| 5ab0d1d4c268a760176a12b85abcbf1bdee0f455 |
|
08-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
KeyStoreTest should not populate read only KeyStores
Change-Id: I3dd3fd4f73ddb92c1e5b37ce1294d4abc35b2b5c
|
| a138def5cf0f28168d353184050c1e526a3c9db9 |
|
01-Sep-2012 |
Kenny Root <kroot@google.com> |
Disable AndroidKeyStore in libcore tests
Change-Id: I168cc82a8feca4bd3b7a1089c1eef339278d5727
|
| 6256280922cc8a6622a156afeb7f43a31576d43f |
|
31-Aug-2012 |
Kenny Root <kroot@google.com> |
Allow non-password KeyStore in tests
Change-Id: Ib78c1305ecd46f78fddb084853b4082626285e83
|
| 5ab96b6746a5a8f9f4e3902379c0b6f062c0d2e0 |
|
31-Aug-2012 |
Brian Carlstrom <bdc@google.com> |
Fix test_KeyStore_setEntry issue
Also include KeyStore type information in failure output.
Change-Id: I60f30e2264fa1516f489c79a69a6a213af961419
|
| a3cb41e5a975dfe5ede995e8fbe6ff86ae5f6615 |
|
29-Aug-2012 |
Kenny Root <kroot@google.com> |
Add test for bogus ProtectionParameter
KeyStoreTest didn't test bogus ProtectionParameter arguments.
Also fix to run under RI.
Change-Id: I4bc742f5a543facf145a29e0d4fd0e4c9d3d5a35
|
| 3d91ee9d8d6b757ff2bcb1dcbf30caa10ff6bc31 |
|
04-Feb-2012 |
Kenny Root <kroot@google.com> |
Add KeyStoreTest for Unicode names
KeyStore take a regular String for entry aliases, so make sure we have a
test vector with some non-ASCII in it.
Change-Id: I2ef1031bc80ec41cc53eaf121e660be0872b2d2c
|
| 0647bfed6eda99ad77b2dfe8e3696e3fabfaf3cc |
|
13-Dec-2011 |
Jesse Wilson <jessewilson@google.com> |
Bring more tests from frameworks/base/tests/CoreTests into libcore.
Bug: http://b/3073226
Change-Id: I66f88f2bfaadd39e53b2977606731e8579d880b6
|
| 003f7a4d100cd1527d94bac81a4a3c5a8216c6ee |
|
04-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Make test initialization lazy
Bug: 4311645
Change-Id: I4280d7ddb2a78f0e33564f3b40cfeb5c671e134a
|
| 1b3c5388d0fffde4392007eb1b0be011a5dfae82 |
|
12-May-2011 |
Brian Carlstrom <bdc@google.com> |
Make CertInstaller installed CA certs trusted by applications via default TrustManager (2 of 6)
frameworks/base
Adding IKeyChainService APIs for CertInstaller and Settings use
keystore/java/android/security/IKeyChainService.aidl
libcore
Improve exceptions to include more information
luni/src/main/java/javax/security/auth/x500/X500Principal.java
Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods.
Added support for adding user CAs in a separate directory for system.
Added support for removing system CAs by placing a copy in a sytem directory
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java
Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash
to make sure the implementing algorithms doe not change since
TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL
changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to
1.0.0)
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Extensive test of new TrustedCertificateStore behavior
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java
TestKeyStore improvements
- Refactored TestKeyStore to provide simpler createCA method (and
internal createCertificate)
- Cleaned up to remove use of BouncyCastle specific X509Principal
in the TestKeyStore API when the public X500Principal would do.
- Cleaned up TestKeyStore support methods to not throw Exception
to remove need for static blocks for catch clauses in tests.
support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Added private PKIXParameters contructor for use by
IndexedPKIXParameters to avoid wart of having to lookup and pass
a TrustAnchor to satisfy the super-class sanity check.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java
luni/src/main/java/java/security/cert/PKIXParameters.java
packages/apps/CertInstaller
Change CertInstaller to call IKeyChainService.installCertificate
for CA certs to pass them to the KeyChainServiceTest which will
make them available to all apps through the
TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask.
src/com/android/certinstaller/CertInstaller.java
Added installCaCertsToKeyChain and hasCaCerts accessor for use by
CertInstaller. Use hasUserCertificate() internally. Cleanup coding
style.
