b8f93421684a6292496804ca30d8428d2602ce7a |
25-Jul-2013 |
Kenny Root <kroot@google.com> |
Rename inner class to NoPreloadHolder This is a magic name that the preload tool will not add to the preload list. This will prevent these classes from being instantiated during Zygote's class preloading stage. Bug: 9984058 Change-Id: Ie0f8a70e9bbf76a4beb7d862c67f665fe6aed280
ttpsURLConnection.java
|
da5b7116b58795b169961cbd63c2b21bac741d9a |
24-Jul-2013 |
Kenny Root <kroot@google.com> |
Delay SSLSocketImpl instantiation until needed Class preloading will create an instance of objects if they are in static fields, so put the ones we don't want instantiated into a holder class that is not preloaded. Bug: 9984058 Change-Id: I0f61deb9120d67d0e855bbc044a2565dbba44e29
ttpsURLConnection.java
|
8db6f195ccb99e15f0de3b85aa2f670427497081 |
07-Jan-2013 |
Brian Carlstrom <bdc@google.com> |
Should favor most specific CN when working with distinguished names This reverts a regression introduced in commit 1331404bf45cb2f220ee9aa2c0c108ce59453a74 that was caught by tests.api.javax.net.ssl.HostnameVerifierTest.testVerify Bug: 7894348 Bug: http://code.google.com/p/android/issues/detail?id=41662 Change-Id: Iec8000b716e3d99ca7af4aa2c3fd7b43e22c68cd
istinguishedNameParser.java
|
1331404bf45cb2f220ee9aa2c0c108ce59453a74 |
21-Dec-2012 |
Brian Carlstrom <bdc@google.com> |
Should favor last CN when working with distinguished names Bug: 7894348 Bug: http://code.google.com/p/android/issues/detail?id=41662 Change-Id: I3814d653b628f6af12ce1ba59b39b1c7cc45e124
efaultHostnameVerifier.java
istinguishedNameParser.java
|
c934a095e1f863f00bf6f7c0b37fbd05ebeaaff5 |
29-Oct-2012 |
Brian Carlstrom <bdc@google.com> |
Prefer PKIX algorithm name for TrustManagerFactory and KeyManagerFactory Change-Id: I3da5bdf6739c6aee5ec0174e93cd6c06d6dfeeb3
ttpsURLConnection.java
eyManagerFactory.java
rustManagerFactory.java
|
5692d40be0e19ef1d0cc988a579576496adf5237 |
11-Oct-2012 |
Brian Carlstrom <bdc@google.com> |
Fix typos from "beed" to "been" Bug: http://code.google.com/p/android/issues/detail?id=38366 Change-Id: I44c647843e66a57bcbeabad41ec3142faaa1848e
istinguishedNameParser.java
SLPeerUnverifiedException.java
|
d43b9ef11a1095967a3396b246639b563e1a4128 |
12-Sep-2012 |
Kenny Root <kroot@google.com> |
Add consistent reasons for NullPointerException Semi-automated replacement of empty and non-conforming NullPointerException reason messages. (cherry-pick of 86acc043d3334651ee26c65467d78d6cefedd397.) Change-Id: I6d893979f5c20a50e841e32af9fd7b2d8bc9d54d
eyManagerFactory.java
SLContext.java
rustManagerFactory.java
|
0f38eccddbc8ea0ec3e331509d40650ad4b14d45 |
09-May-2012 |
Brian Carlstrom <bdc@google.com> |
javax.net.ssl javadoc cleanup Change-Id: I8b64831a5f0a160c167eaf3e4bf2dd81fe265f5f
SLSocket.java
ackage.html
|
265a2b554dacfa36f8adc5617ec6f05c8e1710f7 |
24-Jan-2012 |
Brian Carlstrom <bdc@google.com> |
Use lenient wildcard matching for *.clients.google.com. This is an unfortunate workaround until we fix our hostname/cert misconfiguration. Bug: http://b/5426333 Change-Id: Ie855d55131412fa96d8b28eca469d1276d96a776
efaultHostnameVerifier.java
|
8576f309825e23add080f2a50345ec1884939c39 |
03-Jan-2012 |
Jesse Wilson <jessewilson@google.com> |
Use lenient wildcard matching for android.clients.google.com. This is an unfortunate workaround until we fix our hostname/cert misconfiguration. Bug: http://b/5426333 Change-Id: Id2eddeec5dfa5ef6d2a4125fadbcf7b0e982904f
efaultHostnameVerifier.java
|
d2afaee242a56adede5510cd1c6455a5e7dbabe9 |
02-Jan-2012 |
Jesse Wilson <jessewilson@google.com> |
Cleanup verifyHostName to use regionMatches instead of regex splits. Change-Id: Ic778ab99057d03676c39a2e2126d6f2db1a5747e
