Fix cert blacklisting by public key

Previously, public keys were compared to the blacklisted keys
by a HashSet.compare(), which compares by reference. This replaces
that with the correct Arrays.equals check.

Change-Id: I62e04d33bffd6b702558f5d17501f7d5919b35f8
diff --git a/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java b/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
index 795fa1a..1dea522 100644
--- a/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
+++ b/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
@@ -144,8 +144,9 @@
         String pubkeyBlacklist = readBlacklist(path);
         if (!pubkeyBlacklist.equals("")) {
             for (String value : pubkeyBlacklist.split(",")) {
+                value = value.trim();
                 if (isPubkeyHash(value)) {
-                    bl.add(Hex.decode(value));
+                    bl.add(value.getBytes());
                 } else {
                     System.logW("Tried to blacklist invalid pubkey " + value);
                 }
@@ -161,7 +162,12 @@
         digest.update(encoded, 0, encoded.length);
         byte[] out = new byte[digest.getDigestSize()];
         digest.doFinal(out, 0);
-        return pubkeyBlacklist.contains(out);
+        for (byte[] blacklisted : pubkeyBlacklist) {
+            if (Arrays.equals(blacklisted, Hex.encode(out))) {
+                return true;
+            }
+        }
+        return false;
     }
 
     public boolean isSerialNumberBlackListed(BigInteger serial) {