature +
" keyEncipherment=" + keyEncipherment);
}
if (!digitalSignature &&
(EntityMessage.SMIME_SIGNONLY.equals(type) ||
EntityMessage.SMIME_SIGNENCRYPT.equals(type)))
throw new IllegalAccessException("Invalid key usage:" +
" digitalSignature=" + digitalSignature);
}
}
} catch (CertificateException ex) {

Write Preview
Loading…
Cancel
Save