| b8f93421684a6292496804ca30d8428d2602ce7a |
25-Jul-2013 |
Kenny Root <kroot@google.com> |
Rename inner class to NoPreloadHolder
This is a magic name that the preload tool will not add to the preload
list. This will prevent these classes from being instantiated during
Zygote's class preloading stage.
Bug: 9984058
Change-Id: Ie0f8a70e9bbf76a4beb7d862c67f665fe6aed280
ttpsURLConnection.java
|
| da5b7116b58795b169961cbd63c2b21bac741d9a |
24-Jul-2013 |
Kenny Root <kroot@google.com> |
Delay SSLSocketImpl instantiation until needed
Class preloading will create an instance of objects if they are in
static fields, so put the ones we don't want instantiated into a holder
class that is not preloaded.
Bug: 9984058
Change-Id: I0f61deb9120d67d0e855bbc044a2565dbba44e29
ttpsURLConnection.java
|
| 8db6f195ccb99e15f0de3b85aa2f670427497081 |
07-Jan-2013 |
Brian Carlstrom <bdc@google.com> |
Should favor most specific CN when working with distinguished names
This reverts a regression introduced in commit 1331404bf45cb2f220ee9aa2c0c108ce59453a74
that was caught by tests.api.javax.net.ssl.HostnameVerifierTest.testVerify
Bug: 7894348
Bug: http://code.google.com/p/android/issues/detail?id=41662
Change-Id: Iec8000b716e3d99ca7af4aa2c3fd7b43e22c68cd
istinguishedNameParser.java
|
| 1331404bf45cb2f220ee9aa2c0c108ce59453a74 |
21-Dec-2012 |
Brian Carlstrom <bdc@google.com> |
Should favor last CN when working with distinguished names
Bug: 7894348
Bug: http://code.google.com/p/android/issues/detail?id=41662
Change-Id: I3814d653b628f6af12ce1ba59b39b1c7cc45e124
efaultHostnameVerifier.java
istinguishedNameParser.java
|
| c934a095e1f863f00bf6f7c0b37fbd05ebeaaff5 |
29-Oct-2012 |
Brian Carlstrom <bdc@google.com> |
Prefer PKIX algorithm name for TrustManagerFactory and KeyManagerFactory
Change-Id: I3da5bdf6739c6aee5ec0174e93cd6c06d6dfeeb3
ttpsURLConnection.java
eyManagerFactory.java
rustManagerFactory.java
|
| 5692d40be0e19ef1d0cc988a579576496adf5237 |
11-Oct-2012 |
Brian Carlstrom <bdc@google.com> |
Fix typos from "beed" to "been"
Bug: http://code.google.com/p/android/issues/detail?id=38366
Change-Id: I44c647843e66a57bcbeabad41ec3142faaa1848e
istinguishedNameParser.java
SLPeerUnverifiedException.java
|
| d43b9ef11a1095967a3396b246639b563e1a4128 |
12-Sep-2012 |
Kenny Root <kroot@google.com> |
Add consistent reasons for NullPointerException
Semi-automated replacement of empty and non-conforming
NullPointerException reason messages.
(cherry-pick of 86acc043d3334651ee26c65467d78d6cefedd397.)
Change-Id: I6d893979f5c20a50e841e32af9fd7b2d8bc9d54d
eyManagerFactory.java
SLContext.java
rustManagerFactory.java
|
| 0f38eccddbc8ea0ec3e331509d40650ad4b14d45 |
09-May-2012 |
Brian Carlstrom <bdc@google.com> |
javax.net.ssl javadoc cleanup
Change-Id: I8b64831a5f0a160c167eaf3e4bf2dd81fe265f5f
SLSocket.java
ackage.html
|
| 265a2b554dacfa36f8adc5617ec6f05c8e1710f7 |
24-Jan-2012 |
Brian Carlstrom <bdc@google.com> |
Use lenient wildcard matching for *.clients.google.com.
This is an unfortunate workaround until we fix our hostname/cert
misconfiguration.