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Added MANAGE_ACCOUNTS so that IKeyChainService.reset
implementation can remove KeyChain accounts.
AndroidManifest.xml
Implement new IKeyChainService methods:
- Added IKeyChainService.installCaCertificate to install certs
provided by CertInstaller using the TrustedCertificateStore.
- Added IKeyChainService.reset to allow Settings to remove the
KeyChain accounts so that any app granted access to keystore
credentials are revoked when the keystore is reset.
src/com/android/keychain/KeyChainService.java
packages/apps/Settings
Changed com.android.credentials.RESET credential reset action to
also call IKeyChainService.reset to remove any installed user CAs
and remove KeyChain accounts to have AccountManager revoke
credential granted to private keys removed during the RESET.
src/com/android/settings/CredentialStorage.java
Added toast text value for failure case
res/values/strings.xml
system/core
Have init create world readable /data/misc/keychain to allow apps
to access user added CA certificates installed by the CertInstaller.
rootdir/init.rc
Change-Id: Ief57672eea38b3eece23b14c94dedb9ea4713744
|
| 347b2a604114602da9bc4ae040278f74d11c2f51 |
|
26-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Avoid loading all CA certs into Zygote memory, lazily load instead (2 of 3)
Previously the CA certs stored in the BKS KeyStore at
/system/etc/security/cacerts.bks was loaded in the Zygote. As the the
number of CAs are started to increase, this is causing more and more
memory to be used for rarely used CAs. The new AndroidCAStore KeyStore
implementation reads the CAs as needed out of individual PEM
certificate files. The files can be efficiently found because they are
named based on a hash CA's subject name, similar to OpenSSL.
Bug: 1109242
Details:
build
Removing old cacerts.bks from GRANDFATHERED_ALL_PREBUILT and
adding new cacerts directory to core PRODUCT_PACKAGES
core/legacy_prebuilts.mk
target/product/core.mk
libcore
cacerts build changes. Move cacerts prebuilt logic to new
CaCerts.mk from NativeCode.mk where it didn't make sense. Updated
Android.mk's dalvik-host target to install new cacerts files.
Android.mk
CaCerts.mk
NativeCode.mk
Remove old cacerts.bks and add remove certimport.sh script used to
generate it. Preserved the useful comments from certimport.sh in
the new README.cacerts
luni/src/main/files/cacerts.bks
luni/src/main/files/certimport.sh
luni/src/main/files/README.cacerts
Recanonicalize cacerts files using updated vendor/google/tools/cacerts/certimport.py
(See below discussion of certimport.py changes for details)
luni/src/main/files/cacerts/00673b5b.0
luni/src/main/files/cacerts/03e16f6c.0
luni/src/main/files/cacerts/08aef7bb.0
luni/src/main/files/cacerts/0d188d89.0
luni/src/main/files/cacerts/10531352.0
luni/src/main/files/cacerts/111e6273.0
luni/src/main/files/cacerts/1155c94b.0
luni/src/main/files/cacerts/119afc2e.0
luni/src/main/files/cacerts/11a09b38.0
luni/src/main/files/cacerts/12d55845.0
luni/src/main/files/cacerts/17b51fe6.0
luni/src/main/files/cacerts/1920cacb.0