efaultHostnameVerifier.java
|
57d73e33dc039f6fff06db52106a358192868060 |
27-Dec-2011 |
Jesse Wilson <jessewilson@google.com> |
Move the frameworks/base hostname verifier into libcore. Part 1/2 This replaces our libcore's DefaultHostnameVerifier. The frameworks/base verifier is better exercised because it's used by the browser. The libcore one includes a few dubious behaviors: parsing toString() and non-standard TLD validation. Behavior changes in libcore: - A wildcard cert like *.co.uk would be honored. This would require a rogue CA. We had a comment documenting that other SSL clients don't do this. - Wildcards in substrings like "f*.android.com" are now supported. - Wildcards match without a child domain: "*.android.com" will match "android.com". - If an alt name is present, the CN is not used. - subject alt name IP addresses are supported. This also moves the tests into libcore. Bug: http://b/5619726 Change-Id: Ia952c33f8009ee3c5ed5935ae5f74b6093b1b8e0
efaultHostnameVerifier.java
istinguishedNameParser.java
|
0c58d22d44cfb56f0c80f0fa1c69297ba45f3afc |
23-Jun-2011 |
Jesse Wilson <jessewilson@google.com> |
Don't trigger a reverse DNS lookup from a log statement. Also nuke a bunch of redundant Javadoc and promote the shutdownInput/shutdownOutput methods that always throw to SSLSocket. Change-Id: I077f7413bb6cba66be6204c68f7911b51a191643 http://code.google.com/p/android/issues/detail?id=13117 http://b/3478027
SLSocket.java
|
32bc0f26d980651e5ee4f5dfcf562da86a76120b |
08-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
am f45c08ac: Merge "Test fixes validated on RI and device" * commit 'f45c08ac9e7ef520fe6ec8080e136b0b4bee7084': Test fixes validated on RI and device
|
2708f771574cabf703557439843b02d3c5138c86 |
08-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Test fixes validated on RI and device Change-Id: I14290efc322406920b2de65924155ef18ee56bab
rustManagerFactory.java
|
e26b27faf689c17b7894c78caee32432176349ec |
04-Jun-2011 |
Elliott Hughes <enh@google.com> |
Remove more dead "security theater" cruft. There's probably still more stuff lying around that isn't useful, but this was all I had time for on this particular Friday afternoon... Change-Id: I69593f6c9ab5534d581c703cc85a9766ba8e40e5
SLPermission.java
|
aba5e8c281fb9c6be23229246473fa0b433dd997 |
25-May-2011 |
Brian Carlstrom <bdc@google.com> |
OpenSSLSocketImpl should tolerate X509KeyManager returning null values While this started out as the small fix in OpenSSLSocketImpl.setCertificate and the corresponding test test_SSLSocket_clientAuth_bogusAlias, the need to test the behavior of the X509KeyManager returning null on the RI led to test maintenance to get libcore.javax.net.ssl tests working on RI 7 thanks to a test dependency that was added on the new InetAddress.getLoopbackAddress(). Change-Id: I3d8ed1ce453cc3a0b53e23e39c02e6a71413649c
eyStoreBuilderParameters.java
SLHandshakeException.java
|
4f11ebea266eada830d507b8f011e811a8e5d7bc |
20-Apr-2011 |
Elliott Hughes <enh@google.com> |
Add getnameinfo(3) (and gai_strerror(3)). There's quite a large corresponding change to InetAddress, plus I've changed the documentation for all the Permission classes to match the handful that we'd already documented as legacy cruft. Bug: http://b/3107501 Change-Id: Ia67aba79f0ab13e64085bd4a2df20ad0776bcc5b
SLPermission.java
|
8bccf8cdf7a3b8a6e90bb1b411a957b6368e4a1a |
12-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Improve HttpsURLConnection documentation with examples http://code.google.com/p/android/issues/detail?id=16041 Change-Id: I2e596ef36306b70cdb071b91d8707f015d9b251b
ttpsURLConnection.java
|
32c2297a959b72abdb18743f0519e1d8b7c7ea88 |
17-Mar-2011 |
