fb0ec0e650bf8be35acb0d47da0311a7c446aa33 |
|
14-Jan-2011 |
Elliott Hughes <enh@google.com> |
Remove useless android-changed comments. I've changed useful ones to regular comments or TODOs, as appropriate. I've left ones in code like java.util.concurrent where we really are tracking an upstream source, making the change markers useful. I've left a handful of others where I intend to actually investigate the implied TODOs before deciding how to resolve them. Change-Id: Iaf71059b818596351cf8ee5a3cf3c85586051fa6
|
6812a2e8bb43d9a875633a9ba255d9882c63e327 |
|
14-Sep-2010 |
Brian Carlstrom <bdc@google.com> |
Rename internal SSLParameters to SSLParametersImpl to avoid collision with new javax.net.ssl.SSLParameters Bug: 2672817 Change-Id: Iadf21b848eaf8850fce22721b9ba3739ab2e9fca
|
ca99759b4f2aac2f796b430b74a8d3caff9d484a |
|
14-Sep-2010 |
Brian Carlstrom <bdc@google.com> |
Remove SSLContextImpl.engineInit(..) that takes persistent cache arguments Bug: 2672817 Change-Id: I201815857e4452498c746139b8d64b7721bc22cc
|
059dbc04218144f985b20a228bbe98139d400d0c |
|
08-Jul-2010 |
Brian Carlstrom <bdc@google.com> |
Improved client certificate and certificate chain support Summary: - openssl: add openssl support for specifying per key certificate chains - libcore: properly implement client certificate request call back - libcore: properly implement sending certificate chain - libcore: properly implement retreiving local certificate chain - libcore: added an SSLContext for non-OpenSSL SSLSocket creation Details: external/openssl Improve patch generate support by applying all other patches to baseline to remove cross polluting other patch changes into target patch. Move cleanup of ./Configure output to import script from openssl.config. import_openssl.sh openssl.config Adding SSL_use_certificate_chain and SSL_get_certificate_chain to continue to finish most of remaining JSSE issues. include/openssl/ssl.h ssl/s3_both.c ssl/ssl.h ssl/ssl_locl.h ssl/ssl_rsa.c Updated patch (and list of input files to patch) patches/jsse.patch openssl.config libcore Restoring SSLContextImpl as provider of non-OpenSSL SSLSocketImpl instances for interoperability testing. OpenSSLContextImpl is the new subclass that provides OpenSSLSocketImpl. JSSEProvider provides the old style SSLContexts, OpenSSLProvider provides the OpenSSL SSLContext, which includes the "default" context. Changed to register SSLContexts without aliases to match the RI. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLProvider.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Native interface updates to support OpenSSLSocketImpl improvements - KEY_TYPES now expanded based on what we are being provided by OpenSSL. keyType function now maps key type values received from clientCertificateRequested callback. - Removed remaining uses of string PEM encoding, now using ASN1 DER consistently Includes SSL_SESSION_get_peer_cert_chain, verifyCertificateChain - Fixed clientCertificateRequested to properly include all key types supported by server, not just the one from the cipher suite. We also now properly include the list of supported CAs to help the client select a certificate to use. - Fixed NativeCrypto.SSL_use_certificate implementation to use new SSL_use_certificate_chain function from openssl to pass chain to OpenSSL. - Added error handling of all uses of sk_*_push which can fail due to out of memory - Fixed compile warning due to missing JNI_TRACE argument luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/native/NativeCrypto.cpp luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Pass this into chooseServerAlias call as well in significantly revamped choseClientAlias luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Minor code cleanup while reviewing diff between checkClientTrusted and checkServerTrusted luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Improvements to SSL test support to go along with client certificate and certificate chain changes. TestSSLContext now has separate contexts for the client and server (as well as seperate key stores information). TestKeyStore now is more realistic by default, creating a CA, intermediate CA, and separate client and server certificates, as well as a client keystore that simply contains the CA and no certificates. support/src/test/java/javax/net/ssl/TestKeyStore.java support/src/test/java/javax/net/ssl/TestSSLContext.java Tests tracking API changes. Tests involving cert chains now now updated to use