summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--luni/src/main/java/javax/net/ssl/SSLEngine.java12
-rw-r--r--luni/src/main/java/javax/net/ssl/SSLParameters.java24
-rw-r--r--luni/src/main/java/javax/net/ssl/SSLSocket.java13
-rw-r--r--luni/src/main/java/javax/net/ssl/X509ExtendedTrustManager.java112
-rw-r--r--luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java14
-rw-r--r--luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java95
-rw-r--r--support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java13
-rw-r--r--support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java105
8 files changed, 9 insertions, 379 deletions
diff --git a/luni/src/main/java/javax/net/ssl/SSLEngine.java b/luni/src/main/java/javax/net/ssl/SSLEngine.java
index d63ee94..59cdf62 100644
--- a/luni/src/main/java/javax/net/ssl/SSLEngine.java
+++ b/luni/src/main/java/javax/net/ssl/SSLEngine.java
@@ -778,18 +778,6 @@ public abstract class SSLEngine {
public abstract SSLSession getSession();
/**
- * Returns the SSL session for this engine instance. Does not cause the
- * handshake to start if it has not already started.
- *
- * @return the SSL session for this engine instance.
- * @since 1.7
- * @hide
- */
- public SSLSession getHandshakeSession() {
- throw new UnsupportedOperationException();
- }
-
- /**
* Returns the SSL cipher suite names that are supported by this engine.
* These cipher suites can be enabled using
* {@link #setEnabledCipherSuites(String[])}.
diff --git a/luni/src/main/java/javax/net/ssl/SSLParameters.java b/luni/src/main/java/javax/net/ssl/SSLParameters.java
index b8fdc38..054abe2 100644
--- a/luni/src/main/java/javax/net/ssl/SSLParameters.java
+++ b/luni/src/main/java/javax/net/ssl/SSLParameters.java
@@ -139,28 +139,4 @@ public class SSLParameters {
this.wantClientAuth = wantClientAuth;
this.needClientAuth = false;
}
-
- /**
- * Returns a string indicating the endpoint identification algorithm to be
- * used to identify the remote endpoint.
- *
- * @see #setEndpointIdentificationAlgorithm(String)
- * @since 1.7
- * @hide
- */
- public String getEndpointIdentificationAlgorithm() {
- return endpointIdentificationAlgorithm;
- }
-
- /**
- * Sets the endpoint identification algorithm to be used to identify the
- * remote endpoint.
- *
- * @see #getEndpointIdentificationAlgorithm()
- * @since 1.7
- * @hide
- */
- public void setEndpointIdentificationAlgorithm(String endpointIdentificationAlgorithm) {
- this.endpointIdentificationAlgorithm = endpointIdentificationAlgorithm;
- }
}
diff --git a/luni/src/main/java/javax/net/ssl/SSLSocket.java b/luni/src/main/java/javax/net/ssl/SSLSocket.java
index f681681..72e1dbe 100644
--- a/luni/src/main/java/javax/net/ssl/SSLSocket.java
+++ b/luni/src/main/java/javax/net/ssl/SSLSocket.java
@@ -889,19 +889,6 @@ public abstract class SSLSocket extends Socket {
public abstract SSLSession getSession();
/**
- * Returns the {@code SSLSession} for this connection. It will not initiate
- * the handshake and thus will not block until the handshake has been
- * established.
- *
- * @return the session object.
- * @since 1.7
- * @hide
- */
- public SSLSession getHandshakeSession() {
- throw new UnsupportedOperationException();
- }
-
- /**
* Registers the specified listener to receive notification on completion of
* a handshake on this connection.
*
diff --git a/luni/src/main/java/javax/net/ssl/X509ExtendedTrustManager.java b/luni/src/main/java/javax/net/ssl/X509ExtendedTrustManager.java
deleted file mode 100644
index 8b398ce..0000000
--- a/luni/src/main/java/javax/net/ssl/X509ExtendedTrustManager.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package javax.net.ssl;
-
-import java.net.Socket;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-/**
- * Allows the connection constraints such as hostname verification and algorithm
- * constraints to be checked along with the checks done in
- * {@link X509TrustManager}.
