| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |\ |
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I6f5bfad6f861eb7b398ed7d86747d66cea4f2343
http://b/issue?id=2660429
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
from URLConnectionTest.
Merge commit '82e18c5adf0c19c8a937cef51621ae655f7824ea' into dalvik-dev
* commit '82e18c5adf0c19c8a937cef51621ae655f7824ea':
Strip usage of the term 'localhost' from URLConnectionTest.
|
| | |/
| |
| |
| |
| | |
Change-Id: I8ea7923c3ea72728c7df64c13bdd6f94b91be121
http://b/3032912
|
| |\ \
| |/
| |
| |
| |
| |
| | |
Merge commit '1501cd6b2ec1c6cc8957bc8bc4ad912900bd9903' into dalvik-dev
* commit '1501cd6b2ec1c6cc8957bc8bc4ad912900bd9903':
Update supported cipher suites list
|
| | |
| |
| |
| |
| |
| | |
Update list of cipher suites supported by the current RI
Change-Id: Ifa2a799bd3ca40b4979fa44f5423d744e90af35c
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| | |
the keystore. Necessary for the host build." into gingerbread
Merge commit '001c38bb783045e72695f7d3d111f1afa308bf9f' into dalvik-dev
* commit '001c38bb783045e72695f7d3d111f1afa308bf9f':
Fix test code that hardcodes the keystore. Necessary for the host build.
|
| | |
| |
| |
| | |
Change-Id: Ie371a4bc9cd8bcb9aed169f08aba18d285e21099
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| | |
SecreyKeyFactories if underlying algorithm is supported for better PKCS12 support
Merge commit 'e721ac62db13847d3258928368f8d87471798e42' into dalvik-dev
* commit 'e721ac62db13847d3258928368f8d87471798e42':
Restore PBE Ciphers and SecreyKeyFactories if underlying algorithm is supported for better PKCS12 support
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
supported for better PKCS12 support
This restores the Password Based Encryption (PBE) algorithms when we
were including the underlying algorithms used (3DES, AES, DES, MD5,
RC2, SHA1, SHA256)
Specficially we leave out PBE definitions that include algorithms such
as MD2, RIPEMD, Tiger that are not in our BouncyCastle jar.
Bug: 2942581
Change-Id: Ibef31aad56fc24b4db82a43a69153553660af65d
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
luni/src/main/native/java_lang_StrictMath.cpp
Change-Id: I82fcb4033fce8c7bb8d21b09f6abfa2638091af6
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
recent ARCFOUR and Blowfish additions" into gingerbread
Merge commit '1b878d300094f577ba062e0c3f349f6d34ca3880' into dalvik-dev
* commit '1b878d300094f577ba062e0c3f349f6d34ca3880':
Updating StandardNames for recent ARCFOUR and Blowfish additions
|
| | | |
| | |
| | |
| | | |
Change-Id: I8c22e443b6929c41e984f0cb85480a57894b199d
|
| | |/
|/|
| |
| |
| |
| | |
http://b/issue?id=2634005
Change-Id: I1ebad41a29c9527565efea539b8f2b31f117f370
|
| |/
|
|
|
|
|
|
| |
This is indended to make it easier to run on VMs that restrict the packages
from which application classes can be loaded. For example, on the RI you need
to use the bootclasspath to load these tests.
Change-Id: I52193f35c5fcca18b5a3e1d280505b1e29b388af
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See also b/1569612
Summary:
- OpenSSlSocket support for SNI, session tickets, compression
- URLConnection mimics Chrome behavior of trying connection with these enabled,
falling back to SSL w/o encryption on failure
Details:
libcore
URLConnection https retry
Change HttpConnection.getSecureSocket to enable non-standard features on first
connection attempt. On second attempt, we back off to SSLv3 from
TLSv1, mimicking Chrome's behavior.
luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java
Change HttpsEngine.connect to implement SSL reconnect
luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/https/HttpsURLConnectionImpl.java
OpenSSL SSLSocket implementation
OpenSSLSocketImpl and OpenSSLServerSocketImpl now have an array of
enabled compression methods interface and implementation to
parallel that of procotols and ciphersuites.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
OpenSSLSessionImpl now has a cache of the native
compressionMethod. Also replaced "gives" javadoc working with
"returns".
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
OpenSSLSocketImpl session caching now needs to skip cached
sessions with mismatched compression requirements.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
OpenSSLSocketImpl.startHandshake now uses NativeCrypto to support
our non-standard extensions.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
NativeCrypto changes
- Added declaration of SSL options for tickets and compression.
- Added general "compression methods" interface
paralleling "cipher suites" and "protocols" interfaces.
- Added SSL_set_tlsext_host_name to set SNI (Server Name Indication) value
- Added SSL_get_servername to read SNI (Server Name Indication) value
- Added SSL_SESSION_compress_meth read negotiated compression method
- SSL_new makes sure to default compression to off for compatibility
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
luni/src/main/native/NativeCrypto.cpp
Testing
Added URLConnectionTest.testConnectViaHttpsWithSSLFallback to make
sure we properly retry an https connection if the server
terminates unexpectedly. Fixed up
URLConnectionTest.testHttpsWithCustomTrustManager with new
expected certificate chain. Fixed a few mistaken
TestSSLContext.serverContext uses to clientContext
luni/src/test/java/java/net/URLConnectionTest.java
Added test_SSL_set_tlsext_host_name, test_SSL_get_servername,
test_SSL_SESSION_compress_meth. Added a number of missing fail()
calls in expected exception cases which caught one test with
mistaken expectations. Removed some unnecessary scopes. Fixed some
badly scoped catch blocks.
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Changed MockWebServer to support a new MockResponse propery of
disconnectAtStart, which immediately terminates the connection
support/src/test/java/tests/http/MockResponse.java
support/src/test/java/tests/http/MockWebServer.java
external/openssl
Restore -ZLIB to OpenSSL build. Note that NativeCrypto.SSL_new
disables compression by for default SSLSocket for compatibility.
android-config.mk
Force clean build with new CFLAGS
CleanSpec.mk
Change-Id: Iba6268f9096f2be43f0d30de151dd3fd0aea4a81
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Wrote an interoperability test between our OpenSSL and SSLEngine
based SSLSocket implementations. Used it to flush out problems between
the implementations, which mostly were in the non-native implementation.
