| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| | |
* commit '003f7a4d100cd1527d94bac81a4a3c5a8216c6ee':
Make test initialization lazy
|
| | |
| |
| |
| |
| |
| | |
Bug: 4311645
Change-Id: I4280d7ddb2a78f0e33564f3b40cfeb5c671e134a
|
| |/
|
|
|
|
|
| |
There's probably still more stuff lying around that isn't useful,
but this was all I had time for on this particular Friday afternoon...
Change-Id: I69593f6c9ab5534d581c703cc85a9766ba8e40e5
|
| |
|
|
|
| |
Bug: 4486011
Change-Id: I1877ce593d441653f75ab14884aa2d85f52652ad
|
| |\
| |
| |
| |
| |
| |
| | |
returning null values"
* commit 'e2fdfbde569a4cc284590c92bc57dc15dcc29a9c':
OpenSSLSocketImpl should tolerate X509KeyManager returning null values
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While this started out as the small fix in
OpenSSLSocketImpl.setCertificate and the corresponding test
test_SSLSocket_clientAuth_bogusAlias, the need to test the behavior of
the X509KeyManager returning null on the RI led to test maintenance to
get libcore.javax.net.ssl tests working on RI 7 thanks to a test
dependency that was added on the new InetAddress.getLoopbackAddress().
Change-Id: I3d8ed1ce453cc3a0b53e23e39c02e6a71413649c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the filesystem fails, cache performance degrades. Ongoing
writes should not see any filesystem errors: don't punish the
writer who isn't benefitting from the cache. Ongoing reads may
see IOExceptions while streaming files. In practice this will
only happen if the directory disappears during use, as is the
case when a removable partition is removed.
Change-Id: Ibf4d51998d9beaba9f8c86c449fd5c97ca869cee
http://b/3180373
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This requires a backdoor for the cache to read the request headers
at put time. This is implemented by getting the HttpEngine, which
will allow us to eventually share the response header parsing.
Change-Id: I177467244e5af0a3dda07883cd58d641bf75362f
http://b/3180373
|
| |\ \
| |/
| |
| |
| |
| |
| | |
applications via default TrustManager (2 of 6)"
* commit '3041d84e3c0ac7711868bdd7556047a3422e3052':
Make CertInstaller installed CA certs trusted by applications via default TrustManager (2 of 6)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
TrustManager (2 of 6)
frameworks/base
Adding IKeyChainService APIs for CertInstaller and Settings use
keystore/java/android/security/IKeyChainService.aidl
libcore
Improve exceptions to include more information
luni/src/main/java/javax/security/auth/x500/X500Principal.java
Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods.
Added support for adding user CAs in a separate directory for system.
Added support for removing system CAs by placing a copy in a sytem directory
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java
Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash
to make sure the implementing algorithms doe not change since
TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL
changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to
1.0.0)
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Extensive test of new TrustedCertificateStore behavior
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java
TestKeyStore improvements
- Refactored TestKeyStore to provide simpler createCA method (and
internal createCertificate)
- Cleaned up to remove use of BouncyCastle specific X509Principal
in the TestKeyStore API when the public X500Principal would do.
- Cleaned up TestKeyStore support methods to not throw Exception
to remove need for static blocks for catch clauses in tests.
support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Added private PKIXParameters contructor for use by
IndexedPKIXParameters to avoid wart of having to lookup and pass
a TrustAnchor to satisfy the super-class sanity check.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java
luni/src/main/java/java/security/cert/PKIXParameters.java
packages/apps/CertInstaller
Change CertInstaller to call IKeyChainService.installCertificate
for CA certs to pass them to the KeyChainServiceTest which will
make them available to all apps through the
TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask.
src/com/android/certinstaller/CertInstaller.java
Added installCaCertsToKeyChain and hasCaCerts accessor for use by
CertInstaller. Use hasUserCertificate() internally. Cleanup coding
style.
