GitLab

Remove lots of empty javadoc tags that were unused or invalid.
Remove some unused imports.
Mark a few input streams as intentionally unclosed.

Change-Id: I04d8642abd2b0f2e9be02e227658a1b9bd192d24

To help with shipping the JSSE with apps that want to bundle it, move
it to a new package so that the tangles in other parts of the library
can be untangled.

Change-Id: I810b6861388635301e28aee5b9b47b8e6b35b430

Summary:
- Enable Elliptic Crypto support for OpenSSL based SSLSocket instances
- More RI compliant usage of key types, client auth types, and server auth types
- Steps toward TLS_EMPTY_RENEGOTIATION_INFO_SCSV support, currently test updates

Details:

Elliptic Curve changes

    CipherSuite updates for EC
    - Adding KEY_EXCHANGE_EC* and corresponding CipherSuites Updated
      isAnonymous, getKeyType (now renamed getServerKeyType) to handle
      new EC cases.  Added new getAuthType for use by
      checkServerTrusted callers.
    - Restructured code to handle two SUITES_BY_CODE_* arrays
    - Remove KEY_EXCHANGE_DH_* definitions which unused because the
      corresponding CipherSuites were previously disabled.
    - Changed AES CipherSuites definitions to use "_CBC" to match other definitions.
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

    openssl EC
    - NativeCrypto now registers TLS_EC_* cipher suites and has update default list
    - Improved auth type arguments to checkClientTrusted/checkServerTrusted
    - NativeCrypto support for emphemeral EC keys
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
	luni/src/main/native/NativeCrypto.cpp

non-openssl SSL/TLS cleanups

    - cleanup around code trying to cope with DiffieHellman vs DH since either should work.
    - changed client to use new CipherSuite.getAuthType shared with NativeCrypto implementation
    - changed server to use CipherSuite.getKeyType
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java

Consolidate CertificateRequestType code into CipherSuite so that its
shared between java and openssl implementations. This includes the
KEY_TYPE_ string constants, TLS_CT_* byte constants and the 'String
keyType(byte)' (now renamed getClientKeyType) code that depends on them.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java

Tests

   Differentiate between supported list of cipher suites openssl-based
   SSLSocket and SSLEngine based, since the SSLEngine code does not support EC.

	luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java
	luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java

   Added testing for expected default cipher suites. Before we just ensured the values were valid.
	luni/src/test/java/libcore/javax/net/ssl/SSLSocketFactoryTest.java
	support/src/test/java/libcore/java/security/StandardNames.java

   Updated to handle new EC cipher suites codes. Added test for new getClientKeyType.
	luni/src/test/java/org/apache/harmony/xnet/provider/jsse/CipherSuiteTest.java

   Better use of "standard names" particularly to correctly deal with
   the subtle differences between key types, client auth types, and
   server auth types. TestKeyManager and TestTrustManager now verify
   the values they are passed are acceptable.

	support/src/test/java/libcore/java/security/StandardNames.java
	support/src/test/java/libcore/javax/net/ssl/TestKeyManager.java
	support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java

   Changed to timeout after 30 seconds and to log to reveal both client and server issues.
	support/src/test/java/libcore/javax/net/ssl/TestSSLSocketPair.java

Bug: 3058375
Change-Id: I14d1d0285d591c99cc211324f3595a5be682cab1

Summary:
- javax.net.ssl tests are now working on the RI
- KeyManager can now handle EC_EC and EC_RSA
- OpenSSLSocketImpl.startHandshake now works if KeyManager contains EC certificates

Details:

Add CipherSuite.getKeyType to provide X509KeyManager key type strings,
refactored from OpenSSLServerSocketImpl.checkEnabledCipherSuites.
getKeyType is now also used in OpenSSLSocketImpl.startHandshake to
avoid calling setCertificate for unnecessary key types.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

   New CipherSuiteTest to cover new getKeyType as well as existing functionality

	luni/src/test/java/org/apache/harmony/xnet/provider/jsse/CipherSuiteTest.java

Add support to KeyManager implementation for key types of the form
EC_EC and EC_RSA. The first part implies the KeyPair algorithm (EC in
these new key types) with a potentially different signature algorithm
(EC vs RSA in these)