Filling out the SSLEngine (and therefore non-native SSLSocket) support
led to the list of supported and default cipher suites now being the
same as out OpenSSL SSLSocket. Most of the work was making the the
NULL, RC4, and AES ciphers work with SSLEngine as well as some minor
bug fixes in related code.
Summary:
- changing test_SSLSocket_getSupportedCipherSuites_connect to try all
combinations of our two SSLContext/SSLSocket implementations
- fixed SSLEngine with *_WITH_NULL_* CipherSuites to use javax.crypto.NullCipher
- added *_AES_* cipher suites to SSLEngine (and therefore Java SSLSocketImpl)
- remove *_DH_* cipher suites which are not supported by the RI or our OpenSSL implementation
- fixed Java SSLSocket to not handshake on accept so will pass the basic SSLSocketTest
- added new KeyManagerFactoryTest while testing "DH_" cipher suite key types
This change depends on restoring bouncycastle's RC4 implementation (separate CL in external/bouncycastle)
Details:
Fixed SSLEngine with *_WITH_NULL_* CipherSuites by use javax.crypto.NullCipher
expectations/knownfailures.txt
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionStateSSLv3.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionStateTLS.java
Previously I had changed the string name of CipherSuites from
"TLS_..." to "SSL_..." where appropriate to match the RI. Since I was
doing maintenance on overall list, I renamed the CODE_TLS_... and
TLS_... static fields as well to match.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java
Removed IDEA and RC2 CipherSuites to make it clear they are not
supported. While technically this happened as a side effect of the
assignment "supported = false" if the CipherSuite failed to load, we
truly intend not to support these. Also removed SSH_DH_* suites which
don't work with DSA keys and aren't supported by the RI or our OpenSSL
implementation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
Old connection state code assumed that if a cipher was blocked, the
block size was 8 bytes. This is not true for the 16 byte AES ciphers.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionState.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionStateSSLv3.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionStateTLS.java
No wonder our OpenSSL implementation incorrect did a startHandshake
when accepting the socket... it got it from the Java implementation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketImpl.java
Test for KeyManagerFactory (and KeyManager). TestKeyStore now creates
KeyManagers and TrustManagers from the keystore as a convenience for
KeyManagerFactoryTest (instead of having the code in the
TestSSLContext where we didn't keep a pointer to the created values).
luni/src/test/java/javax/net/ssl/KeyManagerFactoryTest.java
support/src/test/java/java/security/StandardNames.java
support/src/test/java/java/security/TestKeyStore.java
support/src/test/java/javax/net/ssl/TestSSLContext.java
Remove CIPHER_SUITES_SSLENGINE now that its the same as CIPHER_SUITES
luni/src/test/java/javax/net/ssl/SSLEngineTest.java
support/src/test/java/java/security/StandardNames.java
test_SSLSocket_getSupportedCipherSuites_connect now does
interoperability testing not just between the default SSLContext's
SSLSockets but between the four combinations of our two SSLContext. It
also now sends some test data bi-directionally between the client and
server.
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Changed TestSSLContext.create to allow a different Provider for the
client and server SSLContexts.
luni/src/test/java/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
support/src/test/java/javax/net/ssl/TestSSLContext.java
RC4 is now available in bouncycastle for the non-OpenSSL SSLContext to
use for parity with the OpenSSL implementation.
support/src/test/java/java/security/StandardNames.java
Changed TestSSLSocketPair to use Futures like NativeCryptoTest so its
easier to choose between client and server errors while debuging.
support/src/test/java/javax/net/ssl/TestSSLSocketPair.java
Removed bogus import
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Change-Id: I080c0343a3f86f27b7c191a7b80b585b9ca52d93
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
- Added KeyStoreTest and fixed PKCS and BKS keystores to be fully functional
- KeyStore and KeyStoreImpl improvements in libcore and bouncycastle for more RI-like behavior
- SSL Renegotiation fix for new implementation
Details:
external/bouncycastle
TwoFish added back for BKS KeyStore. Like RC2, it not supported as
a general cipher, but instead used internally for KeyStore
implementation.
src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java
bouncycastle.config
Added back PBEWITHSHAANDTWOFISH, PBEWITHSHAANDTWOFISH-CBC,
PBEWITHSHA1ANDRC2-CBC, PBEWITHHMACSHA, PBEWITHHMACSHA1 to support
PKCS12 and BKS KeyStore implementations (as determined by new
KeyStoreTest)
src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java
src/main/java/org/bouncycastle/jce/provider/JCEMac.java
src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
Don't throw an error when deleting a non-existing KeyStore entry. The
RI documentation (and behavior) says it throws an error when it fails
to remove an entry, not when the entry does not exist.
src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Try to make BC's PKCS KeyStore have a more RI-like getCreationDate behavior
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Make BC's PKCS KeyStore failfast on setting non-supported key,
instead of failing later on get.
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Make BC's PKCS KeyStore handle setting a PrivateKey with an emtpy chain.
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Add more general avoidance of NullPointerExceptions on null aliases
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Added notes about changes improvements
patches/README
Regenerated patch with above changes
patches/android.patch
libcore
KeyStore improvements based on KeyStoreTest
- Fix UnrecoverableKeyException to be a subclass of
UnrecoverableEntryException, which was keeping the new
KeyStoreTest from compiling.
luni/src/main/java/java/security/UnrecoverableKeyException.java
- Fix to not convert UnrecoverableKeyException to KeyStoreException,
which was only being done because of the UnrecoverableKeyException
superclass bug.
luni/src/main/java/java/security/KeyStoreSpi.java
- Harmony KeyStore was being overly aggresive about throwing on null
alias arguments in cases where the RI was happy to pass them to the
KeyStoreSpi.
luni/src/main/java/java/security/KeyStore.java
- New test after PKCS12 regresion. It enumerates and excercises
all methods on all available KeyStore
implementations. Unfortunately, the main varieties of KeyStores
made this a lot more complicated than I was originally
expecting. It does clarifiy the differences between the RI and
BC KeyStore implementations, especially for PKCS12, where in
some ways the RI is more feature complete (setting key via
byte[]), but in other ways BC goes beyond some RI limitations
(allowing storage of certificates).
luni/src/test/java/java/security/KeyStoreTest.java
TestKeyStore improvements while writing KeyStoreTest
- Renamed "keyStorePassword" working usages to clarify if it really
means the "storePassword" on the whole KeyStore, or if it is a
"keyPassword" on individual keys.
