Cross Reference: /libcore/luni/src/main/java/org/apache/harmony/security/x501/Name.java

History log of /libcore/luni/src/main/java/org/apache/harmony/security/x501/Name.java
Revision	Date	Author	Comments
347b2a604114602da9bc4ae040278f74d11c2f51	26-Apr-2011	Brian Carlstrom <bdc@google.com>	Avoid loading all CA certs into Zygote memory, lazily load instead (2 of 3) Previously the CA certs stored in the BKS KeyStore at /system/etc/security/cacerts.bks was loaded in the Zygote. As the the number of CAs are started to increase, this is causing more and more memory to be used for rarely used CAs. The new AndroidCAStore KeyStore implementation reads the CAs as needed out of individual PEM certificate files. The files can be efficiently found because they are named based on a hash CA's subject name, similar to OpenSSL. Bug: 1109242 Details: build Removing old cacerts.bks from GRANDFATHERED_ALL_PREBUILT and adding new cacerts directory to core PRODUCT_PACKAGES core/legacy_prebuilts.mk target/product/core.mk libcore cacerts build changes. Move cacerts prebuilt logic to new CaCerts.mk from NativeCode.mk where it didn't make sense. Updated Android.mk's dalvik-host target to install new cacerts files. Android.mk CaCerts.mk NativeCode.mk Remove old cacerts.bks and add remove certimport.sh script used to generate it. Preserved the useful comments from certimport.sh in the new README.cacerts luni/src/main/files/cacerts.bks luni/src/main/files/certimport.sh luni/src/main/files/README.cacerts Recanonicalize cacerts files using updated vendor/google/tools/cacerts/certimport.py (See below discussion of certimport.py changes for details) luni/src/main/files/cacerts/00673b5b.0 luni/src/main/files/cacerts/03e16f6c.0 luni/src/main/files/cacerts/08aef7bb.0 luni/src/main/files/cacerts/0d188d89.0 luni/src/main/files/cacerts/10531352.0 luni/src/main/files/cacerts/111e6273.0 luni/src/main/files/cacerts/1155c94b.0 luni/src/main/files/cacerts/119afc2e.0 luni/src/main/files/cacerts/11a09b38.0 luni/src/main/files/cacerts/12d55845.0 luni/src/main/files/cacerts/17b51fe6.0 luni/src/main/files/cacerts/1920cacb.0 luni/src/main/files/cacerts/1dac3003.0 luni/src/main/files/cacerts/1dbdda5b.0 luni/src/main/files/cacerts/1dcd6f4c.0 luni/src/main/files/cacerts/1df5ec47.0 luni/src/main/files/cacerts/1e8e7201.0 luni/src/main/files/cacerts/1eb37bdf.0 luni/src/main/files/cacerts/219d9499.0 luni/src/main/files/cacerts/23f4c490.0 luni/src/main/files/cacerts/27af790d.0 luni/src/main/files/cacerts/2afc57aa.0 luni/src/main/files/cacerts/2e8714cb.0 luni/src/main/files/cacerts/2fa87019.0 luni/src/main/files/cacerts/2fb1850a.0 luni/src/main/files/cacerts/33815e15.0 luni/src/main/files/cacerts/343eb6cb.0 luni/src/main/files/cacerts/399e7759.0 luni/src/main/files/cacerts/3a3b02ce.0 luni/src/main/files/cacerts/3ad48a91.0 luni/src/main/files/cacerts/3c58f906.0 luni/src/main/files/cacerts/3c860d51.0 luni/src/main/files/cacerts/3d441de8.0 luni/src/main/files/cacerts/3e7271e8.0 luni/src/main/files/cacerts/418595b9.0 luni/src/main/files/cacerts/455f1b52.0 luni/src/main/files/cacerts/46b2fd3b.0 luni/src/main/files/cacerts/48478734.0 luni/src/main/files/cacerts/4d654d1d.0 luni/src/main/files/cacerts/4e18c148.0 luni/src/main/files/cacerts/4fbd6bfa.0 luni/src/main/files/cacerts/5021a0a2.0 luni/src/main/files/cacerts/5046c355.0 luni/src/main/files/cacerts/524d9b43.0 luni/src/main/files/cacerts/56b8a0b6.0 luni/src/main/files/cacerts/57692373.0 luni/src/main/files/cacerts/58a44af1.0 luni/src/main/files/cacerts/594f1775.0 luni/src/main/files/cacerts/5a3f0ff8.0 luni/src/main/files/cacerts/5a5372fc.0 luni/src/main/files/cacerts/5cf9d536.0 luni/src/main/files/cacerts/5e4e69e7.0 luni/src/main/files/cacerts/60afe812.0 luni/src/main/files/cacerts/635ccfd5.0 luni/src/main/files/cacerts/67495436.0 luni/src/main/files/cacerts/69105f4f.0 luni/src/main/files/cacerts/6adf0799.0 luni/src/main/files/cacerts/6e8bf996.0 luni/src/main/files/cacerts/6fcc125d.0 luni/src/main/files/cacerts/72f369af.0 luni/src/main/files/cacerts/72fa7371.0 luni/src/main/files/cacerts/74c26bd0.0 luni/src/main/files/cacerts/75680d2e.0 luni/src/main/files/cacerts/7651b327.0 luni/src/main/files/cacerts/76579174.0 luni/src/main/files/cacerts/7999be0d.0 