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java

Update NativeCrypto.keyType to support EC_EC and EC_RSA in addition to
EC which was added earlier. Change from array of KEY_TYPES to named
KEY_TYPE_* constants.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java

Overhauled KeyManagerFactoryTest to cover EC, EC_EC, EC_RSA cases

	luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java
	support/src/test/java/libcore/java/security/StandardNames.java

Changed TestKeyStore.createKeyStore from always using BKS to now use
JKS on the RI between BC EC Keys and RI X509 certificates. Because JKS
requires a password, we now default "password" on the RI.

	support/src/test/java/libcore/java/security/TestKeyStore.java
	luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java
	support/src/test/java/libcore/java/security/StandardNames.java

TestKeyStore.create now accepts key types like EC_RSA. Changed
TestKeyStore.createKeys to allow a PrivateKeyEntry to be specified for
signing to enable creation of EC_RSA test certificate. Added
getRootCertificate/rootCertificate to allow lookup of PrivateKeyEntry
for signing. Changed TestKeyStore.getPrivateKey to take explicit
signature algorithm to retrieve EC_EC vs EC_RSA entries.

	support/src/test/java/libcore/java/security/TestKeyStore.java
	luni/src/test/java/libcore/java/security/KeyStoreTest.java
	luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java
	luni/src/test/java/libcore/java/security/cert/PKIXParametersTest.java
	luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java
	luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
	support/src/test/java/libcore/java/security/StandardNames.java

Added support for EC cipher suites on the RI.  Also test with and
without new TLS_EMPTY_RENEGOTIATION_INFO_SCSV cipher suite which is
used to specify the new TLS secure renegotiation.

	luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java
	luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
	support/src/test/java/libcore/java/security/StandardNames.java

New TestKeyManager and additional logging in TestTrustManager. Logging
in both is disabled by default using DevNullPrintStream.

	support/src/test/java/libcore/javax/net/ssl/TestKeyManager.java
	support/src/test/java/libcore/javax/net/ssl/TestTrustManager.java
	support/src/test/java/libcore/java/io/DevNullPrintStream.java

Bug: 3058375
Change-Id: Ia5e2a00a025858e10d1076b900886994b481e05a

See http://b/2099681

Change-Id: If358af98ccca44c544942b837c25e00e6553e916

Change-Id: I8347bc625480a1c37a1ed9976193ddfedeb00bbc

Wrote an interoperability test between our OpenSSL and SSLEngine
based SSLSocket implementations. Used it to flush out problems between
the implementations, which mostly were in the non-native implementation.

Filling out the SSLEngine (and therefore non-native SSLSocket) support
led to the list of supported and default cipher suites now being the
same as out OpenSSL SSLSocket. Most of the work was making the the
NULL, RC4, and AES ciphers work with SSLEngine as well as some minor
bug fixes in related code.

Summary:
- changing test_SSLSocket_getSupportedCipherSuites_connect to try all
  combinations of our two SSLContext/SSLSocket implementations
- fixed SSLEngine with *_WITH_NULL_* CipherSuites to use javax.crypto.NullCipher
- added *_AES_* cipher suites to SSLEngine (and therefore Java SSLSocketImpl)
- remove *_DH_* cipher suites which are not supported by the RI or our OpenSSL implementation
- fixed Java SSLSocket to not handshake on accept so will pass the basic SSLSocketTest
- added new KeyManagerFactoryTest while testing "DH_" cipher suite key types

This change depends on restoring bouncycastle's RC4 implementation (separate CL in external/bouncycastle)

Details:

Fixed SSLEngine with *_WITH_NULL_* CipherSuites by use javax.crypto.NullCipher

	expectations/knownfailures.txt
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionStateSSLv3.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionStateTLS.java

Previously I had changed the string name of CipherSuites from
"TLS_..." to "SSL_..." where appropriate to match the RI. Since I was
doing maintenance on overall list, I renamed the CODE_TLS_... and
TLS_... static fields as well to match.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java

