diff options
| author | Kenny Root <kroot@google.com> | 2014-10-17 22:52:20 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2014-10-17 22:52:20 +0000 |
| commit | b000361bb7f237a66450ed7eef49a2e8727b058e (patch) | |
| tree | 2740fce6da9cb4dd1dc9e7c1df5fa93d70bb868f | |
| parent | 9c4a275f619a103c2cb54a7b117acfc19611a853 (diff) | |
| parent | 74e779b0f5b26a0d31f08ad6ec0f8822501c4c16 (diff) | |
| download | android_external_bouncycastle-b000361bb7f237a66450ed7eef49a2e8727b058e.tar.gz android_external_bouncycastle-b000361bb7f237a66450ed7eef49a2e8727b058e.tar.bz2 android_external_bouncycastle-b000361bb7f237a66450ed7eef49a2e8727b058e.zip | |
am 74e779b0: Merge "Put the CertBlacklist in a NoPreloadHolder"
* commit '74e779b0f5b26a0d31f08ad6ec0f8822501c4c16':
Put the CertBlacklist in a NoPreloadHolder
| -rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java | 8 | ||||
| -rw-r--r-- | patches/bcprov.patch | 16 |
2 files changed, 14 insertions, 10 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java index 8ed42a1..19dc768 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java @@ -37,7 +37,9 @@ public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi { // BEGIN android-added - private final static CertBlacklist blacklist = new CertBlacklist(); + private static class NoPreloadHolder { + private final static CertBlacklist blacklist = new CertBlacklist(); + } // END android-added public CertPathValidatorResult engineValidate( @@ -87,7 +89,7 @@ public class PKIXCertPathValidatorSpi if (cert != null) { BigInteger serial = cert.getSerialNumber(); - if (blacklist.isSerialNumberBlackListed(serial)) { + if (NoPreloadHolder.blacklist.isSerialNumberBlackListed(serial)) { // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs String message = "Certificate revocation of serial 0x" + serial.toString(16); System.out.println(message); @@ -274,7 +276,7 @@ public class PKIXCertPathValidatorSpi for (index = certs.size() - 1; index >= 0; index--) { // BEGIN android-added - if (blacklist.isPublicKeyBlackListed(workingPublicKey)) { + if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) { // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs String message = "Certificate revocation of public key " + workingPublicKey; System.out.println(message); diff --git a/patches/bcprov.patch b/patches/bcprov.patch index b824b2f..7335270 100644 --- a/patches/bcprov.patch +++ b/patches/bcprov.patch @@ -8456,7 +8456,7 @@ diff -Naur bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/PKIXCRLUtil.jav diff -Naur bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk15on-151/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java --- bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2014-07-26 04:17:24.000000000 +0000 -+++ bcprov-jdk15on-151/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2014-07-28 19:51:54.000000000 +0000 ++++ bcprov-jdk15on-151/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2014-10-16 17:49:43.000000000 +0000 @@ -1,5 +1,8 @@ package org.bouncycastle.jce.provider; @@ -8466,17 +8466,19 @@ diff -Naur bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/PKIXCertPathVal import java.security.InvalidAlgorithmParameterException; import java.security.PublicKey; import java.security.cert.CertPath; -@@ -33,6 +36,9 @@ +@@ -33,6 +36,11 @@ public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi { + // BEGIN android-added -+ private final static CertBlacklist blacklist = new CertBlacklist(); ++ private static class NoPreloadHolder { ++ private final static CertBlacklist blacklist = new CertBlacklist(); ++ } + // END android-added public CertPathValidatorResult engineValidate( CertPath certPath, -@@ -75,6 +81,22 @@ +@@ -75,6 +83,22 @@ { throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0); } @@ -8486,7 +8488,7 @@ diff -Naur bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/PKIXCertPathVal + + if (cert != null) { + BigInteger serial = cert.getSerialNumber(); -+ if (blacklist.isSerialNumberBlackListed(serial)) { ++ if (NoPreloadHolder.blacklist.isSerialNumberBlackListed(serial)) { + // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs + String message = "Certificate revocation of serial 0x" + serial.toString(16); + System.out.println(message); @@ -8499,12 +8501,12 @@ diff -Naur bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/PKIXCertPathVal // // (b) -@@ -251,6 +273,15 @@ +@@ -251,6 +275,15 @@ for (index = certs.size() - 1; index >= 0; index--) { + // BEGIN android-added -+ if (blacklist.isPublicKeyBlackListed(workingPublicKey)) { ++ if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) { + // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs + String message = "Certificate revocation of public key " + workingPublicKey; + System.out.println(message); |