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Added MANAGE_ACCOUNTS so that IKeyChainService.reset
implementation can remove KeyChain accounts.
AndroidManifest.xml
Implement new IKeyChainService methods:
- Added IKeyChainService.installCaCertificate to install certs
provided by CertInstaller using the TrustedCertificateStore.
- Added IKeyChainService.reset to allow Settings to remove the
KeyChain accounts so that any app granted access to keystore
credentials are revoked when the keystore is reset.
src/com/android/keychain/KeyChainService.java
packages/apps/Settings
Changed com.android.credentials.RESET credential reset action to
also call IKeyChainService.reset to remove any installed user CAs
and remove KeyChain accounts to have AccountManager revoke
credential granted to private keys removed during the RESET.
src/com/android/settings/CredentialStorage.java
Added toast text value for failure case
res/values/strings.xml
system/core
Have init create world readable /data/misc/keychain to allow apps
to access user added CA certificates installed by the CertInstaller.
rootdir/init.rc
Change-Id: Ief57672eea38b3eece23b14c94dedb9ea4713744
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This tests what happens when the filesystem fails while reading or
writing the cached files. I still need to test what happens when
there are failures reading or writing the journal.
Change-Id: I48018514ef5b8cc206efc905b1823eb49589c8e8
http://b/3180373
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also capture FDs rather than InputStreams when a cache
entry is read. This permits the cache to return as many
streams as the caller requires.
Also fix bugs where we weren't properly releasing the
input streams from the responses.
Change-Id: I04807eab648864229f1e8734ad1fbb6a2d6bb51d
http://b/3180373
|
| | |
| |
| |
| |
| | |
Change-Id: I84f536e597efb4c2b8dd519261b327dcd3e9eefa
http://b/3180373
|
| |\ \
| | |
| | |
| | | |
dalvik-dev
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
That change was submitted too early. This is the missing
follow-up.
Change-Id: I521455a7d249f8841c989561775c91d4368a8966
http://b/3180373
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I wasn't planning on touching this code (since I want to replace it), but the
purported "fix" for http://code.google.com/p/android/issues/detail?id=6309 was
actually a regression. The supplied test fails on the RI. This patch replaces
the bogus test with new tests, and reverts the old "fix".
This was found while trying to work out what "true" and "false" return values
from OSNetworkSystem.select are supposed to mean. This patch also switches to
a more traditional int return value.
Bug: 3107501
Change-Id: Iddce55e081d440b7eb3ddcf94db7d0739dc89c70
|
| |/ /
| |
| |
| |
| |
| | |
http://b/3180373
Change-Id: I55ed45c5d0b8fc72cf50e8912416367ac802dc7a
|
| | |
| |
| |
| | |
Change-Id: I90fcf6c284f4a3bbe36ef0ed44f85ddf5a424ffb
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Previously I'd introduced a bug by assuming that CONNECT
responses would always be successful.
Change-Id: Iaf0caf67f52154f6951a20284c75db0090843b99
http://b/4188137
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| | |
The main thing is that some of the tests were relying on the presence of the
removed "java.net.preferIP*" properties.
Change-Id: I4cb1e99a13ed10c3ce14dad58579454a22b3416f
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Break HttpURLConnectionImpl into two parts: the part that
implements the Java API (that follows redirects etc.) and
the part that speaks HTTP. The HTTP part is called HttpEngine,
and it can only be used for a single HTTP request. This makes
it easier to set request properties that only apply to a
single socket request.
Tests for 'Vary', 'Content-Location' and warnings.
For simplicity of implementation I've chosen not to support
'Vary' at this time.
The 'Content-Location' header doesn't require any work from
the cache.
Warnings are ugly but allow the caller to identify when the
cache results may be problematic.
Also breaking HttpResponseCache's dependency on HttpURLConnectionImpl
so it can be tested on the RI.
Change-Id: Idbabb51251f479c2cdea4e0fceb029bfd07182be
http://b/3180373
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We now honor headers from both the server's response (which
we have cached) and the client's request.