- Moved TestKeyStore from javax.net.ssl to java.security
luni/src/test/java/javax/net/ssl/SSLContextTest.java
luni/src/test/java/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
support/src/test/java/java/security/StandardNames.java
support/src/test/java/java/security/TestKeyStore.java
support/src/test/java/javax/net/ssl/TestKeyStore.java
support/src/test/java/javax/net/ssl/TestSSLContext.java
Fixing up SSL renegotiation support. Now that we are not trying to
prevent renegotiation, make sure it is working correctly.
- Remove SSL_VERIFY_CLIENT_ONCE to take the default behavior of
re-requesting client certificate on renegotiation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
- Updated comments to reflect renegotiation. Bug fix to not clear
out callback reference on handshake complete, since we need it for
renegotiation.
luni/src/main/native/NativeCrypto.cpp
Updated for PKCS12 KeyStore support
support/src/test/java/java/security/StandardNames.java
Added javadoc when writint KeyStoreTest
luni/src/test/java/java/security/ProviderTest.java
frameworks/base
Tracking changes to UnrecoverableKeyException superclass
api/8.xml
api/current.xml
Change-Id: I6349dbfc02896417595b52e364ade8000b567615
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
- openssl: add openssl support for specifying per key certificate chains
- libcore: properly implement client certificate request call back
- libcore: properly implement sending certificate chain
- libcore: properly implement retreiving local certificate chain
- libcore: added an SSLContext for non-OpenSSL SSLSocket creation
Details:
external/openssl
Improve patch generate support by applying all other patches to
baseline to remove cross polluting other patch changes into target
patch. Move cleanup of ./Configure output to import script from
openssl.config.
import_openssl.sh
openssl.config
Adding SSL_use_certificate_chain and SSL_get_certificate_chain to
continue to finish most of remaining JSSE issues.
include/openssl/ssl.h
ssl/s3_both.c
ssl/ssl.h
ssl/ssl_locl.h
ssl/ssl_rsa.c
Updated patch (and list of input files to patch)
patches/jsse.patch
openssl.config
libcore
Restoring SSLContextImpl as provider of non-OpenSSL SSLSocketImpl
instances for interoperability testing. OpenSSLContextImpl is the
new subclass that provides OpenSSLSocketImpl. JSSEProvider
provides the old style SSLContexts, OpenSSLProvider provides the
OpenSSL SSLContext, which includes the "default" context. Changed
to register SSLContexts without aliases to match the RI.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLProvider.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLContextImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
Native interface updates to support OpenSSLSocketImpl improvements
- KEY_TYPES now expanded based on what we are being provided by OpenSSL.
keyType function now maps key type values received from
clientCertificateRequested callback.
- Removed remaining uses of string PEM encoding, now using ASN1 DER consistently
Includes SSL_SESSION_get_peer_cert_chain, verifyCertificateChain
- Fixed clientCertificateRequested to properly include all key
types supported by server, not just the one from the cipher
suite. We also now properly include the list of supported CAs to
help the client select a certificate to use.
- Fixed NativeCrypto.SSL_use_certificate implementation to use new
SSL_use_certificate_chain function from openssl to pass chain to
OpenSSL.
- Added error handling of all uses of sk_*_push which can fail due to out of memory
- Fixed compile warning due to missing JNI_TRACE argument
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
luni/src/main/native/NativeCrypto.cpp
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Pass this into chooseServerAlias call as well in significantly revamped choseClientAlias
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Minor code cleanup while reviewing diff between checkClientTrusted and checkServerTrusted
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Improvements to SSL test support to go along with client
certificate and certificate chain changes. TestSSLContext now has
separate contexts for the client and server (as well as seperate
key stores information). TestKeyStore now is more realistic by
default, creating a CA, intermediate CA, and separate client and
server certificates, as well as a client keystore that simply
contains the CA and no certificates.
support/src/test/java/javax/net/ssl/TestKeyStore.java
support/src/test/java/javax/net/ssl/TestSSLContext.java
Tests tracking API changes. Tests involving cert chains now now
updated to use TestKeyStore.assertChainLength to avoid hardwiring
expected chain length in tests. These tests also now use
TestSSLContext.assertClientCertificateChain to validate that the
chain is properly constructed and trusted by a trust manager.
luni/src/test/java/java/net/URLConnectionTest.java
luni/src/test/java/javax/net/ssl/SSLContextTest.java
luni/src/test/java/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
support/src/test/java/java/security/StandardNames.java
support/src/test/java/javax/net/ssl/TestSSLEnginePair.java
support/src/test/java/javax/net/ssl/TestSSLSocketPair.java
frameworks/base
Tracking change of SSLContextImpl to OpenSSLContextImpl
core/java/android/net/SSLCertificateSocketFactory.java
core/java/android/net/http/HttpsConnection.java
tests/CoreTests/android/core/SSLPerformanceTest.java
tests/CoreTests/android/core/SSLSocketTest.java
Tracking changes to TestSSLContext
core/tests/coretests/src/android/net/http/HttpsThroughHttpProxyTest.java
Change-Id: Ie35ebce89966dfce62c316f7fe7252bf06935680
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
client and RSA server
Summary:
Goal here was to just make most tests faster by only having
TestKeyStore create RSA keys by default. However, when I did that
SSLEngineTest#test_SSLEngine_clientAuth started working, so I ended up
investigating a much deeper issue with DSA client authentication
against an RSA SSLEngine server.
Details:
Changed the TestKeyStore.get singleton to only contain RSA
keys. TestKeyStore.create now requires the caller enumerate what
keys they want if they need more than that or an alternative.
support/src/test/java/javax/net/ssl/TestKeyStore.java
Changed test_SSLSocket_getSupportedCipherSuites_connect to
explicitly request RSA and DSA keys since it needs both to try
connecting all possible cipher suites.
