diff options
18 files changed, 1007 insertions, 86 deletions
diff --git a/JavaLibrary.mk b/JavaLibrary.mk index 9987055..99b4232 100644 --- a/JavaLibrary.mk +++ b/JavaLibrary.mk @@ -84,9 +84,6 @@ LOCAL_MODULE_TAGS := optional LOCAL_MODULE := core-libart LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/JavaLibrary.mk LOCAL_REQUIRED_MODULES := tzdata -# Should not be dex-preopted as it isn't really a Dalvik boot jar or a -# regular java library, but part of the image for ART. -LOCAL_DEX_PREOPT := false include $(BUILD_JAVA_LIBRARY) ifeq ($(LIBCORE_SKIP_TESTS),) @@ -152,9 +149,6 @@ LOCAL_MODULE_TAGS := optional LOCAL_MODULE := core-libart-hostdex LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/JavaLibrary.mk LOCAL_REQUIRED_MODULES := tzdata-host -# Should not be dex-preopted as it isn't really a Dalvik boot jar or a -# regular java library, but part of the image for ART. -LOCAL_DEX_PREOPT := false include $(BUILD_HOST_DALVIK_JAVA_LIBRARY) # Make the core-tests library. diff --git a/harmony-tests/src/test/java/org/apache/harmony/tests/java/net/MulticastSocketTest.java b/harmony-tests/src/test/java/org/apache/harmony/tests/java/net/MulticastSocketTest.java index e3e1207..d531301 100644 --- a/harmony-tests/src/test/java/org/apache/harmony/tests/java/net/MulticastSocketTest.java +++ b/harmony-tests/src/test/java/org/apache/harmony/tests/java/net/MulticastSocketTest.java @@ -56,6 +56,7 @@ public class MulticastSocketTest extends junit.framework.TestCase { private NetworkInterface loopbackInterface; private NetworkInterface ipv4NetworkInterface; private NetworkInterface ipv6NetworkInterface; + private boolean supportsMulticast; @Override protected void setUp() throws Exception { @@ -69,6 +70,14 @@ public class MulticastSocketTest extends junit.framework.TestCase { Enumeration<NetworkInterface> interfaces = NetworkInterface.getNetworkInterfaces(); assertNotNull(interfaces); + // Determine if the device is marked to support multicast or not. If this propery is not + // set we assume the device has an interface capable of supporting multicast. + supportsMulticast = Boolean.valueOf( + System.getProperty("android.cts.device.multicast", "true")); + if (!supportsMulticast) { + return; + } + while (interfaces.hasMoreElements() && (ipv4NetworkInterface == null || ipv6NetworkInterface == null)) { NetworkInterface nextInterface = interfaces.nextElement(); @@ -90,6 +99,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_Constructor() throws IOException { + if (!supportsMulticast) { + return; + } // Regression test for 497. MulticastSocket s = new MulticastSocket(); // Regression test for Harmony-1162. @@ -99,6 +111,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_ConstructorI() throws IOException { + if (!supportsMulticast) { + return; + } MulticastSocket orig = new MulticastSocket(); int port = orig.getLocalPort(); orig.close(); @@ -110,6 +125,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_getInterface() throws Exception { + if (!supportsMulticast) { + return; + } // Validate that we get the expected response when one was not set. MulticastSocket mss = new MulticastSocket(0); // We expect an ANY address in this case. @@ -134,6 +152,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_getNetworkInterface() throws IOException { + if (!supportsMulticast) { + return; + } // Validate that we get the expected response when one was not set. MulticastSocket mss = new MulticastSocket(0); NetworkInterface theInterface = mss.getNetworkInterface(); @@ -176,6 +197,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_getTimeToLive() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket mss = new MulticastSocket(); mss.setTimeToLive(120); assertEquals("Returned incorrect 1st TTL", 120, mss.getTimeToLive()); @@ -185,6 +209,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_getTTL() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket mss = new MulticastSocket(); mss.setTTL((byte) 120); assertEquals("Returned incorrect TTL", 120, mss.getTTL()); @@ -192,10 +219,16 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_joinGroupLjava_net_InetAddress_IPv4() throws Exception { + if (!supportsMulticast) { + return; + } test_joinGroupLjava_net_InetAddress(GOOD_IPv4); } public void test_joinGroupLjava_net_InetAddress_IPv6() throws Exception { + if (!supportsMulticast) { + return; + } test_joinGroupLjava_net_InetAddress(GOOD_IPv6); } @@ -220,6 +253,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_joinGroup_null_null() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket mss = new MulticastSocket(0); try { mss.joinGroup(null, null); @@ -230,6 +266,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_joinGroup_non_multicast_address_IPv4() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket mss = new MulticastSocket(0); try { mss.joinGroup(new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 0), null); @@ -240,6 +279,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_joinGroup_non_multicast_address_IPv6() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket mss = new MulticastSocket(0); try { mss.joinGroup(new InetSocketAddress(InetAddress.getByName("::1"), 0), null); @@ -251,12 +293,18 @@ public class MulticastSocketTest extends junit.framework.TestCase { public void test_joinGroupLjava_net_SocketAddressLjava_net_NetworkInterface_IPv4() throws Exception { + if (!supportsMulticast) { + return; + } test_joinGroupLjava_net_SocketAddressLjava_net_NetworkInterface( ipv4NetworkInterface, GOOD_IPv4, BAD_IPv4); } public void test_joinGroupLjava_net_SocketAddressLjava_net_NetworkInterface_IPv6() throws Exception { + if (!supportsMulticast) { + return; + } test_joinGroupLjava_net_SocketAddressLjava_net_NetworkInterface( ipv6NetworkInterface, GOOD_IPv6, BAD_IPv6); } @@ -310,6 +358,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_joinGroupLjava_net_SocketAddressLjava_net_NetworkInterface() throws Exception { + if (!supportsMulticast) { + return; + } // Check that we can join on specific interfaces and that we only receive if data is // received on that interface. This test is only really useful on devices with multiple // non-loopback interfaces. @@ -378,12 +429,18 @@ public class MulticastSocketTest extends junit.framework.TestCase { public void test_joinGroupLjava_net_SocketAddressLjava_net_NetworkInterface_multiple_joins_IPv4() throws Exception { + if (!supportsMulticast) { + return; + } test_joinGroupLjava_net_SocketAddressLjava_net_NetworkInterface_multiple_joins( ipv4NetworkInterface, GOOD_IPv4); } public void test_joinGroupLjava_net_SocketAddressLjava_net_NetworkInterface_multiple_joins_IPv6() throws Exception { + if (!supportsMulticast) { + return; + } test_joinGroupLjava_net_SocketAddressLjava_net_NetworkInterface_multiple_joins( ipv6NetworkInterface, GOOD_IPv6); } @@ -405,10 +462,16 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_leaveGroupLjava_net_InetAddress_IPv4() throws Exception { + if (!supportsMulticast) { + return; + } test_leaveGroupLjava_net_InetAddress(GOOD_IPv4); } public void test_leaveGroupLjava_net_InetAddress_IPv6() throws Exception { + if (!supportsMulticast) { + return; + } test_leaveGroupLjava_net_InetAddress(GOOD_IPv6); } @@ -428,6 +491,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_leaveGroup_null_null() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket mss = new MulticastSocket(0); try { mss.leaveGroup(null, null); @@ -438,6 +504,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_leaveGroup_non_multicast_address_IPv4() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket mss = new MulticastSocket(0); try { mss.leaveGroup(new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 0), null); @@ -448,6 +517,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_leaveGroup_non_multicast_address_IPv6() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket mss = new MulticastSocket(0); try { mss.leaveGroup(new InetSocketAddress(InetAddress.getByName("::1"), 0), null); @@ -459,12 +531,18 @@ public class MulticastSocketTest extends junit.framework.TestCase { public void test_leaveGroupLjava_net_SocketAddressLjava_net_NetworkInterface_IPv4() throws Exception { + if (!supportsMulticast) { + return; + } test_leaveGroupLjava_net_SocketAddressLjava_net_NetworkInterface( ipv4NetworkInterface, GOOD_IPv4, BAD_IPv4); } public void test_leaveGroupLjava_net_SocketAddressLjava_net_NetworkInterface_IPv6() throws Exception { + if (!supportsMulticast) { + return; + } test_leaveGroupLjava_net_SocketAddressLjava_net_NetworkInterface( ipv6NetworkInterface, GOOD_IPv6, BAD_IPv6); } @@ -505,10 +583,16 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_sendLjava_net_DatagramPacketB_IPv4() throws Exception { + if (!supportsMulticast) { + return; + } test_sendLjava_net_DatagramPacketB(GOOD_IPv4); } public void test_sendLjava_net_DatagramPacketB_IPv6() throws Exception { + if (!supportsMulticast) { + return; + } test_sendLjava_net_DatagramPacketB(GOOD_IPv6); } @@ -531,6 +615,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_setInterfaceLjava_net_InetAddress() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket mss = new MulticastSocket(); mss.setInterface(InetAddress.getLocalHost()); InetAddress theInterface = mss.getInterface(); @@ -549,10 +636,16 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_setInterface_unbound_address_IPv4() throws Exception { + if (!supportsMulticast) { + return; + } test_setInterface_unbound_address(GOOD_IPv4); } public void test_setInterface_unbound_address_IPv6() throws Exception { + if (!supportsMulticast) { + return; + } test_setInterface_unbound_address(GOOD_IPv6); } @@ -568,6 +661,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_setNetworkInterfaceLjava_net_NetworkInterface_null() throws Exception { + if (!supportsMulticast) { + return; + } // Validate that null interface is handled ok. MulticastSocket mss = new MulticastSocket(); try { @@ -579,6 +675,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_setNetworkInterfaceLjava_net_NetworkInterface_round_trip() throws Exception { + if (!supportsMulticast) { + return; + } // Validate that we can get and set the interface. MulticastSocket mss = new MulticastSocket(); mss.setNetworkInterface(ipv4NetworkInterface); @@ -588,10 +687,16 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_setNetworkInterfaceLjava_net_NetworkInterface_IPv4() throws Exception { + if (!supportsMulticast) { + return; + } test_setNetworkInterfaceLjava_net_NetworkInterface(GOOD_IPv4); } public void test_setNetworkInterfaceLjava_net_NetworkInterface_IPv6() throws Exception { + if (!supportsMulticast) { + return; + } test_setNetworkInterfaceLjava_net_NetworkInterface(GOOD_IPv6); } @@ -630,6 +735,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_setTimeToLiveI() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket mss = new MulticastSocket(); mss.setTimeToLive(120); assertEquals("Returned incorrect 1st TTL", 120, mss.getTimeToLive()); @@ -639,6 +747,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_setTTLB() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket mss = new MulticastSocket(); mss.setTTL((byte) 120); assertEquals("Failed to set TTL", 120, mss.getTTL()); @@ -646,6 +757,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_ConstructorLjava_net_SocketAddress() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket ms = new MulticastSocket((SocketAddress) null); assertTrue("should not be bound", !ms.isBound() && !ms.isClosed() && !ms.isConnected()); ms.bind(null); @@ -677,6 +791,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_getLoopbackMode() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket ms = new MulticastSocket(null); assertTrue("should not be bound", !ms.isBound() && !ms.isClosed() && !ms.isConnected()); ms.getLoopbackMode(); @@ -686,6 +803,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_setLoopbackModeZ() throws Exception { + if (!supportsMulticast) { + return; + } MulticastSocket ms = new MulticastSocket(); ms.setLoopbackMode(true); assertTrue("loopback should be true", ms.getLoopbackMode()); @@ -696,10 +816,16 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_setLoopbackModeSendReceive_IPv4() throws Exception { + if (!supportsMulticast) { + return; + } test_setLoopbackModeSendReceive(GOOD_IPv4); } public void test_setLoopbackModeSendReceive_IPv6() throws Exception { + if (!supportsMulticast) { + return; + } test_setLoopbackModeSendReceive(GOOD_IPv6); } @@ -726,6 +852,9 @@ public class MulticastSocketTest extends junit.framework.TestCase { } public void test_setReuseAddressZ() throws Exception { + if (!supportsMulticast) { + return; + } // Test case were we to set ReuseAddress to false. MulticastSocket theSocket1 = new MulticastSocket(null); theSocket1.setReuseAddress(false); @@ -797,5 +926,4 @@ public class MulticastSocketTest extends junit.framework.TestCase { private static String extractMessage(DatagramPacket rdp) { return new String(rdp.getData(), 0, rdp.getLength()); } - } diff --git a/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java b/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java index f55829d..0bc8920 100644 --- a/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java +++ b/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java @@ -37,7 +37,14 @@ import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Enumeration; +import java.util.List; import java.util.Vector; +import java.util.concurrent.Callable; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.Future; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; import java.util.jar.Attributes; import