Cross Reference: /libcore/support/src/test/java/

History log of /libcore/support/src/test/java/
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
87b15f87f9e01e8e8d8350aa3fc74a08599ad6e8	07-Mar-2017	Kenny Root <kroot@google.com>	Remove DHE ciphers from defaults list Since DHE does not allow negotiation of the group used, it is pretty broken. ECDHE at least allows the negotiation of the group which allows its security to be maintained with configuration changes in the client or server. This tracks a change in Conscrypt merged in 906cfad7e08fd339be06441ff42960743f95053c Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Test: make docs Test: visual inspection of docs output in web browser Change-Id: Ic90297bf6b1c82af192a887797238ad250e3d1ce ibcore/java/security/StandardNames.java
5d175dd4d7b128492ef7e3da6a77d80b8fd0aa22	02-Mar-2017	Tobias Thierer <tobiast@google.com>	Automated: Canonicalize spelling of Android-changed across libcore This applies the same regexp replacement across libcore that http://r.android.com/345826 had only applied to ojluni. Most of the previous noncanonical spellings were a lowercased "android-" that should be "Android-". This CL was created by running the following command on top of the above CL. No manual changes were made. find . -name \\.java \| xargs sed -i \ -e 's/Android[- ]changed/Android-changed/ig' \ -e 's/Android-changed :/Android-changed:/g' \ -e 's/Android-changed $BEGIN\\|END$/\1 Android-changed/g' \ -e 's/Android-changed - /Android-changed: /g' \ -e 's/Android[- ]removed/Android-removed/ig' \ -e 's/Android-removed :/Android-removed:/g' \ -e 's/Android-removed $BEGIN\\|END$/\1 Android-removed/g' \ -e 's/Android-removed - /Android-removed: /g' \ -e 's/Android[- ]added/Android-added/ig' \ -e 's/Android-added :/Android-added:/g' \ -e 's/Android-added $BEGIN\\|END$/\1 Android-added/g' \ -e 's/Android-added - /Android-added: /g' \ -e 's/----- $BEGIN\\|END$ android$ -----$\?/\1 Android-changed/g' \ -e 's/\/\ $BEGIN\\|END$ Android-changed \*\//\/\/ \1 Android-changed/g' Bug: 35841464 Test: make droid cts Change-Id: I060c7236b7607763e5d27d60aa395d2507703a95 rg/apache/harmony/security/tests/support/cert/MyCertStoreParameters.java
30307ec0c76a51b91701f3b90d764ad6ef679dc3	23-Feb-2017	Paul Duffin <paulduffin@google.com>	Fix InetAddress.getByName tests Removes suppression of legacy harmony tests that fail on Android. Changes: 1) Switches libcore InetAddressTest to parameterized Junit4 test framework to make additions of test data easier / clearer. 2) Removes failing harmony test cases. This seemed like the correct approach as the harmony tests expected completely opposite behavior to the libcore tests but while the libcore tests pass the harmony tests have been broken for over 3 years. 3) Adds test cases to libcore InetAddressTest to assert the behavior of addresses removed from the harmony test cases. 4) Removes suppression of harmony test cases. 5) Handles knock-ons in SerializationTester; it assumed that all tests extend TestCase, no longer the case with JUnit 4. Bug: 11689863 Test: with cts and vogar Change-Id: Iea6ba11fda18f058068e4eea1490d98ee7a3eb2d rg/apache/harmony/testframework/serialization/SerializationTest.java
4a7d052f9ff1dede771be29acf8e855959b08a69	14-Feb-2017	Adam Vartanian <flooey@google.com>	Conscrypt: Add PBEWithHmacSHAXXXAndAES_XXX cipher aliases. Bug: 29631070 Test: cts run -m CtsLibcoreTestCases -t libcore.java.security.ProviderTest Test: cts run -m CtsLibcoreTestCases -t libcore.javax.crypto.CipherTest Change-Id: I9bd6ed1a17048748cc5006326720dbd6c2012d67 ibcore/java/security/StandardNames.java
4ddff9fdecadc83d710e65c80cdb67d301a41523	14-Feb-2017	Adam Vartanian <flooey@google.com>	Merge "BouncyCastle: Enable EC AlgorithmParameters."
8cce46455d74a8e143476630edf924d1b33d0803	13-Feb-2017	Kenny Root <kroot@google.com>	Merge "Reduce number of lint warnings"
c4da73d37028b599c4576cf4da6682b31ed1cfbe	13-Feb-2017	Kenny Root <kroot@google.com>	Merge "Use the new X.509 cert generator API"
04ba2ae5ace8d45cbce4139bec5889cf7191d15a	09-Feb-2017	Kenny Root <kroot@google.com>	Use the new X.509 cert generator API The previous API has been deprecated within Bouncycastle for a while. Switch to the newer one to avoid the deprecation warnings. Test: cts-tradefed run cts -m CtsLibcoreTestCases Change-Id: I24b1340185876f90730d362019f202431c94d4a2 ibcore/java/security/TestKeyStore.java
2bdd86ec6cbafe421e5f4c24b6ec0f0fffe27f90	09-Feb-2017	Kenny Root <kroot@google.com>	Reduce number of lint warnings When compiled against the SDK, junit.framework is noted as deprecated. Changing this to use JUnit4-style asserts doesn't break any users. Test: cts-tradefed run cts -m CtsLibcoreTestCases Change-Id: Ic480b16db8e0ef13b55e7f3c005c7d9c26da0114 ibcore/java/security/StandardNames.java ibcore/java/security/TestKeyStore.java
385c0d328cd6925efd4d2c985f412166e78ced3c	08-Feb-2017	Adam Vartanian <flooey@google.com>	Conscrypt: Add key-constrained versions of AES algorithms. Bug: 29631070 Test: run cts -m CtsLibcoreTestCases Change-Id: I7174ec7f6c598d46dce1935385c723b96907d9d1 ibcore/java/security/StandardNames.java
61209f38be2e98277eca36a3039da34ee0c32a54	10-Feb-2017	Adam Vartanian <flooey@google.com>	BouncyCastle: Enable EC AlgorithmParameters. Bug: 29631070 Test: run cts -m CtsLibcoreTestCases Change-Id: Iff5246f9053a8a1691038f5719145a541ebec5e2 ibcore/java/security/StandardNames.java
fe74e44f279e241d07b0b0eeae28bf3bd4cfc622	26-Jan-2017	Chad Brubaker <cbrubaker@google.com>	Provide SSL SSLContext algorithm SSL was rexposed in 3f3b9c8292773841760263f410b74ed0ab7aae6b as an alias to TLS. Bug: 34722987 Test: cts-tradefed run cts -m CtsLibcoreTestCases -t libcore.java.security.ProviderTest Change-Id: Icf784ca30ccec2c5546dc9af6e7a06ae8ffefd56 ibcore/java/security/StandardNames.java
3f3b9c8292773841760263f410b74ed0ab7aae6b	17-Jan-2017	Chad Brubaker <cbrubaker@google.com>	Expose SSLContext.SSL as an alias for SSLContext.TLS SSL was removed with SSLv3 however a lot of callers use SSL instead of Default leading to breakage. Test: libcore/run-libcore-tests libcore/luni/src/test/java/libcore/javax/net/ssl/* Bug:32584776 Bug:30977793 Change-Id: I7ce48488a28e2c62bb0c2a76261a11fbd5bb9da7 ibcore/java/security/StandardNames.java
aeec00f5c8ce2675107ac096765fb250521b903e	11-Jan-2017	Robert Sloan <varomodt@google.com>	Update Libcore's Elliptic Curves to the BoringSSL change: https://boringssl-review.googlesource.com/#/c/10923/ Test: CtsLibcoreTestCases Change-Id: Ie13bcce8b1557e55921366643efbf71b7b75314b ibcore/java/security/StandardNames.java
6a5e142b16cf6b921420d371c35d950a13b22db1	20-Dec-2016	Yi Kong <yikong@google.com>	Remove StuckServer using backlog and tests relying on it StuckServer uses kernel implementation details that have changed on version > 4.4, and causing tests depending on it to fail. Since we can't find an alternative method to simulate a stuck server without special permission, and the test itself is not reliable in that they don't fail on non-stuck servers, remove them from Libcore tests. Test: CtsLibcoreTestCases Bug: 32551747 Change-Id: I88d837329d65040a9f8550fff790f8703ea773f3 ests/net/StuckServer.java
03d2687dfc9b84bb16ea2b5f6a85da539696b30c	29-Nov-2016	Przemyslaw Szczepaniak <pszczepaniak@google.com>	Update java.util.jar to openJdk8u60 Attributes.java - header change - Use of generics - Updated documentation links - Deprecated: EXTENSION_INSTALLATION, IMPLEMENTATION_VENDOR_ID, IMPLEMENTATION_URL JarEntry.java - header change - Updated javadoc JarFile.java: - Entry enumerator moved to seperate static inner class - Streams implementation - Non-crucial META-INF/* (not .SF\|.DSA\|.RSA\|.EC\|MANIFEST.MF) files are not passed to JarVerifier in .intializeVerifier() call. Otherwise we could signal the end of META-INF parsing (due to changes in JarVerifier). - Refactoring of hasClassPathAttribute, divided into many methods - Android-changed: Commented out isKnownNotToHaveSpecialAttributes() method that doesn't make sense on android JarOutputStream.java - Header change - Replaced a use of "& 0xff" with a cleaner conversion to unsigned int JarVerifier.java - Use of generics - beginEntry explicitly omits META-INF manifest and index signature check (So they can be passed to beginEntry without side-effects) - beginEntry process properly non-crucial META-INF/ entries (not .SF\|.DSA\|.RSA\|.EC\|MANIFEST.MF) and checks their signatures (added a test for that) - Change from "Enhance signed jar verification": .entryNames treats .findMatchingSigners(c) null result as empty array (probably a bug fix). Manifest.java - Use of generics - Replaced a use of "& 0xff" with a cleaner conversion to unsigned int Pack200.java - Copyright update - javadoc formating changes - addPropertyChangeListener & removePropertyChangeListener gained empty default implementation and deprecated SignatureFileVerifier.java: - uncommented isSigningRelated (requried by JarFile) Test: CtsLibcoreTestCases Change-Id: I56c59fac628c97a8b7c6967a43c0e23c8b068120 ests/resources/hyts_metainf.jar
a86c73bb4b81906c965a55de48e38dd4e44f49e6	18-Oct-2016	Kenny Root <kroot@google.com>	SSLSocketTest: TLS client auth with opaque keys AndroidKeyStore can be used with TLS client auth, but we don't test anything similar with SSLSocketTest. Add a PrivateKey wrapper that allows us to closely simulate the conditions which trigger the special code in Conscrypt to do upcalls to Java to generate signatures with the client private key. Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a Bug: 31714503 Change-Id: I559db546ddd31f8efbe73fc70a91689ed6d7d7e5 ibcore/java/security/TestKeyStore.java
332b1ef6fed9327bdfd4f3388a5ae62a56fa5bba	04-Nov-2016	Kenny Root <kroot@google.com>	Merge "Make sure BouncyCastleProvider is initialized"
a1d3063e3f0d9b8eb9b049bcaa0808f4ea6fba64	31-Oct-2016	Kenny Root <kroot@google.com>	Make sure BouncyCastleProvider is initialized When running these tests against an Android system when we're not built as part of the system image (e.g., we have our own BouncyCastleProvider instance), then we need to make sure our instance of BouncyCastleProvider is initialized properly. The initialization happens in its constructor. In TestKeyStore the included version of BouncyCastleProvider does not need to be inserted as a security provider since it's only used to create X.509 certificates. However, BouncyCastle calls into itself for some things like OID -> key type conversion. This relies on all of its internal data structures being initialized properly. In particular there is a keyInfoConverters field that must be populated to work correctly. If keyInfoConverters is not populated, the generated certificate will have a null PublicKey since it can't figure out what type of key it is. Test: ran outside of CTS Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Bug: 31119038 Change-Id: I1bcc73a363cb9dac9e9decb9046d386d3394f1d9 ibcore/java/security/TestKeyStore.java
76fcaa0e395ed2795e271213b10056264cb79aec	01-Nov-2016	Yi Kong <yikong@google.com>	Address URLConnectionTest post-commit review comments This change addresses some post-commit review comments for commit 44c55c5b639d6c1eea6eeae8414ef9df95b67bb7: * Moved SocketTimeoutException into a separate test. * Added more infomative comments regarding setDelay. * Reduced method visibility, being public method is unnecessary. Bug: 32363029 Test: URLConnectionTest#test_setReadTimeoutI_SocketTimeoutException Change-Id: Ia13ba801cfa6e06fc7597f4f665fa2d002b688e1 ests/support/Support_TestWebServer.java
44c55c5b639d6c1eea6eeae8414ef9df95b67bb7	31-Oct-2016	Yi Kong <yikong@google.com>	Fix URLConnectionTest.test_setReadTimeoutI on host test This was failing because the test assumes that read will not complete within 1ms, while it is still possible, especially on host tests. This patch introduces a minimum time delay before the TestWebServer sends data. Bug: 32363029 Test: org.apache.harmony.luni.tests.java.net.URLConnectionTest#test_setReadTimeoutI under host tests Change-Id: Ibb4e2125f99b0544d0f09331b4ab9b0448b14035 ests/support/Support_TestWebServer.java
0310e4db77a3eb2f0ff6a98af37f6ebd262014d3	27-Oct-2016	Sergio Giro <sgiro@google.com>	sun.security.x509: porting rev/04cda5b7a3c1 Changes to KeyUsageExtension, NetscapeCerTypeExtension and ReasonFlags as to check as to improve checks of array bounds. sun.security.provider.certpath.DistributionPointFetcher has a similar change concerning array bounds, where the opportunity to improve probably was spotted by the fact that it uses ReasonFlags. Since in the classes in sun.security.x509 the logic for toString changed slightly, tests are added that passed both before and after the change, as to check that the outcome is the same. Bug: 29631070 Test: run cts -m CtsLibcoreTestCases Change-Id: I2a2c10c59509063e648f238f82ac71b4f513cd71 ibcore/sun/security/x509/Utils.java
c8e523784063ff26f67cc60483e58af42fc59ce0	20-Oct-2016	Sergio Giro <sgiro@google.com>	Merge "bouncycastle: add support for PKCS5S2 algorithm parameters"
859391ac33730f23dae23e005723c810a91eade4	20-Oct-2016	Kenny Root <kroot@google.com>	Merge "Fix some imports in TestUtils.java"
62201369e92a97002f65c5bc6298efb159552cfd	20-Oct-2016	Kenny Root <kroot@google.com>	Fix some imports in TestUtils.java Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=136450318 Test: mmma -j32 libcore Change-Id: I62edce18ddd1ebf46d2488d88376636f566e3f6f rg/apache/harmony/security/tests/support/cert/TestUtils.java
7284903a42754756a36fde17ee0c814c7de8973f	19-Oct-2016	Kenny Root <kroot@google.com>	TlsWire: add missing secp224r1 value This is used by the RI so add it to the list of known values. Test: mmma -j32 libcore Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Change-Id: Id4792b5f42e309570d5c27accd0e51c432df5289 ibcore/tlswire/handshake/EllipticCurve.java
cfd2637a57c661014a9b7803a014c8d1fa432954	18-Oct-2016	Kenny Root <kroot@google.com>	Remove unused import in Support_ClassLoader Test: mmma -j32 libcore Change-Id: I7be19dcf3b42d14328524d7ceecfa9bd48f87dc3 ests/support/Support_ClassLoader.java
f3203f2d212279300ebd7f4a43ae323580d77812	17-Oct-2016	Sergio Giro <sgiro@google.com>	bouncycastle: add support for PKCS5S2 algorithm parameters Java 8 allows to specify a PBE key using only the password (as opposed to password + salt + iteration count) and generate the encryption key later by specifying the rest of the parameters in an AlgorithmParameters object. Adding these AlgorithmParameters in BouncyCastle together with support in ciphers. Bug: 29631070 Test: run CtsLibcoreTestCases Change-Id: If3f9cf04a12beaf7cade5197ecbf7ea0fcca72fe ibcore/java/security/StandardNames.java
4193cab12a4b47920f932fc716a0c168185def76	13-Oct-2016	Treehugger Robot <treehugger-gerrit@google.com>	Merge "Split out Dalvik implementation"
80dd0941ddca9aa7c9be1c7dfff9def1083c01ba	11-Oct-2016	Sergio Giro <sgiro@google.com>	Merge "external/bouncycastle: add algorithms for PbeWithHmacSha mac variants"
0c6b3e248be702b7fb17dfe3508860057774316d	09-Oct-2016	Kenny Root <kroot@google.com>	Split out Dalvik implementation This helps with compiling this on non-Android platforms since you can simply not compile the Dalvik implementation. Test: mmma -j32 libcore && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/java/lang/OldClassTest.java Change-Id: I44ae710f36a4ce44d8c3615e371522c6b56c8e1d ests/support/Support_ClassLoader.java ests/support/Support_ClassLoaderDalvik.java
411d33dfe51ccc10b47ac4b7605663a421fbd781	09-Oct-2016	Kenny Root <kroot@google.com>	Use capital L for long literal This is an ErrorProne trigger (LongLiteralLowerCaseSuffix) so fix them since it's not important to the test itself. Test: mmma -j32 libcore && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/java/io/OldObjectInputStreamGetFieldTest.java Change-Id: I6af446afc59ea0393c40eb855395b8825e943941 rg/apache/harmony/xnet/tests/support/mySSLSession.java ests/support/Support_GetPutFields.java ests/support/Support_GetPutFieldsDefaulted.java ests/support/Support_GetPutFieldsDeprecated.java
3d83a65c642f064a5d326d7ed47fa576b098ba57	08-Oct-2016	Kenny Root <kroot@google.com>	Unhitch tlswire from libcore dependency This is using luni/src/main class but this couples support/src/test to the main libcore libraries. Since this is being used to test Conscrypt outside of the Android tree, unhitch this for convenience. Test: make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java Change-Id: Ib698555a643b0269d61c9cf0fd693dd6632fd0c8 ibcore/tlswire/handshake/ClientHello.java ibcore/tlswire/handshake/HelloExtension.java
61a39247fb8ae7183518607ca98c2296722762e7	05-Oct-2016	Sergio Giro <sgiro@google.com>	external/bouncycastle: add algorithms for PbeWithHmacSha mac variants Bug: 29631070 Test: run CtsLibcoreTestCases Change-Id: I5fd344c1de7c687585bc65a582e468501ee9154d ibcore/java/security/StandardNames.java
2439c385217d3351f9f9692731168870778dee10	27-Sep-2016	Chad Brubaker <cbrubaker@google.com>	SSLContext no longer provides SSL on Android Bug: 31765123 Test: Run libcore.java.security.ProviderTest.test_Provider_getServices Change-Id: I78acfd4955b8d753d86876e56cb5bcb482f6bbf9 ibcore/java/security/StandardNames.java
8f2073552a3aa97ce95f8380f5cab1742d77de91	14-Sep-2016	Chad Brubaker <cbrubaker@google.com>	Drop SSLv3 support The specific API version in the deprecation doc comments will be added later, for now listed as TBD. Bug: 30977793 Test: libcore/run-libcore-tests libcore/luni/src/test/java/libcore/javax/net/ssl/* Change-Id: I5ebe22421589415a9e9065715262e6860b251b2b ibcore/java/security/StandardNames.java
8a978725ca74a014e90ccf14d6ea9964691ad1e4	12-Sep-2016	Chad Brubaker <cbrubaker@google.com>	Drop RC4 cipher suite support from TLS The specific API version in the deprecation doc comments will be added later, for now listed as TBD. Bug: 30977793 Test: libcore/run-libcore-tests libcore/luni/src/test/java/libcore/javax/net/ssl/* Change-Id: Ic72806ef23066b89722419d5f09fed7fa007a60b ibcore/java/security/StandardNames.java
c97ba7f9b6a7621a55b95a7d5fd00cdffd6f09d5	08-Sep-2016	Kenny Root <kroot@google.com>	Add test to make sure TLS elliptic curves list is sensible We accidentally regressed Android's TLS client by taking a change to BoringSSL that limited client support to secp256r1. Note that BoringSSL still sets the default, but add this test to make sure that our usage of BoringSSL API doesn't cause unintended regressions. Test: make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java -- test_SSLSocket_ClientHello_supportedCurves Change-Id: I9ec9b46f7f504dc239ae6a0da042458ebfbe9c63 ibcore/java/security/StandardNames.java ibcore/tlswire/handshake/EllipticCurve.java ibcore/tlswire/handshake/EllipticCurvesHelloExtension.java ibcore/tlswire/handshake/HelloExtension.java
de6cabdeee1c4e0efbefdb2febb8b71d945b5f07	25-May-2016	Tobias Thierer <tobiast@google.com>	Test remaining API surface of ProcessBuilder. - Expand directory() getter/setter test to cover the null value, which is documented as a legal value. - refactored the ancient code that called execAndCheckOutput() to use checkProcessExecution() instead. This also makes it easier to remove streamToStringCallable() and and execAndCheckOutput(ProcessBuilder) in a future CL because only one usage remains, in OldFileTest. - Tests the documented behavior of the environment map throwing when the existance of a null or non-String key or value is queried. Test: cts-tradefed run cts -c libcore.java.lang.ProcessBuilderTest Bug: 27464570 Change-Id: Ic48733a403ab3a67165e2fa022cd42848ca8c1fe ests/support/Support_Exec.java
5558171bce9b70743bed9f6d3543d2eb15d51bb0	29-Jun-2016	Neil Fuller <nfuller@google.com>	Remove a race hazard from the execrable Support_TestWebServer Use of this class was resulting in threads being left in a spinning state due to the accept socket being closed but "running" still being true: the exception thrown from Socket.accept() was being swallowed. This is likely because there is a race between the thread actually starting (i.e. run() actually executing) and, in short-lived tests, the server being shutdown: if AcceptThread.close() was called before AcceptThread.run() then when run() actually executed it would loop forever. Some dead code has been removed. Test: Ran the CTS tests Bug: 29820565 Change-Id: I92cc8b150378bb41f49f996422e1a7bc19801b67 ests/support/Support_TestWebServer.java
ccd08b2c77aeae787a69b2839d705b0da0b68c63	21-Jun-2016	Sergio Giro <sgiro@google.com>	tests/util: Correct sum in SummaryStatistics It's computing the mean incorrectly (equals the last value/N). This is making tests in DigestTest flaky. Bug: 29532930 Change-Id: I4ab8b6009993b3716d5d1ba556e0d645fe1f9d29 ests/util/SummaryStatistics.java
a9cf5de9d7aaeff9ae32ad329c0baedb5723839c	02-May-2016	Treehugger Robot <treehugger-gerrit@google.com>	Merge "SSLEngineTest: test multiple thread use"
58af60a00935641f4669afc358593456944644ec	29-Apr-2016	Kenny Root <kroot@google.com>	SSLEngineTest: test multiple thread use Use SSLEngine with multiple threads to make sure there are no issues. Bug: 28473706 Change-Id: Ica180edff10d03fdf5e31621a901ad5575a762f3 ibcore/javax/net/ssl/TestSSLEnginePair.java
df2324f481f45ccc3d6d08c8cec4d762df530c79	29-Apr-2016	Sergio Giro <sgiro@google.com>	Merge "PathClassLoaderTest: add test about loading resources with tampered certificates"
766efdce90639b4199831272cc1ac3e64bd87a5a	19-Apr-2016	Sergio Giro <sgiro@google.com>	PathClassLoaderTest: add test about loading resources with tampered certificates Document that classloading with malformed certificates succeed, although the call to getCertificates returns null. hyts_signed_wrong_cert.jar was obtained by taking hyts_signed.jar and changing META-INF/TEST.DSA by deleting the first byte. Bug: 27826114 Change-Id: Ia088d4ef0247a28bebf7ea66977a29afb2ca40ee (cherry picked from commit 1526f8786e25c75db74c059d3aaaba9bb1d25bcd) ests/resources/hyts_signed_wrong_cert.jar
562ab6c870ff433c6d239ad6e6625f3ac63edef3	22-Apr-2016	Kenny Root <kroot@google.com>	CpuFeatures: try to get around emulated ABI problems Some devices emulate ABIs but use proxy libraries so that native code is run in a different ABI than the one being emulated. This makes it tricky because the Java part of a test test sees one world and the native code sees something entirely different. There doesn't seem to be anything to be done to corroborate what Conscrypt is seeing in this case, so just ask Conscrypt what it's seeing. Hopefully this doesn't lead to bugs in the future, but no other useful suggestion has come up to help it. Bug: 27908488 Change-Id: I7563b077e8cd9429c3caf2ae7653310172562bae ibcore/java/security/CpuFeatures.java
b38c1d0379aae312f2a3edd5a0581850988afba1	14-Apr-2016	Kenny Root <kroot@google.com>	TestKeyStore: use static DH parameters Generating a DH key can take a long time since safe primes need to be found. However, you can use a "known safe" prime which is fine as long as too many people don't try to start using it and make it valuable enough to solve the discrete log problem in this group. This makes tests using the TestKeyStore run in a predictable amount of time which reduces the amount of flaky tests. Bug: 28131777 Change-Id: Ic3548c40e24436e354edd4ff106a6f0852a7cfd6 ibcore/java/security/TestKeyStore.java
7abb54e68e213538f8df3357a8abce4a6e49b086	05-Apr-2016	Sergio Giro <sgiro@google.com>	TestKeyStore: add the ability to set certificate serial numbers Change URLConnectionTest#testHttpsWithCustomTrustManager to check for specifically set serial numbers. As of 5a85130cc3ee3df65c3b263773e3649277b37317, the serial numbers were being generated randomly, and the test was looking for the value "1", so the test was broken. (cherry picked from commit a23e1a7d40a0a85f8eed3a94d6b5714f98180a4e) Bug: 27987415 Change-Id: I91d2726f362a6aab75edbb6b0d133c00ab774e73 ibcore/java/security/TestKeyStore.java
0435fdbd46bdbbec9c97932ebb86bffe8cb981b6	30-Mar-2016	Kenny Root <kroot@google.com>	Add OCSP helpers Add helper functions for later tests that test OCSP functionality. Bug: 27812109 Change-Id: If0f9190e30ea386b364fda4eaa3315ad647c461e ibcore/java/security/TestKeyStore.java
313d8df320e37b92f711f547a856daa1b284b2b2	21-Mar-2016	Kenny Root <kroot@google.com>	Use canonical name for SHA1withECDSA The Standard Names documentation that "ECDSA" should not be used due to its ambiguity. This tracks the changes to Bouncycastle and Conscrypt. Bug: 27753949 Change-Id: Id84049e6aa1a3ef131ba3ccea38a5a014db7809c ibcore/java/security/StandardNames.java
7e8a826ee53af4b7a448fb339b446d13220145c4	18-Mar-2016	Kenny Root <kroot@google.com>	Prefer AES when hardware acceleration is available ChaCha20-Poly1305 is more efficient in software, but many modern CPUs have acceleration for AES which makes AES-GCM the more preferable choice in terms of throughput and battery consumption (i.e., less CPU cycles per byte). Bug: 26945889 Change-Id: I2b5fac1b8f1efec77fd8d847643d71902eb943e3 ibcore/java/security/CpuFeatures.java ibcore/java/security/StandardNames.java
5fbb3ca9083c4799c5eb8b1d0837270898071379	04-Mar-2016	Alex Klyubin <klyubin@google.com>	Assert that RC4 TLS/SSL cipher suites are not used by default. RC4 has been deprecated for a while. It's now time to no longer use it by default. Mozilla Firefox and Chrome web browsers have already made the leap. This is a follow-up to 9a7b700a0f4d5bb1967b71e114b935b5b2ac7c12 which asserts that TLS_RSA_WITH_RC4_128_SHA is disabled for the same reasons. Bug: 24898327 Change-Id: Ieedb176e91ead0bb95c9a2a3af04c9547de06221 ibcore/java/security/StandardNames.java
9958d3c59c0b774238bf5a2e06758c11fbb702de	04-Mar-2016	Kenny Root <kroot@google.com>	SSLSocketTest: make endpoint verification tests not depend on DNS Apparently 127.0.0.2 resolves to localhost in some places, so use a serialization trick to write an arbitrary hostname into an InetSocketAddress. This allows us to substitute any valid SNI hostname during testing. Bug: 27271561 Change-Id: If2351c424bc1f1193a42fe93a983948a19ae7ec2 ibcore/javax/net/ssl/TestSSLContext.java
9a7b700a0f4d5bb1967b71e114b935b5b2ac7c12	24-Feb-2016	Alex Klyubin <klyubin@google.com>	Assert that RC4 TLS/SSL cipher suites are not used by default. RC4 has been deprecated for a while. It's now time to no longer use it by default. Mozilla Firefox and Chrome web browsers have already made the leap. Bug: 24898327 Change-Id: Ief3285f0abee0ddef547b13c50f0487dc1911e8d ibcore/java/security/StandardNames.java
420ea38aecdef0f5895c5e82751ebabe26bc0bd5	05-Feb-2016	Kenny Root <kroot@google.com>	Fix AlgorithmParameter tests to have better errors The previous test was catching all the exceptions and printing out the message of the exception which erased all the useful information. Bug: 26413503 Change-Id: Id4c9f6db59d19b67c2f4e098fbe79587fcbabb34 ests/security/AlgorithmParameterAsymmetricHelper.java ests/security/AlgorithmParameterGeneratorTest.java ests/security/AlgorithmParameterKeyAgreementHelper.java ests/security/AlgorithmParameterSignatureHelper.java ests/security/AlgorithmParameterSymmetricHelper.java ests/security/AlgorithmParametersTest.java ests/security/CipherAsymmetricCryptHelper.java ests/security/CipherHelper.java ests/security/CipherSymmetricCryptHelper.java ests/security/KeyAgreementHelper.java ests/security/KeyFactoryTest.java ests/security/KeyPairGeneratorTest.java ests/security/MessageDigestTest.java ests/security/SignatureHelper.java ests/security/TestHelper.java
c5b7943bbef88dad93725fd8fa83263230156548	05-Feb-2016	Kenny Root <kroot@google.com>	Update ChaCha20/Poly1305 TLS cipher suite IDs Some of the tests were failing because the cipher suite IDs were not mapping back correctly to the name that was expected. Bug: 26984184 Change-Id: I021263d6981e6ccb119bcf4f3cb620a235265c86 ibcore/tlswire/handshake/CipherSuite.java
3deee53a943c51f308c220f51e01e290b1753102	02-Feb-2016	Kenny Root <kroot@google.com>	Merge "Add ChaCha20-Poly1305 as an enabled cipher suite"
18071abfad7b0525ae644d430e1df43c83d1aadf	02-Feb-2016	Kenny Root <kroot@google.com>	Add ChaCha20-Poly1305 as an enabled cipher suite Change-Id: Idb809fe86688b21d25e1c44867659f5f02145543 ibcore/java/security/StandardNames.java
01b7734160977458d44d1fb179984fd91672f08d	01-Feb-2016	Kenny Root <kroot@google.com>	Add tests for SSL handshake session and endpoint verification Partial revert of commit 36214feb86a0963b23f34c8c63584252bd757e19. Change-Id: I731515bd180f1ea36abf4d8c1151a75254ad0c10 ibcore/javax/net/ssl/TestSSLContext.java ibcore/javax/net/ssl/TestTrustManager.java
470d4739ef2a14ef77f11bc6dc5d0f09b9e8f6d0	19-Jan-2016	Sergio Giro <sgiro@google.com>	IdentityTest/SignerTest: avoid using IdentityScope.getSystemScope() There is no default system scope anymore. Bug: 26590281 Bug: 26517816 Change-Id: Icd3dd88bdf9c4525888a27652916a7323415453b rg/apache/harmony/security/tests/support/SystemScope.java
81885494e46596c796cdcb5037b91d92915b65a7	06-Jan-2016	Kenny Root <kroot@google.com>	Check for RFC 5746 TLS extension RFC 5746 allows you to either include a signaling cipher suite or a TLS extension. However, since TLS API has no way to indicate or check that a certain TLS extension is used, we insert it into the cipher suites we see to check against the enabled cipher suites. Bug: 24602368 Change-Id: I06422b9a90f47bb5ffa10ef614233d856773d336 ibcore/tlswire/handshake/HelloExtension.java
793c9ce05eae979a7de9d164f6ec67f4501d022e	05-Jan-2016	Kenny Root <kroot@google.com>	Revert "Update tests for BoringSSL roll." There is no way to indicate in the Java language that a TLS extension should be used instead of the pseudo-ciphersuite for RFC 5746 operation. Instead we should use the presence of the pseudo-ciphersuite in the enabled list to enable the TLS extension. Therefore we should revert the test expectation and allow the TLS_EMPTY_RENEGOTIATION_INFO_SCSV pseudo-ciphersuite to be in enabled list. This reverts commit 5894fb79880aa4fb8fe42963234c2bba599ce1bb. Bug: 24602368 ibcore/java/security/StandardNames.java
0846931f553272a4a3948fe48e79824f772aeffb	19-Dec-2015	Kenny Root <kroot@google.com>	Merge "Quote paths in X509 cert creation script" am: d710d4da76 am: c857d0e9b9 * commit 'c857d0e9b9536cd46ac008561c3cb07fb7a2bb21': Quote paths in X509 cert creation script
aad989be8a7ff7a44a4bc27b6b83723560af6107	17-Dec-2015	Kenny Root <kroot@google.com>	Quote paths in X509 cert creation script Add quotes around paths and binary arguments to make sure that spaces aren't interpreted as breaks. Change-Id: I8abc748528a67a4e35b5ec76b8bf74db9a712c21 ests/resources/x509/create.sh
9d83fcf221b1b13f6fe0f0e977ace87fe14a00a3	09-Dec-2015	Narayan Kamath <narayan@google.com>	Fix URLConnection test cases. - Have Support_TestWebServer send down an explicit timezone so there's no ambiguity in the parse. HttpURLConnection coerces all timezones into GMT. - getFileNameMap always constructs a new FileNameMap if the default is null. This implies that setFileNameMap(null) now sets things back to the default. - getRequestProperty / setRequestProperty on URLConnection subclasses that don't override those methods behave as if they were backed by a map. bug: 26023804 Change-Id: I75abd114f0dcbd8afbfa1786b7d5142e0b071bed ests/support/Support_TestWebServer.java
5fe0dc42747e190d165e5b52b32318826a56fe0c	08-Dec-2015	Kenny Root <kroot@google.com>	Bump test key sizes to 1024 For maximum compatibility with all targets, bump the minimum key size up to 1024 bits. Also extract all the magic constants so they can be updated later on while conveying which key types they map to. Bug: 25753423 Change-Id: If58a9747d2f636e6ffd3616a4d4fffc2927607be ibcore/java/security/TestKeyStore.java
560a1e7a77290205382d02e003d6882ce202c076	08-Dec-2015	Kenny Root <kroot@google.com>	Revert "Bump test key sizes to 1024" This reverts commit 68d97656b8b1802ef5ec47f978b5421412c62bfb. Uploaded wrong patchset. Change-Id: I0765605685de2a0910373a072ce69f6926647675 ibcore/java/security/TestKeyStore.java
68d97656b8b1802ef5ec47f978b5421412c62bfb	08-Dec-2015	Kenny Root <kroot@google.com>	Bump test key sizes to 1024 For maximum compatibility with all targets, bump the minimum key size up to 1024 bits. Also extract all the magic constants so they can be updated later on while conveying which key types they map to. Bug: 25753423 Change-Id: Ie402e29e591fc646560a46ff1eea97f1d201a93c ibcore/java/security/TestKeyStore.java
3f6031f9953558e016189597ef18886e322ebed5	26-Nov-2015	Neil Fuller <nfuller@google.com>	Merge "Fix OldJarFileTest: move initialization to setUp()"
58b05c8cd9e9e80beb7bfd016a78208ab7ea3539	26-Nov-2015	Neil Fuller <nfuller@google.com>	Fix OldJarFileTest: move initialization to setUp() CTS test execution appears to have started deleting the temp dir created at construction time before the test is run in _some_ circumstances. The test was doing work at construction, which is incorrect. Also updated Support_Resources to throw exceptions not log them. Bug: 25752418 Change-Id: I9e8828c327905d7f4fd7995da6217cf9c61af89f ests/support/resource/Support_Resources.java
25cd1880312d87adb33735b943ac9f184eb2ba7a	21-Nov-2015	Alex Klyubin <klyubin@google.com>	Assert that PSS AlgorithmParameters work as expected. Bug: 25794302 Change-Id: I5aaf2e732299843b34e4c31f91dff5f505ff61ad ibcore/java/security/StandardNames.java
1a462a128d2b1fc2058288e3fe6c4886178019d0	25-Sep-2015	Nick Kralevich <nnk@google.com>	am 34489adf: Merge "StrictJarFileTest: Make sure zero length files are handled correctly" * commit '34489adf319727847824a9e625df8fc4e7ad77f4': StrictJarFileTest: Make sure zero length files are handled correctly
34489adf319727847824a9e625df8fc4e7ad77f4	25-Sep-2015	Nick Kralevich <nnk@google.com>	Merge "StrictJarFileTest: Make sure zero length files are handled correctly"
6b53e3b969a3148a2e20ebffb15a2946b6dba9ff	25-Sep-2015	Kenny Root <kroot@google.com>	am 62ed3187: Merge "Revert "Revert "Update tests for BoringSSL roll.""" * commit '62ed3187950d529b5f7b61a32955d23d7f37a83c': Revert "Revert "Update tests for BoringSSL roll.""
76cbd50fe694b58beb25b6f06776b722db31abc2	25-Sep-2015	Kenny Root <kroot@google.com>	Revert "Revert "Update tests for BoringSSL roll."" This reverts commit 1681d1ab216f42ec6f29d52d3dbb1760dad84d7f. Underlying issue was fixed. Change-Id: I387f28df03a4b6f79557557fa1483bc2ba45f6bb ibcore/java/security/StandardNames.java
61b3207137527b42bf20e740074942f8636e0bf4	25-Sep-2015	Kenny Root <kroot@google.com>	am d0bc90b0: Merge "Revert "Update tests for BoringSSL roll."" * commit 'd0bc90b0887cb31e12b3153c981ba98e45a76676': Revert "Update tests for BoringSSL roll."
1681d1ab216f42ec6f29d52d3dbb1760dad84d7f	25-Sep-2015	Kenny Root <kroot@google.com>	Revert "Update tests for BoringSSL roll." This reverts commit 5894fb79880aa4fb8fe42963234c2bba599ce1bb. The BoringSSL update broke some x86 builds. Change-Id: I5e06700853a881778b99187d256bc87d773d46ab ibcore/java/security/StandardNames.java
e63232906598cd649253f5d0a7a10024bc99dffb	25-Sep-2015	Kenny Root <kroot@google.com>	am e9910cae: Merge "Update tests for BoringSSL roll." * commit 'e9910cae2a7147d14f0d352de271cbf31ab08f75': Update tests for BoringSSL roll.
9f445e82cdf2672e18b44f05d7957dbe7336321a	24-Sep-2015	Nick Kralevich <nnk@google.com>	StrictJarFileTest: Make sure zero length files are handled correctly Modifying a .jar file and replacing a file with a zero length file should invalidate the JAR signature. Add an explicit test. Bug: 24341122 Change-Id: I872a554dda9af55b8160e3c57467faa382a0f33e ests/resources/replace_with_zero.jar
5894fb79880aa4fb8fe42963234c2bba599ce1bb	24-Sep-2015	Adam Langley <agl@google.com>	Update tests for BoringSSL roll. The renegotiation SCSV only needs to be sent with SSLv3. Sending it in newer versions isn't needed because an extension does the same job. This change updates the test expectations to match the behaviour of the newer BoringSSL. Change-Id: I213b778d921f6ba4364043bb582d16bd05966b2d ibcore/java/security/StandardNames.java
13b16b2223b83de691f3a027804dae8402c03a4c	15-Sep-2015	Neil Fuller <nfuller@google.com>	am 8fb8018d: Merge "Fix / unsuppress some URLConnectTests tests" * commit '8fb8018dc9d95848b70f037e139c2f8e2445e0e4': Fix / unsuppress some URLConnectTests tests
8fb8018dc9d95848b70f037e139c2f8e2445e0e4	15-Sep-2015	Neil Fuller <nfuller@google.com>	Merge "Fix / unsuppress some URLConnectTests tests"
d3f4ab6eadc5548c60b76bdc7a2a39e0e3ad2019	15-Sep-2015	Kenny Root <kroot@google.com>	am 030ff6e7: Merge "Add more debugging to the DigestTest" * commit '030ff6e7ab1b505cd375607b79c001ef0c630715': Add more debugging to the DigestTest
5fe1cd001f38fba460ac0ce5c15b85250e400f25	14-Sep-2015	Kenny Root <kroot@google.com>	Add more debugging to the DigestTest This test sometimes fails, but we don't know what the coefficient of variation is on the test results. Add this to the debug output so we can see if there is just some wild swing during testing. Also add a few rounds of warm-up as well. Bug: 24011092 Change-Id: Ic58f106f68eb93976e3f030e2f23e0156fe84be8 ests/util/SummaryStatistics.java
26f2557b26ea23326178f029e07a8adbfc27d0bf	08-Sep-2015	Neil Fuller <nfuller@google.com>	Fix / unsuppress some URLConnectTests tests URLConnectionTest.testConnectTimeouts(): The code was creating a URL like: http://:::<port number>/ because the stuck server returns "::" as the host address for the wildcard binding done. This URL is invalid (as it is missing [] around the IPv6 address string). The test was supposed to check multiple IPs are tried and the overall timeout is the sum of all the sockets tried. Switching StuckServer over to binding to localhost did not work. Since the format of the URL does not appear to be the purpose of this test it is reasonable to change it before the OkHttp update. Instead, the test now replaces the the SocketFactory with one that returns sockets that immediately time out, avoid the need to nerf the server-side entirely. The test does not test multiple IPs because (AFAIK) the tests cannot depend on being able to resolve real server names. This part of the change involved creating a hidden method in SocketFactory. This change adds a new dependency on Mockito so that a partial mock for Socket can be created. URLConnectionTest.testServerShutdownInput(): Unsuppress. It should work now. Bug: 5534202 Bug: 23888521 Change-Id: Iaa57987c59cd6ec1c117f9c90f6ff8ea42d58210 ests/net/DelegatingSSLSocketFactory.java ests/net/DelegatingSocketFactory.java ests/util/DelegatingSSLSocketFactory.java
600f39214e54c57b24821792fb629cc3488e16e2	19-Jun-2015	Alex Klyubin <klyubin@google.com>	am f28ba434: Merge "Add RSA-OAEP and RSA-PSS to StandardNames." into mnc-dev * commit 'f28ba434b8050bf418a6913bb466e0b71dcb8195': Add RSA-OAEP and RSA-PSS to StandardNames.
