OSDN Git Service

2007-03-28 Casey Marshall <csm@gnu.org>
authortromey <tromey@138bc75d-0d04-0410-961f-82ee72b054a4>
Wed, 28 Mar 2007 18:25:07 +0000 (18:25 +0000)
committertromey <tromey@138bc75d-0d04-0410-961f-82ee72b054a4>
Wed, 28 Mar 2007 18:25:07 +0000 (18:25 +0000)
* gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun):
check keyEncipherment bit of the certificate, and just pass the public
key to the cipher.

git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@123307 138bc75d-0d04-0410-961f-82ee72b054a4

libjava/classpath/ChangeLog
libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java
libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class
libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class

index 376c072..caa611a 100644 (file)
@@ -1,3 +1,9 @@
+2007-03-28  Casey Marshall  <csm@gnu.org>
+
+       * gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun):
+       check keyEncipherment bit of the certificate, and just pass the public
+       key to the cipher.
+
 2007-03-27  Casey Marshall  <csm@gnu.org>
 
        PR classpath/31302:
index 059b165..a878008 100644 (file)
@@ -1082,7 +1082,13 @@ outer_loop:
       Cipher rsa = Cipher.getInstance("RSA");
       java.security.cert.Certificate cert
         = engine.session().getPeerCertificates()[0];
-      rsa.init(Cipher.ENCRYPT_MODE, cert);
+      if (cert instanceof X509Certificate)
+        {
+          boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
+          if (keyUsage != null && !keyUsage[2])
+            throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment");
+        }
+      rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());
       encryptedPreMasterSecret = rsa.doFinal(preMasterSecret);
       
       // Generate our session keys, because we can.
index 51a1a2b..c614ed5 100644 (file)
Binary files a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class and b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class differ
index c7a8f87..6d99e3e 100644 (file)
Binary files a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class and b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class differ