luni/src/main/files/cacerts/1dac3003.0
luni/src/main/files/cacerts/1dbdda5b.0
luni/src/main/files/cacerts/1dcd6f4c.0
luni/src/main/files/cacerts/1df5ec47.0
luni/src/main/files/cacerts/1e8e7201.0
luni/src/main/files/cacerts/1eb37bdf.0
luni/src/main/files/cacerts/219d9499.0
luni/src/main/files/cacerts/23f4c490.0
luni/src/main/files/cacerts/27af790d.0
luni/src/main/files/cacerts/2afc57aa.0
luni/src/main/files/cacerts/2e8714cb.0
luni/src/main/files/cacerts/2fa87019.0
luni/src/main/files/cacerts/2fb1850a.0
luni/src/main/files/cacerts/33815e15.0
luni/src/main/files/cacerts/343eb6cb.0
luni/src/main/files/cacerts/399e7759.0
luni/src/main/files/cacerts/3a3b02ce.0
luni/src/main/files/cacerts/3ad48a91.0
luni/src/main/files/cacerts/3c58f906.0
luni/src/main/files/cacerts/3c860d51.0
luni/src/main/files/cacerts/3d441de8.0
luni/src/main/files/cacerts/3e7271e8.0
luni/src/main/files/cacerts/418595b9.0
luni/src/main/files/cacerts/455f1b52.0
luni/src/main/files/cacerts/46b2fd3b.0
luni/src/main/files/cacerts/48478734.0
luni/src/main/files/cacerts/4d654d1d.0
luni/src/main/files/cacerts/4e18c148.0
luni/src/main/files/cacerts/4fbd6bfa.0
luni/src/main/files/cacerts/5021a0a2.0
luni/src/main/files/cacerts/5046c355.0
luni/src/main/files/cacerts/524d9b43.0
luni/src/main/files/cacerts/56b8a0b6.0
luni/src/main/files/cacerts/57692373.0
luni/src/main/files/cacerts/58a44af1.0
luni/src/main/files/cacerts/594f1775.0
luni/src/main/files/cacerts/5a3f0ff8.0
luni/src/main/files/cacerts/5a5372fc.0
luni/src/main/files/cacerts/5cf9d536.0
luni/src/main/files/cacerts/5e4e69e7.0
luni/src/main/files/cacerts/60afe812.0
luni/src/main/files/cacerts/635ccfd5.0
luni/src/main/files/cacerts/67495436.0
luni/src/main/files/cacerts/69105f4f.0
luni/src/main/files/cacerts/6adf0799.0
luni/src/main/files/cacerts/6e8bf996.0
luni/src/main/files/cacerts/6fcc125d.0
luni/src/main/files/cacerts/72f369af.0
luni/src/main/files/cacerts/72fa7371.0
luni/src/main/files/cacerts/74c26bd0.0
luni/src/main/files/cacerts/75680d2e.0
luni/src/main/files/cacerts/7651b327.0
luni/src/main/files/cacerts/76579174.0
luni/src/main/files/cacerts/7999be0d.0
luni/src/main/files/cacerts/7a481e66.0
luni/src/main/files/cacerts/7a819ef2.0
luni/src/main/files/cacerts/7d3cd826.0
luni/src/main/files/cacerts/7d453d8f.0
luni/src/main/files/cacerts/81b9768f.0
luni/src/main/files/cacerts/8470719d.0
luni/src/main/files/cacerts/84cba82f.0
luni/src/main/files/cacerts/85cde254.0
luni/src/main/files/cacerts/86212b19.0
luni/src/main/files/cacerts/87753b0d.0
luni/src/main/files/cacerts/882de061.0
luni/src/main/files/cacerts/895cad1a.0
luni/src/main/files/cacerts/89c02a45.0
luni/src/main/files/cacerts/8f7b96c4.0
luni/src/main/files/cacerts/9339512a.0
luni/src/main/files/cacerts/9685a493.0
luni/src/main/files/cacerts/9772ca32.0
luni/src/main/files/cacerts/9d6523ce.0
luni/src/main/files/cacerts/9dbefe7b.0
luni/src/main/files/cacerts/9f533518.0
luni/src/main/files/cacerts/a0bc6fbb.0
luni/src/main/files/cacerts/a15b3b6b.0
luni/src/main/files/cacerts/a3896b44.0
luni/src/main/files/cacerts/a7605362.0
