Cross Reference: /libcore/luni/src/main/java/java/security/KeyStore.java

History log of /libcore/luni/src/main/java/java/security/KeyStore.java
Revision	Date	Author	Comments
cff1616012dc0d56c2da9af2b9b1183e76c7e044	04-Dec-2012	Elliott Hughes <enh@google.com>	Add detail messages to all the easy IllegalArgumentException cases. Noticed during my recent Matcher change. Change-Id: I415d911b26d0ee548ca04d56bba7fc3d4e6b3f88
c934a095e1f863f00bf6f7c0b37fbd05ebeaaff5	29-Oct-2012	Brian Carlstrom <bdc@google.com>	Prefer PKIX algorithm name for TrustManagerFactory and KeyManagerFactory Change-Id: I3da5bdf6739c6aee5ec0174e93cd6c06d6dfeeb3
d43b9ef11a1095967a3396b246639b563e1a4128	12-Sep-2012	Kenny Root <kroot@google.com>	Add consistent reasons for NullPointerException Semi-automated replacement of empty and non-conforming NullPointerException reason messages. (cherry-pick of 86acc043d3334651ee26c65467d78d6cefedd397.) Change-Id: I6d893979f5c20a50e841e32af9fd7b2d8bc9d54d
86acc043d3334651ee26c65467d78d6cefedd397	12-Sep-2012	Kenny Root <kroot@google.com>	Add consistent reasons for NullPointerException Semi-automated replacement of empty and non-conforming NullPointerException reason messages. Change-Id: Iedeb4b21949e973c4042ce5982dda315f2e785e1
0d4daefcf389b6433a0af481ef44a84a2546541a	21-May-2011	Elliott Hughes <enh@google.com>	Suppress some FindBugs warnings. Also globally replace "for(" with "for (". Change-Id: I27fe17460e6745b9ca823f42e57c86fe8af31979
347b2a604114602da9bc4ae040278f74d11c2f51	26-Apr-2011	Brian Carlstrom <bdc@google.com>	Avoid loading all CA certs into Zygote memory, lazily load instead (2 of 3) Previously the CA certs stored in the BKS KeyStore at /system/etc/security/cacerts.bks was loaded in the Zygote. As the the number of CAs are started to increase, this is causing more and more memory to be used for rarely used CAs. The new AndroidCAStore KeyStore implementation reads the CAs as needed out of individual PEM certificate files. The files can be efficiently found because they are named based on a hash CA's subject name, similar to OpenSSL. Bug: 1109242 Details: build Removing old cacerts.bks from GRANDFATHERED_ALL_PREBUILT and adding new cacerts directory to core PRODUCT_PACKAGES core/legacy_prebuilts.mk target/product/core.mk libcore cacerts build changes. Move cacerts prebuilt logic to new CaCerts.mk from NativeCode.mk where it didn't make sense. Updated Android.mk's dalvik-host target to install new cacerts files. Android.mk CaCerts.mk NativeCode.mk Remove old cacerts.bks and add remove certimport.sh script used to generate it. Preserved the useful comments from certimport.sh in the new README.cacerts luni/src/main/files/cacerts.bks luni/src/main/files/certimport.sh luni/src/main/files/README.cacerts Recanonicalize cacerts files using updated vendor/google/tools/cacerts/certimport.py (See below discussion of certimport.py changes for details) luni/src/main/files/cacerts/00673b5b.0 luni/src/main/files/cacerts/03e16f6c.0 luni/src/main/files/cacerts/08aef7bb.0 luni/src/main/files/cacerts/0d188d89.0 luni/src/main/files/cacerts/10531352.0 luni/src/main/files/cacerts/111e6273.0 luni/src/main/files/cacerts/1155c94b.0 luni/src/main/files/cacerts/119afc2e.0 luni/src/main/files/cacerts/11a09b38.0 luni/src/main/files/cacerts/12d55845.0 luni/src/main/files/cacerts/17b51fe6.0 luni/src/main/files/cacerts/1920cacb.0 luni/src/main/files/cacerts/1dac3003.0 luni/src/main/files/cacerts/1dbdda5b.0 luni/src/main/files/cacerts/1dcd6f4c.0 luni/src/main/files/cacerts/1df5ec47.0 luni/src/main/files/cacerts/1e8e7201.0 luni/src/main/files/cacerts/1eb37bdf.0 luni/src/main/files/cacerts/219d9499.0 luni/src/main/files/cacerts/23f4c490.0 luni/src/main/files/cacerts/27af790d.0 luni/src/main/files/cacerts/2afc57aa.0 luni/src/main/files/cacerts/2e8714cb.0 luni/src/main/files/cacerts/2fa87019.0 luni/src/main/files/cacerts/2fb1850a.0 luni/src/main/files/cacerts/33815e15.0 luni/src/main/files/cacerts/343eb6cb.0 luni/src/main/files/cacerts/399e7759.0 