1. 04 May, 2012 1 commit
  2. 15 Jun, 2011 1 commit
  3. 17 May, 2011 1 commit
  4. 29 Apr, 2011 1 commit
    • Brian Carlstrom's avatar
      Avoid loading all CA certs into Zygote memory, lazily load instead (2 of 3) · 347b2a60
      Brian Carlstrom authored
      Previously the CA certs stored in the BKS KeyStore at
      /system/etc/security/cacerts.bks was loaded in the Zygote. As the the
      number of CAs are started to increase, this is causing more and more
      memory to be used for rarely used CAs. The new AndroidCAStore KeyStore
      implementation reads the CAs as needed out of individual PEM
      certificate files. The files can be efficiently found because they are
      named based on a hash CA's subject name, similar to OpenSSL.
      
      Bug: 1109242
      
      Details:
      
      build
      
          Removing old cacerts.bks from GRANDFATHERED_ALL_PREBUILT and
          adding new cacerts directory to core PRODUCT_PACKAGES
      
      	core/legacy_prebuilts.mk
      	target/product/core.mk
      
      libcore
      
          cacerts build changes. Move cacerts prebuilt logic to new
          CaCerts.mk from NativeCode.mk where it didn't make sense. Updated
          Android.mk's dalvik-host target to install new cacerts files.
      
      	Android.mk
      	CaCerts.mk
      	NativeCode.mk
      
          Remove old cacerts.bks and add remove certimport.sh script used to
          generate it. Preserved the useful comments from certimport.sh in
          the new README.cacerts
      
      	luni/src/main/files/cacerts.bks
      	luni/src/main/files/certimport.sh
      	luni/src/main/files/README.cacerts
      
          Recanonicalize cacerts files using updated vendor/google/tools/cacerts/certimport.py
          (See below discussion of certimport.py changes for details)
      
