| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Change-Id: I89243efdeebe22543c45a2166b634f40c3e78cf8
|
| |
|
|
|
|
|
|
|
|
|
| |
This dramatically improves the runtime of these tests from a few
minutes to a few seconds.
Also update known failures to cover the new reasons why these
tests are failing.
Change-Id: I82b738f3f1fb24a08d334fa960153692a0c9144f
http://b/3474446
|
| |
|
|
| |
Change-Id: Ia3fee27c8f8ca38120eea3fc2582d3e1b2504cea
|
| |\
| |
| |
| | |
Change-Id: Ic6f0172767d6feedb188d3a5e7488a67702ef8c4
|
| | |
| |
| |
| | |
Change-Id: I2340a9dbad3561fa681a8ab47d4f406e72c913e3
|
| |\ \
| |/
| |
| |
| | |
* commit '4155a2498a57fb09e92815f8993a70c216ddc5ec':
Performance improvements to NativeCrypto based MessageDigest API
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
NativeCrypto API improvements:
- Move to using EVP_MD related native methods, some of which are derived
from the EVP_MD_CTX versions with similar name. The new
EVP_get_digestbyname allows one time lookup of the EVP_MD from the
string name, avoiding doing it on every call to EVP_DigestInit.
- EVP_MD_CTX_create is now removed, it is just done as part of
EVP_DigestInit and EVP_VerifyInit to an extra JNI call.
- EVP_DigestFinal now destroys the EVP_MD_CTX to avoid needing to make
another call JNI call to EVP_MD_CTX_destroy. EVP_MD_CTX_destroy is
kept for cases when EVP_DigestFinal is never called.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
In addition to the improved NativeCrypto API to allow better
performance for callers, the implementations use of
throwExceptionIfNecessary was made conditional based on the status
code from various operations, which had a noticeable impact on
performance compared to android.security.MessageDigest
luni/src/main/native/NativeCrypto.cpp
Updated MessageDigest.getInstance default implementation to use new
NativeCrypto API. An EVP_MD instance is looked up at class load time
for a specific digest type and then used to call
NativeCrypto.EVP_DigestInit as needed, avoiding a lookup of EVP_MD for
each new digest. The EVP_MD is also for a one-time lookup the digest
output size in bytes, to avoid native calls for
engineGetDigestLength. Finally, the creation of the EVP_MD_CTX is now
lazy, only created when needed, avoiding unnecessarily create/free in
reset cases such as engineDigest. See also external/bouncycastle's
OpenSSLDigest implementation which had similar optimizations.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLMessageDigestJDK.java
OpenSSLSignature also used EVP_MD_CTX_create, and its EVP_VerifyInit
was changed similar to EVP_DigestInit to internally allocate the
EVP_MD_CTX on the call to init.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignature.java
Fix test to work with arbitrary provider order
luni/src/test/java/org/apache/harmony/security/tests/java/security/MessageDigest2Test.java
Fix CloseGuard warnings
luni/src/test/java/tests/security/MessageDigestTest.java
Bug: 3392028
Change-Id: Idb266ebc0918ffd5550e0f457784256400cd2ff0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We used to include a full IP address parser and formatter. The
formatter handled one interesting case: a 2x length byte[]
containing both an IP route and mask. Although our code supported
parsing and formatting these, they do not occur in practice. The
Java APIs don't support NameConstraints, which is the only part of
the spec that uses them.
Change-Id: I7a4b22b40a37d6f26ec09fc5188ec1ba43e4d249
http://b/3385492
|
| |/
|
|
| |
Change-Id: I346aea42a27042512f4ed97690f1e0ca1755257c
|
| |
|
|
|
| |
Bug: 3086427
Change-Id: I026f80bfa5e963a8e988ecd6f91c9732a4afc70c
|
| |
|
|
|
|
| |
Issue: http://code.google.com/p/android/issues/detail?id=12955
Bug: 3381582
Change-Id: Ida63c1356634c8e287ce5b0234418a656dffedf0
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
While I'm here fix a MockWebServer bug I recently introduced
that broke cookie tests that needed to know port numbers before
responses were enqueued.
Change-Id: Idb2389ac5ed66656248c10aeb68209641acc0a68
http://b/3325637
|
| |/
|
|
| |
Change-Id: Ia1bac1abaa44c6341b00005a3142e87073b16bd6
|
| |
|
|
|
|
|
|
| |
This includes some changes to MockWebServer to make it stop
accepting connections as soon as its response queue is empty.