luni/src/main/files/cacerts/3a3b02ce.0 luni/src/main/files/cacerts/3ad48a91.0 luni/src/main/files/cacerts/3c58f906.0 luni/src/main/files/cacerts/3c860d51.0 luni/src/main/files/cacerts/3d441de8.0 luni/src/main/files/cacerts/3e7271e8.0 luni/src/main/files/cacerts/418595b9.0 luni/src/main/files/cacerts/455f1b52.0 luni/src/main/files/cacerts/46b2fd3b.0 luni/src/main/files/cacerts/48478734.0 luni/src/main/files/cacerts/4d654d1d.0 luni/src/main/files/cacerts/4e18c148.0 luni/src/main/files/cacerts/4fbd6bfa.0 luni/src/main/files/cacerts/5021a0a2.0 luni/src/main/files/cacerts/5046c355.0 luni/src/main/files/cacerts/524d9b43.0 luni/src/main/files/cacerts/56b8a0b6.0 luni/src/main/files/cacerts/57692373.0 luni/src/main/files/cacerts/58a44af1.0 luni/src/main/files/cacerts/594f1775.0 luni/src/main/files/cacerts/5a3f0ff8.0 luni/src/main/files/cacerts/5a5372fc.0 luni/src/main/files/cacerts/5cf9d536.0 luni/src/main/files/cacerts/5e4e69e7.0 luni/src/main/files/cacerts/60afe812.0 luni/src/main/files/cacerts/635ccfd5.0 luni/src/main/files/cacerts/67495436.0 luni/src/main/files/cacerts/69105f4f.0 luni/src/main/files/cacerts/6adf0799.0 luni/src/main/files/cacerts/6e8bf996.0 luni/src/main/files/cacerts/6fcc125d.0 luni/src/main/files/cacerts/72f369af.0 luni/src/main/files/cacerts/72fa7371.0 luni/src/main/files/cacerts/74c26bd0.0 luni/src/main/files/cacerts/75680d2e.0 luni/src/main/files/cacerts/7651b327.0 luni/src/main/files/cacerts/76579174.0 luni/src/main/files/cacerts/7999be0d.0 luni/src/main/files/cacerts/7a481e66.0 luni/src/main/files/cacerts/7a819ef2.0 luni/src/main/files/cacerts/7d3cd826.0 luni/src/main/files/cacerts/7d453d8f.0 luni/src/main/files/cacerts/81b9768f.0 luni/src/main/files/cacerts/8470719d.0 luni/src/main/files/cacerts/84cba82f.0 luni/src/main/files/cacerts/85cde254.0 luni/src/main/files/cacerts/86212b19.0 luni/src/main/files/cacerts/87753b0d.0 luni/src/main/files/cacerts/882de061.0 luni/src/main/files/cacerts/895cad1a.0 luni/src/main/files/cacerts/89c02a45.0 luni/src/main/files/cacerts/8f7b96c4.0 luni/src/main/files/cacerts/9339512a.0 luni/src/main/files/cacerts/9685a493.0 luni/src/main/files/cacerts/9772ca32.0 luni/src/main/files/cacerts/9d6523ce.0 luni/src/main/files/cacerts/9dbefe7b.0 luni/src/main/files/cacerts/9f533518.0 luni/src/main/files/cacerts/a0bc6fbb.0 luni/src/main/files/cacerts/a15b3b6b.0 luni/src/main/files/cacerts/a3896b44.0 luni/src/main/files/cacerts/a7605362.0 luni/src/main/files/cacerts/a7d2cf64.0 luni/src/main/files/cacerts/ab5346f4.0 luni/src/main/files/cacerts/add67345.0 luni/src/main/files/cacerts/b0f3e76e.0 luni/src/main/files/cacerts/bc3f2570.0 luni/src/main/files/cacerts/bcdd5959.0 luni/src/main/files/cacerts/bda4cc84.0 luni/src/main/files/cacerts/bdacca6f.0 luni/src/main/files/cacerts/bf64f35b.0 luni/src/main/files/cacerts/c0cafbd2.0 luni/src/main/files/cacerts/c215bc69.0 luni/src/main/files/cacerts/c33a80d4.0 luni/src/main/files/cacerts/c527e4ab.0 luni/src/main/files/cacerts/c7e2a638.0 luni/src/main/files/cacerts/c8763593.0 luni/src/main/files/cacerts/ccc52f49.0 luni/src/main/files/cacerts/cdaebb72.0 luni/src/main/files/cacerts/cf701eeb.0 luni/src/main/files/cacerts/d16a5865.0 luni/src/main/files/cacerts/d537fba6.0 luni/src/main/files/cacerts/d64f06f3.0 luni/src/main/files/cacerts/d777342d.0 luni/src/main/files/cacerts/d8274e24.0 luni/src/main/files/cacerts/dbc54cab.0 luni/src/main/files/cacerts/ddc328ff.0 luni/src/main/files/cacerts/e48193cf.0 luni/src/main/files/cacerts/e60bf0c0.0 luni/src/main/files/cacerts/e775ed2d.0 luni/src/main/files/cacerts/e7b8d656.0 luni/src/main/files/cacerts/e8651083.0 luni/src/main/files/cacerts/ea169617.0 luni/src/main/files/cacerts/eb375c3e.0 luni/src/main/files/cacerts/ed049835.0 luni/src/main/files/cacerts/ed524cf5.0 luni/src/main/files/cacerts/ee7cd6fb.0 luni/src/main/files/cacerts/f4996e82.0 luni/src/main/files/cacerts/f58a60fe.0 luni/src/main/files/cacerts/f61bff45.0 luni/src/main/files/cacerts/f80cc7f6.0 luni/src/main/files/cacerts/fac084d7.0 luni/src/main/files/cacerts/facacbc6.0 