| b7eec62f6db198a76b67d7915b03e59189c6df4f |
|
02-Jul-2010 |
Brian Carlstrom <bdc@google.com> |
TestKeyStore only use RSA by default & fixing SSLEngine client auth with DSA client and RSA server
Summary:
Goal here was to just make most tests faster by only having
TestKeyStore create RSA keys by default. However, when I did that
SSLEngineTest#test_SSLEngine_clientAuth started working, so I ended up
investigating a much deeper issue with DSA client authentication
against an RSA SSLEngine server.
Details:
Changed the TestKeyStore.get singleton to only contain RSA
keys. TestKeyStore.create now requires the caller enumerate what
keys they want if they need more than that or an alternative.
support/src/test/java/javax/net/ssl/TestKeyStore.java
Changed test_SSLSocket_getSupportedCipherSuites_connect to
explicitly request RSA and DSA keys since it needs both to try
connecting all possible cipher suites.
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Fixing SSLEngine client authentication when server uses RSA but client uses DSA
Fixed java.net.ssl.SSLEngineTest#test_SSLEngine_clientAuth
expectations/knownfailures.txt
Added CiperSuite.authType field which contains the algorithm name
such as RSA, DSA, DH, that the client will use to authenticate the
server. Like the cipherName, hmacName, and hashName, this is
logically derivable from the the CiperSuite.KEY_EXCHANGE_*, but we
remember it to avoid repeatedly doing large cascading "if" tests to
determine which key algorithm should be used for each
case.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
Fixed a number of client certificate authentication bugs in SSLEngine
- Changed ClientHandshakeImpl's in the SSL/Tls Certificate message
code to mirror ServerHandshakeImpl's implementation to properly
use chooseEngineClientAlias in the SSLEngine case.
- Changed to use the client certifcates key algorithm for computing
the signature for the SSL/TLS CertificateVerify
message. Previously we used the cipher suites negoitated key
exchange method, but if the client may select a certificate with
a different algorithm if the server provides a CA for another
algorithm.
- Also changed to use CipherSuite.isAnonymous in two places rather
than the inlined equivalent.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
Fixed client authentication to use the client's certificate (not
the server's) to do verify the CertificateVerify message signature.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
Fixed bug in DigitalSignature which did not Signature.update in
verifySignature, so it could never have properly authenticated DSA
signatures.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java
Added CertificateMessage getAuthType convenience
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateMessage.java
Made CertificateRequest certificate_authorities final, found we were double allocating it
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java
Cleaning up imports of HandshakeProtocol while working on its subclasses.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
Cleaned up while looking at X509KeyManager implementations while debugging.
support/src/test/java/org/apache/harmony/xnet/tests/support/X509KeyManagerImpl.java
Change-Id: I74b98754c11000cbfea416f1571c380c9c67abf3
|
| f33eae7e84eb6d3b0f4e86b59605bb3de73009f3 |
|
13-May-2010 |
Elliott Hughes <enh@google.com> |
Remove all trailing whitespace from the dalvik team-maintained parts of libcore.
Gentlemen, you may now set your editors to "strip trailing whitespace"...
Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b
|
| adc854b798c1cfe3bfd4c27d68d5cee38ca617da |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
|
| 1c0fed63c71ddb230f3b304aac12caffbedf2f21 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
|
| a0881d052ee72e3f7e773374e9b1aa75fbd6be4c |
|
10-Jan-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //branches/cupcake/...@125939
|