diff options
author | Pete Bentley <prb@google.com> | 2020-07-30 16:56:17 +0100 |
---|---|---|
committer | Pete Bentley <prb@google.com> | 2020-07-31 12:50:48 +0100 |
commit | 51de3672f407d9e541b144f3b26f527f4ec58729 (patch) | |
tree | c5c276be8646434ff528f5add873ba46c3cc0556 /bcprov/src/main/java/org/bouncycastle/jce | |
parent | 87a728d55bf3fe635c66ee5b391f97b9930a75f9 (diff) | |
download | bouncycastle-51de3672f407d9e541b144f3b26f527f4ec58729.tar.gz |
Update language to comply with Android's inclusive language guidance
See https://source.android.com/setup/contribute/respectful-code for reference
Bug: 161896447
Test: atest CtsLibcoreTestCases:tests.com.android.org.bouncycastle.jce.provider.CertBlocklistTest
Change-Id: I22ba5a18182267d914cb4205128175518b7750cc
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jce')
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlocklist.java | 61 | ||||
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java | 18 |
2 files changed, 40 insertions, 39 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlocklist.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlocklist.java index 1094b3bc..48e5ba07 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlocklist.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertBlocklist.java @@ -33,27 +33,28 @@ import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.AndroidDigestFactory; import org.bouncycastle.util.encoders.Hex; -public class CertBlacklist { - private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName()); +public class CertBlocklist { + private static final Logger logger = Logger.getLogger(CertBlocklist.class.getName()); // public for testing - public final Set<BigInteger> serialBlacklist; - public final Set<byte[]> pubkeyBlacklist; + public final Set<BigInteger> serialBlocklist; + public final Set<byte[]> pubkeyBlocklist; - public CertBlacklist() { + public CertBlocklist() { String androidData = System.getenv("ANDROID_DATA"); - String blacklistRoot = androidData + "/misc/keychain/"; - String defaultPubkeyBlacklistPath = blacklistRoot + "pubkey_blacklist.txt"; - String defaultSerialBlacklistPath = blacklistRoot + "serial_blacklist.txt"; + String blocklistRoot = androidData + "/misc/keychain/"; + // TODO(b/162575432): change these paths to use inclusive language + String defaultPubkeyBlocklistPath = blocklistRoot + "pubkey_blacklist.txt"; + String defaultSerialBlocklistPath = blocklistRoot + "serial_blacklist.txt"; - pubkeyBlacklist = readPublicKeyBlackList(defaultPubkeyBlacklistPath); - serialBlacklist = readSerialBlackList(defaultSerialBlacklistPath); + pubkeyBlocklist = readPublicKeyBlockList(defaultPubkeyBlocklistPath); + serialBlocklist = readSerialBlockList(defaultSerialBlocklistPath); } /** Test only interface, not for public use */ - public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) { - pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath); - serialBlacklist = readSerialBlackList(serialBlacklistPath); + public CertBlocklist(String pubkeyBlocklistPath, String serialBlocklistPath) { + pubkeyBlocklist = readPublicKeyBlockList(pubkeyBlocklistPath); + serialBlocklist = readSerialBlockList(serialBlocklistPath); } private static boolean isHex(String value) { @@ -74,12 +75,12 @@ public class CertBlacklist { return isHex(value); } - private static String readBlacklist(String path) { + private static String readBlocklist(String path) { try { return readFileAsString(path); } catch (FileNotFoundException ignored) { } catch (IOException e) { - logger.log(Level.WARNING, "Could not read blacklist", e); + logger.log(Level.WARNING, "Could not read blocklist", e); } return ""; } @@ -120,7 +121,7 @@ public class CertBlacklist { } } - private static final Set<BigInteger> readSerialBlackList(String path) { + private static Set<BigInteger> readSerialBlockList(String path) { /* Start out with a base set of known bad values. * @@ -147,13 +148,13 @@ public class CertBlacklist { )); // attempt to augment it with values taken from gservices - String serialBlacklist = readBlacklist(path); - if (!serialBlacklist.equals("")) { - for(String value : serialBlacklist.split(",")) { + String serialBlocklist = readBlocklist(path); + if (!serialBlocklist.equals("")) { + for(String value : serialBlocklist.split(",")) { try { bl.add(new BigInteger(value, 16)); } catch (NumberFormatException e) { - logger.log(Level.WARNING, "Tried