diff options
author | Kenny Root <kroot@google.com> | 2015-06-15 12:09:51 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2015-06-15 12:35:18 -0700 |
commit | 22de72d26e2a9a526e2c25c56049110a4e584349 (patch) | |
tree | 99b06f51cf5eeaeec9904514dfb885f6cb1d8198 | |
parent | 9d835973b665a7bcf4601358b44fe2c4a3b833c2 (diff) | |
download | libcore-22de72d26e2a9a526e2c25c56049110a4e584349.zip libcore-22de72d26e2a9a526e2c25c56049110a4e584349.tar.gz libcore-22de72d26e2a9a526e2c25c56049110a4e584349.tar.bz2 |
Do not blacklist serial numbers that are too short
Baseline Requirements say the serial number must have 20-bits of
entropy, but some certificates are issued not in compliance. This causes
issues where they are falsely marked as blacklisted. Until there is
issuer + serial number matching, we can just use the pubkey matching for
the certificates that are blacklisted with non-compliant serial numbers.
Bug: 21736046
Bug: 21816853
Change-Id: I44e6d490099fbe1da2f5afb5ef61196a4593e04f
-rw-r--r-- | luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java | 15 |
1 files changed, 0 insertions, 15 deletions
diff --git a/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java b/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java index 8627225..48a175c 100644 --- a/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java +++ b/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java @@ -401,11 +401,6 @@ public class CertBlacklistTest extends TestCase { assertEquals(bl, getCurrentSerialBlacklist()); } - public void testTurkTrustIntermediate1SerialBlacklist() throws Exception { - CertBlacklist bl = new CertBlacklist(); - assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(TURKTRUST_1)), true); - } - public void testTurkTrustIntermediate1PubkeyBlacklist() throws Exception { // build the public key PublicKey pk = createPublicKey(TURKTRUST_1); @@ -417,11 +412,6 @@ public class CertBlacklistTest extends TestCase { assertEquals(bl.isPublicKeyBlackListed(pk), true); } - public void testTurkTrustIntermediate2SerialBlacklist() throws Exception { - CertBlacklist bl = new CertBlacklist(); - assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(TURKTRUST_2)), true); - } - public void testTurkTrustIntermediate2PubkeyBlacklist() throws Exception { // build the public key PublicKey pk = createPublicKey(TURKTRUST_2); @@ -431,11 +421,6 @@ public class CertBlacklistTest extends TestCase { assertEquals(bl.isPublicKeyBlackListed(pk), true); } - public void testANSSISerialBlacklist() throws Exception { - CertBlacklist bl = new CertBlacklist(); - assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(ANSSI)), true); - } - public void testANSSIIntermediatePubkeyBlacklist() throws Exception { // build the public key PublicKey pk = createPublicKey(ANSSI); |