Removed IDEA and RC2 CipherSuites to make it clear they are not
supported. While technically this happened as a side effect of the
assignment "supported = false" if the CipherSuite failed to load, we
truly intend not to support these. Also removed SSH_DH_* suites which
don't work with DSA keys and aren't supported by the RI or our OpenSSL
implementation.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

Old connection state code assumed that if a cipher was blocked, the
block size was 8 bytes. This is not true for the 16 byte AES ciphers.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionState.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionStateSSLv3.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ConnectionStateTLS.java

No wonder our OpenSSL implementation incorrect did a startHandshake
when accepting the socket... it got it from the Java implementation.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketImpl.java

Test for KeyManagerFactory (and KeyManager). TestKeyStore now creates
KeyManagers and TrustManagers from the keystore as a convenience for
KeyManagerFactoryTest (instead of having the code in the
TestSSLContext where we didn't keep a pointer to the created values).

	luni/src/test/java/javax/net/ssl/KeyManagerFactoryTest.java
	support/src/test/java/java/security/StandardNames.java
	support/src/test/java/java/security/TestKeyStore.java
	support/src/test/java/javax/net/ssl/TestSSLContext.java

Remove CIPHER_SUITES_SSLENGINE now that its the same as CIPHER_SUITES

	luni/src/test/java/javax/net/ssl/SSLEngineTest.java
	support/src/test/java/java/security/StandardNames.java

test_SSLSocket_getSupportedCipherSuites_connect now does
interoperability testing not just between the default SSLContext's
SSLSockets but between the four combinations of our two SSLContext. It
also now sends some test data bi-directionally between the client and
server.

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

Changed TestSSLContext.create to allow a different Provider for the
client and server SSLContexts.

	luni/src/test/java/javax/net/ssl/SSLEngineTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java
	support/src/test/java/javax/net/ssl/TestSSLContext.java

RC4 is now available in bouncycastle for the non-OpenSSL SSLContext to
use for parity with the OpenSSL implementation.

	support/src/test/java/java/security/StandardNames.java

Changed TestSSLSocketPair to use Futures like NativeCryptoTest so its
easier to choose between client and server errors while debuging.

	support/src/test/java/javax/net/ssl/TestSSLSocketPair.java

Removed bogus import

	luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java

Change-Id: I080c0343a3f86f27b7c191a7b80b585b9ca52d93

Summary:

Goal here was to just make most tests faster by only having
TestKeyStore create RSA keys by default. However, when I did that
SSLEngineTest#test_SSLEngine_clientAuth started working, so I ended up
investigating a much deeper issue with DSA client authentication
against an RSA SSLEngine server.

Details:

   Changed the TestKeyStore.get singleton to only contain RSA
   keys. TestKeyStore.create now requires the caller enumerate what
   keys they want if they need more than that or an alternative.

	support/src/test/java/javax/net/ssl/TestKeyStore.java

   Changed test_SSLSocket_getSupportedCipherSuites_connect to
   explicitly request RSA and DSA keys since it needs both to try
   connecting all possible cipher suites.

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

Fixing SSLEngine client authentication when server uses RSA but client uses DSA

   Fixed java.net.ssl.SSLEngineTest#test_SSLEngine_clientAuth

	expectations/knownfailures.txt

   Added CiperSuite.authType field which contains the algorithm name
   such as RSA, DSA, DH, that the client will use to authenticate the
   server. Like the cipherName, hmacName, and hashName, this is
   logically derivable from the the CiperSuite.KEY_EXCHANGE_*, but we
   remember it to avoid repeatedly doing large cascading "if" tests to
   determine which key algorithm should be used for each
   case.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

   Fixed a number of client certificate authentication bugs in SSLEngine
   - Changed ClientHandshakeImpl's in the SSL/Tls Certificate message
     code to mirror ServerHandshakeImpl's implementation to properly
     use chooseEngineClientAlias in the SSLEngine case.
   - Changed to use the client certifcates key algorithm for computing
     the signature for the SSL/TLS CertificateVerify
     message. Previously we used the cipher suites negoitated key
     exchange method, but if the client may select a certificate with
     a different algorithm if the server provides a CA for another
     algorithm.
   - Also changed to use CipherSuite.isAnonymous in two places rather
     than the inlined equivalent.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java