Bug: http://b/5426333
Change-Id: Ie855d55131412fa96d8b28eca469d1276d96a776
efaultHostnameVerifier.java
|
| 8576f309825e23add080f2a50345ec1884939c39 |
03-Jan-2012 |
Jesse Wilson <jessewilson@google.com> |
Use lenient wildcard matching for android.clients.google.com.
This is an unfortunate workaround until we fix our hostname/cert
misconfiguration.
Bug: http://b/5426333
Change-Id: Id2eddeec5dfa5ef6d2a4125fadbcf7b0e982904f
efaultHostnameVerifier.java
|
| d2afaee242a56adede5510cd1c6455a5e7dbabe9 |
02-Jan-2012 |
Jesse Wilson <jessewilson@google.com> |
Cleanup verifyHostName to use regionMatches instead of regex splits.
Change-Id: Ic778ab99057d03676c39a2e2126d6f2db1a5747e
efaultHostnameVerifier.java
|
| 57d73e33dc039f6fff06db52106a358192868060 |
27-Dec-2011 |
Jesse Wilson <jessewilson@google.com> |
Move the frameworks/base hostname verifier into libcore. Part 1/2
This replaces our libcore's DefaultHostnameVerifier.
The frameworks/base verifier is better exercised because it's used by
the browser. The libcore one includes a few dubious behaviors: parsing
toString() and non-standard TLD validation.
Behavior changes in libcore:
- A wildcard cert like *.co.uk would be honored. This would require
a rogue CA. We had a comment documenting that other SSL clients don't
do this.
- Wildcards in substrings like "f*.android.com" are now supported.
- Wildcards match without a child domain: "*.android.com" will match
"android.com".
- If an alt name is present, the CN is not used.
- subject alt name IP addresses are supported.
This also moves the tests into libcore.
Bug: http://b/5619726
Change-Id: Ia952c33f8009ee3c5ed5935ae5f74b6093b1b8e0
efaultHostnameVerifier.java
istinguishedNameParser.java
|
| 0c58d22d44cfb56f0c80f0fa1c69297ba45f3afc |
23-Jun-2011 |
Jesse Wilson <jessewilson@google.com> |
Don't trigger a reverse DNS lookup from a log statement.
Also nuke a bunch of redundant Javadoc and promote the
shutdownInput/shutdownOutput methods that always throw
to SSLSocket.
Change-Id: I077f7413bb6cba66be6204c68f7911b51a191643
http://code.google.com/p/android/issues/detail?id=13117
http://b/3478027
SLSocket.java
|
| 32bc0f26d980651e5ee4f5dfcf562da86a76120b |
08-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
am f45c08ac: Merge "Test fixes validated on RI and device"
* commit 'f45c08ac9e7ef520fe6ec8080e136b0b4bee7084':
Test fixes validated on RI and device
|
| 2708f771574cabf703557439843b02d3c5138c86 |
08-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Test fixes validated on RI and device
Change-Id: I14290efc322406920b2de65924155ef18ee56bab
rustManagerFactory.java
|
| e26b27faf689c17b7894c78caee32432176349ec |
04-Jun-2011 |
Elliott Hughes <enh@google.com> |
Remove more dead "security theater" cruft.
There's probably still more stuff lying around that isn't useful,
but this was all I had time for on this particular Friday afternoon...
Change-Id: I69593f6c9ab5534d581c703cc85a9766ba8e40e5
SLPermission.java
|
| aba5e8c281fb9c6be23229246473fa0b433dd997 |
25-May-2011 |
Brian Carlstrom <bdc@google.com> |
OpenSSLSocketImpl should tolerate X509KeyManager returning null values
While this started out as the small fix in
OpenSSLSocketImpl.setCertificate and the corresponding test
test_SSLSocket_clientAuth_bogusAlias, the need to test the behavior of
the X509KeyManager returning null on the RI led to test maintenance to
get libcore.javax.net.ssl tests working on RI 7 thanks to a test
dependency that was added on the new InetAddress.getLoopbackAddress().
