aba5e8c281fb9c6be23229246473fa0b433dd997 |
|
25-May-2011 |
Brian Carlstrom <bdc@google.com> |
OpenSSLSocketImpl should tolerate X509KeyManager returning null values While this started out as the small fix in OpenSSLSocketImpl.setCertificate and the corresponding test test_SSLSocket_clientAuth_bogusAlias, the need to test the behavior of the X509KeyManager returning null on the RI led to test maintenance to get libcore.javax.net.ssl tests working on RI 7 thanks to a test dependency that was added on the new InetAddress.getLoopbackAddress(). Change-Id: I3d8ed1ce453cc3a0b53e23e39c02e6a71413649c
|
a5c608e59f9d574ea4bc65e9dff44aae2f34fd26 |
|
01-Nov-2010 |
Brian Carlstrom <bdc@google.com> |
TrustManager improvements Overhaul of TrustManagerImpl - PKIXParameters can now be final in TrustManagerImpl because we always immediately create an IndexedPKIXParameters instead of only doing it in SSLParametersImpl.createDefaultTrustManager. - Use new KeyStore constructor for IndexedPKIXParameters to remove duplicate logic for creating set of TrustAnchors from a KeyStore. - Improved checkTrusted/cleanupCertChain to remove special cases for directly trusting the end cert or pruning only self signed certs. To support b/2530852, we need to stop prune the chain as soon as we find any trust anchor (using newly improved TrustManagerImpl.isTrustAnchor), which could be at the beginning, middle, or end. That means cleanupCertChain can return an empty chain if everything was trusted directly. (and we don't need to do extra checks on exception cases to see if the problem was just that the trust anchor was in the chain) - isDirectlyTrusted -> isTrustAnchor here as well, using new IndexedPKIXParameters.isTrustAnchor APIs - Fix incorrect assumption in getAcceptedIssuers that all TrustAnchor instances have non-null results for getTrustedCert. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Removed indexing in createDefaultTrustManager since we always index now luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java Overhaul of IndexedPKIXParameters - Single map from subject X500Principal to TrustAnchors instead of two different X500Principal keyed maps to check - Removed map based on encoded cert. For b/2530852, we want to treat certs as equal if they have the same name and public key, not byte-for-byte equality, which can be done with the remaining map. Revamped isDirectlyTrusted into isTrustAnchor(cert) to perform this new name/key based comparison. - Added helper isTrustAnchor(cert, anchors) to reuse code in non-IndexedPKIXParameters case in TrustManagerImpl. - Added constructor from KeyStore - Moved anchor indexing code to index() from old constructor luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java TestKeyStore.getPrivateKey allowed some existing test simplification. luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java support/src/test/java/libcore/java/security/TestKeyStore.java Added missing "fail()" before catching expected exceptions. luni/src/test/java/libcore/java/security/KeyStoreTest.java Expanded KeyManagerFactoryTest to excercise ManagerFactoryParameters b/1628001 luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java Added KeyStoreBuilderParametersTest because I thought I saw a bug in KeyStoreBuilderParameters, but this convinced me otherwise. luni/src/test/java/libcore/javax/net/ssl/KeyStoreBuilderParametersTest.java New TrustManagerFactory test modeled on expanded KeyManagerFactoryTest. test_TrustManagerFactory_intermediate specifically is targeting the new functionality of b/2530852 to handling trust anchors within the chain. luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java support/src/test/java/libcore/java/security/StandardNames.java Some initial on tests for Elliptic Curve (b/3058375) after the RI started reporting it was supported. Removed old @KnownFailure tags. Skipped a test on the RI that it can't handle. Improved some assert messages. luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java support/src/test/java/libcore/java/security/StandardNames.java support/src/test/java/libcore/java/security/TestKeyStore.java Removed unneeded bytes->javax->bytes->java case of which can just go bytes->java directly. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Removed super() luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java Made Security.secprops final luni/src/main/java/java/security/Security.java Pulled SamplingProfiler fix from dalvik-dev branch git cherry-pick --no-commit f9dc3450e8f23cab91efc9df99bb860221ac3d6c dalvik/src/main/java/dalvik/system/SamplingProfiler.java Bug: 2530852 Change-Id: I95e0c7ee6a2f66b6986b3a9da9583d1ae52f94dd
|
7365de1056414750d0a7d1fdd26025fd247f0d04 |
|
12-Aug-2010 |
Jesse Wilson <jessewilson@google.com> |
Sorting imports. Change-Id: I8347bc625480a1c37a1ed9976193ddfedeb00bbc
|
0c131a2ca38465b7d1df4eaee63ac73ce4d5986d |