   Fixed client authentication to use the client's certificate (not
   the server's) to do verify the CertificateVerify message signature.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java

   Fixed bug in DigitalSignature which did not Signature.update in
   verifySignature, so it could never have properly authenticated DSA
   signatures.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java

   Added CertificateMessage getAuthType convenience

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateMessage.java

   Made CertificateRequest certificate_authorities final, found we were double allocating it

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java

   Cleaning up imports of HandshakeProtocol while working on its subclasses.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java

   Cleaned up while looking at X509KeyManager implementations while debugging.

	support/src/test/java/org/apache/harmony/xnet/tests/support/X509KeyManagerImpl.java

Change-Id: I74b98754c11000cbfea416f1571c380c9c67abf3

Summary:
- RI 6 support for javax.net.ssl
- SSLEngine fixes based on new SSLEngineTest
- fix Cipher.checkMode bug recently introduced in dalvik-dev

Details:

Fix Cipher.checkMode that was preventing most javax.net.ssl tests from working

	luni/src/main/java/javax/crypto/Cipher.java

RI 6 has introduced the concept of a "Default" SSLContext. This is
accessed via SSLContext.getDefault() and also
SSLContext.getInstance("Default"). Harmony had its own
DefaultSSLContext but it was not created via an SSLContextSpi. It also
was a single shared instance whereas the new RI6 Default SSLContext
shares internal SSLSessionContext instances between different Default
SSLContexts.

    Refactored the old code into an SSLContextImpl subclass that
    allows it to be created via SSLContext.getInstance. SSLContextImpl
    ensures that we only ever create one set of SSLSessionContext
    instances for the Default context.

	luni/src/main/java/javax/net/ssl/DefaultSSLContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java

    Added SSLContext.getDefault and SSLContext.setDefault

	luni/src/main/java/javax/net/ssl/SSLContext.java

    Replace dependencies of old DefaultSSLContext with use of SSLContext.getDefault

	luni/src/main/java/javax/net/ssl/SSLServerSocketFactory.java
	luni/src/main/java/javax/net/ssl/SSLSocketFactory.java

    Register "SSLContext.Default" as DefaultSSLContextImpl class for SSLContext.getInstance()

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java

    Added constant for new "Default" standard name and added it to
    SSL_CONTEXT_PROTOCOLS. New tests based on SSL_CONTEXT_PROTOCOLS
    made it clear that neither Android or RI support SSLv2 so removed
    it from SSL_CONTEXT_PROTOCOLS and SSL_SOCKET_PROTOCOLS. Added
    constant for TLS as well which was previously scattered all over
    tests. Remove SSLv2Hello from SSL_SOCKET_PROTOCOLS for Android
    since with OpenSSL disablign SSLv2 means you can not use
    SSLv2Hello either.

	support/src/test/java/javax/net/ssl/StandardNames.java

    Added tests for SSLContext.getDefault and
    SSLContext.setDefault. Changed existing tests to work on all
    protocols including new "Default".

	luni/src/test/java/javax/net/ssl/SSLContextTest.java

RI 6 has introduced the notion of SSLParameters which encapsulate SSL
the handshake parameters of desired cipher suites, protocols, and
client authentication requirements.

    The main new class SSLParameters is basically just a bag of fields
    with accessors and a couple simple constructors. The only things
    of note are that it clones all String arrays on input and output
    and the setters for the two boolean fields ensure that only one is
    true at a time.

	luni/src/main/java/javax/net/ssl/SSLParameters.java

    Added SSLContext.getDefaultSSLParameters and
    SSLContext.getSupportedSSLParameters which simply delegate to the
    SSLContextSpi.

	luni/src/main/java/javax/net/ssl/SSLContext.java

    Added abstract SSLContextSpi.engineGetDefaultSSLParameters and
    SSLContext.engineGetSupportedSSLParameters.

