Added patch to the README and android.patches.

(cherry picked from commit 089355c44e80af84267f0ab3e5369416bfd2d4cf)
(cherry picked from commit ffa48740407cf1c2dc0e114da954130247f4149d)

Bug: http://code.google.com/p/android/issues/detail?id=35547
Change-Id: I461dd74259e79c6215e9092f670334403d36c367
diff --git a/patches/README b/patches/README
index d56a5d8..c0f5697 100644
--- a/patches/README
+++ b/patches/README
@@ -30,6 +30,7 @@
 - Make BouncyCastleProvider.PROVIDER_NAME final
 - Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
 - Added DSA support to JDKKeyManager.engineGetKeySpec
+- Fixed CertBlacklist to do a by-value comparison of public keys
 
 Other security changes:
 - Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
diff --git a/patches/android.patch b/patches/android.patch
index 20ed108..40a24f8 100644
--- a/patches/android.patch
+++ b/patches/android.patch
@@ -1,6 +1,6 @@
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1InputStream.java bcprov-jdk16-146/org/bouncycastle/asn1/ASN1InputStream.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1InputStream.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1InputStream.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1InputStream.java	2012-07-27 18:48:00.011478563 +0000
 @@ -363,7 +363,9 @@
              case BMP_STRING:
                  return new DERBMPString(bytes);
@@ -14,7 +14,7 @@
              case GENERALIZED_TIME:
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk16-146/org/bouncycastle/asn1/ASN1Null.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1Null.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1Null.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1Null.java	2012-07-27 18:47:59.981477999 +0000
 @@ -8,9 +8,11 @@
  public abstract class ASN1Null
      extends ASN1Object
@@ -30,7 +30,7 @@
      {
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk16-146/org/bouncycastle/asn1/DERBoolean.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERBoolean.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/DERBoolean.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERBoolean.java	2012-07-27 18:47:59.981477999 +0000
 @@ -5,7 +5,9 @@
  public class DERBoolean
      extends ASN1Object
@@ -104,7 +104,7 @@
      }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16-146/org/bouncycastle/asn1/DERNull.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERNull.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/DERNull.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERNull.java	2012-07-27 18:47:59.981477999 +0000
 @@ -10,9 +10,13 @@
  {
      public static final DERNull INSTANCE = new DERNull();
@@ -123,7 +123,7 @@
  
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk16-146/org/bouncycastle/asn1/DERObjectIdentifier.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERObjectIdentifier.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/DERObjectIdentifier.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERObjectIdentifier.java	2012-07-27 18:48:00.011478563 +0000
 @@ -110,7 +110,13 @@
              }
          }
@@ -156,7 +156,7 @@
      public String getId()
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk16-146/org/bouncycastle/asn1/DERPrintableString.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERPrintableString.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/DERPrintableString.java	2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERPrintableString.java	2012-07-27 18:48:00.011478563 +0000
 @@ -9,7 +9,9 @@
      extends ASN1Object
      implements DERString
@@ -192,7 +192,7 @@
      public String getString()
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk16-146/org/bouncycastle/asn1/cms/ContentInfo.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/cms/ContentInfo.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/cms/ContentInfo.java	2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/cms/ContentInfo.java	2012-07-27 18:48:00.011478563 +0000
 @@ -12,7 +12,9 @@
  
  public class ContentInfo
@@ -206,7 +206,7 @@
      private DEREncodable        content;
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java	2012-07-27 18:48:00.011478563 +0000
 @@ -37,10 +37,13 @@
      public static EncryptedPrivateKeyInfo getInstance(
          Object  obj)
@@ -224,7 +224,7 @@
              return new EncryptedPrivateKeyInfo((ASN1Sequence)obj);
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2012-07-27 18:47:59.981477999 +0000
 @@ -10,8 +10,10 @@
      //
      static final ASN1ObjectIdentifier    pkcs_1                    = new ASN1ObjectIdentifier("1.2.840.113549.1.1");
@@ -282,7 +282,7 @@
      static final ASN1ObjectIdentifier    id_hmacWithSHA512       = digestAlgorithm.branch("11");
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java	2012-07-27 18:47:59.981477999 +0000
 @@ -19,7 +19,9 @@
      private AlgorithmIdentifier maskGenAlgorithm;
      private AlgorithmIdentifier pSourceAlgorithm;
@@ -296,7 +296,7 @@
      