to blacklist invalid serial number " + value, e); + logger.log(Level.WARNING, "Tried to blocklist invalid serial number " + value, e); } } } @@ -162,7 +163,7 @@ public class CertBlacklist { return Collections.unmodifiableSet(bl); } - private static final Set<byte[]> readPublicKeyBlackList(String path) { + private static Set<byte[]> readPublicKeyBlockList(String path) { // start out with a base set of known bad values Set<byte[]> bl = new HashSet<byte[]>(Arrays.asList( @@ -197,14 +198,14 @@ public class CertBlacklist { )); // attempt to augment it with values taken from gservices - String pubkeyBlacklist = readBlacklist(path); - if (!pubkeyBlacklist.equals("")) { - for (String value : pubkeyBlacklist.split(",")) { + String pubkeyBlocklist = readBlocklist(path); + if (!pubkeyBlocklist.equals("")) { + for (String value : pubkeyBlocklist.split(",")) { value = value.trim(); if (isPubkeyHash(value)) { bl.add(value.getBytes()); } else { - logger.log(Level.WARNING, "Tried to blacklist invalid pubkey " + value); + logger.log(Level.WARNING, "Tried to blocklist invalid pubkey " + value); } } } @@ -212,22 +213,22 @@ public class CertBlacklist { return bl; } - public boolean isPublicKeyBlackListed(PublicKey publicKey) { + public boolean isPublicKeyBlockListed(PublicKey publicKey) { byte[] encoded = publicKey.getEncoded(); Digest digest = AndroidDigestFactory.getSHA1(); digest.update(encoded, 0, encoded.length); byte[] out = new byte[digest.getDigestSize()]; digest.doFinal(out, 0); - for (byte[] blacklisted : pubkeyBlacklist) { - if (Arrays.equals(blacklisted, Hex.encode(out))) { + for (byte[] blocklisted : pubkeyBlocklist) { + if (Arrays.equals(blocklisted, Hex.encode(out))) { return true; } } return false; } - public boolean isSerialNumberBlackListed(BigInteger serial) { - return serialBlacklist.contains(serial); + public boolean isSerialNumberBlockListed(BigInteger serial) { + return serialBlocklist.contains(serial); } } diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java index 16659525..5e1905e5 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java @@ -45,11 +45,11 @@ public class PKIXCertPathValidatorSpi public PKIXCertPathValidatorSpi() { } - // BEGIN Android-added: Avoid loading blacklist during class init + // BEGIN Android-added: Avoid loading blocklist during class init private static class NoPreloadHolder { - private final static CertBlacklist blacklist = new CertBlacklist(); + private final static CertBlocklist blocklist = new CertBlocklist(); } - // END Android-added: Avoid loading blacklist during class init + // END Android-added: Avoid loading blocklist during class init public CertPathValidatorResult engineValidate( CertPath certPath, @@ -105,13 +105,13 @@ public class PKIXCertPathValidatorSpi { throw new CertPathValidatorException("Certification path is empty.", null, certPath, -1); } - // BEGIN Android-added: Support blacklisting known-bad certs + // BEGIN Android-added: Support blocklisting known-bad certs { X509Certificate cert = (X509Certificate) certs.get(0); if (cert != null) { BigInteger serial = cert.getSerialNumber(); - if (NoPreloadHolder.blacklist.isSerialNumberBlackListed(serial)) { + if (NoPreloadHolder.blocklist.isSerialNumberBlockListed(serial)) { // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs String message = "Certificate revocation of serial 0x" + serial.toString(16); System.out.println(message); @@ -120,7 +120,7 @@ public class PKIXCertPathValidatorSpi } } } - // END Android-added: Support blacklisting known-bad certs + // END Android-added: Support blocklisting known-bad certs // // (b) @@ -302,15 +302,15 @@ public class PKIXCertPathValidatorSpi for (index = certs.size() - 1; index >= 0; index--) { - // BEGIN Android-added: Support blacklisting known-bad certs - if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) { + // BEGIN Android-added: Support blocklisting known-bad certs + if (NoPreloadHolder.blocklist.isPublicKeyBlockListed(workingPublicKey)) { // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs String message = "Certificate revocation of public key " + workingPublicKey; System.out.println(message); AnnotatedException e = new AnnotatedException(message); throw new CertPathValidatorException(e.getMessage(), e, certPath, index); } - // END Android-added: Support blacklisting known-bad certs + // END Android-added: Support blocklisting known-bad certs // try // { // |