Add Chrome-style certificate blacklist to CertPathValidator DO NOT MERGE
Based on Chrome's CLs to blacklist the malformed certificates from
Comodo's recent fraud incident.
http://src.chromium.org/viewvc/chrome?view=rev&revision=78478
http://src.chromium.org/viewvc/chrome?view=rev&revision=78748
http://src.chromium.org/viewvc/chrome?view=rev&revision=78869
Bug: 4165439
git cherry-pick -e 34c261b1a00029744cfb7de1a69dca4b3ffb51a1
Change-Id: Ib756d920b30c7b203dd1607bcad46b0eaced1551
diff --git a/patches/README b/patches/README
index c10802a..5923987 100644
--- a/patches/README
+++ b/patches/README
@@ -32,3 +32,6 @@
- Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get
- Make PKCS12 KeyStore tolerate setting with an empty certificate chain
- Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
+
+Other security changes:
+- blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
diff --git a/patches/android.patch b/patches/android.patch
index 5b4f746..db86b22 100644
--- a/patches/android.patch
+++ b/patches/android.patch
@@ -1,6 +1,6 @@
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Collection.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Collection.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java 2011-03-24 03:35:01.000000000 +0000
@@ -0,0 +1,298 @@
+package org.bouncycastle.asn1;
+
@@ -302,7 +302,7 @@
+}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1InputStream.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1InputStream.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java 2011-03-24 03:35:01.000000000 +0000
@@ -348,7 +348,9 @@
case BMP_STRING:
return new DERBMPString(bytes);
@@ -316,7 +316,7 @@
case GENERALIZED_TIME:
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Null.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java 2011-03-24 03:35:01.000000000 +0000
@@ -8,9 +8,11 @@
public abstract class ASN1Null
extends ASN1Object
@@ -332,7 +332,7 @@
{
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Sequence.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Sequence.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java 2011-03-24 03:35:01.000000000 +0000
@@ -2,12 +2,20 @@
import java.io.IOException;
@@ -496,7 +496,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Set.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Set.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java 2011-03-24 03:35:01.000000000 +0000
@@ -3,12 +3,20 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -845,7 +845,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERBoolean.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java 2011-03-24 03:35:01.000000000 +0000
@@ -5,7 +5,9 @@
public class DERBoolean
extends ASN1Object
@@ -918,7 +918,7 @@
{
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERInputStream.java bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERInputStream.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java 2011-03-24 03:35:01.000000000 +0000
@@ -144,7 +144,9 @@
return new DERConstructedSet(v);
}
@@ -943,7 +943,7 @@
{
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERNull.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java 2011-03-24 03:35:01.000000000 +0000
@@ -10,9 +10,13 @@
{
public static final DERNull INSTANCE = new DERNull();
@@ -962,7 +962,7 @@
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java 2011-03-24 03:35:01.000000000 +0000
@@ -111,7 +111,13 @@
}
}
@@ -995,7 +995,7 @@
public String getId()
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERPrintableString.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java 2011-03-24 03:35:01.000000000 +0000
@@ -9,7 +9,9 @@
extends ASN1Object
implements DERString
@@ -1031,7 +1031,7 @@
public String getString()
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/OrderedTable.java bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/OrderedTable.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java 2011-03-24 03:35:01.000000000 +0000
@@ -0,0 +1,281 @@
+package org.bouncycastle.asn1;
+
@@ -1316,7 +1316,7 @@
+}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2011-03-24 03:35:01.000000000 +0000
@@ -10,7 +10,10 @@
//
static final String pkcs_1 = "1.2.840.113549.1.1";
@@ -1343,7 +1343,7 @@
// md4 OBJECT IDENTIFIER ::=
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2011-03-24 03:35:01.000000000 +0000
@@ -19,7 +19,9 @@
private AlgorithmIdentifier maskGenAlgorithm;
private AlgorithmIdentifier pSourceAlgorithm;
@@ -1357,7 +1357,7 @@
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2011-03-24 03:35:01.000000000 +0000
@@ -20,7 +20,9 @@
private DERInteger saltLength;
private DERInteger trailerField;
@@ -1371,7 +1371,7 @@
public final static DERInteger DEFAULT_TRAILER_FIELD = new DERInteger(1);
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/util/ASN1Dump.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java 2011-03-24 03:35:01.000000000 +0000
@@ -90,7 +90,9 @@
{
Object o = e.nextElement();
@@ -1385,7 +1385,7 @@
buf.append("NULL");