luni/src/main/files/cacerts/a7d2cf64.0
luni/src/main/files/cacerts/ab5346f4.0
luni/src/main/files/cacerts/add67345.0
luni/src/main/files/cacerts/b0f3e76e.0
luni/src/main/files/cacerts/bc3f2570.0
luni/src/main/files/cacerts/bcdd5959.0
luni/src/main/files/cacerts/bda4cc84.0
luni/src/main/files/cacerts/bdacca6f.0
luni/src/main/files/cacerts/bf64f35b.0
luni/src/main/files/cacerts/c0cafbd2.0
luni/src/main/files/cacerts/c215bc69.0
luni/src/main/files/cacerts/c33a80d4.0
luni/src/main/files/cacerts/c527e4ab.0
luni/src/main/files/cacerts/c7e2a638.0
luni/src/main/files/cacerts/c8763593.0
luni/src/main/files/cacerts/ccc52f49.0
luni/src/main/files/cacerts/cdaebb72.0
luni/src/main/files/cacerts/cf701eeb.0
luni/src/main/files/cacerts/d16a5865.0
luni/src/main/files/cacerts/d537fba6.0
luni/src/main/files/cacerts/d64f06f3.0
luni/src/main/files/cacerts/d777342d.0
luni/src/main/files/cacerts/d8274e24.0
luni/src/main/files/cacerts/dbc54cab.0
luni/src/main/files/cacerts/ddc328ff.0
luni/src/main/files/cacerts/e48193cf.0
luni/src/main/files/cacerts/e60bf0c0.0
luni/src/main/files/cacerts/e775ed2d.0
luni/src/main/files/cacerts/e7b8d656.0
luni/src/main/files/cacerts/e8651083.0
luni/src/main/files/cacerts/ea169617.0
luni/src/main/files/cacerts/eb375c3e.0
luni/src/main/files/cacerts/ed049835.0
luni/src/main/files/cacerts/ed524cf5.0
luni/src/main/files/cacerts/ee7cd6fb.0
luni/src/main/files/cacerts/f4996e82.0
luni/src/main/files/cacerts/f58a60fe.0
luni/src/main/files/cacerts/f61bff45.0
luni/src/main/files/cacerts/f80cc7f6.0
luni/src/main/files/cacerts/fac084d7.0
luni/src/main/files/cacerts/facacbc6.0
luni/src/main/files/cacerts/fde84897.0
luni/src/main/files/cacerts/ff783690.0
Change IntegralToString.intToHexString to take width argument to
allow for leading zero padding. Updated existing callers to
specify 0 padding desired. Add testing of new padding
functionality.
luni/src/main/java/java/lang/Character.java
luni/src/main/java/java/lang/Integer.java
luni/src/main/java/java/lang/IntegralToString.java
luni/src/test/java/libcore/java/lang/IntegralToStringTest.java
Improved to throw Exceptions with proper causes
luni/src/main/java/java/security/KeyStore.java
luni/src/main/java/java/security/Policy.java
luni/src/main/java/java/security/cert/CertificateFactory.java
luni/src/main/java/javax/crypto/Cipher.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignature.java
Indentation fixes
luni/src/main/java/java/security/SecureRandom.java
Fix X509CRLSelector.getIssuerNames to clone result and added test to cover this.
luni/src/main/java/java/security/cert/X509CRLSelector.java
luni/src/test/java/libcore/java/security/cert/X509CRLSelectorTest.java
Fixed bug where we created an X500Principal via a String
representation instead of from its original encoded bytes. This
led to a difficult to track down bug where CA 418595b9.0 where the
NativeCode.X509_NAME_hash of a Harmony (but not BouncyCastle)
X509Certificate would not hash to the expected value because the
encoded form used an ASN.1 PrintableString instead of the
UTF8String form found in the original certificate.