java.util.jar.JarEntry; import java.util.jar.JarFile; @@ -97,6 +104,27 @@ public class JarFileTest extends TestCase { private final String emptyEntryJar = "EmptyEntries_signed.jar"; + /* + * /usr/bin/openssl genrsa 2048 > root1.pem + * /usr/bin/openssl req -new -key root1.pem -out root1.csr -subj '/CN=root1' + * /usr/bin/openssl x509 -req -days 3650 -in root1.csr -signkey root1.pem -out root1.crt + * /usr/bin/openssl genrsa 2048 > root2.pem + * /usr/bin/openssl req -new -key root2.pem -out root2.csr -subj '/CN=root2' + * echo 4000 > root1.srl + * echo 8000 > root2.srl + * /usr/bin/openssl x509 -req -days 3650 -in root2.csr -CA root1.crt -CAkey root1.pem -out root2.crt + * /usr/bin/openssl x509 -req -days 3650 -in root1.csr -CA root2.crt -CAkey root2.pem -out root1.crt + * /usr/bin/openssl genrsa 2048 > signer.pem + * /usr/bin/openssl req -new -key signer.pem -out signer.csr -subj '/CN=signer' + * /usr/bin/openssl x509 -req -days 3650 -in signer.csr -CA root1.crt -CAkey root1.pem -out signer.crt + * /usr/bin/openssl pkcs12 -inkey signer.pem -in signer.crt -export -out signer.p12 -name signer -passout pass:certloop + * keytool -importkeystore -srckeystore signer.p12 -srcstoretype PKCS12 -destkeystore signer.jks -srcstorepass certloop -deststorepass certloop + * cat signer.crt root1.crt root2.crt > chain.crt + * zip -d hyts_certLoop.jar 'META-INF/*' + * jarsigner -keystore signer.jks -certchain chain.crt -storepass certloop hyts_certLoop.jar signer + */ + private final String certLoopJar = "hyts_certLoop.jar"; + private final String emptyEntry1 = "subfolder/internalSubset01.js"; private final String emptyEntry2 = "svgtest.js"; @@ -616,6 +644,9 @@ public class JarFileTest extends TestCase { // JAR with a signature that has PKCS#7 Authenticated Attributes checkSignedJar(authAttrsJar); + + // JAR with certificates that loop + checkSignedJar(certLoopJar, 3); } /** @@ -628,29 +659,52 @@ public class JarFileTest extends TestCase { checkSignedJar(jarName9); } + /** + * Checks that a JAR is signed correctly with a signature length of 1. + */ private void checkSignedJar(String jarName) throws Exception { - Support_Resources.copyFile(resources, null, jarName); + checkSignedJar(jarName, 1); + } - File file = new File(resources, jarName); - boolean foundCerts = false; + /** + * Checks that a JAR is signed correctly with a signature length of sigLength. + */ + private void checkSignedJar(String jarName, final int sigLength) throws Exception { + Support_Resources.copyFile(resources, null, jarName); - JarFile jarFile = new JarFile(file, true); - try { + final File file = new File(resources, jarName); - Enumeration<JarEntry> e = jarFile.entries(); - while (e.hasMoreElements()) { - JarEntry entry = e.nextElement(); - InputStream is = jarFile.getInputStream(entry); - is.skip(100000); - is.close(); - Certificate[] certs = entry.getCertificates(); - if (certs != null && certs.length > 0) { - foundCerts = true; - break; + ExecutorService executor = Executors.newSingleThreadExecutor(); + Future<Boolean> future = executor.submit(new Callable<Boolean>() { + @Override + public Boolean call() throws Exception { + JarFile jarFile = new JarFile(file, true); + try { + Enumeration<JarEntry> e = jarFile.entries(); + while (e.hasMoreElements()) { + JarEntry entry = e.nextElement(); + InputStream is = jarFile.getInputStream(entry); + is.skip(100000); + is.close(); + Certificate[] certs = entry.getCertificates(); + if (certs != null && certs.length > 0) { + assertEquals(sigLength, certs.length); + return true; + } + } + return false; + } finally { + jarFile.close(); } } - } finally { - jarFile.close(); + }); + executor.shutdown(); + final boolean foundCerts; + try { + foundCerts = future.get(10, TimeUnit.SECONDS); + } catch (TimeoutException e) { + fail("Could not finish building chain; possibly confused by loops"); + return; // Not actually reached. } assertTrue( diff --git a/luni/src/main/files/cacerts/04f60c28.0 b/luni/src/main/files/cacerts/04f60c28.0 new file mode 100644 index 0000000..dec2f4e --- /dev/null +++ b/luni/src/main/files/cacerts/04f60c28.0 @@ -0,0 +1,54 @@ +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl +eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT +JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg +VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo +I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng +o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G +A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB +zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW +RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5c:8b:99:c5:5a:94:c5:d2:71:56:de:cd:89:80:cc:26 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority + Validity + Not Before: Feb 1 00:00:00 2010 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:1a:ac:54:5a:a9:f9:68:23:e7:7a:d5:24:6f:53: + c6:5a:d8:4b:ab:c6:d5:b6:d1:e6:73:71:ae:dd:9c: + d6:0c:61:fd:db:a0:89:03:b8:05:14:ec:57:ce:ee: + 5d:3f:e2:21:b3:ce:f7:d4:8a:79:e0:a3:83:7e:2d: + 97:d0:61:c4:f1:99:dc:25:91:63:ab:7f:30:a3:b4: + 70:e2:c7:a1:33:9c:f3:bf:2e:5c:53:b1:5f:b3:7d: + 32:7f:8a:34:e3:79:79 + ASN1 OID: secp384r1 + X509v3 extensions: + X509v3 Subject Key Identifier: + 3A:E1:09:86:D4:CF:19:C2:96:76:74:49:76:DC:E0:35:C6:63:63:9A + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: ecdsa-with-SHA384 + 30:65:02:30:36:67:a1:16:08:dc:e4:97:00:41:1d:4e:be:e1: + 63:01:cf:3b:aa:42:11:64:a0:9d:94:39:02:11:79:5c:7b:1d: + fa:64:b9:ee:16:42:b3:bf:8a:c2:09:c4:ec:e4:b1:4d:02:31: + 00:e9:2a:61:47:8c:52:4a:4b:4e:18:70:f6:d6:44:d6:6e:f5: + 83:ba:6d:58:bd:24:d9:56:48:ea:ef:c4:a2:46:81:88:6a:3a: + 46:d1:a9:9b:4d:c9:61:da:d1:5d:57:6a:18 +SHA1 Fingerprint=D1:CB:CA:5D:B2:D5:2A:7F:69:3B:67:4D:E5:F0:5A:1D:0C:95:7D:F0 diff --git a/luni/src/main/files/cacerts/0d69c7e1.0 b/luni/src/main/files/cacerts/0d69c7e1.0 new file mode 100644 index 0000000..84c387e --- /dev/null +++ b/luni/src/main/files/cacerts/0d69c7e1.0 @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ +FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F +uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX +kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs +ewv4n4Q= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign + Validity + Not Before: Nov 13 00:00:00 2012 GMT + Not After : Jan 19 03:14:07 2038 GMT + Subject: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:b8:c6:79:d3:8f:6c:25:0e:9f:2e:39:19:1c:03: + a4:ae:9a:e5:39:07:09:16:ca:63:b1:b9:86:f8:8a: + 57:c1:57:ce:42:fa:73:a1:f7:65:42:ff:1e:c1:00: + b2:6e:73:0e:ff:c7:21:e5:18:a4:aa:d9:71:3f:a8: + d4:b9:ce:8c:1d + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 54:B0:7B:AD:45:B8:E2:40:7F:FB:0A:6E:FB:BE:33:C9:3C:A3:84:D5 + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:dc:92:a1:a0:13:a6:cf:03:b0:e6:c4:21:97: + 90:fa:14:57:2d:03:ec:ee:3c:d3:6e:ca:a8:6c:76:bc:a2:de: + bb:02:20:27:a8:85:27:35:9b:56:c6:a3:f2:47:d2:b7:6e:1b: + 02:00:17:aa:67:a6:15:91:de:fa:94:ec:7b:0b:f8:9f:84 +SHA1 Fingerprint=69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB diff --git a/luni/src/main/files/cacerts/2add47b6.0 b/luni/src/main/files/cacerts/2add47b6.0 new file mode 100644 index 0000000..aa88539 --- /dev/null +++ b/luni/src/main/files/cacerts/2add47b6.0 @@ -0,0 +1,52 @@ +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc +8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke +hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI +KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg +515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO +xwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 60:59:49:e0:26:2e:bb:55:f9:0a:77:8a:71:f9:4a:d8:6c + Signature Algorithm: ecdsa-with-SHA384 + Issuer: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign + Validity + Not Before: Nov 13 00:00:00 2012 GMT + Not After : Jan 19 03:14:07 2038 GMT + Subject: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:47:45:0e:96:fb:7d:5d:bf:e9:39:d1:21:f8:9f: + 0b:b6:d5:7b:1e:92:3a:48:59:1c:f0:62:31:2d:c0: + 7a:28:fe:1a:a7:5c:b3:b6:cc:97:e7:45:d4:58:fa: + d1:77:6d:43:a2:c0:87:65:34:0a:1f:7a:dd:eb:3c: + 33:a1:c5:9d:4d:a4:6f:41:95:38:7f:c9:1e:84:eb: + d1:9e:49:92:87:94:87:0c:3a:85:4a:66:9f:9d:59: + 93:4d:97:61:06:86:4a + ASN1 OID: secp384r1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 3D:E6:29:48:9B:EA:07:CA:21:44:4A:26:DE:6E:DE:D2:83:D0:9F:59 + Signature Algorithm: ecdsa-with-SHA384 + 30:65:02:31:00:e5:69:12:c9:6e:db:c6:31:ba:09:41:e1:97: + f8:fb:fd:9a:e2:7d:12:c9:ed:7c:64:d3:cb:05:25:8b:56:d9: + a0:e7:5e:5d:4e:0b:83:9c:5b:76:29:a0:09:26:21:6a:62:02: + 30:71:d2:b5:8f:5c:ea:3b:e1:78:09:85:a8:75:92:3b:c8:5c: + fd:48:ef:0d:74:22:a8:08:e2:6e:c5:49:ce:c7:0c:bc:a7:61: + 69:f1:f7:3b:e1:2a:cb:f9:2b:f3:66:90:37 +SHA1 Fingerprint=1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA diff --git a/luni/src/main/files/cacerts/35105088.0 b/luni/src/main/files/cacerts/35105088.0 new file mode 100644 index 0000000..3728c3b --- /dev/null +++ b/luni/src/main/files/cacerts/35105088.0 @@ -0,0 +1,123 @@ +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d + Signature Algorithm: sha384WithRSAEncryption + Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority + Validity + Not Before: Feb 1 00:00:00 2010 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:80:12:65:17:36:0e:c3:db:08:b3:d0:ac:57:0d: + 76:ed:cd:27:d3:4c:ad:50:83:61:e2:aa:20:4d:09: + 2d:64:09:dc:ce:89:9f:cc:3d:a9:ec:f6:cf:c1:dc: + f1:d3:b1:d6:7b:37:28:11:2b:47:da:39:c6:bc:3a: + 19:b4:5f:a6:bd:7d:9d:a3:63:42:b6:76:f2:a9:3b: + 2b:91:f8:e2:6f:d0:ec:16:20:90:09:3e:e2:e8:74: + c9:18:b4:91:d4:62:64:db:7f:a3:06:f1:88:18:6a: + 90:22:3c:bc:fe:13:f0:87:14:7b:f6:e4:1f:8e:d4: + e4:51:c6:11:67:46:08:51:cb:86:14:54:3f:bc:33: + fe:7e:6c:9c:ff:16:9d:18:bd:51:8e:35:a6:a7:66: + c8:72:67:db:21:66:b1:d4:9b:78:03:c0:50:3a:e8: + cc:f0:dc:bc:9e:4c:fe:af:05:96:35:1f:57:5a:b7: + ff:ce:f9:3d:b7:2c:b6:f6:54:dd:c8:e7:12:3a:4d: + ae:4c:8a:b7:5c:9a:b4:b7:20:3d:ca:7f:22:34:ae: + 7e:3b:68:66:01:44:e7:01:4e:46:53:9b:33:60:f7: + 94:be:53:37:90:73:43:f3:32:c3:53:ef:db:aa:fe: + 74:4e:69:c7:6b:8c:60:93:de:c4:c7:0c:df:e1:32: + ae:cc:93:3b:51:78:95:67:8b:ee:3d:56:fe:0c:d0: + 69:0f:1b:0f:f3:25:26:6b:33:6d:f7:6e:47:fa:73: + 43:e5:7e:0e:a5:66:b1:29:7c:32:84:63:55:89:c4: + 0d:c1:93:54:30:19:13:ac:d3:7d:37:a7:eb:5d:3a: + 6c:35:5c:db:41:d7:12:da:a9:49:0b:df:d8:80:8a: + 09:93:62:8e:b5:66:cf:25:88:cd:84:b8:b1:3f:a4: + 39:0f:d9:02:9e:eb:12:4c:95:7c:f3:6b:05:a9:5e: + 16:83:cc:b8:67:e2:e8:13:9d:cc:5b:82:d3:4c:b3: + ed:5b:ff:de:e5:73:ac:23:3b:2d:00:bf:35:55:74: + 09:49:d8:49:58:1a:7f:92:36:e6:51:92:0e:f3:26: + 7d:1c:4d:17:bc:c9:ec:43:26:d0:bf:41:5f:40:a9: + 44:44:f4:99:e7:57:87:9e:50:1f:57:54:a8:3e:fd: + 74:63:2f:b1:50:65:09:e6:58:42:2e:43:1a:4c:b4: + f0:25:47:59:fa:04:1e:93:d4:26:46:4a:50:81:b2: + de:be:78:b7:fc:67:15:e1:c9:57:84:1e:0f:63:d6: + e9:62:ba:d6:5f:55:2e:ea:5c:c6:28:08:04:25:39: + b8:0e:2b:a9:f2:4c:97:1c:07:3f:0d:52:f5:ed:ef: + 2f:82:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 53:79:BF:5A:AA:2B:4A:CF:54:80:E1:D8:9B:C0:9D:F2:B2:03:66:CB + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha384WithRSAEncryption + 5c:d4:7c:0d:cf:f7:01:7d:41:99:65:0c:73:c5:52:9f:cb:f8: + cf:99:06:7f:1b:da:43:15:9f:9e:02:55:57:96:14:f1:52:3c: + 27:87:94:28:ed:1f:3a:01:37:a2:76:fc:53:50:c0:84:9b:c6: + 6b:4e:ba:8c:21:4f:a2:8e:55:62:91:f3:69:15:d8:bc:88:e3: + c4:aa:0b:fd:ef:a8:e9:4b:55:2a:06:20:6d:55:78:29:19:ee: + 5f:30:5c:4b:24:11:55:ff:24:9a:6e:5e:2a:2b:ee:0b:4d:9f: + 7f:f7:01:38:94:14:95:43:07:09:fb:60:a9:ee:1c:ab:12:8c: + a0:9a:5e:a7:98:6a:59:6d:8b:3f:08:fb:c8:d1:45:af:18:15: + 64:90:12:0f:73:28:2e:c5:e2:24:4e:fc:58:ec:f0:f4:45:fe: + 22:b3:eb:2f:8e:d2:d9:45:61:05:c1:97:6f:a8:76:72:8f:8b: + 8c:36:af:bf:0d:05:ce:71:8d:e6:a6:6f:1f:6c:a6:71:62:c5: + d8:d0:83:72:0c:f1:67:11:89:0c:9c:13:4c:72:34:df:bc:d5: + 71:df:aa:71:dd:e1:b9:6c:8c:3c:12:5d:65:da:bd:57:12:b6: + 43:6b:ff:e5:de:4d:66:11:51:cf:99:ae:ec:17:b6:e8:71:91: + 8c:de:49:fe:dd:35:71:a2:15:27:94:1c:cf:61:e3:26:bb:6f: + a3:67:25:21:5d:e6:dd:1d:0b:2e:68:1b:3b:82:af:ec:83:67: + 85:d4:98:51:74:b1:b9:99:80:89:ff:7f:78:19:5c:79:4a:60: + 2e:92:40:ae:4c:37:2a:2c:c9:c7:62:c8:0e:5d:f7:36:5b:ca: + e0:25:25:01:b4:dd:1a:07:9c:77:00:3f:d0:dc:d5:ec:3d:d4: + fa:bb:3f:cc:85:d6:6f:7f:a9:2d:df:b9:02:f7:f5:97:9a:b5: + 35:da:c3:67:b0:87:4a:a9:28:9e:23:8e:ff:5c:27:6b:e1:b0: + 4f:f3:07:ee:00:2e:d4:59:87:cb:52:41:95:ea:f4:47:d7:ee: + 64:41:55:7c:8d:59:02:95:dd:62:9d:c2:b9:ee:5a:28:74:84: + a5:9b:b7:90:c7:0c:07:df:f5:89:36:74:32:d6:28:c1:b0:b0: + 0b:e0:9c:4c:c3:1c:d6:fc:e3:69:b5:47:46:81:2f:a2:82:ab: + d3:63:44:70:c4:8d:ff:2d:33:ba:ad:8f:7b:b5:70:88:ae:3e: + 19:cf:40:28:d8:fc:c8:90:bb:5d:99:22:f5:52:e6:58:c5:1f: + 88:31:43:ee:88:1d:d7:c6:8e:3c:43:6a:1d:a7:18:de:7d:3d: + 16:f1:62:f9:ca:90:a8:fd +SHA1 Fingerprint=2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E diff --git a/luni/src/main/files/cacerts/d4c339cb.0 b/luni/src/main/files/cacerts/d4c339cb.0 new file mode 100644 index 0000000..3f5e924 --- /dev/null +++ b/luni/src/main/files/cacerts/d4c339cb.0 @@ -0,0 +1,123 @@ +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR +6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X +pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC +9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV +/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf +Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z ++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w +qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah +SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC +u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf +Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq +crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl +wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM +4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV +2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna +FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ +CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK +boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke +jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL +S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb +QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl +0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB +NVOFBkpdn627G190 +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d + Signature Algorithm: sha384WithRSAEncryption + Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority + Validity + Not Before: Jan 19 00:00:00 2010 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:91:e8:54:92:d2:0a:56:b1:ac:0d:24:dd:c5:cf: + 44:67:74:99:2b:37:a3:7d:23:70:00:71:bc:53:df: + c4:fa:2a:12:8f:4b:7f:10:56:bd:9f:70:72:b7:61: + 7f:c9:4b:0f:17:a7:3d:e3:b0:04:61:ee:ff:11:97: + c7:f4:86:3e:0a:fa:3e:5c:f9:93:e6:34:7a:d9:14: + 6b:e7:9c:b3:85:a0:82:7a:76:af:71:90:d7:ec:fd: + 0d:fa:9c:6c:fa:df:b0:82:f4:14:7e:f9:be:c4:a6: + 2f:4f:7f:99:7f:b5:fc:67:43:72:bd:0c:00:d6:89: + eb:6b:2c:d3:ed:8f:98:1c:14:ab:7e:e5:e3:6e:fc: + d8:a8:e4:92:24:da:43:6b:62:b8:55:fd:ea:c1:bc: + 6c:b6:8b:f3:0e:8d:9a:e4:9b:6c:69:99:f8:78:48: + 30:45:d5:ad:e1:0d:3c:45:60:fc:32:96:51:27:bc: + 67:c3:ca:2e:b6:6b:ea:46:c7:c7:20:a0:b1:1f:65: + de:48:08:ba:a4:4e:a9:f2:83:46:37:84:eb:e8:cc: + 81:48:43:67:4e:72:2a:9b:5c:bd:4c:1b:28:8a:5c: + 22:7b:b4:ab:98:d9:ee:e0:51:83:c3:09:46:4e:6d: + 3e:99:fa:95:17:da:7c:33:57:41:3c:8d:51:ed:0b: + b6:5c:af:2c:63:1a:df:57:c8:3f:bc:e9:5d:c4:9b: + af:45:99:e2:a3:5a:24:b4:ba:a9:56:3d:cf:6f:aa: + ff:49:58:be:f0:a8:ff:f4:b8:ad:e9:37:fb:ba:b8: + f4:0b:3a:f9:e8:43:42:1e:89:d8:84:cb:13:f1:d9: + bb:e1:89:60:b8:8c:28:56:ac:14:1d:9c:0a:e7:71: + eb:cf:0e:dd:3d:a9:96:a1:48:bd:3c:f7:af:b5:0d: + 22:4c:c0:11:81:ec:56:3b:f6:d3:a2:e2:5b:b7:b2: + 04:22:52:95:80:93:69:e8:8e:4c:65:f1:91:03:2d: + 70:74:02:ea:8b:67:15:29:69:52:02:bb:d7:df:50: + 6a:55:46:bf:a0:a3:28:61:7f:70:d0:c3:a2:aa:2c: + 21:aa:47:ce:28:9c:06:45:76:bf:82:18:27:b4:d5: + ae:b4:cb:50:e6:6b:f4:4c:86:71:30:e9:a6:df:16: + 86:e0:d8:ff:40:dd:fb:d0:42:88:7f:a3:33:3a:2e: + 5c:1e:41:11:81:63:ce:18:71:6b:2b:ec:a6:8a:b7: + 31:5c:3a:6a:47:e0:c3:79:59:d6:20:1a:af:f2:6a: + 98:aa:72:bc:57:4a:d2:4b:9d:bb:10:fc:b0:4c:41: + e5:ed:1d:3d:5e:28:9d:9c:cc:bf:b3:51:da:a7:47: + e5:84:53 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha384WithRSAEncryption + 0a:f1:d5:46:84:b7:ae:51:bb:6c:b2:4d:41:14:00:93:4c:9c: + cb:e5:c0:54:cf:a0:25:8e:02:f9:fd:b0:a2:0d:f5:20:98:3c: + 13:2d:ac:56:a2:b0:d6:7e:11:92:e9:2e:ba:9e:2e:9a:72:b1: + bd:19:44:6c:61:35:a2:9a:b4:16:12:69:5a:8c:e1:d7:3e:a4: + 1a:e8:2f:03:f4:ae:61:1d:10:1b:2a:a4:8b:7a:c5:fe:05:a6: + e1:c0:d6:c8:fe:9e:ae:8f:2b:ba:3d:99:f8:d8:73:09:58:46: + 6e:a6:9c:f4:d7:27:d3:95:da:37:83:72:1c:d3:73:e0:a2:47: + 99:03:38:5d:d5:49:79:00:29:1c:c7:ec:9b:20:1c:07:24:69: + 57:78:b2:39:fc:3a:84:a0:b5:9c:7c:8d:bf:2e:93:62:27:b7: + 39:da:17:18:ae:bd:3c:09:68:ff:84:9b:3c:d5:d6:0b:03:e3: + 57:9e:14:f7:d1:eb:4f:c8:bd:87:23:b7:b6:49:43:79:85:5c: + ba:eb:92:0b:a1:c6:e8:68:a8:4c:16:b1:1a:99:0a:e8:53:2c: + 92:bb:a1:09:18:75:0c:65:a8:7b:cb:23:b7:1a:c2:28:85:c3: + 1b:ff:d0:2b:62:ef:a4:7b:09:91:98:67:8c:14:01:cd:68:06: + 6a:63:21:75:03:80:88:8a:6e:81:c6:85:f2:a9:a4:2d:e7:f4: + a5:24:10:47:83:ca:cd:f4:8d:79:58:b1:06:9b:e7:1a:2a:d9: + 9d:01:d7:94:7d:ed:03:4a:ca:f0:db:e8:a9:01:3e:f5:56:99: + c9:1e:8e:49:3d:bb:e5:09:b9:e0:4f:49:92:3d:16:82:40:cc: + cc:59:c6:e6:3a:ed:12:2e:69:3c:6c:95:b1:fd:aa:1d:7b:7f: + 86:be:1e:0e:32:46:fb:fb:13:8f:75:7f:4c:8b:4b:46:63:fe: + 00:34:40:70:c1:c3:b9:a1:dd:a6:70:e2:04:b3:41:bc:e9:80: + 91:ea:64:9c:7a:e1:22:03:a9:9c:6e:6f:0e:65:4f:6c:87:87: + 5e:f3:6e:a0:f9:75:a5:9b:40:e8:53:b2:27:9d:4a:b9:c0:77: + 21:8d:ff:87:f2:de:bc:8c:ef:17:df:b7:49:0b:d1:f2:6e:30: + 0b:1a:0e:4e:76:ed:11:fc:f5:e9:56:b2:7d:bf:c7:6d:0a:93: + 8c:a5:d0:c0:b6:1d:be:3a:4e:94:a2:d7:6e:6c:0b:c2:8a:7c: + fa:20:f3:c4:e4:e5:cd:0d:a8:cb:91:92:b1:7c:85:ec:b5:14: + 69:66:0e:82:e7:cd:ce:c8:2d:a6:51:7f:21:c1:35:53:85:06: + 4a:5d:9f:ad:bb:1b:5f:74 +SHA1 Fingerprint=AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4 diff --git a/luni/src/main/java/java/util/Locale.java b/luni/src/main/java/java/util/Locale.java index b1a056a..9889c2f 100644 --- a/luni/src/main/java/java/util/Locale.java +++ b/luni/src/main/java/java/util/Locale.java @@ -95,7 +95,7 @@ import libcore.icu.ICU; * <td><a href="http://site.icu-project.org/download/51">ICU 51</a></td> * <td><a href="http://cldr.unicode.org/index/downloads/cldr-23">CLDR 23</a></td> * <td><a href="http://www.unicode.org/versions/Unicode6.2.0/">Unicode 6.2</a></td></tr> - * <tr><td>Android 4.? (STOPSHIP)</td> + * <tr><td>Android 5.0 (Lollipop)</td> * <td><a href="http://site.icu-project.org/download/53">ICU 53</a></td> * <td><a href="http://cldr.unicode.org/index/downloads/cldr-25">CLDR 25</a></td> * <td><a href="http://www.unicode.org/versions/Unicode6.3.0/">Unicode 6.3</a></td></tr> diff --git a/luni/src/main/java/org/apache/harmony/security/utils/JarUtils.java b/luni/src/main/java/org/apache/harmony/security/utils/JarUtils.java index 33584d8..020663e 100644 --- a/luni/src/main/java/org/apache/harmony/security/utils/JarUtils.java +++ b/luni/src/main/java/org/apache/harmony/security/utils/JarUtils.java @@ -31,6 +31,7 @@ import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.Signature; import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -82,8 +83,10 @@ public class JarUtils { CertificateFactory cf = CertificateFactory.getInstance("X.509"); int i = 0; for (org.apache.harmony.security.x509.Certificate encCert : encCerts) { - final InputStream is = new ByteArrayInputStream(encCert.getEncoded()); - certs[i++] = (X509Certificate) cf.generateCertificate(is); + final byte[] encoded = encCert.getEncoded(); + final InputStream is = new ByteArrayInputStream(encoded); + certs[i++] = new VerbatimX509Certificate((X509Certificate) cf.generateCertificate(is), + encoded); } List<SignerInfo> sigInfos = signedData.getSignerInfos(); @@ -246,6 +249,10 @@ public class JarUtils { } chain.add(issuerCert); count++; + /* Prevent growing infinitely if there is a loop */ + if (count > candidates.length) { + break; + } issuer = issuerCert.getIssuerDN(); if (issuerCert.getSubjectDN().equals(issuer)) { break; @@ -263,4 +270,22 @@ public class JarUtils { return null; } + /** + * For legacy reasons we need to return exactly the original encoded + * certificate bytes, instead of letting the underlying implementation have + * a shot at re-encoding the data. + */ + private static class