1 files changed, 17 insertions, 15 deletions

diff --git a/patches/bcprov.patch b/patches/bcprov.patch
index b824b2f..0ebf47e 100644
--- a/patches/bcprov.patch
+++ b/patches/bcprov.patch
@@ -7338,7 +7338,7 @@ diff -Naur bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/BouncyCastlePro
      private void loadAlgorithms(String packageName, String[] names)
 diff -Naur bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk15on-151/org/bouncycastle/jce/provider/CertBlacklist.java
 --- bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/CertBlacklist.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk15on-151/org/bouncycastle/jce/provider/CertBlacklist.java	2013-12-10 21:31:49.000000000 +0000
++++ bcprov-jdk15on-151/org/bouncycastle/jce/provider/CertBlacklist.java	2014-05-05 17:28:58.000000000 +0000
 @@ -0,0 +1,228 @@
 +/*
 + * Copyright (C) 2012 The Android Open Source Project
@@ -7376,12 +7376,6 @@ diff -Naur bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/CertBlacklist.j
 +import org.bouncycastle.util.encoders.Hex;
 +
 +public class CertBlacklist {
-+
-+    private static final String ANDROID_DATA = System.getenv("ANDROID_DATA");
-+    private static final String BLACKLIST_ROOT = ANDROID_DATA + "/misc/keychain/";
-+    public static final String DEFAULT_PUBKEY_BLACKLIST_PATH = BLACKLIST_ROOT + "pubkey_blacklist.txt";
-+    public static final String DEFAULT_SERIAL_BLACKLIST_PATH = BLACKLIST_ROOT + "serial_blacklist.txt";
-+
 +    private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName());
 +
 +    // public for testing
@@ -7389,13 +7383,19 @@ diff -Naur bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/CertBlacklist.j
 +    public final Set<byte[]> pubkeyBlacklist;
 +
 +    public CertBlacklist() {
-+        this(DEFAULT_PUBKEY_BLACKLIST_PATH, DEFAULT_SERIAL_BLACKLIST_PATH);
++        String androidData = System.getenv("ANDROID_DATA");
++        String blacklistRoot = androidData + "/misc/keychain/";
++        String defaultPubkeyBlacklistPath = blacklistRoot + "pubkey_blacklist.txt";
++        String defaultSerialBlacklistPath = blacklistRoot + "serial_blacklist.txt";
++
++        pubkeyBlacklist = readPublicKeyBlackList(defaultPubkeyBlacklistPath);
++        serialBlacklist = readSerialBlackList(defaultSerialBlacklistPath);
 +    }
 +
 +    /** Test only interface, not for public use */
 +    public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) {
-+        serialBlacklist = readSerialBlackList(serialBlacklistPath);
 +        pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath);
++        serialBlacklist = readSerialBlackList(serialBlacklistPath);
 +    }
 +
 +    private static boolean isHex(String value) {
@@ -8466,17 +8466,19 @@ diff -Naur bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/PKIXCertPathVal
  import java.security.InvalidAlgorithmParameterException;
  import java.security.PublicKey;
  import java.security.cert.CertPath;
-@@ -33,6 +36,9 @@
+@@ -33,6 +36,11 @@
  public class PKIXCertPathValidatorSpi
          extends CertPathValidatorSpi
  {
 +    // BEGIN android-added
-+    private final static CertBlacklist blacklist = new CertBlacklist();
++    private static class NoPreloadHolder {
++        private final static CertBlacklist blacklist = new CertBlacklist();
++    }
 +    // END android-added
  
      public CertPathValidatorResult engineValidate(
              CertPath certPath,
-@@ -75,6 +81,22 @@
+@@ -75,6 +83,22 @@
          {
              throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
          }
@@ -8486,7 +8488,7 @@ diff -Naur bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/PKIXCertPathVal
 +
 +            if (cert != null) {
 +                BigInteger serial = cert.getSerialNumber();
-+                if (blacklist.isSerialNumberBlackListed(serial)) {
++                if (NoPreloadHolder.blacklist.isSerialNumberBlackListed(serial)) {
 +                    // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
 +                    String message = "Certificate revocation of serial 0x" + serial.toString(16);
 +                    System.out.println(message);
@@ -8499,12 +8501,12 @@ diff -Naur bcprov-jdk15on-151.orig/org/bouncycastle/jce/provider/PKIXCertPathVal
  
          //
          // (b)
-@@ -251,6 +273,15 @@
+@@ -251,6 +275,15 @@
  
          for (index = certs.size() - 1; index >= 0; index--)
          {
 +            // BEGIN android-added
-+            if (blacklist.isPublicKeyBlackListed(workingPublicKey)) {
++            if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) {
 +                // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
 +                String message = "Certificate revocation of public key " + workingPublicKey;
 +                System.out.println(message);