|
21-May-2010 |
Brian Carlstrom <bdc@google.com> |
RI 6 support for javax.net.ssl Summary: - RI 6 support for javax.net.ssl - SSLEngine fixes based on new SSLEngineTest - fix Cipher.checkMode bug recently introduced in dalvik-dev Details: Fix Cipher.checkMode that was preventing most javax.net.ssl tests from working luni/src/main/java/javax/crypto/Cipher.java RI 6 has introduced the concept of a "Default" SSLContext. This is accessed via SSLContext.getDefault() and also SSLContext.getInstance("Default"). Harmony had its own DefaultSSLContext but it was not created via an SSLContextSpi. It also was a single shared instance whereas the new RI6 Default SSLContext shares internal SSLSessionContext instances between different Default SSLContexts. Refactored the old code into an SSLContextImpl subclass that allows it to be created via SSLContext.getInstance. SSLContextImpl ensures that we only ever create one set of SSLSessionContext instances for the Default context. luni/src/main/java/javax/net/ssl/DefaultSSLContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Added SSLContext.getDefault and SSLContext.setDefault luni/src/main/java/javax/net/ssl/SSLContext.java Replace dependencies of old DefaultSSLContext with use of SSLContext.getDefault luni/src/main/java/javax/net/ssl/SSLServerSocketFactory.java luni/src/main/java/javax/net/ssl/SSLSocketFactory.java Register "SSLContext.Default" as DefaultSSLContextImpl class for SSLContext.getInstance() luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java Added constant for new "Default" standard name and added it to SSL_CONTEXT_PROTOCOLS. New tests based on SSL_CONTEXT_PROTOCOLS made it clear that neither Android or RI support SSLv2 so removed it from SSL_CONTEXT_PROTOCOLS and SSL_SOCKET_PROTOCOLS. Added constant for TLS as well which was previously scattered all over tests. Remove SSLv2Hello from SSL_SOCKET_PROTOCOLS for Android since with OpenSSL disablign SSLv2 means you can not use SSLv2Hello either. support/src/test/java/javax/net/ssl/StandardNames.java Added tests for SSLContext.getDefault and SSLContext.setDefault. Changed existing tests to work on all protocols including new "Default". luni/src/test/java/javax/net/ssl/SSLContextTest.java RI 6 has introduced the notion of SSLParameters which encapsulate SSL the handshake parameters of desired cipher suites, protocols, and client authentication requirements. The main new class SSLParameters is basically just a bag of fields with accessors and a couple simple constructors. The only things of note are that it clones all String arrays on input and output and the setters for the two boolean fields ensure that only one is true at a time. luni/src/main/java/javax/net/ssl/SSLParameters.java Added SSLContext.getDefaultSSLParameters and SSLContext.getSupportedSSLParameters which simply delegate to the SSLContextSpi. luni/src/main/java/javax/net/ssl/SSLContext.java Added abstract SSLContextSpi.engineGetDefaultSSLParameters and SSLContext.engineGetSupportedSSLParameters. luni/src/main/java/javax/net/ssl/SSLContextSpi.java Added engineGetDefaultSSLParameters and engineGetSupportedSSLParameters implementation. The RI documents in SSLContextSpi that these are implemented by default by creating a socket via the SSLContext's SocketFactory and asking for the enabled/supported cipher suites and protocols respectively, so that is what is done. The doc mentions throwing UnsupportedOperationException if there is a problem, so we do that as well. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Added {SSLEngine,SSLSocket}.{getSSLParameters,setSSLParameters} which are analogous. luni/src/main/java/javax/net/ssl/SSLEngine.java luni/src/main/java/javax/net/ssl/SSLSocket.java Added SSLParametersTest luni/src/test/java/javax/net/ssl/SSLParametersTest.java luni/src/test/java/javax/net/ssl/AllTests.java Added SSLContext.get{Default,Supported}SSLParameters tests luni/src/test/java/javax/net/ssl/SSLContextTest.java Added SSLSocket.{getSSLParameters,setSSLParameters} tests and added some extra asserts to test_SSLSocketPair_create based on experience with test_SSLEnginePair_create. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Dummy implementation of new SSLContextSpi for test classes. support/src/test/java/org/apache/harmony/security/tests/support/MySSLContextSpi.java support/src/test/java/org/apache/harmony/xnet/tests/support/MySSLContextSpi.java Other minor RI 6 API changes: RI 6 removed Serializable from HandshakeCompletedEvent and SSLSessionBindingEvent luni/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java luni/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java RI 6 added generic types to the KeyStoreBuilderParameters List constructor and accessor as well as to SSLSessionContext.getIds. Fixed tests to compile with generic types. luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java luni/src/main/java/javax/net/ssl/SSLSessionContext.java luni/src/test/java/tests/api/javax/net/ssl/KeyStoreBuilderParametersTest.java SSLEngine improvements. Since I was changing SSLEngine, I wrote an SSLEngineTest based on my SSLSocketTest to do some simply sanity checking. It expose a number of issues. I've fixed the small ones, marked the rest as known failures. Renamed some TLS_ cipher suites to SSL_ to match JSSE standard names. These were all old suites no longer supported by RI or OpenSSL which is why they were missed in an earlier cleanup of this type in this class. Also fixed SSLEngine supported cipher suites list not to include SSL_NULL_WITH_NULL_NULL which is not a valid suite to negotiate. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java SSLEngine instances can have null host values, which caused a NullPointerException in the ClientSessionContext implementation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java SSLEngine tests were failing because SSLParameters was throwing NullPointerException instead of IllegalArgument exception on null element values. Fixed null pointer message style while I was here. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java Fixed SSLEngine instances to default to server mode like RI luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Fixed KEY_TYPES based on SSLEngine implementation. Removed dead code NativeCrypto.getEnabledProtocols which was recently made obsolete. Cleaned up null exception messages to follow our convention. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java Added SSLEngineTest which parallels SSLSocketTest in its coverage. Similarly added TestSSLEnginePair which loosely parallels TestSSLSocketPair. luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/AllTests.java support/src/test/java/javax/net/ssl/TestSSLEnginePair.java SSLEngineTest betters exposed the differences between SSLSocket and SSLEngine supported cipher suites. StandardNames now has an CIPHER_SUITES_SSLENGINE definition which denotes what is missing and what is extra and why in the SSLEngine implementation. support/src/test/java/javax/net/ssl/StandardNames.java Created StandardNames.assert{Valid,Supported}{CipherSuites,Protocols} to factor out some code test code that is also used by new tests. support/src/test/java/javax/net/ssl/StandardNames.java luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java Remove SSLSocketTest known failure and add new SSLEngineTest known failures expectations/knownfailures.txt SSL_OP_NO_TICKET change was recently merged from master which required some fixes. For the moment, sslServerSocketSupportsSessionTickets always returns false. support/src/test/java/javax/net/ssl/TestSSLContext.java Fixed flakey test_SSLSocket_HandshakeCompletedListener which had a race because the client thread look in the server session context for an session by id potentially before the server thread had a chance to store its session. Made noticable because of SSL_OP_NO_TICKET recently merged from master (before this code path was host only, not device) luni/src/test/java/javax/net/ssl/SSLSocketTest.java Fix checkjni issue where we need to check for pending exception in OpenSSL callback. Possibly introduced by recent merge of SSL_OP_NO_TICKET from master. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Expectation updates Remove SSLSocketTest known failure and add new SSLEngineTest known failures expectations/knownfailures.txt Tag test_SSLSocket_getSupportedCipherSuites_connect as large expectations/taggedtests.txt Misc changes: opening brace on wrong line luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java Long line cleanup while debugging luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketFactoryImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketFactoryImpl.java support/src/test/java/javax/net/ssl/TestKeyStore.java Removed bogus import luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java Comment clarify while debugging luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Ctor -> Constructor in comment luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLEngineImpl.java Fixed naming of SocketTest_Test_create to TestSocketPair_Create to match renamed classes luni/src/test/java/javax/net/ssl/SSLSocketTest.java Change-Id: I99505e97d6047eeabe4a0b93202075a0b2d486ec
|
f33eae7e84eb6d3b0f4e86b59605bb3de73009f3 |
|
13-May-2010 |
Elliott Hughes <enh@google.com> |
Remove all trailing whitespace from the dalvik team-maintained parts of libcore. Gentlemen, you may now set your editors to "strip trailing whitespace"... Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b
|
6b811c5daec1b28e6f63b57f98a032236f2c3cf7 |
|
03-May-2010 |
Peter Hallam <peterhal@google.com> |
Merge awt-kernel, icu, luni-kernel, prefs, security-kernel, x-net into luni Merge xml except xmlpull and kxml into luni
|