89c6ac92228530d7c8bd3563e6316754190a27ed	17-Jun-2015	Alex Klyubin <klyubin@google.com>	Add RSA-OAEP and RSA-PSS to StandardNames. This fixes libcore.java.security.ProviderTest#test_Provider_getServices which got broken by Android Keystore Provider exposing RSA encryption with RSA-OAEP padding scheme and RSA signatures with RSA-PSS padding scheme. Bug: 21870225 Change-Id: I661a333579a29b5ede2b517e1a020d73122bfffc ibcore/java/security/StandardNames.java
384730cb57f41235f09829355d7ce67132625f7f	06-Jun-2015	Dmitriy Ivanov <dimitry@google.com>	Fix lookup order when opening directly from APK The order should be as follows: 1. Uncompressed native library dir (if any) 2. Directly from apk (<apk>!/lib/<abi>) 3. vendor/lib:/system/lib Bug: http://b/21647354 Bug: http://b/21667767 Bug: http://b/21726698 Bug: http://b/8076853 Change-Id: I62cd76b7e4ae927d865d7d0ee81ceb91caa54e99 ests/resources/ClassPathURLStreamHandlerTest.jar
a5caedeac65e6f1193fb51824af957c9f69c5191	10-Jun-2015	Sergio Giro <sgiro@google.com>	libcore/support: change TestKeyStore to avoid using getLocalHost() Use constants instead. InetAddress.getLocalHost() causes trouble when there is incompatibility between netd and bionic (see c/147244). This is part of an effort to start running conscrypt/java.security tests in the buildbot. Change-Id: I97ccf0a09f11c68e1b1ae2c2da99c2269ad0fe90 ibcore/java/security/TestKeyStore.java
dfb72da0fbf93c04964db1908e99b10087f07a4c	04-Jun-2015	Kenny Root <kroot@google.com>	Update offered ciphers Dropped support for non-ephemeral Diffie-Hellman cipher suites, anonymous authentication, some DES cipher suites, and export cipher suites. (cherry picked from commit 90b217a3543f119bb7aa20d7a0e55fd5343e9ce7) Bug: 21522548 Change-Id: Ie2048d303890935969cc7c1ac7bc9d93705c7a90 ibcore/java/security/StandardNames.java
90b217a3543f119bb7aa20d7a0e55fd5343e9ce7	04-Jun-2015	Kenny Root <kroot@google.com>	Update offered ciphers Dropped support for non-ephemeral Diffie-Hellman cipher suites, anonymous authentication, some DES cipher suites, and export cipher suites. Bug: 21522548 Change-Id: Ie2048d303890935969cc7c1ac7bc9d93705c7a90 ibcore/java/security/StandardNames.java
3db17f7fcd2a93cfeead9874696a8901423aba6d	04-Jun-2015	Neil Fuller <nfuller@google.com>	Merge "Revert "Revert "Modification to the way boot classpath resources are loaded"""
2ce899fcb81707dd5447a15c29c2c137697f2f5e	04-Jun-2015	Neil Fuller <nfuller@google.com>	Revert "Revert "Modification to the way boot classpath resources are loaded"" This reverts commit 0c2e3c7fcb6754a2116c6226fe6480b3f6fa691f. Change-Id: I37abbb83f6091f252c90645b8a088cf361fa6a7a ests/resources/ClassPathURLStreamHandlerTest.jar
b8ec837828cc588fbd701ddc211f2a4293259d8d	04-Jun-2015	Neil Fuller <nfuller@google.com>	Make StrictJarFile deal with missing manifest entries jar files are allowed to not have manifest files. Change-Id: Id3da8bf0aa5a74ecf1552e027ee9a0176c149928 ests/resources/StrictJarFileTestNoManifest.jar
0c2e3c7fcb6754a2116c6226fe6480b3f6fa691f	03-Jun-2015	Neil Fuller <nfuller@google.com>	Revert "Modification to the way boot classpath resources are loaded" This reverts commit 05a5c2f89e12e27db69f24165a05bdfd0476c73a. Change-Id: I07cc3841df40d20e2c09b0bf282bf213f422effe ests/resources/ClassPathURLStreamHandlerTest.jar
05a5c2f89e12e27db69f24165a05bdfd0476c73a	19-May-2015	Neil Fuller <nfuller@google.com>	Modification to the way boot classpath resources are loaded VMClassLoader.getResource(), used by the Android boot classloader was more expensive than it needed to be. Context: Checking each classpath entry for a resource involved opening a zip file, checking for the resource and closing it again. Because classloaders are arranged in a hierarchy, and parent classloaders are checked first, this change should have a positive performance impact for every call to ClassLoader.getResource(), getResources() and getResourceAsStream(), regardless of the classloader being used. Details of change: This change builds on an earlier commit for BaseDexClassLoader. See commit 1a796cbc5dfb263511f2f4e5213adbc1d396a813 for the earlier change. Unlike the BaseDexClassLoader change, we did not have the zip file already open so this does impact the amount of reported heap memory being used at rest in the zygote. It may increase the amount of heap memory in use generally for jars that have no resources because all jar files are opened, not just the ones found to have requested resources. The heap memory should consist of the entry metadata. The zip file itself is mapped into non-heap/native memory. Any resources loaded from the boot classloader previously would have caused the JarURLConnection cache to hold the associated zip file open anyway. See https://code.google.com/p/android/issues/detail?id=60071 for context. This change avoids the use of that cache for bootclass path resources. Most other usages of jar: urls should now be within the control of apps, and their can call setUseCache() to prevent caching. Performance: Measured on a Nexus 5. All values in microseconds. Benchmark (not real app): GetBootResource_hit - looks for a resource known to be in the boot classpath in core-libart: java/util/logging/logging.properties GetBootResource_miss - looks for a resource known to be missing. Before: GetBootResource_hit 237 GetBootResource_miss 3034 After: GetBootResource_hit 23.8 GetBootResource_miss 22.5 App (using vogar --mode activity): Before: Hit: 236-446 Miss: 3042-3555 After: Hit: 65-180 Miss: 88-120 Memory usage: The use of StrictJarFile keeps the memory usage down to low levels levels: An initial implementation of this change that used JarFile was showing up as expensive because the heap memory usage is dependent on the number of entries in the jar. ext.jar was taking up 275k due to a large number of resources associated with libphonenumber. By using StrictJarFile, Java heap usage is now < 2k per jar. The JarFile cost would previous have been paid anyway if an app read a resource out of ext.jar (because of the JarURLConnectionImpl cache) so this change should also produce savings there. It does mean that we map all the class path jars into memory natively, but the kernel should be managing that for us and sharing the expense across all apps. Given the runtime may be mapping the files for its own purposes elsewhere the additional cost may even be nil. Bug: https://code.google.com/p/android/issues/detail?id=60071 Bug: 20685844 Change-Id: Ic3dc4a655c46cc67bfe9b9e254036c6651869c92 ests/resources/ClassPathURLStreamHandlerTest.jar
8c28234a72ffd3ef4eed7ba3b108291f8db2f739	19-May-2015	Kenny Root <kroot@google.com>	Merge "StandardNames: update expectations for RI"
e31bd0c48b5aed701ac43ae9d1e0ff44daf77a2c	18-May-2015	Kenny Root <kroot@google.com>	No need to test "GCM" mode in regular Cipher test Partially revert change from 6e0cdd08e2a671393b8a410690d28140a80d9387. Since the regular cipher test expects to be able to use all padding types with every mode, testing GCM is not appropriate here. It is still tested elsewhere in CipherTest. (cherry picked from commit a174063b24e6f792fc58373439808842e1c0d657) Bug: 21209499 Change-Id: Ie20ddab4112f350cce08114c913a89a659823823 ibcore/java/security/StandardNames.java
75cad21abebdf292f7e8ca3ed8cc9f7929d5579b	18-May-2015	Kenny Root <kroot@google.com>	Track change from GCM -> AES/GCM/NoPadding Update tests to track the change from GCM to AES/GCM/NoPadding (cherry picked from commit 6e0cdd08e2a671393b8a410690d28140a80d9387) Bug: 21209499 Change-Id: Ie8383cd2cd0bcb62a38c4c55cd86aa90ad834b2b ibcore/java/security/StandardNames.java
a174063b24e6f792fc58373439808842e1c0d657	18-May-2015	Kenny Root <kroot@google.com>	No need to test "GCM" mode in regular Cipher test Partially revert change from 6e0cdd08e2a671393b8a410690d28140a80d9387. Since the regular cipher test expects to be able to use all padding types with every mode, testing GCM is not appropriate here. It is still tested elsewhere in CipherTest. Bug: 21209499 Change-Id: Ie20ddab4112f350cce08114c913a89a659823823 ibcore/java/security/StandardNames.java
4d582b46ba554b77b83c384f1b064104358a9bc4	18-May-2015	Kenny Root <kroot@google.com>	StandardNames: update expectations for RI Change-Id: Ia61cce94c7746b064008fa74b5f48ae1ee701539 ibcore/java/security/StandardNames.java
6e0cdd08e2a671393b8a410690d28140a80d9387	18-May-2015	Kenny Root <kroot@google.com>	Track change from GCM -> AES/GCM/NoPadding Update tests to track the change from GCM to AES/GCM/NoPadding Bug: 21209499 Change-Id: Ie8383cd2cd0bcb62a38c4c55cd86aa90ad834b2b ibcore/java/security/StandardNames.java
ef68d71f665164dc2b6341dfaaea2c41af8153b0	15-Apr-2015	Alex Klyubin <klyubin@google.com>	Unbreak SecretKeyFactory-related ProviderTest. The test was broken by AndroidKeyStore Provider adding support for SecretKeyFactory for key algorithms AES, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, and HmacSHA512. Bug: 20250820 Change-Id: Iba2d8f269844e01913fbf82a744e83da8f951af1 ibcore/java/security/StandardNames.java
5c95b44fc68ebb8ba9b8f2e5c83f020d603504b5	14-Apr-2015	Nick Kralevich <nnk@google.com>	StrictJarFile: unittest for missing files Add a test to verify that we error out when the manifest declares a file which isn't present in the jar. Bug: 1162500 Change-Id: I3c6814c500d218036a5c0515e9f4f93e3f7a63d5 ests/resources/removed.jar
7c4f30cf50079df52bc4572688c7c9eed129a4bb	07-Apr-2015	Sergio Giro <sgiro@google.com>	libcore: change SSLEngineTest to close SSLEngine instances It was leaking resources allocated by SSLEngine's, pipes among others, thus causing subsequent tests to fail with "too many open files" errors. In OpenSSLEngineImpl, the resources are freed in the finalizer, so there's no guarantee that resources as pipes will ever be freed unless the engines are explicitly closed. Change-Id: Ide90808a64278486a19bcdfcba628f623c62afc9 ibcore/javax/net/ssl/TestSSLEnginePair.java
b475d1c3d8bf15b063f6e7d2a1138b973da25e91	18-Mar-2015	Brian Carlstrom <bdc@google.com>	Fix misspelling of Kerberos Change-Id: I6473665bc00fa45d8a3941657791334e97df7c85 ibcore/java/security/StandardNames.java
50840c34598a1e2f14ec0dacc696ffdd79015948	23-Jan-2015	Alex Klyubin <klyubin@google.com>	am f0841451: Merge "Add SSLSocket tests which inspect emitted ClientHello fields." * commit 'f0841451c86cc9fa932dbc08271c8dc96da6ca38': Add SSLSocket tests which inspect emitted ClientHello fields.
b1fe85cc976c676eb50ff886596c93e04fd71d82	02-Dec-2014	Alex Klyubin <klyubin@google.com>	Add SSLSocket tests which inspect emitted ClientHello fields. This CL adds basic tests which capture the ClientHello emitted by SSLSocket and assert that the various fields are as expected. In particular, this CL adds tests for: * client protocol version, * cipher suite list, * compression methods, * server_name extension (SNI). Change-Id: I387c44363ad26f064885f9bfa28572da37871078 ibcore/tlswire/handshake/CipherSuite.java ibcore/tlswire/handshake/ServerNameHelloExtension.java ests/util/DelegatingSSLSocketFactory.java ests/util/ForEachRunner.java ests/util/Pair.java
138152ab385f27a80cf6520f79e39f91a35c04fb	08-Jan-2015	Kenny Root <kroot@google.com>	am ed755e7c: Merge "SSLEngineTest: position should be same as produced/consumed" * commit 'ed755e7c7aed927e164eb513d6ea92131667cdfa': SSLEngineTest: position should be same as produced/consumed
946d9a0b59d1a615278ad52518fa588407dfebd2	07-Jan-2015	Kenny Root <kroot@google.com>	SSLEngineTest: position should be same as produced/consumed The position of the buffer should match the number of bytes produced or consumed. Make sure all the tests have this condition on the handshake. Bug: 18921387 Change-Id: I8d248b2ac189d801586510fb5aca2e3bd6701ffe ibcore/javax/net/ssl/TestSSLEnginePair.java
155147bcc7deb957f7313f6b5f8ad9c19c07b75d	16-Dec-2014	Narayan Kamath <narayan@google.com>	am 8f090052: Merge "Repurpose "HexEncoding" for internal users." * commit '8f090052bdddc1312fe9238eca702c4e8eafff11': Repurpose "HexEncoding" for internal users.
11f82d1a94ebe1becb7e7d09dd3343ce117bdd46	15-Dec-2014	Narayan Kamath <narayan@google.com>	Repurpose "HexEncoding" for internal users. Frameworks callers either roll their own or use an internal apache class. Given that apache is going away, we need to provide them with an alternative. bug: 18027885 Change-Id: Iec01cba9f3d2027828457c0b450eac0dd08fcaf6 ibcore/tlswire/handshake/ClientHello.java ibcore/tlswire/handshake/HelloExtension.java ibcore/tlswire/util/HexEncoding.java
2c3cdb9a90e081a4f6d1e31a0c4d5423498720c8	05-Dec-2014	Narayan Kamath <narayan@google.com>	am cb43b294: Merge "Get rid of Support_Configuration.SpecialInetTestAddress ..." * commit 'cb43b294c4fc686c38f7bdd7c81c07f66f8eb9ce': Get rid of Support_Configuration.SpecialInetTestAddress ...
3ea21b6837215e3a69b6c4f537bda1149af62180	04-Dec-2014	Narayan Kamath <narayan@google.com>	Get rid of Support_Configuration.SpecialInetTestAddress ... ... aka. "www.google.com" and lots of other unused support configuration values. Change-Id: I07f07d656e77317a50ac54dda07f493437c15e58 ests/support/Support_Configuration.java
d8ce757d85ba665fa61d35e25e03c4de16c0f4c6	22-Nov-2014	Aaron Whyte <awhyte@google.com>	Fix URLConnectionTest for devices without full internet access. This removes two bad tests that are covered elsewhere, using mocks. test_getContentEncoding() was hitting http://www.amazon.com, to see if a URLConnection getter was working. That getter is now tested in libcore/luni/src/test/java/libcore/java/net/URLConnectionTest.java, in testClientConfiguredGzipContentEncoding(). test_getLastModified() was hitting http://www.php.net/manual/en/function.explode.php, to see if getHeaderFieldDate was working for Last-Modified. That getter is better tested in test_getHeaderFieldDateLjava_lang_StringJ(), in the same file. Bug:18480776 (cherry picked from commit 939e6a1aceff448445928ad5d815479e84e84383) Change-Id: Ia01fd59809683317271017364179e1843c149e65 ests/support/Support_Configuration.java
99f3b68146cafff32ddbc104baee8dbf5ab1c412	25-Nov-2014	Alex Klyubin <klyubin@google.com>	am 06609270: Merge "Assert finite default timeout for TLS/SSL sessions." * commit '06609270f635ac19a90bb01c480185b702882cf3': Assert finite default timeout for TLS/SSL sessions.
33b16225e22d748ab3a9868b10eaba325636d928	25-Nov-2014	Aaron Whyte <awhyte@google.com>	am aa0045f5: am 939e6a1a: Fix URLConnectionTest for devices without full internet access. * commit 'aa0045f52b0c780794dcf85acffc66e188b3681c': Fix URLConnectionTest for devices without full internet access.
aa0045f52b0c780794dcf85acffc66e188b3681c	25-Nov-2014	Aaron Whyte <awhyte@google.com>	am 939e6a1a: Fix URLConnectionTest for devices without full internet access. * commit '939e6a1aceff448445928ad5d815479e84e84383': Fix URLConnectionTest for devices without full internet access.
939e6a1aceff448445928ad5d815479e84e84383	22-Nov-2014	Aaron Whyte <awhyte@google.com>	Fix URLConnectionTest for devices without full internet access. This removes two bad tests that are covered elsewhere, using mocks. test_getContentEncoding() was hitting http://www.amazon.com, to see if a URLConnection getter was working. That getter is now tested in libcore/luni/src/test/java/libcore/java/net/URLConnectionTest.java, in testClientConfiguredGzipContentEncoding(). test_getLastModified() was hitting http://www.php.net/manual/en/function.explode.php, to see if getHeaderFieldDate was working for Last-Modified. That getter is better tested in test_getHeaderFieldDateLjava_lang_StringJ(), in the same file. Bug:18480776 Change-Id: I21ffc5c9c72eb4379478c11687d197dab176a851 ests/support/Support_Configuration.java
4e1404f2017dc7db05b69ecad241f78c5bb1a4ee	21-Nov-2014	Alex Klyubin <klyubin@google.com>	Assert finite default timeout for TLS/SSL sessions. This makes CTS tests expect 8 hours as the default timeout for TLS/SSL sessions. Prior to this change, sessions were expected to not time out by default. Bug: 18370076 Change-Id: I09ae9ee91df2fb4bb2e8cc812127dc9f05a14696 ibcore/javax/net/ssl/TestSSLContext.java
e35c306d27355e7121299d99e3744e2af012cc12	18-Nov-2014	Alex Klyubin <klyubin@google.com>	am 4b5092ae: Merge "Fix SSLContextTest.test_SSLContext_defaultConfiguration failure" * commit '4b5092ae80e4c3681080090eebd63a82d65eafd9': Fix SSLContextTest.test_SSLContext_defaultConfiguration failure
4b5092ae80e4c3681080090eebd63a82d65eafd9	18-Nov-2014	Alex Klyubin <klyubin@google.com>	Merge "Fix SSLContextTest.test_SSLContext_defaultConfiguration failure"
27dfa4189d92215acb28fcd26938aa3820932d09	18-Nov-2014	Alex Klyubin <klyubin@google.com>	am 5a32ef57: Merge "Adjust tests for removal of DSS TLS/SSL cipher suites." * commit '5a32ef575b3657168a1a53e7bc8c2cd2481dd3ec': Adjust tests for removal of DSS TLS/SSL cipher suites.
782740701db73dd2dc4fef9df8cde270b0e631a4	18-Nov-2014	Alex Klyubin <klyubin@google.com>	Fix SSLContextTest.test_SSLContext_defaultConfiguration failure This test was failing because it assumed that all SSLContext instances have the same set of TLS protocol versions enabled. The fix refactored SSLDefaultConfigurationAsserts class into SSLConfigurationAsserts class. The main difference is that the new class has wider scope: it can assert that (1) the default configuration of TLS/SSL primitives is as expected -- exactly what the old SSLDefaultConfigurationAsserts class offered, and (2) that TLS/SSL primitives are configured the same as a provided SSLContext. Assertions about the default configuration of primitives other than SSLContext are now implemented by asserting that these primitives are configured exactly like the default SSLContext. Change-Id: I52d6514768c4053054df2cf79e7182d8fd87bfe2 ibcore/java/security/StandardNames.java ibcore/javax/net/ssl/SSLConfigurationAsserts.java ibcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java
fef7818155899c092e6741de049fb7601dfcaf73	13-Nov-2014	Alex Klyubin <klyubin@google.com>	Adjust tests for removal of DSS TLS/SSL cipher suites. This is in preparation for migration from OpenSSL to BoringSSL. BoringSSL does not support DSS. Bug: 17409664 Change-Id: I6b2ac5f7c7b9c41416650cdbdce2deed03372f49 ibcore/java/security/StandardNames.java
8d4127b6f07ff8b01cef5e29932bd21cf14d9921	14-Nov-2014	Kenny Root <kroot@google.com>	am 657afa6c: Merge "JarUtils: stop trying to build chain past candidates length" into lmp-mr1-dev * commit '657afa6cd8da378f30afe7b491e6d9de6c7c23fd': JarUtils: stop trying to build chain past candidates length
ef7f5a16547089a7cdba9e48d780720f606ff54a	13-Nov-2014	Kenny Root <kroot@google.com>	JarUtils: stop trying to build chain past candidates length If the certs in the PKCS#7 bag are in a loop, it will go on forever trying to build a chain. Instead just stop trying to build the chain when our chain exceeds the length of the candidates. Bug: 17972577 Change-Id: If4f92e3eeabe893612a618bab0068a0f8cf75ea9 ests/resources/hyts_certLoop.jar
5dddfb59b6d53e46eb88f574cfd87e668d08ceaf	13-Nov-2014	Alex Klyubin <klyubin@google.com>	am 5dbbe831: Merge "Basic library for parsing TLS/SSL ClientHellos in tests." * commit '5dbbe8317afd79d21bdbe931fe476ccf9a4bf269': Basic library for parsing TLS/SSL ClientHellos in tests.
17a09fd9ebdfbeaeb2624a5e2fae34d2f315bad4	13-Nov-2014	Kenny Root <kroot@google.com>	am 258e3d15: TestKeyStore: more possibilities for KeyStore creation * commit '258e3d158c9a876307d5111972f7e9f1ad87b076': TestKeyStore: more possibilities for KeyStore creation
fb30da617fb979e7ae98c5a22b926aa15c6f2502	13-Nov-2014	Alex Klyubin <klyubin@google.com>	Basic library for parsing TLS/SSL ClientHellos in tests. CTS tests in libcore assert certain properties of TLS/SSL and HTTPS stacks, but they do not check whether these are correctly reflected in the underlying TLS/SSL traffic generated by these stacks. This basic TLS wire-protocol library will enable CTS tests to inspect in detail ClientHello messages, such as which protocol is being signalled as the higest supported by the client, which cipher suites are enabled, whether SNI extension is provided and set to the correct value. As an example, in this CL I switched one test in SSLSocketTest to this library. Change-Id: I93251dd873a78ec7f6caa704b71f5fa0ecf2c2f2 ibcore/tlswire/handshake/CipherSuite.java ibcore/tlswire/handshake/ClientHello.java ibcore/tlswire/handshake/CompressionMethod.java ibcore/tlswire/handshake/HandshakeMessage.java ibcore/tlswire/handshake/HelloExtension.java ibcore/tlswire/handshake/ServerNameHelloExtension.java ibcore/tlswire/record/TlsProtocols.java ibcore/tlswire/record/TlsRecord.java ibcore/tlswire/util/HexEncoding.java ibcore/tlswire/util/IoUtils.java ibcore/tlswire/util/TlsProtocolVersion.java
258e3d158c9a876307d5111972f7e9f1ad87b076	12-Nov-2014	Kenny Root <kroot@google.com>	TestKeyStore: more possibilities for KeyStore creation Needed for change I379de26bdae3de1d0fe867adc1d8b7d5443c8c7a in external/conscrypt Bug: 17972577 Change-Id: Iaeb36167d953533e23d610bf218488bd79b6430e ibcore/java/security/TestKeyStore.java
ca9037fc1f060c071d6711bbe31c9f9de63a0b89	12-Nov-2014	Elliott Hughes <enh@google.com>	Fix OldSocketTest#test_connectLjava_net_SocketAddressI. Use the same address as StuckServer. Bug: 18143878 Change-Id: I3759776ed3a9d46175c4b987fa0c47b27033441d ests/net/StuckServer.java ests/support/Support_Configuration.java
2d3e650f8ef1aed488f870aa3d1028775e353490	05-Nov-2014	Kenny Root <kroot@google.com>	am d4d881ff: Merge "SSLSocket: track update to TLS defaults" * commit 'd4d881ff8989346583de40c49519f83b4b51d160': SSLSocket: track update to TLS defaults
31ac5350615c2a1f8c01d354ab07768de999a400	04-Nov-2014	Kenny Root <kroot@google.com>	am 140f3a33: Merge "SSLSocket: document current behavior with SSLContext" * commit '140f3a336ff5383b3462a720786143f3dda347bf': SSLSocket: document current behavior with SSLContext
8e810dd5a8e7f0ca6b293704b91911900df100a3	31-Oct-2014	Kenny Root <kroot@google.com>	SSLSocket: track update to TLS defaults SSLv3 is no longer in the default list. Bug: 17136008 Change-Id: I4092e17f79c29d10d11ffe01d130d0d03cd2215f ibcore/java/security/StandardNames.java
bda96e051a3634b75abec3c989dcf0a8fab009b3	30-Oct-2014	Kenny Root <kroot@google.com>	SSLSocket: document current behavior with SSLContext Currently Android does not pay attention to the algorithm choice, so use this test as documentation of that. Bug: 17136008 Change-Id: If8e516be48721bf65a98f22a9cdf02eded8f6375 ibcore/java/security/StandardNames.java
3b96a51f6446c8bc7d4ce7c23ad9164a4a4437ba	03-Oct-2014	Kenny Root <kroot@google.com>	Add support for TLS_FALLBACK_SCSV Bug: 17750026 (cherry picked from commit e6a6e935e98f426c7000b2bf4086f87101f4441c) Change-Id: Ia7f0714157b0dc36579122b27eb921a54f3a6818 ibcore/java/security/StandardNames.java
e6a6e935e98f426c7000b2bf4086f87101f4441c	03-Oct-2014	Kenny Root <kroot@google.com>	Add support for TLS_FALLBACK_SCSV Bug: 17750026 Change-Id: I8dec89ae59a6f745f63120b11b4f6dbe9b21a139 ibcore/java/security/StandardNames.java
46a39d63e91717c20acdccc5efc48cd13ff189e5	17-Jul-2014	Neil Fuller <nfuller@google.com>	am 9a497b6d: Merge "Fix UnmodifiableEntrySet.toArray() ordering" * commit '9a497b6d3b95d774f28f0203409ce6ebf6cb1241': Fix UnmodifiableEntrySet.toArray() ordering
9a497b6d3b95d774f28f0203409ce6ebf6cb1241	17-Jul-2014	Neil Fuller <nfuller@google.com>	Merge "Fix UnmodifiableEntrySet.toArray() ordering"
c51bba09dff12cfffc9c5a30b83a2b5f9fd745e4	15-Jul-2014	Alex Klyubin <klyubin@google.com>	am ea43fa14: Merge "TLS-PSK cipher suites enabled when PSKKeyManager is provided." * commit 'ea43fa1424058748e3ec4ac01d2f6e1898e9a4e3': TLS-PSK cipher suites enabled when PSKKeyManager is provided.
b5730a183c0ef94946bb04222f6219f83adef8f5	11-Jul-2014	Alex Klyubin <klyubin@google.com>	TLS-PSK cipher suites enabled when PSKKeyManager is provided. This documents and tests that TLS-PSK cipher suites are enabled if a PSKKeyManager is provided to SSLContext during its initialization. Bug: 15073623 Change-Id: I8e2bc3e7a1ea8a986e468973b6bad19dc6b7bc3c ibcore/java/security/StandardNames.java
36214feb86a0963b23f34c8c63584252bd757e19	17-Jun-2014	Brian Carlstrom <bdc@google.com>	Remove Change-Id: I143d0b26b116e75892223e74b6c22b6c8db05466 ibcore/javax/net/ssl/TestSSLContext.java ibcore/javax/net/ssl/TestTrustManager.java
8d290a506a4a1cd1f86716719ee10586700468f4	17-Jun-2014	Brian Carlstrom <bdc@google.com>	Remove (cherry picked from commit 36214feb86a0963b23f34c8c63584252bd757e19) Change-Id: I96d5109c01e39255b9970f7a515ddd3575a50e56 ibcore/javax/net/ssl/TestSSLContext.java ibcore/javax/net/ssl/TestTrustManager.java
244e90adfe67264364de88df0fd741db0eb12b7f	23-Jun-2014	Neil Fuller <nfuller@google.com>	Fix UnmodifiableEntrySet.toArray() ordering toArray() was returning entries in reverse order. toArray(T[]) was correct. Thanks to Chris Povirk for discovering. The fix is simple. Change includes additional tests to avoid regressions. Test & support code has been cleaned up a little to improve coverage and make it (slightly) less horrible. Bug: https://code.google.com/p/android/issues/detail?id=72073 Change-Id: I42ff90e0f592482289cd0cd9fdbdaabf0c17ad93 ests/support/Support_MapTest.java ests/support/Support_UnmodifiableMapTest.java
82707939a18795af3311b8661c2e3651a89e205b	19-Jun-2014	Alex Klyubin <klyubin@google.com>	am 33c1c8c3: am e0affcdc: Merge "Assert the updated list of supported ECDHE-PSK cipher suites." * commit '33c1c8c36c62c1238876bddf916bdf92a5654543': Assert the updated list of supported ECDHE-PSK cipher suites.
33c1c8c36c62c1238876bddf916bdf92a5654543	19-Jun-2014	Alex Klyubin <klyubin@google.com>	am e0affcdc: Merge "Assert the updated list of supported ECDHE-PSK cipher suites." * commit 'e0affcdc8c4513d91352c0fc6f4c5c29b0605d2d': Assert the updated list of supported ECDHE-PSK cipher suites.
f14c0fd560a55e464ac56f190896545e1126522d	04-Jun-2014	Alex Klyubin <klyubin@google.com>	Assert the updated list of supported ECDHE-PSK cipher suites. Bug: 15073623 Change-Id: I427c99f4c1c72690d95e5a3c63763631c41ddae2 ibcore/java/security/StandardNames.java
d3555a45afb5c14ed037add41f94336dc0cd233b	29-May-2014	Alex Klyubin <klyubin@google.com>	am c0a8f479: am 9adf681e: am 4352ab40: Merge "Document and assert support for TLS-PSK cipher suites." * commit 'c0a8f479a47de31427211ea7952b3b92c0c650c2': Document and assert support for TLS-PSK cipher suites.
c0a8f479a47de31427211ea7952b3b92c0c650c2	29-May-2014	Alex Klyubin <klyubin@google.com>	am 9adf681e: am 4352ab40: Merge "Document and assert support for TLS-PSK cipher suites." * commit '9adf681eb5691afe6f82b67768b3a7fca592251a': Document and assert support for TLS-PSK cipher suites.
4352ab40ce104520bfb6588ad8eef386866ff190	29-May-2014	Alex Klyubin <klyubin@google.com>	Merge "Document and assert support for TLS-PSK cipher suites."
7866ef1b69229c8846eb1bb2584f1dc00b3fb756	28-May-2014	Alex Klyubin <klyubin@google.com>	am dacb4741: am c0d465fd: am 6c16a47c: Merge "Simplify assertions about SSLEngine." * commit 'dacb4741098f7976a94b3cc55aedb662ca126f04': Simplify assertions about SSLEngine.
dacb4741098f7976a94b3cc55aedb662ca126f04	28-May-2014	Alex Klyubin <klyubin@google.com>	am c0d465fd: am 6c16a47c: Merge "Simplify assertions about SSLEngine." * commit 'c0d465fdd5165ecf8162cde686fa858a581eca5d': Simplify assertions about SSLEngine.
c9461f39290f815f560f2ec50e9ccde5ff4eb8f7	09-May-2014	Alex Klyubin <klyubin@google.com>	Document and assert support for TLS-PSK cipher suites. This CL updates the Javadoc of SSLSocket and SSLEngine to list the now supported TLS-PSK cipher suites. It also adds tests to assert that these cipher suites are actually supported by SSLSocket and SSLEngine. Bug: 15073623 Change-Id: I8e59264455f980f23a5e66099c27b5b4d932b9bb ibcore/java/security/StandardNames.java ibcore/javax/net/ssl/TestSSLContext.java
2c8bbf4bb24657c4e71de66fd0e66ad6baad4cf5	23-May-2014	Alex Klyubin <klyubin@google.com>	Simplify assertions about SSLEngine. Now that the default SSLEngine implementation is backed by the same OpenSSL stack as the default SSLSocket implementation, the sets of supported/enabled cipher suites and protocols should remain the same between SSLEngine and SSLSocket. Change-Id: I1ed88f39b07950e5d8b6e2fc7d6482a034626de3 ibcore/java/security/StandardNames.java ibcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java
8f3ae282cb56de80de35b90408c9d832c8e3c424	13-May-2014	Kenny Root <kroot@android.com>	am 4cd96cc5: am 5c6ea6f6: am c7743447: Merge "Enlarge the minimum key size of RSA to enhance the security" * commit '4cd96cc5ac73be05b2397d0b97c4c99bc07012ff': Enlarge the minimum key size of RSA to enhance the security
4cd96cc5ac73be05b2397d0b97c4c99bc07012ff	13-May-2014	Kenny Root <kroot@android.com>	am 5c6ea6f6: am c7743447: Merge "Enlarge the minimum key size of RSA to enhance the security" * commit '5c6ea6f61facd19fdcc2372b710fb8fb23905032': Enlarge the minimum key size of RSA to enhance the security
2e68348d984d81c73a41e8db39183c55cff8faf9	09-May-2014	DanielMo <DanielMo@fih-foxconn.com>	Enlarge the minimum key size of RSA to enhance the security We have modified OpenSSL source code such that size of RSA key should be at least 512 bits or more to support higher quality key generation as lower key sizes are vulnerable to attack. Thus we need to increase the size to 512 to avoid CTS failures, please refer to it also. https://code.google.com/p/android/issues/detail?id=66394 Change-Id: I95d734033227ed1497a5bc0fd0010f62b12c01c5 Signed-off-by: DanielMo <DanielMo@fih-foxconn.com> ibcore/java/security/StandardNames.java
bdb8ddc00646e5121c91465de1d49263cc69bc4d	08-May-2014	Kenny Root <kroot@google.com>	am 0d6d3292: am 6005b896: am 4abcf7ad: Merge changes Iaaafcbed,Ifbca5637 * commit '0d6d32920134aa84e55fab59b6bd3a71c7bcb38f': KeyStoreTest: add more key types KeyManagerFactoryTest: add all the possible key types
0d6d32920134aa84e55fab59b6bd3a71c7bcb38f	08-May-2014	Kenny Root <kroot@google.com>	am 6005b896: am 4abcf7ad: Merge changes Iaaafcbed,Ifbca5637 * commit '6005b896b58659f8c2e0693bd9ead32706a05044': KeyStoreTest: add more key types KeyManagerFactoryTest: add all the possible key types
888373c54fd5f8fa0b1965238309db8187e3b381	08-May-2014	Kenny Root <kroot@google.com>	KeyManagerFactoryTest: add all the possible key types This adds all the possible key types from the Standard Names document to the tests. Change-Id: Ifbca56371261c040c3cb9e0d80447e9cb73cad0f ibcore/java/security/TestKeyStore.java
5c727bda02e78806081a0e874cd6ee4d4ed06d2b	02-May-2014	Paul Duffin <paulduffin@google.com>	am c3eed594: am f6696d69: am eec4356c: Merge "Improve detection of CloseGuard protected resource leakage" * commit 'c3eed594ffd6b488b5771cd1e6a9a4c44aa0826b': Improve detection of CloseGuard protected resource leakage
c3eed594ffd6b488b5771cd1e6a9a4c44aa0826b	02-May-2014	Paul Duffin <paulduffin@google.com>	am f6696d69: am eec4356c: Merge "Improve detection of CloseGuard protected resource leakage" * commit 'f6696d69727e1089f5608b0c3772ced3c347df7e': Improve detection of CloseGuard protected resource leakage
a6f350c645dbb66d68cc2b03afb8f2eeaa88fbba	28-Feb-2014	Paul Duffin <paulduffin@google.com>	Improve detection of CloseGuard protected resource leakage * Add CloseGuardMonitor to intercept and collate CloseGuard reports and if necessary throw an exception listing the resource leaks. * Add ResourceLeakageDetector to abstract away the CloseGuardMonitor which will not work on RI. * Add AbstractResourceLeakageDetectorTestCase as a base class for tests that need to detect resource leaks, in future this could be handled by modifications to Cts and Vogar test runners. * Remove CloseGuardTester and its sole usage in ProcessBuilderTest. * Remove CloseGuardGuard from within URLConnectionTest * Change ZipFileTest, ProcessBuilderTest, URLConnectionTest to use new mechanism, fix issues that are identified and do some cleanup/remove duplicated code. Bug: https://code.google.com/p/android/issues/detail?id=66383 Change-Id: Id026dbb6bc66091a15f07329e6371cd0d1f32cf5 ibcore/dalvik/system/CloseGuardTester.java
33aeb892a68274a5ec67f374f86c7b5cb06d1890	01-May-2014	Kenny Root <kroot@google.com>	resolved conflicts for merge of 9687e46b to master Change-Id: Iaeaea9b44423257e8ccbcf631f40720d3035cecd
9687e46bcb2299492a55a97e0ddc1eb4db3517f8	30-Apr-2014	Kenny Root <kroot@google.com>	am 42db8377: am 15e6f173: am d353b8e2: am ddc91700: am 0a0379d4: am 297a7de2: am 183efbb4: am 4629f94a: am e0350a80: am afd7d947: Merge "JarFile: make test chain 3 long" into jb-dev * commit '42db8377fdd20cdff6cac1994b25382551270a26': JarFile: make test chain 3 long
42db8377fdd20cdff6cac1994b25382551270a26	30-Apr-2014	Kenny Root <kroot@google.com>	am 15e6f173: am d353b8e2: am ddc91700: am 0a0379d4: am 297a7de2: am 183efbb4: am 4629f94a: am e0350a80: am afd7d947: Merge "JarFile: make test chain 3 long" into jb-dev * commit '15e6f173de11133e1a61090635e350303ac0481a': JarFile: make test chain 3 long
15e6f173de11133e1a61090635e350303ac0481a	30-Apr-2014	Kenny Root <kroot@google.com>	am d353b8e2: am ddc91700: am 0a0379d4: am 297a7de2: am 183efbb4: am 4629f94a: am e0350a80: am afd7d947: Merge "JarFile: make test chain 3 long" into jb-dev * commit 'd353b8e2dbcdbd23e59a4a3e1460c88c33640044': JarFile: make test chain 3 long
d353b8e2dbcdbd23e59a4a3e1460c88c33640044	30-Apr-2014	Kenny Root <kroot@google.com>	am ddc91700: am 0a0379d4: am 297a7de2: am 183efbb4: am 4629f94a: am e0350a80: am afd7d947: Merge "JarFile: make test chain 3 long" into jb-dev * commit 'ddc91700a5bed8e2b7214d6ca1e317929e378bc7': JarFile: make test chain 3 long
ddc91700a5bed8e2b7214d6ca1e317929e378bc7	30-Apr-2014	Kenny Root <kroot@google.com>	am 0a0379d4: am 297a7de2: am 183efbb4: am 4629f94a: am e0350a80: am afd7d947: Merge "JarFile: make test chain 3 long" into jb-dev * commit '0a0379d45726c4cac1505167095d763068f900ae': JarFile: make test chain 3 long
0a0379d45726c4cac1505167095d763068f900ae	30-Apr-2014	Kenny Root <kroot@google.com>	am 297a7de2: am 183efbb4: am 4629f94a: am e0350a80: am afd7d947: Merge "JarFile: make test chain 3 long" into jb-dev * commit '297a7de2a15cae179d6713182641bddfdf89f397': JarFile: make test chain 3 long
4629f94abefbf6ea11d7cadb5865183e15030d77	30-Apr-2014	Kenny Root <kroot@google.com>	am e0350a80: am afd7d947: Merge "JarFile: make test chain 3 long" into jb-dev * commit 'e0350a80cbcce86445c29c043ab5be3b46e28181': JarFile: make test chain 3 long
e0350a80cbcce86445c29c043ab5be3b46e28181	30-Apr-2014	Kenny Root <kroot@google.com>	am afd7d947: Merge "JarFile: make test chain 3 long" into jb-dev * commit 'afd7d9472e5d850a8e1a6d02abaaa9f94579a77f': JarFile: make test chain 3 long
92408ff79b23d6559286e492c7c6cb3fdb6e399f	29-Apr-2014	Kenny Root <kroot@google.com>	JarFile: make test chain 3 long Change-Id: I761f0a652a8502e28a4f9bb15ac9782d3ad42355 ests/resources/hyts_signed_invalidChain.jar ests/resources/hyts_signed_validChain.jar
7406d4e17dd39f3531e764ec7788b1f8dec99971	25-Apr-2014	Elliott Hughes <enh@google.com>	am 3eb545e3: am 85fa4285: Merge "Groundwork towards making the Libcore.os functionality public." * commit '3eb545e382a12565ed8779632015d736d6f5c32c': Groundwork towards making the Libcore.os functionality public.
3eb545e382a12565ed8779632015d736d6f5c32c	25-Apr-2014	Elliott Hughes <enh@google.com>	am 85fa4285: Merge "Groundwork towards making the Libcore.os functionality public." * commit '85fa4285b3679120ee2d3dc5750a1e620de0449d': Groundwork towards making the Libcore.os functionality public.
