mirror of
https://github.com/M66B/FairEmail.git
synced 2024-12-22 07:42:52 +00:00
Check key usage digitalSignature only
This commit is contained in:
parent
51c47987ea
commit
c954eea195
1 changed files with 6 additions and 12 deletions
|
@ -4462,22 +4462,16 @@ public class FragmentCompose extends FragmentBase {
|
|||
// Encrypting Key: Key Usage: Key Encipherment, Data Encipherment
|
||||
|
||||
boolean[] usage = chain[0].getKeyUsage();
|
||||
if (usage != null && usage.length > 3) {
|
||||
if (usage != null && usage.length > 0) {
|
||||
// https://datatracker.ietf.org/doc/html/rfc3280#section-4.2.1.3
|
||||
// https://datatracker.ietf.org/doc/html/rfc3850#section-4.4.2
|
||||
boolean digitalSignature = usage[0];
|
||||
boolean keyEncipherment = usage[2];
|
||||
|
||||
if (EntityMessage.SMIME_SIGNONLY.equals(type)) {
|
||||
if (!digitalSignature)
|
||||
if (!digitalSignature &&
|
||||
(EntityMessage.SMIME_SIGNONLY.equals(type) ||
|
||||
EntityMessage.SMIME_SIGNENCRYPT.equals(type)))
|
||||
throw new IllegalAccessException("Invalid key usage:" +
|
||||
" digitalSignature=" + digitalSignature);
|
||||
} else if (EntityMessage.SMIME_SIGNENCRYPT.equals(type)) {
|
||||
if (!digitalSignature || !keyEncipherment)
|
||||
throw new IllegalAccessException("Invalid key usage:" +
|
||||
" digitalSignature=" + digitalSignature +
|
||||
" keyEncipherment=" + keyEncipherment);
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (CertificateException ex) {
|
||||
|
|
Loading…
Reference in a new issue