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Fixing SSLEngine client authentication when server uses RSA but client uses DSA
Fixed java.net.ssl.SSLEngineTest#test_SSLEngine_clientAuth
expectations/knownfailures.txt
Added CiperSuite.authType field which contains the algorithm name
such as RSA, DSA, DH, that the client will use to authenticate the
server. Like the cipherName, hmacName, and hashName, this is
logically derivable from the the CiperSuite.KEY_EXCHANGE_*, but we
remember it to avoid repeatedly doing large cascading "if" tests to
determine which key algorithm should be used for each
case.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
Fixed a number of client certificate authentication bugs in SSLEngine
- Changed ClientHandshakeImpl's in the SSL/Tls Certificate message
code to mirror ServerHandshakeImpl's implementation to properly
use chooseEngineClientAlias in the SSLEngine case.
- Changed to use the client certifcates key algorithm for computing
the signature for the SSL/TLS CertificateVerify
message. Previously we used the cipher suites negoitated key
exchange method, but if the client may select a certificate with
a different algorithm if the server provides a CA for another
algorithm.
- Also changed to use CipherSuite.isAnonymous in two places rather
than the inlined equivalent.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
Fixed client authentication to use the client's certificate (not
the server's) to do verify the CertificateVerify message signature.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
Fixed bug in DigitalSignature which did not Signature.update in
verifySignature, so it could never have properly authenticated DSA
signatures.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java
Added CertificateMessage getAuthType convenience
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateMessage.java
Made CertificateRequest certificate_authorities final, found we were double allocating it
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java
Cleaning up imports of HandshakeProtocol while working on its subclasses.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
Cleaned up while looking at X509KeyManager implementations while debugging.
support/src/test/java/org/apache/harmony/xnet/tests/support/X509KeyManagerImpl.java
Change-Id: I74b98754c11000cbfea416f1571c380c9c67abf3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also cleanup of HttpConfiguration (renamed HttpConnection.Address),
including removing some dead code.
Also adding performance-run support to MockWebServer to permit
benchmarking.
I benchmarked different buffer sizes, and a buffer as small as 16 bytes
halved the runtime on some HTTP requests. Ultimately I chose a 128 byte
buffer, since that's the point of diminishing returns.
The following report shows benchmark results for 5 different buffer
sizes. Notice how our previous unbuffered behaviour was particularly
inefficient.
bodySize transferEncoding responseHeaders bufferSize ms logarithmic runtime
0 FIXED_LENGTH MINIMAL 0 5.44 =
0 FIXED_LENGTH MINIMAL 16 5.17 =
0 FIXED_LENGTH MINIMAL 128 5.06 =
0 FIXED_LENGTH MINIMAL 512 5.19 =
0 FIXED_LENGTH MINIMAL 1024 5.27 =
0 FIXED_LENGTH TYPICAL 0 14.61 ===========
0 FIXED_LENGTH TYPICAL 16 7.35 ====
0 FIXED_LENGTH TYPICAL 128 6.48 ===
0 FIXED_LENGTH TYPICAL 512 6.97 ====
0 FIXED_LENGTH TYPICAL 1024 6.92 ====
0 CHUNKED MINIMAL 0 5.72 ==
0 CHUNKED MINIMAL 16 5.26 =
0 CHUNKED MINIMAL 128 5.27 =
0 CHUNKED MINIMAL 512 5.16 =
0 CHUNKED MINIMAL 1024 5.31 =
0 CHUNKED TYPICAL 0 14.81 ===========
0 CHUNKED TYPICAL 16 7.30 ====
0 CHUNKED TYPICAL 128 6.62 ===
0 CHUNKED TYPICAL 512 6.51 ===
0 CHUNKED TYPICAL 1024 6.50 ===
1024 FIXED_LENGTH MINIMAL 0 5.47 =
1024 FIXED_LENGTH MINIMAL 16 5.40 =
1024 FIXED_LENGTH MINIMAL 128 5.43 =
1024 FIXED_LENGTH MINIMAL 512 5.40 =
1024 FIXED_LENGTH MINIMAL 1024 5.37 =
1024 FIXED_LENGTH TYPICAL 0 14.83 ===========
1024 FIXED_LENGTH TYPICAL 16 7.42 ====
1024 FIXED_LENGTH TYPICAL 128 6.50 ===
1024 FIXED_LENGTH TYPICAL 512 6.50 ===
1024 FIXED_LENGTH TYPICAL 1024 6.51 ===
1024 CHUNKED MINIMAL 0 6.12 ==
1024 CHUNKED MINIMAL 16 5.51 =
1024 CHUNKED MINIMAL 128 5.55 =
1024 CHUNKED MINIMAL 512 5.60 ==
1024 CHUNKED MINIMAL 1024 5.50 =
1024 CHUNKED TYPICAL 0 15.00 ===========
1024 CHUNKED TYPICAL 16 7.56 =====
1024 CHUNKED TYPICAL 128 6.86 ====
1024 CHUNKED TYPICAL 512 6.73 ===
1024 CHUNKED TYPICAL 1024 6.60 ===
1048576 FIXED_LENGTH MINIMAL 0 25.27 =================
1048576 FIXED_LENGTH MINIMAL 16 25.36 =================
1048576 FIXED_LENGTH MINIMAL 128 25.86 =================
1048576 FIXED_LENGTH MINIMAL 512 25.25 =================
1048576 FIXED_LENGTH MINIMAL 1024 32.51 ===================
1048576 FIXED_LENGTH TYPICAL 0 36.65 =====================
1048576 FIXED_LENGTH TYPICAL 16 27.43 ==================
1048576 FIXED_LENGTH TYPICAL 128 26.88 =================
1048576 FIXED_LENGTH TYPICAL 512 26.94 =================
1048576 FIXED_LENGTH TYPICAL 1024 33.13 ====================
1048576 CHUNKED MINIMAL 0 77.02 ============================
1048576 CHUNKED MINIMAL 16 51.32 ========================
1048576 CHUNKED MINIMAL 128 50.98 ========================
1048576 CHUNKED MINIMAL 512 51.82 ========================
1048576 CHUNKED MINIMAL 1024 50.40 ========================
1048576 CHUNKED TYPICAL 0 88.99 ==============================
1048576 CHUNKED TYPICAL 16 53.94 ========================
1048576 CHUNKED TYPICAL 128 53.03 ========================
1048576 CHUNKED TYPICAL 512 52.14 ========================
1048576 CHUNKED TYPICAL 1024 50.90 ========================
Benchmark source code is here:
http://code.google.com/p/dalvik/source/browse/trunk/benchmarks/regression/URLConnectionBenchmark.java
Change-Id: Ie3e754ab8497e6200f8b6e7f9c63c40a7d4784e2
|
| |
|
|
|
|
|
| |
These were not previously removed because they were believed to be part
of Android OpenSSL native implementation.
