diff options
| author | David Hook <dgh@cryptoworkshop.com> | 2022-07-10 13:53:25 +1000 |
|---|---|---|
| committer | David Hook <dgh@cryptoworkshop.com> | 2022-07-10 13:53:25 +1000 |
| commit | d0c11ec0b1fe1648bb495a759d036606be5330a2 (patch) | |
| tree | b798254a0fb491e0beb7bad7abffa3b757c28b0a /crypto | |
| parent | added using (diff) | |
| download | BouncyCastle.NET-ed25519-d0c11ec0b1fe1648bb495a759d036606be5330a2.tar.xz | |
added full check for certificate key usage
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/src/pkcs/Pkcs12Store.cs | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/crypto/src/pkcs/Pkcs12Store.cs b/crypto/src/pkcs/Pkcs12Store.cs index 8f1375471..bf7e68363 100644 --- a/crypto/src/pkcs/Pkcs12Store.cs +++ b/crypto/src/pkcs/Pkcs12Store.cs @@ -828,12 +828,33 @@ namespace Org.BouncyCastle.Pkcs new DerSet(new DerBmpString(certId)))); } + // the Oracle PKCS12 parser looks for a trusted key usage for named certificates as well if (cert[MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage] == null) { - fName.Add( - new DerSequence( - MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage, - new DerSet(KeyPurposeID.AnyExtendedKeyUsage))); + Asn1OctetString ext = cert.Certificate.GetExtensionValue(X509Extensions.ExtendedKeyUsage); + + if (ext != null) + { + ExtendedKeyUsage usage = ExtendedKeyUsage.GetInstance(ext.GetOctets()); + Asn1EncodableVector v = new Asn1EncodableVector(); + IList<DerObjectIdentifier> usages = usage.GetAllUsages(); + for (int i = 0; i != usages.Count; i++) + { + v.Add(usages[i]); + } + + fName.Add( + new DerSequence( + MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage, + new DerSet(v))); + } + else + { + fName.Add( + new DerSequence( + MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage, + new DerSet(KeyPurposeID.AnyExtendedKeyUsage))); + } } certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName))); |