summaryrefslogtreecommitdiffstats
path: root/support
Commit message (Collapse)AuthorAgeFilesLines
* Groundwork towards making the Libcore.os functionality public.Elliott Hughes2014-04-241-2/+2
| | | | Change-Id: Ie700aa16d91fba53fc5eb2555829cb74d84b12ad
* Fix SSLEngineTest for RIKenny Root2014-04-221-1/+1
| | | | | | | | The assymmetry between client and server with create sessions seems strange. It seems like a bug in the RI, so make sure Android does the right thing. Change-Id: I7b7ab501bd1963757b7f067c6ace8230a19a3e53
* Update SSLEngineTest for OpenSSLKenny Root2014-04-102-31/+42
| | | | | | | Our new OpenSSL-based SSLEngine supports all the new stuff and no longer fails tests. Change-Id: I7db8e5134ca36ebd963c7081cd7ba79d91b3e5e2
* Update SSLEngineTest for RIKenny Root2014-04-104-15/+41
| | | | | | | | The RI now supports TLSv1.2 with SSLEngine, so update all the expectations for their tests. It also appears to disable "weak" algorithms when you select TLSv1.2. Change-Id: I564283bb4945d3b71bee0f89c93c6dd6e238b4f8
* Add X509ExtendedTrustManagerKenny Root2014-03-253-16/+123
| | | | | | | | | | | | | | | This adds the X509ExtendedTrustManager class and all its ancillary methods that allow it to be used. This allows the endpointVerificationAlgorithm setting to be enabled on SSLSocket to check that the cerificate given for the endpoint during the handshake matched the expected hostname. Since X509ExtendedTrustManager allows you to pass in an SSLSocket, there is a new call added to SSLSocket called getHandshakeSession which does not force the handshake to take place. Bug: 13103812 Change-Id: I18a18b4f457d1676c8dc9a2a7bf7c3c4646a0425
* StandardNames: only remove DH_* for RIKenny Root2014-03-211-3/+9
| | | | | | The RI doesn't use DH_RSA and DH_DSA, but we do. Only remove them when the RI is running the tests. Change-Id: Id496a60e64ea51b105b7548e219e9340608f4672
* Merge "Support multiple KeyManagers in TestSSLContext and TestKeyStore."Alex Klyubin2014-03-212-15/+12
|\
| * Support multiple KeyManagers in TestSSLContext and TestKeyStore.Alex Klyubin2014-03-192-15/+12
| | | | | | | | | | | | | | The two classes in some places assumed that only one KeyManager is necessary or that only the first provided KeyManager is important. Change-Id: I88629778911503ac7c233341d44612247d799d22
* | StandardNames: update RI expectationsKenny Root2014-03-201-32/+45
|/ | | | Change-Id: Ia20902cc63d5e3ef1ac4cfc7a0b651368e845867
* Modify FinalizationTester to use Runtime.gc()Neil Fuller2014-03-031-1/+3
| | | | | | | | | System.gc() has changed in Android: it doesn't gc every time any more. Runtime.getRuntime().gc() is more likely to cause a garbage collection. Change-Id: I294c98a3b82ccb8867b6667d35c88fe9441110db Bug: 13097524
* Addition of 1.7 methods to URLConnection.Neil Fuller2014-02-191-4/+12
| | | | | | | | | | | | | | | | | | URLConnection.getHeaderLong() and URLConnection.getContentLengthLong(). These methods are required by okhttp. Changed JarURLConnectionImpl.getContentLength() to return -1 when the size of an entry cannot be represented as an int. Previously it would have returned a corrupted, possibly negative, value due to a cast. Changed FileURLConnection.getContentLength() to return -1 when the size of the file cannot be represented as an int. Previously it would have returned a corrupted, possibly negative, value due to a cast. Change-Id: Ib43e68a2536c2602b4c7ee0cda68fa1f90045f57
* Fix another set of file related tests.Narayan Kamath2014-02-191-36/+0
| | | | | | | | | | | | - Get rid of Support_PlatformFile, use File.createTempFile instead. - Replace numerous uses of "user.dir" / "user.home" etc. with File.createTempFile - Replace calls to Process / chmod with Libcore.os.chmod. The calls wouldn't have worked anyway, since chmod on android doesn't understand the incremental (+w, -x) syntax. Change-Id: Ic6944568bbee6a548da6dcb4364b882636f2959f
* Delete unused test resources.Narayan Kamath2014-02-122-0/+0
| | | | | These resources were used only by DalvikExecTest. Change-Id: Icb063fcf96593eeb3c6d9392214b3bc67305af53
* Skip TimaKeyStore in KeyStoreTestAn Liu2014-02-071-0/+6
| | | | | TimaKeyStore is Samsung's TrustZone-based KeyStore service provider. It should be skipped for KeyStore test cases since Samsung has it's own test cases.