Elliott Hughes <enh@google.com> |
Remove bogus "super()" calls. I've left one in java.util.concurrent, since we have an upstream there. Change-Id: I60945e48a41433fc7eaef6086433ec4bf434097f
eyManagerFactorySpi.java
SLContextSpi.java
SLEngine.java
SLServerSocket.java
SLServerSocketFactory.java
SLSocket.java
SLSocketFactory.java
rustManagerFactorySpi.java
509ExtendedKeyManager.java
|
a7ef55258ac71153487357b861c7639d627df82f |
22-Feb-2011 |
Elliott Hughes <enh@google.com> |
Simplify internal libcore logging. Expose LOGE and friends for use from Java. This is handy because it lets me use printf debugging even when I've broken String or CharsetEncoder or something equally critical. It also lets us remove internal use of java.util.logging, which is slow and ugly. I've also changed Thread.suspend/resume/stop to actually throw UnsupportedOperationException rather than just logging one and otherwise doing nothing. Bug: 3477960 Change-Id: I0c3f804b1a978bf9911cb4a9bfd90b2466f8798f
efaultHostnameVerifier.java
SLSocketFactory.java
|
26ce8fbd8fe488cc969b08f64c56525662763dc4 |
08-Feb-2011 |
Jesse Wilson <jessewilson@google.com> |
resolved conflicts for merge of 6186821c to dalvik-dev Change-Id: Ic6f0172767d6feedb188d3a5e7488a67702ef8c4
|
6186821cb13f4ac7ff50950c813394367e021eae |
08-Feb-2011 |
Jesse Wilson <jessewilson@google.com> |
Move libcore.base classes to libcore.util and libcore.io. Change-Id: I2340a9dbad3561fa681a8ab47d4f406e72c913e3
efaultSSLServerSocketFactory.java
efaultSSLSocketFactory.java
|
fb0ec0e650bf8be35acb0d47da0311a7c446aa33 |
14-Jan-2011 |
Elliott Hughes <enh@google.com> |
Remove useless android-changed comments. I've changed useful ones to regular comments or TODOs, as appropriate. I've left ones in code like java.util.concurrent where we really are tracking an upstream source, making the change markers useful. I've left a handful of others where I intend to actually investigate the implied TODOs before deciding how to resolve them. Change-Id: Iaf71059b818596351cf8ee5a3cf3c85586051fa6
SLSocketFactory.java
|
118abc3050371812703e4fabf03f4399d01fb28c |
13-Jan-2011 |
Elliott Hughes <enh@google.com> |
Kill most users of StringTokenizer. I've left a handful that actually make some use of it, in classes we don't care about anyway (XML preferences and the like). Change-Id: I754262ee600d8a16046b537a6d6258db849db89b
efaultHostnameVerifier.java
|
0d4ce4227fa818288b8db762b640dfa21e3162f5 |
12-Jan-2011 |
Elliott Hughes <enh@google.com> |
Change all "final static"s to "static final". Just so we sound like native speakers. Change-Id: I4d98ec7519af8c1578609945ca9d480484b82874
efaultHostnameVerifier.java
|
87548e8585334658c3ee89050ec917a10ca35e5a |
07-Jan-2011 |
Elliott Hughes <enh@google.com> |
More SecurityManager cleanup. Bug: 2585285 Change-Id: Ib9c5fdadc1361d67227b6f82a774b76c53840ff0
SLSession.java
|
ad41624e761bcf1af9c8008eb45187fc13983717 |
07-Jan-2011 |
Elliott Hughes <enh@google.com> |
Retire SecurityManager. This change removes all the code that was calling getSecurityManager, and removes all use of AccessController.doPrivileged. It also changes the implementation of AccessController so it doesn't actually do anything; it's only there for source-level compatibility. Bug: 2585285 Change-Id: I1f0295a4f12bce0316d8073011d8593fee116f71
eyManagerFactory.java
SLServerSocketFactory.java
SLSocketFactory.java
rustManagerFactory.java
|
6767bdbe6bb1d4542c97868d8df1f71d2414fc62 |
18-Dec-2010 |
Jesse Wilson <jessewilson@google.com> |
