Add Chrome-style public key blacklist to CertPathValidator

Based on Chrome's CLs to blacklist the DigiNotar Root CA.
  http://src.chromium.org/viewvc/chrome?view=rev&revision=98750

Also cherry-pick IndexedPKIXParameters performance fix from
60f1dce097d78928597a5d057577596162e825fd to ameliorate the cost of the
new SHA1 computations.

Bug: 5232736
Bug: http://code.google.com/p/android/issues/detail?id=18793
Change-Id: I3aae7472be4ee971d98ba8cd0ce9c673c82813b8

Conflicts:

	patches/android.patch
	src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
2 files changed