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java	2012-07-27 18:47:59.981477999 +0000
 @@ -20,7 +20,9 @@
      private DERInteger          saltLength;
      private DERInteger          trailerField;
@@ -310,7 +310,7 @@
      public final static DERInteger          DEFAULT_TRAILER_FIELD = new DERInteger(1);
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk16-146/org/bouncycastle/asn1/util/ASN1Dump.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/util/ASN1Dump.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/util/ASN1Dump.java	2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/util/ASN1Dump.java	2012-07-27 18:48:00.011478563 +0000
 @@ -79,7 +79,9 @@
              {
                  Object  o = e.nextElement();
@@ -324,7 +324,7 @@
                      buf.append("NULL");
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/AttCertIssuer.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/AttCertIssuer.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/AttCertIssuer.java	2012-07-27 18:48:00.011478563 +0000
 @@ -45,7 +45,7 @@
          ASN1TaggedObject obj,
          boolean          explicit)
@@ -336,7 +336,7 @@
      /**
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/BasicConstraints.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/BasicConstraints.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/BasicConstraints.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/BasicConstraints.java	2012-07-27 18:48:00.011478563 +0000
 @@ -14,7 +14,9 @@
  public class BasicConstraints
      extends ASN1Encodable
@@ -383,7 +383,7 @@
  
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java	2012-07-27 18:48:00.011478563 +0000
 @@ -96,11 +96,15 @@
          }
          if (onlyContainsUserCerts)
@@ -422,7 +422,7 @@
          seq = new DERSequence(vec);
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Extensions.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Extensions.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Extensions.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Extensions.java	2012-07-27 18:48:00.011478563 +0000
 @@ -400,7 +400,9 @@
  
              if (ext.isCritical())
@@ -436,7 +436,7 @@
              v.add(ext.getValue());
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Name.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Name.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Name.java	2012-07-27 18:48:00.011478563 +0000
 @@ -249,8 +249,10 @@
       */
      public static final Hashtable SymbolLookUp = DefaultLookUp;
@@ -474,7 +474,7 @@
              String              name = token.substring(0, index);
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509NameTokenizer.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2012-07-27 18:48:00.011478563 +0000
 @@ -58,6 +58,17 @@
                  }
                  else
@@ -502,7 +502,7 @@
 \ No newline at end of file
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk16-146/org/bouncycastle/crypto/PBEParametersGenerator.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/crypto/PBEParametersGenerator.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/PBEParametersGenerator.java	2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/PBEParametersGenerator.java	2012-07-27 18:48:00.021478751 +0000
 @@ -136,7 +136,8 @@
      public static byte[] PKCS12PasswordToBytes(
          char[]  password)
@@ -522,7 +522,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk16-146/org/bouncycastle/crypto/digests/OpenSSLDigest.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/digests/OpenSSLDigest.java	2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/digests/OpenSSLDigest.java	2012-07-27 18:48:00.021478751 +0000
 @@ -0,0 +1,159 @@
 +/*
 + * Copyright (C) 2008 The Android Open Source Project
@@ -685,7 +685,7 @@
 +}
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/engines/RC2Engine.java bcprov-jdk16-146/org/bouncycastle/crypto/engines/RC2Engine.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/crypto/engines/RC2Engine.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/engines/RC2Engine.java	2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/engines/RC2Engine.java	2012-07-27 18:48:00.011478563 +0000
 @@ -313,4 +313,4 @@
          out[outOff + 6] = (byte)x76;
          out[outOff + 7] = (byte)(x76 >> 8);
@@ -695,7 +695,7 @@
 \ No newline at end of file
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk16-146/org/bouncycastle/crypto/generators/DHParametersHelper.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/generators/DHParametersHelper.java	2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/generators/DHParametersHelper.java	2012-07-27 18:48:00.021478751 +0000
 @@ -3,10 +3,17 @@
  import java.math.BigInteger;
  import java.security.SecureRandom;
@@ -748,7 +748,7 @@
      }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk16-146/org/bouncycastle/crypto/macs/HMac.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/crypto/macs/HMac.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/macs/HMac.java	2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/macs/HMac.java	2012-07-27 18:48:00.021478751 +0000
 @@ -32,23 +32,23 @@
      {
          blockLengths = new Hashtable();
@@ -790,7 +790,7 @@
      private static int getByteLength(
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk16-146/org/bouncycastle/crypto/signers/RSADigestSigner.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/signers/RSADigestSigner.java	2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/signers/RSADigestSigner.java	2012-07-27 18:48:00.021478751 +0000
 @@ -46,8 +46,10 @@
          oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384);
          oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512);
@@ -806,7 +806,7 @@
  