Change-Id: I3d8ed1ce453cc3a0b53e23e39c02e6a71413649c
eyStoreBuilderParameters.java
SLHandshakeException.java
|
| 4f11ebea266eada830d507b8f011e811a8e5d7bc |
20-Apr-2011 |
Elliott Hughes <enh@google.com> |
Add getnameinfo(3) (and gai_strerror(3)).
There's quite a large corresponding change to InetAddress, plus I've changed
the documentation for all the Permission classes to match the handful that
we'd already documented as legacy cruft.
Bug: http://b/3107501
Change-Id: Ia67aba79f0ab13e64085bd4a2df20ad0776bcc5b
SLPermission.java
|
| 8bccf8cdf7a3b8a6e90bb1b411a957b6368e4a1a |
12-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Improve HttpsURLConnection documentation with examples
http://code.google.com/p/android/issues/detail?id=16041
Change-Id: I2e596ef36306b70cdb071b91d8707f015d9b251b
ttpsURLConnection.java
|
| 32c2297a959b72abdb18743f0519e1d8b7c7ea88 |
17-Mar-2011 |
Elliott Hughes <enh@google.com> |
Remove bogus "super()" calls.
I've left one in java.util.concurrent, since we have an upstream there.
Change-Id: I60945e48a41433fc7eaef6086433ec4bf434097f
eyManagerFactorySpi.java
SLContextSpi.java
SLEngine.java
SLServerSocket.java
SLServerSocketFactory.java
SLSocket.java
SLSocketFactory.java
rustManagerFactorySpi.java
509ExtendedKeyManager.java
|
| a7ef55258ac71153487357b861c7639d627df82f |
22-Feb-2011 |
Elliott Hughes <enh@google.com> |
Simplify internal libcore logging.
Expose LOGE and friends for use from Java. This is handy because it lets me use
printf debugging even when I've broken String or CharsetEncoder or something
equally critical. It also lets us remove internal use of java.util.logging,
which is slow and ugly.
I've also changed Thread.suspend/resume/stop to actually throw
UnsupportedOperationException rather than just logging one and otherwise
doing nothing.
Bug: 3477960
Change-Id: I0c3f804b1a978bf9911cb4a9bfd90b2466f8798f
efaultHostnameVerifier.java
SLSocketFactory.java
|
| 26ce8fbd8fe488cc969b08f64c56525662763dc4 |
08-Feb-2011 |
Jesse Wilson <jessewilson@google.com> |
resolved conflicts for merge of 6186821c to dalvik-dev
Change-Id: Ic6f0172767d6feedb188d3a5e7488a67702ef8c4
|
| 6186821cb13f4ac7ff50950c813394367e021eae |
08-Feb-2011 |
Jesse Wilson <jessewilson@google.com> |
Move libcore.base classes to libcore.util and libcore.io.
Change-Id: I2340a9dbad3561fa681a8ab47d4f406e72c913e3
efaultSSLServerSocketFactory.java
efaultSSLSocketFactory.java
|
| fb0ec0e650bf8be35acb0d47da0311a7c446aa33 |
14-Jan-2011 |
Elliott Hughes <enh@google.com> |
Remove useless android-changed comments.
I've changed useful ones to regular comments or TODOs, as appropriate.
I've left ones in code like java.util.concurrent where we really are
tracking an upstream source, making the change markers useful.
I've left a handful of others where I intend to actually investigate
the implied TODOs before deciding how to resolve them.
Change-Id: Iaf71059b818596351cf8ee5a3cf3c85586051fa6
SLSocketFactory.java
|
| 118abc3050371812703e4fabf03f4399d01fb28c |
13-Jan-2011 |
Elliott Hughes <enh@google.com> |
Kill most users of StringTokenizer.
I've left a handful that actually make some use of it, in classes we
don't care about anyway (XML preferences and the like).
Change-Id: I754262ee600d8a16046b537a6d6258db849db89b
efaultHostnameVerifier.java
|
| 0d4ce4227fa818288b8db762b640dfa21e3162f5 |
12-Jan-2011 |
Elliott Hughes <enh@google.com> |
Change all "final static"s to "static final".
Just so we sound like native speakers.