- *
- * @see SSLParameters#setEndpointIdentificationAlgorithm(String)
- * @since 1.7
- * @hide
- */
-public abstract class X509ExtendedTrustManager implements X509TrustManager {
- /**
- * Checks whether the specified certificate chain (partial or complete) can
- * be validated and is trusted for client authentication for the specified
- * authentication type.
- * <p>
- * If the {@code socket} is supplied, its {@link SSLParameters} will be
- * checked for endpoint identification.
- *
- * @param chain the certificate chain to validate.
- * @param authType the authentication type used.
- * @param socket the socket from which to check the {@link SSLParameters}
- * @throws CertificateException if the certificate chain can't be validated
- * or isn't trusted.
- * @throws IllegalArgumentException if the specified certificate chain is
- * empty or {@code null}, or if the specified authentication
- * type is {@code null} or an empty string.
- */
- public abstract void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
- throws CertificateException;
-
- /**
- * Checks whether the specified certificate chain (partial or complete) can
- * be validated and is trusted for server authentication for the specified
- * key exchange algorithm.
- * <p>
- * If the {@code socket} is supplied, its {@link SSLParameters} will be
- * checked for endpoint identification.
- *
- * @param chain the certificate chain to validate.
- * @param authType the authentication type used.
- * @param socket the socket from which to check the {@link SSLParameters}
- * @throws CertificateException if the certificate chain can't be validated
- * or isn't trusted.
- * @throws IllegalArgumentException if the specified certificate chain is
- * empty or {@code null}, or if the specified authentication
- * type is {@code null} or an empty string.
- */
- public abstract void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
- throws CertificateException;
-
- /**
- * Checks whether the specified certificate chain (partial or complete) can
- * be validated and is trusted for client authentication for the specified
- * authentication type.
- * <p>
- * If the {@code engine} is supplied, its {@link SSLParameters} will be
- * checked for endpoint identification.
- *
- * @param chain the certificate chain to validate.
- * @param authType the authentication type used.
- * @param engine the engine from which to check the {@link SSLParameters}
- * @throws CertificateException if the certificate chain can't be validated
- * or isn't trusted.
- * @throws IllegalArgumentException if the specified certificate chain is
- * empty or {@code null}, or if the specified authentication
- * type is {@code null} or an empty string.
- */
- public abstract void checkClientTrusted(X509Certificate[] chain, String authType,
- SSLEngine engine) throws CertificateException;
-
- /**
- * Checks whether the specified certificate chain (partial or complete) can
- * be validated and is trusted for server authentication for the specified
- * key exchange algorithm.
- * <p>
- * If the {@code engine} is supplied, its {@link SSLParameters} will be
- * checked for endpoint identification.
- *
- * @param chain the certificate chain to validate.
- * @param authType the authentication type used.
- * @param engine the engine from which to check the {@link SSLParameters}
- * @throws CertificateException if the certificate chain can't be validated
- * or isn't trusted.
- * @throws IllegalArgumentException if the specified certificate chain is
- * empty or {@code null}, or if the specified authentication
- * type is {@code null} or an empty string.
