CertBlacklist.java revision 6f40a55cc851f2fc004a91fca67d183347a92b97
1710632d07b13609444626367bebd34c0af3acb6aMikhail Glushenkov/* 26091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer * Copyright (C) 2012 The Android Open Source Project 36091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer * 46091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer * Licensed under the Apache License, Version 2.0 (the "License"); 57ed47a13356daed2a34cd2209a31f92552e3bdd8Chris Lattner * you may not use this file except in compliance with the License. 67ed47a13356daed2a34cd2209a31f92552e3bdd8Chris Lattner * You may obtain a copy of the License at 76091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer * 86091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer * http://www.apache.org/licenses/LICENSE-2.0 927107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling * 1027107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling * Unless required by applicable law or agreed to in writing, software 1127107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling * distributed under the License is distributed on an "AS IS" BASIS, 1227107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1327107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling * See the License for the specific language governing permissions and 146091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer * limitations under the License. 156091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer */ 16674be02d525d4e24bc6943ed9274958c580bcfbcJakub Staszak 17674be02d525d4e24bc6943ed9274958c580bcfbcJakub Staszakpackage org.bouncycastle.jce.provider; 186091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer 19d509d0b532ec2358b3f341d4a4cd1411cb8b5db2Chris Lattnerimport java.io.Closeable; 200319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendlingimport java.io.ByteArrayOutputStream; 213467e30edf63b6d8a8d446186674ba9e4b7885a9Bill Wendlingimport java.io.FileNotFoundException; 2222bd64173981bf1251c4b3bfc684207340534ba3Bill Wendlingimport java.io.IOException; 2322bd64173981bf1251c4b3bfc684207340534ba3Bill Wendlingimport java.io.RandomAccessFile; 2458d74910c6b82e622ecbb57d6644d48fec5a5c0fChris Lattnerimport java.math.BigInteger; 256091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencerimport java.security.PublicKey; 266091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencerimport java.util.Arrays; 27d426a642a23a234547cbc7061f5bfec157673249Bill Wendlingimport java.util.Collections; 28702cc91aa1bd41540e8674921ae7ac89a4ff061fBill Wendlingimport java.util.HashSet; 29f6670729aabc1fab85238d2b306a1c1767a807bbBill Wendlingimport java.util.Set; 30a90a99a82b9c5c39fc6dbee9c266dcd7b107fe2fBill Wendlingimport java.util.logging.Level; 312c79ecbd704c656178ffa43d5a58ebe3ca188b40Bill Wendlingimport java.util.logging.Logger; 32ad9a9e15595bc9d5ba1ed752caf8572957f77a3dDuncan Sandsimport org.bouncycastle.crypto.Digest; 33ad9a9e15595bc9d5ba1ed752caf8572957f77a3dDuncan Sandsimport org.bouncycastle.crypto.digests.AndroidDigestFactory; 341d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendlingimport org.bouncycastle.util.encoders.Hex; 3527107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling 3627107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendlingpublic class CertBlacklist { 371d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling 381d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling private static final String ANDROID_DATA = System.getenv("ANDROID_DATA"); 391d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling private static final String BLACKLIST_ROOT = ANDROID_DATA + "/misc/keychain/"; 40034b94b17006f51722886b0f2283fb6fb19aca1fBill Wendling public static final String DEFAULT_PUBKEY_BLACKLIST_PATH = BLACKLIST_ROOT + "pubkey_blacklist.txt"; 416765834754cbb3cb0f15b4b15e98c5e73fa50066Bill Wendling public static final String DEFAULT_SERIAL_BLACKLIST_PATH = BLACKLIST_ROOT + "serial_blacklist.txt"; 421d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling 431d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName()); 44f3d1500ab2c7364d3d0fb73a7e1b8c6339ab48b1Bill Wendling 