luni/src/main/files/cacerts/fde84897.0 luni/src/main/files/cacerts/ff783690.0 Change IntegralToString.intToHexString to take width argument to allow for leading zero padding. Updated existing callers to specify 0 padding desired. Add testing of new padding functionality. luni/src/main/java/java/lang/Character.java luni/src/main/java/java/lang/Integer.java luni/src/main/java/java/lang/IntegralToString.java luni/src/test/java/libcore/java/lang/IntegralToStringTest.java Improved to throw Exceptions with proper causes luni/src/main/java/java/security/KeyStore.java luni/src/main/java/java/security/Policy.java luni/src/main/java/java/security/cert/CertificateFactory.java luni/src/main/java/javax/crypto/Cipher.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignature.java Indentation fixes luni/src/main/java/java/security/SecureRandom.java Fix X509CRLSelector.getIssuerNames to clone result and added test to cover this. luni/src/main/java/java/security/cert/X509CRLSelector.java luni/src/test/java/libcore/java/security/cert/X509CRLSelectorTest.java Fixed bug where we created an X500Principal via a String representation instead of from its original encoded bytes. This led to a difficult to track down bug where CA 418595b9.0 where the NativeCode.X509_NAME_hash of a Harmony (but not BouncyCastle) X509Certificate would not hash to the expected value because the encoded form used an ASN.1 PrintableString instead of the UTF8String form found in the original certificate. luni/src/main/java/org/apache/harmony/security/x501/Name.java Add a new RootKeyStoreSpi and register it as the AndroidCAStore. This new read-only KeyStore implementation that looks for certificates in $ANDROID_ROOT/etc/security/cacerts/ directory, which is /system/etc/security/cacerts/ on devices. The files are stored in the directory based on the older md5 based OpenSSL X509_NAME_hash function (now referred to as X509_NAME_hash_old in OpenSSL 1.0) luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java Added OpenSSL compatible X509_NAME_hash and X509_NAME_hash_old functions for producting an int hash value from an X500Principal. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java Changed TrustManagerFactoryImpl to use AndroidCAStore for its default KeyStore luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerFactoryImpl.java Changed TrustManagerImpl to be AndroidCAStore aware. If it detects an AndroidCAStore, it avoids generating the acceptedIssuers array at constructions, since doing so would force us to parse all certificates in the store and the value is only typically used by SSLServerSockets when requesting a client certifcate. Because we don't load all the trusted CAs into the IndexedPKIXParameters at startup in the case of AndroidCAStore, we now check for new CAs when examining the cert chain for unnecessary TrustAnchors and for a newly discovered issuer at the end of the chain before validation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Updated KeyStoreTest to cope with read only KeyStore. Update test_cacerts_bks (now renamed test_cacerts) to use the AndroidCAStore for validating system CA certificate validity. Register AndroidCAStore as an expected KeyStore type with StandardNames. luni/src/test/java/libcore/java/security/KeyStoreTest.java support/src/test/java/libcore/java/security/StandardNames.java Added test of X500Principal serialization while investigating Name encoding issue. However, the actual Name bug was found and verified by the new test_cacerts test. luni/src/test/java/libcore/javax/security/auth/x500/X500PrincipalTest.java vendor/google Change canonical format for checked in cacerts to have PEM certificate at the top, as required by Harmony's X.509 CertificateFactory. tools/cacerts/certimport.py Change-Id: If0c9de430f13babb07f96a1177897c536f3db08d
32c2297a959b72abdb18743f0519e1d8b7c7ea88	17-Mar-2011	Elliott Hughes <enh@google.com>	Remove bogus "super()" calls. I've left one in java.util.concurrent, since we have an upstream there. Change-Id: I60945e48a41433fc7eaef6086433ec4bf434097f