5d930cadc8f62aee5f18e7921296fe66a54f18ab	24-Apr-2014	Elliott Hughes <enh@google.com>	Groundwork towards making the Libcore.os functionality public. Change-Id: Ie700aa16d91fba53fc5eb2555829cb74d84b12ad ests/io/MockOs.java
a3d40b4064c0f4de77122eff9253da242877c938	23-Apr-2014	Kenny Root <kroot@google.com>	JarFile: Add tests for ambiguous chains Some chains using the old code will have incorrect splits between CodeSigner paths. Bug: 13678484 Change-Id: Ia77b7cbcde9394e0d48a6f082bbd1cdfd880d74b ests/resources/hyts_signed_ambiguousSignerArray.jar
5978b69274677753bc3049b4dc89625291a66912	22-Apr-2014	Kenny Root <kroot@google.com>	am 0779dcac: am 008fbfd0: am a317f758: am ced71a50: am 99a25a47: am 5321ebb7: am 6d949cbf: am 951aa4f4: am 531968cf: am cb11b9ff: Tests for API to check certificate chain signatures * commit '0779dcac1bdc0d6d02ef6e4843a312aa03081f03': Tests for API to check certificate chain signatures
0779dcac1bdc0d6d02ef6e4843a312aa03081f03	22-Apr-2014	Kenny Root <kroot@google.com>	am 008fbfd0: am a317f758: am ced71a50: am 99a25a47: am 5321ebb7: am 6d949cbf: am 951aa4f4: am 531968cf: am cb11b9ff: Tests for API to check certificate chain signatures * commit '008fbfd0ff37cb88047825d56d2116d0f62b69a5': Tests for API to check certificate chain signatures
008fbfd0ff37cb88047825d56d2116d0f62b69a5	22-Apr-2014	Kenny Root <kroot@google.com>	am a317f758: am ced71a50: am 99a25a47: am 5321ebb7: am 6d949cbf: am 951aa4f4: am 531968cf: am cb11b9ff: Tests for API to check certificate chain signatures * commit 'a317f7585cc09844f8746afe49eb55a5b18d9ee7': Tests for API to check certificate chain signatures
a317f7585cc09844f8746afe49eb55a5b18d9ee7	22-Apr-2014	Kenny Root <kroot@google.com>	am ced71a50: am 99a25a47: am 5321ebb7: am 6d949cbf: am 951aa4f4: am 531968cf: am cb11b9ff: Tests for API to check certificate chain signatures * commit 'ced71a503c6cf79b0cee407123d9df94bf988e0b': Tests for API to check certificate chain signatures
ced71a503c6cf79b0cee407123d9df94bf988e0b	22-Apr-2014	Kenny Root <kroot@google.com>	am 99a25a47: am 5321ebb7: am 6d949cbf: am 951aa4f4: am 531968cf: am cb11b9ff: Tests for API to check certificate chain signatures * commit '99a25a47254a79c3ebae17270b4989504b720383': Tests for API to check certificate chain signatures
99a25a47254a79c3ebae17270b4989504b720383	22-Apr-2014	Kenny Root <kroot@google.com>	am 5321ebb7: am 6d949cbf: am 951aa4f4: am 531968cf: am cb11b9ff: Tests for API to check certificate chain signatures * commit '5321ebb789eb77b5fc4c6e2e5d2fcaba242d275d': Tests for API to check certificate chain signatures
951aa4f4e018b51060fdfb5dccd6cc17c41fed8f	22-Apr-2014	Kenny Root <kroot@google.com>	am 531968cf: am cb11b9ff: Tests for API to check certificate chain signatures * commit '531968cf367586f38167ced0415f89fe330ee75f': Tests for API to check certificate chain signatures
531968cf367586f38167ced0415f89fe330ee75f	22-Apr-2014	Kenny Root <kroot@google.com>	am cb11b9ff: Tests for API to check certificate chain signatures * commit 'cb11b9fff2a1af8bb4fcad18986003a7f59189c6': Tests for API to check certificate chain signatures
a368cef707903c2adc7868ba48a95ccdac5f7625	22-Apr-2014	Kenny Root <kroot@google.com>	Fix SSLEngineTest for RI The assymmetry between client and server with create sessions seems strange. It seems like a bug in the RI, so make sure Android does the right thing. Change-Id: I7b7ab501bd1963757b7f067c6ace8230a19a3e53 ibcore/javax/net/ssl/TestSSLEnginePair.java
cb11b9fff2a1af8bb4fcad18986003a7f59189c6	17-Apr-2014	Kenny Root <kroot@google.com>	Tests for API to check certificate chain signatures Bug: 13678484 Change-Id: Ibc14b3e9b1159c7b0b130d01fac933f71a99ad96 ests/resources/hyts_signed_invalidChain.jar ests/resources/hyts_signed_validChain.jar
727df1258e3b8386afea4778626c9ab16ef467d6	09-Apr-2014	Kenny Root <kroot@google.com>	Update SSLEngineTest for OpenSSL Our new OpenSSL-based SSLEngine supports all the new stuff and no longer fails tests. Change-Id: I7db8e5134ca36ebd963c7081cd7ba79d91b3e5e2 ibcore/java/security/StandardNames.java ibcore/javax/net/ssl/TestSSLEnginePair.java
3ad1704dc8e4653f4ceaeb5d8315ddb28318a1bb	02-Apr-2014	Kenny Root <kroot@google.com>	Update SSLEngineTest for RI The RI now supports TLSv1.2 with SSLEngine, so update all the expectations for their tests. It also appears to disable "weak" algorithms when you select TLSv1.2. Change-Id: I564283bb4945d3b71bee0f89c93c6dd6e238b4f8 ibcore/java/security/StandardNames.java ibcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java ibcore/javax/net/ssl/TestSSLContext.java ibcore/javax/net/ssl/TestSSLEnginePair.java
19745ce89add193c0e13c18979a3c9fb25bee475	18-Feb-2014	Narayan Kamath <narayan@google.com>	DO NOT MERGE Fix another set of file related tests. - Get rid of Support_PlatformFile, use File.createTempFile instead. - Replace numerous uses of "user.dir" / "user.home" etc. with File.createTempFile - Replace calls to Process / chmod with Libcore.os.chmod. The calls wouldn't have worked anyway, since chmod on android doesn't understand the incremental (+w, -x) syntax. (cherry picked from commit 2b7c83942a5e28c53698232182193d5118028e6c) Bug: 13763685 Bug: 13763900 Change-Id: Ic6944568bbee6a548da6dcb4364b882636f2959f ests/support/Support_PlatformFile.java
70bf6bc3ad78ed9a0a7a5767381ad6c25debbd70	20-Mar-2014	Kenny Root <kroot@google.com>	Add X509ExtendedTrustManager This adds the X509ExtendedTrustManager class and all its ancillary methods that allow it to be used. This allows the endpointVerificationAlgorithm setting to be enabled on SSLSocket to check that the cerificate given for the endpoint during the handshake matched the expected hostname. Since X509ExtendedTrustManager allows you to pass in an SSLSocket, there is a new call added to SSLSocket called getHandshakeSession which does not force the handshake to take place. Bug: 13103812 Change-Id: I18a18b4f457d1676c8dc9a2a7bf7c3c4646a0425 ibcore/java/security/TestKeyStore.java ibcore/javax/net/ssl/TestSSLContext.java ibcore/javax/net/ssl/TestTrustManager.java
3c9ab07dd9001226b88f6bd1fca6690a3b7f4e3a	21-Mar-2014	Kenny Root <kroot@google.com>	StandardNames: only remove DH_* for RI The RI doesn't use DH_RSA and DH_DSA, but we do. Only remove them when the RI is running the tests. Change-Id: Id496a60e64ea51b105b7548e219e9340608f4672 ibcore/java/security/StandardNames.java
b335c684de8896be5db5d60dcaf0cb900b7314d9	21-Mar-2014	Alex Klyubin <klyubin@google.com>	Merge "Support multiple KeyManagers in TestSSLContext and TestKeyStore."
a05be72f30c4ec9dc687582c651dc968fb89f444	20-Mar-2014	Kenny Root <kroot@google.com>	StandardNames: update RI expectations Change-Id: Ia20902cc63d5e3ef1ac4cfc7a0b651368e845867 ibcore/java/security/StandardNames.java
edeec21a9c9e97cad91dffd47d4f2f7185dffe07	19-Mar-2014	Alex Klyubin <klyubin@google.com>	Support multiple KeyManagers in TestSSLContext and TestKeyStore. The two classes in some places assumed that only one KeyManager is necessary or that only the first provided KeyManager is important. Change-Id: I88629778911503ac7c233341d44612247d799d22 ibcore/java/security/TestKeyStore.java ibcore/javax/net/ssl/TestSSLContext.java
9c46602b63ac350c081bcb9aaef8260673d2ac73	03-Mar-2014	Neil Fuller <nfuller@google.com>	Modify FinalizationTester to use Runtime.gc() System.gc() has changed in Android: it doesn't gc every time any more. Runtime.getRuntime().gc() is more likely to cause a garbage collection. Change-Id: I294c98a3b82ccb8867b6667d35c88fe9441110db Bug: 13097524 ibcore/java/lang/ref/FinalizationTester.java
2587ef91ba693d73e97704e8163c050b286e7330	14-Feb-2014	Neil Fuller <nfuller@google.com>	Addition of 1.7 methods to URLConnection. URLConnection.getHeaderLong() and URLConnection.getContentLengthLong(). These methods are required by okhttp. Changed JarURLConnectionImpl.getContentLength() to return -1 when the size of an entry cannot be represented as an int. Previously it would have returned a corrupted, possibly negative, value due to a cast. Changed FileURLConnection.getContentLength() to return -1 when the size of the file cannot be represented as an int. Previously it would have returned a corrupted, possibly negative, value due to a cast. Change-Id: Ib43e68a2536c2602b4c7ee0cda68fa1f90045f57 ests/support/Support_TestWebData.java
2b7c83942a5e28c53698232182193d5118028e6c	18-Feb-2014	Narayan Kamath <narayan@google.com>	Fix another set of file related tests. - Get rid of Support_PlatformFile, use File.createTempFile instead. - Replace numerous uses of "user.dir" / "user.home" etc. with File.createTempFile - Replace calls to Process / chmod with Libcore.os.chmod. The calls wouldn't have worked anyway, since chmod on android doesn't understand the incremental (+w, -x) syntax. Change-Id: Ic6944568bbee6a548da6dcb4364b882636f2959f ests/support/Support_PlatformFile.java
a70e9058c24a86f7b003c603a60e27742e899dd8	12-Feb-2014	Narayan Kamath <narayan@google.com>	Delete unused test resources. These resources were used only by DalvikExecTest. Change-Id: Icb063fcf96593eeb3c6d9392214b3bc67305af53 ests/resources/cts_dalvikExecTest.jar ests/resources/cts_dalvikExecTest_classes.dex
f0cd15d29ea97346b7c2e870969907cd586b1b30	06-Feb-2014	An Liu <an1.liu@sta.samsung.com>	Skip TimaKeyStore in KeyStoreTest TimaKeyStore is Samsung's TrustZone-based KeyStore service provider. It should be skipped for KeyStore test cases since Samsung has it's own test cases. ibcore/java/security/StandardNames.java
9f48b7f4185c06c3f4a1f95bda68a9cbe59b2c61	01-Feb-2014	Alex Klyubin <klyubin@google.com>	Assert PKCS#7 padding supported for AES and 3DES. This tests that PKCS#7 padding for all Cipher transformations which currently support PKCS#5 padding. PKCS#5 padding is a special case of PKCS#7 padding. PKCS#5 padding is defined specifically for 64 bit long blocks. However, lots of code assumes that PKCS#5 for other block sizes works exactly like PKCS#7, and thus uses PKCS#5 padding where PKCS#7 should actually be used (e.g., with AES). Thus, we assert the assumption that PKCS#7 padding works exactly like PKCS#5 padding. Change-Id: I0ca8a952c67bc7aff172e22bd730378d41438067 ibcore/java/security/StandardNames.java
f2c1e7e3f9935e272a0a07a9637fc36ccd08e7de	28-Jan-2014	Kenny Root <kroot@google.com>	X509CertificateTest: add test for negative serial Update cert tests to save the private keys and also change the main certificate to a negative serial to exercise more corner cases. Change-Id: Ia59eece8ced0988b140ebf2e932b54298047f32d ests/resources/x509/cacert.pem ests/resources/x509/cakey.pem ests/resources/x509/cert-alt-dirname.der ests/resources/x509/cert-alt-dns.der ests/resources/x509/cert-alt-email.der ests/resources/x509/cert-alt-none.der ests/resources/x509/cert-alt-other.der ests/resources/x509/cert-alt-rid.der ests/resources/x509/cert-alt-uri.der ests/resources/x509/cert-ca.der ests/resources/x509/cert-caWithPathLen.der ests/resources/x509/cert-crl-ca.der ests/resources/x509/cert-dsa.der ests/resources/x509/cert-ec.der ests/resources/x509/cert-extendedKeyUsage.der ests/resources/x509/cert-ipv6.der ests/resources/x509/cert-keyUsage-extraLong.der ests/resources/x509/cert-rsa-dates.txt ests/resources/x509/cert-rsa-pubkey.der ests/resources/x509/cert-rsa-serial.txt ests/resources/x509/cert-rsa-sig.der ests/resources/x509/cert-rsa-tbs.der ests/resources/x509/cert-rsa.der ests/resources/x509/cert-sigopt.der ests/resources/x509/cert-unsupported.der ests/resources/x509/cert-userWithPathLen.der ests/resources/x509/certs-pk7.der ests/resources/x509/certs-pk7.pem ests/resources/x509/create.sh ests/resources/x509/crl-empty.der ests/resources/x509/crl-rsa-dates.txt ests/resources/x509/crl-rsa-dsa-dates.txt ests/resources/x509/crl-rsa-dsa-sigopt.der ests/resources/x509/crl-rsa-dsa-sigopt.pem ests/resources/x509/crl-rsa-dsa.der ests/resources/x509/crl-rsa-sig.der ests/resources/x509/crl-rsa-tbs.der ests/resources/x509/crl-rsa.der ests/resources/x509/crl-unsupported.der ests/resources/x509/dsapriv.pem ests/resources/x509/ecpriv.pem ests/resources/x509/privkey.pem
82c642531ba3c9ad29cb3125f7547a226b661b11	02-Jan-2014	Narayan Kamath <narayan@google.com>	Delete Support_PortManager & OldDatagramSocketTest Support_PortManager didn't really work, so rewrite all tests that use it. Also, dedup OldDatagramSocketTest with the harmony DatagramSocketTest. Fix various broken test cases and terribly written tests. bug: 11689863 Change-Id: I4efb9e02eb88517273fff50a0dec1d0262feafb2 ests/support/Support_PortManager.java
71fa3ffedf35aff964eb2545e9af5fecfb8fe8ce	18-Dec-2013	Alex Klyubin <klyubin@google.com>	Disable MD5 cipher suites in SSLSocket and SSLEngine. Although HMAC-MD5 is not yet broken, the foundations are shaky -- see http://tools.ietf.org/html/rfc6151. Scans show that disabling these TLS/SSL cipher suites currently causes handshake issues with 0.4% of the ecosystem. Bug: 11220570 Change-Id: I1970d2ecbdf3c0d26e45d439047b1d3884ade2ec ibcore/java/security/StandardNames.java
1169c54ed01bb6146bda80fdc665b4bce9d4b65f	19-Dec-2013	Alex Klyubin <klyubin@google.com>	Actually prefer Forward Secrecy cipher suites. The documentation for the list of TLS/SSL cipher suites used by default states that cipher suites offering Forward Secrecy are preferred. This CL adjusts the list to conform: FS cipher suites that use RC4_128 bulk encryption algorithm were not preferred over non-FS cipher suites that use AES. Bug: 11220570 Change-Id: Ic9019306898600086920874474764186b710c3ef ibcore/java/security/StandardNames.java
69f9b8db2a43d355430af36cc85d5ce945ed0869	18-Dec-2013	Alex Klyubin <klyubin@google.com>	Assert static key ECDH disallowed in default cipher suites. This is a follow-up to 5b15ad6b3d508a97d1cd23667afaee8c55072718 which removed static key ECDH cipher suites from the default list, but where the list of permitted key exchanges wasn't updated. Bug: 11220570 Change-Id: I319e21bf4475ddb9e6262b41dda99f5e33b1816f ibcore/java/security/StandardNames.java
9a61ef3365ba5e33c65eec42fc80c7e47bc09958	18-Dec-2013	Alex Klyubin <klyubin@google.com>	Disable 3DES cipher suites in SSLSocket. The effective key length for 3DES_EDE bulk encryption algorithm is only 112 bits. We're now aiming for 128 and higher. Scans show that removing these cipher suites from the default list causes handshake issues only with 0.15% of the ecosystem. Bug: 11220570 Change-Id: Ie01ebe8134d08a36b276295b804540157963be8f ibcore/java/security/StandardNames.java
5b15ad6b3d508a97d1cd23667afaee8c55072718	18-Dec-2013	Alex Klyubin <klyubin@google.com>	Disable static server key ECDH cipher suites in SSLSocket. These cipher suites use a static key for ECDH on the server side. When client certificates are used, a static key is also used on the client side, leading to the same premaster secret for all connections between a particular client and server. Also, these cipher suites do not provide forward secrecy. Scans show that removing these cipher suites from the default list does not affect connectivity to servers and is thus safe. Bug: 11220570 Change-Id: If34f4a3888ed9972c39d171656a85c61dfa98ea1 ibcore/java/security/StandardNames.java
0f0e96af6a1e9e6ed88e2b310c8650d0021cfd47	17-Dec-2013	Alex Klyubin <klyubin@google.com>	Enable AES-GCM cipher suites by default in SSLSocket. AES-GCM is preferred to AES-CBC whose MAC-pad-then-encrypt approach has issues (e.g., Lucky 13 attack). Bug: 11220570 Change-Id: Ib007bc89ccf08358ed3f093f630350fa859e7c35 ibcore/java/security/StandardNames.java
9e73d3f497461c5bd788bcfb7882e78c016e5876	17-Dec-2013	Alex Klyubin <klyubin@google.com>	Enable support for TLSv1.2 cipher suites in SSLSocket. This adds support for AES-GCM and AES-CBC with MACs based on SHA256 and SHA384. Bug: 11220570 Change-Id: I56e7e25c5cd65a4c7662da6d4bbe5720f427e677 ibcore/java/security/StandardNames.java
53360555a747056b8e599c3e3fb06532e7e30f61	26-Nov-2013	Alex Klyubin <klyubin@google.com>	Enable TLSv1.1 and TLSv1.2 by default for SSLSocket. TLSv1.1 and TLSv1.2 offer built-in protection against BEAST attack and support for GCM cipher suites. This change causes TLS/SSL handshake failures with a small fraction of servers, load balancers and TLS/SSL accelerators with broken TLS/SSL implementations. Scans demonstrate that the number is around 0.6%. Breaking connectivity (using platform default settings) to a tiny minority of the ecosystem is acceptable because this inconvenience is outweighed by the added safety for the overwheling majority of the ecosystem. App developers affected by this issue should consider asking such servers to be fixed or explicitly disabling TLSv1.1 and TLSv1.2 in their apps. Bug: 11220570 Change-Id: Ice9e8ce550401ba5e3385fd369c40f01c06ac7fd ibcore/java/security/StandardNames.java
2cca77af136c57106bd9a1652e54a0ee99154d89	14-Dec-2013	Alex Klyubin <klyubin@google.com>	Remove HarmonyJSSE SSLContext, SSLSocket and SSLServerSocket. Change-Id: I3c939e9275ba8f1d00342d1f83c6fdaf110f2317 ibcore/javax/net/ssl/TestSSLContext.java
0e5952d5638069e38218abf9136de8c4d3b60d95	13-Dec-2013	Kenny Root <kroot@google.com>	CipherTest: add support for GCM cipher Change-Id: I4b5a5123977a1df152f097e2c7ed86cf7dbcfe9e ibcore/java/security/StandardNames.java
b4675a53abbbb55acad213485636cf6a0d8b5bf6	12-Dec-2013	Alex Klyubin <klyubin@google.com>	Javadoc the default configuration of SSLEngine. The Javadoc of javax.net.ssl.SSLEngine now lists the protocols and cipher suites supported and enabled by default. Bug: 11220570 Change-Id: I6e365d58bfe2ddf60bae9dc7ccd0a33249e9e125 ibcore/java/security/StandardNames.java
50ef556fd74a411bebdf0e33df75d7be1df1ed81	10-Dec-2013	Alex Klyubin <klyubin@google.com>	Javadoc the default configuration of SSLSocket. The Javadoc of javax.net.ssl.SSLSocket now lists the protocols and cipher suites supported and enabled by default. Bug: 11220570 Change-Id: I3b6a96a86618370a55abf3307cbaadd1a1587066 ibcore/java/security/StandardNames.java
b3cc80ca4d1a00603de72ffc41560646394c9d5e	15-Nov-2013	Narayan Kamath <narayan@google.com>	am 439113b7: Merge "Import resources, fix JarURLConnectionTest." * commit '439113b7577fa3ed7c974fe158034649551130c4': Import resources, fix JarURLConnectionTest.
7c7bb922a47beb06257797857940c44440f4f52d	15-Nov-2013	Narayan Kamath <narayan@google.com>	am ebf160a0: Merge "Add serialization golden files, fix tests." * commit 'ebf160a0a41f2ea819b5c5c2e33199c098312941': Add serialization golden files, fix tests.
114b527135022d733642bcab532e8002f875692d	15-Nov-2013	Narayan Kamath <narayan@google.com>	am 4cac31eb: Merge "Add untracked harmony tests." * commit '4cac31eba78e0002e19dae81443f664c66d83340': Add untracked harmony tests.
439113b7577fa3ed7c974fe158034649551130c4	15-Nov-2013	Narayan Kamath <narayan@google.com>	Merge "Import resources, fix JarURLConnectionTest."
ebf160a0a41f2ea819b5c5c2e33199c098312941	15-Nov-2013	Narayan Kamath <narayan@google.com>	Merge "Add serialization golden files, fix tests."
4cac31eba78e0002e19dae81443f664c66d83340	15-Nov-2013	Narayan Kamath <narayan@google.com>	Merge "Add untracked harmony tests."
f6fb19ad30b1f0e55e9c1efda39fcaf319837bb5	14-Nov-2013	Alex Klyubin <klyubin@google.com>	resolved conflicts for merge of 8629cea4 to klp-dev-plus-aosp Change-Id: Ibd80c5f1a8b7b2fb7b4e77c40e5a0499effff6aa
8629cea4bb842ac8e13caf1979a5463215be259f	14-Nov-2013	Alex Klyubin <klyubin@google.com>	am 5ff3bc94: am 4c7d72a6: am fe1f3d77: am 11708986: am b00f46fc: am 23b3ea3a: am e496d90d: am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev * commit '5ff3bc94bf2ec5bca48cb0027060df7fe4e48580': SSLEngine: Test that server params are verified
5ff3bc94bf2ec5bca48cb0027060df7fe4e48580	14-Nov-2013	Alex Klyubin <klyubin@google.com>	am 4c7d72a6: am fe1f3d77: am 11708986: am b00f46fc: am 23b3ea3a: am e496d90d: am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev * commit '4c7d72a663712343cbcffc2b45621f38f7e6cdbf': SSLEngine: Test that server params are verified
4c7d72a663712343cbcffc2b45621f38f7e6cdbf	14-Nov-2013	Alex Klyubin <klyubin@google.com>	am fe1f3d77: am 11708986: am b00f46fc: am 23b3ea3a: am e496d90d: am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev * commit 'fe1f3d7795d9a5bdef327bd7796004bff5da7dbf': SSLEngine: Test that server params are verified
fe1f3d7795d9a5bdef327bd7796004bff5da7dbf	14-Nov-2013	Alex Klyubin <klyubin@google.com>	am 11708986: am b00f46fc: am 23b3ea3a: am e496d90d: am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev * commit '11708986502da018afec813a9fd395b94003f160': SSLEngine: Test that server params are verified
23b3ea3aa7c462faa0b277f741b4dfa2d84d5278	14-Nov-2013	Alex Klyubin <klyubin@google.com>	am e496d90d: am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev * commit 'e496d90d6275365187644c6673911908f880a0b6': SSLEngine: Test that server params are verified
e496d90d6275365187644c6673911908f880a0b6	14-Nov-2013	Alex Klyubin <klyubin@google.com>	am cef32f3b: Merge "SSLEngine: Test that server params are verified" into jb-dev * commit 'cef32f3bb2da07efc846cf5bcd7970a74a782657': SSLEngine: Test that server params are verified
e19fe36340c4df01c0841090f53e4789044c9fe0	14-Nov-2013	Narayan Kamath <narayan@google.com>	Import resources, fix JarURLConnectionTest. The test case with the escaped URL still fails. Change-Id: Iae3a58fea800d8b981cb09474d1fa77b7c361e4e ests/resources/net/lf.jar
0669a8cf8b08b2d66a7ff758e5e3dbd456855495	14-Nov-2013	Alex Klyubin <klyubin@google.com>	SSLEngine: Test that server params are verified This CL adds tests that check that SSLEngine's handshake fails if the signature of server params in ServerKeyExchange does not verify. Bug: 11631299 Change-Id: I16dfa9c07a4f094adc17aadd6fb3fe9eac88103b ibcore/javax/net/ssl/ForwardingX509ExtendedKeyManager.java ibcore/javax/net/ssl/RandomPrivateKeyX509ExtendedKeyManager.java
6644b6ac300f69f02100aec4916af18316bf4525	13-Nov-2013	Alex Klyubin <klyubin@google.com>	Merge "Higher-level default configuration asserts for TLS/SSL primitives."
9aab36ec35b4591cb9ba9ae0e4586cb642c39587	13-Nov-2013	Narayan Kamath <narayan@google.com>	Add serialization golden files, fix tests. - Moves a few golden files from luni/ to harmony-tests/ - Delete dead code in SerializationTester - Fix a bug in SerializationTest (not sure how this ever worked for resources with "." in their name) Change-Id: Ia5b1376f4ada9b9c706a266ae077debeea5b1f29 rg/apache/harmony/testframework/serialization/SerializationTest.java ests/util/SerializationTester.java
cb318c6f4fe5b0e20099fa85f1b95ccb2d24119f	12-Nov-2013	Narayan Kamath <narayan@google.com>	Add untracked harmony tests. This has been deduped against : libcore/luni/src/test/java/org/apache/harmony/luni/tests libcore/luni/src/test/java/tests/api/ libcore/harmony-tests/src/test/java/tests/api This is a minimal change that builds the entire test suite. Many tests don't pass yet, they will be fixed in follow ups. Notable tests that haven't been moved: - ExcludedProxyTest: Might make requests to (now defunct) external servers. All of this code is tested in okhttp. - URLClassLoaderTest: Has a dependency on jetty, tested in okhttp. Notable test cases that haven't been moved: - URLTest: overlap with okhttp, might make requests to external servers. - ServerSocketTest#test_init: Uses Support_execJava, which we don't support yet. Isn't testing anything useful. - FileTest#testDeleteOnExist: Uses Support_execJava which we don't support yet. This is a useful test and we must ressurect it if at all possible. bug: 11650799 Change-Id: Ib277eb0bad465ea72b090168490a1a633611b3f3 rg/apache/harmony/testframework/CharSinkTester.java rg/apache/harmony/testframework/CharWrapperTester.java rg/apache/harmony/testframework/SinkTester.java rg/apache/harmony/testframework/WrapperTester.java ests/resources/ServiceLoader/AbstractService.java ests/resources/ServiceLoader/Service.java ests/resources/ServiceLoader/ServiceDuplicateIn2File.java ests/resources/ServiceLoader/ServiceFinalClass.java ests/resources/ServiceLoader/ServiceForAllCommentTest.java ests/resources/ServiceLoader/ServiceForEmptyTest.java ests/resources/ServiceLoader/ServiceForIllegalNameTest.java ests/resources/ServiceLoader/ServiceForWrongNameTest.java ests/resources/ServiceLoader/ServiceIn2File.java ests/resources/ServiceLoader/ServiceIn2FileWithEmptyConfig.java ests/resources/ServiceLoader/ServiceMoreThanOne.java ests/resources/ServiceLoader/ServiceWithDuplicateSons.java ests/resources/ServiceLoader/hyts_services.jar ests/resources/ServiceLoader/hyts_services2.jar ests/support/Streams.java ests/support/Support_TimeZone.java ests/support/resource/Support_Resources.java ests/util/SerializationTester.java
36490d47a843f981c0755bff02f301dfd316af50	09-Nov-2013	Alex Klyubin <klyubin@google.com>	Merge "Deprioritize HMAC-MD5 in default TLS/SSL cipher suites."
181e96d17e879a1f063530cf1c540c2c5097cb02	30-Oct-2013	William Luh <williamluh@google.com>	Add a second intermediate test CA. (cherry picked from commit 1295a430f883ab592fd3bd4a7cf950241ad22fcd) Change-Id: I732e7727c0de572f637d4c436094fec7583baf14 ibcore/java/security/TestKeyStore.java
f605c6822da13b32cd3643415a707882b62a3e91	06-Nov-2013	Alex Klyubin <klyubin@google.com>	Higher-level default configuration asserts for TLS/SSL primitives. This adds SSLDefaultConfigurationAsserts class that offers higher-level checks for each TLS/SSL primitive. The goals are: * check not only the cipher suites and protocols configured but also the configuration of child primitives (e.g, configuration of SSLSockets returned by SSLSocketFactory, or configuration of SSLSocketFactory returned by SSLContext). * hide the upcoming target API level dependent configuration checks from test classes. Bug: 11220570 Change-Id: Iec1476a1b2d132c984413754129adfcb671885fb ibcore/javax/net/ssl/SSLDefaultConfigurationAsserts.java
76900faa07771f1143671a3c8703d542b3ca9c21	08-Nov-2013	Alex Klyubin <klyubin@google.com>	Deprioritize HMAC-MD5 in default TLS/SSL cipher suites. Although HMAC-MD5 is not yet broken, the foundations are now much more shaky that those of HMAC-SHA. See http://tools.ietf.org/html/rfc6151. Bug: 11220570 Change-Id: I2a2fe4d427650081637efc14fd7c427a33cbea7e ibcore/java/security/StandardNames.java
4892adf2af0d4c842aace8d8f8f8a8189425ac23	07-Nov-2013	Alex Klyubin <klyubin@google.com>	Prefer Forward Secrecy TLS/SSL cipher suites by default. This modifies the list of TLS/SSL cipher suites used by default to prefer those offering Forward Secrecy (FS) -- ECDHE and DHE. Bug: 11220570 Change-Id: I20f635d11e937d64de4f4e2fea34e1c5ea7a67ac ibcore/java/security/StandardNames.java
3cb3d30b0237493c1fc1947eaee0266c64583221	07-Nov-2013	Alex Klyubin <klyubin@google.com>	Deprioritize RC4-based TLS/SSL cipher suites. Now that BEAST and Lucky13 mitigations are enabled, it is prudent to prefer AES CBC cipher suites over RC4 ones (see http://www.isg.rhul.ac.uk/tls/). Bug: 11220570 Change-Id: I52b9724700fd8eaeebbadcfa518a96823a1410b8 ibcore/java/security/StandardNames.java
f13911b39126ffae49737dadc74332b3a84e0d19	04-Nov-2013	Alex Klyubin <klyubin@google.com>	Exact asserts for TLS/SSL protocols used by default. Previously, assertions about the list of protocols used by default by TLS/SSL primitives were checking that all of the protocols are supported, but were not checking that the list was exactly as expected. This CL adjusts the assertions to check that all of the expected protocols are listed and that no other protocols are listed. Three assert methods are added, corresponding to the three concentually different lists: client-side (e.g., SSLSocket), server-side (SSLServerSocket), and SSLEngine which currently does not switch lists based on whether it's in client or server mode. Bug: 11220570 Change-Id: Ib6b56c2372d76f94f254481aa01d29d2d03a085f ibcore/java/security/StandardNames.java
632b6f770974fe4811e2e55dcba54f63b556e305	01-Nov-2013	Alex Klyubin <klyubin@google.com>	Exact check for cipher suites used by SSLEngine by default. The previous assertion was only checking that all the default cipher suites are supported by SSLEngine. Bug: 11220570 Change-Id: I7c57c11e69fac7a532f890d242ac1ee4d1c64262 ibcore/java/security/StandardNames.java
2cd541f61919798b5b050c210f61db450ad8b013	30-Oct-2013	Alex Klyubin <klyubin@google.com>	Refactor TLS/SSL cipher suite and protocol assertions. This hides expected lists of cipher suites and protocols from the users of assertion methods to: * enable targetSdkVersion-dependent behavior, and * centralize the definition of expected behavior in StandardNames. Bug: 11220570 Change-Id: I8b43196b24f02e10010223aa6738a9ce0df24333 ibcore/java/security/StandardNames.java
c1caa0507a6de77b3cf3f6b739596e7fe08e98dc	23-Oct-2013	Alex Klyubin <klyubin@google.com>	Do not use short-keyed TLS/SSL cipher suites by default. This removes TLS/SSL cipher suites with bulk cipher secret keys shorter than 80 bits from the list of cipher suites used by default. Bug: 11220570 Change-Id: I04e30f6d634801b36018fecc8f2b257fc6b7adfc ibcore/java/security/StandardNames.java
bda6980df389e16edf907e5c516ee21e9e92883e	10-Oct-2013	Kenny Root <kroot@google.com>	JarUtils: try using the DigestEncryptionAlgorithm The original code tried getting an instance of the DigestAlgorithm by itself as a Signature type. This appears meant to be the DigestEncryptionAlgorithm by itself. Algorithms such as SHA256withECDSA have their own OID. Change-Id: I9384127bb026c8a5d3956095a9880427ead366b4 ests/resources/hyts_signed_sha256digest_sha256withecdsa.jar
9d72aaddcedda0eb4519f84805d2212fcc25ebaf	26-Sep-2013	Kenny Root <kroot@google.com>	Conscrypt: add SHA-224 with tests SHA-224 has made a comeback in the latest StandardNames documentation. This change adds tests for SHA-224 and also Conscrypt providers for things we have code paths to support. Change-Id: I8c200082ff76ee4ae38b6efaa16e6741b33b7f5b ibcore/java/security/StandardNames.java
422092deb4fcc5f3f8d4e9d36cb6294b4049fd43	14-Sep-2013	Kenny Root <kroot@google.com>	Remove BC workaround in TestKeyStore At one point in time, BC had a bug where it couldn't work with other EC keys. This has since been fixed, so this workaround is no longer needed. Change-Id: I0fb3f4d207fb5093e3bd1e1256cc3e165ecae8b0 ibcore/java/security/TestKeyStore.java
4616c7f802521312349adec76e10f4a5b612223e	29-Aug-2013	Kenny Root <kroot@google.com>	Move support library to a separate static library frameworks/base/core/tests/coretests uses the libcore/support/* classes for SSL-based tests. Instead of including core-tests itself, we need to split out the support classes to its own library to keep frameworks tests below the dex method limit. (cherry picked from commit b397b19a825d69e9122f1241849db726abae5413) Bug: 10092469 Change-Id: Ib9b1dd60cb778dba79afcbe3001749d82afa99d2 ibcore/java/lang/ref/FinalizationTester.java
b397b19a825d69e9122f1241849db726abae5413	29-Aug-2013	Kenny Root <kroot@google.com>	Move support library to a separate static library frameworks/base/core/tests/coretests uses the libcore/support/* classes for SSL-based tests. Instead of including core-tests itself, we need to split out the support classes to its own library to keep frameworks tests below the dex method limit. Change-Id: Ic11dbd1c6f897af10c6cfe47efb977018ef2ad9a ibcore/java/lang/ref/FinalizationTester.java
b274574b7e2681f4411852af9857b4540bf75841	02-Aug-2013	Elliott Hughes <enh@google.com>	If libcore wants ASCII casing, it needs to ask for it like everyone else. http://elliotth.blogspot.com/2012/01/beware-convenience-methods.html Bug: https://code.google.com/p/android/issues/detail?id=58359 Change-Id: I597b2ac940f17b5b2bc176e390dc4b63fe0a4e72 ibcore/java/security/StandardNames.java ests/http/MockWebServer.java
cd059a55c169e556d1fcfca145caa10173ae2174	24-Jul-2013	Elliott Hughes <enh@google.com>	am be240e13: Merge "Remove the isLocaleAvailable hacks." * commit 'be240e1324314cbf1d8edaee7ce561b028e1ed2e': Remove the isLocaleAvailable hacks.
dd9b761d3b32bf02de354cb228f83cf7697032ef	24-Jul-2013	Elliott Hughes <enh@google.com>	Remove the isLocaleAvailable hacks. Change-Id: I17596301630f6c8d98c4415fe358f4fffb47b2d4 ests/support/Support_DecimalFormat.java ests/support/Support_Locale.java
448053c9f0b3294b627cf8f1157ab8664abff3a8	02-Jul-2013	Kenny Root <kroot@google.com>	am 35e2b734: Merge "JarFile: finish support for authenticated attributes" * commit '35e2b734149e88874883e48785f8263a8972ec61': JarFile: finish support for authenticated attributes
3de7083091497358d003bb889eba909f85b69fad	01-Jul-2013	Kenny Root <kroot@google.com>	JarFile: finish support for authenticated attributes There was an unfinished code path to use Authenticated Attributes to verify JAR files. This finishes it up and allows PKCS#7 signatures with that field instead of a direct digest on the encapsulated data. The description of Authenticated Attributes can be found in RFC 3852 section 9 referred to as "authAttrs." Bug: 9625223 Change-Id: Ia2c8fc09d39fbb67c1bdcdfe087f185471dcedd4 ests/resources/hyts_signed_authAttrs.jar
c286ebcb2be9bd7f2dd1c14b132dbf85ee7ca314	07-Jun-2013	Elliott Hughes <enh@google.com>	am b5ba804a: Merge "Fix @deprecated javadoc orthography." * commit 'b5ba804a3b6d00c63a59902b782c11a0af9ed205': Fix @deprecated javadoc orthography.
99b4489d0555c6e0e5df941cbfad4cf250c8f0b8	07-Jun-2013	Elliott Hughes <enh@google.com>	Fix @deprecated javadoc orthography. Change-Id: I6db6d91e21b8e1aca5b5338534196fd5bdef8a06 ests/http/MockWebServer.java ests/support/Support_PortManager.java
07064a72e165536c708ceffe5b4d59bfffd25d5d	03-Jun-2013	Brian Carlstrom <bdc@google.com>	am 0897c605: Merge "PBKDF2 tests to exercise new, correct PBE implementation." * commit '0897c6055311bf665365cbb8cae46aadc18d4d45': PBKDF2 tests to exercise new, correct PBE implementation.
3f410d3b2d68c77a2a84629b47c29226c235f57d	29-Apr-2013	William Luh <williamluh@google.com>	PBKDF2 tests to exercise new, correct PBE implementation. Bug: 8312059 Change-Id: I614a43a0022393cb16250f4991a7156b05b0860c ibcore/java/security/StandardNames.java
e9e7f036545d04e441e2aa8bcae4ba1024c86e97	24-May-2013	Brian Carlstrom <bdc@google.com>	CipherTest fixes Bug: 9095447 (cherry picked from commit 1eba66d802f4edfaa3ca599f196e282bc110eff9) Change-Id: I6709eebcbede0ba617462bf49dd858f98246555f ibcore/java/security/StandardNames.java
1eba66d802f4edfaa3ca599f196e282bc110eff9	24-May-2013	Brian Carlstrom <bdc@google.com>	CipherTest fixes Bug: 9095447 Change-Id: Ieba76865c4da4260949391389611dfd09bc5e326 ibcore/java/security/StandardNames.java
32d4f90cbb829fce348ff1767d0c05168a5e3e30	19-Apr-2013	Kenny Root <kroot@google.com>	Rename AndroidKeyStoreProvider -> AndroidKeyStore Bug: 8657552 Change-Id: I2659f1b67bb0fc298a187938d560fd57d3ceb214 ibcore/java/security/StandardNames.java
0b0c73781fbb1e5a43e6c0b363064010ac43f5bf	16-Apr-2013	Kenny Root <kroot@google.com>	Rename AndroidKeyStore in tests to match impl The KeyPairGenerator was renamed in frameworks/base, but it is tested during CTS so the StandardNames in libcore needs to be updated to know about this change as well so tests that use StandardNames don't have erroneous returns. Bug: 8626181 Change-Id: I079eb650d2dbe7baa204ff8d110a5389132e32a4 ibcore/java/security/StandardNames.java
90d02cbdbac93f6fee46082e25c1c67f75108442	03-Jan-2013	Chris Palmer <palmer@google.com>	Check the EE's eKU extension field, if present. BUG=https://code.google.com/p/chromium/issues/detail?id=167607 and https://b.corp.google.com/issue?id=7920492 (cherry picked from commit 0da1515c5fe4e97fc2d4d24a41ebd4c078fec4db) Change-Id: I4309d4a90a9d41390f41c748fa1442ed736e225f ibcore/java/security/TestKeyStore.java
0da1515c5fe4e97fc2d4d24a41ebd4c078fec4db	03-Jan-2013	Chris Palmer <palmer@google.com>	Check the EE's eKU extension field, if present. BUG=https://code.google.com/p/chromium/issues/detail?id=167607 and https://b.corp.google.com/issue?id=7920492 Change-Id: Ib917c3a4a8ea6a12f685c44056aa44aa414d45e6 ibcore/java/security/TestKeyStore.java
691f0a5a1c5b0294fb050f6247be14e74078395b	21-Mar-2013	Brian Carlstrom <bdc@google.com>	Cleanup openssl test generation scripts to work in any directory Change-Id: I7ac00ef5c7efe6fc243bd2663c31ef8ad8af9445 ests/resources/x509/create.sh ests/resources/x509/default.cnf
8659e5f09d368ac074cabeafe65fb35acb919e49	06-Mar-2013	Kenny Root <kroot@google.com>	Add test for empty CRL Change-Id: Ie8b099eec5628e5c577cff23050431d4ed1e2be2 ests/resources/x509/create.sh ests/resources/x509/crl-empty.der
a698d224635ccfe3f141ccf627221271aa53bf69	06-Mar-2013	Kenny Root <kroot@google.com>	SigAlgParams and other tests Add tests for getSigAlgParams using RSA-PSS signatures. Change-Id: Ib24b75a873dcc2007c6d511c6d307c92391a3f58 ests/resources/x509/cert-alt-dirname.der ests/resources/x509/cert-alt-dns.der ests/resources/x509/cert-alt-email.der ests/resources/x509/cert-alt-none.der ests/resources/x509/cert-alt-other.der ests/resources/x509/cert-alt-rid.der ests/resources/x509/cert-alt-uri.der ests/resources/x509/cert-ca.der ests/resources/x509/cert-caWithPathLen.der ests/resources/x509/cert-crl-ca.der ests/resources/x509/cert-dsa.der ests/resources/x509/cert-ec.der ests/resources/x509/cert-extendedKeyUsage.der ests/resources/x509/cert-ipv6.der ests/resources/x509/cert-keyUsage-extraLong.der ests/resources/x509/cert-rsa-dates.txt ests/resources/x509/cert-rsa-pubkey.der ests/resources/x509/cert-rsa-serial.txt ests/resources/x509/cert-rsa-sig.der ests/resources/x509/cert-rsa-tbs.der ests/resources/x509/cert-rsa.der ests/resources/x509/cert-sigopt.der ests/resources/x509/cert-unsupported.der ests/resources/x509/cert-userWithPathLen.der ests/resources/x509/certs-pk7.der ests/resources/x509/certs-pk7.pem ests/resources/x509/certs.der ests/resources/x509/certs.pem ests/resources/x509/create.sh ests/resources/x509/crl-rsa-dates.txt ests/resources/x509/crl-rsa-dsa-dates.txt ests/resources/x509/crl-rsa-dsa-sigopt.der ests/resources/x509/crl-rsa-dsa-sigopt.pem ests/resources/x509/crl-rsa-dsa.der ests/resources/x509/crl-rsa-sig.der ests/resources/x509/crl-rsa-tbs.der ests/resources/x509/crl-rsa.der ests/resources/x509/crl-unsupported.der
ac4b39b3f93a28ba0375ac108155b752a79e4f5f	31-Jan-2013	Brian Carlstrom <bdc@google.com>	Tracking bouncycastle 1.48 upgrade Change-Id: I3c43882dda27b5596c6823f5f0711049803ac985 ibcore/java/security/TestKeyStore.java
0d7f656d7d7bdb65531cf97d25060a426d03ae76	08-Jan-2013	Kenny Root <kroot@google.com>	X509CertificateTest: test for empty subjectAltNames If the subjectAltNames field is missing, providers should return null Change-Id: If11202d97e0a5a41ca598fb7df3320d6a20474c9 ests/resources/x509/cert-alt-none.der ests/resources/x509/create.sh ests/resources/x509/default.cnf
309e456e6f3b603b50806a24c56abd9fdb3bd7a9	02-Jan-2013	Kenny Root <kroot@google.com>	Add test for X509CertificateFactory#generateCertificates Change-Id: I461881d515201829eae08046574824dbda30d460 ests/resources/x509/certs-pk7.der ests/resources/x509/certs-pk7.pem ests/resources/x509/certs.der ests/resources/x509/certs.pem ests/resources/x509/create.sh
e9eff570af49def101e6b98f48eac98ae2245dbe	02-Jan-2013	Kenny Root <kroot@google.com>	Add X509CRLTest in libcore tests Change-Id: I551d6ea887e06481a3eaefec980a728a8c4191f7 ests/resources/x509/cert-alt-dirname.der ests/resources/x509/cert-alt-dns.der ests/resources/x509/cert-alt-email.der ests/resources/x509/cert-alt-other.der ests/resources/x509/cert-alt-rid.der ests/resources/x509/cert-alt-uri.der ests/resources/x509/cert-ca.der ests/resources/x509/cert-caWithPathLen.der ests/resources/x509/cert-dsa.der ests/resources/x509/cert-ec.der ests/resources/x509/cert-extendedKeyUsage.der ests/resources/x509/cert-ipv6.der ests/resources/x509/cert-keyUsage-extraLong.der ests/resources/x509/cert-rsa-dates.txt ests/resources/x509/cert-rsa-pubkey.der ests/resources/x509/cert-rsa-serial.txt ests/resources/x509/cert-rsa-sig.der ests/resources/x509/cert-rsa-tbs.der ests/resources/x509/cert-rsa.der ests/resources/x509/cert-unsupported.der ests/resources/x509/cert-userWithPathLen.der ests/resources/x509/create.sh ests/resources/x509/crl-rsa-dates.txt ests/resources/x509/crl-rsa-dsa-dates.txt ests/resources/x509/crl-rsa-dsa.der ests/resources/x509/crl-rsa-sig.der ests/resources/x509/crl-rsa-tbs.der ests/resources/x509/crl-rsa.der ests/resources/x509/crl-unsupported.der ests/resources/x509/default.cnf
9ca3d0733e7f93c140fdc693ffb0aaaa21de7a19	26-Dec-2012	Kenny Root <kroot@google.com>	Add X509CertificateTest in libcore tests Change-Id: I678a8b89d0514c270ce0ee57057cfaadf3b47543 ests/resources/x509/cert-alt-dirname.der ests/resources/x509/cert-alt-dns.der ests/resources/x509/cert-alt-email.der ests/resources/x509/cert-alt-other.der ests/resources/x509/cert-alt-rid.der ests/resources/x509/cert-alt-uri.der ests/resources/x509/cert-ca.der ests/resources/x509/cert-caWithPathLen.der ests/resources/x509/cert-dsa.der ests/resources/x509/cert-ec.der ests/resources/x509/cert-extendedKeyUsage.der ests/resources/x509/cert-invalidip.der ests/resources/x509/cert-ipv6.der ests/resources/x509/cert-keyUsage-extraLong.der ests/resources/x509/cert-rsa-dates.txt ests/resources/x509/cert-rsa-pubkey.der ests/resources/x509/cert-rsa-serial.txt ests/resources/x509/cert-rsa-sig.der ests/resources/x509/cert-rsa-tbs.der ests/resources/x509/cert-rsa.der ests/resources/x509/cert-unsupported.der ests/resources/x509/cert-userWithPathLen.der ests/resources/x509/create.sh ests/resources/x509/default.cnf
df99092f30a7bdc9f40f2fa0c3546a30d925edc0	01-Nov-2012	Brian Carlstrom <bdc@google.com>	resolved conflicts for merge of eef7e935 to jb-mr1-dev-plus-aosp Change-Id: I1af764dffabdfa63bc383b606d0c86451bdf64dd
eef7e9357c272a9154f007e8bee2a09eed66d101	01-Nov-2012	Brian Carlstrom <bdc@google.com>	Test to verify BC Signature algorithms by OID Bug: 7453821 Change-Id: I69408d0bb4063e34441ed1d7632fd1ccac39965b ibcore/java/security/StandardNames.java
9fb84f4bee364d44b1d0d425109c98e964b23ae4	30-Oct-2012	Brian Carlstrom <bdc@google.com>	am adcea0bf: Merge "Prefer PKIX algorithm name for TrustManagerFactory and KeyManagerFactory" * commit 'adcea0bf53b5b932013d8290619f17715b33f139': Prefer PKIX algorithm name for TrustManagerFactory and KeyManagerFactory
c934a095e1f863f00bf6f7c0b37fbd05ebeaaff5	29-Oct-2012	Brian Carlstrom <bdc@google.com>	Prefer PKIX algorithm name for TrustManagerFactory and KeyManagerFactory Change-Id: I3da5bdf6739c6aee5ec0174e93cd6c06d6dfeeb3 ibcore/java/security/StandardNames.java
1b18a42ce11e536a12a21166b5e7790a73285af4	17-Oct-2012	Elliott Hughes <enh@google.com>	am d2f41fe2: Merge "Fix ConcurrentCloseTest flakiness." * commit 'd2f41fe210bf0fe958345f84e95e8f037c325005': Fix ConcurrentCloseTest flakiness.