451d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling // public for testing 4611d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling public final Set<BigInteger> serialBlacklist; 4711d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling public final Set<byte[]> pubkeyBlacklist; 48f3d1500ab2c7364d3d0fb73a7e1b8c6339ab48b1Bill Wendling 4911d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling public CertBlacklist() { 5011d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling this(DEFAULT_PUBKEY_BLACKLIST_PATH, DEFAULT_SERIAL_BLACKLIST_PATH); 5111d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling } 52f3d1500ab2c7364d3d0fb73a7e1b8c6339ab48b1Bill Wendling 5311d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling /** Test only interface, not for public use */ 5411d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) { 5511d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling serialBlacklist = readSerialBlackList(serialBlacklistPath); 5611d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath); 5711d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling } 5811d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling 59629fb82419d9bfff6ae475363bcce66192dfcc8eBill Wendling private static boolean isHex(String value) { 605a0eeb5a9d727940b1dbe8dff6e9aa292ada0f6aBill Wendling try { 61480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling new BigInteger(value, 16); 62480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling return true; 63480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling } catch (NumberFormatException e) { 646765834754cbb3cb0f15b4b15e98c5e73fa50066Bill Wendling logger.log(Level.WARNING, "Could not parse hex value " + value, e); 65f6670729aabc1fab85238d2b306a1c1767a807bbBill Wendling return false; 66480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling } 67480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling } 68480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling 69480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling private static boolean isPubkeyHash(String value) { 709a419f656e278b96e9dfe739cd63c7bff9a4e1fdQuentin Colombet if (value.length() != 40) { 71480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling logger.log(Level.WARNING, "Invalid pubkey hash length: " + value.length()); 72480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling return false; 73480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling } 74480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling return isHex(value); 7567ae13575900e8efd056672987249fd0adbf5e73James Molloy } 76480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling 77480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling private static String readBlacklist(String path) { 78480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling try { 793a106e60366a51b4594ec303ff8dbbc58913227fBill Wendling return readFileAsString(path); 80480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling } catch (FileNotFoundException ignored) { 81480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling } catch (IOException e) { 82480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling logger.log(Level.WARNING, "Could not read blacklist", e); 83480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling } 84480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling return ""; 85480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling } 86480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling 87480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling // From IoUtils.readFileAsString 88480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling private static String readFileAsString(String path) throws IOException { 896765834754cbb3cb0f15b4b15e98c5e73fa50066Bill Wendling return readFileAsBytes(path).toString("UTF-8"); 906765834754cbb3cb0f15b4b15e98c5e73fa50066Bill Wendling } 91f6670729aabc1fab85238d2b306a1c1767a807bbBill Wendling 92480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling // Based on IoUtils.readFileAsBytes 93480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling private static ByteArrayOutputStream readFileAsBytes(String path) throws