fb0ec0e650bf8be35acb0d47da0311a7c446aa33	14-Jan-2011	Elliott Hughes <enh@google.com>	Remove useless android-changed comments. I've changed useful ones to regular comments or TODOs, as appropriate. I've left ones in code like java.util.concurrent where we really are tracking an upstream source, making the change markers useful. I've left a handful of others where I intend to actually investigate the implied TODOs before deciding how to resolve them. Change-Id: Iaf71059b818596351cf8ee5a3cf3c85586051fa6
ad41624e761bcf1af9c8008eb45187fc13983717	07-Jan-2011	Elliott Hughes <enh@google.com>	Retire SecurityManager. This change removes all the code that was calling getSecurityManager, and removes all use of AccessController.doPrivileged. It also changes the implementation of AccessController so it doesn't actually do anything; it's only there for source-level compatibility. Bug: 2585285 Change-Id: I1f0295a4f12bce0316d8073011d8593fee116f71
b46dab348e2007bc08abaf7ecae34d89a2474e50	09-Dec-2010	Elliott Hughes <enh@google.com>	Rewrite all backwards comparisons. Strictly, all the ones I could find. This is everything with 0 or null on the left-hand side. Note that this touches several incorrect bounds checks, which I haven't fixed: I'm going to come back and finish that independent cleanup separately. Change-Id: Ibdb054b53df9aace47c7d2a00ff19122190053e8
6cdb6b7e6939270ccd21790ec95e42197cefc0c3	19-Oct-2010	Brian Carlstrom <bdc@google.com>	Change Engine.getInstance interfaces to make usage less error prone Change-Id: I4c58c95ab4216b52aa8af4fbce7a8d7f4860c2b7
0a480846a9798c763b088a122ab0dcd3dc3a17b6	19-Oct-2010	Brian Carlstrom <bdc@google.com>	Remove Engine.spi memory leak by clearing after access Also other minor code cleanup such as: - made assorted fields final - fixed lazy initialization without volatile or sync Bug: 1322442 Change-Id: I34e428dff5f07a7291d635c724111d44f2deff1c
a7a70410e26802f3ab480b08a1ab499338cb6f7e	03-Oct-2010	Jesse Wilson <jessewilson@google.com>	Use IoUtils.closeQuietly where possible. Change-Id: I354c1e00b7068108032d09c0a1c38e29f6283fb0
7365de1056414750d0a7d1fdd26025fd247f0d04	12-Aug-2010	Jesse Wilson <jessewilson@google.com>	Sorting imports. Change-Id: I8347bc625480a1c37a1ed9976193ddfedeb00bbc
e3a187163504f00c98bd75cbd8bcbdde123ae2cd	14-Jul-2010	Brian Carlstrom <bdc@google.com>	Fix PKCS12 and BKS KeyStore as well as SSL renegotiation Summary: - Added KeyStoreTest and fixed PKCS and BKS keystores to be fully functional - KeyStore and KeyStoreImpl improvements in libcore and bouncycastle for more RI-like behavior - SSL Renegotiation fix for new implementation Details: external/bouncycastle TwoFish added back for BKS KeyStore. Like RC2, it not supported as a general cipher, but instead used internally for KeyStore implementation. src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java bouncycastle.config Added back PBEWITHSHAANDTWOFISH, PBEWITHSHAANDTWOFISH-CBC, PBEWITHSHA1ANDRC2-CBC, PBEWITHHMACSHA, PBEWITHHMACSHA1 to support PKCS12 and BKS KeyStore implementations (as determined by new KeyStoreTest) src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java src/main/java/org/bouncycastle/jce/provider/JCEMac.java src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java Don't throw an error when deleting a non-existing KeyStore entry. The RI documentation (and behavior) says it throws an error when it fails to remove an entry, not when the entry does not exist. src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Try to make BC's PKCS KeyStore have a more RI-like getCreationDate behavior src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Make BC's PKCS KeyStore failfast on setting non-supported key, instead of failing later on get. src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Make BC's PKCS KeyStore handle setting a PrivateKey with an emtpy chain. src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Add more general avoidance of