Change-Id: I5a6bcdf1c03d0c36b11552ae086d0dece0440f64
http://b/1158780
|
| |
|
|
|
| |
Bug: http://code.google.com/p/android/issues/detail?id=13898
Change-Id: I202a5404e7e828f074483a3f6365b4e3a941da7d
|
| |
|
|
|
| |
Change-Id: I5110d58d91e7c6f8f7553ad400f0bd841bcf07b6
http://b/2612240
|
| |\
| |
| |
| | |
Change-Id: Ifc2a4fd44cef525709a3b9dc0a502b1a0690c6fd
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
HostnameVerifier more than once
Summary:
In 2.3, HttpsURLConnection was change to retry TLS connections as SSL
connections w/o compression to deal with servers that are TLS
intolerant. However, if the handshake proceeded to the point of
invoking the X509TrustManager, we should not retry. Similarly, if we
should not invoke the HostnameVerifier repeatedly, and need to wait
until the SSL handshake has completed.
Tested with (includes two new tests for this issue):
libcore/luni/src/test/java/libcore/javax/net/ssl/
libcore/luni/src/test/java/libcore/java/net/URLConnectionTest.java
libcore/luni/src/test/java/org/apache/harmony/luni/tests/internal/net/www/protocol/https/HttpsURLConnectionTest.java
Details:
HttpConnection.setupSecureSocket has been broken into two
pieces. setupSecureSocket now just does the SSL
handshaking. verifySecureSocketHostname now does the
verification. The old HttpConnection code was careful never to
assign its sslSocket field until verification was complete. A new
unverifiedSocket field is added to store the sslSocket before
verification is completed by verifySecureSocketHostname.
luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java
HttpsEngine.makeConnection now skips TLS intolerant retry if the
reason for the makeSslConnection failure was a
CertificateException, since that implies that we failed during
certification validation after initial handshaking. We also
prevent retrying hostname verification by moving it out of
makeSslConnection and only doing it on new SSL connections,
tracking the changes to HttpConnection.setupSecureSocket mentioned
above. We also now skip the redundant call to setUpTransportIO in
makeSslConnection on reused SSLSockets.
luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/https/HttpsURLConnectionImpl.java
Instead of throwing away the underlying CertificateExceptions, set
them as the cause of the SSLExceptions. This is what the RI does
in the case of X509TrustManager failures and is now used by
HttpsEngine.makeConnection.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Added new testConnectViaHttpsToUntrustedServer which makes sure
that connections are not retried on certificate verification
failure.
luni/src/test/java/libcore/java/net/URLConnectionTest.java
Added new test_SSLSocket_untrustedServer that verifies that an
SSLHandshakeException is thown containing a CertificateException
is thrown on certificate verification problems.
luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
Added second test CA and a new TestKeyStore.getClientCA2 test key
store that does not trust the primary test key stores. This is
useful for negative testing and is used in the above two new
tests.
support/src/test/java/libcore/java/security/TestKeyStore.java
Issue: http://code.google.com/p/android/issues/detail?id=13178
Bug: 3292412
Change-Id: I37136bb65f04d2bceaf2f32f542d6432c8b76ad4
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV" is RFC 5746's renegotiation
indication signaling cipher suite value. It is not a real cipher
suite. It is just an indication in the default and supported cipher
suite lists indicates that the implementation supports secure
renegotiation.
In the RI, its presence means that the SCSV is sent in the cipher
suite list to indicate secure renegotiation support and its absence
means to send an empty TLS renegotiation info extension instead.
However, OpenSSL doesn't provide an API to give this level of control,
instead always sending the SCSV and always including the empty
renegotiation info if TLS is used (as opposed to SSL). So we simply
allow TLS_EMPTY_RENEGOTIATION_INFO_SCSV to be passed for compatibility
as to provide the hint that we support secure renegotiation.
Change-Id: I0850bea47568edcfb1f7df99d4e8a747f938406d
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Summary:
- Enable Elliptic Crypto support for OpenSSL based SSLSocket instances
- More RI compliant usage of key types, client auth types, and server auth types
- Steps toward TLS_EMPTY_RENEGOTIATION_INFO_SCSV support, currently test updates
Details:
Elliptic Curve changes
CipherSuite updates for EC
- Adding KEY_EXCHANGE_EC* and corresponding CipherSuites Updated
isAnonymous, getKeyType (now renamed getServerKeyType) to handle
new EC cases. Added new getAuthType for use by
checkServerTrusted callers.