0e1afa1091f74a6228c01d8c7a8eebf001efdc57	13-Oct-2012	Elliott Hughes <enh@google.com>	Fix ConcurrentCloseTest flakiness. We can't rely on consuming all the listen(2) backlog. For the tests we've seen fail because they sometimes connect rather than time out, switch to an unroutable address. (cherry-pick of babccbf9e429c4c78aca24c205825ceaaf7d3f37.) Bug: 6971145 Change-Id: Ibfa412ff1ad7da7e63842d0162cc67a706e2b27e ests/net/StuckServer.java
babccbf9e429c4c78aca24c205825ceaaf7d3f37	13-Oct-2012	Elliott Hughes <enh@google.com>	Fix ConcurrentCloseTest flakiness. We can't rely on consuming all the listen(2) backlog. For the tests we've seen fail because they sometimes connect rather than time out, switch to an unroutable address. Bug: 6971145 Change-Id: I259d31b1a15123bcd78c36849d5ed863d392ac20 ests/net/StuckServer.java
9dbe25c174d4f7e5099db1ea278513971e058ff8	12-Oct-2012	Kenny Root <kroot@google.com>	am 0bf8e7a3: Merge "Add support for ECDSA signatures on jar files" * commit '0bf8e7a3145bbc6a32f5b88364a923af40434b61': Add support for ECDSA signatures on jar files
52c906b82c75e811284a1788e5ca0b4330a55a36	10-Oct-2012	Kenny Root <kroot@google.com>	Add support for ECDSA signatures on jar files Change-Id: If928f2244b3a0809255d6619c25268beb84f76d3 ests/resources/hyts_signed_sha512digest_sha512withecdsa.jar
72e44404c32a98e7675a6e7cfbf856adb499a434	09-Oct-2012	Brian Carlstrom <bdc@google.com>	Change OpenSSLCipherRSA.{engineGetBlockSize,engineGetOutputSize} to return result based on key size Includes cherry-pick of 847f22adbd0e829b84491d7202dcbed5bf67a98c Bug: 7192453 Change-Id: Ib5fa1e313d942d2c1034e8e7831af285ad24d71d ibcore/java/security/StandardNames.java
a56d9c6247415d7cd99d8a3edfd3f97dfbab8a42	10-Oct-2012	Kenny Root <kroot@google.com>	am 6508bcc2: Merge "Add stronger digest support to JarVerifier" * commit '6508bcc268f74b04dfcd04b1cafb5f293ad0f690': Add stronger digest support to JarVerifier
bff099b1b39940301bc7dd4be52dbe303c5e6fdf	10-Oct-2012	Kenny Root <kroot@google.com>	Add stronger digest support to JarVerifier Adds support for SHA-256, SHA-384, and SHA-512. Bug: http://code.google.com/p/android/issues/detail?id=38321 Change-Id: I9bf3f9cb2fa53b9f980e6c1cffcba81aa289a762 ibcore/java/security/StandardNames.java ests/resources/hyts_signed_sha256digest_sha256withrsa.jar ests/resources/hyts_signed_sha256withrsa.jar
e64b5a175e94b477dc3275924f126eba30f7599a	04-Oct-2012	Kenny Root <kroot@google.com>	am 9560ed5e: am 6ff99058: Merge "OpenSSLCipher: add Ciphers to StandardNames" * commit '9560ed5ed4229f17df8e09d9a40f4c8f30e68b0d': OpenSSLCipher: add Ciphers to StandardNames
5818245f0d132dc7fffd81d099ea7adb60be15f1	04-Oct-2012	Kenny Root <kroot@google.com>	OpenSSLCipher: add Ciphers to StandardNames Change-Id: Ib990dd170d4c94ceea065748aceeb3bb4a297438 ibcore/java/security/StandardNames.java
3db1bf0eedb0095f4e6aa1b24f3769058735024a	28-Sep-2012	Kenny Root <kroot@google.com>	am 67c7510f: am f776b18f: Merge "Add more CipherTest tests" * commit '67c7510f9ca84347ec029023b3f04832f4453b9f': Add more CipherTest tests
847f22adbd0e829b84491d7202dcbed5bf67a98c	28-Sep-2012	Kenny Root <kroot@google.com>	Add more CipherTest tests Change-Id: I29f55e41335021945029e410d4e51e2c8f564285 ibcore/java/security/StandardNames.java
fe8b870db2b374e21c69c2ff0050e6a34e0d8d94	05-Sep-2012	Brian Carlstrom <bdc@google.com>	Tracking upgrade to bouncycastle 1.47 Change-Id: Ie1f2ae92638e81ccd7e4ec2459199e6eecdac75f ibcore/java/security/StandardNames.java
f0993272562ebc6e8d77024b985c45fae9f92ed4	12-Sep-2012	Brian Carlstrom <bdc@google.com>	am a1359997: am 9f519e17: Merge "Add OpenSSLProvider support for Cipher.RSA/None/PKCS1Padding" * commit 'a1359997a83e4d1aefdb7ae23f73b61420d37964': Add OpenSSLProvider support for Cipher.RSA/None/PKCS1Padding
0a156e0126e8015f2791e9a7dd48bbdaeae0c335	12-Sep-2012	Brian Carlstrom <bdc@google.com>	Add OpenSSLProvider support for Cipher.RSA/None/PKCS1Padding Summary: - Add OpenSSLProvider support for Cipher.RSA/None/PKCS1Padding Added NativeCrypto.RSA_private_decrypt and NativeCrypto.RSA_public_encrypt - Changed OpenSSLSignatureRawRSA to use new Cipher.RSA/None/PKCS1Padding Removed now obsoleted NativeCrypto APIs for RSA_padding_add_PKCS1_type_1 and RSA_padding_check_PKCS1_type_1 - added wrap/unwrap support OpenSSLCipherRSA Needed for SSLEngine (and fallback SSLSocket implementation) which are now picking up the new Cipher.RSA/None/PKCS1Padding - expanded CipherTest to sanity test all algorithms and PKCS1 padding Change-Id: I03566cc86ffce07d44d5e0094fa82c9c24587c26 ibcore/java/security/StandardNames.java
a8ae31b76c5615bf025b29e96dcadf900164efed	29-Aug-2012	Kenny Root <kroot@google.com>	Add Android KeyStore provider to StandardNames Change-Id: Ic4bbcf5be005a74f5263e40f406f8c741e5d8d5e ibcore/java/security/StandardNames.java
62fc526d80608925cad24c3d6d91657f63a56fcf	16-Aug-2012	Kenny Root <kroot@google.com>	Add new Android-only algos to StandardNames The ProviderTest fails if we don't add these to StandardNames. Change the name of Signature.RAWRSA to "NONEwithRSA" so it matches the convention in existing algorithms. Change-Id: Id126eca46ee3b9f9d19aee596c1babd489693c7a ibcore/java/security/StandardNames.java
ec9557af2760d73e6e53a2be6b025acb258e9017	02-Aug-2012	Brian Carlstrom <bdc@google.com>	Remove SSLContext TLSv1.1 and TLSv1.2 from expected list for RI Change-Id: Ie506337882a878df77073c0c8117dfdc8d33b670 ibcore/java/security/StandardNames.java
d3298cd1b4bc69183e96e3cf8fd247e1596b7e07	24-Jul-2012	Elliott Hughes <enh@google.com>	Fix URLConnectionTest#test_getAllowUserInteraction. Also improve the documentation, make it possible to run these tests individually outside of CTS with vogar, and remove a few more URLs of external web servers. We should clean up all tests to remove all reliance on external web servers. Bug: http://code.google.com/p/android/issues/detail?id=35400 (cherry-picked from 3827b65b1937acfbf3abbc449f8ba0ffc60f3cf3.) Conflicts: luni/src/test/java/org/apache/harmony/luni/tests/java/net/URLConnectionTest.java Change-Id: I4959fefa130290236533be72cce7c57b9ea1e296 ests/support/Support_Configuration.java ests/support/resource/Support_Resources.java
3827b65b1937acfbf3abbc449f8ba0ffc60f3cf3	24-Jul-2012	Elliott Hughes <enh@google.com>	Fix URLConnectionTest#test_getAllowUserInteraction. Also improve the documentation, make it possible to run these tests individually outside of CTS with vogar, and remove a few more URLs of external web servers. We should clean up all tests to remove all reliance on external web servers. Bug: http://code.google.com/p/android/issues/detail?id=35400 Change-Id: I28e78b7375ee554b3afe98e5249676e8bbbbec0e ests/support/Support_Configuration.java ests/support/resource/Support_Resources.java
903b3f5b6a6e524cb4d88b83ea32e7c355392271	19-Jul-2012	Elliott Hughes <enh@google.com>	Start removing Support_PortManager. A bad idea, badly implemented. Bug: 2441548 Change-Id: I34c990f6fd9d746771846f186a7ab3ab59e78a9f ests/support/Support_TestWebServer.java
5b7f91c1e6e208187cef57ab8a5de0a7f35e817f	22-Mar-2012	Brian Carlstrom <bdc@google.com>	Split OpenSSLRSAPrivateCrtKey from OpenSSLRSAPrivateKey Change-Id: I6a58044162758b3b74db5d17e9044f97dbe53bae ests/security/KeyFactoryTest.java
3e6dd45baa0d7f9b4fa06f4ade76e088b59cc7bf	16-Mar-2012	Brian Carlstrom <bdc@google.com>	Tracking openssl-1.0.1 Bug: 6168278 Change-Id: I240d2cbc91f616fd486efc5203e2221c9896d90f ibcore/java/security/StandardNames.java ibcore/java/security/TestKeyStore.java
10078dabb17441ce2721a8e5e10f275c5d0a426a	13-Dec-2011	Jesse Wilson <jessewilson@google.com>	Kill SerializationTester; obsoleted by SerializableTester. Bug: http://b/5397460 Change-Id: Ic20f4363c8937d5feff0dec89e5de7ccf20f1dac ests/util/SerializationTester.java
1a9cff8f68deffd618c5cba1f22f0fb0e396e067	17-Nov-2011	Jesse Wilson <jessewilson@google.com>	Always trigger finalization the same way in our tests. This came up when I was recently writing a ZipFile finalization test and I needed to copy-paste the finalizer recipe. Change-Id: Ia67061b3dba1a7011c93c9a81e2a963876b238a1 ibcore/dalvik/system/CloseGuardTester.java
513ac78ca8aaeb61fa06928ca10aeff34a7b4683	15-Oct-2011	Brian Carlstrom <bdc@google.com>	Set ANDROID_DATA for DalvikExecTest Also increase timeout to allow for dexopt of BOOTCLASSPATH Bug: 5310023 Change-Id: Icaa81a3bb3cea10c610e6ad671a001f6dbfeda17 ests/support/Support_Exec.java
9b4a8ec37805be3eabf3a4b443bbdb692ffa2608	30-Sep-2011	Elliott Hughes <enh@google.com>	Fix a couple of isReachable bugs. We shouldn't throw NPE if you call isReachable on a deserialized InetAddress. Fixed by removing the "globals", which also fixes the unreported bug that calling isReachable on the same InetAddress was not thread-safe. Bug: http://code.google.com/p/android/issues/detail?id=20203 Also, the arguments to isReachableByTCP in isReachable(NetworkInterface, int, int) were the wrong way round, which meant we'd always return false (unless you were asking if localhost was reachable). Bug: http://code.google.com/p/android/issues/detail?id=20107 Bug: 2497441 Bug: 3213503 Change-Id: Ic808e774c28be6487e30e6acb8bc06f766f5c71d ests/util/SerializationTester.java
ec4d64d1a6421b89fbc65da9d18aae89814474d7	12-Aug-2011	Jesse Wilson <jessewilson@google.com>	Fix ClassLoaderBuilder to work in an APK file. This was breaking several CTS tests. Change-Id: I76a87deeb9a1f7b056adb72447001cf5e23ec0b3 ests/util/ClassLoaderBuilder.java
6057b576781336fbf1c2ace82dbb2429f3eddb76	09-Jun-2011	Jesse Wilson <jessewilson@google.com>	am 8624c425: Merge "Use the same host name in the SSL cert as in mockwebserver." * commit '8624c4256089f54a58cbdd0ad2cf90af9b8f8973': Use the same host name in the SSL cert as in mockwebserver.
547450702efd233213f953ba2213bb38803c34c3	09-Jun-2011	Jesse Wilson <jessewilson@google.com>	Use the same host name in the SSL cert as in mockwebserver. MockWebServer had to revert to getLocalHost() since 'getLoopbackAddress() doesn't exist on Java 6 and MockWebServer wants to work on Java 6. Tested on host and device without problem. Change-Id: Ib083ec393d34b2378da579ffc7b6a71d599f9d22 ibcore/java/security/TestKeyStore.java ibcore/javax/net/ssl/TestSSLContext.java
7f708078fcc35e4b301469a0b124806996fe0399	08-Jun-2011	Jesse Wilson <jessewilson@google.com>	am fd92a508: Merge "Use external/mockwebserver in libcore" * commit 'fd92a50839c5327c5d32d65315fde5d52c9da03d': Use external/mockwebserver in libcore
09336c914b4fc813e493acc82469b9ad89fd8694	07-Jun-2011	Jesse Wilson <jessewilson@google.com>	Use external/mockwebserver in libcore Change-Id: I4dac34f88b23484643bce31e5f25ac6eb1fea426 ests/http/MockWebServer.java
4b1a89926910ce7f7c2a063240ceadfcbac74e06	06-Jun-2011	Brian Carlstrom <bdc@google.com>	am 003f7a4d: Make test initialization lazy * commit '003f7a4d100cd1527d94bac81a4a3c5a8216c6ee': Make test initialization lazy
003f7a4d100cd1527d94bac81a4a3c5a8216c6ee	04-Jun-2011	Brian Carlstrom <bdc@google.com>	Make test initialization lazy Bug: 4311645 Change-Id: I4280d7ddb2a78f0e33564f3b40cfeb5c671e134a ibcore/java/security/TestKeyStore.java
e26b27faf689c17b7894c78caee32432176349ec	04-Jun-2011	Elliott Hughes <enh@google.com>	Remove more dead "security theater" cruft. There's probably still more stuff lying around that isn't useful, but this was all I had time for on this particular Friday afternoon... Change-Id: I69593f6c9ab5534d581c703cc85a9766ba8e40e5 rg/apache/harmony/security/tests/support/MyBasicPermission.java rg/apache/harmony/security/tests/support/MyPermission.java rg/apache/harmony/security/tests/support/MyPermissionCollection.java
9b510df35b57946d843ffc34cf23fdcfc84c5220	28-May-2011	Elliott Hughes <enh@google.com>	Make ErrnoException a checked exception. Bug: 4486011 Change-Id: I1877ce593d441653f75ab14884aa2d85f52652ad ests/io/MockOs.java
54709bdf6b22d02efed7d2fd967cbd4d11b3942d	25-May-2011	Brian Carlstrom <bdc@google.com>	am e2fdfbde: Merge "OpenSSLSocketImpl should tolerate X509KeyManager returning null values" * commit 'e2fdfbde569a4cc284590c92bc57dc15dcc29a9c': OpenSSLSocketImpl should tolerate X509KeyManager returning null values
aba5e8c281fb9c6be23229246473fa0b433dd997	25-May-2011	Brian Carlstrom <bdc@google.com>	OpenSSLSocketImpl should tolerate X509KeyManager returning null values While this started out as the small fix in OpenSSLSocketImpl.setCertificate and the corresponding test test_SSLSocket_clientAuth_bogusAlias, the need to test the behavior of the X509KeyManager returning null on the RI led to test maintenance to get libcore.javax.net.ssl tests working on RI 7 thanks to a test dependency that was added on the new InetAddress.getLoopbackAddress(). Change-Id: I3d8ed1ce453cc3a0b53e23e39c02e6a71413649c ibcore/java/security/StandardNames.java
e5eb80e6adaab18ff7372adcd09f9e1af3a76871	19-May-2011	Jesse Wilson <jessewilson@google.com>	Make the HttpResponseCache robust to file I/O errors. If the filesystem fails, cache performance degrades. Ongoing writes should not see any filesystem errors: don't punish the writer who isn't benefitting from the cache. Ongoing reads may see IOExceptions while streaming files. In practice this will only happen if the directory disappears during use, as is the case when a removable partition is removed. Change-Id: Ibf4d51998d9beaba9f8c86c449fd5c97ca869cee http://b/3180373 ests/io/MockOs.java
6f778cc173cc60ec184e8ca54a16ad10cf55f2cf	18-May-2011	Jesse Wilson <jessewilson@google.com>	Cache HTTP responses with a Vary header. This requires a backdoor for the cache to read the request headers at put time. This is implemented by getting the HttpEngine, which will allow us to eventually share the response header parsing. Change-Id: I177467244e5af0a3dda07883cd58d641bf75362f http://b/3180373 ests/io/MockOs.java
17da3dfaf359de021b753570e25a033ae8927432	17-May-2011	Brian Carlstrom <bdc@google.com>	am 3041d84e: Merge "Make CertInstaller installed CA certs trusted by applications via default TrustManager (2 of 6)" * commit '3041d84e3c0ac7711868bdd7556047a3422e3052': Make CertInstaller installed CA certs trusted by applications via default TrustManager (2 of 6)
1b3c5388d0fffde4392007eb1b0be011a5dfae82	12-May-2011	Brian Carlstrom <bdc@google.com>	Make CertInstaller installed CA certs trusted by applications via default TrustManager (2 of 6) frameworks/base Adding IKeyChainService APIs for CertInstaller and Settings use keystore/java/android/security/IKeyChainService.aidl libcore Improve exceptions to include more information luni/src/main/java/javax/security/auth/x500/X500Principal.java Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods. Added support for adding user CAs in a separate directory for system. Added support for removing system CAs by placing a copy in a sytem directory luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash to make sure the implementing algorithms doe not change since TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to 1.0.0) luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Extensive test of new TrustedCertificateStore behavior luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java TestKeyStore improvements - Refactored TestKeyStore to provide simpler createCA method (and internal createCertificate) - Cleaned up to remove use of BouncyCastle specific X509Principal in the TestKeyStore API when the public X500Principal would do. - Cleaned up TestKeyStore support methods to not throw Exception to remove need for static blocks for catch clauses in tests. support/src/test/java/libcore/java/security/TestKeyStore.java luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Added private PKIXParameters contructor for use by IndexedPKIXParameters to avoid wart of having to lookup and pass a TrustAnchor to satisfy the super-class sanity check. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java luni/src/main/java/java/security/cert/PKIXParameters.java packages/apps/CertInstaller Change CertInstaller to call IKeyChainService.installCertificate for CA certs to pass them to the KeyChainServiceTest which will make them available to all apps through the TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask. src/com/android/certinstaller/CertInstaller.java Added installCaCertsToKeyChain and hasCaCerts accessor for use by CertInstaller. Use hasUserCertificate() internally. Cleanup coding style. src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Added MANAGE_ACCOUNTS so that IKeyChainService.reset implementation can remove KeyChain accounts. AndroidManifest.xml Implement new IKeyChainService methods: - Added IKeyChainService.installCaCertificate to install certs provided by CertInstaller using the TrustedCertificateStore. - Added IKeyChainService.reset to allow Settings to remove the KeyChain accounts so that any app granted access to keystore credentials are revoked when the keystore is reset. src/com/android/keychain/KeyChainService.java packages/apps/Settings Changed com.android.credentials.RESET credential reset action to also call IKeyChainService.reset to remove any installed user CAs and remove KeyChain accounts to have AccountManager revoke credential granted to private keys removed during the RESET. src/com/android/settings/CredentialStorage.java Added toast text value for failure case res/values/strings.xml system/core Have init create world readable /data/misc/keychain to allow apps to access user added CA certificates installed by the CertInstaller. rootdir/init.rc Change-Id: Ief57672eea38b3eece23b14c94dedb9ea4713744 ibcore/java/security/TestKeyStore.java
e342455abc6b650f847d931728223411e58831ce	17-May-2011	Jesse Wilson <jessewilson@google.com>	Test DiskLruCache with fault injection. This tests what happens when the filesystem fails while reading or writing the cached files. I still need to test what happens when there are failures reading or writing the journal. Change-Id: I48018514ef5b8cc206efc905b1823eb49589c8e8 http://b/3180373 ests/io/MockOs.java
757afaa7afe96791a3cc612c9e3c4597a7321c7e	12-May-2011	Jesse Wilson <jessewilson@google.com>	Provide hit and miss stats on the HTTP response cache. Also capture FDs rather than InputStreams when a cache entry is read. This permits the cache to return as many streams as the caller requires. Also fix bugs where we weren't properly releasing the input streams from the responses. Change-Id: I04807eab648864229f1e8734ad1fbb6a2d6bb51d http://b/3180373 ibcore/net/http/HttpResponseCache.java
1724d9cddbf0e0f4e35f5c5d83bc335994f0286e	11-May-2011	Jesse Wilson <jessewilson@google.com>	Support Eviction in DiskLruCache. Change-Id: I84f536e597efb4c2b8dd519261b327dcd3e9eefa http://b/3180373 ibcore/net/http/HttpResponseCache.java
6716a68492cbad8cf71e4941beb1fece7858a3cd	11-May-2011	Jesse Wilson <jessewilson@google.com>	Merge "Address code review comments to Adopt DiskLruCache change." into dalvik-dev
0038bf3674d6fedd4c1e884c7903f2fdcecb9127	11-May-2011	Elliott Hughes <enh@google.com>	Merge "Clean up the select(2) implementation." into dalvik-dev
f589846f86761ffea3c06ab9d105d3f19328d121	11-May-2011	Jesse Wilson <jessewilson@google.com>	Address code review comments to Adopt DiskLruCache change. That change was submitted too early. This is the missing follow-up. Change-Id: I521455a7d249f8841c989561775c91d4368a8966 http://b/3180373 ibcore/net/http/HttpResponseCache.java
a7bb29434692e01aed843b88cd042628bab74a23	11-May-2011	Elliott Hughes <enh@google.com>	Clean up the select(2) implementation. I wasn't planning on touching this code (since I want to replace it), but the purported "fix" for http://code.google.com/p/android/issues/detail?id=6309 was actually a regression. The supplied test fails on the RI. This patch replaces the bogus test with new tests, and reverts the old "fix". This was found while trying to work out what "true" and "false" return values from OSNetworkSystem.select are supposed to mean. This patch also switches to a more traditional int return value. Bug: 3107501 Change-Id: Iddce55e081d440b7eb3ddcf94db7d0739dc89c70 ests/net/StuckServer.java
433e3fac172d0c4449051b0c61c0c63b298a0903	11-May-2011	Jesse Wilson <jessewilson@google.com>	Adopt DiskLruCache in HttpResponseCache. http://b/3180373 Change-Id: I55ed45c5d0b8fc72cf50e8912416367ac802dc7a ibcore/net/http/HttpResponseCache.java
a0de05e00f3d51df7461cb2048c50bb30ef9112a	06-May-2011	Jesse Wilson <jessewilson@google.com>	Don't lose the import for InetAddress. Change-Id: I90fcf6c284f4a3bbe36ef0ed44f85ddf5a424ffb ests/http/MockWebServer.java
c996149b500fc4825156106554457fe2394ae087	06-May-2011	Jesse Wilson <jessewilson@google.com>	Fix proxy+HTTPS to handle authentication requests from the proxy. Previously I'd introduced a bug by assuming that CONNECT responses would always be successful. Change-Id: Iaf0caf67f52154f6951a20284c75db0090843b99 http://b/4188137 ests/http/MockWebServer.java ests/http/SocketPolicy.java
73c54e43051d0da126d643049296c264ebb9fd04	05-May-2011	Elliott Hughes <enh@google.com>	Merge "A handful of networking test fixes." into dalvik-dev
953df613522e12a418cb7cb73248594d6c9f53d4	03-May-2011	Jesse Wilson <jessewilson@google.com>	Refactor HttpURLConnection implementation. Break HttpURLConnectionImpl into two parts: the part that implements the Java API (that follows redirects etc.) and the part that speaks HTTP. The HTTP part is called HttpEngine, and it can only be used for a single HTTP request. This makes it easier to set request properties that only apply to a single socket request. Tests for 'Vary', 'Content-Location' and warnings. For simplicity of implementation I've chosen not to support 'Vary' at this time. The 'Content-Location' header doesn't require any work from the cache. Warnings are ugly but allow the caller to identify when the cache results may be problematic. Also breaking HttpResponseCache's dependency on HttpURLConnectionImpl so it can be tested on the RI. Change-Id: Idbabb51251f479c2cdea4e0fceb029bfd07182be http://b/3180373 ibcore/net/http/HttpResponseCache.java
7e6cee7a973ebf3cdc32638580d777d9b45088ae	05-May-2011	Elliott Hughes <enh@google.com>	A handful of networking test fixes. The main thing is that some of the tests were relying on the presence of the removed "java.net.preferIP*" properties. Change-Id: I4cb1e99a13ed10c3ce14dad58579454a22b3416f ests/support/Support_Configuration.java
d02c73b1db5e11d4d0b03da536e4d99a857b0c23	30-Apr-2011	Jesse Wilson <jessewilson@google.com>	Merge "Honor max-age and min-fresh request headers." into dalvik-dev
d7a21ec11a89594497f35f731b42d98af72e1235	30-Apr-2011	Brian Carlstrom <bdc@google.com>	resolved conflicts for merge of 7195b3b9 to dalvik-dev Change-Id: Ie1f2d796466f1799929b010d67585fd551b6f840
0c814baa7aff1b0845b2ad36c62dc791700732e1	30-Apr-2011	Brian Carlstrom <bdc@google.com>	am 347b2a60: Avoid loading all CA certs into Zygote memory, lazily load instead (2 of 3) * commit '347b2a604114602da9bc4ae040278f74d11c2f51': Avoid loading all CA certs into Zygote memory, lazily load instead (2 of 3)
7195b3b965df5c3288435d94e8d13bd256e33890	30-Apr-2011	Brian Carlstrom <bdc@google.com>	Merge "Fix X509CertImpl.verify(PublicKey, String) to respect provider argument"
adb64fbba2b781467e055706c3de0873dfc01166	30-Apr-2011	Jesse Wilson <jessewilson@google.com>	Honor max-age and min-fresh request headers. We now honor headers from both the server's response (which we have cached) and the client's request. Change-Id: Ib46e4fc0c5dd5b3e74cff8f45eea2dda51d20b94 http://b/3180373 ests/http/MockWebServer.java
91922d920e0020bde20ef5ae21b66cab847dd58b	30-Apr-2011	Brian Carlstrom <bdc@google.com>	Fix X509CertImpl.verify(PublicKey, String) to respect provider argument Mostly a cleanup of CertificateTest, but it found one small bug in X509CertImpl - X509CertImpl.verify with a specific provider should use that provider, not ignore it and use the NativeCrypto fast path - Fix the bad testGetEncoded logic that was expected PEM bytes to equal a DER encodi - Remove libcore and harmony dependencies that were preventing these from running on the RI - Note testSerializationCompatibility is still failing, but is fixed by the unmerged 46c6fad9fad8f3dbbc82516232a225f37d332ca7 Bug: 1635707 Change-Id: Ib86d21d6458cf1438c6ddd715ccb5a4f8a9af9e6 rg/apache/harmony/testframework/serialization/SerializationTest.java ests/support/resource/Support_Resources.java
347b2a604114602da9bc4ae040278f74d11c2f51	26-Apr-2011	Brian Carlstrom <bdc@google.com>	Avoid loading all CA certs into Zygote memory, lazily load instead (2 of 3) Previously the CA certs stored in the BKS KeyStore at /system/etc/security/cacerts.bks was loaded in the Zygote. As the the number of CAs are started to increase, this is causing more and more memory to be used for rarely used CAs. The new AndroidCAStore KeyStore implementation reads the CAs as needed out of individual PEM certificate files. The files can be efficiently found because they are named based on a hash CA's subject name, similar to OpenSSL. Bug: 1109242 Details: build Removing old cacerts.bks from GRANDFATHERED_ALL_PREBUILT and adding new cacerts directory to core PRODUCT_PACKAGES core/legacy_prebuilts.mk target/product/core.mk libcore cacerts build changes. Move cacerts prebuilt logic to new CaCerts.mk from NativeCode.mk where it didn't make sense. Updated Android.mk's dalvik-host target to install new cacerts files. Android.mk CaCerts.mk NativeCode.mk Remove old cacerts.bks and add remove certimport.sh script used to generate it. Preserved the useful comments from certimport.sh in the new README.cacerts luni/src/main/files/cacerts.bks luni/src/main/files/certimport.sh luni/src/main/files/README.cacerts Recanonicalize cacerts files using updated vendor/google/tools/cacerts/certimport.py (See below discussion of certimport.py changes for details) luni/src/main/files/cacerts/00673b5b.0 luni/src/main/files/cacerts/03e16f6c.0 luni/src/main/files/cacerts/08aef7bb.0 luni/src/main/files/cacerts/0d188d89.0 luni/src/main/files/cacerts/10531352.0 luni/src/main/files/cacerts/111e6273.0 luni/src/main/files/cacerts/1155c94b.0 luni/src/main/files/cacerts/119afc2e.0 luni/src/main/files/cacerts/11a09b38.0 luni/src/main/files/cacerts/12d55845.0 luni/src/main/files/cacerts/17b51fe6.0 luni/src/main/files/cacerts/1920cacb.0 luni/src/main/files/cacerts/1dac3003.0 luni/src/main/files/cacerts/1dbdda5b.0 luni/src/main/files/cacerts/1dcd6f4c.0 luni/src/main/files/cacerts/1df5ec47.0 luni/src/main/files/cacerts/1e8e7201.0 luni/src/main/files/cacerts/1eb37bdf.0 luni/src/main/files/cacerts/219d9499.0 luni/src/main/files/cacerts/23f4c490.0 luni/src/main/files/cacerts/27af790d.0 luni/src/main/files/cacerts/2afc57aa.0 luni/src/main/files/cacerts/2e8714cb.0 luni/src/main/files/cacerts/2fa87019.0 luni/src/main/files/cacerts/2fb1850a.0 luni/src/main/files/cacerts/33815e15.0 luni/src/main/files/cacerts/343eb6cb.0 luni/src/main/files/cacerts/399e7759.0 luni/src/main/files/cacerts/3a3b02ce.0 luni/src/main/files/cacerts/3ad48a91.0 luni/src/main/files/cacerts/3c58f906.0 luni/src/main/files/cacerts/3c860d51.0 luni/src/main/files/cacerts/3d441de8.0 luni/src/main/files/cacerts/3e7271e8.0 luni/src/main/files/cacerts/418595b9.0 luni/src/main/files/cacerts/455f1b52.0 luni/src/main/files/cacerts/46b2fd3b.0 luni/src/main/files/cacerts/48478734.0 luni/src/main/files/cacerts/4d654d1d.0 luni/src/main/files/cacerts/4e18c148.0 luni/src/main/files/cacerts/4fbd6bfa.0 luni/src/main/files/cacerts/5021a0a2.0 luni/src/main/files/cacerts/5046c355.0 luni/src/main/files/cacerts/524d9b43.0 luni/src/main/files/cacerts/56b8a0b6.0 luni/src/main/files/cacerts/57692373.0 luni/src/main/files/cacerts/58a44af1.0 luni/src/main/files/cacerts/594f1775.0 luni/src/main/files/cacerts/5a3f0ff8.0 luni/src/main/files/cacerts/5a5372fc.0 luni/src/main/files/cacerts/5cf9d536.0 luni/src/main/files/cacerts/5e4e69e7.0 luni/src/main/files/cacerts/60afe812.0 luni/src/main/files/cacerts/635ccfd5.0 luni/src/main/files/cacerts/67495436.0 luni/src/main/files/cacerts/69105f4f.0 luni/src/main/files/cacerts/6adf0799.0 luni/src/main/files/cacerts/6e8bf996.0 luni/src/main/files/cacerts/6fcc125d.0 luni/src/main/files/cacerts/72f369af.0 luni/src/main/files/cacerts/72fa7371.0 luni/src/main/files/cacerts/74c26bd0.0 luni/src/main/files/cacerts/75680d2e.0 luni/src/main/files/cacerts/7651b327.0 luni/src/main/files/cacerts/76579174.0 luni/src/main/files/cacerts/7999be0d.0 luni/src/main/files/cacerts/7a481e66.0 luni/src/main/files/cacerts/7a819ef2.0 luni/src/main/files/cacerts/7d3cd826.0 luni/src/main/files/cacerts/7d453d8f.0 luni/src/main/files/cacerts/81b9768f.0 luni/src/main/files/cacerts/8470719d.0 luni/src/main/files/cacerts/84cba82f.0 luni/src/main/files/cacerts/85cde254.0 luni/src/main/files/cacerts/86212b19.0 luni/src/main/files/cacerts/87753b0d.0 luni/src/main/files/cacerts/882de061.0 luni/src/main/files/cacerts/895cad1a.0 luni/src/main/files/cacerts/89c02a45.0 luni/src/main/files/cacerts/8f7b96c4.0 luni/src/main/files/cacerts/9339512a.0 luni/src/main/files/cacerts/9685a493.0 luni/src/main/files/cacerts/9772ca32.0 luni/src/main/files/cacerts/9d6523ce.0 luni/src/main/files/cacerts/9dbefe7b.0 luni/src/main/files/cacerts/9f533518.0 luni/src/main/files/cacerts/a0bc6fbb.0 luni/src/main/files/cacerts/a15b3b6b.0 luni/src/main/files/cacerts/a3896b44.0 luni/src/main/files/cacerts/a7605362.0 luni/src/main/files/cacerts/a7d2cf64.0 luni/src/main/files/cacerts/ab5346f4.0 luni/src/main/files/cacerts/add67345.0 luni/src/main/files/cacerts/b0f3e76e.0 luni/src/main/files/cacerts/bc3f2570.0 luni/src/main/files/cacerts/bcdd5959.0 luni/src/main/files/cacerts/bda4cc84.0 luni/src/main/files/cacerts/bdacca6f.0 luni/src/main/files/cacerts/bf64f35b.0 luni/src/main/files/cacerts/c0cafbd2.0 luni/src/main/files/cacerts/c215bc69.0 luni/src/main/files/cacerts/c33a80d4.0 luni/src/main/files/cacerts/c527e4ab.0 luni/src/main/files/cacerts/c7e2a638.0 luni/src/main/files/cacerts/c8763593.0 luni/src/main/files/cacerts/ccc52f49.0 luni/src/main/files/cacerts/cdaebb72.0 luni/src/main/files/cacerts/cf701eeb.0 luni/src/main/files/cacerts/d16a5865.0 luni/src/main/files/cacerts/d537fba6.0 luni/src/main/files/cacerts/d64f06f3.0 luni/src/main/files/cacerts/d777342d.0 luni/src/main/files/cacerts/d8274e24.0 luni/src/main/files/cacerts/dbc54cab.0 luni/src/main/files/cacerts/ddc328ff.0 luni/src/main/files/cacerts/e48193cf.0 luni/src/main/files/cacerts/e60bf0c0.0 luni/src/main/files/cacerts/e775ed2d.0 luni/src/main/files/cacerts/e7b8d656.0 luni/src/main/files/cacerts/e8651083.0 luni/src/main/files/cacerts/ea169617.0 luni/src/main/files/cacerts/eb375c3e.0 luni/src/main/files/cacerts/ed049835.0 luni/src/main/files/cacerts/ed524cf5.0 luni/src/main/files/cacerts/ee7cd6fb.0 luni/src/main/files/cacerts/f4996e82.0 luni/src/main/files/cacerts/f58a60fe.0 luni/src/main/files/cacerts/f61bff45.0 luni/src/main/files/cacerts/f80cc7f6.0 luni/src/main/files/cacerts/fac084d7.0 luni/src/main/files/cacerts/facacbc6.0 luni/src/main/files/cacerts/fde84897.0 luni/src/main/files/cacerts/ff783690.0 Change IntegralToString.intToHexString to take width argument to allow for leading zero padding. Updated existing callers to specify 0 padding desired. Add testing of new padding functionality. luni/src/main/java/java/lang/Character.java luni/src/main/java/java/lang/Integer.java luni/src/main/java/java/lang/IntegralToString.java luni/src/test/java/libcore/java/lang/IntegralToStringTest.java Improved to throw Exceptions with proper causes luni/src/main/java/java/security/KeyStore.java luni/src/main/java/java/security/Policy.java luni/src/main/java/java/security/cert/CertificateFactory.java luni/src/main/java/javax/crypto/Cipher.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignature.java Indentation fixes luni/src/main/java/java/security/SecureRandom.java Fix X509CRLSelector.getIssuerNames to clone result and added test to cover this. luni/src/main/java/java/security/cert/X509CRLSelector.java luni/src/test/java/libcore/java/security/cert/X509CRLSelectorTest.java Fixed bug where we created an X500Principal via a String representation instead of from its original encoded bytes. This led to a difficult to track down bug where CA 418595b9.0 where the NativeCode.X509_NAME_hash of a Harmony (but not BouncyCastle) X509Certificate would not hash to the expected value because the encoded form used an ASN.1 PrintableString instead of the UTF8String form found in the original certificate. luni/src/main/java/org/apache/harmony/security/x501/Name.java Add a new RootKeyStoreSpi and register it as the AndroidCAStore. This new read-only KeyStore implementation that looks for certificates in $ANDROID_ROOT/etc/security/cacerts/ directory, which is /system/etc/security/cacerts/ on devices. The files are stored in the directory based on the older md5 based OpenSSL X509_NAME_hash function (now referred to as X509_NAME_hash_old in OpenSSL 1.0) luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java Added OpenSSL compatible X509_NAME_hash and X509_NAME_hash_old functions for producting an int hash value from an X500Principal. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java Changed TrustManagerFactoryImpl to use AndroidCAStore for its default KeyStore luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerFactoryImpl.java Changed TrustManagerImpl to be AndroidCAStore aware. If it detects an AndroidCAStore, it avoids generating the acceptedIssuers array at constructions, since doing so would force us to parse all certificates in the store and the value is only typically used by SSLServerSockets when requesting a client certifcate. Because we don't load all the trusted CAs into the IndexedPKIXParameters at startup in the case of AndroidCAStore, we now check for new CAs when examining the cert chain for unnecessary TrustAnchors and for a newly discovered issuer at the end of the chain before validation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Updated KeyStoreTest to cope with read only KeyStore. Update test_cacerts_bks (now renamed test_cacerts) to use the AndroidCAStore for validating system CA certificate validity. Register AndroidCAStore as an expected KeyStore type with StandardNames. luni/src/test/java/libcore/java/security/KeyStoreTest.java support/src/test/java/libcore/java/security/StandardNames.java Added test of X500Principal serialization while investigating Name encoding issue. However, the actual Name bug was found and verified by the new test_cacerts test. luni/src/test/java/libcore/javax/security/auth/x500/X500PrincipalTest.java vendor/google Change canonical format for checked in cacerts to have PEM certificate at the top, as required by Harmony's X.509 CertificateFactory. tools/cacerts/certimport.py Change-Id: If0c9de430f13babb07f96a1177897c536f3db08d ibcore/java/security/StandardNames.java
0c59055dd24e1659f85d9ff7e2148883f663bd62	27-Apr-2011	Jesse Wilson <jessewilson@google.com>	Support conditional gets in HttpURLConnection. This is the first step towards adding an HTTP response cache. There's still much to do; details are listed on the bug. Change-Id: Ie693fe424d1d90e90576fc959595e4d96a31f767 http://b/3180373 ibcore/net/http/HttpResponseCache.java ests/http/DefaultResponseCache.java ests/http/MockResponse.java ests/http/MockWebServer.java
46c6fad9fad8f3dbbc82516232a225f37d332ca7	15-Apr-2011	Brian Carlstrom <bdc@google.com>	post bouncycastle 1.46 upgrade test cleanup Change-Id: I6e9be66b3f4fd4c09b31e2508236af62fa5214e3 rg/apache/harmony/testframework/serialization/SerializationTest.java ests/security/AlgorithmParametersTest.java
839b99a3725f9af66ca9ea1bac2a3f3c784717c4	13-Apr-2011	Brian Carlstrom <bdc@google.com>	Updating StandardNames for bouncycastle 1.46 upgrade Change-Id: I26a9ff274fd86c4645e44123f6761621045228b5 ibcore/java/security/StandardNames.java
3258b52429c7768ea91bda93c5a15257cdd390e5	18-Mar-2011	Brian Carlstrom <bdc@google.com>	libcore key chain support Allow access to default IndexedPKIXParameters, similar to access to default TrustManager. Needed to allow framework to add/remove trusted CAs at runtime. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Add test support for looking up a cert by an issuer for use in key chain tests. support/src/test/java/libcore/java/security/TestKeyStore.java Add test support SSLSocketFactory that sets desired client auth on each created socket. For use with MockWebServer for key chain testing. support/src/test/java/libcore/javax/net/ssl/TestSSLContext.java Change-Id: Iecdbd40c67f1673bda25a52b4e229156c805d564 ibcore/java/security/TestKeyStore.java ibcore/javax/net/ssl/TestSSLContext.java
9fa7c4cd4a619236db70aefab8da3abafb065bca	31-Mar-2011	Jesse Wilson <jessewilson@google.com>	am 866b399e: am 9d28a32d: am bc4c79c6: Don\'t read from the delegate stream after we close it. * commit '866b399e1d5cab4cc8d196f8008ba8ad8376765d': Don't read from the delegate stream after we close it.