      	luni/src/main/files/cacerts/00673b5b.0
      	luni/src/main/files/cacerts/03e16f6c.0
      	luni/src/main/files/cacerts/08aef7bb.0
      	luni/src/main/files/cacerts/0d188d89.0
      	luni/src/main/files/cacerts/10531352.0
      	luni/src/main/files/cacerts/111e6273.0
      	luni/src/main/files/cacerts/1155c94b.0
      	luni/src/main/files/cacerts/119afc2e.0
      	luni/src/main/files/cacerts/11a09b38.0
      	luni/src/main/files/cacerts/12d55845.0
      	luni/src/main/files/cacerts/17b51fe6.0
      	luni/src/main/files/cacerts/1920cacb.0
      	luni/src/main/files/cacerts/1dac3003.0
      	luni/src/main/files/cacerts/1dbdda5b.0
      	luni/src/main/files/cacerts/1dcd6f4c.0
      	luni/src/main/files/cacerts/1df5ec47.0
      	luni/src/main/files/cacerts/1e8e7201.0
      	luni/src/main/files/cacerts/1eb37bdf.0
      	luni/src/main/files/cacerts/219d9499.0
      	luni/src/main/files/cacerts/23f4c490.0
      	luni/src/main/files/cacerts/27af790d.0
      	luni/src/main/files/cacerts/2afc57aa.0
      	luni/src/main/files/cacerts/2e8714cb.0
      	luni/src/main/files/cacerts/2fa87019.0
      	luni/src/main/files/cacerts/2fb1850a.0
      	luni/src/main/files/cacerts/33815e15.0
      	luni/src/main/files/cacerts/343eb6cb.0
      	luni/src/main/files/cacerts/399e7759.0
      	luni/src/main/files/cacerts/3a3b02ce.0
      	luni/src/main/files/cacerts/3ad48a91.0
      	luni/src/main/files/cacerts/3c58f906.0
      	luni/src/main/files/cacerts/3c860d51.0
      	luni/src/main/files/cacerts/3d441de8.0
      	luni/src/main/files/cacerts/3e7271e8.0
      	luni/src/main/files/cacerts/418595b9.0
      	luni/src/main/files/cacerts/455f1b52.0
      	luni/src/main/files/cacerts/46b2fd3b.0
      	luni/src/main/files/cacerts/48478734.0
      	luni/src/main/files/cacerts/4d654d1d.0
      	luni/src/main/files/cacerts/4e18c148.0
      	luni/src/main/files/cacerts/4fbd6bfa.0
      	luni/src/main/files/cacerts/5021a0a2.0
      	luni/src/main/files/cacerts/5046c355.0
      	luni/src/main/files/cacerts/524d9b43.0
      	luni/src/main/files/cacerts/56b8a0b6.0
      	luni/src/main/files/cacerts/57692373.0
      	luni/src/main/files/cacerts/58a44af1.0
      	luni/src/main/files/cacerts/594f1775.0
      	luni/src/main/files/cacerts/5a3f0ff8.0
      	luni/src/main/files/cacerts/5a5372fc.0
      	luni/src/main/files/cacerts/5cf9d536.0
      	luni/src/main/files/cacerts/5e4e69e7.0
      	luni/src/main/files/cacerts/60afe812.0
      	luni/src/main/files/cacerts/635ccfd5.0
      	luni/src/main/files/cacerts/67495436.0
      	luni/src/main/files/cacerts/69105f4f.0
      	luni/src/main/files/cacerts/6adf0799.0
      	luni/src/main/files/cacerts/6e8bf996.0
      	luni/src/main/files/cacerts/6fcc125d.0
      	luni/src/main/files/cacerts/72f369af.0
      	luni/src/main/files/cacerts/72fa7371.0
      	luni/src/main/files/cacerts/74c26bd0.0
      	luni/src/main/files/cacerts/75680d2e.0
      	luni/src/main/files/cacerts/7651b327.0
      	luni/src/main/files/cacerts/76579174.0
      	luni/src/main/files/cacerts/7999be0d.0
      	luni/src/main/files/cacerts/7a481e66.0
      	luni/src/main/files/cacerts/7a819ef2.0
      	luni/src/main/files/cacerts/7d3cd826.0
      	luni/src/main/files/cacerts/7d453d8f.0
      	luni/src/main/files/cacerts/81b9768f.0
      	luni/src/main/files/cacerts/8470719d.0
      	luni/src/main/files/cacerts/84cba82f.0
      	luni/src/main/files/cacerts/85cde254.0
      	luni/src/main/files/cacerts/86212b19.0
      	luni/src/main/files/cacerts/87753b0d.0
      	luni/src/main/files/cacerts/882de061.0
      	luni/src/main/files/cacerts/895cad1a.0
      	luni/src/main/files/cacerts/89c02a45.0
      	luni/src/main/files/cacerts/8f7b96c4.0
      	luni/src/main/files/cacerts/9339512a.0
      	luni/src/main/files/cacerts/9685a493.0
      	luni/src/main/files/cacerts/9772ca32.0
      	luni/src/main/files/cacerts/9d6523ce.0
      	luni/src/main/files/cacerts/9dbefe7b.0
      	luni/src/main/files/cacerts/9f533518.0
      	luni/src/main/files/cacerts/a0bc6fbb.0
      	luni/src/main/files/cacerts/a15b3b6b.0
      	luni/src/main/files/cacerts/a3896b44.0
      	luni/src/main/files/cacerts/a7605362.0
      	luni/src/main/files/cacerts/a7d2cf64.0
      	luni/src/main/files/cacerts/ab5346f4.0
      	luni/src/main/files/cacerts/add67345.0
      	luni/src/main/files/cacerts/b0f3e76e.0
      	luni/src/main/files/cacerts/bc3f2570.0
      	luni/src/main/files/cacerts/bcdd5959.0
      	luni/src/main/files/cacerts/bda4cc84.0
      	luni/src/main/files/cacerts/bdacca6f.0
      	luni/src/main/files/cacerts/bf64f35b.0
      	luni/src/main/files/cacerts/c0cafbd2.0
      	luni/src/main/files/cacerts/c215bc69.0
      	luni/src/main/files/cacerts/c33a80d4.0
      	luni/src/main/files/cacerts/c527e4ab.0
      	luni/src/main/files/cacerts/c7e2a638.0
      	luni/src/main/files/cacerts/c8763593.0
      	luni/src/main/files/cacerts/ccc52f49.0
      	luni/src/main/files/cacerts/cdaebb72.0
      	luni/src/main/files/cacerts/cf701eeb.0
      	luni/src/main/files/cacerts/d16a5865.0
      	luni/src/main/files/cacerts/d537fba6.0
      	luni/src/main/files/cacerts/d64f06f3.0
      	luni/src/main/files/cacerts/d777342d.0
      	luni/src/main/files/cacerts/d8274e24.0
      	luni/src/main/files/cacerts/dbc54cab.0
      	luni/src/main/files/cacerts/ddc328ff.0
      	luni/src/main/files/cacerts/e48193cf.0
      	luni/src/main/files/cacerts/e60bf0c0.0
      	luni/src/main/files/cacerts/e775ed2d.0
      	luni/src/main/files/cacerts/e7b8d656.0
      	luni/src/main/files/cacerts/e8651083.0
      	luni/src/main/files/cacerts/ea169617.0
      	luni/src/main/files/cacerts/eb375c3e.0
      	luni/src/main/files/cacerts/ed049835.0
      	luni/src/main/files/cacerts/ed524cf5.0
      	luni/src/main/files/cacerts/ee7cd6fb.0
      	luni/src/main/files/cacerts/f4996e82.0
      	luni/src/main/files/cacerts/f58a60fe.0
      	luni/src/main/files/cacerts/f61bff45.0
      	luni/src/main/files/cacerts/f80cc7f6.0
      	luni/src/main/files/cacerts/fac084d7.0
      	luni/src/main/files/cacerts/facacbc6.0
      	luni/src/main/files/cacerts/fde84897.0
      	luni/src/main/files/cacerts/ff783690.0
      
