0669a8cf8b08b2d66a7ff758e5e3dbd456855495 |
14-Nov-2013 |
Alex Klyubin <klyubin@google.com> |
SSLEngine: Test that server params are verified This CL adds tests that check that SSLEngine's handshake fails if the signature of server params in ServerKeyExchange does not verify. Bug: 11631299 Change-Id: I16dfa9c07a4f094adc17aadd6fb3fe9eac88103b
orwardingX509ExtendedKeyManager.java
andomPrivateKeyX509ExtendedKeyManager.java
|
547450702efd233213f953ba2213bb38803c34c3 |
09-Jun-2011 |
Jesse Wilson <jessewilson@google.com> |
Use the same host name in the SSL cert as in mockwebserver. MockWebServer had to revert to getLocalHost() since 'getLoopbackAddress() doesn't exist on Java 6 and MockWebServer wants to work on Java 6. Tested on host and device without problem. Change-Id: Ib083ec393d34b2378da579ffc7b6a71d599f9d22
estSSLContext.java
|
3258b52429c7768ea91bda93c5a15257cdd390e5 |
18-Mar-2011 |
Brian Carlstrom <bdc@google.com> |
libcore key chain support Allow access to default IndexedPKIXParameters, similar to access to default TrustManager. Needed to allow framework to add/remove trusted CAs at runtime. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Add test support for looking up a cert by an issuer for use in key chain tests. support/src/test/java/libcore/java/security/TestKeyStore.java Add test support SSLSocketFactory that sets desired client auth on each created socket. For use with MockWebServer for key chain testing. support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java Change-Id: Iecdbd40c67f1673bda25a52b4e229156c805d564
estSSLContext.java
|
3a3511edad46420b4287017ac66fe4783cb804db |
11-Feb-2011 |
Jesse Wilson <jessewilson@google.com> |
Move tests from java.injected into libcore. Change-Id: Ia3fee27c8f8ca38120eea3fc2582d3e1b2504cea
akeSSLSession.java
|
4ae3fd787741bfe1b808f447dcb0785250024119 |
19-Nov-2010 |
Brian Carlstrom <bdc@google.com> |
Elliptic Crypto support for OpenSSLSocketImpl Summary: - Enable Elliptic Crypto support for OpenSSL based SSLSocket instances - More RI compliant usage of key types, client auth types, and server auth types - Steps toward TLS_EMPTY_RENEGOTIATION_INFO_SCSV support, currently test updates Details: Elliptic Curve changes CipherSuite updates for EC - Adding KEY_EXCHANGE_EC* and corresponding CipherSuites Updated isAnonymous, getKeyType (now renamed getServerKeyType) to handle new EC cases. Added new getAuthType for use by checkServerTrusted callers. - Restructured code to handle two SUITES_BY_CODE_* arrays - Remove KEY_EXCHANGE_DH_* definitions which unused because the corresponding CipherSuites were previously disabled. - Changed AES CipherSuites definitions to use "_CBC" to match other definitions. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java openssl EC - NativeCrypto now registers TLS_EC_* cipher suites and has update default list - Improved auth type arguments to checkClientTrusted/checkServerTrusted - NativeCrypto support for emphemeral EC keys luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java luni/src/main/native/NativeCrypto.cpp non-openssl SSL/TLS cleanups - cleanup around code trying to cope with DiffieHellman vs DH since either should work. - changed client to use new CipherSuite.getAuthType shared with NativeCrypto implementation - changed server to use CipherSuite.getKeyType luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java Consolidate CertificateRequestType code into CipherSuite so that its shared between java and openssl implementations. This includes the KEY_TYPE_ string constants, TLS_CT_* byte constants and the 'String keyType(byte)' (now renamed getClientKeyType) code that depends on them. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java Tests Differentiate between supported list of cipher suites openssl-based SSLSocket and SSLEngine based, since the SSLEngine code does not support EC. luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java Added testing for expected default cipher suites. Before we just ensured the values were valid. luni/src/test/java/libcore/javax/net/ssl/SSLSocketFactoryTest.java support/src/test/java/libcore/java/security/StandardNames.java Updated to handle new EC cipher suites codes. Added test for new getClientKeyType. luni/src/test/java/org/apache/harmony/xnet/provider/jsse/CipherSuiteTest.java Better use of "standard names" particularly to correctly deal with the subtle differences between key types, client auth types, and server auth types. TestKeyManager and TestTrustManager now verify the values they are passed are acceptable. support/src/test/java/libcore/java/security/StandardNames.java support/src/test/java/libcore/javax/net/ssl/TestKeyManager.java support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java Changed to timeout after 30 seconds and to log to reveal both client and server issues. support/src/test/java/libcore/javax/net/ssl/TestSSLSocketPair.java Bug: 3058375 Change-Id: I14d1d0285d591c99cc211324f3595a5be682cab1
estKeyManager.java
estSSLSocketPair.java
estTrustManager.java
|
6c78b7b94c232063ec559436b48b33751373ecf1 |
19-Nov-2010 |
Brian Carlstrom <bdc@google.com> |