VerbatimX509Certificate extends WrappedX509Certificate { + private byte[] encodedVerbatim; + + public VerbatimX509Certificate(X509Certificate wrapped, byte[] encodedVerbatim) { + super(wrapped); + this.encodedVerbatim = encodedVerbatim; + } + + @Override + public byte[] getEncoded() throws CertificateEncodingException { + return encodedVerbatim; + } + } } diff --git a/luni/src/main/java/org/apache/harmony/security/utils/WrappedX509Certificate.java b/luni/src/main/java/org/apache/harmony/security/utils/WrappedX509Certificate.java new file mode 100644 index 0000000..2b09309 --- /dev/null +++ b/luni/src/main/java/org/apache/harmony/security/utils/WrappedX509Certificate.java @@ -0,0 +1,175 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.harmony.security.utils; + +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.PublicKey; +import java.security.SignatureException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; +import java.util.Date; +import java.util.Set; + +public class WrappedX509Certificate extends X509Certificate { + private final X509Certificate wrapped; + + public WrappedX509Certificate(X509Certificate wrapped) { + this.wrapped = wrapped; + } + + @Override + public Set<String> getCriticalExtensionOIDs() { + return wrapped.getCriticalExtensionOIDs(); + } + + @Override + public byte[] getExtensionValue(String oid) { + return wrapped.getExtensionValue(oid); + } + + @Override + public Set<String> getNonCriticalExtensionOIDs() { + return wrapped.getNonCriticalExtensionOIDs(); + } + + @Override + public boolean hasUnsupportedCriticalExtension() { + return wrapped.hasUnsupportedCriticalExtension(); + } + + @Override + public void checkValidity() throws CertificateExpiredException, + CertificateNotYetValidException { + wrapped.checkValidity(); + } + + @Override + public void checkValidity(Date date) throws CertificateExpiredException, + CertificateNotYetValidException { + wrapped.checkValidity(date); + } + + @Override + public int getVersion() { + return wrapped.getVersion(); + } + + @Override + public BigInteger getSerialNumber() { + return wrapped.getSerialNumber(); + } + + @Override + public Principal getIssuerDN() { + return wrapped.getIssuerDN(); + } + + @Override + public Principal getSubjectDN() { + return wrapped.getSubjectDN(); + } + + @Override + public Date getNotBefore() { + return wrapped.getNotBefore(); + } + + @Override + public Date getNotAfter() { + return wrapped.getNotAfter(); + } + + @Override + public byte[] getTBSCertificate() throws CertificateEncodingException { + return wrapped.getTBSCertificate(); + } + + @Override + public byte[] getSignature() { + return wrapped.getSignature(); + } + + @Override + public String getSigAlgName() { + return wrapped.getSigAlgName(); + } + + @Override + public String getSigAlgOID() { + return wrapped.getSigAlgOID(); + } + + @Override + public byte[] getSigAlgParams() { + return wrapped.getSigAlgParams(); + } + + @Override + public boolean[] getIssuerUniqueID() { + return wrapped.getIssuerUniqueID(); + } + + @Override + public boolean[] getSubjectUniqueID() { + return wrapped.getSubjectUniqueID(); + } + + @Override + public boolean[] getKeyUsage() { + return wrapped.getKeyUsage(); + } + + @Override + public int getBasicConstraints() { + return wrapped.getBasicConstraints(); + } + + @Override + public byte[] getEncoded() throws CertificateEncodingException { + return wrapped.getEncoded(); + } + + @Override + public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { + wrapped.verify(key); + } + + @Override + public void verify(PublicKey key, String sigProvider) throws CertificateException, + NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, + SignatureException { + verify(key, sigProvider); + } + + @Override + public String toString() { + return wrapped.toString(); + } + + @Override + public PublicKey getPublicKey() { + return wrapped.getPublicKey(); + } +} diff --git a/luni/src/main/java/org/apache/harmony/xml/parsers/DocumentBuilderImpl.java b/luni/src/main/java/org/apache/harmony/xml/parsers/DocumentBuilderImpl.java index d1079c8..040a012 100644 --- a/luni/src/main/java/org/apache/harmony/xml/parsers/DocumentBuilderImpl.java +++ b/luni/src/main/java/org/apache/harmony/xml/parsers/DocumentBuilderImpl.java @@ -416,11 +416,13 @@ class DocumentBuilderImpl extends DocumentBuilder { private String resolveCharacterReference(String value, int base) { try { - int ch = Integer.parseInt(value, base); - if (ch < 0 || ch > Character.MAX_VALUE) { - return null; + int codePoint = Integer.parseInt(value, base); + if (Character.isBmpCodePoint(codePoint)) { + return String.valueOf((char) codePoint); + } else { + char[] surrogatePair = Character.toChars(codePoint); + return new String(surrogatePair); } - return String.valueOf((char) ch); } catch (NumberFormatException ex) { return null; } diff --git a/luni/src/test/java/libcore/icu/DateIntervalFormatTest.java b/luni/src/test/java/libcore/icu/DateIntervalFormatTest.java index ae85595..f356e68 100644 --- a/luni/src/test/java/libcore/icu/DateIntervalFormatTest.java +++ b/luni/src/test/java/libcore/icu/DateIntervalFormatTest.java @@ -408,4 +408,16 @@ public class DateIntervalFormatTest extends junit.framework.TestCase { assertEquals("یکشنبه د ۱۹۸۰ د فبروري ۱۰", formatDateRange(new Locale("ps"), utc, thisYear, thisYear, flags)); assertEquals("วันอาทิตย์ 10 กุมภาพันธ์ 1980", formatDateRange(new Locale("th"), utc, thisYear, thisYear, flags)); } + + // http://b/13234532 + public void test13234532() throws Exception { + Locale l = Locale.US; + TimeZone utc = TimeZone.getTimeZone("UTC"); + + int flags = FORMAT_SHOW_TIME | FORMAT_ABBREV_ALL | FORMAT_12HOUR; + + assertEquals("10 – 11 AM", formatDateRange(l, utc, 10*HOUR, 11*HOUR, flags)); + assertEquals("11 AM – 1 PM", formatDateRange(l, utc, 11*HOUR, 13*HOUR, flags)); + assertEquals("2 – 3 PM", formatDateRange(l, utc, 14*HOUR, 15*HOUR, flags)); + } } diff --git a/luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java b/luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java index 1a24667..07ecd12 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/DefaultHostnameVerifierTest.java @@ -198,6 +198,11 @@ public final class DefaultHostnameVerifierTest extends TestCase { assertFalse(verifyWithDomainNamePattern("ddd.", "d*d.")); } + public void testNoPrefixMatch() { + assertFalse(verifyWithDomainNamePattern("imap.google.com.au", "imap.google.com")); + assertFalse(verifyWithDomainNamePattern("imap.google.com.au", "*.google.com")); + } + public void testVerifyHostName() { assertTrue(verifyWithDomainNamePattern("a.b.c.d", "a.b.c.d")); assertTrue(verifyWithDomainNamePattern("a.b.c.d", "*.b.c.d")); diff --git a/luni/src/test/java/libcore/xml/KxmlSerializerTest.java b/luni/src/test/java/libcore/xml/KxmlSerializerTest.java index 