luni/src/main/java/org/apache/harmony/security/x501/Name.java
Add a new RootKeyStoreSpi and register it as the
AndroidCAStore. This new read-only KeyStore implementation that
looks for certificates in $ANDROID_ROOT/etc/security/cacerts/
directory, which is /system/etc/security/cacerts/ on devices. The
files are stored in the directory based on the older md5 based
OpenSSL X509_NAME_hash function (now referred to as
X509_NAME_hash_old in OpenSSL 1.0)
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
Added OpenSSL compatible X509_NAME_hash and X509_NAME_hash_old
functions for producting an int hash value from an X500Principal.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
Changed TrustManagerFactoryImpl to use AndroidCAStore for its default KeyStore
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerFactoryImpl.java
Changed TrustManagerImpl to be AndroidCAStore aware. If it detects
an AndroidCAStore, it avoids generating the acceptedIssuers array
at constructions, since doing so would force us to parse all
certificates in the store and the value is only typically used by
SSLServerSockets when requesting a client certifcate. Because we
don't load all the trusted CAs into the IndexedPKIXParameters at
startup in the case of AndroidCAStore, we now check for new CAs
when examining the cert chain for unnecessary TrustAnchors and for
a newly discovered issuer at the end of the chain before
validation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Updated KeyStoreTest to cope with read only KeyStore. Update
test_cacerts_bks (now renamed test_cacerts) to use the
AndroidCAStore for validating system CA certificate
validity. Register AndroidCAStore as an expected KeyStore type
with StandardNames.
luni/src/test/java/libcore/java/security/KeyStoreTest.java
support/src/test/java/libcore/java/security/StandardNames.java
Added test of X500Principal serialization while investigating Name
encoding issue. However, the actual Name bug was found and
verified by the new test_cacerts test.
luni/src/test/java/libcore/javax/security/auth/x500/X500PrincipalTest.java
vendor/google
Change canonical format for checked in cacerts to have PEM
certificate at the top, as required by Harmony's X.509
CertificateFactory.
tools/cacerts/certimport.py
Change-Id: If0c9de430f13babb07f96a1177897c536f3db08d
|
| 46c6fad9fad8f3dbbc82516232a225f37d332ca7 |
|
15-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
post bouncycastle 1.46 upgrade test cleanup
Change-Id: I6e9be66b3f4fd4c09b31e2508236af62fa5214e3
|
| cc555b2c2df6d1dec46a6c7a1e42e4db741b6c49 |
|
03-Mar-2011 |
Brian Carlstrom <bdc@google.com> |
print alias in test_KeyStore_cacerts_bks on failure
Change-Id: I898f34cb7bdddeba189d8380ca593c50713cdc76
|
| 6a75005c0547634e5179829c61eb03209197ceda |
|
01-Feb-2011 |
Jesse Wilson <jessewilson@google.com> |
Fix some tests to cope with new TestKeyStore exceptions.
Change-Id: I2ac1a81f2907ee35e293192e6beb00c69520ae09
|
| 6c78b7b94c232063ec559436b48b33751373ecf1 |
|
19-Nov-2010 |
Brian Carlstrom <bdc@google.com> |
Toward EC TLS support
Summary:
- javax.net.ssl tests are now working on the RI
- KeyManager can now handle EC_EC and EC_RSA
- OpenSSLSocketImpl.startHandshake now works if KeyManager contains EC certificates
Details:
Add CipherSuite.getKeyType to provide X509KeyManager key type strings,
refactored from OpenSSLServerSocketImpl.checkEnabledCipherSuites.
getKeyType is now also used in OpenSSLSocketImpl.startHandshake to
avoid calling setCertificate for unnecessary key types.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
New CipherSuiteTest to cover new getKeyType as well as existing functionality
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/CipherSuiteTest.java
Add support to KeyManager implementation for key types of the form
EC_EC and EC_RSA. The first part implies the KeyPair algorithm (EC in
these new key types) with a potentially different signature algorithm
(EC vs RSA in these)
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java
Update NativeCrypto.keyType to support EC_EC and EC_RSA in addition to
EC which was added earlier. Change from array of KEY_TYPES to named
KEY_TYPE_* constants.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
Overhauled KeyManagerFactoryTest to cover EC, EC_EC, EC_RSA cases
luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java
support/src/test/java/libcore/java/security/StandardNames.java
Changed TestKeyStore.createKeyStore from always using BKS to now use
JKS on the RI between BC EC Keys and RI X509 certificates. Because JKS
requires a password, we now default "password" on the RI.