- */
- public abstract void checkServerTrusted(X509Certificate[] chain, String authType,
- SSLEngine engine) throws CertificateException;
-}
diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java
index aab836b..8e29e71 100644
--- a/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java
+++ b/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java
@@ -593,20 +593,6 @@ public class SSLEngineTest extends TestCase {
}
}
- public void test_SSLEngine_endpointVerification_Success() throws Exception {
- TestSSLContext c = TestSSLContext.create();
- TestSSLEnginePair p = TestSSLEnginePair.create(c, new TestSSLEnginePair.Hooks() {
- @Override
- void beforeBeginHandshake(SSLEngine client, SSLEngine server) {
- SSLParameters p = client.getSSLParameters();
- p.setEndpointIdentificationAlgorithm("HTTPS");
- client.setSSLParameters(p);
- }
- });
- assertConnected(p);
- c.close();
- }
-
public void test_SSLEngine_getEnableSessionCreation() throws Exception {
TestSSLContext c = TestSSLContext.create();
SSLEngine e = c.clientContext.createSSLEngine();
diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
index cd47297..d24ef0b 100644
--- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
+++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
@@ -301,13 +301,6 @@ public class SSLSocketTest extends TestCase {
assertFalse(session.isValid());
}
- public void test_SSLSocket_getHandshakeSession() throws Exception {
- SSLSocketFactory sf = (SSLSocketFactory) SSLSocketFactory.getDefault();
- SSLSocket ssl = (SSLSocket) sf.createSocket();
- SSLSession session = ssl.getHandshakeSession();
- assertNull(session);
- }
-
public void test_SSLSocket_startHandshake() throws Exception {
final TestSSLContext c = TestSSLContext.create();
SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket(c.host,
@@ -318,7 +311,6 @@ public class SSLSocketTest extends TestCase {
@Override public Void call() throws Exception {
server.startHandshake();
assertNotNull(server.getSession());
- assertNull(server.getHandshakeSession());
try {
server.getSession().getPeerCertificates();
fail();
@@ -530,7 +522,6 @@ public class SSLSocketTest extends TestCase {
assertSame(client, socket);
assertTrue(socket instanceof SSLSocket);
- assertNull(((SSLSocket) socket).getHandshakeSession());
synchronized (handshakeCompletedListenerCalled) {
handshakeCompletedListenerCalled[0] = true;
@@ -961,14 +952,6 @@ public class SSLSocketTest extends TestCase {
assertEquals(p.getWantClientAuth(), ssl.getWantClientAuth());
assertEquals(p.getNeedClientAuth(), ssl.getNeedClientAuth());
-
- assertNull(p.getEndpointIdentificationAlgorithm());
- p.setEndpointIdentificationAlgorithm(null);
- assertNull(p.getEndpointIdentificationAlgorithm());
- p.setEndpointIdentificationAlgorithm("HTTPS");
- assertEquals("HTTPS", p.getEndpointIdentificationAlgorithm());
- p.setEndpointIdentificationAlgorithm("FOO");
- assertEquals("FOO", p.getEndpointIdentificationAlgorithm());
}
public void test_SSLSocket_setSSLParameters() throws Exception {
@@ -1152,84 +1135,6 @@ public class SSLSocketTest extends TestCase {
server.close();
}
- public void test_SSLSocket_endpointIdentification_Success() throws Exception {
- final TestSSLContext c = TestSSLContext.create();
- SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket();
- SSLParameters p = client.getSSLParameters();
- p.setEndpointIdentificationAlgorithm("HTTPS");
- client.connect(new InetSocketAddress(c.host, c.port));
- final SSLSocket server = (SSLSocket) c.serverSocket.accept();
- ExecutorService executor = Executors.newSingleThreadExecutor();
- Future<Void> future = executor.submit(new Callable<Void>() {
- @Override public Void call() throws Exception {
- server.startHandshake();
- assertNotNull(server.getSession());
- try {
- server.getSession().getPeerCertificates();
- fail();
- } catch (SSLPeerUnverifiedException expected) {
- }
- Certificate[] localCertificates = server.getSession().getLocalCertificates();
- assertNotNull(localCertificates);
- TestKeyStore.assertChainLength(localCertificates);
- assertNotNull(localCertificates[0]);
- TestSSLContext.assertCertificateInKeyStore(localCertificates[0],
- c.serverKeyStore);
- return null;
- }
- });
- executor.shutdown();
- client.startHandshake();