Change-Id: I4d98ec7519af8c1578609945ca9d480484b82874
efaultHostnameVerifier.java
|
| 87548e8585334658c3ee89050ec917a10ca35e5a |
07-Jan-2011 |
Elliott Hughes <enh@google.com> |
More SecurityManager cleanup.
Bug: 2585285
Change-Id: Ib9c5fdadc1361d67227b6f82a774b76c53840ff0
SLSession.java
|
| ad41624e761bcf1af9c8008eb45187fc13983717 |
07-Jan-2011 |
Elliott Hughes <enh@google.com> |
Retire SecurityManager.
This change removes all the code that was calling getSecurityManager, and
removes all use of AccessController.doPrivileged. It also changes the
implementation of AccessController so it doesn't actually do anything; it's
only there for source-level compatibility.
Bug: 2585285
Change-Id: I1f0295a4f12bce0316d8073011d8593fee116f71
eyManagerFactory.java
SLServerSocketFactory.java
SLSocketFactory.java
rustManagerFactory.java
|
| 6767bdbe6bb1d4542c97868d8df1f71d2414fc62 |
18-Dec-2010 |
Jesse Wilson <jessewilson@google.com> |
Optimize DefaultHostnameVerifier.
The only behavior change should be a bug fix. There was a heck
"cn.lastIndexOf('.') >= 0" that was always true. This has been
fixed to match the comment "require two dots".
Don't call getDNSSubjectAlts unless necessary.
Errors were created and then dropped. Now they're not created.
strictWithSubDomains was supported but unused. Now it isn't supported.
IP address parsing is now left up to the experts (InetAddress).
No more unnecessary conversions to arrays.
Before & After performance saves ~40% for google.com, which was the
only host that took more than 150 microseconds to verify:
host run us linear runtime %
www.amazon.com baseline 92.6 = 4%
www.amazon.com optimized 26.7 1%
www.google.com baseline 2,457.0 ============================== 100%
www.google.com optimized 1,421.2 ================= 58%
www.ubs.com baseline 143.2 = 6%
www.ubs.com optimized 24.4 1%
Change-Id: I42782bec6a86b95e8fa089aa6edeca45110c2fc4
http://b/2811070
efaultHostnameVerifier.java
|
| 693eacca9fa67ad79d1b35dbaad61c5ac1ac457c |
10-Nov-2010 |
Elliott Hughes <enh@google.com> |
Stop allocating empty arrays.
Bug: 3166662
Change-Id: I151de373b2bf53786d19824336fa434c02b0b0e8
efaultSSLServerSocketFactory.java
efaultSSLSocketFactory.java
|
| a5c608e59f9d574ea4bc65e9dff44aae2f34fd26 |
01-Nov-2010 |
Brian Carlstrom <bdc@google.com> |
TrustManager improvements
Overhaul of TrustManagerImpl
- PKIXParameters can now be final in TrustManagerImpl because we
always immediately create an IndexedPKIXParameters instead of only
doing it in SSLParametersImpl.createDefaultTrustManager.
- Use new KeyStore constructor for IndexedPKIXParameters to remove
duplicate logic for creating set of TrustAnchors from a KeyStore.
- Improved checkTrusted/cleanupCertChain to remove special cases for
directly trusting the end cert or pruning only self signed certs. To
support b/2530852, we need to stop prune the chain as soon as we
find any trust anchor (using newly improved
TrustManagerImpl.isTrustAnchor), which could be at the beginning,
middle, or end. That means cleanupCertChain can return an empty
chain if everything was trusted directly. (and we don't need to do
extra checks on exception cases to see if the problem was just that
the trust anchor was in the chain)
- isDirectlyTrusted -> isTrustAnchor here as well, using new
IndexedPKIXParameters.isTrustAnchor APIs
- Fix incorrect assumption in getAcceptedIssuers that all TrustAnchor
instances have non-null results for getTrustedCert.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Removed indexing in createDefaultTrustManager since we always index now
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java
Overhaul of IndexedPKIXParameters
- Single map from subject X500Principal to TrustAnchors
instead of two different X500Principal keyed maps to check
- Removed map based on encoded cert. For b/2530852, we want to treat
certs as equal if they have the same name and public key, not
byte-for-byte equality, which can be done with the remaining map.