bc4c79c6a2059003f695f7ad204de36700e8d701	31-Mar-2011	Jesse Wilson <jessewilson@google.com>	Don't read from the delegate stream after we close it. Change-Id: Ib724b170f7ec10ea0025c0e2e7978119fd070eb6 http://b/4188137 ests/http/MockWebServer.java
f049593e9a5160492a0dafb19e5595dac138505e	31-Mar-2011	Elliott Hughes <enh@google.com>	Remove a broken API that encouraged people to make the wrong fix to tests. Not having Arabic locale data is not a reason to skip German tests. Change-Id: I5062d2a0343e8e040f5766532433ade37569b0c5 ests/support/Support_DecimalFormat.java ests/support/Support_Locale.java
0c2fd828abec671333b8b88281825fd27a783723	30-Mar-2011	Jesse Wilson <jessewilson@google.com>	Fix MockWebServer to use the same hostname as TestKeyStore. Change-Id: I31c9f6e9add87a17737eac4f09949540e5da8cb5 ests/http/MockWebServer.java
8ee594cf5c35b5039aaca67e1f4b84c533046305	23-Mar-2011	Tsu Chiang Chuang <tsu@google.com>	Fix cts-tf tests by using InetAddress.getLoopbackAddress(). Change-Id: Iced1b64b74e664cbf75006adc2be9cfe1c9ba0e9 ibcore/java/security/TestKeyStore.java
61e89ca39547bdb94e271fb38d0da7b36359be16	12-Mar-2011	Elliott Hughes <enh@google.com>	Remove dead classes. Change-Id: I467d91e65492cdba08d11ae5420a8b849a682a7a ests/support/Support_IOTestSecurityManager.java ests/support/Support_NetworkInterface.java ests/support/Support_SimpleDateFormat.java ests/support/Support_TimeZone.java
27a5b793cc7ae8a72ba2f767214a828becdc64cd	10-Mar-2011	Elliott Hughes <enh@google.com>	Rewrite BitSet and add the new valueOf and toLongArray methods. All four overloads of valueOf (byte[], long[], ByteBuffer, LongBuffer) are included. There's still toByteArray and previousClearBit/previousSetBit to add in a later change. This includes all the rewriting of BitSet I planned on, though it may be possible to simplify it still further (in particular, I left get(int, int) pretty much as it was). This implementation is faster than the old one, as well as clearer, and it also has a more sane performance profile; operations that ought to be cheap -- such as isEmpty -- are now cheap, and you now always amortize the cost of any work you cause to be done, where before you might have to do it repeatedly until a structural change. The new code also makes better use of Long's functionality. Bug: 3484927 Change-Id: I180e6ae836437e78a8b6ca0a7a5d522e58f3d911 ests/support/Support_BitSet.java
229e34b182b98e1dba15d3dc6341954986ae2b7a	03-Mar-2011	Brian Carlstrom <bdc@google.com>	Removing use of @tests and @Test.* annotations Change-Id: I89243efdeebe22543c45a2166b634f40c3e78cf8 ests/security/AlgorithmParameterGeneratorTest.java ests/security/AlgorithmParametersTest.java ests/security/KeyFactoryTest.java ests/security/KeyPairGeneratorTest.java ests/support/Support_CollectionTest.java ests/support/Support_ListTest.java ests/support/Support_SetTest.java ests/support/Support_UnmodifiableCollectionTest.java ests/support/Support_UnmodifiableMapTest.java
8bc378b1cec65bc06766a14a9cc575fec931b418	24-Feb-2011	Jesse Wilson <jessewilson@google.com>	Don't generate large DH keys when small ones will do. This dramatically improves the runtime of these tests from a few minutes to a few seconds. Also update known failures to cover the new reasons why these tests are failing. Change-Id: I82b738f3f1fb24a08d334fa960153692a0c9144f http://b/3474446 ibcore/java/security/StandardNames.java
3a3511edad46420b4287017ac66fe4783cb804db	11-Feb-2011	Jesse Wilson <jessewilson@google.com>	Move tests from java.injected into libcore. Change-Id: Ia3fee27c8f8ca38120eea3fc2582d3e1b2504cea ibcore/javax/net/ssl/FakeSSLSession.java
26ce8fbd8fe488cc969b08f64c56525662763dc4	08-Feb-2011	Jesse Wilson <jessewilson@google.com>	resolved conflicts for merge of 6186821c to dalvik-dev Change-Id: Ic6f0172767d6feedb188d3a5e7488a67702ef8c4
6186821cb13f4ac7ff50950c813394367e021eae	08-Feb-2011	Jesse Wilson <jessewilson@google.com>	Move libcore.base classes to libcore.util and libcore.io. Change-Id: I2340a9dbad3561fa681a8ab47d4f406e72c913e3 rg/apache/harmony/testframework/serialization/SerializationTest.java ests/support/resource/Support_Resources.java
efb32502d686b06ddf60828d9abe3d4e0577e5dc	02-Feb-2011	Brian Carlstrom <bdc@google.com>	am 4155a249: Performance improvements to NativeCrypto based MessageDigest API * commit '4155a2498a57fb09e92815f8993a70c216ddc5ec': Performance improvements to NativeCrypto based MessageDigest API
6ed93fa8be996378e766d3fd2586b51c6fe656b1	02-Feb-2011	Jesse Wilson <jessewilson@google.com>	Don't parse or format IP addresses in cert code. We used to include a full IP address parser and formatter. The formatter handled one interesting case: a 2x length byte[] containing both an IP route and mask. Although our code supported parsing and formatting these, they do not occur in practice. The Java APIs don't support NameConstraints, which is the only part of the spec that uses them. Change-Id: I7a4b22b40a37d6f26ec09fc5188ec1ba43e4d249 http://b/3385492 ibcore/java/security/TestKeyStore.java
4155a2498a57fb09e92815f8993a70c216ddc5ec	02-Feb-2011	Brian Carlstrom <bdc@google.com>	Performance improvements to NativeCrypto based MessageDigest API NativeCrypto API improvements: - Move to using EVP_MD related native methods, some of which are derived from the EVP_MD_CTX versions with similar name. The new EVP_get_digestbyname allows one time lookup of the EVP_MD from the string name, avoiding doing it on every call to EVP_DigestInit. - EVP_MD_CTX_create is now removed, it is just done as part of EVP_DigestInit and EVP_VerifyInit to an extra JNI call. - EVP_DigestFinal now destroys the EVP_MD_CTX to avoid needing to make another call JNI call to EVP_MD_CTX_destroy. EVP_MD_CTX_destroy is kept for cases when EVP_DigestFinal is never called. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java In addition to the improved NativeCrypto API to allow better performance for callers, the implementations use of throwExceptionIfNecessary was made conditional based on the status code from various operations, which had a noticeable impact on performance compared to android.security.MessageDigest luni/src/main/native/NativeCrypto.cpp Updated MessageDigest.getInstance default implementation to use new NativeCrypto API. An EVP_MD instance is looked up at class load time for a specific digest type and then used to call NativeCrypto.EVP_DigestInit as needed, avoiding a lookup of EVP_MD for each new digest. The EVP_MD is also for a one-time lookup the digest output size in bytes, to avoid native calls for engineGetDigestLength. Finally, the creation of the EVP_MD_CTX is now lazy, only created when needed, avoiding unnecessarily create/free in reset cases such as engineDigest. See also external/bouncycastle's OpenSSLDigest implementation which had similar optimizations. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLMessageDigestJDK.java OpenSSLSignature also used EVP_MD_CTX_create, and its EVP_VerifyInit was changed similar to EVP_DigestInit to internally allocate the EVP_MD_CTX on the call to init. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignature.java Fix test to work with arbitrary provider order luni/src/test/java/org/apache/harmony/security/tests/java/security/MessageDigest2Test.java Fix CloseGuard warnings luni/src/test/java/tests/security/MessageDigestTest.java Bug: 3392028 Change-Id: Idb266ebc0918ffd5550e0f457784256400cd2ff0 ests/security/MessageDigestTest.java
101547d4a82ba21031dc7cb62018720dbd493758	01-Feb-2011	Jesse Wilson <jessewilson@google.com>	Refactoring to add a builder for TestKeyStore. Change-Id: I346aea42a27042512f4ed97690f1e0ca1755257c ibcore/java/security/TestKeyStore.java
0ac85ead96f1ba7d35f3acadd154de4ef0a8fd87	25-Jan-2011	Brian Carlstrom <bdc@google.com>	Tracking jarjar of org.bouncycastle to com.android.org.bouncycastle Bug: 3086427 Change-Id: I026f80bfa5e963a8e988ecd6f91c9732a4afc70c ibcore/java/security/TestKeyStore.java
0d5c7588179fb373da70ce04362be5ce74a98eb4	24-Jan-2011	Brian Carlstrom <bdc@google.com>	Cipher.init incorrectly implements RFC 3280 key usage validation Issue: http://code.google.com/p/android/issues/detail?id=12955 Bug: 3381582 Change-Id: Ida63c1356634c8e287ce5b0234418a656dffedf0 ibcore/java/security/TestKeyStore.java
65275e82cd8c877145376dd429a5e31f598e81a2	14-Jan-2011	Jesse Wilson <jessewilson@google.com>	Merge "Fix HTTP cookie to do case mapping with Locale.US." into honeycomb
f162edaa335461474b020027bb2e85eb3be2c179	14-Jan-2011	Jesse Wilson <jessewilson@google.com>	Fix HTTP cookie to do case mapping with Locale.US. While I'm here fix a MockWebServer bug I recently introduced that broke cookie tests that needed to know port numbers before responses were enqueued. Change-Id: Idb2389ac5ed66656248c10aeb68209641acc0a68 http://b/3325637 ests/http/MockWebServer.java
8a9624fcddded08aa352e56369c190d35f234e0a	13-Jan-2011	Dan Bornstein <danfuzz@android.com>	Remove pointless tests. DO NOT MERGE. Change-Id: Ia1bac1abaa44c6341b00005a3142e87073b16bd6 rg/apache/harmony/security/tests/support/acl/AclEntryImpl.java rg/apache/harmony/security/tests/support/acl/AclEnumerator.java rg/apache/harmony/security/tests/support/acl/AclImpl.java rg/apache/harmony/security/tests/support/acl/GroupImpl.java rg/apache/harmony/security/tests/support/acl/OwnerImpl.java rg/apache/harmony/security/tests/support/acl/PermissionImpl.java rg/apache/harmony/security/tests/support/acl/PrincipalImpl.java
b7f4d6c3968c372767b2510f38a3d506067aced6	13-Jan-2011	Jesse Wilson <jessewilson@google.com>	Move tests from android.core.URLTest to URLConnectionTest. This includes some changes to MockWebServer to make it stop accepting connections as soon as its response queue is empty. Change-Id: I5a6bcdf1c03d0c36b11552ae086d0dece0440f64 http://b/1158780 ests/http/MockWebServer.java
a9c6c9013b08934867f71b69a90efce0c1b66918	11-Jan-2011	Elliott Hughes <enh@google.com>	Documentation improvements for socket options. Bug: http://code.google.com/p/android/issues/detail?id=13898 Change-Id: I202a5404e7e828f074483a3f6365b4e3a941da7d ests/support/Support_NetworkInterface.java
e942f46f10bb9384a1b186b3d7b74f9704c57090	17-Dec-2010	Jesse Wilson <jessewilson@google.com>	Test that HttpURLConnection responds gracefully when the server closes a socket. Change-Id: I5110d58d91e7c6f8f7553ad400f0bd841bcf07b6 http://b/2612240 ests/http/MockResponse.java ests/http/MockWebServer.java ests/http/SocketPolicy.java
54c8a07db3c2d1670c2867ba864d351cb30fecfa	17-Dec-2010	Brian Carlstrom <bdc@google.com>	resolved conflicts for merge of 5fc737eb to master Change-Id: Ifc2a4fd44cef525709a3b9dc0a502b1a0690c6fd
2915378e253f08e47fe5a9bfd026cd1ca7c6c351	16-Dec-2010	Brian Carlstrom <bdc@google.com>	HttpsURLConnection retry should not invoke X509TrustManager and HostnameVerifier more than once Summary: In 2.3, HttpsURLConnection was change to retry TLS connections as SSL connections w/o compression to deal with servers that are TLS intolerant. However, if the handshake proceeded to the point of invoking the X509TrustManager, we should not retry. Similarly, if we should not invoke the HostnameVerifier repeatedly, and need to wait until the SSL handshake has completed. Tested with (includes two new tests for this issue): libcore/luni/src/test/java/libcore/javax/net/ssl/ libcore/luni/src/test/java/libcore/java/net/URLConnectionTest.java libcore/luni/src/test/java/org/apache/harmony/luni/tests/internal/net/www/protocol/https/HttpsURLConnectionTest.java Details: HttpConnection.setupSecureSocket has been broken into two pieces. setupSecureSocket now just does the SSL handshaking. verifySecureSocketHostname now does the verification. The old HttpConnection code was careful never to assign its sslSocket field until verification was complete. A new unverifiedSocket field is added to store the sslSocket before verification is completed by verifySecureSocketHostname. luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java HttpsEngine.makeConnection now skips TLS intolerant retry if the reason for the makeSslConnection failure was a CertificateException, since that implies that we failed during certification validation after initial handshaking. We also prevent retrying hostname verification by moving it out of makeSslConnection and only doing it on new SSL connections, tracking the changes to HttpConnection.setupSecureSocket mentioned above. We also now skip the redundant call to setUpTransportIO in makeSslConnection on reused SSLSockets. luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/https/HttpsURLConnectionImpl.java Instead of throwing away the underlying CertificateExceptions, set them as the cause of the SSLExceptions. This is what the RI does in the case of X509TrustManager failures and is now used by HttpsEngine.makeConnection. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Added new testConnectViaHttpsToUntrustedServer which makes sure that connections are not retried on certificate verification failure. luni/src/test/java/libcore/java/net/URLConnectionTest.java Added new test_SSLSocket_untrustedServer that verifies that an SSLHandshakeException is thown containing a CertificateException is thrown on certificate verification problems. luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java Added second test CA and a new TestKeyStore.getClientCA2 test key store that does not trust the primary test key stores. This is useful for negative testing and is used in the above two new tests. support/src/test/java/libcore/java/security/TestKeyStore.java Issue: http://code.google.com/p/android/issues/detail?id=13178 Bug: 3292412 Change-Id: I37136bb65f04d2bceaf2f32f542d6432c8b76ad4 ibcore/java/security/TestKeyStore.java
ffeba5dd766602f6e2be9caa9081744348a53c04	01-Dec-2010	Brian Carlstrom <bdc@google.com>	Add support for TLS_EMPTY_RENEGOTIATION_INFO_SCSV cipher suite "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" is RFC 5746's renegotiation indication signaling cipher suite value. It is not a real cipher suite. It is just an indication in the default and supported cipher suite lists indicates that the implementation supports secure renegotiation. In the RI, its presence means that the SCSV is sent in the cipher suite list to indicate secure renegotiation support and its absence means to send an empty TLS renegotiation info extension instead. However, OpenSSL doesn't provide an API to give this level of control, instead always sending the SCSV and always including the empty renegotiation info if TLS is used (as opposed to SSL). So we simply allow TLS_EMPTY_RENEGOTIATION_INFO_SCSV to be passed for compatibility as to provide the hint that we support secure renegotiation. Change-Id: I0850bea47568edcfb1f7df99d4e8a747f938406d ibcore/java/security/StandardNames.java
4ae3fd787741bfe1b808f447dcb0785250024119	19-Nov-2010	Brian Carlstrom <bdc@google.com>	Elliptic Crypto support for OpenSSLSocketImpl Summary: - Enable Elliptic Crypto support for OpenSSL based SSLSocket instances - More RI compliant usage of key types, client auth types, and server auth types - Steps toward TLS_EMPTY_RENEGOTIATION_INFO_SCSV support, currently test updates Details: Elliptic Curve changes CipherSuite updates for EC - Adding KEY_EXCHANGE_EC* and corresponding CipherSuites Updated isAnonymous, getKeyType (now renamed getServerKeyType) to handle new EC cases. Added new getAuthType for use by checkServerTrusted callers. - Restructured code to handle two SUITES_BY_CODE_* arrays - Remove KEY_EXCHANGE_DH_* definitions which unused because the corresponding CipherSuites were previously disabled. - Changed AES CipherSuites definitions to use "_CBC" to match other definitions. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java openssl EC - NativeCrypto now registers TLS_EC_* cipher suites and has update default list - Improved auth type arguments to checkClientTrusted/checkServerTrusted - NativeCrypto support for emphemeral EC keys luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java luni/src/main/native/NativeCrypto.cpp non-openssl SSL/TLS cleanups - cleanup around code trying to cope with DiffieHellman vs DH since either should work. - changed client to use new CipherSuite.getAuthType shared with NativeCrypto implementation - changed server to use CipherSuite.getKeyType luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java Consolidate CertificateRequestType code into CipherSuite so that its shared between java and openssl implementations. This includes the KEY_TYPE_ string constants, TLS_CT_* byte constants and the 'String keyType(byte)' (now renamed getClientKeyType) code that depends on them. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java Tests Differentiate between supported list of cipher suites openssl-based SSLSocket and SSLEngine based, since the SSLEngine code does not support EC. luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java Added testing for expected default cipher suites. Before we just ensured the values were valid. luni/src/test/java/libcore/javax/net/ssl/SSLSocketFactoryTest.java support/src/test/java/libcore/java/security/StandardNames.java Updated to handle new EC cipher suites codes. Added test for new getClientKeyType. luni/src/test/java/org/apache/harmony/xnet/provider/jsse/CipherSuiteTest.java Better use of "standard names" particularly to correctly deal with the subtle differences between key types, client auth types, and server auth types. TestKeyManager and TestTrustManager now verify the values they are passed are acceptable. support/src/test/java/libcore/java/security/StandardNames.java support/src/test/java/libcore/javax/net/ssl/TestKeyManager.java support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java Changed to timeout after 30 seconds and to log to reveal both client and server issues. support/src/test/java/libcore/javax/net/ssl/TestSSLSocketPair.java Bug: 3058375 Change-Id: I14d1d0285d591c99cc211324f3595a5be682cab1 ibcore/java/security/StandardNames.java ibcore/javax/net/ssl/TestKeyManager.java ibcore/javax/net/ssl/TestSSLSocketPair.java ibcore/javax/net/ssl/TestTrustManager.java
086fd0244a54fa5ecf13ea66d49b22b36d7d456e	30-Nov-2010	Jesse Wilson <jessewilson@google.com>	Fix XML DOM test failures and close guard warnings. Fix KxmlParser to capture the DTD's root element name, system ID and public ID. This is more robust than capturing the same in the pull-to-DOM adapter. Fix close guard warnings in XML tests. Close input streams of resource files. Don't catch exceptions only to call fail(). http://b/3090550 Change-Id: I7cfafde58cc28af79c48386a4d124803c8791328 ests/support/resource/Support_Resources.java
1a3dfbe49a3dcd7c855972dadccb9226468359d5	29-Nov-2010	Brian Carlstrom <bdc@google.com>	am 6c78b7b9: Toward EC TLS support * commit '6c78b7b94c232063ec559436b48b33751373ecf1': Toward EC TLS support
6c78b7b94c232063ec559436b48b33751373ecf1	19-Nov-2010	Brian Carlstrom <bdc@google.com>	Toward EC TLS support Summary: - javax.net.ssl tests are now working on the RI - KeyManager can now handle EC_EC and EC_RSA - OpenSSLSocketImpl.startHandshake now works if KeyManager contains EC certificates Details: Add CipherSuite.getKeyType to provide X509KeyManager key type strings, refactored from OpenSSLServerSocketImpl.checkEnabledCipherSuites. getKeyType is now also used in OpenSSLSocketImpl.startHandshake to avoid calling setCertificate for unnecessary key types. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java New CipherSuiteTest to cover new getKeyType as well as existing functionality luni/src/test/java/org/apache/harmony/xnet/provider/jsse/CipherSuiteTest.java Add support to KeyManager implementation for key types of the form EC_EC and EC_RSA. The first part implies the KeyPair algorithm (EC in these new key types) with a potentially different signature algorithm (EC vs RSA in these) luni/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java Update NativeCrypto.keyType to support EC_EC and EC_RSA in addition to EC which was added earlier. Change from array of KEY_TYPES to named KEY_TYPE_* constants. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java Overhauled KeyManagerFactoryTest to cover EC, EC_EC, EC_RSA cases luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java support/src/test/java/libcore/java/security/StandardNames.java Changed TestKeyStore.createKeyStore from always using BKS to now use JKS on the RI between BC EC Keys and RI X509 certificates. Because JKS requires a password, we now default "password" on the RI. support/src/test/java/libcore/java/security/TestKeyStore.java luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java support/src/test/java/libcore/java/security/StandardNames.java TestKeyStore.create now accepts key types like EC_RSA. Changed TestKeyStore.createKeys to allow a PrivateKeyEntry to be specified for signing to enable creation of EC_RSA test certificate. Added getRootCertificate/rootCertificate to allow lookup of PrivateKeyEntry for signing. Changed TestKeyStore.getPrivateKey to take explicit signature algorithm to retrieve EC_EC vs EC_RSA entries. support/src/test/java/libcore/java/security/TestKeyStore.java luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java luni/src/test/java/libcore/java/security/cert/PKIXParametersTest.java luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java support/src/test/java/libcore/java/security/StandardNames.java Added support for EC cipher suites on the RI. Also test with and without new TLS_EMPTY_RENEGOTIATION_INFO_SCSV cipher suite which is used to specify the new TLS secure renegotiation. luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java support/src/test/java/libcore/java/security/StandardNames.java New TestKeyManager and additional logging in TestTrustManager. Logging in both is disabled by default using DevNullPrintStream. support/src/test/java/libcore/javax/net/ssl/TestKeyManager.java support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java support/src/test/java/libcore/java/io/DevNullPrintStream.java Bug: 3058375 Change-Id: Ia5e2a00a025858e10d1076b900886994b481e05a ibcore/java/io/NullPrintStream.java ibcore/java/security/StandardNames.java ibcore/java/security/TestKeyStore.java ibcore/javax/net/ssl/TestKeyManager.java ibcore/javax/net/ssl/TestTrustManager.java
9d615f25f7576314ec6473b143b13d00ce52e805	18-Nov-2010	Brian Carlstrom <bdc@google.com>	am 57f2cc03: Test updates for Elliptic Curve * commit '57f2cc03ff2cf5d2f6413c5410680b4908d7301d': Test updates for Elliptic Curve
57f2cc03ff2cf5d2f6413c5410680b4908d7301d	05-Nov-2010	Brian Carlstrom <bdc@google.com>	Test updates for Elliptic Curve Updated with Elliptic Curve (EC) (and SunPKCS11-NSS) names for use by ProviderTest support/src/test/java/libcore/java/security/StandardNames.java Enhance test_KeyStore_cacerts_bks to verify PublicKey can be retreived. Before this the test would pass even though an ECPublicKey could not be accessed. With EC support in external/bouncycastle, this test now passes. luni/src/test/java/libcore/java/security/KeyStoreTest.java New SignatureTest to cover ECDSA, replaces the old one that required a subclass per tested algorithm. luni/src/test/java/libcore/java/security/SignatureTest.java support/src/test/java/tests/security/SignatureTest.java luni/src/test/java/tests/targets/security/SignatureTestMD5withRSA.java luni/src/test/java/tests/targets/security/SignatureTestNONEwithDSA.java luni/src/test/java/tests/targets/security/SignatureTestSHA1withDSA.java luni/src/test/java/tests/targets/security/SignatureTestSHA1withRSA.java luni/src/test/java/tests/targets/security/SignatureTestSHA256withRSA.java luni/src/test/java/tests/targets/security/SignatureTestSHA384withRSA.java luni/src/test/java/tests/targets/security/SignatureTestSHA512withRSA.java luni/src/test/java/tests/targets/security/AllTests.java Improve ProviderTest logging while debugging SunPKCS11-NSS provider issues. Added some exceptions for RI missing classes. luni/src/test/java/libcore/java/security/ProviderTest.java Changed style slightly to match KeyPairGeneratorTest, where +N is used to indicated when multiples of a increments of a certain amount are required for valid key sizes. luni/src/test/java/libcore/javax/crypto/KeyGeneratorTest.java Fix test CloseGuard issues luni/src/test/java/libcore/java/security/KeyStoreTest.java Fix readability luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java Bug: 3058375 Change-Id: I99cd93ad66372e8512d993168550cc1d471d3248 ibcore/java/security/StandardNames.java ests/security/SignatureTest.java
5fc5dde4c719c1dfdac46b67d5d2e4884d07721e	16-Nov-2010	Elliott Hughes <enh@google.com>	Improve ConcurrentCloseTest. No more flaky use of 10.* addresses. Bug: 3044772 Change-Id: I5ca8dc431b50950efdc818efe73eb9aba76ea67f ests/net/StuckServer.java
de8ebcab83d48d4edc28fced9d0a8382f1ef1436	16-Nov-2010	Brian Carlstrom <bdc@google.com>	am 8a720cce: TrustManager should include PrivateKeyEntry CAs, OpenSSLSocketImpl close fix, and debugging improvements * commit '8a720cceee7ce319d647738dfeda3f302879f370': TrustManager should include PrivateKeyEntry CAs, OpenSSLSocketImpl close fix, and debugging improvements
8a720cceee7ce319d647738dfeda3f302879f370	16-Nov-2010	Brian Carlstrom <bdc@google.com>	TrustManager should include PrivateKeyEntry CAs, OpenSSLSocketImpl close fix, and debugging improvements Revert to older behavior of creating TrustAnchors from both PrivateKeyEntry and TrustedCertificateEntry values from the KeyStore. Added tests to better ensure this slighlt different behavior from PKIXParameters. Also create the acceptedIssuers proactively since the real memory cost is the X509Certificates which are already found in the params. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java luni/src/test/java/libcore/java/security/cert/PKIXParametersTest.java Don't just free native state on issue with startHandshake, close the SSLSocket. While the former addressed a CloseGuard issue, the latter make sure that checkOpen throws SocketExceptions and we don't leak a NullPointerException from NativeCrypto. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Debugging improvements including minor refinements to recently added NativeCrypto logging, more verbose TestKeyStore.dump output, and a new TestTrustManager proxy class for logging X509TrustManager behavior. luni/src/main/native/NativeCrypto.cpp support/src/test/java/libcore/java/security/TestKeyStore.java support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java Change-Id: I317e1ca34d8e20c77e5cb9c5a5a58cb4ae98d829 ibcore/java/security/TestKeyStore.java ibcore/javax/net/ssl/TestTrustManager.java
0c7d369eb9cae44596f73cf2f044d59397abab8d	04-Nov-2010	Elliott Hughes <enh@google.com>	GZIPInputStream/GZIPOutputStream test improvements. 1. Ensure that there's a direct mapping from the class to its test, so we're more likely to run the right tests. I've broken GzipTest into two for this. 2. Include actual data rather than always round-tripping, to avoid potential symmetric errors. (This wasn't important in this case.) 3. Remove a dead file that belonged to a test that's already been removed. Bug: 3164285 Change-Id: I312237454eead26d0dbbdb8f6339aa29ed8eea4e ests/resources/GZIPInputStream/hyts_gInput.txt.gz
b4bb9aba620d8a363fb3617b25839093caf39cf4	03-Nov-2010	Brian Carlstrom <bdc@google.com>	resolved conflicts for merge of a5c608e5 to dalvik-dev Change-Id: I0319c132ec8f42782475906da267439938308e77
a5c608e59f9d574ea4bc65e9dff44aae2f34fd26	01-Nov-2010	Brian Carlstrom <bdc@google.com>	TrustManager improvements Overhaul of TrustManagerImpl - PKIXParameters can now be final in TrustManagerImpl because we always immediately create an IndexedPKIXParameters instead of only doing it in SSLParametersImpl.createDefaultTrustManager. - Use new KeyStore constructor for IndexedPKIXParameters to remove duplicate logic for creating set of TrustAnchors from a KeyStore. - Improved checkTrusted/cleanupCertChain to remove special cases for directly trusting the end cert or pruning only self signed certs. To support b/2530852, we need to stop prune the chain as soon as we find any trust anchor (using newly improved TrustManagerImpl.isTrustAnchor), which could be at the beginning, middle, or end. That means cleanupCertChain can return an empty chain if everything was trusted directly. (and we don't need to do extra checks on exception cases to see if the problem was just that the trust anchor was in the chain) - isDirectlyTrusted -> isTrustAnchor here as well, using new IndexedPKIXParameters.isTrustAnchor APIs - Fix incorrect assumption in getAcceptedIssuers that all TrustAnchor instances have non-null results for getTrustedCert. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Removed indexing in createDefaultTrustManager since we always index now luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java Overhaul of IndexedPKIXParameters - Single map from subject X500Principal to TrustAnchors instead of two different X500Principal keyed maps to check - Removed map based on encoded cert. For b/2530852, we want to treat certs as equal if they have the same name and public key, not byte-for-byte equality, which can be done with the remaining map. Revamped isDirectlyTrusted into isTrustAnchor(cert) to perform this new name/key based comparison. - Added helper isTrustAnchor(cert, anchors) to reuse code in non-IndexedPKIXParameters case in TrustManagerImpl. - Added constructor from KeyStore - Moved anchor indexing code to index() from old constructor luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java TestKeyStore.getPrivateKey allowed some existing test simplification. luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java support/src/test/java/libcore/java/security/TestKeyStore.java Added missing "fail()" before catching expected exceptions. luni/src/test/java/libcore/java/security/KeyStoreTest.java Expanded KeyManagerFactoryTest to excercise ManagerFactoryParameters b/1628001 luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java Added KeyStoreBuilderParametersTest because I thought I saw a bug in KeyStoreBuilderParameters, but this convinced me otherwise. luni/src/test/java/libcore/javax/net/ssl/KeyStoreBuilderParametersTest.java New TrustManagerFactory test modeled on expanded KeyManagerFactoryTest. test_TrustManagerFactory_intermediate specifically is targeting the new functionality of b/2530852 to handling trust anchors within the chain. luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java support/src/test/java/libcore/java/security/StandardNames.java Some initial on tests for Elliptic Curve (b/3058375) after the RI started reporting it was supported. Removed old @KnownFailure tags. Skipped a test on the RI that it can't handle. Improved some assert messages. luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java support/src/test/java/libcore/java/security/StandardNames.java support/src/test/java/libcore/java/security/TestKeyStore.java Removed unneeded bytes->javax->bytes->java case of which can just go bytes->java directly. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Removed super() luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java Made Security.secprops final luni/src/main/java/java/security/Security.java Pulled SamplingProfiler fix from dalvik-dev branch git cherry-pick --no-commit f9dc3450e8f23cab91efc9df99bb860221ac3d6c dalvik/src/main/java/dalvik/system/SamplingProfiler.java Bug: 2530852 Change-Id: I95e0c7ee6a2f66b6986b3a9da9583d1ae52f94dd ibcore/java/security/StandardNames.java ibcore/java/security/TestKeyStore.java
f8eacd8619e6e567869eb82fe14e550554af19b5	30-Oct-2010	Dan Bornstein <danfuzz@android.com>	am 9103cc15: am 47d94511: am 95d52b3b: Remove a pointless test, which just tested a test support class. * commit '9103cc15655ac1b6ec1a9f3af12f57df47ca0073': Remove a pointless test, which just tested a test support class.
9103cc15655ac1b6ec1a9f3af12f57df47ca0073	30-Oct-2010	Dan Bornstein <danfuzz@android.com>	am 47d94511: am 95d52b3b: Remove a pointless test, which just tested a test support class. * commit '47d9451154a9eed03ae5d51b384547a292cc6759': Remove a pointless test, which just tested a test support class.
95d52b3b1446af2fefd46f57efc1afb6c679e8cc	30-Oct-2010	Dan Bornstein <danfuzz@android.com>	Remove a pointless test, which just tested a test support class. Change-Id: Ifef2b25500474f7e3b18ff97e7831717f2c9b391 rg/apache/harmony/security/tests/support/cert/PolicyNodeImpl.java
8ac847a52e72f0cefbb20a6850ae04468d433a9e	28-Oct-2010	Jesse Wilson <jessewilson@google.com>	Fix broken interactions between HTTP response caches and redirects. This fixes several specific problems: - HTTP header map didn't contain the status line (under the null key) - response code, message and version weren't set by caches - caches didn't work with redirects This change also makes some significant cleanup to the Headers class. We might be able to simplify this further by dropping the map, should that prove efficient enough. Change-Id: Ib79ec17bef5978b3234f68102114eee7d4b7cda2 http://b/3139211 http://b/3139211 ests/http/MockWebServer.java
2dcd7e784e98faf21190a6431aa1dbff7212eb80	27-Oct-2010	Jesse Wilson <jessewilson@google.com>	Merge "Fix ResponseCache to support caching of HTTPS responses." into dalvik-dev
37dcf5581f177229ca6c8e7d0d640361640bfb00	27-Oct-2010	Jesse Wilson <jessewilson@google.com>	Fix ResponseCache to support caching of HTTPS responses. Previously it would fail with an internal error because of inconsistencies because HttpURLConnectionImpl claimed to be 'connected' when it had a cache hit, and HttpsURLConnection acted upon this by talking to its sockets. Change-Id: I51f4215ceb9c5fd851223a501488306fa6d382b1 http://b/3043966 ests/http/DefaultResponseCache.java
2ae03aff183962fd52a0465f60db86fa16e49c4d	27-Oct-2010	Jesse Wilson <jessewilson@google.com>	Fixing concurrency bug in CloseGuardTester. Hudson was complaining with this exception: java.util.ConcurrentModificationException at java.util.ArrayList$ArrayListIterator.next(ArrayList.java:576) at libcore.dalvik.system.CloseGuardTester.assertEverythingWasClosed(CloseGuardTester.java:59) at libcore.java.lang.ProcessBuilderTest.testDestroyDoesNotLeak(ProcessBuilderTest.java:91) Change-Id: Ie6be12186c94e14ba4d5df8a392144269abb598b ibcore/dalvik/system/CloseGuardTester.java
2353846b64570fa5932028143a0af507d41a85c5	25-Oct-2010	Jesse Wilson <jessewilson@google.com>	Close process-spawned streams when the process is destroyed. This is consistent with the RI's behavior. I can't come up with a reasonable approach to closing these streams if they are never requested; that's presumably a finalizer problem anyway because only the finalizer knows that the streams won't be needed. This change also adds test infrastructure around CloseGuard. My approach hooks into the logger rather than reflection because I can't be sure where the CloseGuard instance would be in the object hierarchy. This approach also degrades reasonably when run on the reference implementation (where it passes). Change-Id: I08e882494d69d4245e40fb1035edbc6d3df23fbc http://b/3111120 ibcore/dalvik/system/CloseGuardTester.java
a467278a3f06f88f28a5075d6a2027c12ca4fdf9	06-Oct-2010	Brian Carlstrom <bdc@google.com>	am 8a81dbf2: am 1d2861f4: am 7d38fa0f: Merge "Test updates for new SecretKeyFactory.PBKDF2WithHmacSHA1 support" into gingerbread Merge commit '8a81dbf2f44e9b6af155dc918945174f07dad7b9' into dalvik-dev * commit '8a81dbf2f44e9b6af155dc918945174f07dad7b9': Test updates for new SecretKeyFactory.PBKDF2WithHmacSHA1 support
8a81dbf2f44e9b6af155dc918945174f07dad7b9	06-Oct-2010	Brian Carlstrom <bdc@google.com>	am 1d2861f4: am 7d38fa0f: Merge "Test updates for new SecretKeyFactory.PBKDF2WithHmacSHA1 support" into gingerbread Merge commit '1d2861f436ccf4017c45ee3be2fce8dcd0d6859b' * commit '1d2861f436ccf4017c45ee3be2fce8dcd0d6859b': Test updates for new SecretKeyFactory.PBKDF2WithHmacSHA1 support
f7aab022dcbfcd8f27b409ab92b4bca4a84d0b8a	30-Sep-2010	Brian Carlstrom <bdc@google.com>	CloseGuard: finalizers for closeable objects should log complaints Introducing CloseGuard which warns when resources are implictly cleaned up by finalizers when an explicit termination method, to use the Effective Java "Issue 7: Avoid finalizers" terminology, should have been used by the caller. libcore classes that can use CloseGuard now do so. Bug: 3041575 Change-Id: I4a4e3554addaf3075c823feb0a0ff0ad1c1f6196 ibcore/javax/net/ssl/TestSSLContext.java ibcore/javax/net/ssl/TestSSLSessions.java ibcore/javax/net/ssl/TestSSLSocketPair.java
915789995fc136049c13c8b0354e2f7009b653e4	04-Oct-2010	Brian Carlstrom <bdc@google.com>	Test updates for new SecretKeyFactory.PBKDF2WithHmacSHA1 support Bug: 3059950 Change-Id: I24546cb9e38b17ea615e36de3606ec6d373df594 ibcore/java/security/StandardNames.java
ecfa0645b680e5f68e90eda5db0413ef72306d3b	04-Oct-2010	Brian Carlstrom <bdc@google.com>	am 65eee03b: am 2d9aee7a: Merge "Update TestUtils certificates to fix CertPathBuilder1Test and CertPathTest" into gingerbread Merge commit '65eee03bc90772ba766348ac4be4927959314c80' * commit '65eee03bc90772ba766348ac4be4927959314c80': Update TestUtils certificates to fix CertPathBuilder1Test and CertPathTest
52dea0ad773d902ad8402e1354afe0842dd364b5	04-Oct-2010	Brian Carlstrom <bdc@google.com>	Update TestUtils certificates to fix CertPathBuilder1Test and CertPathTest Bug: 2322662 Change-Id: I8ad9a91f4095807bd710045eef3a97a86b560f49 rg/apache/harmony/security/tests/support/cert/TestUtils.java rg/apache/harmony/testframework/serialization/SerializationTest.java
42e02ace8881e1d4e06de76e301dcb5dbf046ab4	25-Sep-2010	Jesse Wilson <jessewilson@google.com>	resolved conflicts for merge of 0c4b3205 to master Change-Id: Ie38e3b5aafd43844afec93e2c6387a81b2bc9fb2
a884f455e2ad843819c36d2607790450d47475dd	25-Sep-2010	Jesse Wilson <jessewilson@google.com>	Merge "Rely on the test runner to ensure a pristine VM." into gingerbread
6e65088f21ac5bda5d25fade13ee360c5cba3457	25-Sep-2010	Jesse Wilson <jessewilson@google.com>	Rely on the test runner to ensure a pristine VM. Change-Id: I6f5bfad6f861eb7b398ed7d86747d66cea4f2343 http://b/issue?id=2660429 ests/util/TestEnvironment.java
4904723e812b2341b6dee2e6b58c23c998146b01	24-Sep-2010	Jesse Wilson <jessewilson@google.com>	am 82e18c5a: am 53bbb2b2: am 00feece2: Strip usage of the term \'localhost\' from URLConnectionTest. Merge commit '82e18c5adf0c19c8a937cef51621ae655f7824ea' into dalvik-dev * commit '82e18c5adf0c19c8a937cef51621ae655f7824ea': Strip usage of the term 'localhost' from URLConnectionTest.
00feece22909b7dc79fc96d666d157390b93858e	24-Sep-2010	Jesse Wilson <jessewilson@google.com>	Strip usage of the term 'localhost' from URLConnectionTest. Change-Id: I8ea7923c3ea72728c7df64c13bdd6f94b91be121 http://b/3032912 ests/http/MockWebServer.java
dc5f509c458cb88eb66a744f040b8ea55cb6b2d5	20-Sep-2010	Brian Carlstrom <bdc@google.com>	am 1501cd6b: am 4e44dbbe: am a2e75c78: Update supported cipher suites list Merge commit '1501cd6b2ec1c6cc8957bc8bc4ad912900bd9903' into dalvik-dev * commit '1501cd6b2ec1c6cc8957bc8bc4ad912900bd9903': Update supported cipher suites list
a2e75c78d67795d28e86704192222c3fd8829154	19-Sep-2010	Brian Carlstrom <bdc@google.com>	Update supported cipher suites list Update list of cipher suites supported by the current RI Change-Id: Ifa2a799bd3ca40b4979fa44f5423d744e90af35c ibcore/java/security/StandardNames.java
cf7970e8a323e5203329b7f87a116cff185fef77	15-Sep-2010	Jesse Wilson <jessewilson@google.com>	am 001c38bb: am 82cc2fdb: am 8edffc91: Merge "Fix test code that hardcodes the keystore. Necessary for the host build." into gingerbread Merge commit '001c38bb783045e72695f7d3d111f1afa308bf9f' into dalvik-dev * commit '001c38bb783045e72695f7d3d111f1afa308bf9f': Fix test code that hardcodes the keystore. Necessary for the host build.