- assertNotNull(client.getSession());
- assertNull(client.getSession().getLocalCertificates());
- Certificate[] peerCertificates = client.getSession().getPeerCertificates();
- assertNotNull(peerCertificates);
- TestKeyStore.assertChainLength(peerCertificates);
- assertNotNull(peerCertificates[0]);
- TestSSLContext.assertCertificateInKeyStore(peerCertificates[0], c.serverKeyStore);
- future.get();
- client.close();
- server.close();
- c.close();
- }
-
- public void test_SSLSocket_endpointIdentification_Failure() throws Exception {
-
- final TestSSLContext c = TestSSLContext.create();
- SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket(
- InetAddress.getByName("127.0.0.2"), c.port);
- SSLParameters p = client.getSSLParameters();
- p.setEndpointIdentificationAlgorithm("HTTPS");
- client.setSSLParameters(p);
- // client.connect(new InetSocketAddress(c.host, c.port));
- final SSLSocket server = (SSLSocket) c.serverSocket.accept();
- ExecutorService executor = Executors.newSingleThreadExecutor();
- Future<Void> future = executor.submit(new Callable<Void>() {
- @Override public Void call() throws Exception {
- try {
- server.startHandshake();
- fail("Should receive SSLHandshakeException as server");
- } catch (SSLHandshakeException expected) {
- }
- return null;
- }
- });
- executor.shutdown();
- try {
- client.startHandshake();
- fail("Should throw when hostname does not match expected");
- } catch (SSLHandshakeException expected) {
- } finally {
- try {
- future.get();
- } finally {
- client.close();
- server.close();
- c.close();
- }
- }
- }
-
public void test_SSLSocket_setSoTimeout_basic() throws Exception {
ServerSocket listening = new ServerSocket(0);
diff --git a/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java b/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java
index 5741f2b..8dd2085 100644
--- a/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java
+++ b/support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java
@@ -33,7 +33,6 @@ import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import junit.framework.Assert;
import libcore.java.security.StandardNames;
@@ -83,8 +82,8 @@ public final class TestSSLContext extends Assert {
public final char[] serverStorePassword;
public final KeyManager[] clientKeyManagers;
public final KeyManager[] serverKeyManagers;
- public final X509ExtendedTrustManager clientTrustManager;
- public final X509ExtendedTrustManager serverTrustManager;
+ public final X509TrustManager clientTrustManager;
+ public final X509TrustManager serverTrustManager;
public final SSLContext clientContext;
public final SSLContext serverContext;
public final SSLServerSocket serverSocket;
@@ -97,8 +96,8 @@ public final class TestSSLContext extends Assert {
char[] serverStorePassword,
KeyManager[] clientKeyManagers,
KeyManager[] serverKeyManagers,
- X509ExtendedTrustManager clientTrustManager,
- X509ExtendedTrustManager serverTrustManager,
+ X509TrustManager clientTrustManager,
+ X509TrustManager serverTrustManager,
SSLContext clientContext,
SSLContext serverContext,
SSLServerSocket serverSocket,
@@ -189,8 +188,8 @@ public final class TestSSLContext extends Assert {
serverKeyStore, serverStorePassword,
clientKeyManagers,
serverKeyManagers,
- (X509ExtendedTrustManager) clientTrustManagers,
- (X509ExtendedTrustManager) serverTrustManagers,
+ (X509TrustManager) clientTrustManagers,
+ (X509TrustManager) serverTrustManagers,
clientContext, serverContext,
serverSocket, host, port);
} catch (RuntimeException e) {
diff --git a/support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java b/support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java
index b703984..dc4bb28 100644
--- a/support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java
+++ b/support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java
@@ -20,7 +20,6 @@ import java.io.PrintStream;
import java.net.Socket;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -29,16 +28,15 @@ import libcore.java.security.StandardNames;
/**
* TestTrustManager is a simple proxy class that wraps an existing
- * X509ExtendedTrustManager to provide debug logging and recording of
+ * X509TrustManager to provide debug logging and recording of
* values.