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java 2011-03-24 03:35:01.000000000 +0000
@@ -45,7 +45,7 @@
ASN1TaggedObject obj,
boolean explicit)
@@ -1397,7 +1397,7 @@
/**
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/BasicConstraints.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java 2011-03-24 03:35:01.000000000 +0000
@@ -14,7 +14,9 @@
public class BasicConstraints
extends ASN1Encodable
@@ -1444,7 +1444,7 @@
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2011-03-24 03:35:01.000000000 +0000
@@ -96,11 +96,15 @@
}
if (onlyContainsUserCerts)
@@ -1483,7 +1483,7 @@
seq = new DERSequence(vec);
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Extensions.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java 2011-03-24 03:35:01.000000000 +0000
@@ -9,6 +9,9 @@
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -1672,7 +1672,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Name.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java 2011-03-24 03:35:01.000000000 +0000
@@ -247,8 +247,10 @@
*/
public static final Hashtable SymbolLookUp = DefaultLookUp;
@@ -2138,7 +2138,7 @@
{
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameElementList.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameElementList.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java 2011-03-24 03:35:01.000000000 +0000
@@ -0,0 +1,206 @@
+package org.bouncycastle.asn1.x509;
+
@@ -2348,7 +2348,7 @@
+}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2011-03-24 03:35:01.000000000 +0000
@@ -58,6 +58,17 @@
}
else
@@ -2376,7 +2376,7 @@
\ No newline at end of file
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/PBEParametersGenerator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java 2011-03-24 03:35:00.000000000 +0000
@@ -136,7 +136,8 @@
public static byte[] PKCS12PasswordToBytes(
char[] password)
@@ -2396,7 +2396,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2011-03-24 03:35:00.000000000 +0000
@@ -0,0 +1,122 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
@@ -2522,7 +2522,7 @@
+}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/engines/RC2Engine.java bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/engines/RC2Engine.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java 2011-03-24 03:35:00.000000000 +0000
@@ -313,4 +313,4 @@
out[outOff + 6] = (byte)x76;
out[outOff + 7] = (byte)(x76 >> 8);
@@ -2532,7 +2532,7 @@
\ No newline at end of file
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/macs/HMac.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java 2011-03-24 03:35:00.000000000 +0000
@@ -32,23 +32,23 @@
{
blockLengths = new Hashtable();
@@ -2574,7 +2574,7 @@
private static int getByteLength(
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java 2011-03-24 03:35:00.000000000 +0000
@@ -46,8 +46,10 @@
oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384);
oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512);
@@ -2590,7 +2590,7 @@
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2011-03-24 03:35:00.000000000 +0000
@@ -7,31 +7,39 @@
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObject;
@@ -2793,7 +2793,7 @@
throw new RuntimeException("algorithm identifier in key not recognised");
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java 2011-03-24 03:35:00.000000000 +0000
@@ -10,32 +10,40 @@
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -2985,7 +2985,7 @@
throw new RuntimeException("algorithm identifier in key not recognised");
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java 2011-03-24 03:35:01.000000000 +0000
@@ -78,8 +78,11 @@
static
@@ -3049,7 +3049,7 @@
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2011-03-24 03:35:01.000000000 +0000
@@ -53,7 +53,12 @@
private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jce.provider.symmetric.";
private static final String[] SYMMETRIC_CIPHERS =
@@ -4368,7 +4368,7 @@
{
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2011-03-24 03:35:01.000000000 +0000
@@ -24,6 +24,7 @@
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
@@ -4715,7 +4715,7 @@
CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java 2011-03-24 03:35:01.000000000 +0000
@@ -7,22 +7,31 @@
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESFastEngine;
@@ -5664,7 +5664,7 @@
*/
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2011-03-24 03:35:01.000000000 +0000
@@ -37,9 +37,11 @@
static
@@ -5682,7 +5682,7 @@
algorithms.put("DESEDE", i192);
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java 2011-03-24 03:35:01.000000000 +0000
@@ -12,7 +12,9 @@
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.MD5Digest;
@@ -5765,7 +5765,7 @@
|| (sha512.contains(digest1) && sha512.contains(digest2))
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2011-03-24 03:35:01.000000000 +0000
@@ -145,30 +145,32 @@
}
}
@@ -6397,7 +6397,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEMac.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java 2011-03-24 03:35:01.000000000 +0000
@@ -2,29 +2,43 @@
import org.bouncycastle.crypto.CipherParameters;
