History log of /external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
3892ccded916112f3714092ae5976fcfd72d2099 04-Feb-2016 Kenny Root <kroot@google.com> X509 certificates: exception for no Signature provider found

If the X.509 certificate's signature algorithm OID is not satisfied by
any provider registered, a NoSuchAlgorithmException should be thrown.
The previous behavior was an unchecked NullPointerException was thrown
during the attempt to set up the (actually null) signature instance.

Bug: 26954162
Change-Id: Iac3e27c823580738a54d75a45d39411456934dd5
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
45fad1a9e26a0dda99452f797fe6f1856a47f965 05-Jan-2016 Chad Brubaker <cbrubaker@google.com> Make OpenSSLX509Certificate.hashCode match the RI

Use super.hashCode to make sure that hashCode matches the RI. Since the
underlying certificate (and therefore the hashcode) is immutable the
value is cached after the first call to avoid needlessly recomputing the
hash.

Bug:26386620
Change-Id: Ic480b48e57144ac730a33dcc313cdff57fe71157
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
d31ede7ba14b019d6a017f3585866a65891d1710 20-Jan-2016 Kenny Root <kroot@google.com> Get rid of AlgNameMapper

This was only a hack to support old Harmony code, so we don't need it
anymore. Remove the direct references to AlgNameMapper and use
reflection for compatibility in unbundled code.

Change-Id: I7ec14f19e5098ffe12592b79b2b163b41031b6e6
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
e0fb5c395e4f08439429b498648f5408996827de 16-Sep-2015 Kenny Root <kroot@google.com> resolved conflicts for 64c85650 to stage-aosp-master

Change-Id: Ib1a5f7bbe81fc88cf2b9837979650ed35665f1eb
64c85650fce6132ef66be9f7750cf28674cd65d7 21-Jul-2015 Paul Lietar <lietar@google.com> Add method to delete extension from a certificate

The OpenSSLX509Certificate is still immutable. Instead a modified copy is returned.
The use case for this is recreating the TBS component of a Precertificate as
described by RFC6962 section 3.2.

Change-Id: I2a9305ae7464642910decaf5ab46121a6f15d722
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
1f7f9361afdfe0b5813e7c6d0ce25576777eb7dc 18-Jul-2015 Kenny Root <kroot@google.com> am 6e2618d6: OpenSSLX509Certificate: use OID if alg name unavailable

* commit '6e2618d62eb9466609e44bed8d836d3787a23d1a':
OpenSSLX509Certificate: use OID if alg name unavailable
6e2618d62eb9466609e44bed8d836d3787a23d1a 15-Jul-2015 Kenny Root <kroot@google.com> OpenSSLX509Certificate: use OID if alg name unavailable

If we cannot map the signature OID type to a canonical name, then we
should try to get an instance of the signature type using the OID.
Additionally, we should return the OID for the #getSigAlgName instead of
null.

Bug: 22365511
Change-Id: I1ebf48667cf720ee5c7751667601eec2f6f8ec91
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
8d57b9dbbd883422a0ff02083bfcf637b097e504 28-May-2015 Kenny Root <kroot@google.com> OpenSSLX509Certificate: mark mContext as transient

Since mContext should not participate in the serialization process,
hide it with the transient qualifier. This will prevent the field from
initialization during the unserialization of this class. Then of course
the instance will be in a valid state.

Bug: 21437603
Change-Id: Id5b8a83b6000c2219f3246f93aff7a9c6453f639
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
42b8c5e4d608c6b967abb3d50afa629838301fa7 29-May-2015 Kenny Root <kroot@google.com> Revert "OpenSSLX509Certificate: mark mContext as transient"

This reverts commit 998fbfcd4729ee2e196ed17106f76de93f33d7f0. Missing the test class.

Change-Id: I426680f74c4f3ebeb42abd80ebfdba469247c348
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
998fbfcd4729ee2e196ed17106f76de93f33d7f0 28-May-2015 Kenny Root <kroot@google.com> OpenSSLX509Certificate: mark mContext as transient

Since mContext should not participate in the serialization process,
hide it with the transient qualifier. This will prevent the field from
initialization during the unserialization of this class. Then of course
the instance will be in a valid state.

Bug: 21437603
Change-Id: Ie9453c16d11820a91caff92c3f7b326d12f8a8f4
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
d82dc06faee760a737da6f2755a9063637c206e3 19-May-2015 Adam Langley <agl@google.com> Add isFinite flag to OpenSSLBIOInputStream.

The BIO created by OpenSSLBIOInputStream currently returns -1 and sets
the retry flag when read() returns zero on the underlying InputStream.
This is correct for “infinite” streams (like a socket), but isn't
correct for streams that have a definitive EOF.

This change adds a flag to OpenSSLBIOInputStream so that cases where the
input is finite (i.e. when parsing a PKCS#7 or X.509 block) can
correctly return 0 at EOF from |BIO_read|.

(cherry picked from commit 66537ee0121bdd14737191d14927da223f0809ee)

Bug: 21396526
Bug: 21209493
Change-Id: Iaad5845621ab8b89b42d5d3ca8e67e297278ca55
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
66537ee0121bdd14737191d14927da223f0809ee 19-May-2015 Adam Langley <agl@google.com> Add isFinite flag to OpenSSLBIOInputStream.

The BIO created by OpenSSLBIOInputStream currently returns -1 and sets
the retry flag when read() returns zero on the underlying InputStream.
This is correct for “infinite” streams (like a socket), but isn't
correct for streams that have a definitive EOF.

This change adds a flag to OpenSSLBIOInputStream so that cases where the
input is finite (i.e. when parsing a PKCS#7 or X.509 block) can
correctly return 0 at EOF from |BIO_read|.

