GitLab

(The ArrayIndexOutOfBoundsException for System.arraycopy already talks
about 'dst' and 'dstPos'.)

Change-Id: Iba9415dd4a9ec3b457938ea4469b4a0024bab6e4

Summary:

Goal here was to just make most tests faster by only having
TestKeyStore create RSA keys by default. However, when I did that
SSLEngineTest#test_SSLEngine_clientAuth started working, so I ended up
investigating a much deeper issue with DSA client authentication
against an RSA SSLEngine server.

Details:

   Changed the TestKeyStore.get singleton to only contain RSA
   keys. TestKeyStore.create now requires the caller enumerate what
   keys they want if they need more than that or an alternative.

	support/src/test/java/javax/net/ssl/TestKeyStore.java

   Changed test_SSLSocket_getSupportedCipherSuites_connect to
   explicitly request RSA and DSA keys since it needs both to try
   connecting all possible cipher suites.

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

Fixing SSLEngine client authentication when server uses RSA but client uses DSA

   Fixed java.net.ssl.SSLEngineTest#test_SSLEngine_clientAuth

	expectations/knownfailures.txt

   Added CiperSuite.authType field which contains the algorithm name
   such as RSA, DSA, DH, that the client will use to authenticate the
   server. Like the cipherName, hmacName, and hashName, this is
   logically derivable from the the CiperSuite.KEY_EXCHANGE_*, but we
   remember it to avoid repeatedly doing large cascading "if" tests to
   determine which key algorithm should be used for each
   case.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

   Fixed a number of client certificate authentication bugs in SSLEngine
   - Changed ClientHandshakeImpl's in the SSL/Tls Certificate message
     code to mirror ServerHandshakeImpl's implementation to properly
     use chooseEngineClientAlias in the SSLEngine case.
   - Changed to use the client certifcates key algorithm for computing
     the signature for the SSL/TLS CertificateVerify
     message. Previously we used the cipher suites negoitated key
     exchange method, but if the client may select a certificate with
     a different algorithm if the server provides a CA for another
     algorithm.
   - Also changed to use CipherSuite.isAnonymous in two places rather
     than the inlined equivalent.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java

   Fixed client authentication to use the client's certificate (not
   the server's) to do verify the CertificateVerify message signature.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java

   Fixed bug in DigitalSignature which did not Signature.update in
   verifySignature, so it could never have properly authenticated DSA
   signatures.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java

   Added CertificateMessage getAuthType convenience

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateMessage.java

   Made CertificateRequest certificate_authorities final, found we were double allocating it

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java

   Cleaning up imports of HandshakeProtocol while working on its subclasses.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java

   Cleaned up while looking at X509KeyManager implementations while debugging.

	support/src/test/java/org/apache/harmony/xnet/tests/support/X509KeyManagerImpl.java

Change-Id: I74b98754c11000cbfea416f1571c380c9c67abf3

The following new benchmarks where tested with the below changes:
- DigestBenchmark
- MessageDigestBenchmark
- SSLSocketBenchmark
- SignatureBenchmark

Fix package name of OpenSSLProvider

	luni/src/main/java/java/security/security.properties

Restore Java (vs OpenSSL) SSLSocket wrappers on SSLEngine for benchmarking

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketFactoryImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketFactoryImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketInputStream.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketOutputStream.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketWrapper.java

Restore HandshakeProtocol.socketOwner code for SSLSocket to function

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java

Remove unneeded OpenSSLMessageDigestJDK.getInstance since these are
registered via OpenSSLProvider and SHA224 which is not part of the RI.
We had already removed the BouncyCastle version of this.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLMessageDigestJDK.java
	luni/src/test/java/tests/targets/security/AllTests.java
	luni/src/test/java/tests/targets/security/MessageDigestTestSHA224.java
	luni/src/test/java/tests/targets/security/SignatureTestSHA224withRSA.java

Change-Id: I7daae7f0d9f50acad6df9157eac1b0133af83062

external/bouncycastle
- Change to be the primary build for bouncycastle sources (as opposed to part of libcore)
- Moved OpenSSLMessageDigest from libcore to OpenSSLDigest
  It uses NativeCrypto API from core, but implements a bouncycastle specific interface
- restored registration of bouncycastle MessageDigests for SHA-1, SHA-256, MD5
  OpenSSLProvider versions take precedence, but explicit provider of "BC" allows choice
- enabled native versions of SHA-384 and SHA-512
- pruned MD4 implementation

frameworks/base
- frameworks and CoreTests modules now depend on bouncycastle
- update preloades classes for NativeBN package change
- moved CryptoTest to libcore

libcore
- core now builds without bouncycastle sources
- core-tests, core-tests-support, core-tests-supportlib now depend on bouncycastle
- removed libcore/openssl directory, moving NativeBN to java/math
- minor cleanup of Provider, Security, Services style while working on ProviderTest
- added new OpenSSLProvider registered as first provider to have
  priority over the others to ensure our native implementations are used
- moved BouncyCastle to have priority as a provider over Harmony
- JarVerifier and JarUtils now implicitly use OpenSSLMessageDigest
- Cleanedup OpenSSLSignature, implementation needs to be finished to move to OpenSSLProvider
- To avoid using PEMWriter from BouncyCastle, NativeCrypto now takes binary encoded certs and keys
  This is more efficient as well avoiding the base64 decode/encode of the binary data
- removed SHA-224 to match the RI

packages/apps/CertInstaller
- CertificateInstaller module now depends on bouncycastle
  this is the only app to depend on bouncycastle

system/core
- updated BOOTCLASSPATH

Change-Id: I6205366b12baec4331b4a76e2c85d8324bf64b2c

Change-Id: I65292321560c9f4551dc79fc7c6795f093638bbf

Moving TimeZoneTest to OldTimeZoneTest and removing test methods
that are duplicated between libcore and Harmony.

Also adding Objects.equals() to make implementing this easy,
and removing redundant time zone tests. I did a few searches
to find candidate code that could take advantage of this new
utility method and adopted it there.

Change-Id: I133298f1b36d755bd35c1ad0dc0ab366fd164270

As explained in the bug, I don't think we can/should fix this potential
native crash, but we can and should improve the documentation to explain
how you're _supposed_ to use MessageDigest.

Bug: http://code.google.com/p/android/issues/detail?id=8709
Change-Id: I1cbab5995e5673d5386e21270ac52b6f90b9f421

Change-Id: I6905802cfe7cda73bb6f52fe0cc79767b4645e82

Highlights:
  code was moved from SSLContextImpl to its superclass.
  took X500Principal code from Harmony

Tested with Harmony's tests.api.javax.security.auth.x500.X500PrincipalTest.