*/
-public final class TestTrustManager extends X509ExtendedTrustManager {
+public final class TestTrustManager implements X509TrustManager {
private static final boolean LOG = false;
private static final PrintStream out = LOG ? System.out : new NullPrintStream();
private final X509TrustManager trustManager;
- private final X509ExtendedTrustManager extendedTrustManager;
public static TrustManager[] wrap(TrustManager[] trustManagers) {
TrustManager[] result = trustManagers.clone();
@@ -49,23 +47,14 @@ public final class TestTrustManager extends X509ExtendedTrustManager {
}
public static TrustManager wrap(TrustManager trustManager) {
- if (trustManager instanceof X509ExtendedTrustManager) {
- return new TestTrustManager((X509ExtendedTrustManager) trustManager);
- } else if (trustManager instanceof X509TrustManager) {
+ if (trustManager instanceof X509TrustManager) {
return new TestTrustManager((X509TrustManager) trustManager);
}
return trustManager;
}
- public TestTrustManager(X509ExtendedTrustManager trustManager) {
- out.println("TestTrustManager.<init> extendedTrustManager=" + trustManager);
- this.extendedTrustManager = trustManager;
- this.trustManager = trustManager;
- }
-
public TestTrustManager(X509TrustManager trustManager) {
out.println("TestTrustManager.<init> trustManager=" + trustManager);
- this.extendedTrustManager = null;
this.trustManager = trustManager;
}
@@ -84,50 +73,6 @@ public final class TestTrustManager extends X509ExtendedTrustManager {
}
}
- @Override
- public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
- throws CertificateException {
- if (extendedTrustManager == null) {
- out.print("(fallback to X509TrustManager) ");
- checkClientTrusted(chain, authType);
- return;
- }
- out.print("TestTrustManager.checkClientTrusted "
- + "chain=" + chain.length + " "
- + "authType=" + authType + " "
- + "socket=" + socket + " ");
- try {
- assertClientAuthType(authType);
- extendedTrustManager.checkClientTrusted(chain, authType, socket);
- out.println("OK");
- } catch (CertificateException e) {
- e.printStackTrace(out);
- throw e;
- }
- }
-
- @Override
- public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
- throws CertificateException {
- if (extendedTrustManager == null) {
- out.print("(fallback to X509TrustManager) ");
- checkClientTrusted(chain, authType);
- return;
- }
- out.print("TestTrustManager.checkClientTrusted "
- + "chain=" + chain.length + " "
- + "authType=" + authType + " "
- + "engine=" + engine + " ");
- try {
- assertClientAuthType(authType);
- extendedTrustManager.checkClientTrusted(chain, authType, engine);
- out.println("OK");
- } catch (CertificateException e) {
- e.printStackTrace(out);
- throw e;
- }
- }
-
private void assertClientAuthType(String authType) {
if (!StandardNames.CLIENT_AUTH_TYPES.contains(authType)) {
throw new AssertionError("Unexpected client auth type " + authType);
@@ -149,50 +94,6 @@ public final class TestTrustManager extends X509ExtendedTrustManager {
}
}
- @Override
- public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
- throws CertificateException {
- if (extendedTrustManager == null) {
- out.print("(fallback to X509TrustManager) ");
- checkServerTrusted(chain, authType);
- return;
- }
- out.print("TestTrustManager.checkServerTrusted "
- + "chain=" + chain.length + " "
- + "authType=" + authType + " "
- + "socket=" + socket.toString() + " ");
- try {
- assertServerAuthType(authType);
- extendedTrustManager.checkServerTrusted(chain, authType, socket);
- out.println("OK");
- } catch (CertificateException e) {
- e.printStackTrace(out);
- throw e;
- }
- }
-
- @Override
- public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
- throws CertificateException {
- if (extendedTrustManager == null) {
- out.print("(fallback to X509TrustManager) ");
- checkServerTrusted(chain, authType);
- return;
- }
- out.print("TestTrustManager.checkServerTrusted "
- + "chain=" + chain.length + " "
- + "authType=" + authType + " "
- + "engine=" + engine.toString() + " ");
- try {
- assertServerAuthType(authType);
- extendedTrustManager.checkServerTrusted(chain, authType, engine);
- out.println("OK");
- } catch (CertificateException e) {
- e.printStackTrace(out);
- throw e;
- }
- }
-
private void assertServerAuthType(String authType) {
if (!StandardNames.SERVER_AUTH_TYPES.contains(authType)) {
throw new AssertionError("Unexpected server auth type " + authType);