summary refs log tree commit diff
path: root/crypto
diff options
context:
space:
mode:
authorDavid Hook <dgh@cryptoworkshop.com>2022-07-10 13:53:25 +1000
committerDavid Hook <dgh@cryptoworkshop.com>2022-07-10 13:53:25 +1000
commitd0c11ec0b1fe1648bb495a759d036606be5330a2 (patch)
treeb798254a0fb491e0beb7bad7abffa3b757c28b0a /crypto
parentadded using (diff)
downloadBouncyCastle.NET-ed25519-d0c11ec0b1fe1648bb495a759d036606be5330a2.tar.xz
added full check for certificate key usage
Diffstat (limited to 'crypto')
-rw-r--r--crypto/src/pkcs/Pkcs12Store.cs29
1 files changed, 25 insertions, 4 deletions
diff --git a/crypto/src/pkcs/Pkcs12Store.cs b/crypto/src/pkcs/Pkcs12Store.cs
index 8f1375471..bf7e68363 100644
--- a/crypto/src/pkcs/Pkcs12Store.cs
+++ b/crypto/src/pkcs/Pkcs12Store.cs
@@ -828,12 +828,33 @@ namespace Org.BouncyCastle.Pkcs
                             new DerSet(new DerBmpString(certId))));
                 }
 
+                // the Oracle PKCS12 parser looks for a trusted key usage for named certificates as well
                 if (cert[MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage] == null)
                 {
-                    fName.Add(
-                        new DerSequence(
-                            MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage,
-                            new DerSet(KeyPurposeID.AnyExtendedKeyUsage)));
+                    Asn1OctetString ext = cert.Certificate.GetExtensionValue(X509Extensions.ExtendedKeyUsage);
+          
+                    if (ext != null)
+                    {
+                        ExtendedKeyUsage usage = ExtendedKeyUsage.GetInstance(ext.GetOctets());
+                        Asn1EncodableVector v = new Asn1EncodableVector();
+                        IList<DerObjectIdentifier> usages = usage.GetAllUsages();
+                        for (int i = 0; i != usages.Count; i++)
+                        {
+                            v.Add(usages[i]);
+                        }
+                       
+                        fName.Add(
+                            new DerSequence(
+                                MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage,
+                                new DerSet(v)));
+                    }
+                    else
+                    {
+                        fName.Add(
+                            new DerSequence(
+                                MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage,
+                                new DerSet(KeyPurposeID.AnyExtendedKeyUsage)));
+                    }
                 }
 
                 certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)));