ClientHandshake.java (RSAGen.implRun): check keyEncipherment bit of the certificate...

2007-03-28 Casey Marshall <csm@gnu.org> * gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun): check keyEncipherment bit of the certificate, and just pass the public key to the cipher. From-SVN: r123307
author: Casey Marshall <csm@gnu.org> 2007-03-28 18:25:07 +0000
committer: Tom Tromey <tromey@gcc.gnu.org> 2007-03-28 18:25:07 +0000
commit: 5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf (patch)
tree: 828c5b4842df853884238a710a0a5db7bd0ec654 /libjava
parent: 8eced3a2a9b9f99561ac2033b85c8bde386e46cd (diff)
download: gcc-5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf.zip
gcc-5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf.tar.gz
gcc-5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf.tar.bz2
4 files changed, 13 insertions, 1 deletions
diff --git a/libjava/classpath/ChangeLog b/libjava/classpath/ChangeLog
index 376c072..caa611a 100644
--- a/libjava/classpath/ChangeLog
+++ b/libjava/classpath/ChangeLog
@@ -1,3 +1,9 @@
+2007-03-28  Casey Marshall  <csm@gnu.org>
+
+	* gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun):
+	check keyEncipherment bit of the certificate, and just pass the public
+	key to the cipher.
+
 2007-03-27  Casey Marshall  <csm@gnu.org>
 
 	PR classpath/31302:
diff --git a/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java b/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java
index 059b165..a878008 100644
--- a/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java
+++ b/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java
@@ -1082,7 +1082,13 @@ outer_loop:
       Cipher rsa = Cipher.getInstance("RSA");
       java.security.cert.Certificate cert
         = engine.session().getPeerCertificates()[0];
-      rsa.init(Cipher.ENCRYPT_MODE, cert);
+      if (cert instanceof X509Certificate)
+        {
+          boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
+          if (keyUsage != null && !keyUsage[2])
+            throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment");
+        }
+      rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());
       encryptedPreMasterSecret = rsa.doFinal(preMasterSecret);
       
       // Generate our session keys, because we can.
diff --git a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class
index 51a1a2b..c614ed58 100644
--- a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class
+++ b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class
diff --git a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class
index c7a8f87..6d99e3e 100644
--- a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class
+++ b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class
author	Casey Marshall <csm@gnu.org>	2007-03-28 18:25:07 +0000
committer	Tom Tromey <tromey@gcc.gnu.org>	2007-03-28 18:25:07 +0000
commit	5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf (patch)
tree	828c5b4842df853884238a710a0a5db7bd0ec654 /libjava
parent	8eced3a2a9b9f99561ac2033b85c8bde386e46cd (diff)
download	gcc-5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf.zip gcc-5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf.tar.gz gcc-5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf.tar.bz2