Change-Id: Ib46e4fc0c5dd5b3e74cff8f45eea2dda51d20b94
http://b/3180373
|
| |\ \
| | |
| | |
| | | |
Change-Id: Ie1f2d796466f1799929b010d67585fd551b6f840
|
| | |\ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Mostly a cleanup of CertificateTest, but it found one small bug in X509CertImpl
- X509CertImpl.verify with a specific provider should use that provider,
not ignore it and use the NativeCrypto fast path
- Fix the bad testGetEncoded logic that was expected PEM bytes to
equal a DER encodi
- Remove libcore and harmony dependencies that were preventing these
from running on the RI
- Note testSerializationCompatibility is still failing, but is fixed
by the unmerged 46c6fad9fad8f3dbbc82516232a225f37d332ca7
Bug: 1635707
Change-Id: Ib86d21d6458cf1438c6ddd715ccb5a4f8a9af9e6
|
| |\ \ \ \
| |/ / /
| | | /
| |_|/
|/| |
| | |
| | | |
instead (2 of 3)
* commit '347b2a604114602da9bc4ae040278f74d11c2f51':
Avoid loading all CA certs into Zygote memory, lazily load instead (2 of 3)
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously the CA certs stored in the BKS KeyStore at
/system/etc/security/cacerts.bks was loaded in the Zygote. As the the
number of CAs are started to increase, this is causing more and more
memory to be used for rarely used CAs. The new AndroidCAStore KeyStore
implementation reads the CAs as needed out of individual PEM
certificate files. The files can be efficiently found because they are
named based on a hash CA's subject name, similar to OpenSSL.
Bug: 1109242
Details:
build
Removing old cacerts.bks from GRANDFATHERED_ALL_PREBUILT and
adding new cacerts directory to core PRODUCT_PACKAGES
core/legacy_prebuilts.mk
target/product/core.mk
libcore
cacerts build changes. Move cacerts prebuilt logic to new
CaCerts.mk from NativeCode.mk where it didn't make sense. Updated
Android.mk's dalvik-host target to install new cacerts files.
Android.mk
CaCerts.mk
NativeCode.mk
Remove old cacerts.bks and add remove certimport.sh script used to
generate it. Preserved the useful comments from certimport.sh in
the new README.cacerts
luni/src/main/files/cacerts.bks
luni/src/main/files/certimport.sh
luni/src/main/files/README.cacerts
Recanonicalize cacerts files using updated vendor/google/tools/cacerts/certimport.py
(See below discussion of certimport.py changes for details)
luni/src/main/files/cacerts/00673b5b.0
luni/src/main/files/cacerts/03e16f6c.0
luni/src/main/files/cacerts/08aef7bb.0
luni/src/main/files/cacerts/0d188d89.0
luni/src/main/files/cacerts/10531352.0
luni/src/main/files/cacerts/111e6273.0
luni/src/main/files/cacerts/1155c94b.0
luni/src/main/files/cacerts/119afc2e.0
luni/src/main/files/cacerts/11a09b38.0
luni/src/main/files/cacerts/12d55845.0
luni/src/main/files/cacerts/17b51fe6.0
luni/src/main/files/cacerts/1920cacb.0
luni/src/main/files/cacerts/1dac3003.0
luni/src/main/files/cacerts/1dbdda5b.0
luni/src/main/files/cacerts/1dcd6f4c.0
luni/src/main/files/cacerts/1df5ec47.0
luni/src/main/files/cacerts/1e8e7201.0
