+2007-03-28 Casey Marshall <csm@gnu.org>
+
+ * gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun):
+ check keyEncipherment bit of the certificate, and just pass the public
+ key to the cipher.
+
2007-03-27 Casey Marshall <csm@gnu.org>
PR classpath/31302:
Cipher rsa = Cipher.getInstance("RSA");
java.security.cert.Certificate cert
= engine.session().getPeerCertificates()[0];
- rsa.init(Cipher.ENCRYPT_MODE, cert);
+ if (cert instanceof X509Certificate)
+ {
+ boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
+ if (keyUsage != null && !keyUsage[2])
+ throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment");
+ }
+ rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());
encryptedPreMasterSecret = rsa.doFinal(preMasterSecret);
// Generate our session keys, because we can.
git://gcc.gnu.org / gcc.git / commitdiff