Change-Id: I6dd5eb22c5758f5337dae66669104ea6aa7b4234
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code splits our HTTP input streams into four (!) inner
classes. The base class takes care of ensuring split() and
single byte reads get cached and call disconnect() as necessary.
Our code closes the cache when the stream is exhausted; this
is different from the RI which closes it when in.close() is
called.
When a fixed length input stream of length 0 is received,
we cache it immediately. This has behavior consequences for
CONNECT, which needs the otherwise-recyclable connection to
stick around.
This adds explicit shutdown capabilities to MockWebServer.
This is necessary now that we don't guarantee all enqueued
responses will be requested.
We still need test coverage for malformed chunk sizes.
Change-Id: Iaf866af4fc1d76faea559df267a4bde6fdfa1d83
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
external/bouncycastle
- Change to be the primary build for bouncycastle sources (as opposed to part of libcore)
- Moved OpenSSLMessageDigest from libcore to OpenSSLDigest
It uses NativeCrypto API from core, but implements a bouncycastle specific interface
- restored registration of bouncycastle MessageDigests for SHA-1, SHA-256, MD5
OpenSSLProvider versions take precedence, but explicit provider of "BC" allows choice
- enabled native versions of SHA-384 and SHA-512
- pruned MD4 implementation
frameworks/base
- frameworks and CoreTests modules now depend on bouncycastle
- update preloades classes for NativeBN package change
- moved CryptoTest to libcore
libcore
- core now builds without bouncycastle sources
- core-tests, core-tests-support, core-tests-supportlib now depend on bouncycastle
- removed libcore/openssl directory, moving NativeBN to java/math
- minor cleanup of Provider, Security, Services style while working on ProviderTest
- added new OpenSSLProvider registered as first provider to have
priority over the others to ensure our native implementations are used
- moved BouncyCastle to have priority as a provider over Harmony
- JarVerifier and JarUtils now implicitly use OpenSSLMessageDigest
- Cleanedup OpenSSLSignature, implementation needs to be finished to move to OpenSSLProvider
- To avoid using PEMWriter from BouncyCastle, NativeCrypto now takes binary encoded certs and keys
This is more efficient as well avoiding the base64 decode/encode of the binary data
- removed SHA-224 to match the RI
packages/apps/CertInstaller
- CertificateInstaller module now depends on bouncycastle
this is the only app to depend on bouncycastle
system/core
- updated BOOTCLASSPATH
Change-Id: I6205366b12baec4331b4a76e2c85d8324bf64b2c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This rearranges the security test support infrastructure. We no longer
rely on many top-level classes defined in CipherHelper.java to provide
test support. Instead these each have their own top level class in our
test support package: support/src/test/java/tests/security. Similarly
for abstract classes intended to be subclassed by cipher-specific
tests.
Other test methods that were duplicated in Harmony have been removed.
We need to pay closer attention to Harmony failures because they are
now our only source of coverage for some of these tests.
Change-Id: I1a1ca8a046bc9b6a33d5fa3f55fecc0d39f72c16
|
| |
|
|
|
|
|
|
|
|
|
| |
Some tests were copied from Harmony and fixed in Dalvik. I've applied
fixes in our SVN copy of Harmony and removed the duplicate copies here.
Also improving error reporting for missing resource files. Some of our
serialization tests were failing due to missing files; the corresponding
Harmony tests succeed.
Change-Id: I73872b03674f8731ff237f575dcda66f9d53c06a
|
| |
|
|
|
|
| |
java.security
Change-Id: I7ef73ae164fa001f279e8229b4869e72fd5a3a7d
|
| |
|
|
| |
Change-Id: I684a4c99ab70855d7bf86c1825bdede6b2727d39
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Moving TimeZoneTest to OldTimeZoneTest and removing test methods
that are duplicated between libcore and Harmony.
Also adding Objects.equals() to make implementing this easy,
and removing redundant time zone tests. I did a few searches
to find candidate code that could take advantage of this new
utility method and adopted it there.
Change-Id: I133298f1b36d755bd35c1ad0dc0ab366fd164270
|
| | |
| |
| |
| | |
Change-Id: I9b795477fb1f64f613c2d7cc48476284702fd429
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
This works on RI 6 but fails on with our version of BouncyCastle
derived from 1.34 because of the one missing class
org.bouncycastle.jce.provider.JCEMac$ISO9797_DES
It is still useful because it fixes the list of algorithms in
StandardNames to make sure we don't unintentionally add or remove
algorithms when we upgrade to BouncyCastle 1.45.
Change-Id: I51e42a59505797d823004a798413ee2299bd163f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- reading extra bytes from the server depending on available()
- not sending the port with the proxy request
- returning a read-til-the-end stream instead of a read-0-bytes-stream
on CONNECT requests
- fixing MockWebServer to omit the unnecessary \r\n after
the response body
- tests no longer mask the issue by unambiguously reading characters.
Trailing newlines aren't discarded!
- New tests when content-length and content disagree. The RI fails
the test when the transfer-encoding is not chunked.
Change-Id: I888569844d323bc770cd5bb95ac71c740dd5e720
|
| |
|
|
|
|
| |
One failure is here: http://b/issue?id=2761326
Change-Id: If1918a2e59bd4335e38ce3ec4214dfccd24ee798
|
| |
|
|
|
|
|
|
| |
Also exposing core-tests-support for use by tests in frameworks/base.