luni/src/main/files/cacerts/1eb37bdf.0
luni/src/main/files/cacerts/219d9499.0
luni/src/main/files/cacerts/23f4c490.0
luni/src/main/files/cacerts/27af790d.0
luni/src/main/files/cacerts/2afc57aa.0
luni/src/main/files/cacerts/2e8714cb.0
luni/src/main/files/cacerts/2fa87019.0
luni/src/main/files/cacerts/2fb1850a.0
luni/src/main/files/cacerts/33815e15.0
luni/src/main/files/cacerts/343eb6cb.0
luni/src/main/files/cacerts/399e7759.0
luni/src/main/files/cacerts/3a3b02ce.0
luni/src/main/files/cacerts/3ad48a91.0
luni/src/main/files/cacerts/3c58f906.0
luni/src/main/files/cacerts/3c860d51.0
luni/src/main/files/cacerts/3d441de8.0
luni/src/main/files/cacerts/3e7271e8.0
luni/src/main/files/cacerts/418595b9.0
luni/src/main/files/cacerts/455f1b52.0
luni/src/main/files/cacerts/46b2fd3b.0
luni/src/main/files/cacerts/48478734.0
luni/src/main/files/cacerts/4d654d1d.0
luni/src/main/files/cacerts/4e18c148.0
luni/src/main/files/cacerts/4fbd6bfa.0
luni/src/main/files/cacerts/5021a0a2.0
luni/src/main/files/cacerts/5046c355.0
luni/src/main/files/cacerts/524d9b43.0
luni/src/main/files/cacerts/56b8a0b6.0
luni/src/main/files/cacerts/57692373.0
luni/src/main/files/cacerts/58a44af1.0
luni/src/main/files/cacerts/594f1775.0
luni/src/main/files/cacerts/5a3f0ff8.0
luni/src/main/files/cacerts/5a5372fc.0
luni/src/main/files/cacerts/5cf9d536.0
luni/src/main/files/cacerts/5e4e69e7.0
luni/src/main/files/cacerts/60afe812.0
luni/src/main/files/cacerts/635ccfd5.0
luni/src/main/files/cacerts/67495436.0
luni/src/main/files/cacerts/69105f4f.0
luni/src/main/files/cacerts/6adf0799.0
luni/src/main/files/cacerts/6e8bf996.0
luni/src/main/files/cacerts/6fcc125d.0
luni/src/main/files/cacerts/72f369af.0
luni/src/main/files/cacerts/72fa7371.0
luni/src/main/files/cacerts/74c26bd0.0
luni/src/main/files/cacerts/75680d2e.0
luni/src/main/files/cacerts/7651b327.0
luni/src/main/files/cacerts/76579174.0
luni/src/main/files/cacerts/7999be0d.0
luni/src/main/files/cacerts/7a481e66.0
luni/src/main/files/cacerts/7a819ef2.0
luni/src/main/files/cacerts/7d3cd826.0
luni/src/main/files/cacerts/7d453d8f.0
luni/src/main/files/cacerts/81b9768f.0
luni/src/main/files/cacerts/8470719d.0
luni/src/main/files/cacerts/84cba82f.0
luni/src/main/files/cacerts/85cde254.0
luni/src/main/files/cacerts/86212b19.0
luni/src/main/files/cacerts/87753b0d.0
luni/src/main/files/cacerts/882de061.0
luni/src/main/files/cacerts/895cad1a.0
luni/src/main/files/cacerts/89c02a45.0
luni/src/main/files/cacerts/8f7b96c4.0
luni/src/main/files/cacerts/9339512a.0
luni/src/main/files/cacerts/9685a493.0
luni/src/main/files/cacerts/9772ca32.0
luni/src/main/files/cacerts/9d6523ce.0
luni/src/main/files/cacerts/9dbefe7b.0
luni/src/main/files/cacerts/9f533518.0
luni/src/main/files/cacerts/a0bc6fbb.0
luni/src/main/files/cacerts/a15b3b6b.0
luni/src/main/files/cacerts/a3896b44.0
luni/src/main/files/cacerts/a7605362.0
luni/src/main/files/cacerts/a7d2cf64.0
luni/src/main/files/cacerts/ab5346f4.0
luni/src/main/files/cacerts/add67345.0