TestKeyStore.assertChainLength to avoid hardwiring expected chain length in tests. These tests also now use TestSSLContext.assertClientCertificateChain to validate that the chain is properly constructed and trusted by a trust manager. luni/src/test/java/java/net/URLConnectionTest.java luni/src/test/java/javax/net/ssl/SSLContextTest.java luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java luni/src/test/java/javax/net/ssl/SSLSessionTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java support/src/test/java/java/security/StandardNames.java support/src/test/java/javax/net/ssl/TestSSLEnginePair.java support/src/test/java/javax/net/ssl/TestSSLSocketPair.java frameworks/base Tracking change of SSLContextImpl to OpenSSLContextImpl core/java/android/net/SSLCertificateSocketFactory.java core/java/android/net/http/HttpsConnection.java tests/CoreTests/android/core/SSLPerformanceTest.java tests/CoreTests/android/core/SSLSocketTest.java Tracking changes to TestSSLContext core/tests/coretests/src/android/net/http/HttpsThroughHttpProxyTest.java Change-Id: Ie35ebce89966dfce62c316f7fe7252bf06935680
|
018b67accb28954d35f3cd697be3428e9b45b7d8 |
|
28-May-2010 |
Jesse Wilson <jessewilson@google.com> |
Further small fixes to increase API compatibility with RI v6. Highlights: code was moved from SSLContextImpl to its superclass. took X500Principal code from Harmony Tested with Harmony's tests.api.javax.security.auth.x500.X500PrincipalTest. Change-Id: I89b46d4b47e692a5461916cca972e05de95f3280
|
2be0ae9c8abc05d1c94c8bb170503ee2feae1866 |
|
27-May-2010 |
Brian Carlstrom <bdc@google.com> |
Add missing package on ambiguous class name and cast on ambiguous type Change-Id: I470c929f67ecaffa91d5a67c87f1ed5358cfd84c
|
0c131a2ca38465b7d1df4eaee63ac73ce4d5986d |
|
21-May-2010 |
Brian Carlstrom <bdc@google.com> |
RI 6 support for javax.net.ssl Summary: - RI 6 support for javax.net.ssl - SSLEngine fixes based on new SSLEngineTest - fix Cipher.checkMode bug recently introduced in dalvik-dev Details: Fix Cipher.checkMode that was preventing most javax.net.ssl tests from working luni/src/main/java/javax/crypto/Cipher.java RI 6 has introduced the concept of a "Default" SSLContext. This is accessed via SSLContext.getDefault() and also SSLContext.getInstance("Default"). Harmony had its own DefaultSSLContext but it was not created via an SSLContextSpi. It also was a single shared instance whereas the new RI6 Default SSLContext shares internal SSLSessionContext instances between different Default SSLContexts. Refactored the old code into an SSLContextImpl subclass that allows it to be created via SSLContext.getInstance. SSLContextImpl ensures that we only ever create one set of SSLSessionContext instances for the Default context. luni/src/main/java/javax/net/ssl/DefaultSSLContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Added SSLContext.getDefault and SSLContext.setDefault luni/src/main/java/javax/net/ssl/SSLContext.java Replace dependencies of old DefaultSSLContext with use of SSLContext.getDefault luni/src/main/java/javax/net/ssl/SSLServerSocketFactory.java luni/src/main/java/javax/net/ssl/SSLSocketFactory.java Register "SSLContext.Default" as DefaultSSLContextImpl class for SSLContext.getInstance() luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java Added constant for new "Default" standard name and added it to SSL_CONTEXT_PROTOCOLS. New tests based on SSL_CONTEXT_PROTOCOLS made it clear that neither Android or RI support SSLv2 so removed it from SSL_CONTEXT_PROTOCOLS and SSL_SOCKET_PROTOCOLS. Added constant for TLS as well which was previously scattered all over tests. Remove SSLv2Hello from SSL_SOCKET_PROTOCOLS for Android since with OpenSSL disablign SSLv2 means you can not use SSLv2Hello either. support/src/test/java/javax/net/ssl/StandardNames.java Added tests for SSLContext.getDefault and SSLContext.setDefault. Changed existing tests to work on all protocols including new "Default". luni/src/test/java/javax/net/ssl/SSLContextTest.java RI 6 has introduced the notion of SSLParameters which encapsulate SSL the handshake parameters of desired cipher suites, protocols, and client authentication requirements. The main new class SSLParameters is basically just a bag of fields with accessors and a couple simple constructors. The only things of note are that it clones all String arrays on input and output and the setters for the two boolean fields ensure that only one is true at a time. luni/src/main/java/javax/net/ssl/SSLParameters.java