From 5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf Mon Sep 17 00:00:00 2001
From: Casey Marshall <csm@gnu.org>
Date: Wed, 28 Mar 2007 18:25:07 +0000
Subject: [PATCH] ClientHandshake.java (RSAGen.implRun): check keyEncipherment
 bit of the certificate...

2007-03-28  Casey Marshall  <csm@gnu.org>

	* gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun):
	check keyEncipherment bit of the certificate, and just pass the public
	key to the cipher.

From-SVN: r123307
---
 libjava/classpath/ChangeLog                   |   6 ++++++
 .../net/ssl/provider/ClientHandshake.java     |   8 +++++++-
 .../ClientHandshake$GenCertVerify.class       | Bin 2856 -> 2856 bytes
 .../ssl/provider/ClientHandshake$RSAGen.class | Bin 3440 -> 3763 bytes
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/libjava/classpath/ChangeLog b/libjava/classpath/ChangeLog
index 376c072852d..caa611a55cd 100644
--- a/libjava/classpath/ChangeLog
+++ b/libjava/classpath/ChangeLog
@@ -1,3 +1,9 @@
+2007-03-28  Casey Marshall  <csm@gnu.org>
+
+	* gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun):
+	check keyEncipherment bit of the certificate, and just pass the public
+	key to the cipher.
+
 2007-03-27  Casey Marshall  <csm@gnu.org>
 
 	PR classpath/31302:
diff --git a/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java b/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java
index 059b165a67d..a8780084508 100644
--- a/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java
+++ b/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java
@@ -1082,7 +1082,13 @@ outer_loop:
       Cipher rsa = Cipher.getInstance("RSA");
       java.security.cert.Certificate cert
         = engine.session().getPeerCertificates()[0];
-      rsa.init(Cipher.ENCRYPT_MODE, cert);
+      if (cert instanceof X509Certificate)
+        {
+          boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage();
+          if (keyUsage != null && !keyUsage[2])
+            throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment");
+        }
+      rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());
       encryptedPreMasterSecret = rsa.doFinal(preMasterSecret);
       
       // Generate our session keys, because we can.
diff --git a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class
index 51a1a2b9508b9485178006cc90e8cb8026aaa38e..c614ed58477223762e42fd638c17940d6c814afb 100644
GIT binary patch
delta 85
zcmZ1>wnA(}GN))711n1u11C!yg9uAJgAz+3g9=N^<O<GjnmG)@EO`tDEJX}%EX54b
pETs&|ER_tEEENn@EL9AxEY%EMEHw<1SZXIv=SpF0ocxDN2LL6h6qEn}

delta 85
zcmZ1>wnA(}GN)()11n1i11C!ag9u9`gAz+Lg9=OB<O<GjnrRHeEEx<2EIABrEV&HP
pEcpz{EX53!EJX}eEF}!BETs%xEM*LnSjs0)=SpF$p8SVP2LKcy6es`y

diff --git a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class
index c7a8f8760dbaedb3b158172c3bb4ce05c62cdbc2..6d99e3e3b8ab3945c67881931c05d1f85bef1a3d 100644
GIT binary patch
delta 820
zcmaJ<+fEZv6kVsB&XnO`xQ2+aG`t9urV;@IC|Z#iM2VVU1fFUc%7~OY9Z<Yb?}`^d
zN6@0EDBeLua7;8od@<24@J%250Kb5^OB)k?@M-O{_S$EyeR6)~&#lh*y7YblKpEc1
zurZXGllBsGhRL(O1t}`y5JTYsf1lqQQ3JiYX7qals&07qRjjS5qeAP@0)9hP5Jp76
zKrcgDP&FFW{^p23s50=P;<i=?4l`872b20W5m#4I;%e_vBd$=7;R>sIw`Rl}^`U?k
z?o{>6ZZ%{mC`7+N8jdpLnj=z<*sI_;24tLIaGF0PXHX!DlMI5KclGW+s0GNMVO3G_
zj=!V-Y1SwR;<UgSoTZ3bNHZAniW>fr(=9c{WERAEfeW~3`sBQfO9FOCsc_?pz*P*H
zopM#dh`==rQG$r7_o@0Gf2h5uTOo}pa08>}qC70!6u5<$+3XmUZVTMOg!$7^C*2dc
zk4e*$I=~*9)2Ur69JGJ(?QCtWbGgbErr1E99AK5EKW!pf`U&9}3Q89dwxBn8J|o*>
zUpJ2Q4=8NO>U)PHAKkpv!Z8b{O57#$$el;6g>!E)NQe9wTH;)Sznp;K1o$k}Te$xJ
zcI{YGT;So!nFNemxI2p!<j_|t#{<IksHTrqjSb6aLnfU%u+khA8>3Tv6Q=oQSlow2
zUWYGyE57k<_|6-!#J4jiZ)6pGC$ea!oR+86kxh4kp8Of6@CXbOh~Y7wz=mn+JS9Gb
zIgy9wctJTp><p>WsqzvsLOVqrd`(4FB8?Ph`R-*Gkx(REY<NjB8(twUSC;49m<4_V
D!e`5O

delta 512
zcmaKoOHWf#6otQ2PjBh<H1Z~CVqoBawkC#1LLfjah>tjPKq4KHl$ZuB((;s-D4?K-
zczmG(A&gDL;!R-CF!m4V%)j7}k#V<o?r813);eqNvkT|{L@R&%JuU(*?1l&^TI^mh
zZojC|L9*!7yWC~ekRz|qnQUfEaiRI9{p~bej`f$sal-_YicoswS|&SqPvJDDdSa=b
zFp6nI5GPE68N)1dHdWEyxL|n1oWkUXauY+j+k@Hk$bDBlj}1>)vW1EbXT|W8XZA*T
z)mbw<=Y{<l?sZ-oHh5*5+<Eod?z+Q;=-DgERVOk;gQ~P?vptZ|7d;-t6Y)dp4(aw7
z`_7a!(Jk(jIG=y$!@Lhkk3NsZ|I5pEF;W{_^;kdP47GBwRyGCO=#cYu&{@U+RnqlS
zXN!@pg?-)4H=X22_wq|$<y7~nbNV{f;)(l9QzIF$E`PVYk)v&s=PmCDa7qL3`5@C^
ti;tp3q`D-i1cS2f)K@9|kxq%!x60ARH_+&32l!OBeU@x+%kLBHz&}EmYvup|

-- 
2.30.2