Revamped isDirectlyTrusted into isTrustAnchor(cert) to perform this
new name/key based comparison.
- Added helper isTrustAnchor(cert, anchors) to reuse code in
non-IndexedPKIXParameters case in TrustManagerImpl.
- Added constructor from KeyStore
- Moved anchor indexing code to index() from old constructor
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java
TestKeyStore.getPrivateKey allowed some existing test simplification.
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
support/src/test/java/libcore/java/security/TestKeyStore.java
Added missing "fail()" before catching expected exceptions.
luni/src/test/java/libcore/java/security/KeyStoreTest.java
Expanded KeyManagerFactoryTest to excercise ManagerFactoryParameters b/1628001
luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java
Added KeyStoreBuilderParametersTest because I thought I saw a bug in
KeyStoreBuilderParameters, but this convinced me otherwise.
luni/src/test/java/libcore/javax/net/ssl/KeyStoreBuilderParametersTest.java
New TrustManagerFactory test modeled on expanded KeyManagerFactoryTest.
test_TrustManagerFactory_intermediate specifically is targeting the
new functionality of b/2530852 to handling trust anchors within the
chain.
luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java
support/src/test/java/libcore/java/security/StandardNames.java
Some initial on tests for Elliptic Curve (b/3058375) after the RI
started reporting it was supported. Removed old @KnownFailure
tags. Skipped a test on the RI that it can't handle. Improved some
assert messages.
luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
support/src/test/java/libcore/java/security/StandardNames.java
support/src/test/java/libcore/java/security/TestKeyStore.java
Removed unneeded bytes->javax->bytes->java case of which can just go bytes->java directly.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Removed super()
luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java
Made Security.secprops final
luni/src/main/java/java/security/Security.java
Pulled SamplingProfiler fix from dalvik-dev branch
git cherry-pick --no-commit f9dc3450e8f23cab91efc9df99bb860221ac3d6c
dalvik/src/main/java/dalvik/system/SamplingProfiler.java
Bug: 2530852
Change-Id: I95e0c7ee6a2f66b6986b3a9da9583d1ae52f94dd
eyStoreBuilderParameters.java
|
| 6cdb6b7e6939270ccd21790ec95e42197cefc0c3 |
19-Oct-2010 |
Brian Carlstrom <bdc@google.com> |
Change Engine.getInstance interfaces to make usage less error prone
Change-Id: I4c58c95ab4216b52aa8af4fbce7a8d7f4860c2b7
eyManagerFactory.java
SLContext.java
rustManagerFactory.java
|
| 0a480846a9798c763b088a122ab0dcd3dc3a17b6 |
19-Oct-2010 |
Brian Carlstrom <bdc@google.com> |
Remove Engine.spi memory leak by clearing after access
Also other minor code cleanup such as:
- made assorted fields final
- fixed lazy initialization without volatile or sync
Bug: 1322442
Change-Id: I34e428dff5f07a7291d635c724111d44f2deff1c
eyManagerFactory.java
SLContext.java
rustManagerFactory.java
|
| 735f93475d1d54ad7b2d1c2376adc0fcf4d4c7a1 |
05-Oct-2010 |
Brian Carlstrom <bdc@google.com> |
Favor Harmony's CertificateFactory.X509 over BouncyCastle's
Bug: 2225935
Change-Id: Ibca92c9fa34fc539ebb8ea86fb0ced62e3dbe5de
efaultHostnameVerifier.java
|
| 7f0c06f737b6f1f6b3a5bb30111f95dd0ca586a2 |
02-Sep-2010 |
Brian Carlstrom <bdc@google.com> |
Don't use StringBuffer where we don't need to.
I've left xalan alone, because that's just one big steaming heap.