	luni/src/main/java/javax/net/ssl/SSLContextSpi.java

    Added engineGetDefaultSSLParameters and
    engineGetSupportedSSLParameters implementation. The RI documents
    in SSLContextSpi that these are implemented by default by creating
    a socket via the SSLContext's SocketFactory and asking for the
    enabled/supported cipher suites and protocols respectively, so
    that is what is done. The doc mentions throwing
    UnsupportedOperationException if there is a problem, so we do that
    as well.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java

    Added {SSLEngine,SSLSocket}.{getSSLParameters,setSSLParameters}
    which are analogous.

	luni/src/main/java/javax/net/ssl/SSLEngine.java
	luni/src/main/java/javax/net/ssl/SSLSocket.java

   Added SSLParametersTest

	luni/src/test/java/javax/net/ssl/SSLParametersTest.java
	luni/src/test/java/javax/net/ssl/AllTests.java

   Added SSLContext.get{Default,Supported}SSLParameters tests

	luni/src/test/java/javax/net/ssl/SSLContextTest.java

   Added SSLSocket.{getSSLParameters,setSSLParameters} tests and added
   some extra asserts to test_SSLSocketPair_create based on experience
   with test_SSLEnginePair_create.

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

   Dummy implementation of new SSLContextSpi for test classes.

	support/src/test/java/org/apache/harmony/security/tests/support/MySSLContextSpi.java
	support/src/test/java/org/apache/harmony/xnet/tests/support/MySSLContextSpi.java

Other minor RI 6 API changes:

    RI 6 removed Serializable from HandshakeCompletedEvent and SSLSessionBindingEvent

	luni/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java
	luni/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java

    RI 6 added generic types to the KeyStoreBuilderParameters List
    constructor and accessor as well as to
    SSLSessionContext.getIds. Fixed tests to compile with generic types.

	luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java
	luni/src/main/java/javax/net/ssl/SSLSessionContext.java
	luni/src/test/java/tests/api/javax/net/ssl/KeyStoreBuilderParametersTest.java

SSLEngine improvements. Since I was changing SSLEngine, I wrote an
SSLEngineTest based on my SSLSocketTest to do some simply sanity
checking. It expose a number of issues. I've fixed the small ones,
marked the rest as known failures.

   Renamed some TLS_ cipher suites to SSL_ to match JSSE standard
   names. These were all old suites no longer supported by RI or
   OpenSSL which is why they were missed in an earlier cleanup of this
   type in this class. Also fixed SSLEngine supported cipher suites
   list not to include SSL_NULL_WITH_NULL_NULL which is not a valid
   suite to negotiate.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

   SSLEngine instances can have null host values, which caused a
   NullPointerException in the ClientSessionContext implementation.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java

   SSLEngine tests were failing because SSLParameters was throwing
   NullPointerException instead of IllegalArgument exception on null
   element values. Fixed null pointer message style while I was here.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java

    Fixed SSLEngine instances to default to server mode like RI

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java

   Fixed KEY_TYPES based on SSLEngine implementation. Removed dead
   code NativeCrypto.getEnabledProtocols which was recently made
   obsolete. Cleaned up null exception messages to follow our convention.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java

   Added SSLEngineTest which parallels SSLSocketTest in its
   coverage. Similarly added TestSSLEnginePair which loosely parallels
   TestSSLSocketPair.

	luni/src/test/java/javax/net/ssl/SSLEngineTest.java
	luni/src/test/java/javax/net/ssl/AllTests.java
	support/src/test/java/javax/net/ssl/TestSSLEnginePair.java

   SSLEngineTest betters exposed the differences between SSLSocket and
   SSLEngine supported cipher suites. StandardNames now has an
   CIPHER_SUITES_SSLENGINE definition which denotes what is missing
   and what is extra and why in the SSLEngine implementation.

	support/src/test/java/javax/net/ssl/StandardNames.java

    Created StandardNames.assert{Valid,Supported}{CipherSuites,Protocols}
    to factor out some code test code that is also used by new tests.

	support/src/test/java/javax/net/ssl/StandardNames.java
	luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

    Remove SSLSocketTest known failure and add new SSLEngineTest known failures

	expectations/knownfailures.txt

SSL_OP_NO_TICKET change was recently merged from master which required some fixes.

