am dfd0afbc: Each time we start an SSL session, we have to find the trust anchor. This used to be an O(N) operation. If the trust anchor we\'re looking for was close to N, finding it could take a couple seconds. This change makes the operation O(1).

Merge commit 'dfd0afbcb08b871e224a28ecb4ed427a7693545c' into eclair

* commit 'dfd0afbcb08b871e224a28ecb4ed427a7693545c':
  Each time we start an SSL session, we have to find the trust anchor. This used to be an O(N) operation. If the trust anchor we're looking for was close to N, finding it could take a couple seconds. This change makes the operation O(1).

2 files changed, 28 insertions, 0 deletions

diff --git a/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java b/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
index fb05722..d91388a 100644
--- a/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
+++ b/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
@@ -28,6 +28,9 @@ import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.cert.CertificateEncodingException;
+
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.TrustManager;
@@ -193,6 +196,11 @@ public class SSLParameters implements Cloneable {
                 if (initialize_default) {
                     // found trustManager is default trust manager
                     defaultTrustManager = trustManager;
+// BEGIN android-added
+                    if (trustManager instanceof TrustManagerImpl) {
+                        ((TrustManagerImpl) trustManager).indexTrustAnchors();
+                    }
+// END android-added
                 }
             }
         } catch (NoSuchAlgorithmException e) {
@@ -201,6 +209,12 @@ public class SSLParameters implements Cloneable {
             throw new KeyManagementException(e);
         } catch (UnrecoverableKeyException e) {
             throw new KeyManagementException(e);            
+// BEGIN android-added
+        } catch (CertificateEncodingException e) {
+            throw new KeyManagementException(e);
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new KeyManagementException(e);
+// END android-added
         }
         // initialize secure random
         // BEGIN android-removed
diff --git a/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java b/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
index 31f7314..15756bd 100644
--- a/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
+++ b/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
@@ -22,8 +22,11 @@
 
 package org.apache.harmony.xnet.provider.jsse;
 
+import org.bouncycastle.jce.provider.IndexedPKIXParameters;
+
 import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.security.cert.CertPathValidator;
 import java.security.cert.CertPathValidatorException;
 import java.security.cert.CertificateException;
@@ -90,6 +93,17 @@ public class TrustManagerImpl implements X509TrustManager {
         }
     }
 
+// BEGIN android-added
+    /**
+     * Indexes trust anchors so they can be found in O(1) instead of O(N) time.
+     */
+    public void indexTrustAnchors() throws CertificateEncodingException,
+            InvalidAlgorithmParameterException, KeyStoreException {
+        params = new IndexedPKIXParameters(params.getTrustAnchors());
+        params.setRevocationEnabled(false);
+    }
+// END android-added
+
     /**
      * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],
      *      String)