diff options
author | Casey Marshall <csm@gnu.org> | 2007-03-28 18:30:49 +0000 |
---|---|---|
committer | Tom Tromey <tromey@redhat.com> | 2007-03-28 18:30:49 +0000 |
commit | 0f81a7ba7b86c75fe1ad3713be940a8ef214f1f9 (patch) | |
tree | dd75a35f7cc51f0d5184ec47ac7cdf1927a85e69 | |
parent | 349c950f1f977b2a70019d4e5c9fa92b0aa0696f (diff) |
2007-03-28 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun):
check keyEncipherment bit of the certificate, and just pass the public
key to the cipher.
git-svn-id: https://gcc.gnu.org/svn/gcc/branches/redhat/gcc-4_1-branch@123308 138bc75d-0d04-0410-961f-82ee72b054a4
-rw-r--r-- | libjava/classpath/ChangeLog | 6 | ||||
-rw-r--r-- | libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java | 8 |
2 files changed, 13 insertions, 1 deletions
diff --git a/libjava/classpath/ChangeLog b/libjava/classpath/ChangeLog index 4b54991d97e..c75e0178640 100644 --- a/libjava/classpath/ChangeLog +++ b/libjava/classpath/ChangeLog @@ -1,3 +1,9 @@ +2007-03-28 Casey Marshall <csm@gnu.org> + + * gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun): + check keyEncipherment bit of the certificate, and just pass the public + key to the cipher. + 2007-03-27 Casey Marshall <csm@gnu.org> PR classpath/31302: diff --git a/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java b/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java index 059b165a67d..a8780084508 100644 --- a/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java +++ b/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java @@ -1082,7 +1082,13 @@ outer_loop: Cipher rsa = Cipher.getInstance("RSA"); java.security.cert.Certificate cert = engine.session().getPeerCertificates()[0]; - rsa.init(Cipher.ENCRYPT_MODE, cert); + if (cert instanceof X509Certificate) + { + boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage(); + if (keyUsage != null && !keyUsage[2]) + throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment"); + } + rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey()); encryptedPreMasterSecret = rsa.doFinal(preMasterSecret); // Generate our session keys, because we can. |