- Restructured code to handle two SUITES_BY_CODE_* arrays
- Remove KEY_EXCHANGE_DH_* definitions which unused because the
corresponding CipherSuites were previously disabled.
- Changed AES CipherSuites definitions to use "_CBC" to match other definitions.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
openssl EC
- NativeCrypto now registers TLS_EC_* cipher suites and has update default list
- Improved auth type arguments to checkClientTrusted/checkServerTrusted
- NativeCrypto support for emphemeral EC keys
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
luni/src/main/native/NativeCrypto.cpp
non-openssl SSL/TLS cleanups
- cleanup around code trying to cope with DiffieHellman vs DH since either should work.
- changed client to use new CipherSuite.getAuthType shared with NativeCrypto implementation
- changed server to use CipherSuite.getKeyType
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
Consolidate CertificateRequestType code into CipherSuite so that its
shared between java and openssl implementations. This includes the
KEY_TYPE_ string constants, TLS_CT_* byte constants and the 'String
keyType(byte)' (now renamed getClientKeyType) code that depends on them.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
Tests
Differentiate between supported list of cipher suites openssl-based
SSLSocket and SSLEngine based, since the SSLEngine code does not support EC.
luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
Added testing for expected default cipher suites. Before we just ensured the values were valid.
luni/src/test/java/libcore/javax/net/ssl/SSLSocketFactoryTest.java
support/src/test/java/libcore/java/security/StandardNames.java
Updated to handle new EC cipher suites codes. Added test for new getClientKeyType.
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/CipherSuiteTest.java
Better use of "standard names" particularly to correctly deal with
the subtle differences between key types, client auth types, and
server auth types. TestKeyManager and TestTrustManager now verify
the values they are passed are acceptable.
support/src/test/java/libcore/java/security/StandardNames.java
support/src/test/java/libcore/javax/net/ssl/TestKeyManager.java
support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java
Changed to timeout after 30 seconds and to log to reveal both client and server issues.
support/src/test/java/libcore/javax/net/ssl/TestSSLSocketPair.java
Bug: 3058375
Change-Id: I14d1d0285d591c99cc211324f3595a5be682cab1
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix KxmlParser to capture the DTD's root element name, system ID and
public ID. This is more robust than capturing the same in the pull-to-DOM
adapter.
Fix close guard warnings in XML tests. Close input streams of resource
files. Don't catch exceptions only to call fail().
http://b/3090550
Change-Id: I7cfafde58cc28af79c48386a4d124803c8791328
|
| |\ \
| | |
| | |
| | |
| | | |
* commit '6c78b7b94c232063ec559436b48b33751373ecf1':
Toward EC TLS support
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Summary:
- javax.net.ssl tests are now working on the RI
- KeyManager can now handle EC_EC and EC_RSA
- OpenSSLSocketImpl.startHandshake now works if KeyManager contains EC certificates
Details:
Add CipherSuite.getKeyType to provide X509KeyManager key type strings,
refactored from OpenSSLServerSocketImpl.checkEnabledCipherSuites.
getKeyType is now also used in OpenSSLSocketImpl.startHandshake to
avoid calling setCertificate for unnecessary key types.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
New CipherSuiteTest to cover new getKeyType as well as existing functionality
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/CipherSuiteTest.java
Add support to KeyManager implementation for key types of the form
EC_EC and EC_RSA. The first part implies the KeyPair algorithm (EC in
these new key types) with a potentially different signature algorithm
(EC vs RSA in these)
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java
Update NativeCrypto.keyType to support EC_EC and EC_RSA in addition to
EC which was added earlier. Change from array of KEY_TYPES to named
KEY_TYPE_* constants.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
Overhauled KeyManagerFactoryTest to cover EC, EC_EC, EC_RSA cases
luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java
support/src/test/java/libcore/java/security/StandardNames.java
Changed TestKeyStore.createKeyStore from always using BKS to now use
JKS on the RI between BC EC Keys and RI X509 certificates. Because JKS
requires a password, we now default "password" on the RI.