Change-Id: I89b46d4b47e692a5461916cca972e05de95f3280

Conflicts:
	JavaLibrary.mk
	luni/src/main/java/java/lang/System.java
	luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpURLConnectionImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
	luni/src/test/java/java/net/URLConnectionTest.java
	support/src/test/java/tests/TestSuiteFactory.java
	x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Change-Id: I1038f749c8c9bd640aae7ca96627810936454883

Change-Id: I470c929f67ecaffa91d5a67c87f1ed5358cfd84c

Summary:
- RI 6 support for javax.net.ssl
- SSLEngine fixes based on new SSLEngineTest
- fix Cipher.checkMode bug recently introduced in dalvik-dev

Details:

Fix Cipher.checkMode that was preventing most javax.net.ssl tests from working

	luni/src/main/java/javax/crypto/Cipher.java

RI 6 has introduced the concept of a "Default" SSLContext. This is
accessed via SSLContext.getDefault() and also
SSLContext.getInstance("Default"). Harmony had its own
DefaultSSLContext but it was not created via an SSLContextSpi. It also
was a single shared instance whereas the new RI6 Default SSLContext
shares internal SSLSessionContext instances between different Default
SSLContexts.

    Refactored the old code into an SSLContextImpl subclass that
    allows it to be created via SSLContext.getInstance. SSLContextImpl
    ensures that we only ever create one set of SSLSessionContext
    instances for the Default context.

	luni/src/main/java/javax/net/ssl/DefaultSSLContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java

    Added SSLContext.getDefault and SSLContext.setDefault

	luni/src/main/java/javax/net/ssl/SSLContext.java

    Replace dependencies of old DefaultSSLContext with use of SSLContext.getDefault

	luni/src/main/java/javax/net/ssl/SSLServerSocketFactory.java
	luni/src/main/java/javax/net/ssl/SSLSocketFactory.java

    Register "SSLContext.Default" as DefaultSSLContextImpl class for SSLContext.getInstance()

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java

    Added constant for new "Default" standard name and added it to
    SSL_CONTEXT_PROTOCOLS. New tests based on SSL_CONTEXT_PROTOCOLS
    made it clear that neither Android or RI support SSLv2 so removed
    it from SSL_CONTEXT_PROTOCOLS and SSL_SOCKET_PROTOCOLS. Added
    constant for TLS as well which was previously scattered all over
    tests. Remove SSLv2Hello from SSL_SOCKET_PROTOCOLS for Android
    since with OpenSSL disablign SSLv2 means you can not use
    SSLv2Hello either.

	support/src/test/java/javax/net/ssl/StandardNames.java

    Added tests for SSLContext.getDefault and
    SSLContext.setDefault. Changed existing tests to work on all
    protocols including new "Default".

	luni/src/test/java/javax/net/ssl/SSLContextTest.java

RI 6 has introduced the notion of SSLParameters which encapsulate SSL
the handshake parameters of desired cipher suites, protocols, and
client authentication requirements.

    The main new class SSLParameters is basically just a bag of fields
    with accessors and a couple simple constructors. The only things
    of note are that it clones all String arrays on input and output
    and the setters for the two boolean fields ensure that only one is
    true at a time.

	luni/src/main/java/javax/net/ssl/SSLParameters.java

    Added SSLContext.getDefaultSSLParameters and
    SSLContext.getSupportedSSLParameters which simply delegate to the
    SSLContextSpi.

	luni/src/main/java/javax/net/ssl/SSLContext.java

    Added abstract SSLContextSpi.engineGetDefaultSSLParameters and
    SSLContext.engineGetSupportedSSLParameters.

	luni/src/main/java/javax/net/ssl/SSLContextSpi.java

    Added engineGetDefaultSSLParameters and
    engineGetSupportedSSLParameters implementation. The RI documents
    in SSLContextSpi that these are implemented by default by creating
    a socket via the SSLContext's SocketFactory and asking for the
    enabled/supported cipher suites and protocols respectively, so
    that is what is done. The doc mentions throwing
    UnsupportedOperationException if there is a problem, so we do that
    as well.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java

    Added {SSLEngine,SSLSocket}.{getSSLParameters,setSSLParameters}
    which are analogous.

	luni/src/main/java/javax/net/ssl/SSLEngine.java
	luni/src/main/java/javax/net/ssl/SSLSocket.java

   Added SSLParametersTest

	luni/src/test/java/javax/net/ssl/SSLParametersTest.java
	luni/src/test/java/javax/net/ssl/AllTests.java

   Added SSLContext.get{Default,Supported}SSLParameters tests

	luni/src/test/java/javax/net/ssl/SSLContextTest.java

   Added SSLSocket.{getSSLParameters,setSSLParameters} tests and added
   some extra asserts to test_SSLSocketPair_create based on experience
   with test_SSLEnginePair_create.

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

   Dummy implementation of new SSLContextSpi for test classes.

	support/src/test/java/org/apache/harmony/security/tests/support/MySSLContextSpi.java
	support/src/test/java/org/apache/harmony/xnet/tests/support/MySSLContextSpi.java

Other minor RI 6 API changes:

    RI 6 removed Serializable from HandshakeCompletedEvent and SSLSessionBindingEvent

	luni/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java
	luni/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java

    RI 6 added generic types to the KeyStoreBuilderParameters List
    constructor and accessor as well as to
    SSLSessionContext.getIds. Fixed tests to compile with generic types.

	luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java
	luni/src/main/java/javax/net/ssl/SSLSessionContext.java
	luni/src/test/java/tests/api/javax/net/ssl/KeyStoreBuilderParametersTest.java

SSLEngine improvements. Since I was changing SSLEngine, I wrote an
SSLEngineTest based on my SSLSocketTest to do some simply sanity
checking. It expose a number of issues. I've fixed the small ones,
marked the rest as known failures.

   Renamed some TLS_ cipher suites to SSL_ to match JSSE standard
   names. These were all old suites no longer supported by RI or
   OpenSSL which is why they were missed in an earlier cleanup of this
   type in this class. Also fixed SSLEngine supported cipher suites
   list not to include SSL_NULL_WITH_NULL_NULL which is not a valid
   suite to negotiate.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

   SSLEngine instances can have null host values, which caused a
   NullPointerException in the ClientSessionContext implementation.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java

   SSLEngine tests were failing because SSLParameters was throwing
   NullPointerException instead of IllegalArgument exception on null
   element values. Fixed null pointer message style while I was here.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java

    Fixed SSLEngine instances to default to server mode like RI

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java

   Fixed KEY_TYPES based on SSLEngine implementation. Removed dead
   code NativeCrypto.getEnabledProtocols which was recently made
   obsolete. Cleaned up null exception messages to follow our convention.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java

   Added SSLEngineTest which parallels SSLSocketTest in its
   coverage. Similarly added TestSSLEnginePair which loosely parallels
   TestSSLSocketPair.

	luni/src/test/java/javax/net/ssl/SSLEngineTest.java
	luni/src/test/java/javax/net/ssl/AllTests.java
	support/src/test/java/javax/net/ssl/TestSSLEnginePair.java

   SSLEngineTest betters exposed the differences between SSLSocket and
   SSLEngine supported cipher suites. StandardNames now has an
   CIPHER_SUITES_SSLENGINE definition which denotes what is missing
   and what is extra and why in the SSLEngine implementation.

	support/src/test/java/javax/net/ssl/StandardNames.java

    Created StandardNames.assert{Valid,Supported}{CipherSuites,Protocols}
    to factor out some code test code that is also used by new tests.

	support/src/test/java/javax/net/ssl/StandardNames.java
	luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

    Remove SSLSocketTest known failure and add new SSLEngineTest known failures

	expectations/knownfailures.txt

SSL_OP_NO_TICKET change was recently merged from master which required some fixes.

