ClientHandshake.java (RSAGen.implRun): check keyEncipherment bit of the certificate...
2007-03-28 Casey Marshall <csm@gnu.org> * gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun): check keyEncipherment bit of the certificate, and just pass the public key to the cipher. From-SVN: r123307
This commit is contained in:
committed by
Tom Tromey
parent
8eced3a2a9
commit
5a953bf101
@@ -1082,7 +1082,13 @@ outer_loop:
|
||||
Cipher rsa = Cipher.getInstance("RSA");
|
||||
java.security.cert.Certificate cert
|
||||
= engine.session().getPeerCertificates()[0];
|
||||
rsa.init(Cipher.ENCRYPT_MODE, cert);
|
||||
if (cert instanceof X509Certificate)
|
||||
{
|
||||
boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
|
||||
if (keyUsage != null && !keyUsage[2])
|
||||
throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment");
|
||||
}
|
||||
rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());
|
||||
encryptedPreMasterSecret = rsa.doFinal(preMasterSecret);
|
||||
|
||||
// Generate our session keys, because we can.
|
||||
|
||||
Reference in New Issue
Block a user