          Change IntegralToString.intToHexString to take width argument to
          allow for leading zero padding. Updated existing callers to
          specify 0 padding desired. Add testing of new padding
          functionality.
      
      	luni/src/main/java/java/lang/Character.java
      	luni/src/main/java/java/lang/Integer.java
      	luni/src/main/java/java/lang/IntegralToString.java
      	luni/src/test/java/libcore/java/lang/IntegralToStringTest.java
      
          Improved to throw Exceptions with proper causes
      
      	luni/src/main/java/java/security/KeyStore.java
      	luni/src/main/java/java/security/Policy.java
      	luni/src/main/java/java/security/cert/CertificateFactory.java
      	luni/src/main/java/javax/crypto/Cipher.java
      	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignature.java
      
          Indentation fixes
      
      	luni/src/main/java/java/security/SecureRandom.java
      
          Fix X509CRLSelector.getIssuerNames to clone result and added test to cover this.
      
      	luni/src/main/java/java/security/cert/X509CRLSelector.java
      	luni/src/test/java/libcore/java/security/cert/X509CRLSelectorTest.java
      
          Fixed bug where we created an X500Principal via a String
          representation instead of from its original encoded bytes. This
          led to a difficult to track down bug where CA 418595b9.0 where the
          NativeCode.X509_NAME_hash of a Harmony (but not BouncyCastle)
          X509Certificate would not hash to the expected value because the
          encoded form used an ASN.1 PrintableString instead of the
          UTF8String form found in the original certificate.
      
      	luni/src/main/java/org/apache/harmony/security/x501/Name.java
      
          Add a new RootKeyStoreSpi and register it as the
          AndroidCAStore. This new read-only KeyStore implementation that
          looks for certificates in $ANDROID_ROOT/etc/security/cacerts/
          directory, which is /system/etc/security/cacerts/ on devices. The
          files are stored in the directory based on the older md5 based
          OpenSSL X509_NAME_hash function (now referred to as
          X509_NAME_hash_old in OpenSSL 1.0)
      
      	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
      	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
      
          Added OpenSSL compatible X509_NAME_hash and X509_NAME_hash_old
          functions for producting an int hash value from an X500Principal.
      
      	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
      
          Changed TrustManagerFactoryImpl to use AndroidCAStore for its default KeyStore
      
      	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerFactoryImpl.java
      
          Changed TrustManagerImpl to be AndroidCAStore aware. If it detects
          an AndroidCAStore, it avoids generating the acceptedIssuers array
          at constructions, since doing so would force us to parse all
          certificates in the store and the value is only typically used by
          SSLServerSockets when requesting a client certifcate. Because we
          don't load all the trusted CAs into the IndexedPKIXParameters at
          startup in the case of AndroidCAStore, we now check for new CAs
          when examining the cert chain for unnecessary TrustAnchors and for
          a newly discovered issuer at the end of the chain before
          validation.
      