support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java
support/src/test/java/libcore/java/security/StandardNames.java
TestKeyStore.create now accepts key types like EC_RSA. Changed
TestKeyStore.createKeys to allow a PrivateKeyEntry to be specified for
signing to enable creation of EC_RSA test certificate. Added
getRootCertificate/rootCertificate to allow lookup of PrivateKeyEntry
for signing. Changed TestKeyStore.getPrivateKey to take explicit
signature algorithm to retrieve EC_EC vs EC_RSA entries.
support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java
luni/src/test/java/libcore/java/security/cert/PKIXParametersTest.java
luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
support/src/test/java/libcore/java/security/StandardNames.java
Added support for EC cipher suites on the RI. Also test with and
without new TLS_EMPTY_RENEGOTIATION_INFO_SCSV cipher suite which is
used to specify the new TLS secure renegotiation.
luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
support/src/test/java/libcore/java/security/StandardNames.java
New TestKeyManager and additional logging in TestTrustManager. Logging
in both is disabled by default using DevNullPrintStream.
support/src/test/java/libcore/javax/net/ssl/TestKeyManager.java
support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java
support/src/test/java/libcore/java/io/DevNullPrintStream.java
Bug: 3058375
Change-Id: Ia5e2a00a025858e10d1076b900886994b481e05a
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* commit '57f2cc03ff2cf5d2f6413c5410680b4908d7301d':
Test updates for Elliptic Curve
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Updated with Elliptic Curve (EC) (and SunPKCS11-NSS) names for use by ProviderTest
support/src/test/java/libcore/java/security/StandardNames.java
Enhance test_KeyStore_cacerts_bks to verify PublicKey can be
retreived. Before this the test would pass even though an
ECPublicKey could not be accessed. With EC support in
external/bouncycastle, this test now passes.
luni/src/test/java/libcore/java/security/KeyStoreTest.java
New SignatureTest to cover ECDSA, replaces the old one that
required a subclass per tested algorithm.
luni/src/test/java/libcore/java/security/SignatureTest.java
support/src/test/java/tests/security/SignatureTest.java
luni/src/test/java/tests/targets/security/SignatureTestMD5withRSA.java
luni/src/test/java/tests/targets/security/SignatureTestNONEwithDSA.java
luni/src/test/java/tests/targets/security/SignatureTestSHA1withDSA.java
luni/src/test/java/tests/targets/security/SignatureTestSHA1withRSA.java
luni/src/test/java/tests/targets/security/SignatureTestSHA256withRSA.java
luni/src/test/java/tests/targets/security/SignatureTestSHA384withRSA.java
luni/src/test/java/tests/targets/security/SignatureTestSHA512withRSA.java
luni/src/test/java/tests/targets/security/AllTests.java
Improve ProviderTest logging while debugging SunPKCS11-NSS
provider issues. Added some exceptions for RI missing classes.
luni/src/test/java/libcore/java/security/ProviderTest.java
Changed style slightly to match KeyPairGeneratorTest, where +N is
used to indicated when multiples of a increments of a certain
amount are required for valid key sizes.
luni/src/test/java/libcore/javax/crypto/KeyGeneratorTest.java
Fix test CloseGuard issues
luni/src/test/java/libcore/java/security/KeyStoreTest.java
Fix readability
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
Bug: 3058375
Change-Id: I99cd93ad66372e8512d993168550cc1d471d3248
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
No more flaky use of 10.* addresses.
Bug: 3044772
Change-Id: I5ca8dc431b50950efdc818efe73eb9aba76ea67f
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
OpenSSLSocketImpl close fix, and debugging improvements
* commit '8a720cceee7ce319d647738dfeda3f302879f370':
TrustManager should include PrivateKeyEntry CAs, OpenSSLSocketImpl close fix, and debugging improvements
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
fix, and debugging improvements
Revert to older behavior of creating TrustAnchors from both
PrivateKeyEntry and TrustedCertificateEntry values from the
KeyStore. Added tests to better ensure this slighlt different
behavior from PKIXParameters. Also create the acceptedIssuers
proactively since the real memory cost is the X509Certificates
which are already found in the params.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java
luni/src/test/java/libcore/java/security/cert/PKIXParametersTest.java
Don't just free native state on issue with startHandshake, close
the SSLSocket. While the former addressed a CloseGuard issue, the
latter make sure that checkOpen throws SocketExceptions and we don't
leak a NullPointerException from NativeCrypto.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Debugging improvements including minor refinements to recently
added NativeCrypto logging, more verbose TestKeyStore.dump output,
and a new TestTrustManager proxy class for logging X509TrustManager
behavior.
luni/src/main/native/NativeCrypto.cpp
support/src/test/java/libcore/java/security/TestKeyStore.java
support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java
Change-Id: I317e1ca34d8e20c77e5cb9c5a5a58cb4ae98d829
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1. Ensure that there's a direct mapping from the class to its test,
so we're more likely to run the right tests. I've broken GzipTest
into two for this.
