diff options
author | Kenny Root <kroot@google.com> | 2014-05-05 10:28:58 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2014-10-17 09:49:51 -0700 |
commit | 7a21b9a68f2c90bdde986a98a55816d0cf3ea73e (patch) | |
tree | 31a80832254af38041c70c2081726367b8d9d2c4 /bcprov | |
parent | e46fd72598d3efe6d22c689da50ec30e433cbb19 (diff) | |
download | android_external_bouncycastle-7a21b9a68f2c90bdde986a98a55816d0cf3ea73e.tar.gz android_external_bouncycastle-7a21b9a68f2c90bdde986a98a55816d0cf3ea73e.tar.bz2 android_external_bouncycastle-7a21b9a68f2c90bdde986a98a55816d0cf3ea73e.zip |
Avoid things that cause CertBlacklist to be preinitialized
Move the CertBlacklist instance to a NoPreloadHolder, then move the
System.getenv call in CertBlacklist to a constructor so it's not called
during class initialization.
Bug: 18013422
Change-Id: I39d0f43f948dec243d2d7cb79726d0642638b77a
Diffstat (limited to 'bcprov')
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java | 16 | ||||
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java | 8 |
2 files changed, 13 insertions, 11 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java index 39ba0ff..c62966d 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java @@ -34,12 +34,6 @@ import org.bouncycastle.crypto.digests.AndroidDigestFactory; import org.bouncycastle.util.encoders.Hex; public class CertBlacklist { - - private static final String ANDROID_DATA = System.getenv("ANDROID_DATA"); - private static final String BLACKLIST_ROOT = ANDROID_DATA + "/misc/keychain/"; - public static final String DEFAULT_PUBKEY_BLACKLIST_PATH = BLACKLIST_ROOT + "pubkey_blacklist.txt"; - public static final String DEFAULT_SERIAL_BLACKLIST_PATH = BLACKLIST_ROOT + "serial_blacklist.txt"; - private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName()); // public for testing @@ -47,13 +41,19 @@ public class CertBlacklist { public final Set<byte[]> pubkeyBlacklist; public CertBlacklist() { - this(DEFAULT_PUBKEY_BLACKLIST_PATH, DEFAULT_SERIAL_BLACKLIST_PATH); + String androidData = System.getenv("ANDROID_DATA"); + String blacklistRoot = androidData + "/misc/keychain/"; + String defaultPubkeyBlacklistPath = blacklistRoot + "pubkey_blacklist.txt"; + String defaultSerialBlacklistPath = blacklistRoot + "serial_blacklist.txt"; + + pubkeyBlacklist = readPublicKeyBlackList(defaultPubkeyBlacklistPath); + serialBlacklist = readSerialBlackList(defaultSerialBlacklistPath); } /** Test only interface, not for public use */ public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) { - serialBlacklist = readSerialBlackList(serialBlacklistPath); pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath); + serialBlacklist = readSerialBlackList(serialBlacklistPath); } private static boolean isHex(String value) { diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java index 8ed42a1..19dc768 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java @@ -37,7 +37,9 @@ public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi { // BEGIN android-added - private final static CertBlacklist blacklist = new CertBlacklist(); + private static class NoPreloadHolder { + private final static CertBlacklist blacklist = new CertBlacklist(); + } // END android-added public CertPathValidatorResult engineValidate( @@ -87,7 +89,7 @@ public class PKIXCertPathValidatorSpi if (cert != null) { BigInteger serial = cert.getSerialNumber(); - if (blacklist.isSerialNumberBlackListed(serial)) { + if (NoPreloadHolder.blacklist.isSerialNumberBlackListed(serial)) { // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs String message = "Certificate revocation of serial 0x" + serial.toString(16); System.out.println(message); @@ -274,7 +276,7 @@ public class PKIXCertPathValidatorSpi for (index = certs.size() - 1; index >= 0; index--) { // BEGIN android-added - if (blacklist.isPublicKeyBlackListed(workingPublicKey)) { + if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) { // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs String message = "Certificate revocation of public key " + workingPublicKey; System.out.println(message); |