Optimize DefaultHostnameVerifier. The only behavior change should be a bug fix. There was a heck "cn.lastIndexOf('.') >= 0" that was always true. This has been fixed to match the comment "require two dots". Don't call getDNSSubjectAlts unless necessary. Errors were created and then dropped. Now they're not created. strictWithSubDomains was supported but unused. Now it isn't supported. IP address parsing is now left up to the experts (InetAddress). No more unnecessary conversions to arrays. Before & After performance saves ~40% for google.com, which was the only host that took more than 150 microseconds to verify: host run us linear runtime % www.amazon.com baseline 92.6 = 4% www.amazon.com optimized 26.7 1% www.google.com baseline 2,457.0 ============================== 100% www.google.com optimized 1,421.2 ================= 58% www.ubs.com baseline 143.2 = 6% www.ubs.com optimized 24.4 1% Change-Id: I42782bec6a86b95e8fa089aa6edeca45110c2fc4 http://b/2811070
efaultHostnameVerifier.java
|
693eacca9fa67ad79d1b35dbaad61c5ac1ac457c |
10-Nov-2010 |
Elliott Hughes <enh@google.com> |
Stop allocating empty arrays. Bug: 3166662 Change-Id: I151de373b2bf53786d19824336fa434c02b0b0e8
efaultSSLServerSocketFactory.java
efaultSSLSocketFactory.java
|
a5c608e59f9d574ea4bc65e9dff44aae2f34fd26 |
01-Nov-2010 |
Brian Carlstrom <bdc@google.com> |
TrustManager improvements Overhaul of TrustManagerImpl - PKIXParameters can now be final in TrustManagerImpl because we always immediately create an IndexedPKIXParameters instead of only doing it in SSLParametersImpl.createDefaultTrustManager. - Use new KeyStore constructor for IndexedPKIXParameters to remove duplicate logic for creating set of TrustAnchors from a KeyStore. - Improved checkTrusted/cleanupCertChain to remove special cases for directly trusting the end cert or pruning only self signed certs. To support b/2530852, we need to stop prune the chain as soon as we find any trust anchor (using newly improved TrustManagerImpl.isTrustAnchor), which could be at the beginning, middle, or end. That means cleanupCertChain can return an empty chain if everything was trusted directly. (and we don't need to do extra checks on exception cases to see if the problem was just that the trust anchor was in the chain) - isDirectlyTrusted -> isTrustAnchor here as well, using new IndexedPKIXParameters.isTrustAnchor APIs - Fix incorrect assumption in getAcceptedIssuers that all TrustAnchor instances have non-null results for getTrustedCert. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Removed indexing in createDefaultTrustManager since we always index now luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java Overhaul of IndexedPKIXParameters - Single map from subject X500Principal to TrustAnchors instead of two different X500Principal keyed maps to check - Removed map based on encoded cert. For b/2530852, we want to treat certs as equal if they have the same name and public key, not byte-for-byte equality, which can be done with the remaining map. Revamped isDirectlyTrusted into isTrustAnchor(cert) to perform this new name/key based comparison. - Added helper isTrustAnchor(cert, anchors) to reuse code in non-IndexedPKIXParameters case in TrustManagerImpl. - Added constructor from KeyStore - Moved anchor indexing code to index() from old constructor luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java TestKeyStore.getPrivateKey allowed some existing test simplification. luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java support/src/test/java/libcore/java/security/TestKeyStore.java Added missing "fail()" before catching expected exceptions. luni/src/test/java/libcore/java/security/KeyStoreTest.java Expanded KeyManagerFactoryTest to excercise ManagerFactoryParameters b/1628001 luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java Added KeyStoreBuilderParametersTest because I thought I saw a bug in KeyStoreBuilderParameters, but