luni/src/main/files/cacerts/b0f3e76e.0
luni/src/main/files/cacerts/bc3f2570.0
luni/src/main/files/cacerts/bcdd5959.0
luni/src/main/files/cacerts/bda4cc84.0
luni/src/main/files/cacerts/bdacca6f.0
luni/src/main/files/cacerts/bf64f35b.0
luni/src/main/files/cacerts/c0cafbd2.0
luni/src/main/files/cacerts/c215bc69.0
luni/src/main/files/cacerts/c33a80d4.0
luni/src/main/files/cacerts/c527e4ab.0
luni/src/main/files/cacerts/c7e2a638.0
luni/src/main/files/cacerts/c8763593.0
luni/src/main/files/cacerts/ccc52f49.0
luni/src/main/files/cacerts/cdaebb72.0
luni/src/main/files/cacerts/cf701eeb.0
luni/src/main/files/cacerts/d16a5865.0
luni/src/main/files/cacerts/d537fba6.0
luni/src/main/files/cacerts/d64f06f3.0
luni/src/main/files/cacerts/d777342d.0
luni/src/main/files/cacerts/d8274e24.0
luni/src/main/files/cacerts/dbc54cab.0
luni/src/main/files/cacerts/ddc328ff.0
luni/src/main/files/cacerts/e48193cf.0
luni/src/main/files/cacerts/e60bf0c0.0
luni/src/main/files/cacerts/e775ed2d.0
luni/src/main/files/cacerts/e7b8d656.0
luni/src/main/files/cacerts/e8651083.0
luni/src/main/files/cacerts/ea169617.0
luni/src/main/files/cacerts/eb375c3e.0
luni/src/main/files/cacerts/ed049835.0
luni/src/main/files/cacerts/ed524cf5.0
luni/src/main/files/cacerts/ee7cd6fb.0
luni/src/main/files/cacerts/f4996e82.0
luni/src/main/files/cacerts/f58a60fe.0
luni/src/main/files/cacerts/f61bff45.0
luni/src/main/files/cacerts/f80cc7f6.0
luni/src/main/files/cacerts/fac084d7.0
luni/src/main/files/cacerts/facacbc6.0
luni/src/main/files/cacerts/fde84897.0
luni/src/main/files/cacerts/ff783690.0
Change IntegralToString.intToHexString to take width argument to
allow for leading zero padding. Updated existing callers to
specify 0 padding desired. Add testing of new padding
functionality.
luni/src/main/java/java/lang/Character.java
luni/src/main/java/java/lang/Integer.java
luni/src/main/java/java/lang/IntegralToString.java
luni/src/test/java/libcore/java/lang/IntegralToStringTest.java
Improved to throw Exceptions with proper causes
luni/src/main/java/java/security/KeyStore.java
luni/src/main/java/java/security/Policy.java
luni/src/main/java/java/security/cert/CertificateFactory.java
luni/src/main/java/javax/crypto/Cipher.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignature.java
Indentation fixes
luni/src/main/java/java/security/SecureRandom.java
Fix X509CRLSelector.getIssuerNames to clone result and added test to cover this.
luni/src/main/java/java/security/cert/X509CRLSelector.java
luni/src/test/java/libcore/java/security/cert/X509CRLSelectorTest.java
Fixed bug where we created an X500Principal via a String
representation instead of from its original encoded bytes. This
led to a difficult to track down bug where CA 418595b9.0 where the
NativeCode.X509_NAME_hash of a Harmony (but not BouncyCastle)
X509Certificate would not hash to the expected value because the
encoded form used an ASN.1 PrintableString instead of the
UTF8String form found in the original certificate.
