added full check for certificate key usage
1 files changed, 25 insertions, 4 deletions
diff --git a/crypto/src/pkcs/Pkcs12Store.cs b/crypto/src/pkcs/Pkcs12Store.cs
index 8f1375471..bf7e68363 100644
--- a/crypto/src/pkcs/Pkcs12Store.cs
+++ b/crypto/src/pkcs/Pkcs12Store.cs
@@ -828,12 +828,33 @@ namespace Org.BouncyCastle.Pkcs
new DerSet(new DerBmpString(certId))));
}
+ // the Oracle PKCS12 parser looks for a trusted key usage for named certificates as well
if (cert[MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage] == null)
{
- fName.Add(
- new DerSequence(
- MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage,
- new DerSet(KeyPurposeID.AnyExtendedKeyUsage)));
+ Asn1OctetString ext = cert.Certificate.GetExtensionValue(X509Extensions.ExtendedKeyUsage);
+
+ if (ext != null)
+ {
+ ExtendedKeyUsage usage = ExtendedKeyUsage.GetInstance(ext.GetOctets());
+ Asn1EncodableVector v = new Asn1EncodableVector();
+ IList<DerObjectIdentifier> usages = usage.GetAllUsages();
+ for (int i = 0; i != usages.Count; i++)
+ {
+ v.Add(usages[i]);
+ }
+
+ fName.Add(
+ new DerSequence(
+ MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage,
+ new DerSet(v)));
+ }
+ else
+ {
+ fName.Add(
+ new DerSequence(
+ MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage,
+ new DerSet(KeyPurposeID.AnyExtendedKeyUsage)));
+ }
}
certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)));
|