this convinced me otherwise. luni/src/test/java/libcore/javax/net/ssl/KeyStoreBuilderParametersTest.java New TrustManagerFactory test modeled on expanded KeyManagerFactoryTest. test_TrustManagerFactory_intermediate specifically is targeting the new functionality of b/2530852 to handling trust anchors within the chain. luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java support/src/test/java/libcore/java/security/StandardNames.java Some initial on tests for Elliptic Curve (b/3058375) after the RI started reporting it was supported. Removed old @KnownFailure tags. Skipped a test on the RI that it can't handle. Improved some assert messages. luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java support/src/test/java/libcore/java/security/StandardNames.java support/src/test/java/libcore/java/security/TestKeyStore.java Removed unneeded bytes->javax->bytes->java case of which can just go bytes->java directly. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Removed super() luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java Made Security.secprops final luni/src/main/java/java/security/Security.java Pulled SamplingProfiler fix from dalvik-dev branch git cherry-pick --no-commit f9dc3450e8f23cab91efc9df99bb860221ac3d6c dalvik/src/main/java/dalvik/system/SamplingProfiler.java Bug: 2530852 Change-Id: I95e0c7ee6a2f66b6986b3a9da9583d1ae52f94dd
eyStoreBuilderParameters.java
|
6cdb6b7e6939270ccd21790ec95e42197cefc0c3 |
19-Oct-2010 |
Brian Carlstrom <bdc@google.com> |
Change Engine.getInstance interfaces to make usage less error prone Change-Id: I4c58c95ab4216b52aa8af4fbce7a8d7f4860c2b7
eyManagerFactory.java
SLContext.java
rustManagerFactory.java
|
0a480846a9798c763b088a122ab0dcd3dc3a17b6 |
19-Oct-2010 |
Brian Carlstrom <bdc@google.com> |
Remove Engine.spi memory leak by clearing after access Also other minor code cleanup such as: - made assorted fields final - fixed lazy initialization without volatile or sync Bug: 1322442 Change-Id: I34e428dff5f07a7291d635c724111d44f2deff1c
eyManagerFactory.java
SLContext.java
rustManagerFactory.java
|
735f93475d1d54ad7b2d1c2376adc0fcf4d4c7a1 |
05-Oct-2010 |
Brian Carlstrom <bdc@google.com> |
Favor Harmony's CertificateFactory.X509 over BouncyCastle's Bug: 2225935 Change-Id: Ibca92c9fa34fc539ebb8ea86fb0ced62e3dbe5de
efaultHostnameVerifier.java
|
7f0c06f737b6f1f6b3a5bb30111f95dd0ca586a2 |
02-Sep-2010 |
Brian Carlstrom <bdc@google.com> |
Don't use StringBuffer where we don't need to. I've left xalan alone, because that's just one big steaming heap. Change-Id: Ibf7b2b5e347196d4de857217b022003ccc409ac5
efaultHostnameVerifier.java
|
0917c4a9d5d0115950450cdd0bb46e43a48da5db |
12-Aug-2010 |
Elliott Hughes <enh@google.com> |
Clean up some dead/useless code. (The DatagramPacketTest.java change is unrelated, but it's been lurking in my repository for weeks now.) Change-Id: I65d3ad53dd30709b2daed3c5787cc38c6081ffea
efaultHostnameVerifier.java
|
7365de1056414750d0a7d1fdd26025fd247f0d04 |
12-Aug-2010 |
Jesse Wilson <jessewilson@google.com> |
Sorting imports. Change-Id: I8347bc625480a1c37a1ed9976193ddfedeb00bbc
efaultHostnameVerifier.java
andshakeCompletedEvent.java
eyManagerFactory.java
eyStoreBuilderParameters.java
SLContext.java
rustManagerFactory.java
|
018b67accb28954d35f3cd697be3428e9b45b7d8 |
28-May-2010 |
Jesse Wilson <jessewilson@google.com> |
Further small fixes to increase API compatibility with RI v6. Highlights: code was moved from SSLContextImpl to its superclass. took X500Principal code from Harmony Tested with Harmony's tests.api.javax.security.auth.x500.X500PrincipalTest. Change-Id: I89b46d4b47e692a5461916cca972e05de95f3280
SLContextSpi.java
|
0c131a2ca38465b7d1df4eaee63ac73ce4d5986d |