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk16-146/org/bouncycastle/crypto/util/PrivateKeyFactory.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2012-07-27 18:48:00.031478939 +0000
 @@ -12,7 +12,9 @@
  import org.bouncycastle.asn1.DERObject;
  import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -888,7 +888,7 @@
  
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk16-146/org/bouncycastle/crypto/util/PublicKeyFactory.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PublicKeyFactory.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PublicKeyFactory.java	2012-07-27 18:48:00.031478939 +0000
 @@ -15,12 +15,16 @@
  import org.bouncycastle.asn1.DERObjectIdentifier;
  import org.bouncycastle.asn1.DEROctetString;
@@ -967,7 +967,7 @@
  
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcprov-jdk16-146/org/bouncycastle/jce/ECNamedCurveTable.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/ECNamedCurveTable.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/ECNamedCurveTable.java	2012-07-27 18:48:00.031478939 +0000
 @@ -3,7 +3,9 @@
  import org.bouncycastle.asn1.DERObjectIdentifier;
  import org.bouncycastle.asn1.nist.NISTNamedCurves;
@@ -1031,7 +1031,7 @@
      }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk16-146/org/bouncycastle/jce/PKCS10CertificationRequest.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/PKCS10CertificationRequest.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/PKCS10CertificationRequest.java	2012-07-27 18:48:00.041479127 +0000
 @@ -80,15 +80,20 @@
  
      static
@@ -1281,7 +1281,7 @@
              return digestAlgOID.getId();            
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk16-146/org/bouncycastle/jce/provider/BouncyCastleProvider.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2012-07-27 18:48:00.031478939 +0000
 @@ -45,7 +45,10 @@
  {
      private static String info = "BouncyCastle Security Provider v1.46";
@@ -2445,8 +2445,8 @@
      {
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk16-146/org/bouncycastle/jce/provider/CertBlacklist.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertBlacklist.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/CertBlacklist.java	2012-05-11 05:31:26.630725775 +0000
-@@ -0,0 +1,171 @@
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/CertBlacklist.java	2012-07-27 18:48:00.031478939 +0000
+@@ -0,0 +1,177 @@
 +/*
 + * Copyright (C) 2012 The Android Open Source Project
 + *
@@ -2593,8 +2593,9 @@
 +        String pubkeyBlacklist = readBlacklist(path);
 +        if (!pubkeyBlacklist.equals("")) {
 +            for (String value : pubkeyBlacklist.split(",")) {
++                value = value.trim();
 +                if (isPubkeyHash(value)) {
-+                    bl.add(Hex.decode(value));
++                    bl.add(value.getBytes());
 +                } else {
 +                    System.logW("Tried to blacklist invalid pubkey " + value);
 +                }
@@ -2610,7 +2611,12 @@
 +        digest.update(encoded, 0, encoded.length);
 +        byte[] out = new byte[digest.getDigestSize()];
 +        digest.doFinal(out, 0);
-+        return pubkeyBlacklist.contains(out);
++        for (byte[] blacklisted : pubkeyBlacklist) {
++            if (Arrays.equals(blacklisted, Hex.encode(out))) {
++                return true;
++            }
++        }
++        return false;
 +    }
 +
 +    public boolean isSerialNumberBlackListed(BigInteger serial) {
@@ -2620,7 +2626,7 @@
 +}
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk16-146/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2012-07-27 18:48:00.031478939 +0000
 @@ -24,6 +24,7 @@
  import java.security.spec.DSAPublicKeySpec;
  import java.text.ParseException;
@@ -2802,7 +2808,7 @@
          CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEBlockCipher.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEBlockCipher.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEBlockCipher.java	2012-07-27 18:48:00.031478939 +0000
 @@ -17,8 +17,10 @@
  import javax.crypto.ShortBufferException;
  import javax.crypto.spec.IvParameterSpec;
@@ -3267,7 +3273,7 @@
       */
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java	2012-07-27 18:48:00.031478939 +0000
 @@ -36,10 +36,12 @@
  