support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java
support/src/test/java/libcore/java/security/StandardNames.java
TestKeyStore.create now accepts key types like EC_RSA. Changed
TestKeyStore.createKeys to allow a PrivateKeyEntry to be specified for
signing to enable creation of EC_RSA test certificate. Added
getRootCertificate/rootCertificate to allow lookup of PrivateKeyEntry
for signing. Changed TestKeyStore.getPrivateKey to take explicit
signature algorithm to retrieve EC_EC vs EC_RSA entries.
support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java
luni/src/test/java/libcore/java/security/cert/PKIXParametersTest.java
luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
support/src/test/java/libcore/java/security/StandardNames.java
Added support for EC cipher suites on the RI. Also test with and
without new TLS_EMPTY_RENEGOTIATION_INFO_SCSV cipher suite which is
used to specify the new TLS secure renegotiation.
luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
support/src/test/java/libcore/java/security/StandardNames.java
New TestKeyManager and additional logging in TestTrustManager. Logging
in both is disabled by default using DevNullPrintStream.
support/src/test/java/libcore/javax/net/ssl/TestKeyManager.java
support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java
support/src/test/java/libcore/java/io/DevNullPrintStream.java
Bug: 3058375
Change-Id: Ia5e2a00a025858e10d1076b900886994b481e05a
|
| 57f2cc03ff2cf5d2f6413c5410680b4908d7301d |
|
05-Nov-2010 |
Brian Carlstrom <bdc@google.com> |
Test updates for Elliptic Curve
Updated with Elliptic Curve (EC) (and SunPKCS11-NSS) names for use by ProviderTest
support/src/test/java/libcore/java/security/StandardNames.java
Enhance test_KeyStore_cacerts_bks to verify PublicKey can be
retreived. Before this the test would pass even though an
ECPublicKey could not be accessed. With EC support in
external/bouncycastle, this test now passes.
luni/src/test/java/libcore/java/security/KeyStoreTest.java
New SignatureTest to cover ECDSA, replaces the old one that
required a subclass per tested algorithm.
luni/src/test/java/libcore/java/security/SignatureTest.java
support/src/test/java/tests/security/SignatureTest.java
luni/src/test/java/tests/targets/security/SignatureTestMD5withRSA.java
luni/src/test/java/tests/targets/security/SignatureTestNONEwithDSA.java
luni/src/test/java/tests/targets/security/SignatureTestSHA1withDSA.java
luni/src/test/java/tests/targets/security/SignatureTestSHA1withRSA.java
luni/src/test/java/tests/targets/security/SignatureTestSHA256withRSA.java
luni/src/test/java/tests/targets/security/SignatureTestSHA384withRSA.java
luni/src/test/java/tests/targets/security/SignatureTestSHA512withRSA.java
luni/src/test/java/tests/targets/security/AllTests.java
Improve ProviderTest logging while debugging SunPKCS11-NSS
provider issues. Added some exceptions for RI missing classes.
luni/src/test/java/libcore/java/security/ProviderTest.java
Changed style slightly to match KeyPairGeneratorTest, where +N is
used to indicated when multiples of a increments of a certain
amount are required for valid key sizes.
luni/src/test/java/libcore/javax/crypto/KeyGeneratorTest.java
Fix test CloseGuard issues
luni/src/test/java/libcore/java/security/KeyStoreTest.java
Fix readability
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
Bug: 3058375
Change-Id: I99cd93ad66372e8512d993168550cc1d471d3248
|
| a5c608e59f9d574ea4bc65e9dff44aae2f34fd26 |
|
01-Nov-2010 |
Brian Carlstrom <bdc@google.com> |
TrustManager improvements
Overhaul of TrustManagerImpl
- PKIXParameters can now be final in TrustManagerImpl because we
always immediately create an IndexedPKIXParameters instead of only
doing it in SSLParametersImpl.createDefaultTrustManager.
- Use new KeyStore constructor for IndexedPKIXParameters to remove
duplicate logic for creating set of TrustAnchors from a KeyStore.