21-May-2010 |
Brian Carlstrom <bdc@google.com> |
RI 6 support for javax.net.ssl Summary: - RI 6 support for javax.net.ssl - SSLEngine fixes based on new SSLEngineTest - fix Cipher.checkMode bug recently introduced in dalvik-dev Details: Fix Cipher.checkMode that was preventing most javax.net.ssl tests from working luni/src/main/java/javax/crypto/Cipher.java RI 6 has introduced the concept of a "Default" SSLContext. This is accessed via SSLContext.getDefault() and also SSLContext.getInstance("Default"). Harmony had its own DefaultSSLContext but it was not created via an SSLContextSpi. It also was a single shared instance whereas the new RI6 Default SSLContext shares internal SSLSessionContext instances between different Default SSLContexts. Refactored the old code into an SSLContextImpl subclass that allows it to be created via SSLContext.getInstance. SSLContextImpl ensures that we only ever create one set of SSLSessionContext instances for the Default context. luni/src/main/java/javax/net/ssl/DefaultSSLContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Added SSLContext.getDefault and SSLContext.setDefault luni/src/main/java/javax/net/ssl/SSLContext.java Replace dependencies of old DefaultSSLContext with use of SSLContext.getDefault luni/src/main/java/javax/net/ssl/SSLServerSocketFactory.java luni/src/main/java/javax/net/ssl/SSLSocketFactory.java Register "SSLContext.Default" as DefaultSSLContextImpl class for SSLContext.getInstance() luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java Added constant for new "Default" standard name and added it to SSL_CONTEXT_PROTOCOLS. New tests based on SSL_CONTEXT_PROTOCOLS made it clear that neither Android or RI support SSLv2 so removed it from SSL_CONTEXT_PROTOCOLS and SSL_SOCKET_PROTOCOLS. Added constant for TLS as well which was previously scattered all over tests. Remove SSLv2Hello from SSL_SOCKET_PROTOCOLS for Android since with OpenSSL disablign SSLv2 means you can not use SSLv2Hello either. support/src/test/java/javax/net/ssl/StandardNames.java Added tests for SSLContext.getDefault and SSLContext.setDefault. Changed existing tests to work on all protocols including new "Default". luni/src/test/java/javax/net/ssl/SSLContextTest.java RI 6 has introduced the notion of SSLParameters which encapsulate SSL the handshake parameters of desired cipher suites, protocols, and client authentication requirements. The main new class SSLParameters is basically just a bag of fields with accessors and a couple simple constructors. The only things of note are that it clones all String arrays on input and output and the setters for the two boolean fields ensure that only one is true at a time. luni/src/main/java/javax/net/ssl/SSLParameters.java Added SSLContext.getDefaultSSLParameters and SSLContext.getSupportedSSLParameters which simply delegate to the SSLContextSpi. luni/src/main/java/javax/net/ssl/SSLContext.java Added abstract SSLContextSpi.engineGetDefaultSSLParameters and SSLContext.engineGetSupportedSSLParameters. luni/src/main/java/javax/net/ssl/SSLContextSpi.java Added engineGetDefaultSSLParameters and engineGetSupportedSSLParameters implementation. The RI documents in SSLContextSpi that these are implemented by default by creating a socket via the SSLContext's SocketFactory and asking for the enabled/supported cipher suites and protocols respectively, so that is what is done. The doc mentions throwing UnsupportedOperationException if there is a problem, so we do that as well. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Added {SSLEngine,SSLSocket}.