Change-Id: Ibf7b2b5e347196d4de857217b022003ccc409ac5
efaultHostnameVerifier.java
|
| 0917c4a9d5d0115950450cdd0bb46e43a48da5db |
12-Aug-2010 |
Elliott Hughes <enh@google.com> |
Clean up some dead/useless code.
(The DatagramPacketTest.java change is unrelated, but it's been lurking in my
repository for weeks now.)
Change-Id: I65d3ad53dd30709b2daed3c5787cc38c6081ffea
efaultHostnameVerifier.java
|
| 7365de1056414750d0a7d1fdd26025fd247f0d04 |
12-Aug-2010 |
Jesse Wilson <jessewilson@google.com> |
Sorting imports.
Change-Id: I8347bc625480a1c37a1ed9976193ddfedeb00bbc
efaultHostnameVerifier.java
andshakeCompletedEvent.java
eyManagerFactory.java
eyStoreBuilderParameters.java
SLContext.java
rustManagerFactory.java
|
| 018b67accb28954d35f3cd697be3428e9b45b7d8 |
28-May-2010 |
Jesse Wilson <jessewilson@google.com> |
Further small fixes to increase API compatibility with RI v6.
Highlights:
code was moved from SSLContextImpl to its superclass.
took X500Principal code from Harmony
Tested with Harmony's tests.api.javax.security.auth.x500.X500PrincipalTest.
Change-Id: I89b46d4b47e692a5461916cca972e05de95f3280
SLContextSpi.java
|
| 0c131a2ca38465b7d1df4eaee63ac73ce4d5986d |
21-May-2010 |
Brian Carlstrom <bdc@google.com> |
RI 6 support for javax.net.ssl
Summary:
- RI 6 support for javax.net.ssl
- SSLEngine fixes based on new SSLEngineTest
- fix Cipher.checkMode bug recently introduced in dalvik-dev
Details:
Fix Cipher.checkMode that was preventing most javax.net.ssl tests from working
luni/src/main/java/javax/crypto/Cipher.java
RI 6 has introduced the concept of a "Default" SSLContext. This is
accessed via SSLContext.getDefault() and also
SSLContext.getInstance("Default"). Harmony had its own
DefaultSSLContext but it was not created via an SSLContextSpi. It also
was a single shared instance whereas the new RI6 Default SSLContext
shares internal SSLSessionContext instances between different Default
SSLContexts.
Refactored the old code into an SSLContextImpl subclass that
allows it to be created via SSLContext.getInstance. SSLContextImpl
ensures that we only ever create one set of SSLSessionContext
instances for the Default context.
luni/src/main/java/javax/net/ssl/DefaultSSLContext.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
Added SSLContext.getDefault and SSLContext.setDefault
luni/src/main/java/javax/net/ssl/SSLContext.java
Replace dependencies of old DefaultSSLContext with use of SSLContext.getDefault
luni/src/main/java/javax/net/ssl/SSLServerSocketFactory.java
luni/src/main/java/javax/net/ssl/SSLSocketFactory.java
Register "SSLContext.Default" as DefaultSSLContextImpl class for SSLContext.getInstance()
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
Added constant for new "Default" standard name and added it to
SSL_CONTEXT_PROTOCOLS. New tests based on SSL_CONTEXT_PROTOCOLS
made it clear that neither Android or RI support SSLv2 so removed
it from SSL_CONTEXT_PROTOCOLS and SSL_SOCKET_PROTOCOLS. Added
constant for TLS as well which was previously scattered all over
tests. Remove SSLv2Hello from SSL_SOCKET_PROTOCOLS for Android
since with OpenSSL disablign SSLv2 means you can not use
SSLv2Hello either.
support/src/test/java/javax/net/ssl/StandardNames.java
Added tests for SSLContext.getDefault and
SSLContext.setDefault. Changed existing tests to work on all
protocols including new "Default".
luni/src/test/java/javax/net/ssl/SSLContextTest.java
RI 6 has introduced the notion of SSLParameters which encapsulate SSL
the handshake parameters of desired cipher suites, protocols, and
client authentication requirements.
