summaryrefslogtreecommitdiffstats
path: root/support
Commit message (Collapse)AuthorAgeFilesLines
* Delete Support_PortManager & OldDatagramSocketTestNarayan Kamath2014-01-061-105/+0
| | | | | | | | | | | | | Support_PortManager didn't really work, so rewrite all tests that use it. Also, dedup OldDatagramSocketTest with the harmony DatagramSocketTest. Fix various broken test cases and terribly written tests. bug: 11689863 Change-Id: I4efb9e02eb88517273fff50a0dec1d0262feafb2
* Disable MD5 cipher suites in SSLSocket and SSLEngine.Alex Klyubin2013-12-191-3/+1
| | | | | | | | | | | Although HMAC-MD5 is not yet broken, the foundations are shaky -- see http://tools.ietf.org/html/rfc6151. Scans show that disabling these TLS/SSL cipher suites currently causes handshake issues with 0.4% of the ecosystem. Bug: 11220570 Change-Id: I1970d2ecbdf3c0d26e45d439047b1d3884ade2ec
* Actually prefer Forward Secrecy cipher suites.Alex Klyubin2013-12-181-2/+2
| | | | | | | | | | | The documentation for the list of TLS/SSL cipher suites used by default states that cipher suites offering Forward Secrecy are preferred. This CL adjusts the list to conform: FS cipher suites that use RC4_128 bulk encryption algorithm were not preferred over non-FS cipher suites that use AES. Bug: 11220570 Change-Id: Ic9019306898600086920874474764186b710c3ef
* Assert static key ECDH disallowed in default cipher suites.Alex Klyubin2013-12-181-4/+2
| | | | | | | | | This is a follow-up to 5b15ad6b3d508a97d1cd23667afaee8c55072718 which removed static key ECDH cipher suites from the default list, but where the list of permitted key exchanges wasn't updated. Bug: 11220570 Change-Id: I319e21bf4475ddb9e6262b41dda99f5e33b1816f
* Disable 3DES cipher suites in SSLSocket.Alex Klyubin2013-12-181-6/+0
| | | | | | | | | | | The effective key length for 3DES_EDE bulk encryption algorithm is only 112 bits. We're now aiming for 128 and higher. Scans show that removing these cipher suites from the default list causes handshake issues only with 0.15% of the ecosystem. Bug: 11220570 Change-Id: Ie01ebe8134d08a36b276295b804540157963be8f
* Disable static server key ECDH cipher suites in SSLSocket.Alex Klyubin2013-12-171-8/+0
| | | | | | | | | | | | | | These cipher suites use a static key for ECDH on the server side. When client certificates are used, a static key is also used on the client side, leading to the same premaster secret for all connections between a particular client and server. Also, these cipher suites do not provide forward secrecy. Scans show that removing these cipher suites from the default list does not affect connectivity to servers and is thus safe. Bug: 11220570 Change-Id: If34f4a3888ed9972c39d171656a85c61dfa98ea1
* Enable AES-GCM cipher suites by default in SSLSocket.Alex Klyubin2013-12-171-3/+15
| | | | | | | | AES-GCM is preferred to AES-CBC whose MAC-pad-then-encrypt approach has issues (e.g., Lucky 13 attack). Bug: 11220570 Change-Id: Ib007bc89ccf08358ed3f093f630350fa859e7c35
* Enable support for TLSv1.2 cipher suites in SSLSocket.Alex Klyubin2013-12-171-23/+41
| | | | | | | | This adds support for AES-GCM and AES-CBC with MACs based on SHA256 and SHA384. Bug: 11220570 Change-Id: I56e7e25c5cd65a4c7662da6d4bbe5720f427e677
* Enable TLSv1.1 and TLSv1.2 by default for SSLSocket.Alex Klyubin2013-12-161-1/+3
| | | | | | | | | | | | | | | | | | | | | TLSv1.1 and TLSv1.2 offer built-in protection against BEAST attack and support for GCM cipher suites. This change causes TLS/SSL handshake failures with a small fraction of servers, load balancers and TLS/SSL accelerators with broken TLS/SSL implementations. Scans demonstrate that the number is around 0.6%. Breaking connectivity (using platform default settings) to a tiny minority of the ecosystem is acceptable because this inconvenience is outweighed by the added safety for the overwheling majority of the ecosystem. App developers affected by this issue should consider asking such servers to be fixed or explicitly disabling TLSv1.1 and TLSv1.2 in their apps. Bug: 11220570 Change-Id: Ice9e8ce550401ba5e3385fd369c40f01c06ac7fd
* Remove HarmonyJSSE SSLContext, SSLSocket and SSLServerSocket.Alex Klyubin2013-12-161-11/+5
| | | | Change-Id: I3c939e9275ba8f1d00342d1f83c6fdaf110f2317
* CipherTest: add support for GCM cipherKenny Root2013-12-131-0/+2
| | | | Change-Id: I4b5a5123977a1df152f097e2c7ed86cf7dbcfe9e
* Javadoc the default configuration of SSLEngine.Alex Klyubin2013-12-121-2/+4
| | | | | | | | The Javadoc of javax.net.ssl.SSLEngine now lists the protocols and cipher suites supported and enabled by default. Bug: 11220570 Change-Id: I6e365d58bfe2ddf60bae9dc7ccd0a33249e9e125
* Javadoc the default configuration of SSLSocket.Alex Klyubin2013-12-111-1/+4
| | | | | | | | The Javadoc of javax.net.ssl.SSLSocket now lists the protocols and cipher suites supported and enabled by default. Bug: 11220570 Change-Id: I3b6a96a86618370a55abf3307cbaadd1a1587066
* am 439113b7: Merge "Import resources, fix JarURLConnectionTest."Narayan Kamath2013-11-151-0/+0
|\ | | | | | | | | * commit '439113b7577fa3ed7c974fe158034649551130c4': Import resources, fix JarURLConnectionTest.