    For the moment, sslServerSocketSupportsSessionTickets always returns false.

	support/src/test/java/javax/net/ssl/TestSSLContext.java

    Fixed flakey test_SSLSocket_HandshakeCompletedListener which had a
    race because the client thread look in the server session context
    for an session by id potentially before the server thread had a
    chance to store its session. Made noticable because of
    SSL_OP_NO_TICKET recently merged from master (before this code
    path was host only, not device)

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

    Fix checkjni issue where we need to check for pending exception in
    OpenSSL callback.  Possibly introduced by recent merge of
    SSL_OP_NO_TICKET from master.

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Expectation updates

    Remove SSLSocketTest known failure and add new SSLEngineTest known failures

	expectations/knownfailures.txt

    Tag test_SSLSocket_getSupportedCipherSuites_connect as large

	expectations/taggedtests.txt

Misc changes:

   opening brace on wrong line

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java

   Long line cleanup while debugging

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketFactoryImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketFactoryImpl.java
	support/src/test/java/javax/net/ssl/TestKeyStore.java

   Removed bogus import

	luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java

   Comment clarify while debugging

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

   Ctor -> Constructor in comment

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLEngineImpl.java

   Fixed naming of SocketTest_Test_create to TestSocketPair_Create to match renamed classes

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

Change-Id: I99505e97d6047eeabe4a0b93202075a0b2d486ec

Enable Diffie-Hellman cipher suites in NativeCrypto (and in
StandardNames to match for testing). This means we now have the same
default cipher suite list as RI 5.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	support/src/test/java/javax/net/ssl/StandardNames.java

Enabling DH made it obvious that the RI check for enable cipher suites
on SSLServerSocket.accept was not as stringent as first
thought. Apparently they don't care if all enabled cipher suites have
certificates/keys, just that at least one of them will work, even if
its anonymous. Factored out the logic to check this into
checkEnabledCipherSuites for clarity along with the supporting
checkForPrivateKey. Also only check if the socket is in server mode,
since its fine to have nothing configured for server acting as a
client for handshake purposes.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java

The real work to enable Diffie-Hellman was to use
SSL_CTX_set_tmp_dh_callback to set a callback to get DH
parameters. There are two ways to create the parameters. The first is
to use DH_generate_parameters_ex which is very slow (minutes) as is
recommended as install time option. The second is to use
DSA_generate_parameters_ex followed by DSA_dup_DH, which is faster for
a single call, but must be done every time, so slower overall. We
currently take the second approach to just have DH working.

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Changed ephemeral RSA keys to be stored per SSL in AppData, not in a static global.

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Fix LS_ to TLS_ typo in commented out constant. Removed easy to miss wrapping in array definition.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

Renamed CipherSuites defaultPretendant to defaultCipherSuites which
led to renaming the CipherSuites constants to follow the coding style.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerKeyExchange.java

Change-Id: Ia38de48cabb699b24fe6e341ba79f34e3da8b543

   Make CipherSuite static fields final (noticed because I tried to use some in a switch statement).
   Also renamed "cuites*" to "suites*" and fixed UNKNOUN to UNKNOWN

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

   SSLServerSocket now matches the RI behavior of throwing an
   SSLException for missing keys for non-anonymous cipher suites.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java

   Fixed one KnownFailure

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

Change-Id: I1ccbf93cfc5aa5951b1f33881446d93c380b6e68

Change text names of Harmony CipherSuite's (used by SSLEngine and some
places with OpenSSL code) to match JSSE names.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

Added StandardName constant for SSL_NULL_WITH_NULL_NULL

	support/src/test/java/javax/net/ssl/StandardNames.java

Marked test as working with above fix, changed to use newly defined constant.

	luni/src/test/java/javax/net/ssl/SSLSessionTest.java

Change-Id: Id48d2adcbbff71306296f1fdf8ff970c618fdcc6

Gentlemen, you may now set your editors to "strip trailing whitespace"...

Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b

Merge xml except xmlpull and kxml into luni

Notable changes
 - synchronization added where it was needed!
 - try/finally added to reliably tear down in DefaultSSLContext
 - ContextImpl deleted, it wasn't necessary
 - methods reordered to make statics first in the class
 - PrivilegedActions parameterized with <Void>
 - DigitalSignature now throws AssertionErrors in impossible states
   and throws AlertExceptions on invalid keys (rather than dumping
   a stacktrace)
 - ValueKeys added to SSLSessionImpl instead of TwoKeyMaps
 - SSLSessionImpl.clone() simplified to do a traditional clone

Squashed commit of the following:

commit 2d9e43d542ab7086af271bf52e847c582decbab1
Merge: 8b79eb4 a8dc377
Author: Jesse Wilson <jessewilson@google.com>
Date:   Tue Aug 25 15:25:21 2009 -0700

    Merge branch 'x-net_802921' into x-net_dalvik

    Conflicts:
    	libcore/x-net/.classpath
    	libcore/x-net/.settings/org.eclipse.jdt.core.prefs
    	libcore/x-net/build.xml
    	libcore/x-net/src/main/java/javax/net/DefaultServerSocketFactory.java
    	libcore/x-net/src/main/java/javax/net/DefaultSocketFactory.java
    	libcore/x-net/src/main/java/javax/net/ServerSocketFactory.java
    	libcore/x-net/src/main/java/javax/net/SocketFactory.java
    	libcore/x-net/src/main/java/javax/net/ssl/CertPathTrustManagerParameters.java
    	libcore/x-net/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
    	libcore/x-net/src/main/java/javax/net/ssl/DefaultSSLContext.java
    	libcore/x-net/src/main/java/javax/net/ssl/DefaultSSLSocketFactory.java
    	libcore/x-net/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java
    	libcore/x-net/src/main/java/javax/net/ssl/HandshakeCompletedListener.java
    	libcore/x-net/src/main/java/javax/net/ssl/HostnameVerifier.java
    	libcore/x-net/src/main/java/javax/net/ssl/HttpsURLConnection.java
    	libcore/x-net/src/main/java/javax/net/ssl/KeyManager.java
    	libcore/x-net/src/main/java/javax/net/ssl/KeyManagerFactory.java
    	libcore/x-net/src/main/java/javax/net/ssl/KeyManagerFactorySpi.java
    	libcore/x-net/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java
    	libcore/x-net/src/main/java/javax/net/ssl/ManagerFactoryParameters.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLContext.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLContextSpi.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLEngine.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLEngineResult.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLException.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLHandshakeException.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLKeyException.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLPeerUnverifiedException.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLPermission.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLProtocolException.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLServerSocket.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLServerSocketFactory.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLSession.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLSessionBindingListener.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLSessionContext.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLSocket.java
    	libcore/x-net/src/main/java/javax/net/ssl/SSLSocketFactory.java
    	libcore/x-net/src/main/java/javax/net/ssl/TrustManager.java
    	libcore/x-net/src/main/java/javax/net/ssl/TrustManagerFactory.java
    	libcore/x-net/src/main/java/javax/net/ssl/TrustManagerFactorySpi.java
    	libcore/x-net/src/main/java/javax/net/ssl/X509ExtendedKeyManager.java
    	libcore/x-net/src/main/java/javax/net/ssl/X509KeyManager.java
    	libcore/x-net/src/main/java/javax/net/ssl/X509TrustManager.java
    	libcore/x-net/src/main/java/javax/net/ssl/package-info.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImplWrapper.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketFactoryImpl.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLServerSocketImpl.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionContextImpl.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketFactoryImpl.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketImpl.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketInputStream.java