@@ -7150,7 +7150,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSACipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSACipher.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java 2011-03-24 03:35:01.000000000 +0000
@@ -534,48 +534,50 @@
}
}
@@ -7248,7 +7248,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2011-03-24 03:35:01.000000000 +0000
@@ -125,7 +125,9 @@
*/
public byte[] getEncoded()
@@ -7262,7 +7262,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2011-03-24 03:35:01.000000000 +0000
@@ -77,7 +77,9 @@
public byte[] getEncoded()
@@ -7276,7 +7276,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2011-03-24 03:35:01.000000000 +0000
@@ -90,7 +90,9 @@
public byte[] getEncoded()
@@ -7290,7 +7290,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2011-03-24 03:35:01.000000000 +0000
@@ -321,29 +321,31 @@
}
}
@@ -7467,7 +7467,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java 2011-03-24 03:35:01.000000000 +0000
@@ -5,17 +5,21 @@
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.StreamBlockCipher;
@@ -7911,7 +7911,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2011-03-24 03:35:01.000000000 +0000
@@ -2,19 +2,25 @@
import org.bouncycastle.crypto.generators.DHParametersGenerator;
@@ -8338,7 +8338,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2011-03-24 03:35:01.000000000 +0000
@@ -10,21 +10,27 @@
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
@@ -9838,7 +9838,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDSASigner.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDSASigner.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java 2011-03-24 03:35:01.000000000 +0000
@@ -22,13 +22,17 @@
import org.bouncycastle.crypto.DSA;
import org.bouncycastle.crypto.Digest;
@@ -9989,7 +9989,7 @@
extends JDKDSASigner
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java 2011-03-24 03:35:01.000000000 +0000
@@ -23,14 +23,20 @@
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.CipherParameters;
@@ -10190,7 +10190,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java 2011-03-24 03:35:01.000000000 +0000
@@ -36,17 +36,21 @@
import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -10568,7 +10568,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2011-03-24 03:35:01.000000000 +0000
@@ -6,9 +6,11 @@
import org.bouncycastle.crypto.generators.DHParametersGenerator;
import org.bouncycastle.crypto.generators.DSAKeyPairGenerator;
@@ -10912,7 +10912,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyStore.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java 2011-03-24 03:35:01.000000000 +0000
@@ -39,7 +39,12 @@
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Digest;
@@ -11015,7 +11015,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java 2011-03-24 03:35:01.000000000 +0000
@@ -57,36 +57,38 @@
{
super(new SHA1Digest());
@@ -11462,7 +11462,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2011-03-24 03:35:01.000000000 +0000
@@ -255,10 +255,13 @@
}
}
@@ -11632,7 +11632,7 @@
return null;
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PBE.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PBE.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java 2011-03-24 03:35:01.000000000 +0000
@@ -7,12 +7,18 @@
import org.bouncycastle.crypto.CipherParameters;
@@ -11707,7 +11707,7 @@
break;
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java 2011-03-24 03:35:01.000000000 +0000
@@ -1,6 +1,9 @@
package org.bouncycastle.jce.provider;
@@ -11850,7 +11850,7 @@
{
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPath.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPath.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java 2011-03-24 03:35:01.000000000 +0000
@@ -33,7 +33,9 @@
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -11915,7 +11915,7 @@
throw new CertificateEncodingException("unsupported encoding: " + encoding);
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java 2011-03-24 03:35:01.000000000 +0000
@@ -172,8 +172,9 @@
try
{
@@ -11930,8 +11930,17 @@
// chains
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2010-10-04 22:11:08.000000000 +0000
-@@ -13,6 +13,7 @@
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2011-03-24 03:35:01.000000000 +0000
+@@ -1,5 +1,8 @@
+ package org.bouncycastle.jce.provider;
+
++// BEGIN android-added
++import java.math.BigInteger;
++// END android-added
+ import java.security.InvalidAlgorithmParameterException;
+ import java.security.PublicKey;
+ import java.security.cert.CertPath;
+@@ -13,6 +16,7 @@
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -11939,7 +11948,54 @@
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
-@@ -90,10 +91,14 @@
+@@ -33,6 +37,23 @@
+ public class PKIXCertPathValidatorSpi
+ extends CertPathValidatorSpi
+ {
++ // BEGIN android-added
++ // From http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate.cc?revision=78748&view=markup
++ private static final Set<BigInteger> SERIAL_BLACKLIST = new HashSet<BigInteger>(Arrays.asList(
++ // Not a real certificate. For testing only.