NullPointerExceptions on null aliases src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Added notes about changes improvements patches/README Regenerated patch with above changes patches/android.patch libcore KeyStore improvements based on KeyStoreTest - Fix UnrecoverableKeyException to be a subclass of UnrecoverableEntryException, which was keeping the new KeyStoreTest from compiling. luni/src/main/java/java/security/UnrecoverableKeyException.java - Fix to not convert UnrecoverableKeyException to KeyStoreException, which was only being done because of the UnrecoverableKeyException superclass bug. luni/src/main/java/java/security/KeyStoreSpi.java - Harmony KeyStore was being overly aggresive about throwing on null alias arguments in cases where the RI was happy to pass them to the KeyStoreSpi. luni/src/main/java/java/security/KeyStore.java - New test after PKCS12 regresion. It enumerates and excercises all methods on all available KeyStore implementations. Unfortunately, the main varieties of KeyStores made this a lot more complicated than I was originally expecting. It does clarifiy the differences between the RI and BC KeyStore implementations, especially for PKCS12, where in some ways the RI is more feature complete (setting key via byte[]), but in other ways BC goes beyond some RI limitations (allowing storage of certificates). luni/src/test/java/java/security/KeyStoreTest.java TestKeyStore improvements while writing KeyStoreTest - Renamed "keyStorePassword" working usages to clarify if it really means the "storePassword" on the whole KeyStore, or if it is a "keyPassword" on individual keys. - Moved TestKeyStore from javax.net.ssl to java.security luni/src/test/java/javax/net/ssl/SSLContextTest.java luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/SSLSessionTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java support/src/test/java/java/security/StandardNames.java support/src/test/java/java/security/TestKeyStore.java support/src/test/java/javax/net/ssl/TestKeyStore.java support/src/test/java/javax/net/ssl/TestSSLContext.java Fixing up SSL renegotiation support. Now that we are not trying to prevent renegotiation, make sure it is working correctly. - Remove SSL_VERIFY_CLIENT_ONCE to take the default behavior of re-requesting client certificate on renegotiation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java - Updated comments to reflect renegotiation. Bug fix to not clear out callback reference on handshake complete, since we need it for renegotiation. luni/src/main/native/NativeCrypto.cpp Updated for PKCS12 KeyStore support support/src/test/java/java/security/StandardNames.java Added javadoc when writint KeyStoreTest luni/src/test/java/java/security/ProviderTest.java frameworks/base Tracking changes to UnrecoverableKeyException superclass api/8.xml api/current.xml Change-Id: I6349dbfc02896417595b52e364ade8000b567615
897538a36c18f4db8f9f68ee566aec0bda842e9f	29-May-2010	Elliott Hughes <enh@google.com>	Remove the last exception message catalog. Bug: 1251121 Change-Id: I45931b9ff908531bda06d6569a4e9618986f821b
f33eae7e84eb6d3b0f4e86b59605bb3de73009f3	13-May-2010	Elliott Hughes <enh@google.com>	Remove all trailing whitespace from the dalvik team-maintained parts of libcore. Gentlemen, you may now set your editors to "strip trailing whitespace"... Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b
d21d78fd49a2d798218e8c8aefbddb26a0e71bbb	13-May-2010	Elliott Hughes <enh@google.com>	Convert tabs to spaces. Change-Id: I16cfbd2faac6b565b78b5dd97e2345323a36f652
fd6bb3510c2f94d636f3572dcf5f7f4dcd1a2726	13-May-2010	Elliott Hughes <enh@google.com>	Remove //$NON-NLS-\d$ cruft. Mostly done by perl(1), with manual cleanup of the few misspelled instances. This makes our trailing whitespace slightly worse, but I'll fix all that with a follow-on change. Change-Id: I0b4ca98819be6f9519c4ba980d759bd1ee1a0303
cec4dd4b1d33f78997603d0f89c0d0e56e64dbcd	26-Apr-2010	Peter Hallam <peterhal@google.com>	merge more modules into luni