diff options
8 files changed, 9 insertions, 379 deletions
diff --git a/luni/src/main/java/javax/net/ssl/SSLEngine.java b/luni/src/main/java/javax/net/ssl/SSLEngine.java index d63ee94..59cdf62 100644 --- a/luni/src/main/java/javax/net/ssl/SSLEngine.java +++ b/luni/src/main/java/javax/net/ssl/SSLEngine.java @@ -778,18 +778,6 @@ public abstract class SSLEngine { public abstract SSLSession getSession(); /** - * Returns the SSL session for this engine instance. Does not cause the - * handshake to start if it has not already started. - * - * @return the SSL session for this engine instance. - * @since 1.7 - * @hide - */ - public SSLSession getHandshakeSession() { - throw new UnsupportedOperationException(); - } - - /** * Returns the SSL cipher suite names that are supported by this engine. * These cipher suites can be enabled using * {@link #setEnabledCipherSuites(String[])}. diff --git a/luni/src/main/java/javax/net/ssl/SSLParameters.java b/luni/src/main/java/javax/net/ssl/SSLParameters.java index b8fdc38..054abe2 100644 --- a/luni/src/main/java/javax/net/ssl/SSLParameters.java +++ b/luni/src/main/java/javax/net/ssl/SSLParameters.java @@ -139,28 +139,4 @@ public class SSLParameters { this.wantClientAuth = wantClientAuth; this.needClientAuth = false; } - - /** - * Returns a string indicating the endpoint identification algorithm to be - * used to identify the remote endpoint. - * - * @see #setEndpointIdentificationAlgorithm(String) - * @since 1.7 - * @hide - */ - public String getEndpointIdentificationAlgorithm() { - return endpointIdentificationAlgorithm; - } - - /** - * Sets the endpoint identification algorithm to be used to identify the - * remote endpoint. - * - * @see #getEndpointIdentificationAlgorithm() - * @since 1.7 - * @hide - */ - public void setEndpointIdentificationAlgorithm(String endpointIdentificationAlgorithm) { - this.endpointIdentificationAlgorithm = endpointIdentificationAlgorithm; - } } diff --git a/luni/src/main/java/javax/net/ssl/SSLSocket.java b/luni/src/main/java/javax/net/ssl/SSLSocket.java index f681681..72e1dbe 100644 --- a/luni/src/main/java/javax/net/ssl/SSLSocket.java +++ b/luni/src/main/java/javax/net/ssl/SSLSocket.java @@ -889,19 +889,6 @@ public abstract class SSLSocket extends Socket { public abstract SSLSession getSession(); /** - * Returns the {@code SSLSession} for this connection. It will not initiate - * the handshake and thus will not block until the handshake has been - * established. - * - * @return the session object. - * @since 1.7 - * @hide - */ - public SSLSession getHandshakeSession() { - throw new UnsupportedOperationException(); - } - - /** * Registers the specified listener to receive notification on completion of * a handshake on this connection. * diff --git a/luni/src/main/java/javax/net/ssl/X509ExtendedTrustManager.java b/luni/src/main/java/javax/net/ssl/X509ExtendedTrustManager.java deleted file mode 100644 index 8b398ce..0000000 --- a/luni/src/main/java/javax/net/ssl/X509ExtendedTrustManager.java +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright 2014 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.net.Socket; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; - -/** - * Allows the connection constraints such as hostname verification and algorithm - * constraints to be checked along with the checks done in - * {@link X509TrustManager}. - * - * @see SSLParameters#setEndpointIdentificationAlgorithm(String) - * @since 1.7 - * @hide - */ -public abstract class X509ExtendedTrustManager implements X509TrustManager { - /** - * Checks whether the specified certificate chain (partial or complete) can - * be validated and is trusted for client authentication for the specified - * authentication type. - * <p> - * If the {@code socket} is supplied, its {@link SSLParameters} will be - * checked for endpoint identification. - * - * @param chain the certificate chain to validate. - * @param authType the authentication type used. - * @param socket the socket from which to check the {@link SSLParameters} - * @throws CertificateException if the certificate chain can't be validated - * or isn't trusted. - * @throws IllegalArgumentException if the specified certificate chain is - * empty or {@code null}, or if the specified authentication - * type is {@code null} or an empty string. - */ - public abstract void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) - throws CertificateException; - - /** - * Checks whether the specified certificate chain (partial or complete) can - * be validated and is trusted for server authentication for the specified - * key exchange algorithm. - * <p> - * If the {@code socket} is supplied, its {@link SSLParameters} will be - * checked for endpoint identification. - * - * @param chain the certificate chain to validate. - * @param authType the authentication type used. - * @param socket the socket from which to check the {@link SSLParameters} - * @throws CertificateException