I'm not particularly happy about this, but it seems to be the best
way to share test support code between the two build targets.
Change-Id: I5e8dcac90fc5d9be791e46c2606498978212108e
|
| |\
| |
| |
| | |
Change-Id: I711a9afb47d478d75fc26247271eb09bb9aa7b3b
|
| | |
| |
| |
| |
| |
| |
| |
| | |
JDK 1.6's jar utility fails with a "duplicate entry" error due to
identical test files in multiple locations. This change fixes the
build on JDK 1.6 by deleting the extra copies of the test files.
Change-Id: Iad27b9a345e7b455c1576989e948088fe00e1116
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Summary:
- RI 6 support for javax.net.ssl
- SSLEngine fixes based on new SSLEngineTest
- fix Cipher.checkMode bug recently introduced in dalvik-dev
Details:
Fix Cipher.checkMode that was preventing most javax.net.ssl tests from working
luni/src/main/java/javax/crypto/Cipher.java
RI 6 has introduced the concept of a "Default" SSLContext. This is
accessed via SSLContext.getDefault() and also
SSLContext.getInstance("Default"). Harmony had its own
DefaultSSLContext but it was not created via an SSLContextSpi. It also
was a single shared instance whereas the new RI6 Default SSLContext
shares internal SSLSessionContext instances between different Default
SSLContexts.
Refactored the old code into an SSLContextImpl subclass that
allows it to be created via SSLContext.getInstance. SSLContextImpl
ensures that we only ever create one set of SSLSessionContext
instances for the Default context.
luni/src/main/java/javax/net/ssl/DefaultSSLContext.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
Added SSLContext.getDefault and SSLContext.setDefault
luni/src/main/java/javax/net/ssl/SSLContext.java
Replace dependencies of old DefaultSSLContext with use of SSLContext.getDefault
luni/src/main/java/javax/net/ssl/SSLServerSocketFactory.java
luni/src/main/java/javax/net/ssl/SSLSocketFactory.java
Register "SSLContext.Default" as DefaultSSLContextImpl class for SSLContext.getInstance()
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
Added constant for new "Default" standard name and added it to
SSL_CONTEXT_PROTOCOLS. New tests based on SSL_CONTEXT_PROTOCOLS
made it clear that neither Android or RI support SSLv2 so removed
it from SSL_CONTEXT_PROTOCOLS and SSL_SOCKET_PROTOCOLS. Added
constant for TLS as well which was previously scattered all over
tests. Remove SSLv2Hello from SSL_SOCKET_PROTOCOLS for Android
since with OpenSSL disablign SSLv2 means you can not use
SSLv2Hello either.
support/src/test/java/javax/net/ssl/StandardNames.java
Added tests for SSLContext.getDefault and
SSLContext.setDefault. Changed existing tests to work on all
protocols including new "Default".
luni/src/test/java/javax/net/ssl/SSLContextTest.java
RI 6 has introduced the notion of SSLParameters which encapsulate SSL
the handshake parameters of desired cipher suites, protocols, and
client authentication requirements.
The main new class SSLParameters is basically just a bag of fields
with accessors and a couple simple constructors. The only things
of note are that it clones all String arrays on input and output
and the setters for the two boolean fields ensure that only one is
true at a time.
luni/src/main/java/javax/net/ssl/SSLParameters.java
Added SSLContext.getDefaultSSLParameters and
SSLContext.getSupportedSSLParameters which simply delegate to the
SSLContextSpi.
luni/src/main/java/javax/net/ssl/SSLContext.java
Added abstract SSLContextSpi.engineGetDefaultSSLParameters and
SSLContext.engineGetSupportedSSLParameters.
luni/src/main/java/javax/net/ssl/SSLContextSpi.java
Added engineGetDefaultSSLParameters and
engineGetSupportedSSLParameters implementation. The RI documents
in SSLContextSpi that these are implemented by default by creating
a socket via the SSLContext's SocketFactory and asking for the
enabled/supported cipher suites and protocols respectively, so
that is what is done. The doc mentions throwing
UnsupportedOperationException if there is a problem, so we do that
as well.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
Added {SSLEngine,SSLSocket}.{getSSLParameters,setSSLParameters}
which are analogous.
luni/src/main/java/javax/net/ssl/SSLEngine.java
luni/src/main/java/javax/net/ssl/SSLSocket.java
Added SSLParametersTest
luni/src/test/java/javax/net/ssl/SSLParametersTest.java
luni/src/test/java/javax/net/ssl/AllTests.java
Added SSLContext.get{Default,Supported}SSLParameters tests
luni/src/test/java/javax/net/ssl/SSLContextTest.java
Added SSLSocket.{getSSLParameters,setSSLParameters} tests and added
some extra asserts to test_SSLSocketPair_create based on experience
with test_SSLEnginePair_create.
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Dummy implementation of new SSLContextSpi for test classes.
support/src/test/java/org/apache/harmony/security/tests/support/MySSLContextSpi.java
support/src/test/java/org/apache/harmony/xnet/tests/support/MySSLContextSpi.java
Other minor RI 6 API changes:
RI 6 removed Serializable from HandshakeCompletedEvent and SSLSessionBindingEvent
luni/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java
luni/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java
RI 6 added generic types to the KeyStoreBuilderParameters List
constructor and accessor as well as to
SSLSessionContext.getIds. Fixed tests to compile with generic types.
luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java
luni/src/main/java/javax/net/ssl/SSLSessionContext.java
luni/src/test/java/tests/api/javax/net/ssl/KeyStoreBuilderParametersTest.java
SSLEngine improvements. Since I was changing SSLEngine, I wrote an
SSLEngineTest based on my SSLSocketTest to do some simply sanity
checking. It expose a number of issues. I've fixed the small ones,
marked the rest as known failures.
