| 6d2a17ab04ab0967e3bff7fe6280066ef66d1d76 |
|
11-Jun-2012 |
Geremy Condra <gcondra@google.com> |
Added basic cert pinning support.
This has four main changes:
First, it adds a CertPinManager to TrustManagerImpl that checks to
ensure that the chain is properly pinned.
Second, it adds the CertPinManager and associated classes to
implement cert pinning at this level.
Third, it changes the callers of checkServerTrusted to pass in a
hostname where possible, allowing them to make use of the pinning
transparently.
Finally, it changes checkServerTrusted to return the ultimate
chain that was verified, which is useful for implementing pinning
at a higher level.
cherry-picked from 5315f29b2de4aace0077b78f0b99634fda440b85
Change-Id: I150e010da3e2aeed57bd5330ff113d3a7fbbee2a
|
| 5315f29b2de4aace0077b78f0b99634fda440b85 |
|
11-Jun-2012 |
Geremy Condra <gcondra@google.com> |
Added basic cert pinning support.
This has four main changes:
First, it adds a CertPinManager to TrustManagerImpl that checks to
ensure that the chain is properly pinned.
Second, it adds the CertPinManager and associated classes to
implement cert pinning at this level.
Third, it changes the callers of checkServerTrusted to pass in a
hostname where possible, allowing them to make use of the pinning
transparently.
Finally, it changes checkServerTrusted to return the ultimate
chain that was verified, which is useful for implementing pinning
at a higher level.
Change-Id: I150e010da3e2aeed57bd5330ff113d3a7fbbee2a
|
| 3267a46b52d848e1e9e20c226512688f0c50d4c3 |
|
25-Aug-2011 |
Jeff Sharkey <jsharkey@android.com> |
Return real FileDescriptor in Socket wrappers.
In classes that wrap another Socket, return the real FileDescriptor
from the wrapped Socket.
Bug: 5189186
Change-Id: I157feb6991def9110eaf0ea82365b6f5b95b9372
|
| 6812a2e8bb43d9a875633a9ba255d9882c63e327 |
|
14-Sep-2010 |
Brian Carlstrom <bdc@google.com> |
Rename internal SSLParameters to SSLParametersImpl to avoid collision with new javax.net.ssl.SSLParameters
Bug: 2672817
Change-Id: Iadf21b848eaf8850fce22721b9ba3739ab2e9fca
|
| 7329fa972d9c20777444e5e1b13169d700de6567 |
|
29-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
Fixes to support new dalvik.googlecode.com benchmarks
The following new benchmarks where tested with the below changes:
- DigestBenchmark
- MessageDigestBenchmark
- SSLSocketBenchmark
- SignatureBenchmark
Fix package name of OpenSSLProvider
luni/src/main/java/java/security/security.properties
Restore Java (vs OpenSSL) SSLSocket wrappers on SSLEngine for benchmarking
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketFactoryImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketFactoryImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketInputStream.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketOutputStream.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketWrapper.java
Restore HandshakeProtocol.socketOwner code for SSLSocket to function
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
Remove unneeded OpenSSLMessageDigestJDK.getInstance since these are
registered via OpenSSLProvider and SHA224 which is not part of the RI.
We had already removed the BouncyCastle version of this.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLMessageDigestJDK.java
luni/src/test/java/tests/targets/security/AllTests.java
luni/src/test/java/tests/targets/security/MessageDigestTestSHA224.java
luni/src/test/java/tests/targets/security/SignatureTestSHA224withRSA.java
Change-Id: I7daae7f0d9f50acad6df9157eac1b0133af83062
|