2007-03-22 Casey Marshall <csm@gnu.org>

* gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun): check keyEncipherment bit of the certificate, and just pass the public key to the cipher.
author: Casey Marshall <csm@gnu.org> 2007-03-23 04:53:58 +0000
committer: Casey Marshall <csm@gnu.org> 2007-03-23 04:53:58 +0000
commit: e47726ffee247a7fffee223a86f90e64bd2a5449 (patch)
tree: 4b953fc6076d9844dacfc29f6d3dce9626783444 /gnu/javax/net/ssl/provider/ClientHandshake.java
parent: e085f2007dcac21e318777e8a15a17ac45c40c4f (diff)
download: classpath-e47726ffee247a7fffee223a86f90e64bd2a5449.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/gnu/javax/net/ssl/provider/ClientHandshake.java b/gnu/javax/net/ssl/provider/ClientHandshake.java
index 059b165a6..a87800845 100644
--- a/gnu/javax/net/ssl/provider/ClientHandshake.java
+++ b/gnu/javax/net/ssl/provider/ClientHandshake.java
@@ -1082,7 +1082,13 @@ outer_loop:
       Cipher rsa = Cipher.getInstance("RSA");
       java.security.cert.Certificate cert
         = engine.session().getPeerCertificates()[0];
-      rsa.init(Cipher.ENCRYPT_MODE, cert);
+      if (cert instanceof X509Certificate)
+        {
+          boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
+          if (keyUsage != null && !keyUsage[2])
+            throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment");
+        }
+      rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());
       encryptedPreMasterSecret = rsa.doFinal(preMasterSecret);
       
       // Generate our session keys, because we can.
author	Casey Marshall <csm@gnu.org>	2007-03-23 04:53:58 +0000
committer	Casey Marshall <csm@gnu.org>	2007-03-23 04:53:58 +0000
commit	e47726ffee247a7fffee223a86f90e64bd2a5449 (patch)
tree	4b953fc6076d9844dacfc29f6d3dce9626783444 /gnu/javax/net/ssl/provider/ClientHandshake.java
parent	e085f2007dcac21e318777e8a15a17ac45c40c4f (diff)
download	classpath-e47726ffee247a7fffee223a86f90e64bd2a5449.tar.gz