IOException { 94114baee1fa017daefad2339c77b45b9ca3d79a41Bill Wendling RandomAccessFile f = null; 95480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling try { 96480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling f = new RandomAccessFile(path, "r"); 970319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling ByteArrayOutputStream bytes = new ByteArrayOutputStream((int) f.length()); 980319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling byte[] buffer = new byte[8192]; 993a4779a9211281a1d0c27c97037342329035a185NAKAMURA Takumi while (true) { 1003a4779a9211281a1d0c27c97037342329035a185NAKAMURA Takumi int byteCount = f.read(buffer); 1016f78fbbc630d2b86fb752574f5ad74473f57dfb1Chandler Carruth if (byteCount == -1) { 1026f78fbbc630d2b86fb752574f5ad74473f57dfb1Chandler Carruth return bytes; 1036765834754cbb3cb0f15b4b15e98c5e73fa50066Bill Wendling } 1046765834754cbb3cb0f15b4b15e98c5e73fa50066Bill Wendling bytes.write(buffer, 0, byteCount); 10527107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling } 10627107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling } finally { 107d426a642a23a234547cbc7061f5bfec157673249Bill Wendling closeQuietly(f); 10827107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling } 1092c79ecbd704c656178ffa43d5a58ebe3ca188b40Bill Wendling } 110c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling 11116f95669ec814d98ce28ad514df603c01d662ee8Bill Wendling // Base on IoUtils.closeQuietly 112034b94b17006f51722886b0f2283fb6fb19aca1fBill Wendling private static void closeQuietly(Closeable closeable) { 1132c79ecbd704c656178ffa43d5a58ebe3ca188b40Bill Wendling if (closeable != null) { 114c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling try { 115c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling closeable.close(); 116c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling } catch (RuntimeException rethrown) { 117c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling throw rethrown; 118c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling } catch (Exception ignored) { 1191d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling } 120629fb82419d9bfff6ae475363bcce66192dfcc8eBill Wendling } 1212e879bcd52583335c753c005d203bf2ffe8b67b5Bill Wendling } 1221d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling 12305cc40d20c0f3b2f1bd5cb86ceb9f32d07cae110Bill Wendling private static final Set<BigInteger> readSerialBlackList(String path) { 1242e879bcd52583335c753c005d203bf2ffe8b67b5Bill Wendling 1251d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling // start out with a base set of known bad values 126ef99fe8efaa6cb74c66e570a6ef467debca92911Bill Wendling Set<BigInteger> bl = new HashSet<BigInteger>(Arrays.asList( 127e66f3d3ba0ea9f82f65a29c47fc37e997cbf0aceBill Wendling // From http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate.cc?revision=78748&view=markup 128ef99fe8efaa6cb74c66e570a6ef467debca92911Bill Wendling // Not a real certificate. For testing only. 1291d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling new BigInteger("077a59bcd53459601ca6907267a6dd1c", 16), 130943c29135e03e55f9a5dab393786171a4a536482Bill Wendling new BigInteger("047ecbe9fca55f7bd09eae36e10cae1e", 16), 131e66f3d3ba0ea9f82f65a29c47fc37e997cbf0aceBill Wendling new BigInteger("d8f35f4eb7872b2dab0692e315382fb0", 16), 13230b483c94001927b3593ed200e823104bab51660Bill Wendling new BigInteger("b0b7133ed096f9b56fae91c874bd3ac0", 16), 13360507d53e7e8e6b0c537675f68204a93c3033de7Bill Wendling new BigInteger("9239d5348f40d1695a745470e1f23f43", 16), 13492e287f5bde8d34af9c3f2979afb6cd05bfb452cBill Wendling new BigInteger("e9028b9578e415dc1a710a2b88154447", 16), 13592e287f5bde8d34af9c3f2979afb6cd05bfb452cBill Wendling new BigInteger("d7558fdaf5f1105bb213282b707729a3", 16), 13692e287f5bde8d34af9c3f2979afb6cd05bfb452cBill Wendling new BigInteger("f5c86af36162f13a64f54f6dc9587c06", 16), 1372d5be6c313c0f9e23e56620fa8f8ae8d9b539bf0Bill Wendling new BigInteger("392a434f0e07df1f8aa305de34e0c229", 16), 1382d5be6c313c0f9e23e56620fa8f8ae8d9b539bf0Bill Wendling new BigInteger("3e75ced46b693021218830ae86a82a71", 16), 1392d5be6c313c0f9e23e56620fa8f8ae8d9b539bf0Bill Wendling