diff options
author | Casey Marshall <csm@gnu.org> | 2007-03-23 04:53:58 +0000 |
---|---|---|
committer | Casey Marshall <csm@gnu.org> | 2007-03-23 04:53:58 +0000 |
commit | e47726ffee247a7fffee223a86f90e64bd2a5449 (patch) | |
tree | 4b953fc6076d9844dacfc29f6d3dce9626783444 /gnu/javax/net/ssl/provider/ClientHandshake.java | |
parent | e085f2007dcac21e318777e8a15a17ac45c40c4f (diff) | |
download | classpath-e47726ffee247a7fffee223a86f90e64bd2a5449.tar.gz |
2007-03-22 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun):
check keyEncipherment bit of the certificate, and just pass the public
key to the cipher.
Diffstat (limited to 'gnu/javax/net/ssl/provider/ClientHandshake.java')
-rw-r--r-- | gnu/javax/net/ssl/provider/ClientHandshake.java | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/gnu/javax/net/ssl/provider/ClientHandshake.java b/gnu/javax/net/ssl/provider/ClientHandshake.java index 059b165a6..a87800845 100644 --- a/gnu/javax/net/ssl/provider/ClientHandshake.java +++ b/gnu/javax/net/ssl/provider/ClientHandshake.java @@ -1082,7 +1082,13 @@ outer_loop: Cipher rsa = Cipher.getInstance("RSA"); java.security.cert.Certificate cert = engine.session().getPeerCertificates()[0]; - rsa.init(Cipher.ENCRYPT_MODE, cert); + if (cert instanceof X509Certificate) + { + boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage(); + if (keyUsage != null && !keyUsage[2]) + throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment"); + } + rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey()); encryptedPreMasterSecret = rsa.doFinal(preMasterSecret); // Generate our session keys, because we can. |