    	libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSocketOutputStream.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/CertPathTrustManagerParametersTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/HandshakeCompletedEventTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/HttpsURLConnectionTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/KeyStoreBuilderParametersTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLContext1Test.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLEngineTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLPermissionTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLServerSocketTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/SSLSocketTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/TrustManagerFactory1Test.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/HandshakeCompletedEventTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLExceptionTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLHandshakeExceptionTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLKeyExceptionTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLPeerUnverifiedExceptionTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLProtocolExceptionTest.java
    	libcore/x-net/src/test/api/java/org/apache/harmony/xnet/tests/javax/net/ssl/serialization/SSLSessionBindingEventTest.java
    	libcore/x-net/src/test/impl/java.injected/javax/net/ServerSocketFactoryTest.java
    	libcore/x-net/src/test/impl/java.injected/javax/net/SocketFactoryTest.java
    	libcore/x-net/src/test/impl/java.injected/javax/net/ssl/DefaultSSLServerSocketFactoryTest.java
    	libcore/x-net/src/test/impl/java.injected/javax/net/ssl/DefaultSSLSocketFactoryTest.java
    	libcore/x-net/src/test/impl/java.injected/javax/net/ssl/HttpsURLConnection_ImplTest.java
    	libcore/x-net/src/test/impl/java.injected/javax/net/ssl/SSLServerSocketFactoryTest.java
    	libcore/x-net/src/test/impl/java.injected/javax/net/ssl/SSLSocketFactoryTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/CipherSuiteTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/DigitalSignatureTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/HandshakeProtocolTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/KeyManagerImplTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLEngineImplTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLServerSocketImplTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSessionContextImplTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSessionImplTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSocketFactoriesTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSocketFunctionalTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLSocketImplTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/SSLStreamedInputTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImplTest.java
    	libcore/x-net/src/test/impl/java.injected/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java
    	libcore/x-net/src/test/impl/java/org/apache/harmony/xnet/tests/provider/jsse/DigitalSignatureTest.java
    	libcore/x-net/src/test/impl/java/org/apache/harmony/xnet/tests/provider/jsse/KeyManagerFactoryImplTest.java
    	libcore/x-net/src/test/impl/java/org/apache/harmony/xnet/tests/provider/jsse/ProtocolVersionTest.java
    	libcore/x-net/src/test/impl/java/org/apache/harmony/xnet/tests/provider/jsse/TrustManagerFactoryImplTest.java
    	libcore/x-net/src/test/java/javax/net/ssl/KeyManagerFactorySpiTests.java
    	libcore/x-net/src/test/java/javax/net/ssl/MyKeyManagerFactorySpi.java
    	libcore/x-net/src/test/java/javax/net/ssl/MySSLContextSpi.java
    	libcore/x-net/src/test/java/javax/net/ssl/MyTrustManagerFactorySpi.java
    	libcore/x-net/src/test/java/javax/net/ssl/SSLContextSpiTests.java
    	libcore/x-net/src/test/java/javax/net/ssl/TrustManagerFactorySpiTests.java
    	libcore/x-net/src/test/java/tests/api/javax/net/ssl/KeyManagerFactory1Test.java
    	libcore/x-net/src/test/java/tests/api/javax/net/ssl/KeyManagerFactory2Test.java
    	libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLContext2Test.java
    	libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSessionBindingEventTest.java
    	libcore/x-net/src/test/java/tests/api/javax/net/ssl/TrustManagerFactory2Test.java
    	libcore/x-net/src/test/support/common/java/org/apache/harmony/xnet/tests/support/MyKeyManagerFactorySpi.java
    	libcore/x-net/src/test/support/common/java/org/apache/harmony/xnet/tests/support/MySSLContextSpi.java
    	libcore/x-net/src/test/support/common/java/org/apache/harmony/xnet/tests/support/MyTrustManagerFactorySpi.java

commit 8b79eb40a27f0b336d5516606d43162ecead09ca
Author: Jesse Wilson <jessewilson@google.com>
Date:   Tue Aug 25 12:58:17 2009 -0700

    x-net_dalvik

commit a8dc3778cd2a1a5d6d0cfff6eec22e7bfbdb9c14
Author: Jesse Wilson <jessewilson@google.com>
Date:   Tue Aug 25 12:56:55 2009 -0700

    x-net_802921

commit 07ca0ed8aa5927c909f880559c17d162c111608e
Author: Jesse Wilson <jessewilson@google.com>
Date:   Tue Aug 25 12:56:07 2009 -0700

    x-net_527399

commit 9b44ccfc38c2fc2a6cf2c3cc39a13cc5bce635ba
Author: Jesse Wilson <jessewilson@google.com>
Date:   Tue Aug 25 11:14:01 2009 -0700

    Small changes missed in the original submission of 22482.