      static
@@ -3287,7 +3293,7 @@
          algorithms.put("DESEDE", i192);
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDigestUtil.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDigestUtil.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDigestUtil.java	2012-07-27 18:48:00.031478939 +0000
 @@ -12,7 +12,9 @@
  import org.bouncycastle.crypto.Digest;
  import org.bouncycastle.crypto.digests.MD5Digest;
@@ -3370,7 +3376,7 @@
              || (sha512.contains(digest1) && sha512.contains(digest2))
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPrivateKey.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPrivateKey.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPrivateKey.java	2012-07-27 18:48:00.031478939 +0000
 @@ -20,7 +20,9 @@
  import org.bouncycastle.asn1.DERObject;
  import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -3442,7 +3448,7 @@
              info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), keyStructure.getDERObject());
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPublicKey.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPublicKey.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPublicKey.java	2012-07-27 18:48:00.031478939 +0000
 @@ -20,8 +20,10 @@
  import org.bouncycastle.asn1.DERObjectIdentifier;
  import org.bouncycastle.asn1.DEROctetString;
@@ -3690,7 +3696,7 @@
              {
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEKeyGenerator.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEKeyGenerator.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEKeyGenerator.java	2012-07-27 18:48:00.031478939 +0000
 @@ -57,6 +57,11 @@
      {
          try
@@ -3926,7 +3932,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEMac.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEMac.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEMac.java	2012-07-27 18:48:00.031478939 +0000
 @@ -11,25 +11,39 @@
  
  import org.bouncycastle.crypto.CipherParameters;
@@ -4456,7 +4462,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSACipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSACipher.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSACipher.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSACipher.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSACipher.java	2012-07-27 18:48:00.031478939 +0000
 @@ -535,48 +535,50 @@
          }
      }
@@ -4554,7 +4560,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java	2012-07-27 18:48:00.031478939 +0000
 @@ -125,7 +125,9 @@
       */
      public byte[] getEncoded()
@@ -4568,7 +4574,7 @@
      }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateKey.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateKey.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateKey.java	2012-07-27 18:48:00.031478939 +0000
 @@ -77,7 +77,9 @@
  
      public byte[] getEncoded()
@@ -4582,7 +4588,7 @@
      }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPublicKey.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPublicKey.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPublicKey.java	2012-07-27 18:48:00.031478939 +0000
 @@ -90,7 +90,9 @@
  
      public byte[] getEncoded()
@@ -4596,7 +4602,7 @@
      }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCESecretKeyFactory.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCESecretKeyFactory.java	2012-07-27 18:48:00.031478939 +0000
 @@ -250,29 +250,31 @@
          }
      }
@@ -4773,7 +4779,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEStreamCipher.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEStreamCipher.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEStreamCipher.java	2012-07-27 18:48:00.041479127 +0000
 @@ -13,20 +13,26 @@
  import javax.crypto.ShortBufferException;
  import javax.crypto.spec.IvParameterSpec;
@@ -5079,7 +5085,7 @@
       */
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java	2012-07-27 18:48:00.031478939 +0000
 @@ -11,18 +11,24 @@
  import javax.crypto.spec.DHGenParameterSpec;
  import javax.crypto.spec.DHParameterSpec;
@@ -5505,7 +5511,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java	2012-07-27 18:48:00.031478939 +0000
 @@ -10,21 +10,27 @@
  import org.bouncycastle.asn1.DERObjectIdentifier;
  import org.bouncycastle.asn1.DEROctetString;
@@ -7005,7 +7011,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDSASigner.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDSASigner.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDSASigner.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDSASigner.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDSASigner.java	2012-07-27 18:48:00.031478939 +0000
 @@ -23,13 +23,17 @@
  import org.bouncycastle.crypto.Digest;
  import org.bouncycastle.crypto.digests.NullDigest;
@@ -7156,7 +7162,7 @@
          extends JDKDSASigner
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDigestSignature.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDigestSignature.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDigestSignature.java	2012-07-27 18:48:00.031478939 +0000
 @@ -23,15 +23,21 @@
  import org.bouncycastle.crypto.AsymmetricBlockCipher;
  import org.bouncycastle.crypto.CipherParameters;
@@ -7332,7 +7338,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyFactory.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyFactory.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyFactory.java	2012-07-27 18:48:00.031478939 +0000
 @@ -36,17 +36,21 @@
  import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
  import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -7718,7 +7724,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java	2012-07-27 18:48:00.031478939 +0000
 @@ -6,9 +6,11 @@
  import org.bouncycastle.crypto.generators.DHParametersGenerator;
  import org.bouncycastle.crypto.generators.DSAKeyPairGenerator;
@@ -8062,7 +8068,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyStore.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyStore.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyStore.java	2012-07-27 18:48:00.031478939 +0000
 @@ -39,7 +39,12 @@
  import org.bouncycastle.crypto.CipherParameters;
  import org.bouncycastle.crypto.Digest;
@@ -8165,7 +8171,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKMessageDigest.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKMessageDigest.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKMessageDigest.java	2012-07-27 18:48:00.031478939 +0000
 @@ -57,36 +57,38 @@
          {
              super(new SHA1Digest());
@@ -8612,7 +8618,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java	2012-07-27 18:48:00.031478939 +0000
 @@ -260,10 +260,13 @@
              }
          }
@@ -8782,7 +8788,7 @@
                  return null;
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PBE.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PBE.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PBE.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PBE.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PBE.java	2012-07-27 18:48:00.031478939 +0000
 @@ -7,12 +7,18 @@
  