luni/src/main/java/org/apache/harmony/security/x501/Name.java
Add a new RootKeyStoreSpi and register it as the
AndroidCAStore. This new read-only KeyStore implementation that
looks for certificates in $ANDROID_ROOT/etc/security/cacerts/
directory, which is /system/etc/security/cacerts/ on devices. The
files are stored in the directory based on the older md5 based
OpenSSL X509_NAME_hash function (now referred to as
X509_NAME_hash_old in OpenSSL 1.0)
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
Added OpenSSL compatible X509_NAME_hash and X509_NAME_hash_old
functions for producting an int hash value from an X500Principal.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
Changed TrustManagerFactoryImpl to use AndroidCAStore for its default KeyStore
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerFactoryImpl.java
Changed TrustManagerImpl to be AndroidCAStore aware. If it detects
an AndroidCAStore, it avoids generating the acceptedIssuers array
at constructions, since doing so would force us to parse all
certificates in the store and the value is only typically used by
SSLServerSockets when requesting a client certifcate. Because we
don't load all the trusted CAs into the IndexedPKIXParameters at
startup in the case of AndroidCAStore, we now check for new CAs
when examining the cert chain for unnecessary TrustAnchors and for
a newly discovered issuer at the end of the chain before
validation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Updated KeyStoreTest to cope with read only KeyStore. Update
test_cacerts_bks (now renamed test_cacerts) to use the
AndroidCAStore for validating system CA certificate
validity. Register AndroidCAStore as an expected KeyStore type
with StandardNames.
luni/src/test/java/libcore/java/security/KeyStoreTest.java
support/src/test/java/libcore/java/security/StandardNames.java
Added test of X500Principal serialization while investigating Name
encoding issue. However, the actual Name bug was found and
verified by the new test_cacerts test.
luni/src/test/java/libcore/javax/security/auth/x500/X500PrincipalTest.java
vendor/google
Change canonical format for checked in cacerts to have PEM
certificate at the top, as required by Harmony's X.509
CertificateFactory.
tools/cacerts/certimport.py
Change-Id: If0c9de430f13babb07f96a1177897c536f3db08d
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This is the first step towards adding an HTTP response cache.
There's still much to do; details are listed on the bug.
Change-Id: Ie693fe424d1d90e90576fc959595e4d96a31f767
http://b/3180373
|
| | |
| |
| |
| | |
Change-Id: I6e9be66b3f4fd4c09b31e2508236af62fa5214e3
|
| |/
|
|
| |
Change-Id: I26a9ff274fd86c4645e44123f6761621045228b5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow access to default IndexedPKIXParameters, similar to access to
default TrustManager. Needed to allow framework to add/remove trusted
CAs at runtime.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Add test support for looking up a cert by an issuer for use in key chain tests.
support/src/test/java/libcore/java/security/TestKeyStore.java
Add test support SSLSocketFactory that sets desired client auth on
each created socket. For use with MockWebServer for key chain testing.
support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java
Change-Id: Iecdbd40c67f1673bda25a52b4e229156c805d564
|
| |\
| |
| |
| |
| |
| |
| | |
after we close it.
* commit '866b399e1d5cab4cc8d196f8008ba8ad8376765d':
Don't read from the delegate stream after we close it.
|
| | |
| |
| |
| |
| | |
Change-Id: Ib724b170f7ec10ea0025c0e2e7978119fd070eb6
http://b/4188137
|
| | |
| |
| |
| |
| |
| | |
Not having Arabic locale data is not a reason to skip German tests.
Change-Id: I5062d2a0343e8e040f5766532433ade37569b0c5
|
| | |
| |
| |
| | |
Change-Id: I31c9f6e9add87a17737eac4f09949540e5da8cb5
|
| | |
| |
| |
| | |
Change-Id: Iced1b64b74e664cbf75006adc2be9cfe1c9ba0e9
|
| | |
| |
| |
| | |
Change-Id: I467d91e65492cdba08d11ae5420a8b849a682a7a
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
All four overloads of valueOf (byte[], long[], ByteBuffer, LongBuffer) are
included. There's still toByteArray and previousClearBit/previousSetBit to
add in a later change. This includes all the rewriting of BitSet I planned on,
though it may be possible to simplify it still further (in particular, I left
get(int, int) pretty much as it was).