Renamed some TLS_ cipher suites to SSL_ to match JSSE standard
names. These were all old suites no longer supported by RI or
OpenSSL which is why they were missed in an earlier cleanup of this
type in this class. Also fixed SSLEngine supported cipher suites
list not to include SSL_NULL_WITH_NULL_NULL which is not a valid
suite to negotiate.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
SSLEngine instances can have null host values, which caused a
NullPointerException in the ClientSessionContext implementation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
SSLEngine tests were failing because SSLParameters was throwing
NullPointerException instead of IllegalArgument exception on null
element values. Fixed null pointer message style while I was here.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
Fixed SSLEngine instances to default to server mode like RI
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
Fixed KEY_TYPES based on SSLEngine implementation. Removed dead
code NativeCrypto.getEnabledProtocols which was recently made
obsolete. Cleaned up null exception messages to follow our convention.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
Added SSLEngineTest which parallels SSLSocketTest in its
coverage. Similarly added TestSSLEnginePair which loosely parallels
TestSSLSocketPair.
luni/src/test/java/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/javax/net/ssl/AllTests.java
support/src/test/java/javax/net/ssl/TestSSLEnginePair.java
SSLEngineTest betters exposed the differences between SSLSocket and
SSLEngine supported cipher suites. StandardNames now has an
CIPHER_SUITES_SSLENGINE definition which denotes what is missing
and what is extra and why in the SSLEngine implementation.
support/src/test/java/javax/net/ssl/StandardNames.java
Created StandardNames.assert{Valid,Supported}{CipherSuites,Protocols}
to factor out some code test code that is also used by new tests.
support/src/test/java/javax/net/ssl/StandardNames.java
luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Remove SSLSocketTest known failure and add new SSLEngineTest known failures
expectations/knownfailures.txt
SSL_OP_NO_TICKET change was recently merged from master which required some fixes.
For the moment, sslServerSocketSupportsSessionTickets always returns false.
support/src/test/java/javax/net/ssl/TestSSLContext.java
Fixed flakey test_SSLSocket_HandshakeCompletedListener which had a
race because the client thread look in the server session context
for an session by id potentially before the server thread had a
chance to store its session. Made noticable because of
SSL_OP_NO_TICKET recently merged from master (before this code
path was host only, not device)
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Fix checkjni issue where we need to check for pending exception in
OpenSSL callback. Possibly introduced by recent merge of
SSL_OP_NO_TICKET from master.
luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Expectation updates
Remove SSLSocketTest known failure and add new SSLEngineTest known failures
expectations/knownfailures.txt
Tag test_SSLSocket_getSupportedCipherSuites_connect as large
expectations/taggedtests.txt
Misc changes:
opening brace on wrong line
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
Long line cleanup while debugging
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketFactoryImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketFactoryImpl.java
support/src/test/java/javax/net/ssl/TestKeyStore.java
Removed bogus import
luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
Comment clarify while debugging
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Ctor -> Constructor in comment
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLEngineImpl.java
Fixed naming of SocketTest_Test_create to TestSocketPair_Create to match renamed classes
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Change-Id: I99505e97d6047eeabe4a0b93202075a0b2d486ec
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Enable Diffie-Hellman cipher suites in NativeCrypto (and in
StandardNames to match for testing). This means we now have the same
default cipher suite list as RI 5.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
support/src/test/java/javax/net/ssl/StandardNames.java
Enabling DH made it obvious that the RI check for enable cipher suites
on SSLServerSocket.accept was not as stringent as first
thought. Apparently they don't care if all enabled cipher suites have
certificates/keys, just that at least one of them will work, even if
its anonymous. Factored out the logic to check this into
checkEnabledCipherSuites for clarity along with the supporting
checkForPrivateKey. Also only check if the socket is in server mode,
since its fine to have nothing configured for server acting as a
client for handshake purposes.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
The real work to enable Diffie-Hellman was to use
SSL_CTX_set_tmp_dh_callback to set a callback to get DH
parameters. There are two ways to create the parameters. The first is
to use DH_generate_parameters_ex which is very slow (minutes) as is
recommended as install time option. The second is to use
DSA_generate_parameters_ex followed by DSA_dup_DH, which is faster for
a single call, but must be done every time, so slower overall. We
currently take the second approach to just have DH working.
luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Changed ephemeral RSA keys to be stored per SSL in AppData, not in a static global.
luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Fix LS_ to TLS_ typo in commented out constant. Removed easy to miss wrapping in array definition.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
Renamed CipherSuites defaultPretendant to defaultCipherSuites which
led to renaming the CipherSuites constants to follow the coding style.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerKeyExchange.java
Change-Id: Ia38de48cabb699b24fe6e341ba79f34e3da8b543
|
| |\ \
| | |
| | |
| | | |
into dalvik-dev
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These all fail on Dalvik because we haven't wired these together.
On the RI, everything passes except for the two tests that check
parsing for multiple cookies in a single HTTP header.
Change-Id: Idb10c5b51b7ae5ca400dc564f2926f0d5792093d
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Change text names of Harmony CipherSuite's (used by SSLEngine and some
places with OpenSSL code) to match JSSE names.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
Added StandardName constant for SSL_NULL_WITH_NULL_NULL
support/src/test/java/javax/net/ssl/StandardNames.java
Marked test as working with above fix, changed to use newly defined constant.
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
Change-Id: Id48d2adcbbff71306296f1fdf8ff970c618fdcc6
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added new test_SSLSocket_getSupportedCipherSuites_connect to make sure
all cipher suites we claim work actually do. It clearly exposed that
although a large number of cipher suites are supported by libssl.so,
they are not properly wired up into the OpenSSL JSSE
implementation. In particular Elliptic Curve has been disabled in our
version Bouncy Castle does not work. In addition Diffie-Hellman does
not work because we need to further integration work with OpenSSL via
SSL_set_tmp_dh_callback or SSL_set_tmp_dh. Finally,
SSL_RSA_EXPORT_WITH_RC4_40_MD5 doesn't work but that is being left as
KnownFailure for more immediate cleanup based on ServerHandshakeImpl's
handling of KeyExchange_RSA_EXPORT as part of having OpenSSL call us
back for certificates dynamically.
