diff options
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle')
| -rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java | 16 | ||||
| -rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java | 8 |
2 files changed, 13 insertions, 11 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java index 39ba0ff..c62966d 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java @@ -34,12 +34,6 @@ import org.bouncycastle.crypto.digests.AndroidDigestFactory; import org.bouncycastle.util.encoders.Hex; public class CertBlacklist { - - private static final String ANDROID_DATA = System.getenv("ANDROID_DATA"); - private static final String BLACKLIST_ROOT = ANDROID_DATA + "/misc/keychain/"; - public static final String DEFAULT_PUBKEY_BLACKLIST_PATH = BLACKLIST_ROOT + "pubkey_blacklist.txt"; - public static final String DEFAULT_SERIAL_BLACKLIST_PATH = BLACKLIST_ROOT + "serial_blacklist.txt"; - private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName()); // public for testing @@ -47,13 +41,19 @@ public class CertBlacklist { public final Set<byte[]> pubkeyBlacklist; public CertBlacklist() { - this(DEFAULT_PUBKEY_BLACKLIST_PATH, DEFAULT_SERIAL_BLACKLIST_PATH); + String androidData = System.getenv("ANDROID_DATA"); + String blacklistRoot = androidData + "/misc/keychain/"; + String defaultPubkeyBlacklistPath = blacklistRoot + "pubkey_blacklist.txt"; + String defaultSerialBlacklistPath = blacklistRoot + "serial_blacklist.txt"; + + pubkeyBlacklist = readPublicKeyBlackList(defaultPubkeyBlacklistPath); + serialBlacklist = readSerialBlackList(defaultSerialBlacklistPath); } /** Test only interface, not for public use */ public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) { - serialBlacklist = readSerialBlackList(serialBlacklistPath); pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath); + serialBlacklist = readSerialBlackList(serialBlacklistPath); } private static boolean isHex(String value) { diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java index 8ed42a1..19dc768 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java @@ -37,7 +37,9 @@ public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi { // BEGIN android-added - private final static CertBlacklist blacklist = new CertBlacklist(); + private static class NoPreloadHolder { + private final static CertBlacklist blacklist = new CertBlacklist(); + } // END android-added public CertPathValidatorResult engineValidate( @@ -87,7 +89,7 @@ public class PKIXCertPathValidatorSpi if (cert != null) { BigInteger serial = cert.getSerialNumber(); - if (blacklist.isSerialNumberBlackListed(serial)) { + if (NoPreloadHolder.blacklist.isSerialNumberBlackListed(serial)) { // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs String message = "Certificate revocation of serial 0x" + serial.toString(16); System.out.println(message); @@ -274,7 +276,7 @@ public class PKIXCertPathValidatorSpi for (index = certs.size() - 1; index >= 0; index--) { // BEGIN android-added - if (blacklist.isPublicKeyBlackListed(workingPublicKey)) { + if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) { // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs String message = "Certificate revocation of public key " + workingPublicKey; System.out.println(message); |