2. Include actual data rather than always round-tripping, to avoid
potential symmetric errors. (This wasn't important in this case.)
3. Remove a dead file that belonged to a test that's already been
removed.
Bug: 3164285
Change-Id: I312237454eead26d0dbbdb8f6339aa29ed8eea4e
|
| |\ \
| | |
| | |
| | | |
Change-Id: I0319c132ec8f42782475906da267439938308e77
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Overhaul of TrustManagerImpl
- PKIXParameters can now be final in TrustManagerImpl because we
always immediately create an IndexedPKIXParameters instead of only
doing it in SSLParametersImpl.createDefaultTrustManager.
- Use new KeyStore constructor for IndexedPKIXParameters to remove
duplicate logic for creating set of TrustAnchors from a KeyStore.
- Improved checkTrusted/cleanupCertChain to remove special cases for
directly trusting the end cert or pruning only self signed certs. To
support b/2530852, we need to stop prune the chain as soon as we
find any trust anchor (using newly improved
TrustManagerImpl.isTrustAnchor), which could be at the beginning,
middle, or end. That means cleanupCertChain can return an empty
chain if everything was trusted directly. (and we don't need to do
extra checks on exception cases to see if the problem was just that
the trust anchor was in the chain)
- isDirectlyTrusted -> isTrustAnchor here as well, using new
IndexedPKIXParameters.isTrustAnchor APIs
- Fix incorrect assumption in getAcceptedIssuers that all TrustAnchor
instances have non-null results for getTrustedCert.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Removed indexing in createDefaultTrustManager since we always index now
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java
Overhaul of IndexedPKIXParameters
- Single map from subject X500Principal to TrustAnchors
instead of two different X500Principal keyed maps to check
- Removed map based on encoded cert. For b/2530852, we want to treat
certs as equal if they have the same name and public key, not
byte-for-byte equality, which can be done with the remaining map.
Revamped isDirectlyTrusted into isTrustAnchor(cert) to perform this
new name/key based comparison.
- Added helper isTrustAnchor(cert, anchors) to reuse code in
non-IndexedPKIXParameters case in TrustManagerImpl.
- Added constructor from KeyStore
- Moved anchor indexing code to index() from old constructor
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java
TestKeyStore.getPrivateKey allowed some existing test simplification.
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
support/src/test/java/libcore/java/security/TestKeyStore.java
Added missing "fail()" before catching expected exceptions.
luni/src/test/java/libcore/java/security/KeyStoreTest.java
Expanded KeyManagerFactoryTest to excercise ManagerFactoryParameters b/1628001
luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java
Added KeyStoreBuilderParametersTest because I thought I saw a bug in
KeyStoreBuilderParameters, but this convinced me otherwise.
luni/src/test/java/libcore/javax/net/ssl/KeyStoreBuilderParametersTest.java
New TrustManagerFactory test modeled on expanded KeyManagerFactoryTest.
test_TrustManagerFactory_intermediate specifically is targeting the
new functionality of b/2530852 to handling trust anchors within the
chain.
luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java
support/src/test/java/libcore/java/security/StandardNames.java
Some initial on tests for Elliptic Curve (b/3058375) after the RI
started reporting it was supported. Removed old @KnownFailure
tags. Skipped a test on the RI that it can't handle. Improved some
assert messages.
luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
support/src/test/java/libcore/java/security/StandardNames.java
support/src/test/java/libcore/java/security/TestKeyStore.java
Removed unneeded bytes->javax->bytes->java case of which can just go bytes->java directly.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Removed super()
luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java
Made Security.secprops final
luni/src/main/java/java/security/Security.java
Pulled SamplingProfiler fix from dalvik-dev branch
git cherry-pick --no-commit f9dc3450e8f23cab91efc9df99bb860221ac3d6c
dalvik/src/main/java/dalvik/system/SamplingProfiler.java
Bug: 2530852
Change-Id: I95e0c7ee6a2f66b6986b3a9da9583d1ae52f94dd
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
tested a test support class.