The main new class SSLParameters is basically just a bag of fields
with accessors and a couple simple constructors. The only things
of note are that it clones all String arrays on input and output
and the setters for the two boolean fields ensure that only one is
true at a time.
luni/src/main/java/javax/net/ssl/SSLParameters.java
Added SSLContext.getDefaultSSLParameters and
SSLContext.getSupportedSSLParameters which simply delegate to the
SSLContextSpi.
luni/src/main/java/javax/net/ssl/SSLContext.java
Added abstract SSLContextSpi.engineGetDefaultSSLParameters and
SSLContext.engineGetSupportedSSLParameters.
luni/src/main/java/javax/net/ssl/SSLContextSpi.java
Added engineGetDefaultSSLParameters and
engineGetSupportedSSLParameters implementation. The RI documents
in SSLContextSpi that these are implemented by default by creating
a socket via the SSLContext's SocketFactory and asking for the
enabled/supported cipher suites and protocols respectively, so
that is what is done. The doc mentions throwing
UnsupportedOperationException if there is a problem, so we do that
as well.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
Added {SSLEngine,SSLSocket}.{getSSLParameters,setSSLParameters}
which are analogous.
luni/src/main/java/javax/net/ssl/SSLEngine.java
luni/src/main/java/javax/net/ssl/SSLSocket.java
Added SSLParametersTest
luni/src/test/java/javax/net/ssl/SSLParametersTest.java
luni/src/test/java/javax/net/ssl/AllTests.java
Added SSLContext.get{Default,Supported}SSLParameters tests
luni/src/test/java/javax/net/ssl/SSLContextTest.java
Added SSLSocket.{getSSLParameters,setSSLParameters} tests and added
some extra asserts to test_SSLSocketPair_create based on experience
with test_SSLEnginePair_create.
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Dummy implementation of new SSLContextSpi for test classes.
support/src/test/java/org/apache/harmony/security/tests/support/MySSLContextSpi.java
support/src/test/java/org/apache/harmony/xnet/tests/support/MySSLContextSpi.java
Other minor RI 6 API changes:
RI 6 removed Serializable from HandshakeCompletedEvent and SSLSessionBindingEvent
luni/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java
luni/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java
RI 6 added generic types to the KeyStoreBuilderParameters List
constructor and accessor as well as to
SSLSessionContext.getIds. Fixed tests to compile with generic types.
luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java
luni/src/main/java/javax/net/ssl/SSLSessionContext.java
luni/src/test/java/tests/api/javax/net/ssl/KeyStoreBuilderParametersTest.java
SSLEngine improvements. Since I was changing SSLEngine, I wrote an
SSLEngineTest based on my SSLSocketTest to do some simply sanity
checking. It expose a number of issues. I've fixed the small ones,
marked the rest as known failures.
Renamed some TLS_ cipher suites to SSL_ to match JSSE standard
names. These were all old suites no longer supported by RI or
OpenSSL which is why they were missed in an earlier cleanup of this
type in this class. Also fixed SSLEngine supported cipher suites
list not to include SSL_NULL_WITH_NULL_NULL which is not a valid
suite to negotiate.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
SSLEngine instances can have null host values, which caused a
NullPointerException in the ClientSessionContext implementation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
SSLEngine tests were failing because SSLParameters was throwing
NullPointerException instead of IllegalArgument exception on null
element values. Fixed null pointer message style while I was here.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
Fixed SSLEngine instances to default to server mode like RI
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
Fixed KEY_TYPES based on SSLEngine implementation. Removed dead
code NativeCrypto.getEnabledProtocols which was recently made
obsolete. Cleaned up null exception messages to follow our convention.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
Added SSLEngineTest which parallels SSLSocketTest in its
coverage. Similarly added TestSSLEnginePair which loosely parallels
TestSSLSocketPair.
luni/src/test/java/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/javax/net/ssl/AllTests.java
support/src/test/java/javax/net/ssl/TestSSLEnginePair.java
SSLEngineTest betters exposed the differences between SSLSocket and
SSLEngine supported cipher suites. StandardNames now has an
CIPHER_SUITES_SSLENGINE definition which denotes what is missing
and what is extra and why in the SSLEngine implementation.
support/src/test/java/javax/net/ssl/StandardNames.java
Created StandardNames.assert{Valid,Supported}{CipherSuites,Protocols}
to factor out some code test code that is also used by new tests.
support/src/test/java/javax/net/ssl/StandardNames.java
luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Remove SSLSocketTest known failure and add new SSLEngineTest known failures
expectations/knownfailures.txt
SSL_OP_NO_TICKET change was recently merged from master which required some fixes.
