From c954eea195f9a04a4736ff6a3565e85ecff5689d Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Mon, 9 Dec 2024 19:32:57 +0100
Subject: [PATCH] Check key usage digitalSignature only
---
.../eu/faircode/email/FragmentCompose.java | 18 ++++++------------
1 file changed, 6 insertions(+), 12 deletions(-)
diff --git a/app/src/main/java/eu/faircode/email/FragmentCompose.java b/app/src/main/java/eu/faircode/email/FragmentCompose.java
index a5a4b67aac..b8e013dff3 100644
--- a/app/src/main/java/eu/faircode/email/FragmentCompose.java
+++ b/app/src/main/java/eu/faircode/email/FragmentCompose.java
@@ -4462,22 +4462,16 @@ public class FragmentCompose extends FragmentBase {
// Encrypting Key: Key Usage: Key Encipherment, Data Encipherment
boolean[] usage = chain[0].getKeyUsage();
- if (usage != null && usage.length > 3) {
+ if (usage != null && usage.length > 0) {
// https://datatracker.ietf.org/doc/html/rfc3280#section-4.2.1.3
// https://datatracker.ietf.org/doc/html/rfc3850#section-4.4.2
boolean digitalSignature = usage[0];
- boolean keyEncipherment = usage[2];
- if (EntityMessage.SMIME_SIGNONLY.equals(type)) {
- if (!digitalSignature)
- throw new IllegalAccessException("Invalid key usage:" +
- " digitalSignature=" + digitalSignature);
- } else if (EntityMessage.SMIME_SIGNENCRYPT.equals(type)) {
- if (!digitalSignature || !keyEncipherment)
- throw new IllegalAccessException("Invalid key usage:" +
- " digitalSignature=" + digitalSignature +
- " keyEncipherment=" + keyEncipherment);
- }
+ if (!digitalSignature &&
+ (EntityMessage.SMIME_SIGNONLY.equals(type) ||
+ EntityMessage.SMIME_SIGNENCRYPT.equals(type)))
+ throw new IllegalAccessException("Invalid key usage:" +
+ " digitalSignature=" + digitalSignature);
}
}
} catch (CertificateException ex) {