From c954eea195f9a04a4736ff6a3565e85ecff5689d Mon Sep 17 00:00:00 2001 From: M66B <M66B@users.noreply.github.com> Date: Mon, 9 Dec 2024 19:32:57 +0100 Subject: [PATCH] Check key usage digitalSignature only --- .../eu/faircode/email/FragmentCompose.java | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/app/src/main/java/eu/faircode/email/FragmentCompose.java b/app/src/main/java/eu/faircode/email/FragmentCompose.java index a5a4b67aac..b8e013dff3 100644 --- a/app/src/main/java/eu/faircode/email/FragmentCompose.java +++ b/app/src/main/java/eu/faircode/email/FragmentCompose.java @@ -4462,22 +4462,16 @@ public class FragmentCompose extends FragmentBase { // Encrypting Key: Key Usage: Key Encipherment, Data Encipherment boolean[] usage = chain[0].getKeyUsage(); - if (usage != null && usage.length > 3) { + if (usage != null && usage.length > 0) { // https://datatracker.ietf.org/doc/html/rfc3280#section-4.2.1.3 // https://datatracker.ietf.org/doc/html/rfc3850#section-4.4.2 boolean digitalSignature = usage[0]; - boolean keyEncipherment = usage[2]; - if (EntityMessage.SMIME_SIGNONLY.equals(type)) { - if (!digitalSignature) - throw new IllegalAccessException("Invalid key usage:" + - " digitalSignature=" + digitalSignature); - } else if (EntityMessage.SMIME_SIGNENCRYPT.equals(type)) { - if (!digitalSignature || !keyEncipherment) - throw new IllegalAccessException("Invalid key usage:" + - " digitalSignature=" + digitalSignature + - " keyEncipherment=" + keyEncipherment); - } + if (!digitalSignature && + (EntityMessage.SMIME_SIGNONLY.equals(type) || + EntityMessage.SMIME_SIGNENCRYPT.equals(type))) + throw new IllegalAccessException("Invalid key usage:" + + " digitalSignature=" + digitalSignature); } } } catch (CertificateException ex) {