++ new BigInteger(1, new byte[] {(byte)0x07,(byte)0x7a,(byte)0x59,(byte)0xbc,(byte)0xd5,(byte)0x34,(byte)0x59,(byte)0x60,(byte)0x1c,(byte)0xa6,(byte)0x90,(byte)0x72,(byte)0x67,(byte)0xa6,(byte)0xdd,(byte)0x1c}),
++
++ new BigInteger(1, new byte[] {(byte)0x04,(byte)0x7e,(byte)0xcb,(byte)0xe9,(byte)0xfc,(byte)0xa5,(byte)0x5f,(byte)0x7b,(byte)0xd0,(byte)0x9e,(byte)0xae,(byte)0x36,(byte)0xe1,(byte)0x0c,(byte)0xae,(byte)0x1e}),
++ new BigInteger(1, new byte[] {(byte)0xd8,(byte)0xf3,(byte)0x5f,(byte)0x4e,(byte)0xb7,(byte)0x87,(byte)0x2b,(byte)0x2d,(byte)0xab,(byte)0x06,(byte)0x92,(byte)0xe3,(byte)0x15,(byte)0x38,(byte)0x2f,(byte)0xb0}),
++ new BigInteger(1, new byte[] {(byte)0xb0,(byte)0xb7,(byte)0x13,(byte)0x3e,(byte)0xd0,(byte)0x96,(byte)0xf9,(byte)0xb5,(byte)0x6f,(byte)0xae,(byte)0x91,(byte)0xc8,(byte)0x74,(byte)0xbd,(byte)0x3a,(byte)0xc0}),
++ new BigInteger(1, new byte[] {(byte)0x92,(byte)0x39,(byte)0xd5,(byte)0x34,(byte)0x8f,(byte)0x40,(byte)0xd1,(byte)0x69,(byte)0x5a,(byte)0x74,(byte)0x54,(byte)0x70,(byte)0xe1,(byte)0xf2,(byte)0x3f,(byte)0x43}),
++ new BigInteger(1, new byte[] {(byte)0xe9,(byte)0x02,(byte)0x8b,(byte)0x95,(byte)0x78,(byte)0xe4,(byte)0x15,(byte)0xdc,(byte)0x1a,(byte)0x71,(byte)0x0a,(byte)0x2b,(byte)0x88,(byte)0x15,(byte)0x44,(byte)0x47}),
++ new BigInteger(1, new byte[] {(byte)0xd7,(byte)0x55,(byte)0x8f,(byte)0xda,(byte)0xf5,(byte)0xf1,(byte)0x10,(byte)0x5b,(byte)0xb2,(byte)0x13,(byte)0x28,(byte)0x2b,(byte)0x70,(byte)0x77,(byte)0x29,(byte)0xa3}),
++ new BigInteger(1, new byte[] {(byte)0xf5,(byte)0xc8,(byte)0x6a,(byte)0xf3,(byte)0x61,(byte)0x62,(byte)0xf1,(byte)0x3a,(byte)0x64,(byte)0xf5,(byte)0x4f,(byte)0x6d,(byte)0xc9,(byte)0x58,(byte)0x7c,(byte)0x06}),
++ new BigInteger(1, new byte[] {(byte)0x39,(byte)0x2a,(byte)0x43,(byte)0x4f,(byte)0x0e,(byte)0x07,(byte)0xdf,(byte)0x1f,(byte)0x8a,(byte)0xa3,(byte)0x05,(byte)0xde,(byte)0x34,(byte)0xe0,(byte)0xc2,(byte)0x29}),
++ new BigInteger(1, new byte[] {(byte)0x3e,(byte)0x75,(byte)0xce,(byte)0xd4,(byte)0x6b,(byte)0x69,(byte)0x30,(byte)0x21,(byte)0x21,(byte)0x88,(byte)0x30,(byte)0xae,(byte)0x86,(byte)0xa8,(byte)0x2a,(byte)0x71})
++ ));
++ // END android-added
+
+ public CertPathValidatorResult engineValidate(
+ CertPath certPath,
+@@ -75,6 +96,22 @@
+ {
+ throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
+ }
++ // BEGIN android-added
++ {
++ X509Certificate cert = (X509Certificate) certs.get(0);
++
++ if (cert != null) {
++ BigInteger serial = cert.getSerialNumber();
++ if (serial != null && SERIAL_BLACKLIST.contains(serial)) {
++ // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
++ String message = "Certificate revocation of serial 0x" + serial.toString(16);
++ System.out.println(message);
++ AnnotatedException e = new AnnotatedException(message);
++ throw new CertPathValidatorException(e.getMessage(), e, certPath, 0);
++ }
++ }
++ }
++ // END android-added
+
+ //
+ // (b)
+@@ -90,10 +127,14 @@
// (d)
//
TrustAnchor trust;
@@ -11956,7 +12012,7 @@
}
catch (AnnotatedException e)
{
-@@ -189,12 +194,25 @@
+@@ -189,12 +230,25 @@
X500Principal workingIssuerName;
X509Certificate sign = trust.getTrustedCert();
@@ -11982,7 +12038,7 @@
}
else
{
-@@ -271,8 +289,10 @@
+@@ -271,8 +325,10 @@
// 6.1.3
//
@@ -11994,7 +12050,7 @@
RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator);
-@@ -289,11 +309,18 @@
+@@ -289,11 +345,18 @@
if (i != n)
{
@@ -12013,7 +12069,7 @@
RFC3280CertPathUtilities.prepareNextCertA(certPath, index);
-@@ -317,7 +344,9 @@
+@@ -317,7 +380,9 @@
inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertJ(certPath, index, inhibitAnyPolicy);
// (k)
@@ -12026,7 +12082,7 @@
