Mirrors/FairEmail
1
0
Fork 0
mirror of https://github.com/M66B/FairEmail.git synced 2026-04-24 09:53:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Check key usage digitalSignature only

Browse Source
This commit is contained in:
M66B
2024-12-09 19:32:57 +01:00
parent 51c47987ea
commit c954eea195
1 changed files with 6 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/src/main/java/eu/faircode/email/FragmentCompose.java
View File

@@ -4462,22 +4462,16 @@ public class FragmentCompose extends FragmentBase {
// Encrypting Key: Key Usage: Key Encipherment, Data Encipherment
boolean[] usage = chain[0].getKeyUsage();
if (usage != null && usage.length > 3) {
if (usage != null && usage.length > 0) {
// https://datatracker.ietf.org/doc/html/rfc3280#section-4.2.1.3
// https://datatracker.ietf.org/doc/html/rfc3850#section-4.4.2
boolean digitalSignature = usage[0];
boolean keyEncipherment = usage[2];
if (EntityMessage.SMIME_SIGNONLY.equals(type)) {
if (!digitalSignature)
throw new IllegalAccessException("Invalid key usage:" +
" digitalSignature=" + digitalSignature);
} else if (EntityMessage.SMIME_SIGNENCRYPT.equals(type)) {
if (!digitalSignature || !keyEncipherment)
throw new IllegalAccessException("Invalid key usage:" +
" digitalSignature=" + digitalSignature +
" keyEncipherment=" + keyEncipherment);
}
if (!digitalSignature &&
(EntityMessage.SMIME_SIGNONLY.equals(type) ||
EntityMessage.SMIME_SIGNENCRYPT.equals(type)))
throw new IllegalAccessException("Invalid key usage:" +
" digitalSignature=" + digitalSignature);
}
}
} catch (CertificateException ex) {