| * Merge "Import resources, fix JarURLConnectionTest."Narayan Kamath2013-11-151-0/+0
| |\
| | * Import resources, fix JarURLConnectionTest.Narayan Kamath2013-11-141-0/+0
| | | | | | | | | | | | | | | | | | The test case with the escaped URL still fails. Change-Id: Iae3a58fea800d8b981cb09474d1fa77b7c361e4e
* | | am ebf160a0: Merge "Add serialization golden files, fix tests."Narayan Kamath2013-11-152-43/+5
|\ \ \ | |/ / | | | | | | | | | * commit 'ebf160a0a41f2ea819b5c5c2e33199c098312941': Add serialization golden files, fix tests.
| * | Merge "Add serialization golden files, fix tests."Narayan Kamath2013-11-152-43/+5
| |\ \
| | * | Add serialization golden files, fix tests.Narayan Kamath2013-11-132-43/+5
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | - Moves a few golden files from luni/ to harmony-tests/ - Delete dead code in SerializationTester - Fix a bug in SerializationTest (not sure how this ever worked for resources with "." in their name) Change-Id: Ia5b1376f4ada9b9c706a266ae077debeea5b1f29
* | | am 4cac31eb: Merge "Add untracked harmony tests."Narayan Kamath2013-11-1522-0/+1668
|\ \ \ | |/ / | | | | | | | | | * commit '4cac31eba78e0002e19dae81443f664c66d83340': Add untracked harmony tests.
| * | Merge "Add untracked harmony tests."Narayan Kamath2013-11-1522-0/+1668
| |\ \ | | |/
| | * Add untracked harmony tests.Narayan Kamath2013-11-1322-0/+1668
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This has been deduped against : libcore/luni/src/test/java/org/apache/harmony/luni/tests libcore/luni/src/test/java/tests/api/ libcore/harmony-tests/src/test/java/tests/api This is a minimal change that builds the entire test suite. Many tests don't pass yet, they will be fixed in follow ups. Notable tests that haven't been moved: - ExcludedProxyTest: Might make requests to (now defunct) external servers. All of this code is tested in okhttp. - URLClassLoaderTest: Has a dependency on jetty, tested in okhttp. Notable test cases that haven't been moved: - URLTest: overlap with okhttp, might make requests to external servers. - ServerSocketTest#test_init: Uses Support_execJava, which we don't support yet. Isn't testing anything useful. - FileTest#testDeleteOnExist: Uses Support_execJava which we don't support yet. This is a useful test and we must ressurect it if at all possible. bug: 11650799 Change-Id: Ib277eb0bad465ea72b090168490a1a633611b3f3
* | | resolved conflicts for merge of 8629cea4 to klp-dev-plus-aospAlex Klyubin2013-11-142-0/+161
|\ \ \ | |/ / |/| | | | | Change-Id: Ibd80c5f1a8b7b2fb7b4e77c40e5a0499effff6aa
| * | am 5ff3bc94: am 4c7d72a6: am fe1f3d77: am 11708986: am b00f46fc: am ↵Alex Klyubin2013-11-142-0/+161
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | 23b3ea3a: am e496d90d: am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev * commit '5ff3bc94bf2ec5bca48cb0027060df7fe4e48580': SSLEngine: Test that server params are verified
| | * \ am 4c7d72a6: am fe1f3d77: am 11708986: am b00f46fc: am 23b3ea3a: am ↵Alex Klyubin2013-11-142-0/+161
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | e496d90d: am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev * commit '4c7d72a663712343cbcffc2b45621f38f7e6cdbf': SSLEngine: Test that server params are verified
| | | * \ am fe1f3d77: am 11708986: am b00f46fc: am 23b3ea3a: am e496d90d: am ↵Alex Klyubin2013-11-142-0/+161
| | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev * commit 'fe1f3d7795d9a5bdef327bd7796004bff5da7dbf': SSLEngine: Test that server params are verified
| | | | * \ am 11708986: am b00f46fc: am 23b3ea3a: am e496d90d: am cef32f3b: Merge ↵Alex Klyubin2013-11-142-0/+161
| | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "SSLEngine: Test that server params are verified" into jb-dev * commit '11708986502da018afec813a9fd395b94003f160': SSLEngine: Test that server params are verified
| | | | | * \ am e496d90d: am cef32f3b: Merge "SSLEngine: Test that server params are ↵Alex Klyubin2013-11-142-0/+161
| | | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | verified" into jb-dev * commit 'e496d90d6275365187644c6673911908f880a0b6': SSLEngine: Test that server params are verified