Toward EC TLS support Summary: - javax.net.ssl tests are now working on the RI - KeyManager can now handle EC_EC and EC_RSA - OpenSSLSocketImpl.startHandshake now works if KeyManager contains EC certificates Details: Add CipherSuite.getKeyType to provide X509KeyManager key type strings, refactored from OpenSSLServerSocketImpl.checkEnabledCipherSuites. getKeyType is now also used in OpenSSLSocketImpl.startHandshake to avoid calling setCertificate for unnecessary key types. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java New CipherSuiteTest to cover new getKeyType as well as existing functionality luni/src/test/java/org/apache/harmony/xnet/provider/jsse/CipherSuiteTest.java Add support to KeyManager implementation for key types of the form EC_EC and EC_RSA. The first part implies the KeyPair algorithm (EC in these new key types) with a potentially different signature algorithm (EC vs RSA in these) luni/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java Update NativeCrypto.keyType to support EC_EC and EC_RSA in addition to EC which was added earlier. Change from array of KEY_TYPES to named KEY_TYPE_* constants. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java Overhauled KeyManagerFactoryTest to cover EC, EC_EC, EC_RSA cases luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java support/src/test/java/libcore/java/security/StandardNames.java Changed TestKeyStore.createKeyStore from always using BKS to now use JKS on the RI between BC EC Keys and RI X509 certificates. Because JKS requires a password, we now default "password" on the RI. support/src/test/java/libcore/java/security/TestKeyStore.java luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java support/src/test/java/libcore/java/security/StandardNames.java TestKeyStore.create now accepts key types like EC_RSA. Changed TestKeyStore.createKeys to allow a PrivateKeyEntry to be specified for signing to enable creation of EC_RSA test certificate. Added getRootCertificate/rootCertificate to allow lookup of PrivateKeyEntry for signing. Changed TestKeyStore.getPrivateKey to take explicit signature algorithm to retrieve EC_EC vs EC_RSA entries. support/src/test/java/libcore/java/security/TestKeyStore.java luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java luni/src/test/java/libcore/java/security/cert/PKIXParametersTest.java luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java support/src/test/java/libcore/java/security/StandardNames.java Added support for EC cipher suites on the RI. Also test with and without new TLS_EMPTY_RENEGOTIATION_INFO_SCSV cipher suite which is used to specify the new TLS secure renegotiation. luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java support/src/test/java/libcore/java/security/StandardNames.java New TestKeyManager and additional logging in TestTrustManager. Logging in both is disabled by default using DevNullPrintStream. support/src/test/java/libcore/javax/net/ssl/TestKeyManager.java support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java support/src/test/java/libcore/java/io/DevNullPrintStream.java Bug: 3058375 Change-Id: Ia5e2a00a025858e10d1076b900886994b481e05a
estKeyManager.java
estTrustManager.java
|
8a720cceee7ce319d647738dfeda3f302879f370 |
16-Nov-2010 |
Brian Carlstrom <bdc@google.com> |
TrustManager should include PrivateKeyEntry CAs, OpenSSLSocketImpl close fix, and debugging improvements Revert to older behavior of creating TrustAnchors from both PrivateKeyEntry and TrustedCertificateEntry values from the KeyStore. Added tests to better ensure this slighlt different behavior from PKIXParameters. Also create the acceptedIssuers proactively since the real memory cost is the X509Certificates which are already found in the params. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java luni/src/test/java/libcore/java/security/cert/PKIXParametersTest.java Don't just free native state on issue with startHandshake, close the SSLSocket. While the former addressed a CloseGuard issue, the latter make sure that checkOpen throws SocketExceptions and we don't leak a NullPointerException from NativeCrypto. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Debugging improvements including minor refinements to recently added NativeCrypto logging, more verbose TestKeyStore.dump output, and a new TestTrustManager proxy class for logging X509TrustManager behavior. luni/src/main/native/NativeCrypto.cpp support/src/test/java/libcore/java/security/TestKeyStore.java support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java Change-Id: I317e1ca34d8e20c77e5cb9c5a5a58cb4ae98d829
estTrustManager.java
|
f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8a |
30-Sep-2010 |
Brian Carlstrom <bdc@google.com> |
CloseGuard: finalizers for closeable objects should log complaints Introducing CloseGuard which warns when resources are implictly cleaned up by finalizers when an explicit termination method, to use the Effective Java "Issue 7: Avoid finalizers" terminology, should have been used by the caller. libcore classes that can use CloseGuard now do so. Bug: 3041575 Change-Id: I4a4e3554addaf3075c823feb0a0ff0ad1c1f6196
estSSLContext.java
estSSLSessions.java
estSSLSocketPair.java
|
4557728efb66c455a52b7669a8eefef7a9e54854 |
11-Aug-2010 |
Jesse Wilson <jessewilson@google.com> |
Moving tests to be under the libcore.* package. This is indended to make it easier to run on VMs that restrict the packages from which application classes can be loaded. For example, on the RI you need to use the bootclasspath to load these tests. Change-Id: I52193f35c5fcca18b5a3e1d280505b1e29b388af
estSSLContext.java
estSSLEnginePair.java
estSSLSessions.java
estSSLSocketPair.java
|