This implementation is faster than the old one, as well as clearer, and it
also has a more sane performance profile; operations that ought to be cheap --
such as isEmpty -- are now cheap, and you now always amortize the cost of any
work you cause to be done, where before you might have to do it repeatedly
until a structural change.
The new code also makes better use of Long's functionality.
Bug: 3484927
Change-Id: I180e6ae836437e78a8b6ca0a7a5d522e58f3d911
|
| | |
| |
| |
| | |
Change-Id: I89243efdeebe22543c45a2166b634f40c3e78cf8
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This dramatically improves the runtime of these tests from a few
minutes to a few seconds.
Also update known failures to cover the new reasons why these
tests are failing.
Change-Id: I82b738f3f1fb24a08d334fa960153692a0c9144f
http://b/3474446
|
| | |
| |
| |
| | |
Change-Id: Ia3fee27c8f8ca38120eea3fc2582d3e1b2504cea
|
| |\ \
| |/
| |
| | |
Change-Id: Ic6f0172767d6feedb188d3a5e7488a67702ef8c4
|
| | |
| |
| |
| | |
Change-Id: I2340a9dbad3561fa681a8ab47d4f406e72c913e3
|
| |\ \
| |/
| |
| |
| | |
* commit '4155a2498a57fb09e92815f8993a70c216ddc5ec':
Performance improvements to NativeCrypto based MessageDigest API
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
NativeCrypto API improvements:
- Move to using EVP_MD related native methods, some of which are derived
from the EVP_MD_CTX versions with similar name. The new
EVP_get_digestbyname allows one time lookup of the EVP_MD from the
string name, avoiding doing it on every call to EVP_DigestInit.
- EVP_MD_CTX_create is now removed, it is just done as part of
EVP_DigestInit and EVP_VerifyInit to an extra JNI call.
- EVP_DigestFinal now destroys the EVP_MD_CTX to avoid needing to make
another call JNI call to EVP_MD_CTX_destroy. EVP_MD_CTX_destroy is
kept for cases when EVP_DigestFinal is never called.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
In addition to the improved NativeCrypto API to allow better
performance for callers, the implementations use of
throwExceptionIfNecessary was made conditional based on the status
code from various operations, which had a noticeable impact on
performance compared to android.security.MessageDigest
luni/src/main/native/NativeCrypto.cpp
Updated MessageDigest.getInstance default implementation to use new
NativeCrypto API. An EVP_MD instance is looked up at class load time
for a specific digest type and then used to call
NativeCrypto.EVP_DigestInit as needed, avoiding a lookup of EVP_MD for
each new digest. The EVP_MD is also for a one-time lookup the digest
output size in bytes, to avoid native calls for
engineGetDigestLength. Finally, the creation of the EVP_MD_CTX is now
lazy, only created when needed, avoiding unnecessarily create/free in
reset cases such as engineDigest. See also external/bouncycastle's
OpenSSLDigest implementation which had similar optimizations.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLMessageDigestJDK.java
OpenSSLSignature also used EVP_MD_CTX_create, and its EVP_VerifyInit
was changed similar to EVP_DigestInit to internally allocate the
EVP_MD_CTX on the call to init.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignature.java
Fix test to work with arbitrary provider order
luni/src/test/java/org/apache/harmony/security/tests/java/security/MessageDigest2Test.java
Fix CloseGuard warnings
luni/src/test/java/tests/security/MessageDigestTest.java
Bug: 3392028
Change-Id: Idb266ebc0918ffd5550e0f457784256400cd2ff0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We used to include a full IP address parser and formatter. The
formatter handled one interesting case: a 2x length byte[]
containing both an IP route and mask. Although our code supported
parsing and formatting these, they do not occur in practice. The
Java APIs don't support NameConstraints, which is the only part of
the spec that uses them.
Change-Id: I7a4b22b40a37d6f26ec09fc5188ec1ba43e4d249
http://b/3385492
|
| |/
|
|
| |
Change-Id: I346aea42a27042512f4ed97690f1e0ca1755257c
|