28192ac5dbb128c63d914fab324d15757fe98fda	14-Sep-2010	Jesse Wilson <jessewilson@google.com>	Fix test code that hardcodes the keystore. Necessary for the host build. Change-Id: Ie371a4bc9cd8bcb9aed169f08aba18d285e21099 ests/util/TestEnvironment.java
1538b872b4b7943e0f8d175eb3856afab8b8d9c3	24-Aug-2010	Brian Carlstrom <bdc@google.com>	am e721ac62: am a8d1672a: am 48dfb27f: Restore PBE Ciphers and SecreyKeyFactories if underlying algorithm is supported for better PKCS12 support Merge commit 'e721ac62db13847d3258928368f8d87471798e42' into dalvik-dev * commit 'e721ac62db13847d3258928368f8d87471798e42': Restore PBE Ciphers and SecreyKeyFactories if underlying algorithm is supported for better PKCS12 support
48dfb27f884ddc5ada89c5b613d11a986f50513a	24-Aug-2010	Brian Carlstrom <bdc@google.com>	Restore PBE Ciphers and SecreyKeyFactories if underlying algorithm is supported for better PKCS12 support This restores the Password Based Encryption (PBE) algorithms when we were including the underlying algorithms used (3DES, AES, DES, MD5, RC2, SHA1, SHA256) Specficially we leave out PBE definitions that include algorithms such as MD2, RIPEMD, Tiger that are not in our BouncyCastle jar. Bug: 2942581 Change-Id: Ibef31aad56fc24b4db82a43a69153553660af65d ibcore/java/security/StandardNames.java
264f1385d48c7d81772a7091efcf46939bd1b30b	23-Aug-2010	Brian Carlstrom <bdc@google.com>	am 1b878d30: am f4d21046: am ccb503dd: Merge "Updating StandardNames for recent ARCFOUR and Blowfish additions" into gingerbread Merge commit '1b878d300094f577ba062e0c3f349f6d34ca3880' into dalvik-dev * commit '1b878d300094f577ba062e0c3f349f6d34ca3880': Updating StandardNames for recent ARCFOUR and Blowfish additions
649e3c0004d965fe388ad454eeb20e307a12edd2	20-Aug-2010	Jesse Wilson <jessewilson@google.com>	Fix the exception thrown by getDeclaredFields if the class is unavailable. http://b/issue?id=2634005 Change-Id: I1ebad41a29c9527565efea539b8f2b31f117f370 ests/util/ClassLoaderBuilder.java
7fd25e8506fbe2962323d757f54628c40c1b2c46	19-Aug-2010	Brian Carlstrom <bdc@google.com>	Merge remote branch 'goog/dalvik-dev' into dalvik-dev-to-gingerbread Conflicts: luni/src/main/native/java_lang_StrictMath.cpp Change-Id: I82fcb4033fce8c7bb8d21b09f6abfa2638091af6
a0925f86988f588926c163fe1372b8b4f7e1a78d	19-Aug-2010	Brian Carlstrom <bdc@google.com>	Updating StandardNames for recent ARCFOUR and Blowfish additions Change-Id: I8c22e443b6929c41e984f0cb85480a57894b199d ava/security/StandardNames.java
4557728efb66c455a52b7669a8eefef7a9e54854	11-Aug-2010	Jesse Wilson <jessewilson@google.com>	Moving tests to be under the libcore.* package. This is indended to make it easier to run on VMs that restrict the packages from which application classes can be loaded. For example, on the RI you need to use the bootclasspath to load these tests. Change-Id: I52193f35c5fcca18b5a3e1d280505b1e29b388af ava/security/StandardNames.java ava/security/TestKeyStore.java avax/net/ssl/TestSSLContext.java avax/net/ssl/TestSSLEnginePair.java avax/net/ssl/TestSSLSessions.java avax/net/ssl/TestSSLSocketPair.java ibcore/java/security/StandardNames.java ibcore/java/security/TestKeyStore.java ibcore/javax/net/ssl/TestSSLContext.java ibcore/javax/net/ssl/TestSSLEnginePair.java ibcore/javax/net/ssl/TestSSLSessions.java ibcore/javax/net/ssl/TestSSLSocketPair.java
4559b1d37edcb5d7f1da086cf2e3290388d74f46	23-Jul-2010	Brian Carlstrom <bdc@google.com>	Support for TLS Extensions enabled SSLSockets with fallback to vanila SSL See also b/1569612 Summary: - OpenSSlSocket support for SNI, session tickets, compression - URLConnection mimics Chrome behavior of trying connection with these enabled, falling back to SSL w/o encryption on failure Details: libcore URLConnection https retry Change HttpConnection.getSecureSocket to enable non-standard features on first connection attempt. On second attempt, we back off to SSLv3 from TLSv1, mimicking Chrome's behavior. luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java Change HttpsEngine.connect to implement SSL reconnect luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/https/HttpsURLConnectionImpl.java OpenSSL SSLSocket implementation OpenSSLSocketImpl and OpenSSLServerSocketImpl now have an array of enabled compression methods interface and implementation to parallel that of procotols and ciphersuites. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java OpenSSLSessionImpl now has a cache of the native compressionMethod. Also replaced "gives" javadoc working with "returns". luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java OpenSSLSocketImpl session caching now needs to skip cached sessions with mismatched compression requirements. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java OpenSSLSocketImpl.startHandshake now uses NativeCrypto to support our non-standard extensions. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java NativeCrypto changes - Added declaration of SSL options for tickets and compression. - Added general "compression methods" interface paralleling "cipher suites" and "protocols" interfaces. - Added SSL_set_tlsext_host_name to set SNI (Server Name Indication) value - Added SSL_get_servername to read SNI (Server Name Indication) value - Added SSL_SESSION_compress_meth read negotiated compression method - SSL_new makes sure to default compression to off for compatibility luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/native/NativeCrypto.cpp Testing Added URLConnectionTest.testConnectViaHttpsWithSSLFallback to make sure we properly retry an https connection if the server terminates unexpectedly. Fixed up URLConnectionTest.testHttpsWithCustomTrustManager with new expected certificate chain. Fixed a few mistaken TestSSLContext.serverContext uses to clientContext luni/src/test/java/java/net/URLConnectionTest.java Added test_SSL_set_tlsext_host_name, test_SSL_get_servername, test_SSL_SESSION_compress_meth. Added a number of missing fail() calls in expected exception cases which caught one test with mistaken expectations. Removed some unnecessary scopes. Fixed some badly scoped catch blocks. luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Changed MockWebServer to support a new MockResponse propery of disconnectAtStart, which immediately terminates the connection support/src/test/java/tests/http/MockResponse.java support/src/test/java/tests/http/MockWebServer.java external/openssl Restore -ZLIB to OpenSSL build. Note that NativeCrypto.SSL_new disables compression by for default SSLSocket for compatibility. android-config.mk Force clean build with new CFLAGS CleanSpec.mk Change-Id: Iba6268f9096f2be43f0d30de151dd3fd0aea4a81 ests/http/MockResponse.java ests/http/MockWebServer.java
6882e31b7ce2d04ebbc91c7a55d7840e8fdce8a5	20-Jul-2010	Brian Carlstrom <bdc@google.com>	Bring SSLSocketImpl and SSLEngine in line with OpenSSLSocketImpl's cipher suites Wrote an interoperability test between our OpenSSL and SSLEngine based SSLSocket implementations. Used it to flush out problems between the implementations, which mostly were in the non-native implementation. Filling out the SSLEngine (and therefore non-native SSLSocket) support led to the list of supported and default cipher suites now being the same as out OpenSSL SSLSocket. Most of the work was making the the NULL, RC4, and AES ciphers work with SSLEngine as well as some minor bug fixes in related code. Summary: - changing test_SSLSocket_getSupportedCipherSuites_connect to try all combinations of our two SSLContext/SSLSocket implementations - fixed SSLEngine with _WITH_NULL_ CipherSuites to use javax.crypto.NullCipher - added _AES_ cipher suites to SSLEngine (and therefore Java SSLSocketImpl) - remove _DH_ cipher suites which are not supported by the RI or our OpenSSL implementation - fixed Java SSLSocket to not handshake on accept so will pass the basic SSLSocketTest - added new KeyManagerFactoryTest while testing "DH_" cipher suite key types This change depends on restoring bouncycastle's RC4 implementation (separate CL in external/bouncycastle) Details: Fixed SSLEngine with _WITH_NULL_ CipherSuites by use javax.crypto.NullCipher expectations/knownfailures.txt luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionStateSSLv3.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionStateTLS.java Previously I had changed the string name of CipherSuites from "TLS_..." to "SSL_..." where appropriate to match the RI. Since I was doing maintenance on overall list, I renamed the CODE_TLS_... and TLS_... static fields as well to match. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java Removed IDEA and RC2 CipherSuites to make it clear they are not supported. While technically this happened as a side effect of the assignment "supported = false" if the CipherSuite failed to load, we truly intend not to support these. Also removed SSH_DH_* suites which don't work with DSA keys and aren't supported by the RI or our OpenSSL implementation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java Old connection state code assumed that if a cipher was blocked, the block size was 8 bytes. This is not true for the 16 byte AES ciphers. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionState.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionStateSSLv3.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionStateTLS.java No wonder our OpenSSL implementation incorrect did a startHandshake when accepting the socket... it got it from the Java implementation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketImpl.java Test for KeyManagerFactory (and KeyManager). TestKeyStore now creates KeyManagers and TrustManagers from the keystore as a convenience for KeyManagerFactoryTest (instead of having the code in the TestSSLContext where we didn't keep a pointer to the created values). luni/src/test/java/javax/net/ssl/KeyManagerFactoryTest.java support/src/test/java/java/security/StandardNames.java support/src/test/java/java/security/TestKeyStore.java support/src/test/java/javax/net/ssl/TestSSLContext.java Remove CIPHER_SUITES_SSLENGINE now that its the same as CIPHER_SUITES luni/src/test/java/javax/net/ssl/SSLEngineTest.java support/src/test/java/java/security/StandardNames.java test_SSLSocket_getSupportedCipherSuites_connect now does interoperability testing not just between the default SSLContext's SSLSockets but between the four combinations of our two SSLContext. It also now sends some test data bi-directionally between the client and server. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Changed TestSSLContext.create to allow a different Provider for the client and server SSLContexts. luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java support/src/test/java/javax/net/ssl/TestSSLContext.java RC4 is now available in bouncycastle for the non-OpenSSL SSLContext to use for parity with the OpenSSL implementation. support/src/test/java/java/security/StandardNames.java Changed TestSSLSocketPair to use Futures like NativeCryptoTest so its easier to choose between client and server errors while debuging. support/src/test/java/javax/net/ssl/TestSSLSocketPair.java Removed bogus import luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Change-Id: I080c0343a3f86f27b7c191a7b80b585b9ca52d93 ava/security/StandardNames.java ava/security/TestKeyStore.java avax/net/ssl/TestSSLContext.java avax/net/ssl/TestSSLSocketPair.java
e3a187163504f00c98bd75cbd8bcbdde123ae2cd	14-Jul-2010	Brian Carlstrom <bdc@google.com>	Fix PKCS12 and BKS KeyStore as well as SSL renegotiation Summary: - Added KeyStoreTest and fixed PKCS and BKS keystores to be fully functional - KeyStore and KeyStoreImpl improvements in libcore and bouncycastle for more RI-like behavior - SSL Renegotiation fix for new implementation Details: external/bouncycastle TwoFish added back for BKS KeyStore. Like RC2, it not supported as a general cipher, but instead used internally for KeyStore implementation. src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java bouncycastle.config Added back PBEWITHSHAANDTWOFISH, PBEWITHSHAANDTWOFISH-CBC, PBEWITHSHA1ANDRC2-CBC, PBEWITHHMACSHA, PBEWITHHMACSHA1 to support PKCS12 and BKS KeyStore implementations (as determined by new KeyStoreTest) src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java src/main/java/org/bouncycastle/jce/provider/JCEMac.java src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java Don't throw an error when deleting a non-existing KeyStore entry. The RI documentation (and behavior) says it throws an error when it fails to remove an entry, not when the entry does not exist. src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Try to make BC's PKCS KeyStore have a more RI-like getCreationDate behavior src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Make BC's PKCS KeyStore failfast on setting non-supported key, instead of failing later on get. src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Make BC's PKCS KeyStore handle setting a PrivateKey with an emtpy chain. src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Add more general avoidance of NullPointerExceptions on null aliases src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Added notes about changes improvements patches/README Regenerated patch with above changes patches/android.patch libcore KeyStore improvements based on KeyStoreTest - Fix UnrecoverableKeyException to be a subclass of UnrecoverableEntryException, which was keeping the new KeyStoreTest from compiling. luni/src/main/java/java/security/UnrecoverableKeyException.java - Fix to not convert UnrecoverableKeyException to KeyStoreException, which was only being done because of the UnrecoverableKeyException superclass bug. luni/src/main/java/java/security/KeyStoreSpi.java - Harmony KeyStore was being overly aggresive about throwing on null alias arguments in cases where the RI was happy to pass them to the KeyStoreSpi. luni/src/main/java/java/security/KeyStore.java - New test after PKCS12 regresion. It enumerates and excercises all methods on all available KeyStore implementations. Unfortunately, the main varieties of KeyStores made this a lot more complicated than I was originally expecting. It does clarifiy the differences between the RI and BC KeyStore implementations, especially for PKCS12, where in some ways the RI is more feature complete (setting key via byte[]), but in other ways BC goes beyond some RI limitations (allowing storage of certificates). luni/src/test/java/java/security/KeyStoreTest.java TestKeyStore improvements while writing KeyStoreTest - Renamed "keyStorePassword" working usages to clarify if it really means the "storePassword" on the whole KeyStore, or if it is a "keyPassword" on individual keys. - Moved TestKeyStore from javax.net.ssl to java.security luni/src/test/java/javax/net/ssl/SSLContextTest.java luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/SSLSessionTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java support/src/test/java/java/security/StandardNames.java support/src/test/java/java/security/TestKeyStore.java support/src/test/java/javax/net/ssl/TestKeyStore.java support/src/test/java/javax/net/ssl/TestSSLContext.java Fixing up SSL renegotiation support. Now that we are not trying to prevent renegotiation, make sure it is working correctly. - Remove SSL_VERIFY_CLIENT_ONCE to take the default behavior of re-requesting client certificate on renegotiation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java - Updated comments to reflect renegotiation. Bug fix to not clear out callback reference on handshake complete, since we need it for renegotiation. luni/src/main/native/NativeCrypto.cpp Updated for PKCS12 KeyStore support support/src/test/java/java/security/StandardNames.java Added javadoc when writint KeyStoreTest luni/src/test/java/java/security/ProviderTest.java frameworks/base Tracking changes to UnrecoverableKeyException superclass api/8.xml api/current.xml Change-Id: I6349dbfc02896417595b52e364ade8000b567615 ava/security/StandardNames.java ava/security/TestKeyStore.java avax/net/ssl/TestKeyStore.java avax/net/ssl/TestSSLContext.java
059dbc04218144f985b20a228bbe98139d400d0c	08-Jul-2010	Brian Carlstrom <bdc@google.com>	Improved client certificate and certificate chain support Summary: - openssl: add openssl support for specifying per key certificate chains - libcore: properly implement client certificate request call back - libcore: properly implement sending certificate chain - libcore: properly implement retreiving local certificate chain - libcore: added an SSLContext for non-OpenSSL SSLSocket creation Details: external/openssl Improve patch generate support by applying all other patches to baseline to remove cross polluting other patch changes into target patch. Move cleanup of ./Configure output to import script from openssl.config. import_openssl.sh openssl.config Adding SSL_use_certificate_chain and SSL_get_certificate_chain to continue to finish most of remaining JSSE issues. include/openssl/ssl.h ssl/s3_both.c ssl/ssl.h ssl/ssl_locl.h ssl/ssl_rsa.c Updated patch (and list of input files to patch) patches/jsse.patch openssl.config libcore Restoring SSLContextImpl as provider of non-OpenSSL SSLSocketImpl instances for interoperability testing. OpenSSLContextImpl is the new subclass that provides OpenSSLSocketImpl. JSSEProvider provides the old style SSLContexts, OpenSSLProvider provides the OpenSSL SSLContext, which includes the "default" context. Changed to register SSLContexts without aliases to match the RI. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLProvider.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Native interface updates to support OpenSSLSocketImpl improvements - KEY_TYPES now expanded based on what we are being provided by OpenSSL. keyType function now maps key type values received from clientCertificateRequested callback. - Removed remaining uses of string PEM encoding, now using ASN1 DER consistently Includes SSL_SESSION_get_peer_cert_chain, verifyCertificateChain - Fixed clientCertificateRequested to properly include all key types supported by server, not just the one from the cipher suite. We also now properly include the list of supported CAs to help the client select a certificate to use. - Fixed NativeCrypto.SSL_use_certificate implementation to use new SSL_use_certificate_chain function from openssl to pass chain to OpenSSL. - Added error handling of all uses of sk_*_push which can fail due to out of memory - Fixed compile warning due to missing JNI_TRACE argument luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/native/NativeCrypto.cpp luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Pass this into chooseServerAlias call as well in significantly revamped choseClientAlias luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Minor code cleanup while reviewing diff between checkClientTrusted and checkServerTrusted luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Improvements to SSL test support to go along with client certificate and certificate chain changes. TestSSLContext now has separate contexts for the client and server (as well as seperate key stores information). TestKeyStore now is more realistic by default, creating a CA, intermediate CA, and separate client and server certificates, as well as a client keystore that simply contains the CA and no certificates. support/src/test/java/javax/net/ssl/TestKeyStore.java support/src/test/java/javax/net/ssl/TestSSLContext.java Tests tracking API changes. Tests involving cert chains now now updated to use TestKeyStore.assertChainLength to avoid hardwiring expected chain length in tests. These tests also now use TestSSLContext.assertClientCertificateChain to validate that the chain is properly constructed and trusted by a trust manager. luni/src/test/java/java/net/URLConnectionTest.java luni/src/test/java/javax/net/ssl/SSLContextTest.java luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java luni/src/test/java/javax/net/ssl/SSLSessionTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java support/src/test/java/java/security/StandardNames.java support/src/test/java/javax/net/ssl/TestSSLEnginePair.java support/src/test/java/javax/net/ssl/TestSSLSocketPair.java frameworks/base Tracking change of SSLContextImpl to OpenSSLContextImpl core/java/android/net/SSLCertificateSocketFactory.java core/java/android/net/http/HttpsConnection.java tests/CoreTests/android/core/SSLPerformanceTest.java tests/CoreTests/android/core/SSLSocketTest.java Tracking changes to TestSSLContext core/tests/coretests/src/android/net/http/HttpsThroughHttpProxyTest.java Change-Id: Ie35ebce89966dfce62c316f7fe7252bf06935680 ava/security/StandardNames.java avax/net/ssl/TestKeyStore.java avax/net/ssl/TestSSLContext.java avax/net/ssl/TestSSLEnginePair.java avax/net/ssl/TestSSLSocketPair.java
b7eec62f6db198a76b67d7915b03e59189c6df4f	02-Jul-2010	Brian Carlstrom <bdc@google.com>	TestKeyStore only use RSA by default & fixing SSLEngine client auth with DSA client and RSA server Summary: Goal here was to just make most tests faster by only having TestKeyStore create RSA keys by default. However, when I did that SSLEngineTest#test_SSLEngine_clientAuth started working, so I ended up investigating a much deeper issue with DSA client authentication against an RSA SSLEngine server. Details: Changed the TestKeyStore.get singleton to only contain RSA keys. TestKeyStore.create now requires the caller enumerate what keys they want if they need more than that or an alternative. support/src/test/java/javax/net/ssl/TestKeyStore.java Changed test_SSLSocket_getSupportedCipherSuites_connect to explicitly request RSA and DSA keys since it needs both to try connecting all possible cipher suites. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Fixing SSLEngine client authentication when server uses RSA but client uses DSA Fixed java.net.ssl.SSLEngineTest#test_SSLEngine_clientAuth expectations/knownfailures.txt Added CiperSuite.authType field which contains the algorithm name such as RSA, DSA, DH, that the client will use to authenticate the server. Like the cipherName, hmacName, and hashName, this is logically derivable from the the CiperSuite.KEY_EXCHANGE_*, but we remember it to avoid repeatedly doing large cascading "if" tests to determine which key algorithm should be used for each case. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java Fixed a number of client certificate authentication bugs in SSLEngine - Changed ClientHandshakeImpl's in the SSL/Tls Certificate message code to mirror ServerHandshakeImpl's implementation to properly use chooseEngineClientAlias in the SSLEngine case. - Changed to use the client certifcates key algorithm for computing the signature for the SSL/TLS CertificateVerify message. Previously we used the cipher suites negoitated key exchange method, but if the client may select a certificate with a different algorithm if the server provides a CA for another algorithm. - Also changed to use CipherSuite.isAnonymous in two places rather than the inlined equivalent. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java Fixed client authentication to use the client's certificate (not the server's) to do verify the CertificateVerify message signature. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java Fixed bug in DigitalSignature which did not Signature.update in verifySignature, so it could never have properly authenticated DSA signatures. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java Added CertificateMessage getAuthType convenience luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateMessage.java Made CertificateRequest certificate_authorities final, found we were double allocating it luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java Cleaning up imports of HandshakeProtocol while working on its subclasses. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java Cleaned up while looking at X509KeyManager implementations while debugging. support/src/test/java/org/apache/harmony/xnet/tests/support/X509KeyManagerImpl.java Change-Id: I74b98754c11000cbfea416f1571c380c9c67abf3 avax/net/ssl/TestKeyStore.java rg/apache/harmony/xnet/tests/support/X509KeyManagerImpl.java
096aac7b8a607d3da237900f52cab1c5066bf992	01-Jul-2010	Jesse Wilson <jessewilson@google.com>	Buffering the decoding of chunked encoding and HTTP headers. Also cleanup of HttpConfiguration (renamed HttpConnection.Address), including removing some dead code. Also adding performance-run support to MockWebServer to permit benchmarking. I benchmarked different buffer sizes, and a buffer as small as 16 bytes halved the runtime on some HTTP requests. Ultimately I chose a 128 byte buffer, since that's the point of diminishing returns. The following report shows benchmark results for 5 different buffer sizes. Notice how our previous unbuffered behaviour was particularly inefficient. bodySize transferEncoding responseHeaders bufferSize ms logarithmic runtime 0 FIXED_LENGTH MINIMAL 0 5.44 = 0 FIXED_LENGTH MINIMAL 16 5.17 = 0 FIXED_LENGTH MINIMAL 128 5.06 = 0 FIXED_LENGTH MINIMAL 512 5.19 = 0 FIXED_LENGTH MINIMAL 1024 5.27 = 0 FIXED_LENGTH TYPICAL 0 14.61 =========== 0 FIXED_LENGTH TYPICAL 16 7.35 ==== 0 FIXED_LENGTH TYPICAL 128 6.48 === 0 FIXED_LENGTH TYPICAL 512 6.97 ==== 0 FIXED_LENGTH TYPICAL 1024 6.92 ==== 0 CHUNKED MINIMAL 0 5.72 == 0 CHUNKED MINIMAL 16 5.26 = 0 CHUNKED MINIMAL 128 5.27 = 0 CHUNKED MINIMAL 512 5.16 = 0 CHUNKED MINIMAL 1024 5.31 = 0 CHUNKED TYPICAL 0 14.81 =========== 0 CHUNKED TYPICAL 16 7.30 ==== 0 CHUNKED TYPICAL 128 6.62 === 0 CHUNKED TYPICAL 512 6.51 === 0 CHUNKED TYPICAL 1024 6.50 === 1024 FIXED_LENGTH MINIMAL 0 5.47 = 1024 FIXED_LENGTH MINIMAL 16 5.40 = 1024 FIXED_LENGTH MINIMAL 128 5.43 = 1024 FIXED_LENGTH MINIMAL 512 5.40 = 1024 FIXED_LENGTH MINIMAL 1024 5.37 = 1024 FIXED_LENGTH TYPICAL 0 14.83 =========== 1024 FIXED_LENGTH TYPICAL 16 7.42 ==== 1024 FIXED_LENGTH TYPICAL 128 6.50 === 1024 FIXED_LENGTH TYPICAL 512 6.50 === 1024 FIXED_LENGTH TYPICAL 1024 6.51 === 1024 CHUNKED MINIMAL 0 6.12 == 1024 CHUNKED MINIMAL 16 5.51 = 1024 CHUNKED MINIMAL 128 5.55 = 1024 CHUNKED MINIMAL 512 5.60 == 1024 CHUNKED MINIMAL 1024 5.50 = 1024 CHUNKED TYPICAL 0 15.00 =========== 1024 CHUNKED TYPICAL 16 7.56 ===== 1024 CHUNKED TYPICAL 128 6.86 ==== 1024 CHUNKED TYPICAL 512 6.73 === 1024 CHUNKED TYPICAL 1024 6.60 === 1048576 FIXED_LENGTH MINIMAL 0 25.27 ================= 1048576 FIXED_LENGTH MINIMAL 16 25.36 ================= 1048576 FIXED_LENGTH MINIMAL 128 25.86 ================= 1048576 FIXED_LENGTH MINIMAL 512 25.25 ================= 1048576 FIXED_LENGTH MINIMAL 1024 32.51 =================== 1048576 FIXED_LENGTH TYPICAL 0 36.65 ===================== 1048576 FIXED_LENGTH TYPICAL 16 27.43 ================== 1048576 FIXED_LENGTH TYPICAL 128 26.88 ================= 1048576 FIXED_LENGTH TYPICAL 512 26.94 ================= 1048576 FIXED_LENGTH TYPICAL 1024 33.13 ==================== 1048576 CHUNKED MINIMAL 0 77.02 ============================ 1048576 CHUNKED MINIMAL 16 51.32 ======================== 1048576 CHUNKED MINIMAL 128 50.98 ======================== 1048576 CHUNKED MINIMAL 512 51.82 ======================== 1048576 CHUNKED MINIMAL 1024 50.40 ======================== 1048576 CHUNKED TYPICAL 0 88.99 ============================== 1048576 CHUNKED TYPICAL 16 53.94 ======================== 1048576 CHUNKED TYPICAL 128 53.03 ======================== 1048576 CHUNKED TYPICAL 512 52.14 ======================== 1048576 CHUNKED TYPICAL 1024 50.90 ======================== Benchmark source code is here: http://code.google.com/p/dalvik/source/browse/trunk/benchmarks/regression/URLConnectionBenchmark.java Change-Id: Ie3e754ab8497e6200f8b6e7f9c63c40a7d4784e2 ests/http/MockWebServer.java
38570b4b80f066bed09944d85c5062c9935cb975	01-Jul-2010	Brian Carlstrom <bdc@google.com>	Trim BouncyCastle *-OpenSSL algorithms These were not previously removed because they were believed to be part of Android OpenSSL native implementation. Change-Id: I6dd5eb22c5758f5337dae66669104ea6aa7b4234 ava/security/StandardNames.java
51e468abf2628ce964d3657042f3ac8f2c947504	26-Jun-2010	Jesse Wilson <jessewilson@google.com>	Fixing response cache and connection reuse for HTTP client. The code splits our HTTP input streams into four (!) inner classes. The base class takes care of ensuring split() and single byte reads get cached and call disconnect() as necessary. Our code closes the cache when the stream is exhausted; this is different from the RI which closes it when in.close() is called. When a fixed length input stream of length 0 is received, we cache it immediately. This has behavior consequences for CONNECT, which needs the otherwise-recyclable connection to stick around. This adds explicit shutdown capabilities to MockWebServer. This is necessary now that we don't guarantee all enqueued responses will be requested. We still need test coverage for malformed chunk sizes. Change-Id: Iaf866af4fc1d76faea559df267a4bde6fdfa1d83 ests/http/DefaultResponseCache.java ests/http/MockResponse.java ests/http/MockWebServer.java
12cd1f00c2fa1a7f37bf644cecdf7588bdc0b0a9	23-Jun-2010	Brian Carlstrom <bdc@google.com>	Remove libcore's dependency on bouncycastle external/bouncycastle - Change to be the primary build for bouncycastle sources (as opposed to part of libcore) - Moved OpenSSLMessageDigest from libcore to OpenSSLDigest It uses NativeCrypto API from core, but implements a bouncycastle specific interface - restored registration of bouncycastle MessageDigests for SHA-1, SHA-256, MD5 OpenSSLProvider versions take precedence, but explicit provider of "BC" allows choice - enabled native versions of SHA-384 and SHA-512 - pruned MD4 implementation frameworks/base - frameworks and CoreTests modules now depend on bouncycastle - update preloades classes for NativeBN package change - moved CryptoTest to libcore libcore - core now builds without bouncycastle sources - core-tests, core-tests-support, core-tests-supportlib now depend on bouncycastle - removed libcore/openssl directory, moving NativeBN to java/math - minor cleanup of Provider, Security, Services style while working on ProviderTest - added new OpenSSLProvider registered as first provider to have priority over the others to ensure our native implementations are used - moved BouncyCastle to have priority as a provider over Harmony - JarVerifier and JarUtils now implicitly use OpenSSLMessageDigest - Cleanedup OpenSSLSignature, implementation needs to be finished to move to OpenSSLProvider - To avoid using PEMWriter from BouncyCastle, NativeCrypto now takes binary encoded certs and keys This is more efficient as well avoiding the base64 decode/encode of the binary data - removed SHA-224 to match the RI packages/apps/CertInstaller - CertificateInstaller module now depends on bouncycastle this is the only app to depend on bouncycastle system/core - updated BOOTCLASSPATH Change-Id: I6205366b12baec4331b4a76e2c85d8324bf64b2c ava/security/StandardNames.java
f979bbd1277c77ca945ad981e7864fb4e9f6ae05	25-Jun-2010	Jesse Wilson <jessewilson@google.com>	Scrubbing tests marked @BrokenTest. This rearranges the security test support infrastructure. We no longer rely on many top-level classes defined in CipherHelper.java to provide test support. Instead these each have their own top level class in our test support package: support/src/test/java/tests/security. Similarly for abstract classes intended to be subclassed by cipher-specific tests. Other test methods that were duplicated in Harmony have been removed. We need to pay closer attention to Harmony failures because they are now our only source of coverage for some of these tests. Change-Id: I1a1ca8a046bc9b6a33d5fa3f55fecc0d39f72c16 ests/security/AlgorithmParameterAsymmetricHelper.java ests/security/AlgorithmParameterGeneratorTest.java ests/security/AlgorithmParameterKeyAgreementHelper.java ests/security/AlgorithmParameterSignatureHelper.java ests/security/AlgorithmParameterSymmetricHelper.java ests/security/AlgorithmParametersTest.java ests/security/CipherAsymmetricCryptHelper.java ests/security/CipherHelper.java ests/security/CipherSymmetricCryptHelper.java ests/security/DefaultKeys.java ests/security/KeyAgreementHelper.java ests/security/KeyFactoryTest.java ests/security/KeyPairGeneratorTest.java ests/security/MessageDigestTest.java ests/security/SignatureHelper.java ests/security/SignatureTest.java ests/security/TestHelper.java
17baca0a1628322f512b2a91486d8f454b722ac2	22-Jun-2010	Jesse Wilson <jessewilson@google.com>	Deduplicating failed tests in org.apache.harmony.luni.tests.java.lang. Some tests were copied from Harmony and fixed in Dalvik. I've applied fixes in our SVN copy of Harmony and removed the duplicate copies here. Also improving error reporting for missing resource files. Some of our serialization tests were failing due to missing files; the corresponding Harmony tests succeed. Change-Id: I73872b03674f8731ff237f575dcda66f9d53c06a ests/support/resource/Support_Resources.java
9a106a63508697a6f5f02c20b7cc6b7c6152695f	21-Jun-2010	Brian Carlstrom <bdc@google.com>	Move StandardNames from javax.net.ssl package to the more appropriate java.security Change-Id: I7ef73ae164fa001f279e8229b4869e72fd5a3a7d ava/security/StandardNames.java avax/net/ssl/StandardNames.java avax/net/ssl/TestSSLContext.java
f3abdd4561d269d0a9f9c4346f231c72f7db0a07	21-Jun-2010	Brian Carlstrom <bdc@google.com>	Updating StandardNames for updated bouncycastle that is closer to the RI Change-Id: I684a4c99ab70855d7bf86c1825bdede6b2727d39 avax/net/ssl/StandardNames.java
767061d064e8b6a3566a6a7dac974ef873f92bbd	18-Jun-2010	Jesse Wilson <jessewilson@google.com>	Merge "Implementing ZoneInfo.hasSameRules()." into dalvik-dev
e32b21f14d52bac429a9c54fe031f9e92c911d64	18-Jun-2010	Jesse Wilson <jessewilson@google.com>	Implementing ZoneInfo.hasSameRules(). Moving TimeZoneTest to OldTimeZoneTest and removing test methods that are duplicated between libcore and Harmony. Also adding Objects.equals() to make implementing this easy, and removing redundant time zone tests. I did a few searches to find candidate code that could take advantage of this new utility method and adopted it there. Change-Id: I133298f1b36d755bd35c1ad0dc0ab366fd164270 rg/apache/harmony/testframework/serialization/SerializationTest.java
88404afd0c510524045e3724aaae5825b4372f8f	18-Jun-2010	Brian Carlstrom <bdc@google.com>	Remove targets.* Change-Id: I9b795477fb1f64f613c2d7cc48476284702fd429 argets/AlgorithmParameterGenerators.java argets/AlgorithmParameters.java argets/CertPathBuilders.java argets/CertPathValidators.java argets/CertificateFactories.java argets/Charsets.java argets/Cipher.java argets/KeyAgreement.java argets/KeyFactories.java argets/KeyGenerator.java argets/KeyPairGenerators.java argets/KeyStores.java argets/Mac.java argets/MessageDigests.java argets/SecretKeyFactory.java argets/SecureRandoms.java argets/Signatures.java
8bdd385d39da5d53ca540bbfb159161e68cb6eb3	18-Jun-2010	Brian Carlstrom <bdc@google.com>	Add ProviderTest to verify expected algorithms from register Providers This works on RI 6 but fails on with our version of BouncyCastle derived from 1.34 because of the one missing class org.bouncycastle.jce.provider.JCEMac$ISO9797_DES It is still useful because it fixes the list of algorithms in StandardNames to make sure we don't unintentionally add or remove algorithms when we upgrade to BouncyCastle 1.45. Change-Id: I51e42a59505797d823004a798413ee2299bd163f avax/net/ssl/StandardNames.java
c8977f474b30c5f3807398859a6b16687af6fc7b	15-Jun-2010	Jesse Wilson <jessewilson@google.com>	Fixing various problems with HTTPS proxies thru HTTP. - reading extra bytes from the server depending on available() - not sending the port with the proxy request - returning a read-til-the-end stream instead of a read-0-bytes-stream on CONNECT requests - fixing MockWebServer to omit the unnecessary \r\n after the response body - tests no longer mask the issue by unambiguously reading characters. Trailing newlines aren't discarded! - New tests when content-length and content disagree. The RI fails the test when the transfer-encoding is not chunked. Change-Id: I888569844d323bc770cd5bb95ac71c740dd5e720 ests/http/MockResponse.java ests/http/MockWebServer.java
60476787f0e0f052366d8031c74e507ffd3d16a3	12-Jun-2010	Jesse Wilson <jessewilson@google.com>	Adding testcases for HttpsURLConnection and through a proxy. One failure is here: http://b/issue?id=2761326 Change-Id: If1918a2e59bd4335e38ce3ec4214dfccd24ee798 ests/http/MockWebServer.java
706d53593cd8841d378dbe298a8d1940db1e71df	09-Jun-2010	Jesse Wilson <jessewilson@google.com>	Adding HTTPS and proxy support to our mock webserver. Also exposing core-tests-support for use by tests in frameworks/base. I'm not particularly happy about this, but it seems to be the best way to share test support code between the two build targets. Change-Id: I5e8dcac90fc5d9be791e46c2606498978212108e ests/http/MockResponse.java ests/http/MockWebServer.java
0c131a2ca38465b7d1df4eaee63ac73ce4d5986d	21-May-2010	Brian Carlstrom <bdc@google.com>	RI 6 support for javax.net.ssl Summary: - RI 6 support for javax.net.ssl - SSLEngine fixes based on new SSLEngineTest - fix Cipher.checkMode bug recently introduced in dalvik-dev Details: Fix Cipher.checkMode that was preventing most javax.net.ssl tests from working luni/src/main/java/javax/crypto/Cipher.java RI 6 has introduced the concept of a "Default" SSLContext. This is accessed via SSLContext.getDefault() and also SSLContext.getInstance("Default"). Harmony had its own DefaultSSLContext but it was not created via an SSLContextSpi. It also was a single shared instance whereas the new RI6 Default SSLContext shares internal SSLSessionContext instances between different Default SSLContexts. Refactored the old code into an SSLContextImpl subclass that allows it to be created via SSLContext.getInstance. SSLContextImpl ensures that we only ever create one set of SSLSessionContext instances for the Default context. luni/src/main/java/javax/net/ssl/DefaultSSLContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Added SSLContext.getDefault and SSLContext.setDefault luni/src/main/java/javax/net/ssl/SSLContext.java Replace dependencies of old DefaultSSLContext with use of SSLContext.getDefault luni/src/main/java/javax/net/ssl/SSLServerSocketFactory.java luni/src/main/java/javax/net/ssl/SSLSocketFactory.java Register "SSLContext.Default" as DefaultSSLContextImpl class for SSLContext.getInstance() luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java Added constant for new "Default" standard name and added it to SSL_CONTEXT_PROTOCOLS. New tests based on SSL_CONTEXT_PROTOCOLS made it clear that neither Android or RI support SSLv2 so removed it from SSL_CONTEXT_PROTOCOLS and SSL_SOCKET_PROTOCOLS. Added constant for TLS as well which was previously scattered all over tests. Remove SSLv2Hello from SSL_SOCKET_PROTOCOLS for Android since with OpenSSL disablign SSLv2 means you can not use SSLv2Hello either. support/src/test/java/javax/net/ssl/StandardNames.java Added tests for SSLContext.getDefault and SSLContext.setDefault. Changed existing tests to work on all protocols including new "Default". luni/src/test/java/javax/net/ssl/SSLContextTest.java RI 6 has introduced the notion of SSLParameters which encapsulate SSL the handshake parameters of desired cipher suites, protocols, and client authentication requirements. The main new class SSLParameters is basically just a bag of fields with accessors and a couple simple constructors. The only things of note are that it clones all String arrays on input and output and the setters for the two boolean fields ensure that only one is true at a time. luni/src/main/java/javax/net/ssl/SSLParameters.java Added SSLContext.getDefaultSSLParameters and SSLContext.getSupportedSSLParameters which simply delegate to the SSLContextSpi. luni/src/main/java/javax/net/ssl/SSLContext.java Added abstract SSLContextSpi.engineGetDefaultSSLParameters and SSLContext.engineGetSupportedSSLParameters. luni/src/main/java/javax/net/ssl/SSLContextSpi.java Added engineGetDefaultSSLParameters and engineGetSupportedSSLParameters implementation. The RI documents in SSLContextSpi that these are implemented by default by creating a socket via the SSLContext's SocketFactory and asking for the enabled/supported cipher suites and protocols respectively, so that is what is done. The doc mentions throwing UnsupportedOperationException if there is a problem, so we do that as well. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Added {SSLEngine,SSLSocket}.{getSSLParameters,setSSLParameters} which are analogous. luni/src/main/java/javax/net/ssl/SSLEngine.java luni/src/main/java/javax/net/ssl/SSLSocket.java Added SSLParametersTest luni/src/test/java/javax/net/ssl/SSLParametersTest.java luni/src/test/java/javax/net/ssl/AllTests.java Added SSLContext.get{Default,Supported}SSLParameters tests luni/src/test/java/javax/net/ssl/SSLContextTest.java Added SSLSocket.{getSSLParameters,setSSLParameters} tests and added some extra asserts to test_SSLSocketPair_create based on experience with test_SSLEnginePair_create. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Dummy implementation of new SSLContextSpi for test classes. support/src/test/java/org/apache/harmony/security/tests/support/MySSLContextSpi.java support/src/test/java/org/apache/harmony/xnet/tests/support/MySSLContextSpi.java Other minor RI 6 API changes: RI 6 removed Serializable from HandshakeCompletedEvent and SSLSessionBindingEvent luni/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java luni/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java RI 6 added generic types to the KeyStoreBuilderParameters List constructor and accessor as well as to SSLSessionContext.getIds. Fixed tests to compile with generic types. luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java luni/src/main/java/javax/net/ssl/SSLSessionContext.java luni/src/test/java/tests/api/javax/net/ssl/KeyStoreBuilderParametersTest.java SSLEngine improvements. Since I was changing SSLEngine, I wrote an SSLEngineTest based on my SSLSocketTest to do some simply sanity checking. It expose a number of issues. I've fixed the small ones, marked the rest as known failures. Renamed some TLS_ cipher suites to SSL_ to match JSSE standard names. These were all old suites no longer supported by RI or OpenSSL which is why they were missed in an earlier cleanup of this type in this class. Also fixed SSLEngine supported cipher suites list not to include SSL_NULL_WITH_NULL_NULL which is not a valid suite to negotiate. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java SSLEngine instances can have null host values, which caused a NullPointerException in the ClientSessionContext implementation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java SSLEngine tests were failing because SSLParameters was throwing NullPointerException instead of IllegalArgument exception on null element values. Fixed null pointer message style while I was here. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java Fixed SSLEngine instances to default to server mode like RI luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Fixed KEY_TYPES based on SSLEngine implementation. Removed dead code NativeCrypto.getEnabledProtocols which was recently made obsolete. Cleaned up null exception messages to follow our convention. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java Added SSLEngineTest which parallels SSLSocketTest in its coverage. Similarly added TestSSLEnginePair which loosely parallels TestSSLSocketPair. luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/AllTests.java support/src/test/java/javax/net/ssl/TestSSLEnginePair.java SSLEngineTest betters exposed the differences between SSLSocket and SSLEngine supported cipher suites. StandardNames now has an CIPHER_SUITES_SSLENGINE definition which denotes what is missing and what is extra and why in the SSLEngine implementation. support/src/test/java/javax/net/ssl/StandardNames.java Created StandardNames.assert{Valid,Supported}{CipherSuites,Protocols} to factor out some code test code that is also used by new tests. support/src/test/java/javax/net/ssl/StandardNames.java luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java Remove SSLSocketTest known failure and add new SSLEngineTest known failures expectations/knownfailures.txt SSL_OP_NO_TICKET change was recently merged from master which required some fixes. For the moment, sslServerSocketSupportsSessionTickets always returns false. support/src/test/java/javax/net/ssl/TestSSLContext.java Fixed flakey test_SSLSocket_HandshakeCompletedListener which had a race because the client thread look in the server session context for an session by id potentially before the server thread had a chance to store its session. Made noticable because of SSL_OP_NO_TICKET recently merged from master (before this code path was host only, not device) luni/src/test/java/javax/net/ssl/SSLSocketTest.java Fix checkjni issue where we need to check for pending exception in OpenSSL callback. Possibly introduced by recent merge of SSL_OP_NO_TICKET from master. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Expectation updates Remove SSLSocketTest known failure and add new SSLEngineTest known failures expectations/knownfailures.txt Tag test_SSLSocket_getSupportedCipherSuites_connect as large expectations/taggedtests.txt Misc changes: opening brace on wrong line luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java Long line cleanup while debugging luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketFactoryImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketFactoryImpl.java support/src/test/java/javax/net/ssl/TestKeyStore.java Removed bogus import luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java Comment clarify while debugging luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Ctor -> Constructor in comment luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLEngineImpl.java Fixed naming of SocketTest_Test_create to TestSocketPair_Create to match renamed classes luni/src/test/java/javax/net/ssl/SSLSocketTest.java Change-Id: I99505e97d6047eeabe4a0b93202075a0b2d486ec avax/net/ssl/StandardNames.java avax/net/ssl/TestKeyStore.java avax/net/ssl/TestSSLContext.java avax/net/ssl/TestSSLEnginePair.java rg/apache/harmony/security/tests/support/MySSLContextSpi.java rg/apache/harmony/xnet/tests/support/MySSLContextSpi.java