{getSSLParameters,setSSLParameters} which are analogous. luni/src/main/java/javax/net/ssl/SSLEngine.java luni/src/main/java/javax/net/ssl/SSLSocket.java Added SSLParametersTest luni/src/test/java/javax/net/ssl/SSLParametersTest.java luni/src/test/java/javax/net/ssl/AllTests.java Added SSLContext.get{Default,Supported}SSLParameters tests luni/src/test/java/javax/net/ssl/SSLContextTest.java Added SSLSocket.{getSSLParameters,setSSLParameters} tests and added some extra asserts to test_SSLSocketPair_create based on experience with test_SSLEnginePair_create. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Dummy implementation of new SSLContextSpi for test classes. support/src/test/java/org/apache/harmony/security/tests/support/MySSLContextSpi.java support/src/test/java/org/apache/harmony/xnet/tests/support/MySSLContextSpi.java Other minor RI 6 API changes: RI 6 removed Serializable from HandshakeCompletedEvent and SSLSessionBindingEvent luni/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java luni/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java RI 6 added generic types to the KeyStoreBuilderParameters List constructor and accessor as well as to SSLSessionContext.getIds. Fixed tests to compile with generic types. luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java luni/src/main/java/javax/net/ssl/SSLSessionContext.java luni/src/test/java/tests/api/javax/net/ssl/KeyStoreBuilderParametersTest.java SSLEngine improvements. Since I was changing SSLEngine, I wrote an SSLEngineTest based on my SSLSocketTest to do some simply sanity checking. It expose a number of issues. I've fixed the small ones, marked the rest as known failures. Renamed some TLS_ cipher suites to SSL_ to match JSSE standard names. These were all old suites no longer supported by RI or OpenSSL which is why they were missed in an earlier cleanup of this type in this class. Also fixed SSLEngine supported cipher suites list not to include SSL_NULL_WITH_NULL_NULL which is not a valid suite to negotiate. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java SSLEngine instances can have null host values, which caused a NullPointerException in the ClientSessionContext implementation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java SSLEngine tests were failing because SSLParameters was throwing NullPointerException instead of IllegalArgument exception on null element values. Fixed null pointer message style while I was here. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java Fixed SSLEngine instances to default to server mode like RI luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Fixed KEY_TYPES based on SSLEngine implementation. Removed dead code NativeCrypto.getEnabledProtocols which was recently made obsolete. Cleaned up null exception messages to follow our convention. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java Added SSLEngineTest which parallels SSLSocketTest in its coverage. Similarly added TestSSLEnginePair which loosely parallels TestSSLSocketPair. luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/AllTests.java support/src/test/java/javax/net/ssl/TestSSLEnginePair.java SSLEngineTest betters exposed the differences between SSLSocket and SSLEngine supported cipher suites. StandardNames now has an CIPHER_SUITES_SSLENGINE definition which denotes what is missing and what is extra and why in the SSLEngine implementation. support/src/test/java/javax/net/ssl/StandardNames.java Created StandardNames.assert{Valid,Supported}{CipherSuites,Protocols} to factor out some code test code that is also used by new tests. support/src/test/java/javax/net/ssl/StandardNames.java luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java Remove SSLSocketTest known failure and add new SSLEngineTest known failures expectations/knownfailures.txt