    For the moment, sslServerSocketSupportsSessionTickets always returns false.

	support/src/test/java/javax/net/ssl/TestSSLContext.java

    Fixed flakey test_SSLSocket_HandshakeCompletedListener which had a
    race because the client thread look in the server session context
    for an session by id potentially before the server thread had a
    chance to store its session. Made noticable because of
    SSL_OP_NO_TICKET recently merged from master (before this code
    path was host only, not device)

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

    Fix checkjni issue where we need to check for pending exception in
    OpenSSL callback.  Possibly introduced by recent merge of
    SSL_OP_NO_TICKET from master.

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Expectation updates

    Remove SSLSocketTest known failure and add new SSLEngineTest known failures

	expectations/knownfailures.txt

    Tag test_SSLSocket_getSupportedCipherSuites_connect as large

	expectations/taggedtests.txt

Misc changes:

   opening brace on wrong line

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java

   Long line cleanup while debugging

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketFactoryImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketFactoryImpl.java
	support/src/test/java/javax/net/ssl/TestKeyStore.java

   Removed bogus import

	luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java

   Comment clarify while debugging

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

   Ctor -> Constructor in comment

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLEngineImpl.java

   Fixed naming of SocketTest_Test_create to TestSocketPair_Create to match renamed classes

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

Change-Id: I99505e97d6047eeabe4a0b93202075a0b2d486ec

Enable Diffie-Hellman cipher suites in NativeCrypto (and in
StandardNames to match for testing). This means we now have the same
default cipher suite list as RI 5.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	support/src/test/java/javax/net/ssl/StandardNames.java

Enabling DH made it obvious that the RI check for enable cipher suites
on SSLServerSocket.accept was not as stringent as first
thought. Apparently they don't care if all enabled cipher suites have
certificates/keys, just that at least one of them will work, even if
its anonymous. Factored out the logic to check this into
checkEnabledCipherSuites for clarity along with the supporting
checkForPrivateKey. Also only check if the socket is in server mode,
since its fine to have nothing configured for server acting as a
client for handshake purposes.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java

The real work to enable Diffie-Hellman was to use
SSL_CTX_set_tmp_dh_callback to set a callback to get DH
parameters. There are two ways to create the parameters. The first is
to use DH_generate_parameters_ex which is very slow (minutes) as is
recommended as install time option. The second is to use
DSA_generate_parameters_ex followed by DSA_dup_DH, which is faster for
a single call, but must be done every time, so slower overall. We
currently take the second approach to just have DH working.

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Changed ephemeral RSA keys to be stored per SSL in AppData, not in a static global.

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Fix LS_ to TLS_ typo in commented out constant. Removed easy to miss wrapping in array definition.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

Renamed CipherSuites defaultPretendant to defaultCipherSuites which
led to renaming the CipherSuites constants to follow the coding style.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerKeyExchange.java

Change-Id: Ia38de48cabb699b24fe6e341ba79f34e3da8b543

   Make CipherSuite static fields final (noticed because I tried to use some in a switch statement).
   Also renamed "cuites*" to "suites*" and fixed UNKNOUN to UNKNOWN

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

   SSLServerSocket now matches the RI behavior of throwing an
   SSLException for missing keys for non-anonymous cipher suites.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java

   Fixed one KnownFailure

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

Change-Id: I1ccbf93cfc5aa5951b1f33881446d93c380b6e68

SSLSession.getPeerPort is supposed to return -1 when the port is
undefined so now we initialize it to that value.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java

Avoid creating InetAddress to store the OpenSSLSessionImplWrapper host
and port arguments since it was causing an exception on an port value
of -1 and was just used to go back to the original host and port when
creating the SSLSession, which is allowed to return a port value of -1.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

Remove last of KnownFailures for SSLSocketFactory

	luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java

Update classpath for newly seperated out junit jars

	run-core-tests

Change-Id: I646a8f23c3d6ae01f1dd38e40bc9c32d436e6254

Client certificates should only be set into the SSL* when requested by
the server so that after the handshake is completed the client can
inspect its SSLSession to see what certificate if any was
requested. Previously the value was always non-null even if the server
didn't request the certificate.

   - Created RAND_seed and RAND_load_file out of the NativeCrypto.SSL_new
   - NativeCrypto.SSL_new now simply performs SSL_new and does not
     deal with certificates, private keys, or random seeds.
   - Removed helper version of NativeCrypto.SSL_new
     Moved code to OpenSSLSocketImpl.setCertificate
   - Created SSL_use_certificate, SSL_use_PrivateKey, SSL_check_private_key from SSL_new.
     These are used not just on server handshake but also via clientCertificateRequested callback.
   - Merged CertificateChainVerifier and HandshakeCompletedCallback into new SSLHandshakeCallbacks
     while adding new clientCertificateRequested callback from OpenSSL C code to Java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

    In addition to supporting NativeCrypto.java changes, also changed
    to_SSL_CTX and to_SSL_SESSION to allow null checking and throwing
    NullPointerException. Changed these and to_SSL to log exception on
    JNITrace, taking these logs out of individual functions. There
    were a lot of null checks missing previously, mostly in
    to_SSL_SESSION cases.

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

    All KnownFailures now fixed.

	luni/src/test/java/javax/net/ssl/SSLSessionTest.java

    Three more KnownFailures now fixed.

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

Change-Id: Iddcd5512e8395d947d3b894f03e3a059e63afe8a

Change text names of Harmony CipherSuite's (used by SSLEngine and some
places with OpenSSL code) to match JSSE names.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

Added StandardName constant for SSL_NULL_WITH_NULL_NULL

	support/src/test/java/javax/net/ssl/StandardNames.java

Marked test as working with above fix, changed to use newly defined constant.

	luni/src/test/java/javax/net/ssl/SSLSessionTest.java

Change-Id: Id48d2adcbbff71306296f1fdf8ff970c618fdcc6

Added new test_SSLSocket_getSupportedCipherSuites_connect to make sure
all cipher suites we claim work actually do. It clearly exposed that
although a large number of cipher suites are supported by libssl.so,
they are not properly wired up into the OpenSSL JSSE
implementation. In particular Elliptic Curve has been disabled in our
version Bouncy Castle does not work. In addition Diffie-Hellman does
not work because we need to further integration work with OpenSSL via
SSL_set_tmp_dh_callback or SSL_set_tmp_dh. Finally,
SSL_RSA_EXPORT_WITH_RC4_40_MD5 doesn't work but that is being left as
KnownFailure for more immediate cleanup based on ServerHandshakeImpl's
handling of KeyExchange_RSA_EXPORT as part of having OpenSSL call us
back for certificates dynamically.

