From d0c11ec0b1fe1648bb495a759d036606be5330a2 Mon Sep 17 00:00:00 2001 From: David Hook Date: Sun, 10 Jul 2022 13:53:25 +1000 Subject: added full check for certificate key usage --- crypto/src/pkcs/Pkcs12Store.cs | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) (limited to 'crypto/src') diff --git a/crypto/src/pkcs/Pkcs12Store.cs b/crypto/src/pkcs/Pkcs12Store.cs index 8f1375471..bf7e68363 100644 --- a/crypto/src/pkcs/Pkcs12Store.cs +++ b/crypto/src/pkcs/Pkcs12Store.cs @@ -828,12 +828,33 @@ namespace Org.BouncyCastle.Pkcs new DerSet(new DerBmpString(certId)))); } + // the Oracle PKCS12 parser looks for a trusted key usage for named certificates as well if (cert[MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage] == null) { - fName.Add( - new DerSequence( - MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage, - new DerSet(KeyPurposeID.AnyExtendedKeyUsage))); + Asn1OctetString ext = cert.Certificate.GetExtensionValue(X509Extensions.ExtendedKeyUsage); + + if (ext != null) + { + ExtendedKeyUsage usage = ExtendedKeyUsage.GetInstance(ext.GetOctets()); + Asn1EncodableVector v = new Asn1EncodableVector(); + IList usages = usage.GetAllUsages(); + for (int i = 0; i != usages.Count; i++) + { + v.Add(usages[i]); + } + + fName.Add( + new DerSequence( + MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage, + new DerSet(v))); + } + else + { + fName.Add( + new DerSequence( + MiscObjectIdentifiers.id_oracle_pkcs12_trusted_key_usage, + new DerSet(KeyPurposeID.AnyExtendedKeyUsage))); + } } certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName))); -- cgit 1.5.1