Skip to content

Commit

Permalink
Don't check KeyUsage in supportsSignatureAlgorithmCA
Browse files Browse the repository at this point in the history
  • Loading branch information
@peterdettman
peterdettman committed Jun 27, 2020
1 parent 08b9ff0 commit 1a0de1a
Showing 1 changed file with 46 additions and 46 deletions.
92 changes: 46 additions & 46 deletions tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCertificate.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -306,12 +306,17 @@ public short getLegacySignatureAlgorithm() throws IOException

public boolean supportsSignatureAlgorithm(short signatureAlgorithm) throws IOException
{
return supportsSignatureAlgorithm(signatureAlgorithm, KU_DIGITAL_SIGNATURE);
if (!supportsKeyUsageBit(KU_DIGITAL_SIGNATURE))
{
return false;
}

return implSupportsSignatureAlgorithm(signatureAlgorithm);
}

public boolean supportsSignatureAlgorithmCA(short signatureAlgorithm) throws IOException
{
return supportsSignatureAlgorithm(signatureAlgorithm, KU_KEY_CERT_SIGN);
return implSupportsSignatureAlgorithm(signatureAlgorithm);
}

public TlsCertificate useInRole(int connectionEnd, int keyExchangeAlgorithm) throws IOException
Expand Down Expand Up @@ -352,6 +357,45 @@ public TlsCertificate useInRole(int connectionEnd, int keyExchangeAlgorithm) thr
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}

protected boolean implSupportsSignatureAlgorithm(short signatureAlgorithm) throws IOException
{
PublicKey publicKey = getPublicKey();

switch (signatureAlgorithm)
{
case SignatureAlgorithm.rsa:
return supportsRSA_PKCS1()
&& publicKey instanceof RSAPublicKey;

case SignatureAlgorithm.dsa:
return publicKey instanceof DSAPublicKey;

case SignatureAlgorithm.ecdsa:
return publicKey instanceof ECPublicKey;

case SignatureAlgorithm.ed25519:
return "Ed25519".equals(publicKey.getAlgorithm());

case SignatureAlgorithm.ed448:
return "Ed448".equals(publicKey.getAlgorithm());

case SignatureAlgorithm.rsa_pss_rsae_sha256:
case SignatureAlgorithm.rsa_pss_rsae_sha384:
case SignatureAlgorithm.rsa_pss_rsae_sha512:
return supportsRSA_PSS_RSAE()
&& publicKey instanceof RSAPublicKey;

case SignatureAlgorithm.rsa_pss_pss_sha256:
case SignatureAlgorithm.rsa_pss_pss_sha384:
case SignatureAlgorithm.rsa_pss_pss_sha512:
return supportsRSA_PSS_PSS(signatureAlgorithm)
&& publicKey instanceof RSAPublicKey;

default:
return false;
}
}

protected PublicKey getPublicKey() throws IOException
{
try
Expand Down Expand Up @@ -402,50 +446,6 @@ protected boolean supportsRSA_PSS_RSAE()
return RSAUtil.supportsPSS_RSAE(pubKeyAlgID);
}

protected boolean supportsSignatureAlgorithm(short signatureAlgorithm, int keyUsageBit) throws IOException
{
if (!supportsKeyUsageBit(keyUsageBit))
{
return false;
}

PublicKey publicKey = getPublicKey();

switch (signatureAlgorithm)
{
case SignatureAlgorithm.rsa:
return supportsRSA_PKCS1()
&& publicKey instanceof RSAPublicKey;

case SignatureAlgorithm.dsa:
return publicKey instanceof DSAPublicKey;

case SignatureAlgorithm.ecdsa:
return publicKey instanceof ECPublicKey;

case SignatureAlgorithm.ed25519:
return "Ed25519".equals(publicKey.getAlgorithm());

case SignatureAlgorithm.ed448:
return "Ed448".equals(publicKey.getAlgorithm());

case SignatureAlgorithm.rsa_pss_rsae_sha256:
case SignatureAlgorithm.rsa_pss_rsae_sha384:
case SignatureAlgorithm.rsa_pss_rsae_sha512:
return supportsRSA_PSS_RSAE()
&& publicKey instanceof RSAPublicKey;

case SignatureAlgorithm.rsa_pss_pss_sha256:
case SignatureAlgorithm.rsa_pss_pss_sha384:
case SignatureAlgorithm.rsa_pss_pss_sha512:
return supportsRSA_PSS_PSS(signatureAlgorithm)
&& publicKey instanceof RSAPublicKey;

default:
return false;
}
}

protected void validateKeyUsageBit(int keyUsageBit)
throws IOException
{
Expand Down

0 comments on commit 1a0de1a

Please sign in to comment.