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Refactored TestSSLContext.createKeyStore to create TestKeyStore which
now factors out TestSSLContext.createKeys from the old createKeyStore
method, which allows createKeys to be called multiple times for
different key algorithms (for example DSA in addition to RSA). Also
added a reusable singleton instance to cut down on test execution
time.
support/src/test/java/javax/net/ssl/TestKeyStore.java
Removed publicAlias/privateAlias from TestSSLContext since we now
include both RSA and DSA key pairs in they KeyStore by default. Added
TestSSLContext.assertCertificateInKeyStore methods to help tests the
previously used the alias fields fields. TestSSLContext.create API
changed as well since the alias names are no longer
required. TestSSLContext.createClient now needs to iterate over all
server certificates when setting up its TrustManager instead of just
grabbing one by alias name.
support/src/test/java/javax/net/ssl/TestSSLContext.java
luni/src/test/java/javax/net/ssl/SSLContextTest.java
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
TestSSLSocketPair.connect now allows optional inclusion of server
cipher suite list.
support/src/test/java/javax/net/ssl/TestSSLSocketPair.java
luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
Turning off Elliptic Curve and Diffie-Hellman which are not currently
working. Updating test expectations to match.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
support/src/test/java/javax/net/ssl/StandardNames.java
Turn on registration of ECDSA and DSA since this part is currently
functional (and excercised by TestKeyStore.create())
luni/src/main/java/org/bouncycastle/x509/X509Util.java
Improve logging by including SSL pointer in error messages, which
makes it easier to relate these errors to JNI_TRACE messages.
luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Change-Id: I014d001a6a21a46c360678a346d3a3c8232f4d53
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
ScopedGlobalRef caused more trouble that it was worth. Rather than
trying to fix it to require updating of the JNIEnv, remove it to
remove the temptation for others to use it.
Also update SSL_set_ciphers_lists to use ScopedLocalRef and add HTML
anchors to Standard names javadoc JSEE references.
Change-Id: Ic3ed1bae3f29ee971d4461de31395b78c4949090
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Summary:
- Switch to using JSSE cipher suite names
- SSLSessionContext implementation cleanup
- Updated tests
Details:
Switch to using JSSE cipher suite names
- We maintain backward compatability for enabling cipher suites using
OpenSSL names for old code that did so without checking for the
presence of the names in the supported list.
- We now have a well defined list of the supported cipher suites which
are sorted in priority order as specified in JSSE documentation so
that callers doing:
s.setEnabledCipherSuites(s.getSupportedCipherSuites())
will get something reasonable.
- We now have a default cipher suite list that is chose to match RI
behavior and priority, not based on OpenSSLs default and priorities.
Details:
- Added NativeCrypto OPENSSL_TO_STANDARD and STANDARD_TO_OPENSSL
mapping between naming conventions. STANDARD_TO_OPENSSL is a
LinkedHashMap so enumerating it gives the proper order for
SUPPORTED_CIPHER_SUITES.
- SSL_get_ciphers and SSL_set_cipher_list are removed, we now use
our own SSL_set_cipher_lists (defined seperately in
external/openssl/patches/jsse.patch) to set the set and order of
cipher suites. SSL_CTX_get_ciphers is also removed because we no
longer rely on the OpenSSL for the default cipher suites
behavior.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Add cipherSuite and protocol field caches for native values,
mapping the cipherSuite to a JSSE name from the OpenSSL name
returned by SSL_SESSION_cipher.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
Fixed a long standing bug where we reused sessions found in the
client host/port cache even if the old protocol and cipher suite
where no longer compatible with what was specified by
setEnabledCipherSuites and setProtocols. Also fixed a recently
introduced bug where lastAccessedTime was being set on a cached
session even if it was not reused, found by fixed the above.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Move most of SSLSessionContext implementation from subclasses to
AbstractSessionContext. This was primarily to align the
implementations of how different sessions id for the same host and
port were handled for RI compatability. client subclasses now focuses
on handling its host/port based cache and both deal with their own
persistent cache details.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
Tests
Added some variants of assertSSLSessionContextSize to simplify tests code.
Broke test_SSLSessionContext_setSessionCacheSize_oneConnect out of
test_SSLSessionContext_setSessionCacheSize_dynamic. Renamed
test_SSLSessionContext_setSessionCacheSize_basic to
test_SSLSessionContext_setSessionCacheSize_noConnect to match name
of _oneConnect. _dynamic was cleaned up a bit as getting it working
was the only goal of this change list. Fixed to filter
SSL_RSA_EXPORT_ ciphers since our test certificate key length is
too long for those. Lower test requirement to 3 unique cipher suites.
luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
Added checks that cipher suites and protocols have standard names.
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
Removing known failures related to cipher suite naming. Fixed bug
of using assertNotNull instead of assertTrue. Added extra
size/length check which would have found the
assertNotNull/assertTrue issue.
luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Fixing test the explicitly worked around broken cipher suite naming.
luni/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java
Updated standard cipher suites to RI 6 list, which also now
specifies ordering, which we now align with.
support/src/test/java/javax/net/ssl/StandardNames.java
Unrelated
Remove more now obsolete jars from the test classpath
run-core-tests
Change-Id: I45c274a9327c9a1aeeccb39ecaf5a3fbe2903c8f
|
| | |
| |
| |
| |
| |
| | |
Gentlemen, you may now set your editors to "strip trailing whitespace"...
Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Mostly done by perl(1), with manual cleanup of the few misspelled instances.
This makes our trailing whitespace slightly worse, but I'll fix all that with
a follow-on change.
Change-Id: I0b4ca98819be6f9519c4ba980d759bd1ee1a0303
|
| |\ \
| | |
| | |
| | | |
body." into dalvik-dev
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
From the post-review comments here:
https://android-git.corp.google.com/g/51054
Change-Id: I67be25a6648a2df02a888a0ae8559c05614de20c
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add an explicit null check to ensure failure on a null argument to getSession to match the RI
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
Remove KnownFailures resolved by above fix as well as clarifiying SSL
session cache expections on Android vs the RI. The KnownFailures were
also hiding some latent issues to do SSL session tickets, so fixed
those up as well.
luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
Added constants for expected SSL session cache behavior for RI vs Android
support/src/test/java/javax/net/ssl/TestSSLContext.java
Change-Id: Ic6285192cf76c0a5c3fa45a24eaa504ed0babff5
|