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

Refactored TestSSLContext.createKeyStore to create TestKeyStore which
now factors out TestSSLContext.createKeys from the old createKeyStore
method, which allows createKeys to be called multiple times for
different key algorithms (for example DSA in addition to RSA). Also
added a reusable singleton instance to cut down on test execution
time.

	support/src/test/java/javax/net/ssl/TestKeyStore.java

Removed publicAlias/privateAlias from TestSSLContext since we now
include both RSA and DSA key pairs in they KeyStore by default. Added
TestSSLContext.assertCertificateInKeyStore methods to help tests the
previously used the alias fields fields. TestSSLContext.create API
changed as well since the alias names are no longer
required. TestSSLContext.createClient now needs to iterate over all
server certificates when setting up its TrustManager instead of just
grabbing one by alias name.

	support/src/test/java/javax/net/ssl/TestSSLContext.java
	luni/src/test/java/javax/net/ssl/SSLContextTest.java
	luni/src/test/java/javax/net/ssl/SSLSessionTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

TestSSLSocketPair.connect now allows optional inclusion of server
cipher suite list.

	support/src/test/java/javax/net/ssl/TestSSLSocketPair.java
	luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java

Turning off Elliptic Curve and Diffie-Hellman which are not currently
working. Updating test expectations to match.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	support/src/test/java/javax/net/ssl/StandardNames.java

Turn on registration of ECDSA and DSA since this part is currently
functional (and excercised by TestKeyStore.create())

	luni/src/main/java/org/bouncycastle/x509/X509Util.java

Improve logging by including SSL pointer in error messages, which
makes it easier to relate these errors to JNI_TRACE messages.

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Change-Id: I014d001a6a21a46c360678a346d3a3c8232f4d53

Responsibility is split between Socket, SocketImpl, PlainSocketImpl,
SocketChannel, SocketChannelImpl, and SocketChannelImpl.SocketAdapter, and
we need to keep them synchronized. Our hands are somewhat tied by the fact
that the RI exposed way too much. I think, now I understand the relationships
a bit better, that we can probably rewrite this cluster of classes to be
simpler, but I don't want to bite off more than I can chew right now, and
this does fix the known problems.

This patch also makes us more compatible with the RI by making getLocalAddress
after the socket has been closed return the address we used.

By strange coincidence, harmony addressed this at the same time I was looking
at it (see http://svn.apache.org/viewvc?rev=944119&view=rev) but I feel they're
going in the wrong direction and making the relationships even more complicated.
I have run their new tests in addition to my own, though.

Bug: 1952042
Bug: http://code.google.com/p/android/issues/detail?id=1933
Bug: http://code.google.com/p/android/issues/detail?id=3123
Change-Id: Icb7793fb5d868e0d1f1b8b3d5da88c32fb973744

Summary:
- Switch to using JSSE cipher suite names
- SSLSessionContext implementation cleanup
- Updated tests

Details:

Switch to using JSSE cipher suite names
- We maintain backward compatability for enabling cipher suites using
  OpenSSL names for old code that did so without checking for the
  presence of the names in the supported list.
- We now have a well defined list of the supported cipher suites which
  are sorted in priority order as specified in JSSE documentation so
  that callers doing:
     s.setEnabledCipherSuites(s.getSupportedCipherSuites())
  will get something reasonable.
- We now have a default cipher suite list that is chose to match RI
  behavior and priority, not based on OpenSSLs default and priorities.

    Details:
    - Added NativeCrypto OPENSSL_TO_STANDARD and STANDARD_TO_OPENSSL
      mapping between naming conventions. STANDARD_TO_OPENSSL is a
      LinkedHashMap so enumerating it gives the proper order for
      SUPPORTED_CIPHER_SUITES.
    - SSL_get_ciphers and SSL_set_cipher_list are removed, we now use
      our own SSL_set_cipher_lists (defined seperately in
      external/openssl/patches/jsse.patch) to set the set and order of
      cipher suites. SSL_CTX_get_ciphers is also removed because we no
      longer rely on the OpenSSL for the default cipher suites
      behavior.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

    Add cipherSuite and protocol field caches for native values,
    mapping the cipherSuite to a JSSE name from the OpenSSL name
    returned by SSL_SESSION_cipher.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java

    Fixed a long standing bug where we reused sessions found in the
    client host/port cache even if the old protocol and cipher suite
    where no longer compatible with what was specified by
    setEnabledCipherSuites and setProtocols.  Also fixed a recently
    introduced bug where lastAccessedTime was being set on a cached
    session even if it was not reused, found by fixed the above.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

Move most of SSLSessionContext implementation from subclasses to
AbstractSessionContext. This was primarily to align the
implementations of how different sessions id for the same host and
port were handled for RI compatability. client subclasses now focuses
on handling its host/port based cache and both deal with their own
persistent cache details.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java

Tests

   Added some variants of assertSSLSessionContextSize to simplify tests code.
   Broke test_SSLSessionContext_setSessionCacheSize_oneConnect out of
   test_SSLSessionContext_setSessionCacheSize_dynamic. Renamed
   test_SSLSessionContext_setSessionCacheSize_basic to
   test_SSLSessionContext_setSessionCacheSize_noConnect to match name
   of _oneConnect. _dynamic was cleaned up a bit as getting it working
   was the only goal of this change list. Fixed to filter
   SSL_RSA_EXPORT_ ciphers since our test certificate key length is
   too long for those. Lower test requirement to 3 unique cipher suites.

	luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java

   Added checks that cipher suites and protocols have standard names.

	luni/src/test/java/javax/net/ssl/SSLSessionTest.java

   Removing known failures related to cipher suite naming. Fixed bug
   of using assertNotNull instead of assertTrue. Added extra
   size/length check which would have found the
   assertNotNull/assertTrue issue.

	luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

   Fixing test the explicitly worked around broken cipher suite naming.

	luni/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java

   Updated standard cipher suites to RI 6 list, which also now
   specifies ordering, which we now align with.

	support/src/test/java/javax/net/ssl/StandardNames.java

Unrelated

   Remove more now obsolete jars from the test classpath

	run-core-tests

Change-Id: I45c274a9327c9a1aeeccb39ecaf5a3fbe2903c8f

Gentlemen, you may now set your editors to "strip trailing whitespace"...

Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b

   Fix getIds Enumeration to filter invalid sessions.
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java

   Implement SSLSessionContext.setSessionTimeout to remove newly
   invalid sessions as specified by the RI documentation. getSession
   interfaces now filters invalid sessions from results.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java

   Added OpenSSLSocketImpl.creationTime instance field cache to avoid
   repeated native calls since this is now used for all isValid tests.
   Fixed broken isValid implementation:
   - compared seconds to milliseconds
   - direction of comparison backwards
   - used last accessed time instead creation time as clarified in RI 7 documentation.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java

Unrelated

   Replace java.io.* java.util.* imports with properly expanded versions:

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java

Change-Id: Ib02218df414f014f1d260f7acc067e5647fb700b

Add an explicit null check to ensure failure on a null argument to getSession to match the RI

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java

Remove KnownFailures resolved by above fix as well as clarifiying SSL
session cache expections on Android vs the RI. The KnownFailures were
also hiding some latent issues to do SSL session tickets, so fixed
those up as well.

	luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java

Added constants for expected SSL session cache behavior for RI vs Android

	support/src/test/java/javax/net/ssl/TestSSLContext.java

Change-Id: Ic6285192cf76c0a5c3fa45a24eaa504ed0babff5

    Moved initialization of SSLContextImpl clientSessionContext and
    serverSessionContext from engineInit time (in SSLParameters
    constructor) to constructor time, making them final.  This is to
    fix javax.net.ssl.SSLContextTest which was failing because it
    tried to access this before init was called, which worked fine on
    the RI. The SSLParameters now simply takes the preallocated
    session contexts as arguments. SSLParameters.getDefault() now
    needs to create its own session contexts when an SSLContext is not
    used, which is how Harmony does it.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java

    Removed KnownFailure from SSLContextTest as its 100% working.

	luni/src/test/java/javax/net/ssl/SSLContextTest.java

    Changed persistentCache fields of ClientSessionContext and
    ServerSessionContext from final to private and added a public
    setter. This replaces passing the persistentCache implementation
    in via the constructor. For momentarily backward compatibility
    with frameworks/base, the now deprecated 5 argument engineInit
    method now uses these setters for backward compatability. The
    SSLParameters previously took these persistent caches as arguments
    in order to pass them to the session context contructors, but as
    SSLParameters no longer creates these, they are no longer relevant.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java

    While moving the call of the AbstractSessionContext constructor
    from SSLParameters to SSLContextImpl after removing the persistent
    cache arguments, I realized there was no longer any reason to take
    any arguments. I pushed the initization of sslCtxNativePointer to
    the point of declaration.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java

Change-Id: Ied2903a2f369bf4e521e702bf58f32f21cb97d17

Change-Id: I7925a11870231b85abbd8f754f5edd34835605a9

Summary:
- Finished consolidating OpenSSL native code into NativeCrypto
- fixing local vs global ref bug with AppData
  Added new ScopedGlobalRef as part of this fix
- fixed many historical memory leaks identified during code review
- fixed lack of error checking on allcoation with OpenSSL *_new routines
- Added to_SSL_CTX and to_SSL_SESSION to match to_SSL (renamed from getSslPointer)
- Replaced most uses of GetByteArrayElements with ScopedByteArray
  (including cases where we we using ReleaseByteArrayElements(..,...,0) instead of JNI_ABORT)
- Replaced uses of GetStringUTFChars with ScopedUtfChars

Details:

Finished consolidating OpenSSL native code into NativeCrypto

	OpenSSLSocketImpl	NativeCrypto
	---------------------------------------
	nativeread		SSL_read_byte
	nativeread		SSL_read
	nativewrite		SSL_write_byte
	nativewrite		SSL_write
	nativeinterrupt		SSL_interrupt
	nativeclose		SSL_shutdown
	nativeverifysignature	verifysignature

    Also removed dead code that was wrapping SSL_get1_session

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Fixed NativeCrypto_SSL_write and NativeCrypto_d2i_SSL_SESSION to use
JNI_ABORT on release to avoid copy back of unchanged data (via ScopedByteArray).

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

While running the usual tests:
     adb shell run-core-tests tests.xnet.AllTests javax.net.ssl.AllTests
there was an abort from the JNI checking because in the recent
handshaking change, local refs were kept in AppData and then reused in
later calls. Added new ScopedGlobalRef to handle the book keeping of this.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
	include/ScopedGlobalRef.h

Fixed various leaks on old error paths spotted by reviewer.

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Tracking move of verifySignature, a non-SSL bit of code that was lurking in OpenSSLSocketImpl

	luni/src/main/java/org/apache/harmony/security/provider/cert/X509CertImpl.java

Change-Id: If1e409782bc99dc684039cfe3f53f8244e29346e

	OpenSSLSessionImpl	NativeCrypto
        -------------------------------------------------------
	getId			SSL_SESSION_session_id
	getPeerCertificatesImpl	SSL_SESSION_get_peer_cert_chain
	getCreationTime		SSL_SESSION_get_time
	getProtocol		SSL_SESSION_get_version
	getCipherSuite		SSL_SESSION_cipher
	freeImpl		SSL_SESSION_free
	getEncoded		i2d_SSL_SESSION
	initializeNativeImpl	d2i_SSL_SESSION

Change-Id: I4538df52280266711986a577b14868af3ea0ed62

Following up on feedback from earlier change https://android-git.corp.google.com/g/50435

    Added new test_SSLSocket_startHandshake_noClientCertificate to
    make sure handshaking works when no client certificates are
    present after issues raised by hwu during code review.

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

    Improve TestSSLContext.create* options
    - added javadoc comments to help distinguish different versions
    - fixed bug of not passing in keyStorePassword in create()
    - added new createClient(server) method to create a TestSSLContext
      that trusts the provided server TestSSLContext's certificate for
      use by test_SSLSocket_startHandshake_noClientCertificate
    - made createKeyStore optionally create a more minimal keystore if
      aliases are not present
	support/src/test/java/javax/net/ssl/TestSSLContext.java

    Fixed argument names in SSL_*_mode methods names as pointed out by hwu

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java

    Added comment to explain purpose of OpenSSLSessionImpl.resetId.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java

    Two changes to OpenSocketImpl
    - Added logging on runtime exception catch around
      HandshakeCompletedListener execution to closely mirror RI
      behavior.
    - Cleaned up peerCertificate check to not just be on the client path.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    Addressed enh's comments about using clearEnv and when to delete AppData

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Change-Id: I34f54e3e41a5d53d81fdc22aa34ca4de4ee9826f

Merge xml except xmlpull and kxml into luni

Summary:
- SSLSocket.startHandshake now generalized to handle both client and
  server handshaking as well as client/server role reversal
- handshake_cutthrough.patch is properly integrated with support
  delayed handshake completion now integrated with delayed updates to
  session cache and callbacks to HandshakeCompletedListeners
- Many fixes to SSLSession, which is the end product of the handshake
- Generally more RI and SSLEngine compliant behavior.
- More native code deletion through unification of client/server
  handshake, unification of client/server certificate chain
  verification, etc. More native code moved from various OpenSSL
  classes to cleaner NativeCrypto interfaces that more directly mirror
  the OpenSSL interfaces.