| | | | | | * \ am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-devAlex Klyubin2013-11-142-0/+161
| | | | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'cef32f3bb2da07efc846cf5bcd7970a74a782657': SSLEngine: Test that server params are verified
| | | | | | | * | SSLEngine: Test that server params are verifiedAlex Klyubin2013-11-132-0/+161
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This CL adds tests that check that SSLEngine's handshake fails if the signature of server params in ServerKeyExchange does not verify. Bug: 11631299 Change-Id: I16dfa9c07a4f094adc17aadd6fb3fe9eac88103b
| | | | | | | * | Fix URLConnectionTest#test_getAllowUserInteraction.Elliott Hughes2012-07-242-13/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also improve the documentation, make it possible to run these tests individually outside of CTS with vogar, and remove a few more URLs of external web servers. We should clean up all tests to remove all reliance on external web servers. Bug: http://code.google.com/p/android/issues/detail?id=35400 (cherry-picked from 3827b65b1937acfbf3abbc449f8ba0ffc60f3cf3.) Conflicts: luni/src/test/java/org/apache/harmony/luni/tests/java/net/URLConnectionTest.java Change-Id: I4959fefa130290236533be72cce7c57b9ea1e296
| * | | | | | | | Move support library to a separate static libraryKenny Root2013-08-301-0/+45
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | frameworks/base/core/tests/coretests uses the libcore/support/* classes for SSL-based tests. Instead of including core-tests itself, we need to split out the support classes to its own library to keep frameworks tests below the dex method limit. (cherry picked from commit b397b19a825d69e9122f1241849db726abae5413) Bug: 10092469 Change-Id: Ib9b1dd60cb778dba79afcbe3001749d82afa99d2
* | | | | | | | Merge "Higher-level default configuration asserts for TLS/SSL primitives."Alex Klyubin2013-11-131-0/+202
|\ \ \ \ \ \ \ \ | |_|_|_|_|_|_|/ |/| | | | | | |
| * | | | | | | Higher-level default configuration asserts for TLS/SSL primitives.Alex Klyubin2013-11-081-0/+202
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds SSLDefaultConfigurationAsserts class that offers higher-level checks for each TLS/SSL primitive. The goals are: * check not only the cipher suites and protocols configured but also the configuration of child primitives (e.g, configuration of SSLSockets returned by SSLSocketFactory, or configuration of SSLSocketFactory returned by SSLContext). * hide the upcoming target API level dependent configuration checks from test classes. Bug: 11220570 Change-Id: Iec1476a1b2d132c984413754129adfcb671885fb
* | | | | | | | Merge "Deprioritize HMAC-MD5 in default TLS/SSL cipher suites."Alex Klyubin2013-11-081-1/+1
|\ \ \ \ \ \ \ \
| * | | | | | | | Deprioritize HMAC-MD5 in default TLS/SSL cipher suites.Alex Klyubin2013-11-071-1/+1
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Although HMAC-MD5 is not yet broken, the foundations are now much more shaky that those of HMAC-SHA. See http://tools.ietf.org/html/rfc6151. Bug: 11220570 Change-Id: I2a2fe4d427650081637efc14fd7c427a33cbea7e
* | | | | | | | Add a second intermediate test CA.William Luh2013-11-081-0/+16
|/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (cherry picked from commit 1295a430f883ab592fd3bd4a7cf950241ad22fcd) Change-Id: I732e7727c0de572f637d4c436094fec7583baf14
* | | | | | | Prefer Forward Secrecy TLS/SSL cipher suites by default.Alex Klyubin2013-11-071-14/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This modifies the list of TLS/SSL cipher suites used by default to prefer those offering Forward Secrecy (FS) -- ECDHE and DHE. Bug: 11220570 Change-Id: I20f635d11e937d64de4f4e2fea34e1c5ea7a67ac
* | | | | | | Deprioritize RC4-based TLS/SSL cipher suites.Alex Klyubin2013-11-071-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that BEAST and Lucky13 mitigations are enabled, it is prudent to prefer AES CBC cipher suites over RC4 ones (see http://www.isg.rhul.ac.uk/tls/). Bug: 11220570 Change-Id: I52b9724700fd8eaeebbadcfa518a96823a1410b8