aacf6f9741dea0f12fbff5e7696e53f251177280	20-May-2010	Brian Carlstrom <bdc@google.com>	Enable Diffie-Hellman cipher suites Enable Diffie-Hellman cipher suites in NativeCrypto (and in StandardNames to match for testing). This means we now have the same default cipher suite list as RI 5. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java support/src/test/java/javax/net/ssl/StandardNames.java Enabling DH made it obvious that the RI check for enable cipher suites on SSLServerSocket.accept was not as stringent as first thought. Apparently they don't care if all enabled cipher suites have certificates/keys, just that at least one of them will work, even if its anonymous. Factored out the logic to check this into checkEnabledCipherSuites for clarity along with the supporting checkForPrivateKey. Also only check if the socket is in server mode, since its fine to have nothing configured for server acting as a client for handshake purposes. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java The real work to enable Diffie-Hellman was to use SSL_CTX_set_tmp_dh_callback to set a callback to get DH parameters. There are two ways to create the parameters. The first is to use DH_generate_parameters_ex which is very slow (minutes) as is recommended as install time option. The second is to use DSA_generate_parameters_ex followed by DSA_dup_DH, which is faster for a single call, but must be done every time, so slower overall. We currently take the second approach to just have DH working. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Changed ephemeral RSA keys to be stored per SSL in AppData, not in a static global. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Fix LS_ to TLS_ typo in commented out constant. Removed easy to miss wrapping in array definition. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java Renamed CipherSuites defaultPretendant to defaultCipherSuites which led to renaming the CipherSuites constants to follow the coding style. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerKeyExchange.java Change-Id: Ia38de48cabb699b24fe6e341ba79f34e3da8b543 avax/net/ssl/StandardNames.java
b35597648f05db8d67c6a11d63044102a76cffda	18-May-2010	Jesse Wilson <jessewilson@google.com>	Merge "Testing that URLConnection uses CookieManager for send and receive." into dalvik-dev
211d3bbada505912bb16e9d1a6c1a9f1f5c16cff	18-May-2010	Jesse Wilson <jessewilson@google.com>	Testing that URLConnection uses CookieManager for send and receive. These all fail on Dalvik because we haven't wired these together. On the RI, everything passes except for the two tests that check parsing for multiple cookies in a single HTTP header. Change-Id: Idb10c5b51b7ae5ca400dc564f2926f0d5792093d ests/http/MockWebServer.java
fd487fbac3547360ea81d96edea9827fad080f86	18-May-2010	Brian Carlstrom <bdc@google.com>	Change Harmony CipherSuite to use JSSE names Change text names of Harmony CipherSuite's (used by SSLEngine and some places with OpenSSL code) to match JSSE names. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java Added StandardName constant for SSL_NULL_WITH_NULL_NULL support/src/test/java/javax/net/ssl/StandardNames.java Marked test as working with above fix, changed to use newly defined constant. luni/src/test/java/javax/net/ssl/SSLSessionTest.java Change-Id: Id48d2adcbbff71306296f1fdf8ff970c618fdcc6 avax/net/ssl/StandardNames.java
204cab3c22b4d75c866c95e2d2eec42e14cbd924	18-May-2010	Brian Carlstrom <bdc@google.com>	Supported cipher suites improvements Added new test_SSLSocket_getSupportedCipherSuites_connect to make sure all cipher suites we claim work actually do. It clearly exposed that although a large number of cipher suites are supported by libssl.so, they are not properly wired up into the OpenSSL JSSE implementation. In particular Elliptic Curve has been disabled in our version Bouncy Castle does not work. In addition Diffie-Hellman does not work because we need to further integration work with OpenSSL via SSL_set_tmp_dh_callback or SSL_set_tmp_dh. Finally, SSL_RSA_EXPORT_WITH_RC4_40_MD5 doesn't work but that is being left as KnownFailure for more immediate cleanup based on ServerHandshakeImpl's handling of KeyExchange_RSA_EXPORT as part of having OpenSSL call us back for certificates dynamically. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Refactored TestSSLContext.createKeyStore to create TestKeyStore which now factors out TestSSLContext.createKeys from the old createKeyStore method, which allows createKeys to be called multiple times for different key algorithms (for example DSA in addition to RSA). Also added a reusable singleton instance to cut down on test execution time. support/src/test/java/javax/net/ssl/TestKeyStore.java Removed publicAlias/privateAlias from TestSSLContext since we now include both RSA and DSA key pairs in they KeyStore by default. Added TestSSLContext.assertCertificateInKeyStore methods to help tests the previously used the alias fields fields. TestSSLContext.create API changed as well since the alias names are no longer required. TestSSLContext.createClient now needs to iterate over all server certificates when setting up its TrustManager instead of just grabbing one by alias name. support/src/test/java/javax/net/ssl/TestSSLContext.java luni/src/test/java/javax/net/ssl/SSLContextTest.java luni/src/test/java/javax/net/ssl/SSLSessionTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java TestSSLSocketPair.connect now allows optional inclusion of server cipher suite list. support/src/test/java/javax/net/ssl/TestSSLSocketPair.java luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java Turning off Elliptic Curve and Diffie-Hellman which are not currently working. Updating test expectations to match. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java support/src/test/java/javax/net/ssl/StandardNames.java Turn on registration of ECDSA and DSA since this part is currently functional (and excercised by TestKeyStore.create()) luni/src/main/java/org/bouncycastle/x509/X509Util.java Improve logging by including SSL pointer in error messages, which makes it easier to relate these errors to JNI_TRACE messages. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Change-Id: I014d001a6a21a46c360678a346d3a3c8232f4d53 avax/net/ssl/StandardNames.java avax/net/ssl/TestKeyStore.java avax/net/ssl/TestSSLContext.java avax/net/ssl/TestSSLSocketPair.java
3534c7cb3d4c67e3a4f2925fc7ecec43aeed879a	15-May-2010	Brian Carlstrom <bdc@google.com>	Remove ScopedGlobalRef (and other cleanups) ScopedGlobalRef caused more trouble that it was worth. Rather than trying to fix it to require updating of the JNIEnv, remove it to remove the temptation for others to use it. Also update SSL_set_ciphers_lists to use ScopedLocalRef and add HTML anchors to Standard names javadoc JSEE references. Change-Id: Ic3ed1bae3f29ee971d4461de31395b78c4949090 avax/net/ssl/StandardNames.java
9acacc36bafda869c6e9cc63786cdddd995ca96a	14-May-2010	Brian Carlstrom <bdc@google.com>	Use JSSE cipher suite names and restore JSSE SSLSessionContext semantics Summary: - Switch to using JSSE cipher suite names - SSLSessionContext implementation cleanup - Updated tests Details: Switch to using JSSE cipher suite names - We maintain backward compatability for enabling cipher suites using OpenSSL names for old code that did so without checking for the presence of the names in the supported list. - We now have a well defined list of the supported cipher suites which are sorted in priority order as specified in JSSE documentation so that callers doing: s.setEnabledCipherSuites(s.getSupportedCipherSuites()) will get something reasonable. - We now have a default cipher suite list that is chose to match RI behavior and priority, not based on OpenSSLs default and priorities. Details: - Added NativeCrypto OPENSSL_TO_STANDARD and STANDARD_TO_OPENSSL mapping between naming conventions. STANDARD_TO_OPENSSL is a LinkedHashMap so enumerating it gives the proper order for SUPPORTED_CIPHER_SUITES. - SSL_get_ciphers and SSL_set_cipher_list are removed, we now use our own SSL_set_cipher_lists (defined seperately in external/openssl/patches/jsse.patch) to set the set and order of cipher suites. SSL_CTX_get_ciphers is also removed because we no longer rely on the OpenSSL for the default cipher suites behavior. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Add cipherSuite and protocol field caches for native values, mapping the cipherSuite to a JSSE name from the OpenSSL name returned by SSL_SESSION_cipher. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java Fixed a long standing bug where we reused sessions found in the client host/port cache even if the old protocol and cipher suite where no longer compatible with what was specified by setEnabledCipherSuites and setProtocols. Also fixed a recently introduced bug where lastAccessedTime was being set on a cached session even if it was not reused, found by fixed the above. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Move most of SSLSessionContext implementation from subclasses to AbstractSessionContext. This was primarily to align the implementations of how different sessions id for the same host and port were handled for RI compatability. client subclasses now focuses on handling its host/port based cache and both deal with their own persistent cache details. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java Tests Added some variants of assertSSLSessionContextSize to simplify tests code. Broke test_SSLSessionContext_setSessionCacheSize_oneConnect out of test_SSLSessionContext_setSessionCacheSize_dynamic. Renamed test_SSLSessionContext_setSessionCacheSize_basic to test_SSLSessionContext_setSessionCacheSize_noConnect to match name of _oneConnect. _dynamic was cleaned up a bit as getting it working was the only goal of this change list. Fixed to filter SSL_RSA_EXPORT_ ciphers since our test certificate key length is too long for those. Lower test requirement to 3 unique cipher suites. luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java Added checks that cipher suites and protocols have standard names. luni/src/test/java/javax/net/ssl/SSLSessionTest.java Removing known failures related to cipher suite naming. Fixed bug of using assertNotNull instead of assertTrue. Added extra size/length check which would have found the assertNotNull/assertTrue issue. luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java Fixing test the explicitly worked around broken cipher suite naming. luni/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java Updated standard cipher suites to RI 6 list, which also now specifies ordering, which we now align with. support/src/test/java/javax/net/ssl/StandardNames.java Unrelated Remove more now obsolete jars from the test classpath run-core-tests Change-Id: I45c274a9327c9a1aeeccb39ecaf5a3fbe2903c8f avax/net/ssl/StandardNames.java
f33eae7e84eb6d3b0f4e86b59605bb3de73009f3	13-May-2010	Elliott Hughes <enh@google.com>	Remove all trailing whitespace from the dalvik team-maintained parts of libcore. Gentlemen, you may now set your editors to "strip trailing whitespace"... Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b avax/net/ssl/TestSSLContext.java rg/apache/harmony/security/tests/support/CertificateStub.java rg/apache/harmony/security/tests/support/IdentityScopeStub.java rg/apache/harmony/security/tests/support/IdentityStub.java rg/apache/harmony/security/tests/support/KeyStoreTestSupport.java rg/apache/harmony/security/tests/support/MDGoldenData.java rg/apache/harmony/security/tests/support/MyAlgorithmParameterGeneratorSpi.java rg/apache/harmony/security/tests/support/MyKeyPairGenerator1.java rg/apache/harmony/security/tests/support/MyKeyPairGenerator2.java rg/apache/harmony/security/tests/support/MyKeyPairGenerator3.java rg/apache/harmony/security/tests/support/MyKeyPairGeneratorSpi.java rg/apache/harmony/security/tests/support/MyKeyStore.java rg/apache/harmony/security/tests/support/MyKeyStoreSpi.java rg/apache/harmony/security/tests/support/MyLoadStoreParams.java rg/apache/harmony/security/tests/support/MyMessageDigest1.java rg/apache/harmony/security/tests/support/MyMessageDigest2.java rg/apache/harmony/security/tests/support/MySSLContextSpi.java rg/apache/harmony/security/tests/support/MySignature1.java rg/apache/harmony/security/tests/support/MySignature2.java rg/apache/harmony/security/tests/support/MyTrustManagerFactorySpi.java rg/apache/harmony/security/tests/support/PrivateKeyStub.java rg/apache/harmony/security/tests/support/PublicKeyStub.java rg/apache/harmony/security/tests/support/RandomImpl.java rg/apache/harmony/security/tests/support/SecurityChecker.java rg/apache/harmony/security/tests/support/SignerStub.java rg/apache/harmony/security/tests/support/SpiEngUtils.java rg/apache/harmony/security/tests/support/TestCertUtils.java rg/apache/harmony/security/tests/support/TestKeyPair.java rg/apache/harmony/security/tests/support/TestKeyStoreSpi.java rg/apache/harmony/security/tests/support/TestUtils.java rg/apache/harmony/security/tests/support/cert/MyCRL.java rg/apache/harmony/security/tests/support/cert/MyCertPath.java rg/apache/harmony/security/tests/support/cert/MyCertPathBuilderSpi.java rg/apache/harmony/security/tests/support/cert/MyCertPathValidatorSpi.java rg/apache/harmony/security/tests/support/cert/MyCertStoreParameters.java rg/apache/harmony/security/tests/support/cert/MyCertStoreSpi.java rg/apache/harmony/security/tests/support/cert/MyCertificate.java rg/apache/harmony/security/tests/support/cert/MyCertificateFactorySpi.java rg/apache/harmony/security/tests/support/cert/MyFailingCertPath.java rg/apache/harmony/security/tests/support/cert/MyFailingCertificate.java rg/apache/harmony/security/tests/support/cert/TestUtils.java rg/apache/harmony/security/tests/support/interfaces/DSAKeyPairGeneratorImpl.java rg/apache/harmony/security/tests/support/interfaces/RSAMultiPrimePrivateCrtKeyImpl.java rg/apache/harmony/security/tests/support/tmpCallbackHandler.java rg/apache/harmony/testframework/serialization/SerializationTest.java rg/apache/harmony/xnet/tests/support/KeyManagerFactorySpiImpl.java rg/apache/harmony/xnet/tests/support/MyKeyManagerFactorySpi.java rg/apache/harmony/xnet/tests/support/MySSLContextSpi.java rg/apache/harmony/xnet/tests/support/MyTrustManagerFactorySpi.java rg/apache/harmony/xnet/tests/support/SSLContextSpiImpl.java rg/apache/harmony/xnet/tests/support/SSLSocketFactoryImpl.java rg/apache/harmony/xnet/tests/support/TrustManagerFactorySpiImpl.java rg/apache/harmony/xnet/tests/support/X509KeyManagerImpl.java rg/apache/harmony/xnet/tests/support/X509TrustManagerImpl.java rg/apache/harmony/xnet/tests/support/mySSLSession.java argets/Charsets.java ests/support/Support_ASimpleInputStream.java ests/support/Support_ASimpleOutputStream.java ests/support/Support_ASimpleReader.java ests/support/Support_ASimpleWriter.java ests/support/Support_BitSet.java ests/support/Support_ClassLoader.java ests/support/Support_CollectionTest.java ests/support/Support_Configuration.java ests/support/Support_DeleteOnExitTest.java ests/support/Support_Exec.java ests/support/Support_Field.java ests/support/Support_Format.java ests/support/Support_GetLocal.java ests/support/Support_GetPutFields.java ests/support/Support_GetPutFieldsDefaulted.java ests/support/Support_GetPutFieldsDeprecated.java ests/support/Support_GetResource.java ests/support/Support_IOTestSecurityManager.java ests/support/Support_ListTest.java ests/support/Support_MapTest2.java ests/support/Support_MessageFormat.java ests/support/Support_NetworkInterface.java ests/support/Support_OutputStream.java ests/support/Support_PlatformFile.java ests/support/Support_PortManager.java ests/support/Support_ProviderTrust.java ests/support/Support_Proxy_I1.java ests/support/Support_Proxy_I2.java ests/support/Support_Proxy_ParentException.java ests/support/Support_Proxy_SubException.java ests/support/Support_SetTest.java ests/support/Support_SimpleDateFormat.java ests/support/Support_StringReader.java ests/support/Support_StringWriter.java ests/support/Support_TestProvider.java ests/support/Support_TestResource.java ests/support/Support_TestResource_en.java ests/support/Support_TestResource_en_US.java ests/support/Support_TestResource_fr.java ests/support/Support_TestResource_fr_FR.java ests/support/Support_TestResource_fr_FR_VAR.java ests/support/Support_TestWebData.java ests/support/Support_TimeZone.java ests/support/Support_UnmodifiableCollectionTest.java ests/support/Support_UnmodifiableMapTest.java ests/support/Support_Xml.java ests/support/resource/Support_Resources.java ests/util/CallVerificationStack.java ests/util/FieldTestFileGenerator.java ests/util/SerializationTester.java
fd6bb3510c2f94d636f3572dcf5f7f4dcd1a2726	13-May-2010	Elliott Hughes <enh@google.com>	Remove //$NON-NLS-\d$ cruft. Mostly done by perl(1), with manual cleanup of the few misspelled instances. This makes our trailing whitespace slightly worse, but I'll fix all that with a follow-on change. Change-Id: I0b4ca98819be6f9519c4ba980d759bd1ee1a0303 ests/support/Support_ASimpleOutputStream.java ests/support/Support_ASimpleWriter.java ests/support/Support_OutputStream.java
d36e64750cc11e98a96eaa6e89e6445857af85d6	12-May-2010	Jesse Wilson <jessewilson@google.com>	Merge "Adding checks to make sure the HTTP method is consistent with its body." into dalvik-dev
0af0a7959d838c48e6b4e8dc9ac188ff6bbb6a87	11-May-2010	Brian Carlstrom <bdc@google.com>	SSLSessionContexts should throw NullPointerException on getSession(null) Add an explicit null check to ensure failure on a null argument to getSession to match the RI luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java Remove KnownFailures resolved by above fix as well as clarifiying SSL session cache expections on Android vs the RI. The KnownFailures were also hiding some latent issues to do SSL session tickets, so fixed those up as well. luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java Added constants for expected SSL session cache behavior for RI vs Android support/src/test/java/javax/net/ssl/TestSSLContext.java Change-Id: Ic6285192cf76c0a5c3fa45a24eaa504ed0babff5 avax/net/ssl/TestSSLContext.java
fd4350050d7a0d333f9d346560b167040c3f44df	10-May-2010	Jesse Wilson <jessewilson@google.com>	Adding checks to make sure the HTTP method is consistent with its body. From the post-review comments here: https://android-git.corp.google.com/g/51054 Change-Id: I67be25a6648a2df02a888a0ae8559c05614de20c ests/http/MockWebServer.java
b1b5baac449d2725002338735f4db34bec8fd001	08-May-2010	Jesse Wilson <jessewilson@google.com>	New MockWebServer for HTTP testing. Unlike the Support_TestWebServer, this server is dumb but scriptable. It's intended to make it easier to test uncommon HTTP behavior, such as an intermediate HTTP proxy. Change-Id: Iac07e0b4788eeaa172d5c55d8ed9e034d98aa8e6 ests/http/MockResponse.java ests/http/MockWebServer.java ests/http/RecordedRequest.java
e688a4123f165ed2905878e312b074b8c825d119	05-May-2010	Brian Carlstrom <bdc@google.com>	Addressing post-submit comments regarding OpenSSL handhake changes Following up on feedback from earlier change https://android-git.corp.google.com/g/50435 Added new test_SSLSocket_startHandshake_noClientCertificate to make sure handshaking works when no client certificates are present after issues raised by hwu during code review. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Improve TestSSLContext.create* options - added javadoc comments to help distinguish different versions - fixed bug of not passing in keyStorePassword in create() - added new createClient(server) method to create a TestSSLContext that trusts the provided server TestSSLContext's certificate for use by test_SSLSocket_startHandshake_noClientCertificate - made createKeyStore optionally create a more minimal keystore if aliases are not present support/src/test/java/javax/net/ssl/TestSSLContext.java Fixed argument names in SSL_*_mode methods names as pointed out by hwu luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java Added comment to explain purpose of OpenSSLSessionImpl.resetId. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java Two changes to OpenSocketImpl - Added logging on runtime exception catch around HandshakeCompletedListener execution to closely mirror RI behavior. - Cleaned up peerCertificate check to not just be on the client path. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Addressed enh's comments about using clearEnv and when to delete AppData luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Change-Id: I34f54e3e41a5d53d81fdc22aa34ca4de4ee9826f avax/net/ssl/TestSSLContext.java
17c744222e249ed5f7ab36e49ed11f9bb062a302	04-May-2010	Brian Carlstrom <bdc@google.com>	Remove workarounds from JSSE tests now that SSLServerSocket.accept no longer tries to handshake Change-Id: I1188c34901b4c2c42d6b88e798e2eda24b0bfc4c avax/net/ssl/TestSSLSessions.java avax/net/ssl/TestSSLSocketPair.java
bcfb325d5b1f9529b439cc0805a1c140521510f7	02-May-2010	Brian Carlstrom <bdc@google.com>	OpenSSLSocket handshake overhaul Summary: - SSLSocket.startHandshake now generalized to handle both client and server handshaking as well as client/server role reversal - handshake_cutthrough.patch is properly integrated with support delayed handshake completion now integrated with delayed updates to session cache and callbacks to HandshakeCompletedListeners - Many fixes to SSLSession, which is the end product of the handshake - Generally more RI and SSLEngine compliant behavior. - More native code deletion through unification of client/server handshake, unification of client/server certificate chain verification, etc. More native code moved from various OpenSSL classes to cleaner NativeCrypto interfaces that more directly mirror the OpenSSL interfaces. Details: Delay SSL_new call until handshake time when we know for sure whether the OpenSSLSocket will be used in client or server mode and we can allocate the SSL_new from the apppriate client or server SSL_CTX used for session caching. Now that no SSL is allocated for an OpenSSLServerSocketImpl, store enabledProtocols and enabledCipherSuites in instance String arrays. Use new NativeCrypto.checkEnabled* methdods for argument validation. OpenSSLServerSocketImpl passes these enabled arrays to a new OpenSSLSocket constructor during accept(). Removed finalizer from OpenSSLServerSocketImpl since it no longer has any native storage and socket is already closed by PlainSocketImpl finalizer. X-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java OpenSSLSocket major overhaul to properly implement handshaking including switching client and server roles and session ID caching with handshake_cutthrough.patch. - now implements NativeCrypto.HandshakeCompletedListeners for properly timed callback when handshake_cutthrough.patch delays handshake completion until first SSLSocket.getInputStream() read. - similar enabledProtocols/enabledCipherSuites changes as OpenSSLServerSocketImpl since we need to store the state somewhere other than an openssl SSL struct until we are sure if we are doing a client or server handshake. - added handshake completed field so that startHandshake can tell if handshake was completed during SSL_do_handshake or will be completed later by a call to HandshakeCompletedCallback.handshakeCompleted. - removed nativegetsession as the equivalent value is now returned by SSL_do_handshake - removed nativecipherauthenticationmethod as the value is now passed to verifyCertificateChain - startHandshake is now a wrapper that forces a fully synchronous handshake - startHandshake(boolean) is the the most changed method in this changelist, combinding both the old startHandshake logic, but also the OpenSSLSocketImpl.accept code as well. Notable differences from the old code: * now responsible for SSL_new * single code path for client/server handshaking dealing with SSLSession caching * now handles server certificate requests previously in OpenSSLServerSocketImpl, since a client can request to act like a server and therefore need to be able to make suck demands on its peer. * supports turning off handshake_cutthrough at a callers request via explicit call to startHandshake() * certificate verification happens during an upcall from openssl during SSL_do_handshake to verifyCertificateChain for both client and server cases. previously there was not quite right upcall support on the server side and post-handshake checking on the client, which did not allow for a proper alert to be sent to the peer informing them of the issue, which the RI and SSLEngine code do. * Similarly, setEnableSessionCreation(false) did not send an alert to the peer as the RI and SSLEngine code in the client case. In the server case, nothing was previously done. * The use of local certificates was not determined from introspecting the SSL struct post-handshake. This is now partially implemented and will be completed in a later change. - SSLSocket.{shutdownInput,shutdownOutput} are now restored to the proper behavior of throwing UnsupportedOperationException. - Gutted OpenSSLSocketImpl finalizer. The comment explains in detail the trouble of having the finalizer do anything more than touch its the instances own state due to unpredictable order of finalization and the future possability of parallel finalization. x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java SSLSession fixes - Made OpenSSLSessionImpl.sessionContext non-final so it could be nulled by SSLSession.invalidate to match RI behavior. - As noted in AbstractSessionContext discussion, removed OpenSSLSessionImpl constructor that took SSLParameters, instead we take the possibly null localCertificates directly. OpenSSLSessionImpl.getLocalCertificates now simply returns the localCertificates member variable instead of incorrectly trying to query the KeyManager for certificates that may not have been used. - OpenSSLSessionImpl now caches its native ID to avoid numerious native calls but also now provides as resetId which will update the cache when a delayed handshake happens due to the handshake_cutthrough.patch - Fixed bug in getPeerPrincipal that it wasn't calling getPeerCertificates to initialize peerCertificates field. - freeImpl is now 'public static' in preparation for move to NativeCrypto. x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java The old SSLSessionImpl class that is still used for representing the invalid session now returns isValid => false and getProtocol => "NONE" to match the RI. x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java NativeCrypto improvements - Adding NativeCrypto.SSL_{get,set,clear}_mode similar to NativeCrypto.SSL_{get,set,clear}_options along with SSL_MODE_HANDSHAKE_CUTTHROUGH constant which is used to explicitly disable/enable the Android handshake_cutthrough.patch behavior. - Added missing NativeCrypto.SSL_clear_options and used to properly implement NativeCrypto.setEnabledProtocols. - Added NativeCrypto.checkEnabledProtocols and NativeCrypto.checkEnabledCipherSuites helpers to implement exception compatability with the RI. While some of this code is refactored from existing NativeCrypto code, it is now also used by OpenSSLServerSocketImpl and OpenSSLSocketImpl which maintain their own String[]s of what is enabled until startHandshake time. (see below) - Changed NativeCrypto.findSuite to use foreach style loop for clarity. - Moved OpenSSLServerSocketImpl nativesetclientauth and SSL_VERIFY_* constants to NativeCrypto.SSL_set_verify - Added NativeCrypto.SSL_set_session based on part of old OpenSSLSocketImpl.nativeconnect - Added NativeCrypto.SSL_set_session_creation_enabled to properly implement SSLSocket.setEnableSessionCreation(false) which uses new external/openssl/patches/jsse.patch functionality. - New NativeCrypto.SSL_do_handshake consolidates OpenSSLSocketImpl.{nativeconnect, nativeaccept} while properly implementing SSLSocket.setUseClientMode(false) for clients and SSLSocket.setUseClientMode(true) for servers. - New NativeCrypto.SSL_get_certificate is determine if local certificate requested by peer. While functional, currently NativeCrypto.SSL_new always sets a value via SSL_use_certificate instead of relying on a callback set via SSL_CTX_set_client_cert_cb. - Changed NativeCrypto.CertificateChainVerifier.verifyCertificateChain to throw a checked CertificateException to match TrustManager.{checkServerTrusted, checkClientTrusted}. It also takes an authMethod so avoid the need to call the old OpenSSLSocketImpl.nativecipherauthenticationmethod. - Added NativeCrypto.HandshakeCompletedCallback which has its handshakeCompleted method called from OpenSSL when the now delayed handshake_cutthrough.patch handshake is completed so SSLSession caching can be delayed until a session ID is available and to provide a better time for HandshakeCompletedListeners to be notified. x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Some other changes specific to the naitve side of the code - Added JNITRACE calls (enabled at compile time with JNI_TRACE) for future debugging. - throw SSLException subclass of IOException instead IOException itself for better RI compatability x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp - changed from old struct app_data to new class AppData at enh's request Remove dubious usage of SSLParameters within AbstractSessionContext to pass through to OpenSSLSessionImpl constructor for use in calling getLocalCertificates for sessions created from a byte array with AbstractSessionContext.toSession. Our AbstractSessionContext.toBytes doesn't currently include the local certificates in its output, so it cannot be expected to have in toSession. x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java Test maintenance openssl 1.0.0 adds support for RFC 4507 session tickets which remove the need for server side session state. These tests needed to be updated for this new behavior. If IS_RI is true, they still follow the old behavior. luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java luni/src/test/java/javax/net/ssl/SSLSessionTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java Update KnownFailures and add specific comments at point of failure about what remains to be fixed. luni/src/test/java/javax/net/ssl/SSLSessionTest.java Added tests to cover the use of standard cipher suite names. Historically Android has used OpenSSL string constants for cipher suite names, but JSSE actually specifies supported and expected names. luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java Create new support/src/test/java/javax/net/ssl with old Helper support code pulled from javax.net.ssl tests: SSLContextTest.Helper -> TestSSLContext SSLSocketTest.Helper -> TestSSLSocketPair SSLSessionTest.Helper -> TestSSLSessions Also added new StandardNames here, which contains a collection of expected constants for test validation. luni/src/test/java/javax/net/ssl/SSLContextTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java luni/src/test/java/javax/net/ssl/SSLSessionTest.java support/src/test/java/javax/net/ssl/TestSSLContext.java support/src/test/java/javax/net/ssl/TestSSLSocketPair.java support/src/test/java/javax/net/ssl/TestSSLSessions.java support/src/test/java/javax/net/ssl/StandardNames.java Removed some now fixed KnownFailures and unneeded !IS_RI code. Marked some [Un]KnownFailures where exceptions are thrown and visible in the output but aren't correctly causing the test to fail. Fixed assertNonNull to assertTrue in test_SSLSocketTest_Test_create. Added stress_test_SSLSocketTest_Test_create to track down test flakiness, leading to rewrite of SSLSocket finalization. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Reenable javax.net.ssl.AllTests now that it is does not hang luni/src/test/java/tests/AllTests.java Improve error messages while debugging overflow problem. Added new assert when debugging new RFC 4507 behavior. Removed KnownFailure annotation for now working test case. x-net/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java Client code changes Now that startHandshake implies synchronous vs Android's default async handshake, remove unneeded explict calls to SSLSocket.startHandshake luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java Removed IBM 1.4.x codepath that involved startHandshake x-net/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java Unrelated Remove unneed SSLSocket.setUseClientMode while removing unneeded SSLSocket.startHandshake luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java Removed warnings due to now missing modules in classpath run-core-tests Change-Id: I6e149ae259b3feccdfb0673209c85cfeb60befc8 avax/net/ssl/StandardNames.java avax/net/ssl/TestSSLContext.java avax/net/ssl/TestSSLSessions.java avax/net/ssl/TestSSLSocketPair.java
8baf143a7c8921d07b54adbc66ac1e5b42de5fe6	21-Apr-2010	Jesse Wilson <jessewilson@google.com>	Rewrite the HTTP connection pool used by HttpURLConnection. This started off as incremental changes, but it ended up going far enough that it earned the "rewrite" badge. System.getProperty() is not called for every HTTP connection. This is slightly controversial, but the old code had to bend over backwards to support dynamic pool changes, and it didn't even support the case when the pool shrank but not to 0. The new code doesn't do I/O within static synchronized blocks. This should reduce contention described here: http://b/issue?id=2606547 Also: simpify implementation, prettier names, more focused doc. ests/support/Support_TestWebServer.java
6e94ca64944375a1496f752c64503baeafca2bc4	29-Mar-2010	Jesse Wilson <jessewilson@google.com>	Merge commit '8812fdd7' into manualmerge Conflicts: libcore/xml/src/test/java/tests/api/javax/xml/parsers/SAXParserFactoryTest.java
5ab82b77afbc8af3b91e90ab46b0a7cc0a090f04	26-Mar-2010	Jesse Wilson <jessewilson@google.com>	Fixing tests to handle changes in our behaviour since DOM 3. Our exception priority has changed for DOM attributes. We previously used to throw DOMExceptions with namespace error codes and now throw DOMExceptions with character error codes when the attribute name is malformed. This caused changes to many tests. Another notable behaviour change is that we now supply the qname (like the RI) where previously we did not. It is optional, but we now include it for RI-consistency. Yet another behaviour change is that we don't look at System properties when choosing a SAX implementation. This simplifies our internals significantly. End users who want an alternative SAX implementation should construct it manually. Also adding @KnownFailure tags for new tests that we have never yet passed. Change-Id: I6f81bedd7c2a0867086dc507b3220c2b07c4d3d3 ests/util/TestEnvironment.java
e2a6f77f112c01109db196d8b19767896ee977ea	22-Feb-2010	Elliott Hughes <enh@google.com>	Merge remote branch 'goog/master' into mm Conflicts: libcore/JavaLibrary.mk
1ec94feeb09591c30996c7c0834d6f131e204922	19-Feb-2010	Jesse Wilson <jessewilson@google.com>	Filling in some gaps in our XML DOM v3 API. Specifically, these methods on Node: - setTextContent() - isSameNode() - lookupPrefix() - lookupNamespaceURI() In order to implement the last 2 I needed to fix our KXml parser to include namespace attributes (ie. xmlns) in the pulled document. Previously these were being elided. Added a new testcase to verify our behaviour. It passes the RI. On Dalvik we have a small issue with entity declarations. Added a new testcase to verify Node.getBaseURI(). This test fails because the method isn't implemented. Part of this test required moving a method out to Support_Resources.java; in order to verify the BaseURI the XML must be read from a file and not a stream (so that path information exists). Also... - Style cleanup: changing static calls to look like static calls. - Efficiency: avoiding concatenating with "" when unnecessary - Duplication: sharing prefix validation between attributes and elements - Renaming NodeTests to NodeTest for vogar-friendliness Outstanding: - I need to write a test for setTextContent(). ests/support/resource/Support_Resources.java
6461d8fe30e94c08d10ccd40c9ceeb83b9c43b7b	12-Feb-2010	Elliott Hughes <enh@google.com>	Remove some potential test flakiness. Bug: 2441548 ests/support/Support_TestWebServer.java
fc8bb3aece9bbff2a09509d8e211935ef054c085	30-Jan-2010	Elliott Hughes <enh@google.com>	Fix all the harmony java.util.Formatter tests. ICU thinks that German short weekday names should be "So." et seq rather than "So". This brings us into line with frameworks/base, which I'm depressed to find has its own copy of the CLDR data in XML form (and its own date/time formatters). Also fix TestEnvironment to not clobber "user.name", which we need in order to set our expectations in cases where being root affects what we can/can't do. (This also fixes a few other harmony tests.) ests/util/TestEnvironment.java
a2263b501dd19e5de07facdde47f08b4ae7a470e	28-Jan-2010	Brett Chabot <brettchabot@android.com>	am ff3a96c9: am c4f93305: Fix for DecimalFormatTest#test_formatToCharacterIteratorLjava_lang_Object Merge commit 'ff3a96c9055888140893158fff8b33831b949e49' * commit 'ff3a96c9055888140893158fff8b33831b949e49': Fix for DecimalFormatTest#test_formatToCharacterIteratorLjava_lang_Object
e7a431c2c8b09f22235d03d45f4786e2f6b40bfb	21-Jan-2010	Brett Chabot <brettchabot@android.com>	Fix for DecimalFormatTest#test_formatToCharacterIteratorLjava_lang_Object Add additional logic to skip checks that require specific locales. Bug 2386416 Change-Id: Icc30e04d393a22b272966555e617598323aefa0b ests/support/Support_DecimalFormat.java ests/support/Support_Locale.java
e1e5e8e60af12f145c4dd0395e30069665f97529	14-Jan-2010	Elliott Hughes <enh@google.com>	Fix Date.toString. Date.toString was using the TimeZone id ("America/Los_Angeles") rather than the time zone short name ("PDT" or "PST", depending on time of year). The naive fix made things 5x slower, so I improved Resources.getDisplayTimeZone so the fixed Date.toString is only 2x slower. This could be improved further with a faster getDisplayTimeZone. I hoped to replace the body of Date.toString with a call to SimpleDateFormat, but that turns out to be 40x slower. This patch also optimizes SimpleDateFormat to bring the gap down to 8x by using Resources.getDisplayTimeZone instead of asking for all the strings. (Note that these improvements refer to the hopefully common case of localized strings for the default locale. If you have the misfortune to need strings for other locales, the new code will be more like 600x faster. At 0.5s a call on the fastest current hardware, I hope no-one's actually doing that. Dalvik Explorer -- available on the Market -- needs to do it when generating summary reports, and it is indeed ridiculously slow. It uses two SimpleDateFormat objects per locale, so it takes 1s per locale, for about 60 locales. I've tested Dalvik Explorer with this patch, and it does fix that pathological behavior.) Also fix a bug I introduced in https://android-git.corp.google.com/g/36242 that meant that our zone names String[][] contained incorrect values (accidentally concatenating each successive value in a row), found by existing tests now we use more of those values. Also replace a couple of "new Integer" calls with Integer.valueOf for a modest speedup. Also factor out some duplication. Bug: http://code.google.com/p/android/issues/detail?id=6013 ests/util/TestEnvironment.java
398cf32a303a3b2a878a48cbae54be5ac23f7ecd	07-Jan-2010	Jesse Wilson <jessewilson@google.com>	Fixing our default HTTP Accept header to be spec-compliant. See bug http://code.google.com/p/android/issues/detail?id=5843 Also fixing a bug in the test webserver, where we weren't formatting the headers properly. I'm dumbfounded how the tests passed previously; although I fear that omitting the @TestTargetNew annotation might mean that they weren't being run. I'll investigate that in a follow up. ests/support/Support_TestWebServer.java
a0f38182a8fb81a6ae34372895e7a8a421f66fa1	22-Dec-2009	Brett Chabot <brettchabot@android.com>	am d3b06457: am 6cdbef55: Merge change I1d9b205f into eclair Merge commit 'd3b0645772fd3364575b93c74428ae19f88c4238' * commit 'd3b0645772fd3364575b93c74428ae19f88c4238': Skip locale dependent libcore tests if required locales are not present.
7f326eba50620211e5b698d4c584b861d11d1d6f	19-Dec-2009	Brett Chabot <brettchabot@android.com>	Skip locale dependent libcore tests if required locales are not present. Previously these tests were marked as KnownFailures - which is undesirable since they can pass if the right Locale's are present on target. Bug 2335906 Change-Id: I1d9b205f740b71880c57b48f069c302c5cec8792 ests/support/Support_Locale.java
e124afe6e959d2c24d4ee943007cb5317c64eab5	02-Dec-2009	Claire Ho <chinglanho@gmail.com>	Android ICU4.2.1 upgrade. For detail of dalvik changes, please see: https://docs.google.com/a/google.com/View?docid=0AfZlO7RuiBh5Y2NmMjdndmJfNDVmNWM2cGY0NQ&hl=en Bug: 1823720 Reviewed-by: jessewilson@google.com,enh@google.com CC: Signed-off-by: ests/support/Support_SimpleDateFormat.java
ff42219e3ea3d712f931ae7f26af236339b5cf23	18-Nov-2009	Elliott Hughes <enh@google.com>	Fix KXmlSerializer so it won't generate invalid XML. We were allowing arbitrary characters to be output (which, surprisingly, XML does not), and we weren't correctly escaping CDATA sections that contained "]]>". Pull out some of my test helpers from DocumentBuilderTest into Support_Xml, because they're more generally useful when writing tests involving XML. Also correct a bunch of spelling mistakes in XmlSerializer's javadoc, since I happened to be reading through. ests/support/Support_Xml.java
e40c9e3935a5024c0f3ebfb3f1441fcd5c48ed86	12-Nov-2009	Elliott Hughes <enh@google.com>	Fix HttpURLConnection's chunked encoding behavior. A third-party developer who wasn't reading to the end of the stream found that their next connection would return junk, which turned out to be the tail of the first response (thanks to connection recycling). Make sure we clean up a chunked-encoding stream before allowing the connection to be reused. Enhance our test web server to implement chunked encoding properly, with configurable chunk sizes, rather than just responding with a single chunk. Bug: http://code.google.com/p/android/issues/detail?id=2939 ests/support/Support_TestWebData.java ests/support/Support_TestWebServer.java
a152bc98bbb8feadb1b8b755f1f40fb66548ea12	05-Nov-2009	Elliott Hughes <enh@google.com>	Remove deadlock-prone thread pool. This is only test code, so let's not make it any more complicated than it needs to be. (The code sometimes locked the Vector before the individual Worker, and sometimes the other way round.) ests/support/Support_TestWebServer.java
82a2dfcd2281c2f8042fd5f09c98bea1e728530f	30-Oct-2009	Jesse Wilson <jessewilson@google.com>	Fixing 1 of the 4 BufferedReader test failures in bug 2224903. This CL includes the following functional changes: - changing read to not clear the mark upon reading EOF - changing read(char[], int, int) to use the 'read directly from the source stream' shortcut when the mark has exceeded its limit. Previously we took the shortcut only when the mark was unset. And these nonfunctional changes - rewrote read(char[], int, int) dramatically. The new revision contains only one call to 'System.arrayCopy' and the related bookkeeping. Previously there was one call before the loop, and another call in the loop. - renamed markpos to mark - renamed marklimit to markLimit - renamed count to end (it isn't a count, it's a position) - simplifying conditions that used >= when > was impossible - reducing the number of field reads where convenient ests/support/ThrowingReader.java
1805727c24b2b80161fef93c4b7742cf2322bdea	27-Oct-2009	Elliott Hughes <enh@google.com>	Implement ProcessBuilder.redirectErrorStream. Also simplify and correct the security to ensure that the user can't modify the command to be executed after the SecurityManager has approved it. Bug: 2180063 ests/support/Support_Exec.java
d37c804ccd11e38ee9221194866a152a4de6c8e9	24-Oct-2009	Jesse Wilson <jessewilson@google.com>	A new hygenic way for tests to clean up before or after execution. This replaces PrefsTester and is more general purpose. ests/util/PrefsTester.java ests/util/TestEnvironment.java
1c422fc0ab0692e10a05af6f48c6276c4dad4bea	16-Oct-2009	Jesse Wilson <jessewilson@google.com>	Respond to impossible CloneNotSupportedExceptions with AssertionErrors. See bug 2183132. rg/apache/harmony/security/tests/support/cert/MyCertStoreParameters.java
9c048fb7738ee3ac3677ba2170e360de8d70dcab	10-Oct-2009	Jesse Wilson <jessewilson@google.com>	Adding a timeout for standard out as well as standard error. ests/support/Support_Exec.java
1f4eba15dc9e4086ce7e2a4fc7cac83fe6bbc03d	10-Oct-2009	Jesse Wilson <jessewilson@google.com>	Rewrite Support_Exec to support timeouts on waiting processes. Also rewriting SupportExec to use ProcessBuilder rather than Runtime.exec(). Changed callers to use the ProcessBuilder directly rather than calling-through chained methods. ests/support/Support_Exec.java
2564a911708acb90dfb9ecbff93ac560da01117a	15-Sep-2009	Android (Google) Code Review <android-gerrit@google.com>	Merge change 24110 into eclair * changes: JarFile was not able to verify signed files with size 0.