Details:

Delay SSL_new call until handshake time when we know for sure whether
the OpenSSLSocket will be used in client or server mode and we can
allocate the SSL_new from the apppriate client or server SSL_CTX used
for session caching.

    Now that no SSL is allocated for an OpenSSLServerSocketImpl,
    store enabledProtocols and enabledCipherSuites in instance String
    arrays. Use new NativeCrypto.checkEnabled* methdods for argument
    validation. OpenSSLServerSocketImpl passes these enabled arrays to
    a new OpenSSLSocket constructor during accept(). Removed finalizer
    from OpenSSLServerSocketImpl since it no longer has any native
    storage and socket is already closed by PlainSocketImpl finalizer.

	X-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    OpenSSLSocket major overhaul to properly implement handshaking
    including switching client and server roles and session ID caching
    with handshake_cutthrough.patch.
    - now implements NativeCrypto.HandshakeCompletedListeners for
      properly timed callback when handshake_cutthrough.patch delays
      handshake completion until first SSLSocket.getInputStream()
      read.
    - similar enabledProtocols/enabledCipherSuites changes as
      OpenSSLServerSocketImpl since we need to store the state
      somewhere other than an openssl SSL struct until we are sure if
      we are doing a client or server handshake.
    - added handshake completed field so that startHandshake can tell
      if handshake was completed during SSL_do_handshake or will be
      completed later by a call to HandshakeCompletedCallback.handshakeCompleted.
    - removed nativegetsession as the equivalent value is now returned by SSL_do_handshake
    - removed nativecipherauthenticationmethod as the value is now passed to verifyCertificateChain
    - startHandshake is now a wrapper that forces a fully synchronous handshake
    - startHandshake(boolean) is the the most changed method in this
      changelist, combinding both the old startHandshake logic, but
      also the OpenSSLSocketImpl.accept code as well. Notable
      differences from the old code:
      * now responsible for SSL_new
      * single code path for client/server handshaking dealing with SSLSession caching
      * now handles server certificate requests previously in
        OpenSSLServerSocketImpl, since a client can request to act
        like a server and therefore need to be able to make suck
        demands on its peer.
      * supports turning off handshake_cutthrough at a callers request
        via explicit call to startHandshake()
      * certificate verification happens during an upcall from openssl
        during SSL_do_handshake to verifyCertificateChain for both
        client and server cases. previously there was not quite right
        upcall support on the server side and post-handshake checking
        on the client, which did not allow for a proper alert to be
        sent to the peer informing them of the issue, which the RI and
        SSLEngine code do.
      * Similarly, setEnableSessionCreation(false) did not send an
        alert to the peer as the RI and SSLEngine code in the client
        case. In the server case, nothing was previously done.
      * The use of local certificates was not determined from
        introspecting the SSL struct post-handshake. This is now
        partially implemented and will be completed in a later change.
    - SSLSocket.{shutdownInput,shutdownOutput} are now restored to the
      proper behavior of throwing UnsupportedOperationException.
    - Gutted OpenSSLSocketImpl finalizer. The comment explains in
      detail the trouble of having the finalizer do anything more than
      touch its the instances own state due to unpredictable order of
      finalization and the future possability of parallel
      finalization.

        x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    SSLSession fixes
    - Made OpenSSLSessionImpl.sessionContext non-final so it could be
      nulled by SSLSession.invalidate to match RI behavior.
    - As noted in AbstractSessionContext discussion, removed
      OpenSSLSessionImpl constructor that took SSLParameters, instead
      we take the possibly null localCertificates
      directly. OpenSSLSessionImpl.getLocalCertificates now simply
      returns the localCertificates member variable instead of
      incorrectly trying to query the KeyManager for certificates that
      may not have been used.
    - OpenSSLSessionImpl now caches its native ID to avoid numerious
      native calls but also now provides as resetId which will update
      the cache when a delayed handshake happens due to the
      handshake_cutthrough.patch
    - Fixed bug in getPeerPrincipal that it wasn't calling
      getPeerCertificates to initialize peerCertificates field.
    - freeImpl is now 'public static' in preparation for move to NativeCrypto.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java

    The old SSLSessionImpl class that is still used for representing
    the invalid session now returns
       isValid => false
    and
       getProtocol => "NONE"
    to match the RI.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java

    NativeCrypto improvements
    - Adding NativeCrypto.SSL_{get,set,clear}_mode similar to
      NativeCrypto.SSL_{get,set,clear}_options along with
      SSL_MODE_HANDSHAKE_CUTTHROUGH constant which is used to
      explicitly disable/enable the Android handshake_cutthrough.patch
      behavior.
    - Added missing NativeCrypto.SSL_clear_options and used to properly
      implement NativeCrypto.setEnabledProtocols.
    - Added NativeCrypto.checkEnabledProtocols and
      NativeCrypto.checkEnabledCipherSuites helpers to implement
      exception compatability with the RI. While some of this code is
      refactored from existing NativeCrypto code, it is now also used
      by OpenSSLServerSocketImpl and OpenSSLSocketImpl which maintain
      their own String[]s of what is enabled until startHandshake time. (see below)
    - Changed NativeCrypto.findSuite to use foreach style loop for clarity.
    - Moved OpenSSLServerSocketImpl nativesetclientauth and
      SSL_VERIFY_* constants to NativeCrypto.SSL_set_verify
    - Added NativeCrypto.SSL_set_session based on part of old OpenSSLSocketImpl.nativeconnect
    - Added NativeCrypto.SSL_set_session_creation_enabled to properly implement
      SSLSocket.setEnableSessionCreation(false) which uses new
      external/openssl/patches/jsse.patch functionality.
    - New NativeCrypto.SSL_do_handshake consolidates
      OpenSSLSocketImpl.{nativeconnect, nativeaccept} while properly
      implementing SSLSocket.setUseClientMode(false) for clients and
      SSLSocket.setUseClientMode(true) for servers.
    - New NativeCrypto.SSL_get_certificate is determine if local
      certificate requested by peer. While functional, currently
      NativeCrypto.SSL_new always sets a value via SSL_use_certificate
      instead of relying on a callback set via SSL_CTX_set_client_cert_cb.
    - Changed NativeCrypto.CertificateChainVerifier.verifyCertificateChain
      to throw a checked CertificateException to match TrustManager.{checkServerTrusted,
      checkClientTrusted}. It also takes an authMethod so avoid the need to call
      the old OpenSSLSocketImpl.nativecipherauthenticationmethod.
    - Added NativeCrypto.HandshakeCompletedCallback which has its
      handshakeCompleted method called from OpenSSL when the now
      delayed handshake_cutthrough.patch handshake is completed so
      SSLSession caching can be delayed until a session ID is available
      and to provide a better time for HandshakeCompletedListeners to
      be notified.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