Added SSLContext.getDefaultSSLParameters and SSLContext.getSupportedSSLParameters which simply delegate to the SSLContextSpi. luni/src/main/java/javax/net/ssl/SSLContext.java Added abstract SSLContextSpi.engineGetDefaultSSLParameters and SSLContext.engineGetSupportedSSLParameters. luni/src/main/java/javax/net/ssl/SSLContextSpi.java Added engineGetDefaultSSLParameters and engineGetSupportedSSLParameters implementation. The RI documents in SSLContextSpi that these are implemented by default by creating a socket via the SSLContext's SocketFactory and asking for the enabled/supported cipher suites and protocols respectively, so that is what is done. The doc mentions throwing UnsupportedOperationException if there is a problem, so we do that as well. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Added {SSLEngine,SSLSocket}.{getSSLParameters,setSSLParameters} which are analogous. luni/src/main/java/javax/net/ssl/SSLEngine.java luni/src/main/java/javax/net/ssl/SSLSocket.java Added SSLParametersTest luni/src/test/java/javax/net/ssl/SSLParametersTest.java luni/src/test/java/javax/net/ssl/AllTests.java Added SSLContext.get{Default,Supported}SSLParameters tests luni/src/test/java/javax/net/ssl/SSLContextTest.java Added SSLSocket.{getSSLParameters,setSSLParameters} tests and added some extra asserts to test_SSLSocketPair_create based on experience with test_SSLEnginePair_create. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Dummy implementation of new SSLContextSpi for test classes. support/src/test/java/org/apache/harmony/security/tests/support/MySSLContextSpi.java support/src/test/java/org/apache/harmony/xnet/tests/support/MySSLContextSpi.java Other minor RI 6 API changes: RI 6 removed Serializable from HandshakeCompletedEvent and SSLSessionBindingEvent luni/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java luni/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java RI 6 added generic types to the KeyStoreBuilderParameters List constructor and accessor as well as to SSLSessionContext.getIds. Fixed tests to compile with generic types. luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java luni/src/main/java/javax/net/ssl/SSLSessionContext.java luni/src/test/java/tests/api/javax/net/ssl/KeyStoreBuilderParametersTest.java SSLEngine improvements. Since I was changing SSLEngine, I wrote an SSLEngineTest based on my SSLSocketTest to do some simply sanity checking. It expose a number of issues. I've fixed the small ones, marked the rest as known failures. Renamed some TLS_ cipher suites to SSL_ to match JSSE standard names. These were all old suites no longer supported by RI or OpenSSL which is why they were missed in an earlier cleanup of this type in this class. Also fixed SSLEngine supported cipher suites list not to include SSL_NULL_WITH_NULL_NULL which is not a valid suite to negotiate. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java SSLEngine instances can have null host values, which caused a NullPointerException in the ClientSessionContext implementation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java SSLEngine tests were failing because SSLParameters was throwing NullPointerException instead of IllegalArgument exception on null element values. Fixed null pointer message style while I was here. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java Fixed SSLEngine instances to default to server mode like RI luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Fixed KEY_TYPES based on SSLEngine implementation. Removed dead code NativeCrypto.getEnabledProtocols which was recently made obsolete. Cleaned up null exception messages to follow our convention. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java Added SSLEngineTest which parallels SSLSocketTest in its coverage. Similarly added TestSSLEnginePair which loosely parallels TestSSLSocketPair. luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/AllTests.java support/src/test/java/javax/net/ssl/TestSSLEnginePair.java SSLEngineTest betters exposed the differences between SSLSocket and SSLEngine supported cipher suites. StandardNames now has an CIPHER_SUITES_SSLENGINE definition which denotes what is missing and what is extra and why in the SSLEngine implementation. support/src/test/java/javax/net/ssl/StandardNames.java Created StandardNames.assert{Valid,Supported}{CipherSuites,Protocols} to factor out some code test code that is also used by new tests. support/src/test/java/javax/net/ssl/StandardNames.java luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java Remove SSLSocketTest known failure and add new SSLEngineTest known failures expectations/knownfailures.txt SSL_OP_NO_TICKET change was recently merged from master which required some fixes. For the moment, sslServerSocketSupportsSessionTickets always returns false. support/src/test/java/javax/net/ssl/TestSSLContext.java Fixed flakey test_SSLSocket_HandshakeCompletedListener which had a race because the client thread look in the server session context for an session by id potentially before the server thread had a chance to store its session. Made noticable because of SSL_OP_NO_TICKET recently merged from master (before this code path was host only, not device) luni/src/test/java/javax/net/ssl/SSLSocketTest.java Fix checkjni issue where we need to check for pending exception in OpenSSL callback. Possibly introduced by recent merge of SSL_OP_NO_TICKET from master. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Expectation updates Remove SSLSocketTest known failure and add new SSLEngineTest known failures expectations/knownfailures.txt Tag test_SSLSocket_getSupportedCipherSuites_connect as large expectations/taggedtests.txt Misc changes: opening brace on wrong line luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java Long line cleanup while debugging luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketFactoryImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketFactoryImpl.java support/src/test/java/javax/net/ssl/TestKeyStore.java Removed bogus import luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java Comment clarify while debugging luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Ctor -> Constructor in comment luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLEngineImpl.java Fixed naming of SocketTest_Test_create to TestSocketPair_Create to match renamed classes luni/src/test/java/javax/net/ssl/SSLSocketTest.java Change-Id: I99505e97d6047eeabe4a0b93202075a0b2d486ec
|
f33eae7e84eb6d3b0f4e86b59605bb3de73009f3 |
|
13-May-2010 |
Elliott Hughes <enh@google.com> |
Remove all trailing whitespace from the dalvik team-maintained parts of libcore. Gentlemen, you may now set your editors to "strip trailing whitespace"... Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b
|
f365a1c9cec94071b7a3161d7bdcb3f61d28f912 |
|
10-May-2010 |
Brian Carlstrom <bdc@google.com> |
SSLContext.getClientSessionContext and getServerSessionContext should work before SSLContext.init Moved initialization of SSLContextImpl clientSessionContext and serverSessionContext from engineInit time (in SSLParameters constructor) to constructor time, making them final. This is to fix javax.net.ssl.SSLContextTest which was failing because it tried to access this before init was called, which worked fine on the RI. The SSLParameters now simply takes the preallocated session contexts as arguments. SSLParameters.getDefault() now needs to create its own session contexts when an SSLContext is not used, which is how Harmony does it. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java Removed KnownFailure from SSLContextTest as its 100% working. luni/src/test/java/javax/net/ssl/SSLContextTest.java Changed persistentCache fields of ClientSessionContext and ServerSessionContext from final to private and added a public setter. This replaces passing the persistentCache implementation in via the constructor. For momentarily backward compatibility with frameworks/base, the now deprecated 5 argument engineInit method now uses these setters for backward compatability. The SSLParameters previously took these persistent caches as arguments in order to pass them to the session context contructors, but as SSLParameters no longer creates these, they are no longer relevant. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java While moving the call of the AbstractSessionContext constructor from SSLParameters to SSLContextImpl after removing the persistent cache arguments, I realized there was no longer any reason to take any arguments. I pushed the initization of sslCtxNativePointer to the point of declaration. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java Change-Id: Ied2903a2f369bf4e521e702bf58f32f21cb97d17
|
6b811c5daec1b28e6f63b57f98a032236f2c3cf7 |
|
03-May-2010 |
Peter Hallam <peterhal@google.com> |
Merge awt-kernel, icu, luni-kernel, prefs, security-kernel, x-net into luni Merge xml except xmlpull and kxml into luni
|