new BigInteger("864", 16), 140c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling new BigInteger("827", 16), 1413467e30edf63b6d8a8d446186674ba9e4b7885a9Bill Wendling new BigInteger("31da7", 16) 1423467e30edf63b6d8a8d446186674ba9e4b7885a9Bill Wendling )); 143c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling 144c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling // attempt to augment it with values taken from gservices 145c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling String serialBlacklist = readBlacklist(path); 146c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling if (!serialBlacklist.equals("")) { 147bb08593980b16fbd9758da6ca4fa9c7964f2f926Bill Wendling for(String value : serialBlacklist.split(",")) { 148bb08593980b16fbd9758da6ca4fa9c7964f2f926Bill Wendling try { 149bb08593980b16fbd9758da6ca4fa9c7964f2f926Bill Wendling bl.add(new BigInteger(value, 16)); 1503467e30edf63b6d8a8d446186674ba9e4b7885a9Bill Wendling } catch (NumberFormatException e) { 1511db9b6957c2565a2322206bd5907530895f1c7acBill Wendling logger.log(Level.WARNING, "Tried to blacklist invalid serial number " + value, e); 152827cde1c8319e51463007078a7ce3660ebc93036Duncan Sands } 153827cde1c8319e51463007078a7ce3660ebc93036Duncan Sands } 154e66f3d3ba0ea9f82f65a29c47fc37e997cbf0aceBill Wendling } 15527107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling 1560319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling // whether that succeeds or fails, send it on its merry way 1570319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling return Collections.unmodifiableSet(bl); 1580319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling } 1590319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling 1606f78fbbc630d2b86fb752574f5ad74473f57dfb1Chandler Carruth private static final Set<byte[]> readPublicKeyBlackList(String path) { 1610319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling 1620319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling // start out with a base set of known bad values 1636f78fbbc630d2b86fb752574f5ad74473f57dfb1Chandler Carruth Set<byte[]> bl = new HashSet<byte[]>(Arrays.asList( 1640319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling // From http://src.chromium.org/viewvc/chrome/branches/782/src/net/base/x509_certificate.cc?r1=98750&r2=98749&pathrev=98750 1650319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling // C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl 1660319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling "410f36363258f30b347d12ce4863e433437806a8".getBytes(), 1670319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling // Subject: CN=DigiNotar Cyber CA 1680319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling // Issuer: CN=GTE CyberTrust Global Root 1690319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling "ba3e7bd38cd7e1e6b9cd4c219962e59d7a2f4e37".getBytes(), 1700319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling // Subject: CN=DigiNotar Services 1024 CA 1710319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling // Issuer: CN=Entrust.net 1720319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling "e23b8d105f87710a68d9248050ebefc627be4ca6".getBytes(), 1730319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2 1740319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling // Issuer: CN=Staat der Nederlanden Organisatie CA - G2 17599faa3b4ec6d03ac7808fe4ff3fbf3d04e375502Bill Wendling "7b2e16bc39bcd72b456e9f055d1de615b74945db".getBytes(), 17658d74910c6b82e622ecbb57d6644d48fec5a5c0fChris Lattner // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven 17758d74910c6b82e622ecbb57d6644d48fec5a5c0fChris Lattner // Issuer: CN=Staat der Nederlanden Overheid CA 178a90a99a82b9c5c39fc6dbee9c266dcd7b107fe2fBill Wendling "e8f91200c65cee16e039b9f883841661635f81c5".getBytes(), 17918e7211068c9d2c6204512f9c468ee179818a4b6Bill Wendling // From http://src.chromium.org/viewvc/chrome?view=rev&revision=108479 18008c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling // Subject: O=Digicert Sdn. Bhd. 18108c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling // Issuer: CN=GTE CyberTrust Global