6a75a9b..5f68a99 100644 --- a/luni/src/test/java/libcore/xml/KxmlSerializerTest.java +++ b/luni/src/test/java/libcore/xml/KxmlSerializerTest.java @@ -22,7 +22,9 @@ import java.io.StringWriter; import junit.framework.TestCase; import org.kxml2.io.KXmlSerializer; import org.w3c.dom.Document; +import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import org.w3c.dom.Text; import org.xmlpull.v1.XmlSerializer; import static tests.support.Support_Xml.domOf; @@ -87,12 +89,67 @@ public final class KxmlSerializerTest extends TestCase { return serializer; } + public String fromCodePoint(int codePoint) { + if (codePoint > Character.MAX_VALUE) { + return new String(Character.toChars(codePoint)); + } + return Character.toString((char) codePoint); + } + + // http://b/17960630 + public void testSpeakNoEvilMonkeys() throws Exception { + StringWriter stringWriter = new StringWriter(); + XmlSerializer serializer = new KXmlSerializer(); + serializer.setOutput(stringWriter); + serializer.startDocument("UTF-8", null); + serializer.startTag(NAMESPACE, "tag"); + serializer.attribute(NAMESPACE, "attr", "a\ud83d\ude4ab"); + serializer.text("c\ud83d\ude4ad"); + serializer.cdsect("e\ud83d\ude4af"); + serializer.endTag(NAMESPACE, "tag"); + serializer.endDocument(); + assertXmlEquals("<tag attr=\"a🙊b\">" + + "c🙊d" + + "<![CDATA[e]]>🙊<![CDATA[f]]>" + + "</tag>", stringWriter.toString()); + + // Check we can parse what we just output. + Document doc = domOf(stringWriter.toString()); + Node root = doc.getDocumentElement(); + assertEquals("a\ud83d\ude4ab", root.getAttributes().getNamedItem("attr").getNodeValue()); + Text text = (Text) root.getFirstChild(); + assertEquals("c\ud83d\ude4ade\ud83d\ude4af", text.getNodeValue()); + } + + public void testBadSurrogates() throws Exception { + StringWriter stringWriter = new StringWriter(); + XmlSerializer serializer = new KXmlSerializer(); + serializer.setOutput(stringWriter); + serializer.startDocument("UTF-8", null); + serializer.startTag(NAMESPACE, "tag"); + try { + serializer.attribute(NAMESPACE, "attr", "a\ud83d\u0040b"); + } catch (IllegalArgumentException expected) { + } + try { + serializer.text("c\ud83d\u0040d"); + } catch (IllegalArgumentException expected) { + } + try { + serializer.cdsect("e\ud83d\u0040f"); + } catch (IllegalArgumentException expected) { + } + } + + // Cover all the BMP code points plus a few that require us to use surrogates. + private static int MAX_TEST_CODE_POINT = 0x10008; + public void testInvalidCharactersInText() throws IOException { XmlSerializer serializer = newSerializer(); serializer.startTag(NAMESPACE, "root"); - for (int ch = 0; ch <= 0xffff; ++ch) { - final String s = Character.toString((char) ch); - if (isValidXmlCodePoint(ch)) { + for (int c = 0; c <= MAX_TEST_CODE_POINT; ++c) { + final String s = fromCodePoint(c); + if (isValidXmlCodePoint(c)) { serializer.text("a" + s + "b"); } else { try { @@ -108,9 +165,9 @@ public final class KxmlSerializerTest extends TestCase { public void testInvalidCharactersInAttributeValues() throws IOException { XmlSerializer serializer = newSerializer(); serializer.startTag(NAMESPACE, "root"); - for (int ch = 0; ch <= 0xffff; ++ch) { - final String s = Character.toString((char) ch); - if (isValidXmlCodePoint(ch)) { + for (int c = 0; c <= MAX_TEST_CODE_POINT; ++c) { + final String s = fromCodePoint(c); + if (isValidXmlCodePoint(c)) { serializer.attribute(NAMESPACE, "a", "a" + s + "b"); } else { try { @@ -126,9 +183,9 @@ public final class KxmlSerializerTest extends TestCase { public void testInvalidCharactersInCdataSections() throws IOException { XmlSerializer serializer = newSerializer(); serializer.startTag(NAMESPACE, "root"); - for (int ch = 0; ch <= 0xffff; ++ch) { - final String s = Character.toString((char) ch); - if (isValidXmlCodePoint(ch)) { + for (int c = 0; c <= MAX_TEST_CODE_POINT; ++c) { + final String s = fromCodePoint(c); + if (isValidXmlCodePoint(c)) { serializer.cdsect("a" + s + "b"); } else { try { diff --git a/support/src/test/java/libcore/java/security/TestKeyStore.java b/support/src/test/java/libcore/java/security/TestKeyStore.java index 203c028..bd64360 100644 --- a/support/src/test/java/libcore/java/security/TestKeyStore.java +++ b/support/src/test/java/libcore/java/security/TestKeyStore.java @@ -47,6 +47,7 @@ import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.security.Security; +import java.security.UnrecoverableEntryException; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; @@ -260,6 +261,7 @@ public final class TestKeyStore extends Assert { private X500Principal subject; private int keyUsage; private boolean ca; + private PrivateKeyEntry privateEntry; private PrivateKeyEntry signer; private Certificate rootCa; private final List<KeyPurposeId> extendedKeyUsages = new ArrayList<KeyPurposeId>(); @@ -314,6 +316,12 @@ public final class TestKeyStore extends Assert { return this; } + /** a private key entry to use for the generation of the certificate */ + public Builder privateEntry(PrivateKeyEntry privateEntry) { + this.privateEntry = privateEntry; + return this; + } + /** a private key entry to be used for signing, otherwise self-sign */ public Builder signer(PrivateKeyEntry signer) { this.signer = signer; @@ -368,21 +376,32 @@ public final class TestKeyStore extends Assert { } } + /* + * This is not implemented for other key types because the logic + * would be long to write and it's not needed currently. + */ + if (privateEntry != null + && (keyAlgorithms.length != 1 || !"RSA".equals(keyAlgorithms[0]))) { + throw new IllegalStateException( + "Only reusing an existing key is implemented for RSA"); + } + KeyStore keyStore = createKeyStore(); for (String keyAlgorithm : keyAlgorithms) { String publicAlias = aliasPrefix + "-public-" + keyAlgorithm; String privateAlias = aliasPrefix + "-private-" + keyAlgorithm; if ((keyAlgorithm.equals("EC_RSA") || keyAlgorithm.equals("DH_RSA")) && signer == null && rootCa == null) { - createKeys(keyStore, keyAlgorithm, publicAlias, privateAlias, - privateKey(keyStore, keyPassword, "RSA", "RSA")); + createKeys(keyStore, keyAlgorithm, publicAlias, privateAlias, null, + privateKey(keyStore, keyPassword, "RSA", "RSA")); continue; } else if (keyAlgorithm.equals("DH_DSA") && signer == null && rootCa == null) { - createKeys(keyStore, keyAlgorithm, publicAlias, privateAlias, + createKeys(keyStore, keyAlgorithm, publicAlias, privateAlias, null, privateKey(keyStore, keyPassword, "DSA", "DSA")); continue; } - createKeys(keyStore, keyAlgorithm, publicAlias, privateAlias, signer); + createKeys(keyStore, keyAlgorithm, publicAlias, privateAlias, privateEntry, + signer); } if (rootCa != null) { keyStore.setCertificateEntry(aliasPrefix @@ -416,6 +435,7 @@ public final class TestKeyStore extends Assert { String keyAlgorithm, String