* Assert PKCS#7 padding supported for AES and 3DES.Alex Klyubin2014-01-311-0/+12
| | | | | | | | | | | | | | This tests that PKCS#7 padding for all Cipher transformations which currently support PKCS#5 padding. PKCS#5 padding is a special case of PKCS#7 padding. PKCS#5 padding is defined specifically for 64 bit long blocks. However, lots of code assumes that PKCS#5 for other block sizes works exactly like PKCS#7, and thus uses PKCS#5 padding where PKCS#7 should actually be used (e.g., with AES). Thus, we assert the assumption that PKCS#7 padding works exactly like PKCS#5 padding. Change-Id: I0ca8a952c67bc7aff172e22bd730378d41438067
* X509CertificateTest: add test for negative serialKenny Root2014-01-2842-83/+176
| | | | | | | Update cert tests to save the private keys and also change the main certificate to a negative serial to exercise more corner cases. Change-Id: Ia59eece8ced0988b140ebf2e932b54298047f32d
* Delete Support_PortManager & OldDatagramSocketTestNarayan Kamath2014-01-061-105/+0
| | | | | | | | | | | | | Support_PortManager didn't really work, so rewrite all tests that use it. Also, dedup OldDatagramSocketTest with the harmony DatagramSocketTest. Fix various broken test cases and terribly written tests. bug: 11689863 Change-Id: I4efb9e02eb88517273fff50a0dec1d0262feafb2
* Disable MD5 cipher suites in SSLSocket and SSLEngine.Alex Klyubin2013-12-191-3/+1
| | | | | | | | | | | Although HMAC-MD5 is not yet broken, the foundations are shaky -- see http://tools.ietf.org/html/rfc6151. Scans show that disabling these TLS/SSL cipher suites currently causes handshake issues with 0.4% of the ecosystem. Bug: 11220570 Change-Id: I1970d2ecbdf3c0d26e45d439047b1d3884ade2ec
* Actually prefer Forward Secrecy cipher suites.Alex Klyubin2013-12-181-2/+2
| | | | | | | | | | | The documentation for the list of TLS/SSL cipher suites used by default states that cipher suites offering Forward Secrecy are preferred. This CL adjusts the list to conform: FS cipher suites that use RC4_128 bulk encryption algorithm were not preferred over non-FS cipher suites that use AES. Bug: 11220570 Change-Id: Ic9019306898600086920874474764186b710c3ef
* Assert static key ECDH disallowed in default cipher suites.Alex Klyubin2013-12-181-4/+2
| | | | | | | | | This is a follow-up to 5b15ad6b3d508a97d1cd23667afaee8c55072718 which removed static key ECDH cipher suites from the default list, but where the list of permitted key exchanges wasn't updated. Bug: 11220570 Change-Id: I319e21bf4475ddb9e6262b41dda99f5e33b1816f
* Disable 3DES cipher suites in SSLSocket.Alex Klyubin2013-12-181-6/+0
| | | | | | | | | | | The effective key length for 3DES_EDE bulk encryption algorithm is only 112 bits. We're now aiming for 128 and higher. Scans show that removing these cipher suites from the default list causes handshake issues only with 0.15% of the ecosystem. Bug: 11220570 Change-Id: Ie01ebe8134d08a36b276295b804540157963be8f
* Disable static server key ECDH cipher suites in SSLSocket.Alex Klyubin2013-12-171-8/+0
| | | | | | | | | | | | | | These cipher suites use a static key for ECDH on the server side. When client certificates are used, a static key is also used on the client side, leading to the same premaster secret for all connections between a particular client and server. Also, these cipher suites do not provide forward secrecy. Scans show that removing these cipher suites from the default list does not affect connectivity to servers and is thus safe. Bug: 11220570 Change-Id: If34f4a3888ed9972c39d171656a85c61dfa98ea1
* Enable AES-GCM cipher suites by default in SSLSocket.Alex Klyubin2013-12-171-3/+15