  import org.bouncycastle.crypto.CipherParameters;
@@ -8857,7 +8863,7 @@
                      break;
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPath.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPath.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPath.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPath.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPath.java	2012-07-27 18:48:00.041479127 +0000
 @@ -33,7 +33,9 @@
  import org.bouncycastle.asn1.pkcs.ContentInfo;
  import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -8922,7 +8928,7 @@
              throw new CertificateEncodingException("unsupported encoding: " + encoding);
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2012-07-27 18:48:00.031478939 +0000
 @@ -1,5 +1,8 @@
  package org.bouncycastle.jce.provider;
  
@@ -8991,7 +8997,7 @@
              //
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java	2012-07-27 18:48:00.031478939 +0000
 @@ -1533,7 +1533,9 @@
          for (Enumeration e = permitted.getObjects(); e.hasMoreElements();)
          {
@@ -9005,7 +9011,7 @@
                  subtreesMap.put(tagNo, new HashSet());
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java bcprov-jdk16-146/org/bouncycastle/jce/provider/WrapCipherSpi.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/WrapCipherSpi.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/WrapCipherSpi.java	2012-07-27 18:48:00.031478939 +0000
 @@ -22,8 +22,10 @@
  import javax.crypto.ShortBufferException;
  import javax.crypto.spec.IvParameterSpec;
@@ -9137,7 +9143,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk16-146/org/bouncycastle/jce/provider/X509CertificateObject.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509CertificateObject.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509CertificateObject.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509CertificateObject.java	2012-07-27 18:48:00.031478939 +0000
 @@ -520,12 +520,20 @@
          return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo());
      }
@@ -9171,7 +9177,7 @@
              signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME);
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/X509SignatureUtil.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509SignatureUtil.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509SignatureUtil.java	2012-07-27 18:48:00.031478939 +0000
 @@ -25,7 +25,9 @@
  
  class X509SignatureUtil
@@ -9264,7 +9270,7 @@
              return digestAlgOID.getId();            
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/EC.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/EC.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/EC.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/EC.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/EC.java	2012-07-27 18:48:00.031478939 +0000
 @@ -4,8 +4,10 @@
  
  import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -9396,7 +9402,7 @@
          private void addSignatureAlgorithm(
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java	2012-07-27 18:48:00.031478939 +0000
 @@ -1,10 +1,14 @@
  package org.bouncycastle.jce.provider.asymmetric.ec;
  
@@ -9483,7 +9489,7 @@
          return name;
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java	2012-07-27 18:48:00.031478939 +0000
 @@ -24,20 +24,26 @@
  import org.bouncycastle.crypto.CipherParameters;
  import org.bouncycastle.crypto.DerivationFunction;
@@ -9811,7 +9817,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java	2012-07-27 18:48:00.031478939 +0000
 @@ -10,10 +10,14 @@
  import java.util.Hashtable;
  