* | | | | | | Exact asserts for TLS/SSL protocols used by default.Alex Klyubin2013-11-041-2/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, assertions about the list of protocols used by default by TLS/SSL primitives were checking that all of the protocols are supported, but were not checking that the list was exactly as expected. This CL adjusts the assertions to check that all of the expected protocols are listed and that no other protocols are listed. Three assert methods are added, corresponding to the three concentually different lists: client-side (e.g., SSLSocket), server-side (SSLServerSocket), and SSLEngine which currently does not switch lists based on whether it's in client or server mode. Bug: 11220570 Change-Id: Ib6b56c2372d76f94f254481aa01d29d2d03a085f
* | | | | | | Exact check for cipher suites used by SSLEngine by default.Alex Klyubin2013-11-011-1/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous assertion was only checking that all the default cipher suites are supported by SSLEngine. Bug: 11220570 Change-Id: I7c57c11e69fac7a532f890d242ac1ee4d1c64262
* | | | | | | Refactor TLS/SSL cipher suite and protocol assertions.Alex Klyubin2013-10-311-0/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This hides expected lists of cipher suites and protocols from the users of assertion methods to: * enable targetSdkVersion-dependent behavior, and * centralize the definition of expected behavior in StandardNames. Bug: 11220570 Change-Id: I8b43196b24f02e10010223aa6738a9ce0df24333
* | | | | | | Do not use short-keyed TLS/SSL cipher suites by default.Alex Klyubin2013-10-281-8/+73
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes TLS/SSL cipher suites with bulk cipher secret keys shorter than 80 bits from the list of cipher suites used by default. Bug: 11220570 Change-Id: I04e30f6d634801b36018fecc8f2b257fc6b7adfc
* | | | | | | JarUtils: try using the DigestEncryptionAlgorithmKenny Root2013-10-091-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The original code tried getting an instance of the DigestAlgorithm by itself as a Signature type. This appears meant to be the DigestEncryptionAlgorithm by itself. Algorithms such as SHA256withECDSA have their own OID. Change-Id: I9384127bb026c8a5d3956095a9880427ead366b4
* | | | | | | Conscrypt: add SHA-224 with testsKenny Root2013-09-261-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SHA-224 has made a comeback in the latest StandardNames documentation. This change adds tests for SHA-224 and also Conscrypt providers for things we have code paths to support. Change-Id: I8c200082ff76ee4ae38b6efaa16e6741b33b7f5b
* | | | | | | Remove BC workaround in TestKeyStoreKenny Root2013-09-131-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At one point in time, BC had a bug where it couldn't work with other EC keys. This has since been fixed, so this workaround is no longer needed. Change-Id: I0fb3f4d207fb5093e3bd1e1256cc3e165ecae8b0
* | | | | | | Move support library to a separate static libraryKenny Root2013-08-291-0/+45
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | frameworks/base/core/tests/coretests uses the libcore/support/* classes for SSL-based tests. Instead of including core-tests itself, we need to split out the support classes to its own library to keep frameworks tests below the dex method limit. Change-Id: Ic11dbd1c6f897af10c6cfe47efb977018ef2ad9a
* | | | | | If libcore wants ASCII casing, it needs to ask for it like everyone else.Elliott Hughes2013-08-022-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | http://elliotth.blogspot.com/2012/01/beware-convenience-methods.html Bug: https://code.google.com/p/android/issues/detail?id=58359 Change-Id: I597b2ac940f17b5b2bc176e390dc4b63fe0a4e72
* | | | | | am be240e13: Merge "Remove the isLocaleAvailable hacks."Elliott Hughes2013-07-242-66/+18
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'be240e1324314cbf1d8edaee7ce561b028e1ed2e': Remove the isLocaleAvailable hacks.
| * | | | | | Remove the isLocaleAvailable hacks.Elliott Hughes2013-07-232-66/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I17596301630f6c8d98c4415fe358f4fffb47b2d4
generated by cgit v1.1 at 2025-02-03 09:06:24 +0000