- Improved checkTrusted/cleanupCertChain to remove special cases for
directly trusting the end cert or pruning only self signed certs. To
support b/2530852, we need to stop prune the chain as soon as we
find any trust anchor (using newly improved
TrustManagerImpl.isTrustAnchor), which could be at the beginning,
middle, or end. That means cleanupCertChain can return an empty
chain if everything was trusted directly. (and we don't need to do
extra checks on exception cases to see if the problem was just that
the trust anchor was in the chain)
- isDirectlyTrusted -> isTrustAnchor here as well, using new
IndexedPKIXParameters.isTrustAnchor APIs
- Fix incorrect assumption in getAcceptedIssuers that all TrustAnchor
instances have non-null results for getTrustedCert.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Removed indexing in createDefaultTrustManager since we always index now
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java
Overhaul of IndexedPKIXParameters
- Single map from subject X500Principal to TrustAnchors
instead of two different X500Principal keyed maps to check
- Removed map based on encoded cert. For b/2530852, we want to treat
certs as equal if they have the same name and public key, not
byte-for-byte equality, which can be done with the remaining map.
Revamped isDirectlyTrusted into isTrustAnchor(cert) to perform this
new name/key based comparison.
- Added helper isTrustAnchor(cert, anchors) to reuse code in
non-IndexedPKIXParameters case in TrustManagerImpl.
- Added constructor from KeyStore
- Moved anchor indexing code to index() from old constructor
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java
TestKeyStore.getPrivateKey allowed some existing test simplification.
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
support/src/test/java/libcore/java/security/TestKeyStore.java
Added missing "fail()" before catching expected exceptions.
luni/src/test/java/libcore/java/security/KeyStoreTest.java
Expanded KeyManagerFactoryTest to excercise ManagerFactoryParameters b/1628001
luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java
Added KeyStoreBuilderParametersTest because I thought I saw a bug in
KeyStoreBuilderParameters, but this convinced me otherwise.
luni/src/test/java/libcore/javax/net/ssl/KeyStoreBuilderParametersTest.java
New TrustManagerFactory test modeled on expanded KeyManagerFactoryTest.
test_TrustManagerFactory_intermediate specifically is targeting the
new functionality of b/2530852 to handling trust anchors within the
chain.
luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java
support/src/test/java/libcore/java/security/StandardNames.java
Some initial on tests for Elliptic Curve (b/3058375) after the RI
started reporting it was supported. Removed old @KnownFailure
tags. Skipped a test on the RI that it can't handle. Improved some
assert messages.
luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
support/src/test/java/libcore/java/security/StandardNames.java
support/src/test/java/libcore/java/security/TestKeyStore.java
Removed unneeded bytes->javax->bytes->java case of which can just go bytes->java directly.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Removed super()
luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java
Made Security.secprops final
luni/src/main/java/java/security/Security.java
Pulled SamplingProfiler fix from dalvik-dev branch
git cherry-pick --no-commit f9dc3450e8f23cab91efc9df99bb860221ac3d6c
dalvik/src/main/java/dalvik/system/SamplingProfiler.java
Bug: 2530852
Change-Id: I95e0c7ee6a2f66b6986b3a9da9583d1ae52f94dd
|
| 28192ac5dbb128c63d914fab324d15757fe98fda |
|
14-Sep-2010 |
Jesse Wilson <jessewilson@google.com> |
Fix test code that hardcodes the keystore. Necessary for the host build.
Change-Id: Ie371a4bc9cd8bcb9aed169f08aba18d285e21099
|
| 4557728efb66c455a52b7669a8eefef7a9e54854 |
|
11-Aug-2010 |
Jesse Wilson <jessewilson@google.com> |
Moving tests to be under the libcore.* package.
This is indended to make it easier to run on VMs that restrict the packages
from which application classes can be loaded. For example, on the RI you need
to use the bootclasspath to load these tests.
Change-Id: I52193f35c5fcca18b5a3e1d280505b1e29b388af
|