luni/src/main/files/cacerts/7a481e66.0 luni/src/main/files/cacerts/7a819ef2.0 luni/src/main/files/cacerts/7d3cd826.0 luni/src/main/files/cacerts/7d453d8f.0 luni/src/main/files/cacerts/81b9768f.0 luni/src/main/files/cacerts/8470719d.0 luni/src/main/files/cacerts/84cba82f.0 luni/src/main/files/cacerts/85cde254.0 luni/src/main/files/cacerts/86212b19.0 luni/src/main/files/cacerts/87753b0d.0 luni/src/main/files/cacerts/882de061.0 luni/src/main/files/cacerts/895cad1a.0 luni/src/main/files/cacerts/89c02a45.0 luni/src/main/files/cacerts/8f7b96c4.0 luni/src/main/files/cacerts/9339512a.0 luni/src/main/files/cacerts/9685a493.0 luni/src/main/files/cacerts/9772ca32.0 luni/src/main/files/cacerts/9d6523ce.0 luni/src/main/files/cacerts/9dbefe7b.0 luni/src/main/files/cacerts/9f533518.0 luni/src/main/files/cacerts/a0bc6fbb.0 luni/src/main/files/cacerts/a15b3b6b.0 luni/src/main/files/cacerts/a3896b44.0 luni/src/main/files/cacerts/a7605362.0 luni/src/main/files/cacerts/a7d2cf64.0 luni/src/main/files/cacerts/ab5346f4.0 luni/src/main/files/cacerts/add67345.0 luni/src/main/files/cacerts/b0f3e76e.0 luni/src/main/files/cacerts/bc3f2570.0 luni/src/main/files/cacerts/bcdd5959.0 luni/src/main/files/cacerts/bda4cc84.0 luni/src/main/files/cacerts/bdacca6f.0 luni/src/main/files/cacerts/bf64f35b.0 luni/src/main/files/cacerts/c0cafbd2.0 luni/src/main/files/cacerts/c215bc69.0 luni/src/main/files/cacerts/c33a80d4.0 luni/src/main/files/cacerts/c527e4ab.0 luni/src/main/files/cacerts/c7e2a638.0 luni/src/main/files/cacerts/c8763593.0 luni/src/main/files/cacerts/ccc52f49.0 luni/src/main/files/cacerts/cdaebb72.0 luni/src/main/files/cacerts/cf701eeb.0 luni/src/main/files/cacerts/d16a5865.0 luni/src/main/files/cacerts/d537fba6.0 luni/src/main/files/cacerts/d64f06f3.0 luni/src/main/files/cacerts/d777342d.0 luni/src/main/files/cacerts/d8274e24.0 luni/src/main/files/cacerts/dbc54cab.0 luni/src/main/files/cacerts/ddc328ff.0 luni/src/main/files/cacerts/e48193cf.0 luni/src/main/files/cacerts/e60bf0c0.0 luni/src/main/files/cacerts/e775ed2d.0 luni/src/main/files/cacerts/e7b8d656.0 luni/src/main/files/cacerts/e8651083.0 luni/src/main/files/cacerts/ea169617.0 luni/src/main/files/cacerts/eb375c3e.0 luni/src/main/files/cacerts/ed049835.0 luni/src/main/files/cacerts/ed524cf5.0 luni/src/main/files/cacerts/ee7cd6fb.0 luni/src/main/files/cacerts/f4996e82.0 luni/src/main/files/cacerts/f58a60fe.0 luni/src/main/files/cacerts/f61bff45.0 luni/src/main/files/cacerts/f80cc7f6.0 luni/src/main/files/cacerts/fac084d7.0 luni/src/main/files/cacerts/facacbc6.0 luni/src/main/files/cacerts/fde84897.0 luni/src/main/files/cacerts/ff783690.0 Change IntegralToString.intToHexString to take width argument to allow for leading zero padding. Updated existing callers to specify 0 padding desired. Add testing of new padding functionality. luni/src/main/java/java/lang/Character.java luni/src/main/java/java/lang/Integer.java luni/src/main/java/java/lang/IntegralToString.java luni/src/test/java/libcore/java/lang/IntegralToStringTest.java Improved to throw Exceptions with proper causes luni/src/main/java/java/security/KeyStore.java luni/src/main/java/java/security/Policy.java luni/src/main/java/java/security/cert/CertificateFactory.java luni/src/main/java/javax/crypto/Cipher.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignature.java Indentation fixes luni/src/main/java/java/security/SecureRandom.java Fix X509CRLSelector.getIssuerNames to clone result and added test to cover this. luni/src/main/java/java/security/cert/X509CRLSelector.java luni/src/test/java/libcore/java/security/cert/X509CRLSelectorTest.java Fixed bug where we created an X500Principal via a String representation instead of from its original encoded bytes. This led to a difficult to track down bug where CA 418595b9.0 where the NativeCode.X509_NAME_hash of a Harmony (but not BouncyCastle) X509Certificate would not hash to the expected value because the encoded form used an ASN.1 PrintableString instead of the UTF8String form found in the original certificate. luni/src/main/java/org/apache/harmony/security/x501/Name.java Add a new RootKeyStoreSpi and register it as the AndroidCAStore. This new read-only KeyStore implementation that looks for certificates in $ANDROID_ROOT/etc/security/cacerts/ directory, which is /system/etc/security/cacerts/ on devices. The files are stored in the directory based on the older md5 based OpenSSL X509_NAME_hash function (now referred to as X509_NAME_hash_old in OpenSSL 1.0) luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java Added OpenSSL compatible X509_NAME_hash and X509_NAME_hash_old functions for producting an int hash value from an X500Principal. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java Changed TrustManagerFactoryImpl to use AndroidCAStore for its default KeyStore luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerFactoryImpl.java Changed TrustManagerImpl to be AndroidCAStore aware. If it detects an AndroidCAStore, it avoids generating the acceptedIssuers array at constructions, since doing so would force us to parse all certificates in the store and the value is only typically used by SSLServerSockets when requesting a client certifcate. Because we don't load all the trusted CAs into the IndexedPKIXParameters at startup in the case of AndroidCAStore, we now check for new CAs when examining the cert chain for unnecessary TrustAnchors and for a newly discovered issuer at the end of the chain before validation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Updated KeyStoreTest to cope with read only KeyStore. Update test_cacerts_bks (now renamed test_cacerts) to use the AndroidCAStore for validating system CA certificate validity. Register AndroidCAStore as an expected KeyStore type with StandardNames. luni/src/test/java/libcore/java/security/KeyStoreTest.java support/src/test/java/libcore/java/security/StandardNames.java Added test of X500Principal serialization while investigating Name encoding issue. However, the actual Name bug was found and verified by the new test_cacerts test. luni/src/test/java/libcore/javax/security/auth/x500/X500PrincipalTest.java vendor/google Change canonical format for checked in cacerts to have PEM certificate at the top, as required by Harmony's X.509 CertificateFactory. tools/cacerts/certimport.py Change-Id: If0c9de430f13babb07f96a1177897c536f3db08d
8216dc1fd9d31867770439985c3d66570330e4c7	23-Feb-2011	Elliott Hughes <enh@google.com>	Remove most of our remaining non-API StringBuffer usage. Change-Id: Ia2c621d8a9dfe04cd55aac652d1ac9ea4398afd1
5c27fb80ffd335aa45dc8829ba3ecbc18c01e4e8	25-Jan-2011	Jesse Wilson <jessewilson@google.com>	Use generics in Harmony's ASN.1, X.501 and X.509. This change cleans up this code and uses modern Java idioms. It should not change the behavior. Change-Id: Ie869ced7c9e18634409ae194aa9a2c2a5e5ca530
866e7ae17a3da81a02b0b144e0c9c2b3196d293a	09-Dec-2010	Elliott Hughes <enh@google.com>	Fix a bunch of javac -Xlint warnings in our code. I think "fallthrough" uncovered a couple of real bugs in the kxml code, but other than that there's nothing very exciting here. This addresses all but one of the non-xml warnings. I'm assuming that we'll move the xml cruft out into external at some point (since we're deliberately not maintaining it). Change-Id: Ice81253b019df7b19d6557e719663b7bdc11fb22
7365de1056414750d0a7d1fdd26025fd247f0d04	12-Aug-2010	Jesse Wilson <jessewilson@google.com>	Sorting imports. Change-Id: I8347bc625480a1c37a1ed9976193ddfedeb00bbc
897538a36c18f4db8f9f68ee566aec0bda842e9f	29-May-2010	Elliott Hughes <enh@google.com>	Remove the last exception message catalog. Bug: 1251121 Change-Id: I45931b9ff908531bda06d6569a4e9618986f821b
f33eae7e84eb6d3b0f4e86b59605bb3de73009f3	13-May-2010	Elliott Hughes <enh@google.com>	Remove all trailing whitespace from the dalvik team-maintained parts of libcore. Gentlemen, you may now set your editors to "strip trailing whitespace"... Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b
fd6bb3510c2f94d636f3572dcf5f7f4dcd1a2726	13-May-2010	Elliott Hughes <enh@google.com>	Remove //$NON-NLS-\d$ cruft. Mostly done by perl(1), with manual cleanup of the few misspelled instances. This makes our trailing whitespace slightly worse, but I'll fix all that with a follow-on change. Change-Id: I0b4ca98819be6f9519c4ba980d759bd1ee1a0303
cec4dd4b1d33f78997603d0f89c0d0e56e64dbcd	26-Apr-2010	Peter Hallam <peterhal@google.com>	merge more modules into luni