adad03692b86958bbc1da598c260b5e322f4d8ce	12-Sep-2009	Jesse Wilson <jessewilson@google.com>	Fixing the delimiter for the HTTP "Accept" header to be well-formed. See bug 2107897. ests/support/Support_TestWebServer.java
d477459f4b89725dc32043aac8ad6f1dfc93de50	07-Sep-2009	Urs Grob <ursg@google.com>	JarFile was not able to verify signed files with size 0. This regressen was introduced by harmony optimizations done in HARMONY-4569. This fix allows for jar entries of size 0 to also get successfully validated. A regression test has been added to JarFileTest. ests/resources/EmptyEntries_signed.jar
5cc8cb84ac4a3474cfb666c9b94fd721e4615ca0	31-Aug-2009	Jesse Wilson <jessewilson@google.com>	Update prefs to Harmony r772995. Notable changes: - exception handling has changed to cleanup more reliably - calls to Collection.toArray() size the array properly - lots of style tweaks (rewrapping Javadoc, reintending wrapped code, whitespace) - new PrefsTester class ensures tests store prefs in the tmp directory Squashed commit of the following: commit 2157269d8ed39ccb8a71d735c12bbabcfd548243 Merge: d287282 97818bf Author: Jesse Wilson <jessewilson@google.com> Date: Wed Aug 5 11:14:26 2009 -0700 Merge branch 'prefs_772995' into prefs_dalvik Conflicts: libcore/prefs/.classpath libcore/prefs/.settings/org.eclipse.jdt.core.prefs libcore/prefs/build.xml libcore/prefs/make/exclude.linux.x86_64.drl libcore/prefs/make/exclude.windows.x86.drl libcore/prefs/make/exclude.windows.x86_64.drl libcore/prefs/src/main/java/java/util/prefs/AbstractPreferences.java libcore/prefs/src/main/java/java/util/prefs/BackingStoreException.java libcore/prefs/src/main/java/java/util/prefs/FilePreferencesFactoryImpl.java libcore/prefs/src/main/java/java/util/prefs/FilePreferencesImpl.java libcore/prefs/src/main/java/java/util/prefs/InvalidPreferencesFormatException.java libcore/prefs/src/main/java/java/util/prefs/NodeChangeEvent.java libcore/prefs/src/main/java/java/util/prefs/NodeChangeListener.java libcore/prefs/src/main/java/java/util/prefs/PreferenceChangeEvent.java libcore/prefs/src/main/java/java/util/prefs/PreferenceChangeListener.java libcore/prefs/src/main/java/java/util/prefs/Preferences.java libcore/prefs/src/main/java/java/util/prefs/PreferencesFactory.java libcore/prefs/src/main/java/java/util/prefs/RegistryPreferencesFactoryImpl.java libcore/prefs/src/main/java/java/util/prefs/RegistryPreferencesImpl.java libcore/prefs/src/main/java/java/util/prefs/XMLParser.java libcore/prefs/src/main/java/org/apache/harmony/prefs/internal/nls/Messages.java libcore/prefs/src/main/native/prefs/windows/PreferencesImpl.c libcore/prefs/src/main/native/prefs/windows/hyprefs.rc libcore/prefs/src/main/native/prefs/windows/makefile libcore/prefs/src/test/java/org/apache/harmony/prefs/tests/java/util/prefs/AbstractPreferencesTest.java libcore/prefs/src/test/java/org/apache/harmony/prefs/tests/java/util/prefs/AllTests.java libcore/prefs/src/test/java/org/apache/harmony/prefs/tests/java/util/prefs/FilePreferencesImplTest.java libcore/prefs/src/test/java/org/apache/harmony/prefs/tests/java/util/prefs/MockAbstractPreferences.java libcore/prefs/src/test/java/org/apache/harmony/prefs/tests/java/util/prefs/MockPreferencesFactory.java libcore/prefs/src/test/java/org/apache/harmony/prefs/tests/java/util/prefs/MockSecurityManager.java libcore/prefs/src/test/java/org/apache/harmony/prefs/tests/java/util/prefs/NodeChangeListenerTest.java libcore/prefs/src/test/java/org/apache/harmony/prefs/tests/java/util/prefs/PreferenceChangeListenerTest.java libcore/prefs/src/test/java/org/apache/harmony/prefs/tests/java/util/prefs/PreferencesFactoryTest.java libcore/prefs/src/test/java/org/apache/harmony/prefs/tests/java/util/prefs/PreferencesTest.java libcore/prefs/src/test/java/tests/prefs/AllTests.java commit d287282b550d4a5d262f1d1703344ed61bdc6d15 Author: Jesse Wilson <jessewilson@google.com> Date: Tue Aug 4 14:36:36 2009 -0700 Dalvik Prefs commit 97818bf21cfde744eeb5fbf1f9c31d9bd66f5a2e Author: Jesse Wilson <jessewilson@google.com> Date: Tue Aug 4 14:35:52 2009 -0700 Prefs 772995 commit 9a506f93947938dad3b41e1393f53b766ba0319f Author: Jesse Wilson <jessewilson@google.com> Date: Tue Aug 4 14:22:40 2009 -0700 Prefs 527399 ests/util/PrefsTester.java
1b544a6111a1005e502559a6e5f269c8ecf4a53b	26-Aug-2009	Lorenzo Colitti <lorenzo@google.com>	IPv6 fixes to java.net.InetAddress. 1. Make hashCode() do something that makes sense for IPv6 addresses. 2. Expand coverage of hashCode unit test. 3. Fix failing regression test for getAllByName(). 4. Document that the getByName test is broken. I will fix it in a future change. 5. Expand test coverage of the isMulticastAddress test to include IPv6 and non-multicast addresses. All tests now pass. Change-Id: I6f52c7c3213dd01bf773228b1ed5d44df813f877 ests/support/Support_Configuration.java
87eb4de6347e1be029cde77dd43ad9b1af901472	22-Jul-2009	Urs Grob <ursg@google.com>	Removing MD2 argets/MessageDigests.java ests/support/Support_TestProvider.java
728d33e7431ed0a19c3fe2f3caad92a9343c7f81	29-Apr-2009	Urs Grob <ursg@google.com>	Reactivating tests disabled because of ClassLoader loop Since ClassLoader.isAncestorOf has been fixed these tests now succeed. So they can be reactivated. BUG=1732214 ests/support/resource/Support_Resources.java
998421c91bc71aa3677dd91ac4a6b106f4bd297b	28-Apr-2009	Jorg Pleumann <>	AI 147896: Some more fixes for tests that failed in the CTS, but worked fine in run-core-tests: - One cert test needs isolation, because it destroys the security provider. - The Thread.sleep() tests were too flaky. - Tests that tried to open a temporary DEX file failed in the CTS because we do not have access to the system DEX cache. We are now simply creating our own. The Java plan in the CTS should now pass fully. Yippie! BUG=1285921 Automated import of CL 147896 ests/support/Support_ClassLoader.java
214a4e01cfb8ac07474c128b9431b19b7ed1b99b	21-Apr-2009	Urs Grob <>	AI 147121: Fixes for tests in the luni module. There are still some tests that are failing in the cts host. This CL will fix most of them in the luni module. BUG=1285921 Automated import of CL 147121 ests/support/Support_HttpConstants.java ests/support/Support_TestWebData.java ests/support/Support_TestWebServer.java
ab9bdb0e83663493b6518c0067873abef42f90ad	27-Mar-2009	Jorg Pleumann <>	AI 143070: Two small fixes for the support module. The classloader factory didn't work, since the innerhalb classes had to be static. Plus we don't want to see System.out stuff in the tests. BUG=1285921 Automated import of CL 143070 ests/support/Support_ClassLoader.java ests/support/Support_Exec.java
3cde025355ca04d7030eb6acebe8d84c7eec9ac8	25-Mar-2009	Urs Grob <>	Automated import from //branches/cupcake/...@141706,141706 rg/apache/harmony/xnet/tests/support/SSLSessionContextImpl.java rg/apache/harmony/xnet/tests/support/TrustManagerFactorySpiImpl.java rg/apache/harmony/xnet/tests/support/mySSLSession.java rg/apache/harmony/xnet/tests/support/mySSLSocket.java
eeb220adf9eea613d6cd97a131b0a9ef49e31a5b	20-Mar-2009	The Android Open Source Project <initial-contribution@android.com>	auto import from //branches/cupcake_rel/...@141571 ests/support/Support_ClassLoader.java
fa890109ecc4522f0e07481431c04d4cf6ba16d1	13-Mar-2009	The Android Open Source Project <initial-contribution@android.com>	auto import from //branches/cupcake_rel/...@138607 argets/Signatures.java
ab28398a565e5ce8a56cdfd50ac6226e5317cf66	11-Mar-2009	The Android Open Source Project <initial-contribution@android.com>	auto import from //branches/cupcake/...@137873 rg/apache/harmony/security/tests/support/cert/TestUtils.java rg/apache/harmony/testframework/serialization/SerializationTest.java ests/support/Support_SimpleDateFormat.java
adc854b798c1cfe3bfd4c27d68d5cee38ca617da	04-Mar-2009	The Android Open Source Project <initial-contribution@android.com>	auto import from //depot/cupcake/@135843 rg/apache/harmony/security/tests/support/CertificateStub.java rg/apache/harmony/security/tests/support/IdentityScopeStub.java rg/apache/harmony/security/tests/support/IdentityStub.java rg/apache/harmony/security/tests/support/KeyStoreTestSupport.java rg/apache/harmony/security/tests/support/MDGoldenData.java rg/apache/harmony/security/tests/support/MyAlgorithmParameterGeneratorSpi.java rg/apache/harmony/security/tests/support/MyBasicPermission.java rg/apache/harmony/security/tests/support/MyGuard.java rg/apache/harmony/security/tests/support/MyKeyPairGenerator1.java rg/apache/harmony/security/tests/support/MyKeyPairGenerator2.java rg/apache/harmony/security/tests/support/MyKeyPairGenerator3.java rg/apache/harmony/security/tests/support/MyKeyPairGeneratorSpi.java rg/apache/harmony/security/tests/support/MyKeyStore.java rg/apache/harmony/security/tests/support/MyKeyStoreSpi.java rg/apache/harmony/security/tests/support/MyLoadStoreParams.java rg/apache/harmony/security/tests/support/MyMessageDigest1.java rg/apache/harmony/security/tests/support/MyMessageDigest2.java rg/apache/harmony/security/tests/support/MyPermission.java rg/apache/harmony/security/tests/support/MyPermissionCollection.java rg/apache/harmony/security/tests/support/MyProvider.java rg/apache/harmony/security/tests/support/MySSLContextSpi.java rg/apache/harmony/security/tests/support/MySignature1.java rg/apache/harmony/security/tests/support/MySignature2.java rg/apache/harmony/security/tests/support/MyTrustManagerFactorySpi.java rg/apache/harmony/security/tests/support/PrivateKeyStub.java rg/apache/harmony/security/tests/support/PublicKeyStub.java rg/apache/harmony/security/tests/support/RandomImpl.java rg/apache/harmony/security/tests/support/SecurityChecker.java rg/apache/harmony/security/tests/support/SignerStub.java rg/apache/harmony/security/tests/support/SpiEngUtils.java rg/apache/harmony/security/tests/support/TestCertUtils.java rg/apache/harmony/security/tests/support/TestKeyPair.java rg/apache/harmony/security/tests/support/TestKeyStoreSpi.java rg/apache/harmony/security/tests/support/TestUtils.java rg/apache/harmony/security/tests/support/acl/AclEntryImpl.java rg/apache/harmony/security/tests/support/acl/AclEnumerator.java rg/apache/harmony/security/tests/support/acl/AclImpl.java rg/apache/harmony/security/tests/support/acl/GroupImpl.java rg/apache/harmony/security/tests/support/acl/OwnerImpl.java rg/apache/harmony/security/tests/support/acl/PermissionImpl.java rg/apache/harmony/security/tests/support/acl/PrincipalImpl.java rg/apache/harmony/security/tests/support/cert/MyCRL.java rg/apache/harmony/security/tests/support/cert/MyCertPath.java rg/apache/harmony/security/tests/support/cert/MyCertPathBuilderSpi.java rg/apache/harmony/security/tests/support/cert/MyCertPathValidatorSpi.java rg/apache/harmony/security/tests/support/cert/MyCertStoreParameters.java rg/apache/harmony/security/tests/support/cert/MyCertStoreSpi.java rg/apache/harmony/security/tests/support/cert/MyCertificate.java rg/apache/harmony/security/tests/support/cert/MyCertificateFactorySpi.java rg/apache/harmony/security/tests/support/cert/MyFailingCertPath.java rg/apache/harmony/security/tests/support/cert/MyFailingCertificate.java rg/apache/harmony/security/tests/support/cert/PolicyNodeImpl.java rg/apache/harmony/security/tests/support/cert/TestUtils.java rg/apache/harmony/security/tests/support/interfaces/DSAKeyPairGeneratorImpl.java rg/apache/harmony/security/tests/support/interfaces/RSAMultiPrimePrivateCrtKeyImpl.java rg/apache/harmony/security/tests/support/spec/MyEncodedKeySpec.java rg/apache/harmony/security/tests/support/tmpCallbackHandler.java rg/apache/harmony/testframework/serialization/SerializationTest.java rg/apache/harmony/xnet/tests/support/KeyManagerFactorySpiImpl.java rg/apache/harmony/xnet/tests/support/MyKeyManagerFactorySpi.java rg/apache/harmony/xnet/tests/support/MySSLContextSpi.java rg/apache/harmony/xnet/tests/support/MyTrustManagerFactorySpi.java rg/apache/harmony/xnet/tests/support/SSLContextSpiImpl.java rg/apache/harmony/xnet/tests/support/SSLSessionContextImpl.java rg/apache/harmony/xnet/tests/support/SSLSocketFactoryImpl.java rg/apache/harmony/xnet/tests/support/TrustManagerFactorySpiImpl.java rg/apache/harmony/xnet/tests/support/X509KeyManagerImpl.java rg/apache/harmony/xnet/tests/support/X509TrustManagerImpl.java rg/apache/harmony/xnet/tests/support/mySSLSession.java rg/apache/harmony/xnet/tests/support/mySSLSocket.java argets/AlgorithmParameterGenerators.java argets/AlgorithmParameters.java argets/CertPathBuilders.java argets/CertPathValidators.java argets/CertificateFactories.java argets/Charsets.java argets/Cipher.java argets/KeyAgreement.java argets/KeyFactories.java argets/KeyGenerator.java argets/KeyPairGenerators.java argets/KeyStores.java argets/Mac.java argets/MessageDigests.java argets/SecretKeyFactory.java argets/SecureRandoms.java argets/Signatures.java ests/resources/Broken_entry.jar ests/resources/Broken_entry_data.jar ests/resources/Broken_manifest.jar ests/resources/Created_by_1_4.jar ests/resources/GZIPInputStream/hyts_gInput.txt.gz ests/resources/Harmony.GIF ests/resources/Inserted_Entry_Manifest.jar ests/resources/Inserted_Entry_Manifest_with_DigestCode.jar ests/resources/Integrate.jar ests/resources/JarIndex/hyts_11.jar ests/resources/JarIndex/hyts_12.jar ests/resources/JarIndex/hyts_13.jar ests/resources/JarIndex/hyts_14.jar ests/resources/JarIndex/hyts_21.jar ests/resources/JarIndex/hyts_22-new.jar ests/resources/JarIndex/hyts_22.jar ests/resources/JarIndex/hyts_23.jar ests/resources/JarIndex/hyts_31.jar ests/resources/JarIndex/hyts_32.jar ests/resources/JarIndex/hyts_33.jar ests/resources/JarIndex/hyts_41.jar ests/resources/JarIndex/hyts_42.jar ests/resources/Modified_Class.jar ests/resources/Modified_Manifest_EntryAttributes.jar ests/resources/Modified_Manifest_MainAttributes.jar ests/resources/Modified_SF_EntryAttributes.jar ests/resources/Package/hyts_all_attributes.jar ests/resources/Package/hyts_all_attributes_dex.jar ests/resources/Package/hyts_c.jar ests/resources/Package/hyts_c_dex.jar ests/resources/Package/hyts_no_attributes.jar ests/resources/Package/hyts_no_attributes_dex.jar ests/resources/Package/hyts_no_entry.jar ests/resources/Package/hyts_no_entry_dex.jar ests/resources/Package/hyts_package.jar ests/resources/Package/hyts_package_dex.jar ests/resources/Package/hyts_pq.jar ests/resources/Package/hyts_pq_dex.jar ests/resources/Package/hyts_some_attributes.jar ests/resources/Package/hyts_some_attributes_dex.jar ests/resources/TestCodeSigners.jar ests/resources/cts_dalvikExecTest.jar ests/resources/cts_dalvikExecTest_classes.dex ests/resources/hyts_Bar.ser ests/resources/hyts_Foo.ser ests/resources/hyts_PropertiesTest.properties ests/resources/hyts_ZipFile.zip ests/resources/hyts_att.jar ests/resources/hyts_available.tst ests/resources/hyts_checkInput.txt ests/resources/hyts_compDiction.txt ests/resources/hyts_compressD.txt ests/resources/hyts_constru_O.txt ests/resources/hyts_constru_OD.txt ests/resources/hyts_constru_ODI.txt ests/resources/hyts_des-ede3-cbc.test1.ciphertext ests/resources/hyts_des-ede3-cbc.test1.iv ests/resources/hyts_des-ede3-cbc.test1.key ests/resources/hyts_des-ede3-cbc.test1.plaintext ests/resources/hyts_des-ede3-cbc.test2.ciphertext ests/resources/hyts_des-ede3-cbc.test2.iv ests/resources/hyts_des-ede3-cbc.test2.key ests/resources/hyts_des-ede3-cbc.test2.plaintext ests/resources/hyts_des-ede3-cbc.test3.ciphertext ests/resources/hyts_des-ede3-cbc.test3.iv ests/resources/hyts_des-ede3-cbc.test3.key ests/resources/hyts_des-ede3-cbc.test3.plaintext ests/resources/hyts_htmltest.html ests/resources/hyts_mainClass.ser ests/resources/hyts_manifest1.jar ests/resources/hyts_missingclass.ser ests/resources/hyts_patch.jar ests/resources/hyts_patch2.jar ests/resources/hyts_resource.properties ests/resources/hyts_security.jar ests/resources/hyts_signed.jar ests/resources/hyts_signed_inc.jar ests/resources/illegalClasses.jar ests/resources/junit4-4.3.1.jar ests/resources/manifest/hyts_MANIFEST.MF ests/resources/morestuff/hyts_patch.jar ests/resources/morestuff/hyts_patch2.jar ests/resources/net/InvalidJar.jar ests/resources/net/TestCodeSigners.jar ests/resources/net/lf.jar ests/resources/subfolder/tests/resources/hyts_resource.properties ests/resources/test.cert ests/support/Support_ASimpleInputStream.java ests/support/Support_ASimpleOutputStream.java ests/support/Support_ASimpleReader.java ests/support/Support_ASimpleWriter.java ests/support/Support_BitSet.java ests/support/Support_CollectionTest.java ests/support/Support_Configuration.java ests/support/Support_DecimalFormat.java ests/support/Support_DeleteOnExitTest.java ests/support/Support_Exec.java ests/support/Support_Field.java ests/support/Support_Format.java ests/support/Support_GetLocal.java ests/support/Support_GetPutFields.java ests/support/Support_GetPutFieldsDefaulted.java ests/support/Support_GetPutFieldsDeprecated.java ests/support/Support_GetResource.java ests/support/Support_IOTestSecurityManager.java ests/support/Support_ListTest.java ests/support/Support_MapTest2.java ests/support/Support_MessageFormat.java ests/support/Support_NetworkInterface.java ests/support/Support_OutputStream.java ests/support/Support_PlatformFile.java ests/support/Support_PortManager.java ests/support/Support_ProviderTrust.java ests/support/Support_Proxy_I1.java ests/support/Support_Proxy_I2.java ests/support/Support_Proxy_ParentException.java ests/support/Support_Proxy_SubException.java ests/support/Support_SetTest.java ests/support/Support_SimpleDateFormat.java ests/support/Support_StringReader.java ests/support/Support_StringWriter.java ests/support/Support_TestProvider.java ests/support/Support_TestResource.java ests/support/Support_TestResource_en.java ests/support/Support_TestResource_en_US.java ests/support/Support_TestResource_fr.java ests/support/Support_TestResource_fr_FR.java ests/support/Support_TestResource_fr_FR_VAR.java ests/support/Support_TimeZone.java ests/support/Support_UnmodifiableCollectionTest.java ests/support/Support_UnmodifiableMapTest.java ests/support/resource/Support_Resources.java ests/util/CallVerificationStack.java ests/util/FieldTestFileGenerator.java ests/util/SerializationTester.java
1c0fed63c71ddb230f3b304aac12caffbedf2f21	04-Mar-2009	The Android Open Source Project <initial-contribution@android.com>	auto import from //depot/cupcake/@135843 rg/apache/harmony/security/tests/support/CertificateStub.java rg/apache/harmony/security/tests/support/IdentityScopeStub.java rg/apache/harmony/security/tests/support/IdentityStub.java rg/apache/harmony/security/tests/support/KeyStoreTestSupport.java rg/apache/harmony/security/tests/support/MDGoldenData.java rg/apache/harmony/security/tests/support/MyAlgorithmParameterGeneratorSpi.java rg/apache/harmony/security/tests/support/MyBasicPermission.java rg/apache/harmony/security/tests/support/MyGuard.java rg/apache/harmony/security/tests/support/MyKeyPairGenerator1.java rg/apache/harmony/security/tests/support/MyKeyPairGenerator2.java rg/apache/harmony/security/tests/support/MyKeyPairGenerator3.java rg/apache/harmony/security/tests/support/MyKeyPairGeneratorSpi.java rg/apache/harmony/security/tests/support/MyKeyStore.java rg/apache/harmony/security/tests/support/MyKeyStoreSpi.java rg/apache/harmony/security/tests/support/MyLoadStoreParams.java rg/apache/harmony/security/tests/support/MyMessageDigest1.java rg/apache/harmony/security/tests/support/MyMessageDigest2.java rg/apache/harmony/security/tests/support/MyPermission.java rg/apache/harmony/security/tests/support/MyPermissionCollection.java rg/apache/harmony/security/tests/support/MyProvider.java rg/apache/harmony/security/tests/support/MySSLContextSpi.java rg/apache/harmony/security/tests/support/MySignature1.java rg/apache/harmony/security/tests/support/MySignature2.java rg/apache/harmony/security/tests/support/MyTrustManagerFactorySpi.java rg/apache/harmony/security/tests/support/PrivateKeyStub.java rg/apache/harmony/security/tests/support/PublicKeyStub.java rg/apache/harmony/security/tests/support/RandomImpl.java rg/apache/harmony/security/tests/support/SecurityChecker.java rg/apache/harmony/security/tests/support/SignerStub.java rg/apache/harmony/security/tests/support/SpiEngUtils.java rg/apache/harmony/security/tests/support/TestCertUtils.java rg/apache/harmony/security/tests/support/TestKeyPair.java rg/apache/harmony/security/tests/support/TestKeyStoreSpi.java rg/apache/harmony/security/tests/support/TestUtils.java rg/apache/harmony/security/tests/support/acl/AclEntryImpl.java rg/apache/harmony/security/tests/support/acl/AclEnumerator.java rg/apache/harmony/security/tests/support/acl/AclImpl.java rg/apache/harmony/security/tests/support/acl/GroupImpl.java rg/apache/harmony/security/tests/support/acl/OwnerImpl.java rg/apache/harmony/security/tests/support/acl/PermissionImpl.java rg/apache/harmony/security/tests/support/acl/PrincipalImpl.java rg/apache/harmony/security/tests/support/cert/MyCRL.java rg/apache/harmony/security/tests/support/cert/MyCertPath.java rg/apache/harmony/security/tests/support/cert/MyCertPathBuilderSpi.java rg/apache/harmony/security/tests/support/cert/MyCertPathValidatorSpi.java rg/apache/harmony/security/tests/support/cert/MyCertStoreParameters.java rg/apache/harmony/security/tests/support/cert/MyCertStoreSpi.java rg/apache/harmony/security/tests/support/cert/MyCertificate.java rg/apache/harmony/security/tests/support/cert/MyCertificateFactorySpi.java rg/apache/harmony/security/tests/support/cert/MyFailingCertPath.java rg/apache/harmony/security/tests/support/cert/MyFailingCertificate.java rg/apache/harmony/security/tests/support/cert/PolicyNodeImpl.java rg/apache/harmony/security/tests/support/cert/TestUtils.java rg/apache/harmony/security/tests/support/interfaces/DSAKeyPairGeneratorImpl.java rg/apache/harmony/security/tests/support/interfaces/RSAMultiPrimePrivateCrtKeyImpl.java rg/apache/harmony/security/tests/support/spec/MyEncodedKeySpec.java rg/apache/harmony/security/tests/support/tmpCallbackHandler.java rg/apache/harmony/testframework/serialization/SerializationTest.java rg/apache/harmony/xnet/tests/support/KeyManagerFactorySpiImpl.java rg/apache/harmony/xnet/tests/support/MyKeyManagerFactorySpi.java rg/apache/harmony/xnet/tests/support/MySSLContextSpi.java rg/apache/harmony/xnet/tests/support/MyTrustManagerFactorySpi.java rg/apache/harmony/xnet/tests/support/SSLContextSpiImpl.java rg/apache/harmony/xnet/tests/support/SSLSessionContextImpl.java rg/apache/harmony/xnet/tests/support/SSLSocketFactoryImpl.java rg/apache/harmony/xnet/tests/support/TrustManagerFactorySpiImpl.java rg/apache/harmony/xnet/tests/support/X509KeyManagerImpl.java rg/apache/harmony/xnet/tests/support/X509TrustManagerImpl.java rg/apache/harmony/xnet/tests/support/mySSLSession.java rg/apache/harmony/xnet/tests/support/mySSLSocket.java argets/AlgorithmParameterGenerators.java argets/AlgorithmParameters.java argets/CertPathBuilders.java argets/CertPathValidators.java argets/CertificateFactories.java argets/Charsets.java argets/Cipher.java argets/KeyAgreement.java argets/KeyFactories.java argets/KeyGenerator.java argets/KeyPairGenerators.java argets/KeyStores.java argets/Mac.java argets/MessageDigests.java argets/SecretKeyFactory.java argets/SecureRandoms.java argets/Signatures.java ests/resources/Broken_entry.jar ests/resources/Broken_entry_data.jar ests/resources/Broken_manifest.jar ests/resources/Created_by_1_4.jar ests/resources/GZIPInputStream/hyts_gInput.txt.gz ests/resources/Harmony.GIF ests/resources/Inserted_Entry_Manifest.jar ests/resources/Inserted_Entry_Manifest_with_DigestCode.jar ests/resources/Integrate.jar ests/resources/JarIndex/hyts_11.jar ests/resources/JarIndex/hyts_12.jar ests/resources/JarIndex/hyts_13.jar ests/resources/JarIndex/hyts_14.jar ests/resources/JarIndex/hyts_21.jar ests/resources/JarIndex/hyts_22-new.jar ests/resources/JarIndex/hyts_22.jar ests/resources/JarIndex/hyts_23.jar ests/resources/JarIndex/hyts_31.jar ests/resources/JarIndex/hyts_32.jar ests/resources/JarIndex/hyts_33.jar ests/resources/JarIndex/hyts_41.jar ests/resources/JarIndex/hyts_42.jar ests/resources/Modified_Class.jar ests/resources/Modified_Manifest_EntryAttributes.jar ests/resources/Modified_Manifest_MainAttributes.jar ests/resources/Modified_SF_EntryAttributes.jar ests/resources/Package/hyts_all_attributes.jar ests/resources/Package/hyts_all_attributes_dex.jar ests/resources/Package/hyts_c.jar ests/resources/Package/hyts_c_dex.jar ests/resources/Package/hyts_no_attributes.jar ests/resources/Package/hyts_no_attributes_dex.jar ests/resources/Package/hyts_no_entry.jar ests/resources/Package/hyts_no_entry_dex.jar ests/resources/Package/hyts_package.jar ests/resources/Package/hyts_package_dex.jar ests/resources/Package/hyts_pq.jar ests/resources/Package/hyts_pq_dex.jar ests/resources/Package/hyts_some_attributes.jar ests/resources/Package/hyts_some_attributes_dex.jar ests/resources/TestCodeSigners.jar ests/resources/cts_dalvikExecTest.jar ests/resources/cts_dalvikExecTest_classes.dex ests/resources/hyts_Bar.ser ests/resources/hyts_Foo.ser ests/resources/hyts_PropertiesTest.properties ests/resources/hyts_ZipFile.zip ests/resources/hyts_att.jar ests/resources/hyts_available.tst ests/resources/hyts_checkInput.txt ests/resources/hyts_compDiction.txt ests/resources/hyts_compressD.txt ests/resources/hyts_constru_O.txt ests/resources/hyts_constru_OD.txt ests/resources/hyts_constru_ODI.txt ests/resources/hyts_des-ede3-cbc.test1.ciphertext ests/resources/hyts_des-ede3-cbc.test1.iv ests/resources/hyts_des-ede3-cbc.test1.key ests/resources/hyts_des-ede3-cbc.test1.plaintext ests/resources/hyts_des-ede3-cbc.test2.ciphertext ests/resources/hyts_des-ede3-cbc.test2.iv ests/resources/hyts_des-ede3-cbc.test2.key ests/resources/hyts_des-ede3-cbc.test2.plaintext ests/resources/hyts_des-ede3-cbc.test3.ciphertext ests/resources/hyts_des-ede3-cbc.test3.iv ests/resources/hyts_des-ede3-cbc.test3.key ests/resources/hyts_des-ede3-cbc.test3.plaintext ests/resources/hyts_htmltest.html ests/resources/hyts_mainClass.ser ests/resources/hyts_manifest1.jar ests/resources/hyts_missingclass.ser ests/resources/hyts_patch.jar ests/resources/hyts_patch2.jar ests/resources/hyts_resource.properties ests/resources/hyts_security.jar ests/resources/hyts_signed.jar ests/resources/hyts_signed_inc.jar ests/resources/illegalClasses.jar ests/resources/junit4-4.3.1.jar ests/resources/manifest/hyts_MANIFEST.MF ests/resources/morestuff/hyts_patch.jar ests/resources/morestuff/hyts_patch2.jar ests/resources/net/InvalidJar.jar ests/resources/net/TestCodeSigners.jar ests/resources/net/lf.jar ests/resources/subfolder/tests/resources/hyts_resource.properties ests/resources/test.cert ests/support/Support_ASimpleInputStream.java ests/support/Support_ASimpleOutputStream.java ests/support/Support_ASimpleReader.java ests/support/Support_ASimpleWriter.java ests/support/Support_BitSet.java ests/support/Support_CollectionTest.java ests/support/Support_Configuration.java ests/support/Support_DecimalFormat.java ests/support/Support_DeleteOnExitTest.java ests/support/Support_Exec.java ests/support/Support_Field.java ests/support/Support_Format.java ests/support/Support_GetLocal.java ests/support/Support_GetPutFields.java ests/support/Support_GetPutFieldsDefaulted.java ests/support/Support_GetPutFieldsDeprecated.java ests/support/Support_GetResource.java ests/support/Support_IOTestSecurityManager.java ests/support/Support_ListTest.java ests/support/Support_MapTest2.java ests/support/Support_MessageFormat.java ests/support/Support_NetworkInterface.java ests/support/Support_OutputStream.java ests/support/Support_PlatformFile.java ests/support/Support_PortManager.java ests/support/Support_ProviderTrust.java ests/support/Support_Proxy_I1.java ests/support/Support_Proxy_I2.java ests/support/Support_Proxy_ParentException.java ests/support/Support_Proxy_SubException.java ests/support/Support_SetTest.java ests/support/Support_SimpleDateFormat.java ests/support/Support_StringReader.java ests/support/Support_StringWriter.java ests/support/Support_TestProvider.java ests/support/Support_TestResource.java ests/support/Support_TestResource_en.java ests/support/Support_TestResource_en_US.java ests/support/Support_TestResource_fr.java ests/support/Support_TestResource_fr_FR.java ests/support/Support_TestResource_fr_FR_VAR.java ests/support/Support_TimeZone.java ests/support/Support_UnmodifiableCollectionTest.java ests/support/Support_UnmodifiableMapTest.java ests/support/resource/Support_Resources.java ests/util/CallVerificationStack.java ests/util/FieldTestFileGenerator.java ests/util/SerializationTester.java
b7926325a1c1a370c84c81db80372f59af240a53	11-Feb-2009	The Android Open Source Project <initial-contribution@android.com>	auto import from //branches/cupcake/...@130745 rg/apache/harmony/security/tests/support/MySignature1.java argets/KeyAgreement.java argets/Mac.java argets/SecretKeyFactory.java ests/resources/Package/hyts_all_attributes_dex.jar ests/resources/Package/hyts_c_dex.jar ests/resources/Package/hyts_no_attributes_dex.jar ests/resources/Package/hyts_no_entry_dex.jar ests/resources/Package/hyts_package_dex.jar ests/resources/Package/hyts_pq_dex.jar ests/resources/Package/hyts_some_attributes_dex.jar ests/resources/cts_dalvikExecTest.jar ests/resources/cts_dalvikExecTest_classes.dex ests/resources/hyts_signed_inc.jar ests/support/Support_Exec.java ests/support/resource/Support_Resources.java
a0881d052ee72e3f7e773374e9b1aa75fbd6be4c	10-Jan-2009	The Android Open Source Project <initial-contribution@android.com>	auto import from //branches/cupcake/...@125939 rg/apache/harmony/security/tests/support/MyKeyStoreSpi.java rg/apache/harmony/security/tests/support/MyProvider.java rg/apache/harmony/security/tests/support/MySSLContextSpi.java rg/apache/harmony/security/tests/support/Support_Configuration.java rg/apache/harmony/security/tests/support/TestKeyStoreSpi.java rg/apache/harmony/security/tests/support/acl/AclEntryImpl.java rg/apache/harmony/security/tests/support/acl/AclEnumerator.java rg/apache/harmony/security/tests/support/acl/AclImpl.java rg/apache/harmony/security/tests/support/acl/GroupImpl.java rg/apache/harmony/security/tests/support/acl/OwnerImpl.java rg/apache/harmony/security/tests/support/acl/PermissionImpl.java rg/apache/harmony/security/tests/support/acl/PrincipalImpl.java rg/apache/harmony/security/tests/support/cert/MyCertPath.java rg/apache/harmony/security/tests/support/cert/MyCertificate.java rg/apache/harmony/security/tests/support/cert/MyCertificateFactorySpi.java rg/apache/harmony/security/tests/support/cert/MyFailingCertPath.java rg/apache/harmony/security/tests/support/cert/MyFailingCertificate.java rg/apache/harmony/security/tests/support/cert/PolicyNodeImpl.java rg/apache/harmony/security/tests/support/cert/TestUtils.java rg/apache/harmony/security/tests/support/interfaces/DSAKeyPairGeneratorImpl.java rg/apache/harmony/security/tests/support/interfaces/RSAMultiPrimePrivateCrtKeyImpl.java rg/apache/harmony/security/tests/support/resource/Support_Resources.java rg/apache/harmony/testframework/serialization/SerializationTest.java rg/apache/harmony/xnet/tests/support/KeyManagerFactorySpiImpl.java rg/apache/harmony/xnet/tests/support/MySSLContextSpi.java rg/apache/harmony/xnet/tests/support/SSLContextSpiImpl.java rg/apache/harmony/xnet/tests/support/SSLSessionContextImpl.java rg/apache/harmony/xnet/tests/support/SSLSocketFactoryImpl.java rg/apache/harmony/xnet/tests/support/TrustManagerFactorySpiImpl.java rg/apache/harmony/xnet/tests/support/X509KeyManagerImpl.java rg/apache/harmony/xnet/tests/support/X509TrustManagerImpl.java rg/apache/harmony/xnet/tests/support/mySSLSession.java rg/apache/harmony/xnet/tests/support/mySSLSocket.java argets/AlgorithmParameterGenerators.java argets/AlgorithmParameters.java argets/CertPathBuilders.java argets/CertPathValidators.java argets/CertificateFactories.java argets/Charsets.java argets/Cipher.java argets/KeyFactories.java argets/KeyGenerator.java argets/KeyPairGenerators.java argets/KeyStores.java argets/MessageDigests.java argets/SecureRandoms.java argets/Signatures.java ests/resources/Broken_entry.jar ests/resources/Broken_entry_data.jar ests/resources/Broken_manifest.jar ests/resources/Package/hyts_package.jar ests/resources/hyts_des-ede3-cbc.test1.ciphertext ests/resources/hyts_des-ede3-cbc.test1.iv ests/resources/hyts_des-ede3-cbc.test1.key ests/resources/hyts_des-ede3-cbc.test1.plaintext ests/resources/hyts_des-ede3-cbc.test2.ciphertext ests/resources/hyts_des-ede3-cbc.test2.iv ests/resources/hyts_des-ede3-cbc.test2.key ests/resources/hyts_des-ede3-cbc.test2.plaintext ests/resources/hyts_des-ede3-cbc.test3.ciphertext ests/resources/hyts_des-ede3-cbc.test3.iv ests/resources/hyts_des-ede3-cbc.test3.key ests/resources/hyts_des-ede3-cbc.test3.plaintext ests/resources/illegalClasses.jar ests/resources/junit4-4.3.1.jar ests/resources/net/InvalidJar.jar ests/resources/net/TestCodeSigners.jar ests/resources/net/lf.jar ests/resources/test.cert ests/support/Support_ASimpleInputStream.java ests/support/Support_ASimpleOutputStream.java ests/support/Support_ASimpleReader.java ests/support/Support_ASimpleWriter.java ests/support/Support_Configuration.java ests/support/Support_DecimalFormat.java ests/support/Support_DeleteOnExitTest.java ests/support/Support_Exec.java ests/support/Support_GetPutFields.java ests/support/Support_GetPutFieldsDefaulted.java ests/support/Support_GetPutFieldsDeprecated.java ests/support/Support_IOTestSecurityManager.java ests/support/Support_OutputStream.java ests/support/Support_TestResource.java ests/util/FieldTestFileGenerator.java
dd828f42a5c83b4270d4fbf6fce2da1878f1e84a	18-Dec-2008	The Android Open Source Project <initial-contribution@android.com>	Code drop from //branches/cupcake/...@124589 rg/apache/harmony/security/tests/support/MySSLContextSpi.java rg/apache/harmony/security/tests/support/MyTrustManagerFactorySpi.java rg/apache/harmony/security/tests/support/Support_Configuration.java rg/apache/harmony/security/tests/support/cert/MyCertPath.java rg/apache/harmony/security/tests/support/cert/MyCertStoreSpi.java rg/apache/harmony/security/tests/support/cert/MyCertificate.java rg/apache/harmony/security/tests/support/cert/MyCertificateFactorySpi.java rg/apache/harmony/security/tests/support/resource/Support_Resources.java rg/apache/harmony/testframework/serialization/SerializationTest.java ests/support/Support_CollectionTest.java ests/support/Support_GetResource.java ests/support/Support_ListTest.java ests/support/Support_SetTest.java ests/support/Support_UnmodifiableCollectionTest.java ests/support/Support_UnmodifiableMapTest.java
fdb2704414a9ed92394ada0d1395e4db86889465	21-Oct-2008	The Android Open Source Project <initial-contribution@android.com>	Initial Contribution rg/apache/harmony/security/tests/support/CertificateStub.java rg/apache/harmony/security/tests/support/IdentityScopeStub.java rg/apache/harmony/security/tests/support/IdentityStub.java rg/apache/harmony/security/tests/support/KeyStoreTestSupport.java rg/apache/harmony/security/tests/support/MDGoldenData.java rg/apache/harmony/security/tests/support/MyAlgorithmParameterGeneratorSpi.java rg/apache/harmony/security/tests/support/MyBasicPermission.java rg/apache/harmony/security/tests/support/MyGuard.java rg/apache/harmony/security/tests/support/MyKeyPairGenerator1.java rg/apache/harmony/security/tests/support/MyKeyPairGenerator2.java rg/apache/harmony/security/tests/support/MyKeyPairGenerator3.java rg/apache/harmony/security/tests/support/MyKeyPairGeneratorSpi.java rg/apache/harmony/security/tests/support/MyKeyStore.java rg/apache/harmony/security/tests/support/MyKeyStoreSpi.java rg/apache/harmony/security/tests/support/MyLoadStoreParams.java rg/apache/harmony/security/tests/support/MyMessageDigest1.java rg/apache/harmony/security/tests/support/MyMessageDigest2.java rg/apache/harmony/security/tests/support/MyPermission.java rg/apache/harmony/security/tests/support/MyPermissionCollection.java rg/apache/harmony/security/tests/support/MySignature1.java rg/apache/harmony/security/tests/support/MySignature2.java rg/apache/harmony/security/tests/support/PrivateKeyStub.java rg/apache/harmony/security/tests/support/PublicKeyStub.java rg/apache/harmony/security/tests/support/RandomImpl.java rg/apache/harmony/security/tests/support/SecurityChecker.java rg/apache/harmony/security/tests/support/SignerStub.java rg/apache/harmony/security/tests/support/SpiEngUtils.java rg/apache/harmony/security/tests/support/TestCertUtils.java rg/apache/harmony/security/tests/support/TestKeyPair.java rg/apache/harmony/security/tests/support/TestUtils.java rg/apache/harmony/security/tests/support/cert/MyCRL.java rg/apache/harmony/security/tests/support/cert/MyCertPath.java rg/apache/harmony/security/tests/support/cert/MyCertPathBuilderSpi.java rg/apache/harmony/security/tests/support/cert/MyCertPathValidatorSpi.java rg/apache/harmony/security/tests/support/cert/MyCertStoreParameters.java rg/apache/harmony/security/tests/support/cert/MyCertStoreSpi.java rg/apache/harmony/security/tests/support/cert/MyCertificate.java rg/apache/harmony/security/tests/support/cert/MyCertificateFactorySpi.java rg/apache/harmony/security/tests/support/cert/TestUtils.java rg/apache/harmony/security/tests/support/spec/MyEncodedKeySpec.java rg/apache/harmony/security/tests/support/tmpCallbackHandler.java rg/apache/harmony/testframework/serialization/SerializationTest.java rg/apache/harmony/xnet/tests/support/MyKeyManagerFactorySpi.java rg/apache/harmony/xnet/tests/support/MySSLContextSpi.java rg/apache/harmony/xnet/tests/support/MyTrustManagerFactorySpi.java ests/resources/Created_by_1_4.jar ests/resources/GZIPInputStream/hyts_gInput.txt.gz ests/resources/Harmony.GIF ests/resources/Inserted_Entry_Manifest.jar ests/resources/Inserted_Entry_Manifest_with_DigestCode.jar ests/resources/Integrate.jar ests/resources/JarIndex/hyts_11.jar ests/resources/JarIndex/hyts_12.jar ests/resources/JarIndex/hyts_13.jar ests/resources/JarIndex/hyts_14.jar ests/resources/JarIndex/hyts_21.jar ests/resources/JarIndex/hyts_22-new.jar ests/resources/JarIndex/hyts_22.jar ests/resources/JarIndex/hyts_23.jar ests/resources/JarIndex/hyts_31.jar ests/resources/JarIndex/hyts_32.jar ests/resources/JarIndex/hyts_33.jar ests/resources/JarIndex/hyts_41.jar ests/resources/JarIndex/hyts_42.jar ests/resources/Modified_Class.jar ests/resources/Modified_Manifest_EntryAttributes.jar ests/resources/Modified_Manifest_MainAttributes.jar ests/resources/Modified_SF_EntryAttributes.jar ests/resources/Package/hyts_all_attributes.jar ests/resources/Package/hyts_c.jar ests/resources/Package/hyts_no_attributes.jar ests/resources/Package/hyts_no_entry.jar ests/resources/Package/hyts_pq.jar ests/resources/Package/hyts_some_attributes.jar ests/resources/TestCodeSigners.jar ests/resources/hyts_Bar.ser ests/resources/hyts_Foo.ser ests/resources/hyts_PropertiesTest.properties ests/resources/hyts_ZipFile.zip ests/resources/hyts_att.jar ests/resources/hyts_available.tst ests/resources/hyts_checkInput.txt ests/resources/hyts_compDiction.txt ests/resources/hyts_compressD.txt ests/resources/hyts_constru_O.txt ests/resources/hyts_constru_OD.txt ests/resources/hyts_constru_ODI.txt ests/resources/hyts_htmltest.html ests/resources/hyts_mainClass.ser ests/resources/hyts_manifest1.jar ests/resources/hyts_missingclass.ser ests/resources/hyts_patch.jar ests/resources/hyts_patch2.jar ests/resources/hyts_resource.properties ests/resources/hyts_security.jar ests/resources/hyts_signed.jar ests/resources/manifest/hyts_MANIFEST.MF ests/resources/morestuff/hyts_patch.jar ests/resources/morestuff/hyts_patch2.jar ests/resources/subfolder/tests/resources/hyts_resource.properties ests/support/Support_BitSet.java ests/support/Support_CollectionTest.java ests/support/Support_Configuration.java ests/support/Support_DecimalFormat.java ests/support/Support_Exec.java ests/support/Support_Field.java ests/support/Support_Format.java ests/support/Support_GetLocal.java ests/support/Support_ListTest.java ests/support/Support_MapTest2.java ests/support/Support_MessageFormat.java ests/support/Support_NetworkInterface.java ests/support/Support_PlatformFile.java ests/support/Support_PortManager.java ests/support/Support_ProviderTrust.java ests/support/Support_Proxy_I1.java ests/support/Support_Proxy_I2.java ests/support/Support_Proxy_ParentException.java ests/support/Support_Proxy_SubException.java ests/support/Support_SetTest.java ests/support/Support_SimpleDateFormat.java ests/support/Support_StringReader.java ests/support/Support_StringWriter.java ests/support/Support_TestProvider.java ests/support/Support_TestResource.java ests/support/Support_TestResource_en.java ests/support/Support_TestResource_en_US.java ests/support/Support_TestResource_fr.java ests/support/Support_TestResource_fr_FR.java ests/support/Support_TestResource_fr_FR_VAR.java ests/support/Support_TimeZone.java ests/support/Support_UnmodifiableCollectionTest.java ests/support/Support_UnmodifiableMapTest.java ests/support/resource/Support_Resources.java ests/util/CallVerificationStack.java ests/util/SerializationTester.java