| | | | | | | | AES-GCM is preferred to AES-CBC whose MAC-pad-then-encrypt approach has issues (e.g., Lucky 13 attack). Bug: 11220570 Change-Id: Ib007bc89ccf08358ed3f093f630350fa859e7c35
* Enable support for TLSv1.2 cipher suites in SSLSocket.Alex Klyubin2013-12-171-23/+41
| | | | | | | | This adds support for AES-GCM and AES-CBC with MACs based on SHA256 and SHA384. Bug: 11220570 Change-Id: I56e7e25c5cd65a4c7662da6d4bbe5720f427e677
* Enable TLSv1.1 and TLSv1.2 by default for SSLSocket.Alex Klyubin2013-12-161-1/+3
| | | | | | | | | | | | | | | | | | | | | TLSv1.1 and TLSv1.2 offer built-in protection against BEAST attack and support for GCM cipher suites. This change causes TLS/SSL handshake failures with a small fraction of servers, load balancers and TLS/SSL accelerators with broken TLS/SSL implementations. Scans demonstrate that the number is around 0.6%. Breaking connectivity (using platform default settings) to a tiny minority of the ecosystem is acceptable because this inconvenience is outweighed by the added safety for the overwheling majority of the ecosystem. App developers affected by this issue should consider asking such servers to be fixed or explicitly disabling TLSv1.1 and TLSv1.2 in their apps. Bug: 11220570 Change-Id: Ice9e8ce550401ba5e3385fd369c40f01c06ac7fd
* Remove HarmonyJSSE SSLContext, SSLSocket and SSLServerSocket.Alex Klyubin2013-12-161-11/+5
| | | | Change-Id: I3c939e9275ba8f1d00342d1f83c6fdaf110f2317
* CipherTest: add support for GCM cipherKenny Root2013-12-131-0/+2
| | | | Change-Id: I4b5a5123977a1df152f097e2c7ed86cf7dbcfe9e
* Javadoc the default configuration of SSLEngine.Alex Klyubin2013-12-121-2/+4
| | | | | | | | The Javadoc of javax.net.ssl.SSLEngine now lists the protocols and cipher suites supported and enabled by default. Bug: 11220570 Change-Id: I6e365d58bfe2ddf60bae9dc7ccd0a33249e9e125
* Javadoc the default configuration of SSLSocket.Alex Klyubin2013-12-111-1/+4
| | | | | | | | The Javadoc of javax.net.ssl.SSLSocket now lists the protocols and cipher suites supported and enabled by default. Bug: 11220570 Change-Id: I3b6a96a86618370a55abf3307cbaadd1a1587066
* am 439113b7: Merge "Import resources, fix JarURLConnectionTest."Narayan Kamath2013-11-151-0/+0
|\ | | | | | | | | * commit '439113b7577fa3ed7c974fe158034649551130c4': Import resources, fix JarURLConnectionTest.
| * Merge "Import resources, fix JarURLConnectionTest."Narayan Kamath2013-11-151-0/+0
| |\
| | * Import resources, fix JarURLConnectionTest.Narayan Kamath2013-11-141-0/+0
| | | | | | | | | | | | | | | | | | The test case with the escaped URL still fails. Change-Id: Iae3a58fea800d8b981cb09474d1fa77b7c361e4e
* | | am ebf160a0: Merge "Add serialization golden files, fix tests."Narayan Kamath2013-11-152-43/+5
|\ \ \ | |/ / | | | | | | | | | * commit 'ebf160a0a41f2ea819b5c5c2e33199c098312941': Add serialization golden files, fix tests.
| * | Merge "Add serialization golden files, fix tests."Narayan Kamath2013-11-152-43/+5
| |\ \
| | * | Add serialization golden files, fix tests.Narayan Kamath2013-11-132-43/+5
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | - Moves a few golden files from luni/ to harmony-tests/ - Delete dead code in SerializationTester - Fix a bug in SerializationTest (not sure how this ever worked for resources with "." in their name) Change-Id: Ia5b1376f4ada9b9c706a266ae077debeea5b1f29
* | | am 4cac31eb: Merge "Add untracked harmony tests."Narayan Kamath2013-11-1522-0/+1668
|\ \ \ | |/ / | | | | | | | | | * commit '4cac31eba78e0002e19dae81443f664c66d83340': Add untracked harmony tests.
