merge in lmp-mr1-release history after reset to lmp-mr1-dev
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
index c62966d..39ba0ff 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
@@ -34,6 +34,12 @@
import org.bouncycastle.util.encoders.Hex;
public class CertBlacklist {
+
+ private static final String ANDROID_DATA = System.getenv("ANDROID_DATA");
+ private static final String BLACKLIST_ROOT = ANDROID_DATA + "/misc/keychain/";
+ public static final String DEFAULT_PUBKEY_BLACKLIST_PATH = BLACKLIST_ROOT + "pubkey_blacklist.txt";
+ public static final String DEFAULT_SERIAL_BLACKLIST_PATH = BLACKLIST_ROOT + "serial_blacklist.txt";
+
private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName());
// public for testing
@@ -41,19 +47,13 @@
public final Set<byte[]> pubkeyBlacklist;
public CertBlacklist() {
- String androidData = System.getenv("ANDROID_DATA");
- String blacklistRoot = androidData + "/misc/keychain/";
- String defaultPubkeyBlacklistPath = blacklistRoot + "pubkey_blacklist.txt";
- String defaultSerialBlacklistPath = blacklistRoot + "serial_blacklist.txt";
-
- pubkeyBlacklist = readPublicKeyBlackList(defaultPubkeyBlacklistPath);
- serialBlacklist = readSerialBlackList(defaultSerialBlacklistPath);
+ this(DEFAULT_PUBKEY_BLACKLIST_PATH, DEFAULT_SERIAL_BLACKLIST_PATH);
}
/** Test only interface, not for public use */
public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) {
- pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath);
serialBlacklist = readSerialBlackList(serialBlacklistPath);
+ pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath);
}
private static boolean isHex(String value) {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
index d8efa6a..af764f3 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
@@ -37,9 +37,7 @@
extends CertPathValidatorSpi
{
// BEGIN android-added
- private static class NoPreloadHolder {
- private final static CertBlacklist blacklist = new CertBlacklist();
- }
+ private final static CertBlacklist blacklist = new CertBlacklist();
// END android-added
public CertPathValidatorResult engineValidate(
@@ -89,7 +87,7 @@
if (cert != null) {
BigInteger serial = cert.getSerialNumber();
- if (NoPreloadHolder.blacklist.isSerialNumberBlackListed(serial)) {
+ if (blacklist.isSerialNumberBlackListed(serial)) {
// emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
String message = "Certificate revocation of serial 0x" + serial.toString(16);
System.out.println(message);
@@ -276,7 +274,7 @@
for (index = certs.size() - 1; index >= 0; index--)
{
// BEGIN android-added
- if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) {
+ if (blacklist.isPublicKeyBlackListed(workingPublicKey)) {
// emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
String message = "Certificate revocation of public key " + workingPublicKey;
System.out.println(message);
diff --git a/patches/bcprov.patch b/patches/bcprov.patch
index a22ef4d..0880f97 100644
--- a/patches/bcprov.patch
+++ b/patches/bcprov.patch
@@ -7085,6 +7085,12 @@
+import org.bouncycastle.util.encoders.Hex;
+
+public class CertBlacklist {
++
++ private static final String ANDROID_DATA = System.getenv("ANDROID_DATA");
++ private static final String BLACKLIST_ROOT = ANDROID_DATA + "/misc/keychain/";
++ public static final String DEFAULT_PUBKEY_BLACKLIST_PATH = BLACKLIST_ROOT + "pubkey_blacklist.txt";
++ public static final String DEFAULT_SERIAL_BLACKLIST_PATH = BLACKLIST_ROOT + "serial_blacklist.txt";
++
+ private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName());
+
+ // public for testing
@@ -7092,19 +7098,13 @@
+ public final Set<byte[]> pubkeyBlacklist;
+
+ public CertBlacklist() {
-+ String androidData = System.getenv("ANDROID_DATA");
-+ String blacklistRoot = androidData + "/misc/keychain/";
-+ String defaultPubkeyBlacklistPath = blacklistRoot + "pubkey_blacklist.txt";
-+ String defaultSerialBlacklistPath = blacklistRoot + "serial_blacklist.txt";
-+
-+ pubkeyBlacklist = readPublicKeyBlackList(defaultPubkeyBlacklistPath);
-+ serialBlacklist = readSerialBlackList(defaultSerialBlacklistPath);
++ this(DEFAULT_PUBKEY_BLACKLIST_PATH, DEFAULT_SERIAL_BLACKLIST_PATH);
+ }
+
+ /** Test only interface, not for public use */
+ public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) {
-+ pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath);
+ serialBlacklist = readSerialBlackList(serialBlacklistPath);
++ pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath);
+ }
+
+ private static boolean isHex(String value) {
@@ -8179,19 +8179,17 @@
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
-@@ -33,6 +36,11 @@
+@@ -33,6 +36,9 @@
public class PKIXCertPathValidatorSpi
extends CertPathValidatorSpi
{
+ // BEGIN android-added
-+ private static class NoPreloadHolder {
-+ private final static CertBlacklist blacklist = new CertBlacklist();
-+ }
++ private final static CertBlacklist blacklist = new CertBlacklist();
+ // END android-added
public CertPathValidatorResult engineValidate(
CertPath certPath,
-@@ -75,6 +83,22 @@
+@@ -75,6 +81,22 @@
{
throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
}
@@ -8201,7 +8199,7 @@
+
+ if (cert != null) {
+ BigInteger serial = cert.getSerialNumber();
-+ if (NoPreloadHolder.blacklist.isSerialNumberBlackListed(serial)) {
++ if (blacklist.isSerialNumberBlackListed(serial)) {
+ // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
+ String message = "Certificate revocation of serial 0x" + serial.toString(16);
+ System.out.println(message);
@@ -8214,12 +8212,12 @@
//
// (b)
-@@ -251,6 +275,15 @@
+@@ -251,6 +273,15 @@
for (index = certs.size() - 1; index >= 0; index--)
{
+ // BEGIN android-added
-+ if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) {
++ if (blacklist.isPublicKeyBlackListed(workingPublicKey)) {
+ // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
+ String message = "Certificate revocation of public key " + workingPublicKey;
+ System.out.println(message);