publicAlias, String privateAlias, + PrivateKeyEntry privateEntry, PrivateKeyEntry signer) throws Exception { PrivateKey caKey; X509Certificate caCert; @@ -430,41 +450,50 @@ public final class TestKeyStore extends Assert { caCertChain = (X509Certificate[])signer.getCertificateChain(); } - PrivateKey privateKey; + final PrivateKey privateKey; + final PublicKey publicKey; X509Certificate x509c; if (publicAlias == null && privateAlias == null) { // don't want anything apparently privateKey = null; + publicKey = null; x509c = null; } else { - // 1.) we make the keys - int keySize; - if (keyAlgorithm.equals("RSA")) { - // 512 breaks SSL_RSA_EXPORT_* on RI and TLS_ECDHE_RSA_WITH_RC4_128_SHA for us - keySize = 1024; - } else if (keyAlgorithm.equals("DH_RSA")) { - keySize = 512; - keyAlgorithm = "DH"; - } else if (keyAlgorithm.equals("DSA")) { - keySize = 512; - } else if (keyAlgorithm.equals("DH_DSA")) { - keySize = 512; - keyAlgorithm = "DH"; - } else if (keyAlgorithm.equals("EC")) { - keySize = 256; - } else if (keyAlgorithm.equals("EC_RSA")) { - keySize = 256; - keyAlgorithm = "EC"; - } else { - throw new IllegalArgumentException("Unknown key algorithm " + keyAlgorithm); - } + if (privateEntry == null) { + // 1a.) we make the keys + int keySize; + if (keyAlgorithm.equals("RSA")) { + // 512 breaks SSL_RSA_EXPORT_* on RI and + // TLS_ECDHE_RSA_WITH_RC4_128_SHA for us + keySize = 1024; + } else if (keyAlgorithm.equals("DH_RSA")) { + keySize = 512; + keyAlgorithm = "DH"; + } else if (keyAlgorithm.equals("DSA")) { + keySize = 512; + } else if (keyAlgorithm.equals("DH_DSA")) { + keySize = 512; + keyAlgorithm = "DH"; + } else if (keyAlgorithm.equals("EC")) { + keySize = 256; + } else if (keyAlgorithm.equals("EC_RSA")) { + keySize = 256; + keyAlgorithm = "EC"; + } else { + throw new IllegalArgumentException("Unknown key algorithm " + keyAlgorithm); + } - KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgorithm); - kpg.initialize(keySize, new SecureRandom()); + KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgorithm); + kpg.initialize(keySize, new SecureRandom()); - KeyPair kp = kpg.generateKeyPair(); - privateKey = kp.getPrivate(); - PublicKey publicKey = kp.getPublic(); + KeyPair kp = kpg.generateKeyPair(); + privateKey = kp.getPrivate(); + publicKey = kp.getPublic(); + } else { + // 1b.) we use the previous keys + privateKey = privateEntry.getPrivateKey(); + publicKey = privateEntry.getCertificate().getPublicKey(); + } // 2.) use keys to make certificate X500Principal issuer = ((caCert != null) @@ -820,6 +849,24 @@ public final class TestKeyStore extends Assert { } /** + * Return an {@code X509Certificate that matches the given {@code alias}. + */ + public KeyStore.Entry getEntryByAlias(String alias) { + return entryByAlias(keyStore, alias); + } + + /** + * Finds an entry in the keystore by the given alias. + */ + public static KeyStore.Entry entryByAlias(KeyStore keyStore, String alias) { + try { + return keyStore.getEntry(alias, null); + } catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) { + throw new RuntimeException(e); + } + } + + /** * Create a client key store that only contains self-signed certificates but no private keys */ public static KeyStore createClient(KeyStore caKeyStore) { diff --git a/support/src/test/java/tests/resources/hyts_certLoop.jar b/support/src/test/java/tests/resources/hyts_certLoop.jar Binary files differnew file mode 100644 index 0000000..cb4ebe1 --- /dev/null +++ b/support/src/test/java/tests/resources/hyts_certLoop.jar diff --git a/xml/src/main/java/org/kxml2/io/KXmlSerializer.java b/xml/src/main/java/org/kxml2/io/KXmlSerializer.java index 8fa2756..bfdeece 100644 --- a/xml/src/main/java/org/kxml2/io/KXmlSerializer.java +++ b/xml/src/main/java/org/kxml2/io/KXmlSerializer.java @@ -125,14 +125,18 @@ public class KXmlSerializer implements XmlSerializer { // otherwise generate. // Note: tab, newline, and carriage return have already been // handled above. - boolean valid = (c >= 0x20 && c <= 0xd7ff) || (c >= 0xe000 && c <= 0xfffd); - if (!valid) { - reportInvalidCharacter(c); - } - if (unicode || c < 127) { - writer.write(c); + boolean allowedInXml = (c >= 0x20 && c <= 0xd7ff) || (c >= 0xe000 && c <= 0xfffd); + if (allowedInXml) { + if (unicode || c < 127) { + writer.write(c); + } else { + writer.write("&#" + ((int) c) + ";"); + } + } else if (Character.isHighSurrogate(c) && i < s.length() - 1) { + writeSurrogate(c, s.charAt(i + 1)); + ++i; } else { - writer.write("&#" + ((int) c) + ";"); + reportInvalidCharacter(c); } // END android-changed } @@ -141,7 +145,7 @@ public class KXmlSerializer implements XmlSerializer { // BEGIN android-added private static void reportInvalidCharacter(char ch) { - throw new IllegalArgumentException("Illegal character (" + Integer.toHexString((int) ch) + ")"); + throw new IllegalArgumentException("Illegal character (U+" + Integer.toHexString((int) ch) + ")"); } // END android-added @@ -548,22 +552,41 @@ public class KXmlSerializer implements XmlSerializer { // BEGIN android-changed: ]]> is not allowed within a CDATA, // so break and start a new one when necessary. data = data.replace("]]>", "]]]]><![CDATA[>"); - char[] chars = data.toCharArray(); - // We also aren't allowed any invalid characters. - for (char ch : chars) { - boolean valid = (ch >= 0x20 && ch <= 0xd7ff) || + writer.write("<![CDATA["); + for (int i = 0; i < data.length(); ++i) { + char ch = data.charAt(i); + boolean allowedInCdata = (ch >= 0x20 && ch <= 0xd7ff) || (ch == '\t' || ch == '\n' || ch == '\r') || (ch >= 0xe000 && ch <= 0xfffd); - if (!valid) { + if (allowedInCdata) { + writer.write(ch); + } else if (Character.isHighSurrogate(ch) && i < data.length() - 1) { + // Character entities aren't valid in CDATA, so break out for this. + writer.write("]]>"); + writeSurrogate(ch, data.charAt(++i)); + writer.write("<![CDATA["); + } else { reportInvalidCharacter(ch); } } - writer.write("<![CDATA["); - writer.write(chars, 0, chars.length); writer.write("]]>"); // END android-changed } + // BEGIN android-added + private void writeSurrogate(char high, char low) throws IOException { + if (!Character.isLowSurrogate(low)) { + throw new IllegalArgumentException("Bad surrogate pair (U+" + Integer.toHexString((int) high) + + " U+" + Integer.toHexString((int) low) + ")"); + } + // Java-style surrogate pairs aren't allowed in XML. We could use the > 3-byte encodings, but that + // seems likely to upset anything expecting modified UTF-8 rather than "real" UTF-8. It seems more + // conservative in a Java environment to use an entity reference instead. + int codePoint = Character.toCodePoint(high, low); + writer.write("&#" + codePoint + ";"); + } + // END android-added + public void comment(String comment) throws IOException { check(false); writer.write("<!--"); |