| * | Merge "Add untracked harmony tests."Narayan Kamath2013-11-1522-0/+1668
| |\ \ | | |/
| | * Add untracked harmony tests.Narayan Kamath2013-11-1322-0/+1668
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This has been deduped against : libcore/luni/src/test/java/org/apache/harmony/luni/tests libcore/luni/src/test/java/tests/api/ libcore/harmony-tests/src/test/java/tests/api This is a minimal change that builds the entire test suite. Many tests don't pass yet, they will be fixed in follow ups. Notable tests that haven't been moved: - ExcludedProxyTest: Might make requests to (now defunct) external servers. All of this code is tested in okhttp. - URLClassLoaderTest: Has a dependency on jetty, tested in okhttp. Notable test cases that haven't been moved: - URLTest: overlap with okhttp, might make requests to external servers. - ServerSocketTest#test_init: Uses Support_execJava, which we don't support yet. Isn't testing anything useful. - FileTest#testDeleteOnExist: Uses Support_execJava which we don't support yet. This is a useful test and we must ressurect it if at all possible. bug: 11650799 Change-Id: Ib277eb0bad465ea72b090168490a1a633611b3f3
* | | resolved conflicts for merge of 8629cea4 to klp-dev-plus-aospAlex Klyubin2013-11-142-0/+161
|\ \ \ | |/ / |/| | | | | Change-Id: Ibd80c5f1a8b7b2fb7b4e77c40e5a0499effff6aa
| * | am 5ff3bc94: am 4c7d72a6: am fe1f3d77: am 11708986: am b00f46fc: am ↵Alex Klyubin2013-11-142-0/+161
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | 23b3ea3a: am e496d90d: am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev * commit '5ff3bc94bf2ec5bca48cb0027060df7fe4e48580': SSLEngine: Test that server params are verified
| | * \ am 4c7d72a6: am fe1f3d77: am 11708986: am b00f46fc: am 23b3ea3a: am ↵Alex Klyubin2013-11-142-0/+161
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | e496d90d: am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev * commit '4c7d72a663712343cbcffc2b45621f38f7e6cdbf': SSLEngine: Test that server params are verified
| | | * \ am fe1f3d77: am 11708986: am b00f46fc: am 23b3ea3a: am e496d90d: am ↵Alex Klyubin2013-11-142-0/+161
| | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev * commit 'fe1f3d7795d9a5bdef327bd7796004bff5da7dbf': SSLEngine: Test that server params are verified
| | | | * \ am 11708986: am b00f46fc: am 23b3ea3a: am e496d90d: am cef32f3b: Merge ↵Alex Klyubin2013-11-142-0/+161
| | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "SSLEngine: Test that server params are verified" into jb-dev * commit '11708986502da018afec813a9fd395b94003f160': SSLEngine: Test that server params are verified
| | | | | * \ am e496d90d: am cef32f3b: Merge "SSLEngine: Test that server params are ↵Alex Klyubin2013-11-142-0/+161
| | | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | verified" into jb-dev * commit 'e496d90d6275365187644c6673911908f880a0b6': SSLEngine: Test that server params are verified
| | | | | | * \ am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-devAlex Klyubin2013-11-142-0/+161
| | | | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'cef32f3bb2da07efc846cf5bcd7970a74a782657': SSLEngine: Test that server params are verified
| | | | | | | * | SSLEngine: Test that server params are verifiedAlex Klyubin2013-11-132-0/+161
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This CL adds tests that check that SSLEngine's handshake fails if the signature of server params in ServerKeyExchange does not verify. Bug: 11631299 Change-Id: I16dfa9c07a4f094adc17aadd6fb3fe9eac88103b
| | | | | | | * | Fix URLConnectionTest#test_getAllowUserInteraction.Elliott Hughes2012-07-242-13/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also improve the documentation, make it possible to run these tests individually outside of CTS with vogar, and remove a few more URLs of external web servers. We should clean up all tests to remove all reliance on external web servers. Bug: http://code.google.com/p/android/issues/detail?id=35400 (cherry-picked from 3827b65b1937acfbf3abbc449f8ba0ffc60f3cf3.) Conflicts: luni/src/test/java/org/apache/harmony/luni/tests/java/net/URLConnectionTest.java Change-Id: I4959fefa130290236533be72cce7c57b9ea1e296
| * | | | | | | | Move support library to a separate static libraryKenny Root2013-08-301-0/+45
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | frameworks/base/core/tests/coretests uses the libcore/support/* classes for SSL-based tests. Instead of including core-tests itself, we need to split out the support classes to its own library to keep frameworks tests below the dex method limit. (cherry picked from commit b397b19a825d69e9122f1241849db726abae5413) Bug: 10092469 Change-Id: Ib9b1dd60cb778dba79afcbe3001749d82afa99d2
* | | | | | | | Merge "Higher-level default configuration asserts for TLS/SSL primitives."Alex Klyubin2013-11-131-0/+202
|\ \ \ \ \ \ \ \ | |_|_|_|_|_|_|/ |/| | | | | | |
| * | | | | | | Higher-level default configuration asserts for TLS/SSL primitives.Alex Klyubin2013-11-081-0/+202
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds SSLDefaultConfigurationAsserts class that offers higher-level checks for each TLS/SSL primitive. The goals are: * check not only the cipher suites and protocols configured but also the configuration of child primitives (e.g, configuration of SSLSockets returned by SSLSocketFactory, or configuration of SSLSocketFactory returned by SSLContext). * hide the upcoming target API level dependent configuration checks from test classes. Bug: 11220570 Change-Id: Iec1476a1b2d132c984413754129adfcb671885fb
generated by cgit v1.1 at 2025-03-14 14:07:56 +0000