summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKenny Root <kroot@google.com>2015-06-15 12:09:51 -0700
committerKenny Root <kroot@google.com>2015-06-15 12:35:18 -0700
commit22de72d26e2a9a526e2c25c56049110a4e584349 (patch)
tree99b06f51cf5eeaeec9904514dfb885f6cb1d8198
parent9d835973b665a7bcf4601358b44fe2c4a3b833c2 (diff)
downloadlibcore-22de72d26e2a9a526e2c25c56049110a4e584349.zip
libcore-22de72d26e2a9a526e2c25c56049110a4e584349.tar.gz
libcore-22de72d26e2a9a526e2c25c56049110a4e584349.tar.bz2
Do not blacklist serial numbers that are too short
Baseline Requirements say the serial number must have 20-bits of entropy, but some certificates are issued not in compliance. This causes issues where they are falsely marked as blacklisted. Until there is issuer + serial number matching, we can just use the pubkey matching for the certificates that are blacklisted with non-compliant serial numbers. Bug: 21736046 Bug: 21816853 Change-Id: I44e6d490099fbe1da2f5afb5ef61196a4593e04f
-rw-r--r--luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java15
1 files changed, 0 insertions, 15 deletions
diff --git a/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java b/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java
index 8627225..48a175c 100644
--- a/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java
+++ b/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java
@@ -401,11 +401,6 @@ public class CertBlacklistTest extends TestCase {
assertEquals(bl, getCurrentSerialBlacklist());
}
- public void testTurkTrustIntermediate1SerialBlacklist() throws Exception {
- CertBlacklist bl = new CertBlacklist();
- assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(TURKTRUST_1)), true);
- }
-
public void testTurkTrustIntermediate1PubkeyBlacklist() throws Exception {
// build the public key
PublicKey pk = createPublicKey(TURKTRUST_1);
@@ -417,11 +412,6 @@ public class CertBlacklistTest extends TestCase {
assertEquals(bl.isPublicKeyBlackListed(pk), true);
}
- public void testTurkTrustIntermediate2SerialBlacklist() throws Exception {
- CertBlacklist bl = new CertBlacklist();
- assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(TURKTRUST_2)), true);
- }
-
public void testTurkTrustIntermediate2PubkeyBlacklist() throws Exception {
// build the public key
PublicKey pk = createPublicKey(TURKTRUST_2);
@@ -431,11 +421,6 @@ public class CertBlacklistTest extends TestCase {
assertEquals(bl.isPublicKeyBlackListed(pk), true);
}
- public void testANSSISerialBlacklist() throws Exception {
- CertBlacklist bl = new CertBlacklist();
- assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(ANSSI)), true);
- }
-
public void testANSSIIntermediatePubkeyBlacklist() throws Exception {
// build the public key
PublicKey pk = createPublicKey(ANSSI);