* commit '9103cc15655ac1b6ec1a9f3af12f57df47ca0073':
Remove a pointless test, which just tested a test support class.
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | | |
support class.
* commit '47d9451154a9eed03ae5d51b384547a292cc6759':
Remove a pointless test, which just tested a test support class.
|
| | | |
| | |
| | |
| | | |
Change-Id: Ifef2b25500474f7e3b18ff97e7831717f2c9b391
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes several specific problems:
- HTTP header map didn't contain the status line (under the null key)
- response code, message and version weren't set by caches
- caches didn't work with redirects
This change also makes some significant cleanup to the Headers class.
We might be able to simplify this further by dropping the map, should
that prove efficient enough.
Change-Id: Ib79ec17bef5978b3234f68102114eee7d4b7cda2
http://b/3139211
http://b/3139211
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously it would fail with an internal error because of
inconsistencies because HttpURLConnectionImpl claimed to be
'connected' when it had a cache hit, and HttpsURLConnection
acted upon this by talking to its sockets.
Change-Id: I51f4215ceb9c5fd851223a501488306fa6d382b1
http://b/3043966
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Hudson was complaining with this exception:
java.util.ConcurrentModificationException
at java.util.ArrayList$ArrayListIterator.next(ArrayList.java:576)
at libcore.dalvik.system.CloseGuardTester.assertEverythingWasClosed(CloseGuardTester.java:59)
at libcore.java.lang.ProcessBuilderTest.testDestroyDoesNotLeak(ProcessBuilderTest.java:91)
Change-Id: Ie6be12186c94e14ba4d5df8a392144269abb598b
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is consistent with the RI's behavior. I can't come up with
a reasonable approach to closing these streams if they are never
requested; that's presumably a finalizer problem anyway because
only the finalizer knows that the streams won't be needed.
This change also adds test infrastructure around CloseGuard.
My approach hooks into the logger rather than reflection because
I can't be sure where the CloseGuard instance would be in the
object hierarchy. This approach also degrades reasonably when
run on the reference implementation (where it passes).
Change-Id: I08e882494d69d4245e40fb1035edbc6d3df23fbc
http://b/3111120
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
SecretKeyFactory.PBKDF2WithHmacSHA1 support" into gingerbread
Merge commit '8a81dbf2f44e9b6af155dc918945174f07dad7b9' into dalvik-dev
* commit '8a81dbf2f44e9b6af155dc918945174f07dad7b9':
Test updates for new SecretKeyFactory.PBKDF2WithHmacSHA1 support
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
SecretKeyFactory.PBKDF2WithHmacSHA1 support" into gingerbread
Merge commit '1d2861f436ccf4017c45ee3be2fce8dcd0d6859b'
* commit '1d2861f436ccf4017c45ee3be2fce8dcd0d6859b':
Test updates for new SecretKeyFactory.PBKDF2WithHmacSHA1 support
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Bug: 3059950
Change-Id: I24546cb9e38b17ea615e36de3606ec6d373df594
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Introducing CloseGuard which warns when resources are implictly
cleaned up by finalizers when an explicit termination method, to use
the Effective Java "Issue 7: Avoid finalizers" terminology, should
have been used by the caller.
libcore classes that can use CloseGuard now do so.
Bug: 3041575
Change-Id: I4a4e3554addaf3075c823feb0a0ff0ad1c1f6196
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| | |
CertPathBuilder1Test and CertPathTest" into gingerbread
Merge commit '65eee03bc90772ba766348ac4be4927959314c80'
* commit '65eee03bc90772ba766348ac4be4927959314c80':
Update TestUtils certificates to fix CertPathBuilder1Test and CertPathTest
|
| | |
| |
| |
| |
| | |
Bug: 2322662
Change-Id: I8ad9a91f4095807bd710045eef3a97a86b560f49
|
| |\ \
| |/
| |
| | |
Change-Id: Ie38e3b5aafd43844afec93e2c6387a81b2bc9fb2
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | | |
Change-Id: I6f5bfad6f861eb7b398ed7d86747d66cea4f2343
http://b/issue?id=2660429
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
from URLConnectionTest.
Merge commit '82e18c5adf0c19c8a937cef51621ae655f7824ea' into dalvik-dev
* commit '82e18c5adf0c19c8a937cef51621ae655f7824ea':
Strip usage of the term 'localhost' from URLConnectionTest.
|
