aboutsummaryrefslogtreecommitdiff
path: root/libjava/classpath/gnu
diff options
context:
space:
mode:
authorCasey Marshall <csm@gnu.org>2007-03-28 18:25:07 +0000
committerTom Tromey <tromey@gcc.gnu.org>2007-03-28 18:25:07 +0000
commit5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf (patch)
tree828c5b4842df853884238a710a0a5db7bd0ec654 /libjava/classpath/gnu
parent8eced3a2a9b9f99561ac2033b85c8bde386e46cd (diff)
downloadgcc-5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf.zip
gcc-5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf.tar.gz
gcc-5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf.tar.bz2
ClientHandshake.java (RSAGen.implRun): check keyEncipherment bit of the certificate...
2007-03-28 Casey Marshall <csm@gnu.org> * gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun): check keyEncipherment bit of the certificate, and just pass the public key to the cipher. From-SVN: r123307
Diffstat (limited to 'libjava/classpath/gnu')
-rw-r--r--libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java8
1 files changed, 7 insertions, 1 deletions
diff --git a/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java b/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java
index 059b165..a878008 100644
--- a/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java
+++ b/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java
@@ -1082,7 +1082,13 @@ outer_loop:
Cipher rsa = Cipher.getInstance("RSA");
java.security.cert.Certificate cert
= engine.session().getPeerCertificates()[0];
- rsa.init(Cipher.ENCRYPT_MODE, cert);
+ if (cert instanceof X509Certificate)
+ {
+ boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
+ if (keyUsage != null && !keyUsage[2])
+ throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment");
+ }
+ rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());
encryptedPreMasterSecret = rsa.doFinal(preMasterSecret);
// Generate our session keys, because we can.
generated by cgit v1.1 at 2026-02-11 02:59:08 +0000