From 22de72d26e2a9a526e2c25c56049110a4e584349 Mon Sep 17 00:00:00 2001
From: Kenny Root <kroot@google.com>
Date: Mon, 15 Jun 2015 12:09:51 -0700
Subject: Do not blacklist serial numbers that are too short

Baseline Requirements say the serial number must have 20-bits of
entropy, but some certificates are issued not in compliance. This causes
issues where they are falsely marked as blacklisted. Until there is
issuer + serial number matching, we can just use the pubkey matching for
the certificates that are blacklisted with non-compliant serial numbers.

Bug: 21736046
Bug: 21816853
Change-Id: I44e6d490099fbe1da2f5afb5ef61196a4593e04f
---
 .../org/bouncycastle/jce/provider/CertBlacklistTest.java  | 15 ---------------
 1 file changed, 15 deletions(-)

(limited to 'luni')

diff --git a/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java b/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java
index 8627225..48a175c 100644
--- a/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java
+++ b/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java
@@ -401,11 +401,6 @@ public class CertBlacklistTest extends TestCase {
         assertEquals(bl, getCurrentSerialBlacklist());
     }
 
-    public void testTurkTrustIntermediate1SerialBlacklist() throws Exception {
-        CertBlacklist bl = new CertBlacklist();
-        assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(TURKTRUST_1)), true);
-    }
-
     public void testTurkTrustIntermediate1PubkeyBlacklist() throws Exception {
         // build the public key
         PublicKey pk = createPublicKey(TURKTRUST_1);
@@ -417,11 +412,6 @@ public class CertBlacklistTest extends TestCase {
         assertEquals(bl.isPublicKeyBlackListed(pk), true);
     }
 
-    public void testTurkTrustIntermediate2SerialBlacklist() throws Exception {
-        CertBlacklist bl = new CertBlacklist();
-        assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(TURKTRUST_2)), true);
-    }
-
     public void testTurkTrustIntermediate2PubkeyBlacklist() throws Exception {
         // build the public key
         PublicKey pk = createPublicKey(TURKTRUST_2);
@@ -431,11 +421,6 @@ public class CertBlacklistTest extends TestCase {
         assertEquals(bl.isPublicKeyBlackListed(pk), true);
     }
 
-    public void testANSSISerialBlacklist() throws Exception {
-        CertBlacklist bl = new CertBlacklist();
-        assertEquals(bl.isSerialNumberBlackListed(createSerialNumber(ANSSI)), true);
-    }
-
     public void testANSSIIntermediatePubkeyBlacklist() throws Exception {
         // build the public key
         PublicKey pk = createPublicKey(ANSSI);
-- 
cgit v1.1