SSL_OP_NO_TICKET change was recently merged from master which required some fixes. For the moment, sslServerSocketSupportsSessionTickets always returns false. support/src/test/java/javax/net/ssl/TestSSLContext.java Fixed flakey test_SSLSocket_HandshakeCompletedListener which had a race because the client thread look in the server session context for an session by id potentially before the server thread had a chance to store its session. Made noticable because of SSL_OP_NO_TICKET recently merged from master (before this code path was host only, not device) luni/src/test/java/javax/net/ssl/SSLSocketTest.java Fix checkjni issue where we need to check for pending exception in OpenSSL callback. Possibly introduced by recent merge of SSL_OP_NO_TICKET from master. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Expectation updates Remove SSLSocketTest known failure and add new SSLEngineTest known failures expectations/knownfailures.txt Tag test_SSLSocket_getSupportedCipherSuites_connect as large expectations/taggedtests.txt Misc changes: opening brace on wrong line luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java Long line cleanup while debugging luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketFactoryImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketFactoryImpl.java support/src/test/java/javax/net/ssl/TestKeyStore.java Removed bogus import luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java Comment clarify while debugging luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Ctor -> Constructor in comment luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLEngineImpl.java Fixed naming of SocketTest_Test_create to TestSocketPair_Create to match renamed classes luni/src/test/java/javax/net/ssl/SSLSocketTest.java Change-Id: I99505e97d6047eeabe4a0b93202075a0b2d486ec
efaultSSLContext.java
andshakeCompletedEvent.java
eyStoreBuilderParameters.java
SLContext.java
SLContextSpi.java
SLEngine.java
SLParameters.java
SLServerSocketFactory.java
SLSessionBindingEvent.java
SLSessionContext.java
SLSocket.java
SLSocketFactory.java
|
f33eae7e84eb6d3b0f4e86b59605bb3de73009f3 |
13-May-2010 |
Elliott Hughes <enh@google.com> |
Remove all trailing whitespace from the dalvik team-maintained parts of libcore. Gentlemen, you may now set your editors to "strip trailing whitespace"... Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b
ertPathTrustManagerParameters.java
efaultHostnameVerifier.java
efaultSSLContext.java
efaultSSLSocketFactory.java
eyManagerFactorySpi.java
eyStoreBuilderParameters.java
SLEngine.java
|
6b811c5daec1b28e6f63b57f98a032236f2c3cf7 |
03-May-2010 |
Peter Hallam <peterhal@google.com> |
Merge awt-kernel, icu, luni-kernel, prefs, security-kernel, x-net into luni Merge xml except xmlpull and kxml into luni
ertPathTrustManagerParameters.java
efaultHostnameVerifier.java
efaultSSLContext.java
efaultSSLServerSocketFactory.java
efaultSSLSocketFactory.java
andshakeCompletedEvent.java
andshakeCompletedListener.java
ostnameVerifier.java
ttpsURLConnection.java
eyManager.java
eyManagerFactory.java
eyManagerFactorySpi.java
eyStoreBuilderParameters.java
anagerFactoryParameters.java
SLContext.java
SLContextSpi.java
SLEngine.java
SLEngineResult.java
SLException.java
SLHandshakeException.java
SLKeyException.java
SLPeerUnverifiedException.java
SLPermission.java
SLProtocolException.java
SLServerSocket.java
SLServerSocketFactory.java
SLSession.java
SLSessionBindingEvent.java
SLSessionBindingListener.java
SLSessionContext.java
SLSocket.java
SLSocketFactory.java
rustManager.java
rustManagerFactory.java
rustManagerFactorySpi.java
509ExtendedKeyManager.java
509KeyManager.java
509TrustManager.java
ackage.html
|