@@ -10010,7 +10016,7 @@
 +}
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java	2012-07-27 18:48:00.031478939 +0000
 @@ -18,15 +18,21 @@
  import org.bouncycastle.crypto.DSA;
  import org.bouncycastle.crypto.Digest;
@@ -10239,7 +10245,7 @@
 +}
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/AES.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/AES.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/AES.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/AES.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/AES.java	2012-07-27 18:48:00.031478939 +0000
 @@ -13,8 +13,10 @@
  import org.bouncycastle.crypto.CipherKeyGenerator;
  import org.bouncycastle.crypto.engines.AESFastEngine;
@@ -10604,7 +10610,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/ARC4.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/ARC4.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/ARC4.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/ARC4.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/ARC4.java	2012-07-27 18:48:00.031478939 +0000
 @@ -27,7 +27,9 @@
      {
          public KeyGen()
@@ -10618,7 +10624,7 @@
  
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/Blowfish.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/Blowfish.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/Blowfish.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/Blowfish.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/Blowfish.java	2012-07-27 18:48:00.031478939 +0000
 @@ -57,7 +57,9 @@
          public Mappings()
          {
@@ -10632,7 +10638,7 @@
              put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$AlgParams");
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/DESede.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/DESede.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/DESede.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/DESede.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/DESede.java	2012-07-27 18:48:00.031478939 +0000
 @@ -14,11 +14,15 @@
  import org.bouncycastle.crypto.KeyGenerationParameters;
  import org.bouncycastle.crypto.engines.DESedeEngine;
@@ -10798,7 +10804,7 @@
  }
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/openssl/PEMUtilities.java bcprov-jdk16-146/org/bouncycastle/openssl/PEMUtilities.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/openssl/PEMUtilities.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/openssl/PEMUtilities.java	2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/openssl/PEMUtilities.java	2012-07-27 18:48:00.031478939 +0000
 @@ -45,10 +45,12 @@
          PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes192_CBC);
          PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes256_CBC);
@@ -10818,7 +10824,7 @@
      static int getKeySize(String algorithm)
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk16-146/org/bouncycastle/x509/X509Util.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/x509/X509Util.java	2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/x509/X509Util.java	2012-07-27 18:48:00.011478563 +0000
 @@ -44,14 +44,18 @@
      
      static
@@ -10980,7 +10986,7 @@
      
 diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk16-146/org/bouncycastle/x509/extension/X509ExtensionUtil.java
 --- bcprov-jdk16-146.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java	2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/x509/extension/X509ExtensionUtil.java	2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/x509/extension/X509ExtensionUtil.java	2012-07-27 18:48:00.011478563 +0000
 @@ -62,7 +62,9 @@
              {
                  GeneralName genName = GeneralName.getInstance(it.nextElement());
@@ -10992,3 +10998,34 @@
                  switch (genName.getTagNo())
                  {
                  case GeneralName.ediPartyName:
+diff -Naur bcprov-jdk16-146.orig/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java.rej bcprov-jdk16-146/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java.rej
+--- bcprov-jdk16-146.orig/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java.rej	1970-01-01 00:00:00.000000000 +0000
++++ bcprov-jdk16-146/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java.rej	2012-07-27 18:47:59.931477059 +0000
+@@ -0,0 +1,27 @@
++--- src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
+++++ src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
++@@ -144,8 +144,9 @@
++         String pubkeyBlacklist = readBlacklist(path);
++         if (!pubkeyBlacklist.equals("")) {
++             for (String value : pubkeyBlacklist.split(",")) {
+++                value = value.trim();
++                 if (isPubkeyHash(value)) {
++-                    bl.add(Hex.decode(value));
+++                    bl.add(value.getBytes());
++                 } else {
++                     System.logW("Tried to blacklist invalid pubkey " + value);
++                 }
++@@ -161,7 +162,12 @@
++         digest.update(encoded, 0, encoded.length);
++         byte[] out = new byte[digest.getDigestSize()];
++         digest.doFinal(out, 0);
++-        return pubkeyBlacklist.contains(out);
+++        for (byte[] blacklisted : pubkeyBlacklist) {
+++            if (Arrays.equals(blacklisted, Hex.encode(out))) {
+++                return true;
+++            }
+++        }
+++        return false;
++     }
++ 
++     public boolean isSerialNumberBlackListed(BigInteger serial) {