Root 18208c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling "0129bcd5b448ae8d2496d1c3e19723919088e152".getBytes(), 18308c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling // Subject: CN=e-islem.kktcmerkezbankasi.org/emailAddress=ileti@kktcmerkezbankasi.org 18408c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri 18508c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling "5f3ab33d55007054bc5e3e5553cd8d8465d77c61".getBytes(), 18608c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling // Subject: CN=*.EGO.GOV.TR 93 18708c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri 18808c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling "783333c9687df63377efceddd82efa9101913e8e".getBytes(), 18908c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling // Subject: Subject: C=FR, O=DG Tr\xC3\xA9sor, CN=AC DG Tr\xC3\xA9sor SSL 19008c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling // Issuer: C=FR, O=DGTPE, CN=AC DGTPE Signature Authentification 19108c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling "3ecf4bbbe46096d514bb539bb913d77aa4ef31bf".getBytes() 19208c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling )); 19308c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling 19408c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling // attempt to augment it with values taken from gservices 19508c11d302325b3715d77f4208d183c9b2a253b14Bill Wendling String pubkeyBlacklist = readBlacklist(path); 196710632d07b13609444626367bebd34c0af3acb6aMikhail Glushenkov if (!pubkeyBlacklist.equals("")) { 19718e7211068c9d2c6204512f9c468ee179818a4b6Bill Wendling for (String value : pubkeyBlacklist.split(",")) { 19827107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling value = value.trim(); 19927107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling if (isPubkeyHash(value)) { 20018e7211068c9d2c6204512f9c468ee179818a4b6Bill Wendling bl.add(value.getBytes()); 20199faa3b4ec6d03ac7808fe4ff3fbf3d04e375502Bill Wendling } else { 20207aae2e7d58fe23e370e0cbb9e1a3def99434c36Bill Wendling logger.log(Level.WARNING, "Tried to blacklist invalid pubkey " + value); 20307aae2e7d58fe23e370e0cbb9e1a3def99434c36Bill Wendling } 20407aae2e7d58fe23e370e0cbb9e1a3def99434c36Bill Wendling } 20507aae2e7d58fe23e370e0cbb9e1a3def99434c36Bill Wendling } 20607aae2e7d58fe23e370e0cbb9e1a3def99434c36Bill Wendling 20707aae2e7d58fe23e370e0cbb9e1a3def99434c36Bill Wendling return bl; 208a90a99a82b9c5c39fc6dbee9c266dcd7b107fe2fBill Wendling } 2097d38c109aab8654e63e9071c7d948661f6b58433Bill Wendling 210a90a99a82b9c5c39fc6dbee9c266dcd7b107fe2fBill Wendling public boolean isPublicKeyBlackListed(PublicKey publicKey) { 21118e7211068c9d2c6204512f9c468ee179818a4b6Bill Wendling byte[] encoded = publicKey.getEncoded(); 2120976e00fd1cbf4128daeb72efd8957d00383fda9Bill Wendling Digest digest = AndroidDigestFactory.getSHA1(); 213ec2589863b32da169240c4fa120ef1e3798615d4Bill Wendling digest.update(encoded, 0, encoded.length); 2140976e00fd1cbf4128daeb72efd8957d00383fda9Bill Wendling byte[] out = new byte[digest.getDigestSize()]; 21518e7211068c9d2c6204512f9c468ee179818a4b6Bill Wendling digest.doFinal(out, 0); 2160976e00fd1cbf4128daeb72efd8957d00383fda9Bill Wendling for (byte[] blacklisted : pubkeyBlacklist) { 21753ff78b2019e96e142986d19dd99f8dd563dc494NAKAMURA Takumi if (Arrays.equals(blacklisted, Hex.encode(out))) { 2180976e00fd1cbf4128daeb72efd8957d00383fda9Bill Wendling return true; 219defaca00b8087d452df2b783250a48a32658a910Bill Wendling } 220defaca00b8087d452df2b783250a48a32658a910Bill Wendling } 221defaca00b8087d452df2b783250a48a32658a910Bill Wendling return false; 22249f6060f16aec4024d644a6ec4ddd3de9b3e8821Bill Wendling } 223defaca00b8087d452df2b783250a48a32658a910Bill Wendling 2248246df61f6de716acf1f8c64fac3c19970a2c174Bill Wendling public boolean isSerialNumberBlackListed(BigInteger serial) { 2258246df61f6de716acf1f8c64fac3c19970a2c174Bill Wendling return serialBlacklist.contains(serial); 2268246df61f6de716acf1f8c64fac3c19970a2c174Bill Wendling } 2278246df61f6de716acf1f8c64fac3c19970a2c174Bill Wendling 2288246df61f6de716acf1f8c64fac3c19970a2c174Bill Wendling} 2297d38c109aab8654e63e9071c7d948661f6b58433Bill Wendling