Bug: 21396526
Bug: 21209493
Change-Id: Iaad5845621ab8b89b42d5d3ca8e67e297278ca55
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
f79c90d56464e254ce8645f886ec0ca47573ced1 24-Apr-2015 Adam Langley <agl@google.com> external/conscrypt: add NativeConstants.

NativeConstants.java is generated by a C program and thus the values
will automatically be kept in sync with the contents of the OpenSSL
headers.

Bug: 20521989
Change-Id: Ib5a97bf6ace05988e3eef4a9c8e02d0f707d46ad
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
37e58bbef60b18389074d8ef8a8c470e47f3d7ee 25-Nov-2014 Kenny Root <kroot@google.com> Convert EVP_PKEY to new style

To avoid conflicts in the language spec and how Conscrypt does native
calls, we need to wrap all native references in a Java object reference.
Calling NativeCrypto's static native methods with a raw pointer doesn't
guarantee that the calling object won't be finalized during the method
running.

This pass fixes EVP_PKEY references, but more passes are needed.

Bug: 16656908
Change-Id: I5925da40cb37cd328b3a126404944f771732a43e
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
cb713c076de9b3d458727ecb2ae2658859a893e2 19-May-2014 Kenny Root <kroot@google.com> X509Certificate: add some context to thrown exceptions

Bug: 14648280
Change-Id: I7bbf76e0d383d34fc5e5a49a8d45384e47f43f3a
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
19fdf1af6bada9ebf4820839780d8713ac3824fa 10-Apr-2014 Kenny Root <kroot@google.com> Convert calls to BIO_free to BIO_free_all

If we have a chain of BIO, we want to free the entire chain. Otherwise,
we might accidentally leave references sitting around. This shouldn't
matter for our current use-case, but might help in the future.

Change-Id: I586937629e1e4f2e80b5feefe2f49a85e8a31d31
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
7c3263f16bae0f1b2125de2c3c1c683303e768ce 31-Jan-2014 Kenny Root <kroot@google.com> OpenSSLX509Certificate: only catch BadPaddingException

We only need to catch BadPaddingException right now. Let the other
non-RuntimeException exceptions pass.

Change-Id: I5b6878250d428b1ee953092967b7418003ee9216
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
1744cf2b54cc7183ff83a3a2eab3a92a8d95ff55 30-Jan-2014 Kenny Root <kroot@google.com> BIGNUM convert to Java BigInteger

Java BigInteger is in two's complement, so it needs conversion for
negative numbers. We were mishandling it before and the previous change
just hacked around it. Actually convert to two's complement instead.

Change-Id: I6bfe9577f0936678476193b55433b7d7dbc04400
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
cea9ec153ef5bf27e3eee74d7c503bce02084bc2 28-Jan-2014 Kenny Root <kroot@google.com> X509Certificate: SignatureException for verify

Any verification error can throw random things like BadPaddingException.
Swallow it and catch Exception for all these cases and rethrow as a
SignatureException to avoid acting as any kind of oracle.

Change-Id: I6b515148f86529fbe0895c9fdb0954306724ae54
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
0a97d659b889de0207e7b33423c5f345203c7f38 28-Jan-2014 Kenny Root <kroot@google.com> OpenSSLX509Certificate: negative serial numbers

The constructor BigInteger(byte[]) expects two's complement encoding,
but that's not what OpenSSL bn2bin returns.

Bug: 12761797
Change-Id: I6c71f6fb88c2b1df7c372bf697728dac26571634
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
16c041fa20ef70221f487631f07eaf53d39ae51c 06-Dec-2013 Kenny Root <kroot@google.com> Make some methods public for CTS

Some methods are called from CTS. The ClassLoaders are different, so we
need to make these public so we don't get any IllegalAccessError during
CTS tests.

Change-Id: I5ac7931694fb1eceb86ae306fca07fb314643fa9
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
0e9746b7b132058651155b33f219c7789997985b 13-Sep-2013 Kenny Root <kroot@google.com> Conscrypt: use certificate references in SSL code

Instead of marshalling and unmarshalling to ASN.1 DER, just use
references to OpenSSL X509 objects everywhere applicable.

Change-Id: I1a28ae9232091ee199a9d4c7cd3c7bbd1efa1ca4
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
adf0d8d251eadb958b5e93cfe2600510f9c69f27 07-May-2013 Kenny Root <kroot@google.com> Merge "NativeCrypto: Fix a lot of random doc bugs"
209c986cfe42dbaa5497c6e68d1b5db96b28db78 07-May-2013 Kenny Root <kroot@google.com> NativeCrypto: Fix a lot of random doc bugs

Remove lots of empty javadoc tags that were unused or invalid.
Remove some unused imports.
Mark a few input streams as intentionally unclosed.

Change-Id: I04d8642abd2b0f2e9be02e227658a1b9bd192d24
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
7d97b2cee4acabea6c8cb795d25fb1fb564f016c 07-May-2013 Kenny Root <kroot@google.com> NativeCrypto: make our own X.509 key class

Make a key class that just holds the encoded key bytes along with the
algorithm identifier. Eclipse IDE made the entire class.

Change-Id: I40b198e0f01121d77bfd26b3420068700ab69614
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
860d2707ce126ef8f66e3eac7ceeab6d24218cd8 24-Apr-2013 Kenny Root <kroot@google.com> Move JSSE to new package

To help with shipping the JSSE with apps that want to bundle it, move
it to a new package so that the tangles in other parts of the library
can be untangled.

Change-Id: I810b6861388635301e28aee5b9b47b8e6b35b430
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java