if the certificate chain can't be validated - * or isn't trusted. - * @throws IllegalArgumentException if the specified certificate chain is - * empty or {@code null}, or if the specified authentication - * type is {@code null} or an empty string. - */ - public abstract void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) - throws CertificateException; - - /** - * Checks whether the specified certificate chain (partial or complete) can - * be validated and is trusted for client authentication for the specified - * authentication type. - * <p> - * If the {@code engine} is supplied, its {@link SSLParameters} will be - * checked for endpoint identification. - * - * @param chain the certificate chain to validate. - * @param authType the authentication type used. - * @param engine the engine from which to check the {@link SSLParameters} - * @throws CertificateException if the certificate chain can't be validated - * or isn't trusted. - * @throws IllegalArgumentException if the specified certificate chain is - * empty or {@code null}, or if the specified authentication - * type is {@code null} or an empty string. - */ - public abstract void checkClientTrusted(X509Certificate[] chain, String authType, - SSLEngine engine) throws CertificateException; - - /** - * Checks whether the specified certificate chain (partial or complete) can - * be validated and is trusted for server authentication for the specified - * key exchange algorithm. - * <p> - * If the {@code engine} is supplied, its {@link SSLParameters} will be - * checked for endpoint identification. - * - * @param chain the certificate chain to validate. - * @param authType the authentication type used. - * @param engine the engine from which to check the {@link SSLParameters} - * @throws CertificateException if the certificate chain can't be validated - * or isn't trusted. - * @throws IllegalArgumentException if the specified certificate chain is - * empty or {@code null}, or if the specified authentication - * type is {@code null} or an empty string. - */ - public abstract void checkServerTrusted(X509Certificate[] chain, String authType, - SSLEngine engine) throws CertificateException; -} diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java index aab836b..8e29e71 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java @@ -593,20 +593,6 @@ public class SSLEngineTest extends TestCase { } } - public void test_SSLEngine_endpointVerification_Success() throws Exception { - TestSSLContext c = TestSSLContext.create(); - TestSSLEnginePair p = TestSSLEnginePair.create(c, new TestSSLEnginePair.Hooks() { - @Override - void beforeBeginHandshake(SSLEngine client, SSLEngine server) { - SSLParameters p = client.getSSLParameters(); - p.setEndpointIdentificationAlgorithm("HTTPS"); - client.setSSLParameters(p); - } - }); - assertConnected(p); - c.close(); - } - public void test_SSLEngine_getEnableSessionCreation() throws Exception { TestSSLContext c = TestSSLContext.create(); SSLEngine e = c.clientContext.createSSLEngine(); diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java index cd47297..d24ef0b 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java @@ -301,13 +301,6 @@ public class SSLSocketTest extends TestCase { assertFalse(session.isValid()); } - public void test_SSLSocket_getHandshakeSession() throws Exception { - SSLSocketFactory sf = (SSLSocketFactory) SSLSocketFactory.getDefault(); - SSLSocket ssl = (SSLSocket) sf.createSocket(); - SSLSession session = ssl.getHandshakeSession(); - assertNull(session); - } - public void test_SSLSocket_startHandshake() throws Exception { final TestSSLContext c = TestSSLContext.create(); SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket(c.host, @@ -318,7 +311,6 @@ public class SSLSocketTest extends TestCase { @Override public Void call() throws Exception { server.startHandshake(); assertNotNull(server.getSession()); - assertNull(server.getHandshakeSession()); try { server.getSession().getPeerCertificates(); fail(); @@ -530,7 +522,6 @@ public class SSLSocketTest extends TestCase { assertSame(client, socket); assertTrue(socket instanceof SSLSocket); - assertNull(((SSLSocket) socket).getHandshakeSession()); synchronized (handshakeCompletedListenerCalled) { handshakeCompletedListenerCalled[0] = true; @@ -961,14 +952,6 @@ public class SSLSocketTest extends TestCase { assertEquals(p.getWantClientAuth(), ssl.getWantClientAuth()); assertEquals(p.getNeedClientAuth(), ssl.getNeedClientAuth()); - - assertNull(p.getEndpointIdentificationAlgorithm()); - p.setEndpointIdentificationAlgorithm(null); - assertNull(p.getEndpointIdentificationAlgorithm()); - p.setEndpointIdentificationAlgorithm("HTTPS"); - assertEquals("HTTPS", p.getEndpointIdentificationAlgorithm()); - p.setEndpointIdentificationAlgorithm("FOO"); - assertEquals("FOO", p.getEndpointIdentificationAlgorithm()); } public void test_SSLSocket_setSSLParameters() throws Exception { @@ -1152,84 +1135,6 @@ public class SSLSocketTest extends TestCase { server.close(); } - public void test_SSLSocket_endpointIdentification_Success() throws Exception { - final TestSSLContext c = TestSSLContext.create(); - SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket(); - SSLParameters p = client.getSSLParameters(); - p.setEndpointIdentificationAlgorithm("HTTPS"); - client.connect(new InetSocketAddress(c.host, c.port)); - final SSLSocket server = (SSLSocket) c.serverSocket.accept(); - ExecutorService executor = Executors.newSingleThreadExecutor(); - Future<Void> future = executor.submit(new Callable<Void>() { - @Override public Void call() throws Exception { - server.startHandshake(); - assertNotNull(server.getSession()); - try { - server.getSession().getPeerCertificates(); - fail(); - } catch (SSLPeerUnverifiedException expected) { - } - Certificate[] localCertificates = server.getSession().getLocalCertificates(); - assertNotNull(localCertificates); - TestKeyStore.assertChainLength(localCertificates); - assertNotNull(localCertificates[0]); - TestSSLContext.assertCertificateInKeyStore(localCertificates[0], - c.serverKeyStore); - return null; - } - }); - executor.shutdown(); - client.startHandshake(); - assertNotNull(client.getSession()); - assertNull(client.getSession().getLocalCertificates()); - Certificate[] peerCertificates = client.getSession().getPeerCertificates(); - assertNotNull(peerCertificates); - TestKeyStore.assertChainLength(peerCertificates); - assertNotNull(peerCertificates[0]); - TestSSLContext.assertCertificateInKeyStore(peerCertificates[0], c.serverKeyStore); - future.get(); - client.close(); - server.close(); - c.close(); - } - - public void test_SSLSocket_endpointIdentification_Failure() throws Exception { - - final TestSSLContext c = TestSSLContext.create(); - SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket( - InetAddress.getByName("127.0.0.2"), c.port); - SSLParameters p = client.getSSLParameters(); - p.setEndpointIdentificationAlgorithm("HTTPS"); - client.setSSLParameters(p); - // client.connect(new InetSocketAddress(c.host, c.port)); - final SSLSocket server = (SSLSocket) c.serverSocket.accept(); - ExecutorService executor = Executors.newSingleThreadExecutor(); - Future<Void> future = executor.submit(new Callable<Void>() { - @Override public Void call() throws Exception { - try { - server.startHandshake(); - fail("Should receive SSLHandshakeException as server"); - } catch (SSLHandshakeException expected) { - } - return null; - } - }); - executor.shutdown(); - try { - client.startHandshake(); - fail("Should throw when hostname does not match expected"); - } catch (SSLHandshakeException expected) { - } finally { - try { - future.get(); - } finally { - client.close(); - server.close(); - c.close(); - } - } - } - public void test_SSLSocket_setSoTimeout_basic() throws Exception { ServerSocket listening = new ServerSocket(0); diff --git a/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java b/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java index 5741f2b..8dd2085 100644 --- a/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java +++ b/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java @@ -33,7 +33,6 @@ import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; -import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; import junit.framework.Assert; import libcore.java.security.StandardNames; @@ -83,8 +82,8 @@ public final class TestSSLContext extends Assert { public final char[] serverStorePassword; public final KeyManager[] clientKeyManagers; public final KeyManager[] serverKeyManagers; - public final X509ExtendedTrustManager clientTrustManager; - public final X509ExtendedTrustManager serverTrustManager; + public final X509TrustManager clientTrustManager; + public final X509TrustManager serverTrustManager; public final SSLContext clientContext; public final SSLContext serverContext; public final SSLServerSocket serverSocket; @@ -97,8 +96,8 @@ public final class TestSSLContext extends Assert { char[] serverStorePassword, KeyManager[] clientKeyManagers, KeyManager[] serverKeyManagers, - X509ExtendedTrustManager clientTrustManager, - X509ExtendedTrustManager serverTrustManager, + X509TrustManager clientTrustManager, + X509TrustManager serverTrustManager, SSLContext clientContext, SSLContext serverContext, SSLServerSocket serverSocket, @@ -189,8 +188,8 @@ public final class TestSSLContext extends Assert { serverKeyStore, serverStorePassword, clientKeyManagers, serverKeyManagers, - (X509ExtendedTrustManager) clientTrustManagers, - (X509ExtendedTrustManager) serverTrustManagers, + (X509TrustManager) clientTrustManagers, + (X509TrustManager) serverTrustManagers, clientContext, serverContext, serverSocket, host, port); } catch (RuntimeException e) { diff --git a/support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java b/support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java index b703984..dc4bb28 