maxPathLength = RFC3280CertPathUtilities.prepareNextCertL(certPath, index, maxPathLength);
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2011-03-24 03:35:01.000000000 +0000
@@ -1533,7 +1533,9 @@
for (Enumeration e = permitted.getObjects(); e.hasMoreElements();)
{
@@ -12040,7 +12096,7 @@
subtreesMap.put(tagNo, new HashSet());
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/ProviderUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/ProviderUtil.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java 2011-03-24 03:35:01.000000000 +0000
@@ -1,9 +1,13 @@
package org.bouncycastle.jce.provider;
@@ -12189,7 +12245,7 @@
throws IOException
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java bcprov-jdk16-145/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java 2011-03-24 03:35:01.000000000 +0000
@@ -1471,7 +1471,11 @@
PublicKey workingPublicKey,
boolean verificationAlreadyPerformed,
@@ -12249,7 +12305,7 @@
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java 2011-03-24 03:35:01.000000000 +0000
@@ -12,8 +12,10 @@
import org.bouncycastle.crypto.Wrapper;
import org.bouncycastle.crypto.engines.DESedeEngine;
@@ -12414,7 +12470,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java 2011-03-24 03:35:01.000000000 +0000
@@ -518,12 +518,20 @@
return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo());
}
@@ -12448,7 +12504,7 @@
signature = Signature.getInstance(sigName, "BC");
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java 2011-03-24 03:35:01.000000000 +0000
@@ -25,7 +25,9 @@
class X509SignatureUtil
@@ -12541,7 +12597,7 @@
return digestAlgOID.getId();
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AES.java bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AES.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java 2011-03-24 03:35:01.000000000 +0000
@@ -5,7 +5,9 @@
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.AESFastEngine;
@@ -12778,7 +12834,7 @@
extends JDKAlgorithmParameters.IVAlgorithmParameters
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AESMappings.java bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AESMappings.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java 2011-03-24 03:35:01.000000000 +0000
@@ -26,55 +26,63 @@
put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
@@ -12884,7 +12940,7 @@
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java
--- bcprov-jdk16-145.orig/org/bouncycastle/x509/X509Util.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java 2011-03-24 03:35:01.000000000 +0000
@@ -43,8 +43,10 @@
static
@@ -12946,7 +13002,7 @@
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java
--- bcprov-jdk16-145.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2010-10-04 22:11:08.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2011-03-24 03:35:01.000000000 +0000
@@ -62,7 +62,9 @@
{
GeneralName genName = GeneralName.getInstance(it.nextElement());
diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
index 54b0d20..6fde8ae 100644
--- a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
+++ b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
@@ -1,5 +1,8 @@
package org.bouncycastle.jce.provider;
+// BEGIN android-added
+import java.math.BigInteger;
+// END android-added
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
@@ -34,6 +37,23 @@
public class PKIXCertPathValidatorSpi
extends CertPathValidatorSpi
{
+ // BEGIN android-added
+ // From http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate.cc?revision=78748&view=markup
+ private static final Set<BigInteger> SERIAL_BLACKLIST = new HashSet<BigInteger>(Arrays.asList(
+ // Not a real certificate. For testing only.
