Fix cert blacklisting by public key
Previously, public keys were compared to the blacklisted keys
by a HashSet.compare(), which compares by reference. This replaces
that with the correct Arrays.equals check.
(cherry picked from commit ea82c4ad99e7fa267c4bfa05f6f8312f85ceb8ce)
Bug: http://code.google.com/p/android/issues/detail?id=35547
Change-Id: Ic6318c6e4afb030ac96eb0ba305cbe486e157198
diff --git a/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java b/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
index 795fa1a..1dea522 100644
--- a/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
+++ b/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
@@ -144,8 +144,9 @@
String pubkeyBlacklist = readBlacklist(path);
if (!pubkeyBlacklist.equals("")) {
for (String value : pubkeyBlacklist.split(",")) {
+ value = value.trim();
if (isPubkeyHash(value)) {
- bl.add(Hex.decode(value));
+ bl.add(value.getBytes());
} else {
System.logW("Tried to blacklist invalid pubkey " + value);
}
@@ -161,7 +162,12 @@
digest.update(encoded, 0, encoded.length);
byte[] out = new byte[digest.getDigestSize()];
digest.doFinal(out, 0);
- return pubkeyBlacklist.contains(out);
+ for (byte[] blacklisted : pubkeyBlacklist) {
+ if (Arrays.equals(blacklisted, Hex.encode(out))) {
+ return true;
+ }
+ }
+ return false;
}
public boolean isSerialNumberBlackListed(BigInteger serial) {