      	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
      
          Updated KeyStoreTest to cope with read only KeyStore. Update
          test_cacerts_bks (now renamed test_cacerts) to use the
          AndroidCAStore for validating system CA certificate
          validity. Register AndroidCAStore as an expected KeyStore type
          with StandardNames.
      
      	luni/src/test/java/libcore/java/security/KeyStoreTest.java
      	support/src/test/java/libcore/java/security/StandardNames.java
      
          Added test of X500Principal serialization while investigating Name
          encoding issue. However, the actual Name bug was found and
          verified by the new test_cacerts test.
      
      	luni/src/test/java/libcore/javax/security/auth/x500/X500PrincipalTest.java
      
      vendor/google
      
          Change canonical format for checked in cacerts to have PEM
          certificate at the top, as required by Harmony's X.509
          CertificateFactory.
      
      	tools/cacerts/certimport.py
      
      Change-Id: If0c9de430f13babb07f96a1177897c536f3db08d
      347b2a60
  5. 18 Mar, 2011 1 commit
  6. 17 Mar, 2011 1 commit
  7. 07 Mar, 2011 1 commit
  8. 08 Jan, 2011 1 commit
  9. 24 Jun, 2010 1 commit
  10. 30 Apr, 2010 1 commit
  11. 26 Nov, 2009 1 commit
    • Elliott Hughes's avatar
      DO NOT MERGE: backport the IPv6 NetworkInterface/multicast fixes. · 381cd64d
      Elliott Hughes authored
      This is a backport of the minimal changes from master (flan) to fix IPv6
      multicasting. Specifically, it fixes NetworkInterface to report IPv6 addresses,
      it fixes GenericIPMreq so we pass the interface indexes down to native code,
      it replaces our old copy of harmony's MulticastSocketTest with the current
      upstream version (to avoid bogus failures), and it brings back one small
      "unrelated" fix to OSNetworkSystem.cpp that's necessary to prevent failures
      in later parts of tests we used to fail too early to notice secondary
      problems.
      
      This passes all the (fixed) MulticastSocketTest tests, causes no regressions
      in the whole net.AllTests suite, and fixes the user-submitted application
      that started the investigation.
      
      Bug: 1750581
      381cd64d
  12. 13 Nov, 2009 1 commit
  13. 26 Oct, 2009 1 commit
  14. 29 Apr, 2009 1 commit
  15. 03 Apr, 2009 1 commit
    • Jorg Pleumann's avatar
      AI 144390: am: CL 144230 am: CL 144229 Modifying build of core-tests.jar version for · 0d1eac37
      Jorg Pleumann authored
        the RI so that the required test annotation
        classes are copied over from core.jar. Means
        we don't have to maintain duplicate versions
        of these classes (and there will be less
        verifier complaints), so these are going away
        in the process.
        Original author: jorgp
        Merged from: //branches/cupcake/...
        Original author: android-build
      
      Automated import of CL 144390
      0d1eac37
  16. 02 Apr, 2009 2 commits
    • Jorg Pleumann's avatar
      AI 144230: am: CL 144229 Modifying build of core-tests.jar version for · 59ac9933
      Jorg Pleumann authored
        the RI so that the required test annotation
        classes are copied over from core.jar. Means
        we don't have to maintain duplicate versions
        of these classes (and there will be less
        verifier complaints), so these are going away
        in the process.
        Original author: jorgp
        Merged from: //branches/cupcake/...
      
      Automated import of CL 144230
      59ac9933
    • Jorg Pleumann's avatar
      AI 144229: Modifying build of core-tests.jar version for · d9673961
      Jorg Pleumann authored
        the RI so that the required test annotation
        classes are copied over from core.jar. Means
        we don't have to maintain duplicate versions
        of these classes (and there will be less
        verifier complaints), so these are going away
        in the process.
        BUG=1285921
      
      Automated import of CL 144229
      d9673961
  17. 04 Mar, 2009 2 commits
  18. 16 Jan, 2009 1 commit
  19. 21 Oct, 2008 1 commit