+ new BigInteger(1, new byte[] {(byte)0x07,(byte)0x7a,(byte)0x59,(byte)0xbc,(byte)0xd5,(byte)0x34,(byte)0x59,(byte)0x60,(byte)0x1c,(byte)0xa6,(byte)0x90,(byte)0x72,(byte)0x67,(byte)0xa6,(byte)0xdd,(byte)0x1c}),
+
+ new BigInteger(1, new byte[] {(byte)0x04,(byte)0x7e,(byte)0xcb,(byte)0xe9,(byte)0xfc,(byte)0xa5,(byte)0x5f,(byte)0x7b,(byte)0xd0,(byte)0x9e,(byte)0xae,(byte)0x36,(byte)0xe1,(byte)0x0c,(byte)0xae,(byte)0x1e}),
+ new BigInteger(1, new byte[] {(byte)0xd8,(byte)0xf3,(byte)0x5f,(byte)0x4e,(byte)0xb7,(byte)0x87,(byte)0x2b,(byte)0x2d,(byte)0xab,(byte)0x06,(byte)0x92,(byte)0xe3,(byte)0x15,(byte)0x38,(byte)0x2f,(byte)0xb0}),
+ new BigInteger(1, new byte[] {(byte)0xb0,(byte)0xb7,(byte)0x13,(byte)0x3e,(byte)0xd0,(byte)0x96,(byte)0xf9,(byte)0xb5,(byte)0x6f,(byte)0xae,(byte)0x91,(byte)0xc8,(byte)0x74,(byte)0xbd,(byte)0x3a,(byte)0xc0}),
+ new BigInteger(1, new byte[] {(byte)0x92,(byte)0x39,(byte)0xd5,(byte)0x34,(byte)0x8f,(byte)0x40,(byte)0xd1,(byte)0x69,(byte)0x5a,(byte)0x74,(byte)0x54,(byte)0x70,(byte)0xe1,(byte)0xf2,(byte)0x3f,(byte)0x43}),
+ new BigInteger(1, new byte[] {(byte)0xe9,(byte)0x02,(byte)0x8b,(byte)0x95,(byte)0x78,(byte)0xe4,(byte)0x15,(byte)0xdc,(byte)0x1a,(byte)0x71,(byte)0x0a,(byte)0x2b,(byte)0x88,(byte)0x15,(byte)0x44,(byte)0x47}),
+ new BigInteger(1, new byte[] {(byte)0xd7,(byte)0x55,(byte)0x8f,(byte)0xda,(byte)0xf5,(byte)0xf1,(byte)0x10,(byte)0x5b,(byte)0xb2,(byte)0x13,(byte)0x28,(byte)0x2b,(byte)0x70,(byte)0x77,(byte)0x29,(byte)0xa3}),
+ new BigInteger(1, new byte[] {(byte)0xf5,(byte)0xc8,(byte)0x6a,(byte)0xf3,(byte)0x61,(byte)0x62,(byte)0xf1,(byte)0x3a,(byte)0x64,(byte)0xf5,(byte)0x4f,(byte)0x6d,(byte)0xc9,(byte)0x58,(byte)0x7c,(byte)0x06}),
+ new BigInteger(1, new byte[] {(byte)0x39,(byte)0x2a,(byte)0x43,(byte)0x4f,(byte)0x0e,(byte)0x07,(byte)0xdf,(byte)0x1f,(byte)0x8a,(byte)0xa3,(byte)0x05,(byte)0xde,(byte)0x34,(byte)0xe0,(byte)0xc2,(byte)0x29}),
+ new BigInteger(1, new byte[] {(byte)0x3e,(byte)0x75,(byte)0xce,(byte)0xd4,(byte)0x6b,(byte)0x69,(byte)0x30,(byte)0x21,(byte)0x21,(byte)0x88,(byte)0x30,(byte)0xae,(byte)0x86,(byte)0xa8,(byte)0x2a,(byte)0x71})
+ ));
+ // END android-added
public CertPathValidatorResult engineValidate(
CertPath certPath,
@@ -76,6 +96,22 @@
{
throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
}
+ // BEGIN android-added
+ {
+ X509Certificate cert = (X509Certificate) certs.get(0);
+
+ if (cert != null) {
+ BigInteger serial = cert.getSerialNumber();
+ if (serial != null && SERIAL_BLACKLIST.contains(serial)) {
+ // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
+ String message = "Certificate revocation of serial 0x" + serial.toString(16);
+ System.out.println(message);
+ AnnotatedException e = new AnnotatedException(message);
+ throw new CertPathValidatorException(e.getMessage(), e, certPath, 0);
+ }
+ }
+ }
+ // END android-added
//
// (b)