    Some other changes specific to the naitve side of the code
    - Added JNITRACE calls (enabled at compile time with JNI_TRACE)
      for future debugging.
    - throw SSLException subclass of IOException instead IOException
      itself for better RI compatability
	x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
    - changed from old struct app_data to new class AppData at enh's request

    Remove dubious usage of SSLParameters within AbstractSessionContext
    to pass through to OpenSSLSessionImpl constructor for use in
    calling getLocalCertificates for sessions created from a byte array
    with AbstractSessionContext.toSession. Our
    AbstractSessionContext.toBytes doesn't currently include the local
    certificates in its output, so it cannot be expected to have in toSession.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java

Test maintenance

    openssl 1.0.0 adds support for RFC 4507 session tickets which
    remove the need for server side session state. These tests needed
    to be updated for this new behavior. If IS_RI is true, they still
    follow the old behavior.

	luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
	luni/src/test/java/javax/net/ssl/SSLSessionTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

    Update KnownFailures and add specific comments at point of failure
    about what remains to be fixed.

	luni/src/test/java/javax/net/ssl/SSLSessionTest.java

    Added tests to cover the use of standard cipher suite
    names. Historically Android has used OpenSSL string constants for
    cipher suite names, but JSSE actually specifies supported and
    expected names.

	luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

    Create new support/src/test/java/javax/net/ssl with old Helper
    support code pulled from javax.net.ssl tests:
      SSLContextTest.Helper -> TestSSLContext
      SSLSocketTest.Helper -> TestSSLSocketPair
      SSLSessionTest.Helper -> TestSSLSessions
    Also added new StandardNames here, which contains a collection of
    expected constants for test validation.

	luni/src/test/java/javax/net/ssl/SSLContextTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java
	luni/src/test/java/javax/net/ssl/SSLSessionTest.java
	support/src/test/java/javax/net/ssl/TestSSLContext.java
	support/src/test/java/javax/net/ssl/TestSSLSocketPair.java
	support/src/test/java/javax/net/ssl/TestSSLSessions.java
	support/src/test/java/javax/net/ssl/StandardNames.java

    Removed some now fixed KnownFailures and unneeded !IS_RI
    code. Marked some [Un]KnownFailures where exceptions are thrown
    and visible in the output but aren't correctly causing the test to
    fail. Fixed assertNonNull to assertTrue in
    test_SSLSocketTest_Test_create. Added
    stress_test_SSLSocketTest_Test_create to track down test
    flakiness, leading to rewrite of SSLSocket finalization.

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

    Reenable javax.net.ssl.AllTests now that it is does not hang

	luni/src/test/java/tests/AllTests.java

    Improve error messages while debugging overflow problem.
    Added new assert when debugging new RFC 4507 behavior.
    Removed KnownFailure annotation for now working test case.
	x-net/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java

Client code changes

   Now that startHandshake implies synchronous vs Android's default async handshake, remove unneeded explict calls to SSLSocket.startHandshake

	luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java

   Removed IBM 1.4.x codepath that involved startHandshake

	x-net/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java

Unrelated

   Remove unneed SSLSocket.setUseClientMode while removing unneeded SSLSocket.startHandshake

	luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java

   Removed warnings due to now missing modules in classpath

	run-core-tests

Change-Id: I6e149ae259b3feccdfb0673209c85cfeb60befc8

Summary:

  b/1758225: Revisit OpenSSL locking
    Removed the locking original put in to address b/1678800 which
    had been causing problems for the HeapWorker thread which was
    timing out waiting for the lock in the finalizers while other
    threads were connecting.

  b/1678800: Reliability tool: Crash in libcrypto @ https://opac.ntu.ac.uk
    Properly fixed the native crash by avoid sharing SSL_SESSION objects
    between SSL_CTX objects

Testing:
- adb shell run-core-tests --verbose tests.xnet.AllTests
- adb shell run-core-tests --verbose javax.net.ssl.AllTests
- Test app that reloads https://opac.ntu.ac.uk

Details:
    Each AbstractSessionContext now has an associated SSL_CTX,
    referenced through the sslCtxNativePointer. SSL_CTX on the native
    side defines the scope of SSL_SESSION caching, and this brings the
    Java SSLSessionContext caching into alignment with the native
    code. OpenSSLSessionImpl now uses AbstractSessionContext instead
    of SSLSessionContext for access to the underlying SSL_CTX.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java

    Added AbstractSessionContext.putSession so OpenSSLSocketImpl/OpenSSLSessionImpl can
    directly assign to the current AbstractSessionContext (whether it
    be a ClientSessionContext or a ServerSessionContext) without
    casting.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java

  Cleaning up use of SSL_CTX and SSL instances in SSLSocket/SSLServerSocket implementation

    The major change is that openssl SSL instances are allocated for
    the life of the matching Java object, replacing the SSL_CTX and
    the SSL objects that had previously been allocated only starting
    at handshake time. We should never have been sharing SSL_SESSION
    instances between SSL_CTX instances, which was the source of the
    native crashes dating back to cupcake which the
    OpenSSLSocket.class locking had been preventing.

    - NativeCrypto now has better defined and independant wrappers on
      openssl functionality. A followon checkin should move the
      remaining openssl JNI code here with the intent of being able to
      write and end-to-end test of the openssl code using NativeCrypto
      without the JSSE implementation classes. The following gives a
      list of the new native functions with a mapping to the old
      implementation code. The new code has a more functional style
      where SSL_CTX and SSL instances are passed and returned as
      arguments, not extracted from Java instances

      SSL_CTX_new                       OpenSSLSocketImpl.nativeinit, OpenSSLServerSocketImpl.nativeinit, SSLParameters.nativeinitsslctx
      SSL_CTX_get_ciphers_list          OpenSSLSocketImpl.nativeGetEnabledCipherSuites
      SSL_CTX_free                      OpenSSLSocketImpl.nativefree, OpenSSLServerSocketImpl.nativefree

      SSL_new                           OpenSSLSocketImpl.nativeinit, OpenSSLSocketImpl.init, OpenSSLServerSocketImpl.nativeinit, OpenSSLServerSocketImpl.init
      SSL_get_options                   OpenSSLSocketImpl.nativesetenabledprotocols
      SSL_set_options                   OpenSSLSocketImpl.nativesetenabledprotocols
      SSL_get_ciphers                   OpenSSLSocketImpl.nativeGetEnabledCipherSuites
      SSL_set_cipher_list               OpenSSLSocketImpl.nativeSetEnabledCipherSuites
      SSL_free                          OpenSSLSocketImpl.nativefree, OpenSSLServerSocketImpl.nativefree

