From c954eea195f9a04a4736ff6a3565e85ecff5689d Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Mon, 9 Dec 2024 19:32:57 +0100
Subject: [PATCH] Check key usage digitalSignature only

---
 .../eu/faircode/email/FragmentCompose.java     | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/app/src/main/java/eu/faircode/email/FragmentCompose.java b/app/src/main/java/eu/faircode/email/FragmentCompose.java
index a5a4b67aac..b8e013dff3 100644
--- a/app/src/main/java/eu/faircode/email/FragmentCompose.java
+++ b/app/src/main/java/eu/faircode/email/FragmentCompose.java
@@ -4462,22 +4462,16 @@ public class FragmentCompose extends FragmentBase {
                             // Encrypting Key: Key Usage: Key Encipherment, Data Encipherment
 
                             boolean[] usage = chain[0].getKeyUsage();
-                            if (usage != null && usage.length > 3) {
+                            if (usage != null && usage.length > 0) {
                                 // https://datatracker.ietf.org/doc/html/rfc3280#section-4.2.1.3
                                 // https://datatracker.ietf.org/doc/html/rfc3850#section-4.4.2
                                 boolean digitalSignature = usage[0];
-                                boolean keyEncipherment = usage[2];
 
-                                if (EntityMessage.SMIME_SIGNONLY.equals(type)) {
-                                    if (!digitalSignature)
-                                        throw new IllegalAccessException("Invalid key usage:" +
-                                                " digitalSignature=" + digitalSignature);
-                                } else if (EntityMessage.SMIME_SIGNENCRYPT.equals(type)) {
-                                    if (!digitalSignature || !keyEncipherment)
-                                        throw new IllegalAccessException("Invalid key usage:" +
-                                                " digitalSignature=" + digitalSignature +
-                                                " keyEncipherment=" + keyEncipherment);
-                                }
+                                if (!digitalSignature &&
+                                        (EntityMessage.SMIME_SIGNONLY.equals(type) ||
+                                                EntityMessage.SMIME_SIGNENCRYPT.equals(type)))
+                                    throw new IllegalAccessException("Invalid key usage:" +
+                                            " digitalSignature=" + digitalSignature);
                             }
                         }
                     } catch (CertificateException ex) {