For the moment, sslServerSocketSupportsSessionTickets always returns false.
support/src/test/java/javax/net/ssl/TestSSLContext.java
Fixed flakey test_SSLSocket_HandshakeCompletedListener which had a
race because the client thread look in the server session context
for an session by id potentially before the server thread had a
chance to store its session. Made noticable because of
SSL_OP_NO_TICKET recently merged from master (before this code
path was host only, not device)
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Fix checkjni issue where we need to check for pending exception in
OpenSSL callback. Possibly introduced by recent merge of
SSL_OP_NO_TICKET from master.
luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Expectation updates
Remove SSLSocketTest known failure and add new SSLEngineTest known failures
expectations/knownfailures.txt
Tag test_SSLSocket_getSupportedCipherSuites_connect as large
expectations/taggedtests.txt
Misc changes:
opening brace on wrong line
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
Long line cleanup while debugging
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketFactoryImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketFactoryImpl.java
support/src/test/java/javax/net/ssl/TestKeyStore.java
Removed bogus import
luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
Comment clarify while debugging
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Ctor -> Constructor in comment
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLEngineImpl.java
Fixed naming of SocketTest_Test_create to TestSocketPair_Create to match renamed classes
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Change-Id: I99505e97d6047eeabe4a0b93202075a0b2d486ec
efaultSSLContext.java
andshakeCompletedEvent.java
eyStoreBuilderParameters.java
SLContext.java
SLContextSpi.java
SLEngine.java
SLParameters.java
SLServerSocketFactory.java
SLSessionBindingEvent.java
SLSessionContext.java
SLSocket.java
SLSocketFactory.java
|
| f33eae7e84eb6d3b0f4e86b59605bb3de73009f3 |
13-May-2010 |
Elliott Hughes <enh@google.com> |
Remove all trailing whitespace from the dalvik team-maintained parts of libcore.
Gentlemen, you may now set your editors to "strip trailing whitespace"...
Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b
ertPathTrustManagerParameters.java
efaultHostnameVerifier.java
efaultSSLContext.java
efaultSSLSocketFactory.java
eyManagerFactorySpi.java
eyStoreBuilderParameters.java
SLEngine.java
|
| 6b811c5daec1b28e6f63b57f98a032236f2c3cf7 |
03-May-2010 |
Peter Hallam <peterhal@google.com> |
Merge awt-kernel, icu, luni-kernel, prefs, security-kernel, x-net into luni
Merge xml except xmlpull and kxml into luni
ertPathTrustManagerParameters.java
efaultHostnameVerifier.java
efaultSSLContext.java
efaultSSLServerSocketFactory.java
efaultSSLSocketFactory.java
andshakeCompletedEvent.java
andshakeCompletedListener.java
ostnameVerifier.java
ttpsURLConnection.java
eyManager.java
eyManagerFactory.java
eyManagerFactorySpi.java
eyStoreBuilderParameters.java
anagerFactoryParameters.java
SLContext.java
SLContextSpi.java
SLEngine.java
SLEngineResult.java
SLException.java
SLHandshakeException.java
SLKeyException.java
SLPeerUnverifiedException.java
SLPermission.java
SLProtocolException.java
SLServerSocket.java
SLServerSocketFactory.java
SLSession.java
SLSessionBindingEvent.java
SLSessionBindingListener.java
SLSessionContext.java
SLSocket.java
SLSocketFactory.java
rustManager.java
rustManagerFactory.java
rustManagerFactorySpi.java
509ExtendedKeyManager.java
509KeyManager.java
509TrustManager.java
ackage.html
|