100644 --- a/support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java +++ b/support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java @@ -20,7 +20,6 @@ import java.io.PrintStream; import java.net.Socket; import javax.net.ssl.SSLEngine; import javax.net.ssl.TrustManager; -import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -29,16 +28,15 @@ import libcore.java.security.StandardNames; /** * TestTrustManager is a simple proxy class that wraps an existing - * X509ExtendedTrustManager to provide debug logging and recording of + * X509TrustManager to provide debug logging and recording of * values. */ -public final class TestTrustManager extends X509ExtendedTrustManager { +public final class TestTrustManager implements X509TrustManager { private static final boolean LOG = false; private static final PrintStream out = LOG ? System.out : new NullPrintStream(); private final X509TrustManager trustManager; - private final X509ExtendedTrustManager extendedTrustManager; public static TrustManager[] wrap(TrustManager[] trustManagers) { TrustManager[] result = trustManagers.clone(); @@ -49,23 +47,14 @@ public final class TestTrustManager extends X509ExtendedTrustManager { } public static TrustManager wrap(TrustManager trustManager) { - if (trustManager instanceof X509ExtendedTrustManager) { - return new TestTrustManager((X509ExtendedTrustManager) trustManager); - } else if (trustManager instanceof X509TrustManager) { + if (trustManager instanceof X509TrustManager) { return new TestTrustManager((X509TrustManager) trustManager); } return trustManager; } - public TestTrustManager(X509ExtendedTrustManager trustManager) { - out.println("TestTrustManager.<init> extendedTrustManager=" + trustManager); - this.extendedTrustManager = trustManager; - this.trustManager = trustManager; - } - public TestTrustManager(X509TrustManager trustManager) { out.println("TestTrustManager.<init> trustManager=" + trustManager); - this.extendedTrustManager = null; this.trustManager = trustManager; } @@ -84,50 +73,6 @@ public final class TestTrustManager extends X509ExtendedTrustManager { } } - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) - throws CertificateException { - if (extendedTrustManager == null) { - out.print("(fallback to X509TrustManager) "); - checkClientTrusted(chain, authType); - return; - } - out.print("TestTrustManager.checkClientTrusted " - + "chain=" + chain.length + " " - + "authType=" + authType + " " - + "socket=" + socket + " "); - try { - assertClientAuthType(authType); - extendedTrustManager.checkClientTrusted(chain, authType, socket); - out.println("OK"); - } catch (CertificateException e) { - e.printStackTrace(out); - throw e; - } - } - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) - throws CertificateException { - if (extendedTrustManager == null) { - out.print("(fallback to X509TrustManager) "); - checkClientTrusted(chain, authType); - return; - } - out.print("TestTrustManager.checkClientTrusted " - + "chain=" + chain.length + " " - + "authType=" + authType + " " - + "engine=" + engine + " "); - try { - assertClientAuthType(authType); - extendedTrustManager.checkClientTrusted(chain, authType, engine); - out.println("OK"); - } catch (CertificateException e) { - e.printStackTrace(out); - throw e; - } - } - private void assertClientAuthType(String authType) { if (!StandardNames.CLIENT_AUTH_TYPES.contains(authType)) { throw new AssertionError("Unexpected client auth type " + authType); @@ -149,50 +94,6 @@ public final class TestTrustManager extends X509ExtendedTrustManager { } } - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) - throws CertificateException { - if (extendedTrustManager == null) { - out.print("(fallback to X509TrustManager) "); - checkServerTrusted(chain, authType); - return; - } - out.print("TestTrustManager.checkServerTrusted " - + "chain=" + chain.length + " " - + "authType=" + authType + " " - + "socket=" + socket.toString() + " "); - try { - assertServerAuthType(authType); - extendedTrustManager.checkServerTrusted(chain, authType, socket); - out.println("OK"); - } catch (CertificateException e) { - e.printStackTrace(out); - throw e; - } - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) - throws CertificateException { - if (extendedTrustManager == null) { - out.print("(fallback to X509TrustManager) "); - checkServerTrusted(chain, authType); - return; - } - out.print("TestTrustManager.checkServerTrusted " - + "chain=" + chain.length + " " - + "authType=" + authType + " " - + "engine=" + engine.toString() + " "); - try { - assertServerAuthType(authType); - extendedTrustManager.checkServerTrusted(chain, authType, engine); - out.println("OK"); - } catch (CertificateException e) { - e.printStackTrace(out); - throw e; - } - } - private void assertServerAuthType(String authType) { if (!StandardNames.SERVER_AUTH_TYPES.contains(authType)) { throw new AssertionError("Unexpected server auth type " + authType); |