b7eec62f6db198a76b67d7915b03e59189c6df4f |
|
02-Jul-2010 |
Brian Carlstrom <bdc@google.com> |
TestKeyStore only use RSA by default & fixing SSLEngine client auth with DSA client and RSA server Summary: Goal here was to just make most tests faster by only having TestKeyStore create RSA keys by default. However, when I did that SSLEngineTest#test_SSLEngine_clientAuth started working, so I ended up investigating a much deeper issue with DSA client authentication against an RSA SSLEngine server. Details: Changed the TestKeyStore.get singleton to only contain RSA keys. TestKeyStore.create now requires the caller enumerate what keys they want if they need more than that or an alternative. support/src/test/java/javax/net/ssl/TestKeyStore.java Changed test_SSLSocket_getSupportedCipherSuites_connect to explicitly request RSA and DSA keys since it needs both to try connecting all possible cipher suites. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Fixing SSLEngine client authentication when server uses RSA but client uses DSA Fixed java.net.ssl.SSLEngineTest#test_SSLEngine_clientAuth expectations/knownfailures.txt Added CiperSuite.authType field which contains the algorithm name such as RSA, DSA, DH, that the client will use to authenticate the server. Like the cipherName, hmacName, and hashName, this is logically derivable from the the CiperSuite.KEY_EXCHANGE_*, but we remember it to avoid repeatedly doing large cascading "if" tests to determine which key algorithm should be used for each case. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java Fixed a number of client certificate authentication bugs in SSLEngine - Changed ClientHandshakeImpl's in the SSL/Tls Certificate message code to mirror ServerHandshakeImpl's implementation to properly use chooseEngineClientAlias in the SSLEngine case. - Changed to use the client certifcates key algorithm for computing the signature for the SSL/TLS CertificateVerify message. Previously we used the cipher suites negoitated key exchange method, but if the client may select a certificate with a different algorithm if the server provides a CA for another algorithm. - Also changed to use CipherSuite.isAnonymous in two places rather than the inlined equivalent. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java Fixed client authentication to use the client's certificate (not the server's) to do verify the CertificateVerify message signature. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java Fixed bug in DigitalSignature which did not Signature.update in verifySignature, so it could never have properly authenticated DSA signatures. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java Added CertificateMessage getAuthType convenience luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateMessage.java Made CertificateRequest certificate_authorities final, found we were double allocating it luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java Cleaning up imports of HandshakeProtocol while working on its subclasses. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java Cleaned up while looking at X509KeyManager implementations while debugging. support/src/test/java/org/apache/harmony/xnet/tests/support/X509KeyManagerImpl.java Change-Id: I74b98754c11000cbfea416f1571c380c9c67abf3
|
f33eae7e84eb6d3b0f4e86b59605bb3de73009f3 |
|
13-May-2010 |
Elliott Hughes <enh@google.com> |
Remove all trailing whitespace from the dalvik team-maintained parts of libcore. Gentlemen, you may now set your editors to "strip trailing whitespace"... Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b
|
adc854b798c1cfe3bfd4c27d68d5cee38ca617da |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
|
1c0fed63c71ddb230f3b304aac12caffbedf2f21 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
|
a0881d052ee72e3f7e773374e9b1aa75fbd6be4c |
|
10-Jan-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //branches/cupcake/...@125939
|