    - While the focus in NativeCrypto is on native code, it also
      contains some helpers/wrappers especially for code that doesn't
      depend on specific SSL_CTX, SSL instances or that needs to do
      massaging of data formats between Java and OpenSSL. Some of
      these had previously been duplicated in the client and server
      versions of the code. For example:

        getSupportedCipherSuites	OpenSSLSocketImpl.nativegetsupportedciphersuites, OpenSSLServerSocketImpl.nativegetsupportedciphersuites
        getSupportedProtocols		OpenSSLSocketImpl.getSupportedProtocols, OpenSSLServerSocketImpl.getSupportedProtocols
        getEnabledProtocols             OpenSSLSocketImpl.getEnabledProtocols,OpenSSLServerSocketImpl.getEnabledProtocols
        setEnabledProtocols             OpenSSLSocketImpl.setEnabledProtocols
        setEnabledCipherSuites		OpenSSLSocketImpl.setEnabledCipherSuites

    - Moved JNI initialization from OpenSSLSocketImpl to NativeCrypto
      which is the future home of all the openssl related native code.

        clinit                          OpenSSLSocketImpl.nativeinitstatic

    - NativeCrypto.CertificateChainVerifier is a new interface to
      decouple callbacks from openssl from a specific dependence on a
      OpenSSLSocketImpl.verify_callback method. Changed to return
      boolean instead of int.

    - Renamed OpenSSLSocketImpl.ssl to OpenSSLSocketImpl.sslNativePointer for consistency

    - Changed OpenSSLSocketImpl nativeconnect, nativegetsslsession,
      nativecipherauthenticationmethod, nativeaccept, nativeread,
      nativewrite, nativeinterrupt, nativeclose, nativefree to take
      arguments instead of inspect object state in preparation for
      moving to NativeCrypto

    - other notable NativeCrypto changes included
      * adding SSL_SESSION_get_peer_cert_chain,
        SSL_SESSION_get_version, and SSL_get_version (and
        get_ssl_version) which are "missing methods" in openssl
      * ssl_msg_callback_LOG callback and get_content_type for handshake debugging
      * removing jfieldID's for our classes now that we pass in values in arguments
      * changed aliveAndKicking to be volative since we poll on it to communicate between threads
      * changed from C style declarations at beginning of block to C++ at first use on methods with major changes
      * stop freeing SSL instances on error, only SSL_clear it
      * improved session reuse logging when reproducing b/1678800
      * change verify_callback to return verifyCertificateChain result

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketFactoryImpl.java

    When we accept a server socket, we pass the existing SSL state
    instance from the server socket to the newly accepted socket via
    the constructor where it is copied with SSL_dup, instead of
    through both the constructor and later the accept method.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java

    Cleaned up nativesetclientauth from using SSL_CTX to SSL, passing
    ssl as argument in preparation for future movement to
    NativeCrypto.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java

    Removed ssl_op_no cache for rarely used enabled protocol methods
    so that code could more easily be shared in NativeCrypto between
    client and server.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    Changed public getId, getCreationTime, getPeerCertificates,
    getCipherSuite, getProtocol from being instance methods that
    looked at the OpenSSLSessionImpl object state to be static mthods
    that take the native pointers as arguments in preparation for
    moving to NativeCrypto. Rename session -> sslSessionNativePointer
    for consistency.  Inlined initializeNative, which wasn't really
    the native code.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java

    Removed lock on OpenSSLSocketImpl.class lock from around
    OpenSSLSocketImpl's use of nativeconnect, nativegetsslsession, and
    nativecipherauthenticationmethod as well as OpenSSLSessionImpl's
    use of freeImpl, fixing b/1758225: Revisit OpenSSL locking

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java

Unrelated changes

    Removed unused ssl_ctx, nativeinitsslctx, getSSLCTX
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java

    Fix bug in both putSession implementations where we cached
    sessions with zero length id. Also change indexById to pass in id
    in client implementation.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java

    Make sure we clone SSLParameters passed to the SSLSocketFactory
    and SSLServerSocketFactory so that muting the client instance does
    not change the server instance and vice versa. Explicitly set
    setUseClientMode(false) on the server SSLParameters. These changes
    are to bring things more into alignment with the original harmony
    classes which properly support client/server role switching during
    handshaking.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketFactoryImpl.java

    Make locks object fields final

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    Moved updateInstanceCount(1) logic and sslParameters assignment to init method

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    Changed getCachedClientSession to respect getUseClientMode

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    Spelling of listensers to listeners in javadoc

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    Spelling SSLInputStream to SSLOutputStream in comment

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    Changed shutdownInput and shutdownOutput to call to the underlying socket

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    Set sslNativePointer to 0 when freeing underlying SSL object

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    Removed IOException logging in getSession, which is expected to
    simply return SSL_NULL_WITH_NULL_NULL when there are problems.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    Disabled "Using factory" message on successful creation of
    SocketFactory which was a bit noisy running tests. However, added
    logging in failure case including the related exception:

	x-net/src/main/java/javax/net/ssl/SSLSocketFactory.java

    Disabled logging of OpenSSL session deallocation

	x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

    Register SSLContextImpl as a source of SSL and SSL3 SSLContexts,
    not just TLS and TLSv1.
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java

    Fix whitespace in comment

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java

Change-Id: I99975ae22599c7df0d249fa013ae7ea7c9c08051

Change-Id: Ia95af76e2995ce7fb0778b020baf2882a8b0a3dd

This method causes a lot of confusion, and we can do a lot better. (Ideally,
the API would either not exist or be something like "public boolean ready()".)

I've removed poor-quality documentation overrides too, so the full
documentation is visible in most places. (InflaterInputStream is an obvious
exception.)

Also, to a lesser extent, improve the InputStream.skip documentation.

Change-Id: I6d6cd788e6a32ad4a2613d1e381610f1ad8575fe

I've fixed a few typos, and removed a few of the more egregiously nonsensical
or incorrect comments that were nearby.

Change-Id: I35851baebd532f949cc269f4738a26eeb9b6e697

Merge commit '1a29c735752f4082c8e32347f4a6b10c4fdeb1f5' into dalvik-dev

* commit '1a29c735752f4082c8e32347f4a6b10c4fdeb1f5':
  Fix server side SSLEngine ServerKeyExchange signature.

Code using SSLEngine for non-blocking SSL can't talk with openssl as a client,
since the signature is computed on different content (and openssl checks it,
unlike java). The fix is to use strip the 0x00 prefix when signing - like
it is done when generating the message, refactored both to use a common
method. We also include the length in the signature, it was also missing.

At enh's suggestion, I'm consoldiating the OpenSSL related native code
into a single wrapper class NativeCrypto. This changes is the firs
step, combining the cpp code into a single NativeCode.cpp. The next
step will involved introducting a single SSL_CTX in NativeCode and
cleaning up SSL_CTX use. As part of this, I'll start moving the native
wrappers to from various OpenSSL*.java classes into NativeCode.