GitLab

Change-Id: Ie5a988f01eacec67717cf1d529f7d0cd538e874c

SSLSession.getPeerPort is supposed to return -1 when the port is
undefined so now we initialize it to that value.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java

Avoid creating InetAddress to store the OpenSSLSessionImplWrapper host
and port arguments since it was causing an exception on an port value
of -1 and was just used to go back to the original host and port when
creating the SSLSession, which is allowed to return a port value of -1.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

Remove last of KnownFailures for SSLSocketFactory

	luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java

Update classpath for newly seperated out junit jars

	run-core-tests

Change-Id: I646a8f23c3d6ae01f1dd38e40bc9c32d436e6254

Summary:
- Switch to using JSSE cipher suite names
- SSLSessionContext implementation cleanup
- Updated tests

Details:

Switch to using JSSE cipher suite names
- We maintain backward compatability for enabling cipher suites using
  OpenSSL names for old code that did so without checking for the
  presence of the names in the supported list.
- We now have a well defined list of the supported cipher suites which
  are sorted in priority order as specified in JSSE documentation so
  that callers doing:
     s.setEnabledCipherSuites(s.getSupportedCipherSuites())
  will get something reasonable.
- We now have a default cipher suite list that is chose to match RI
  behavior and priority, not based on OpenSSLs default and priorities.

    Details:
    - Added NativeCrypto OPENSSL_TO_STANDARD and STANDARD_TO_OPENSSL
      mapping between naming conventions. STANDARD_TO_OPENSSL is a
      LinkedHashMap so enumerating it gives the proper order for
      SUPPORTED_CIPHER_SUITES.
    - SSL_get_ciphers and SSL_set_cipher_list are removed, we now use
      our own SSL_set_cipher_lists (defined seperately in
      external/openssl/patches/jsse.patch) to set the set and order of
      cipher suites. SSL_CTX_get_ciphers is also removed because we no
      longer rely on the OpenSSL for the default cipher suites
      behavior.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

    Add cipherSuite and protocol field caches for native values,
    mapping the cipherSuite to a JSSE name from the OpenSSL name
    returned by SSL_SESSION_cipher.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java

    Fixed a long standing bug where we reused sessions found in the
    client host/port cache even if the old protocol and cipher suite
    where no longer compatible with what was specified by
    setEnabledCipherSuites and setProtocols.  Also fixed a recently
    introduced bug where lastAccessedTime was being set on a cached
    session even if it was not reused, found by fixed the above.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

Move most of SSLSessionContext implementation from subclasses to
AbstractSessionContext. This was primarily to align the
implementations of how different sessions id for the same host and
port were handled for RI compatability. client subclasses now focuses
on handling its host/port based cache and both deal with their own
persistent cache details.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java

Tests

   Added some variants of assertSSLSessionContextSize to simplify tests code.
   Broke test_SSLSessionContext_setSessionCacheSize_oneConnect out of
   test_SSLSessionContext_setSessionCacheSize_dynamic. Renamed
   test_SSLSessionContext_setSessionCacheSize_basic to
   test_SSLSessionContext_setSessionCacheSize_noConnect to match name
   of _oneConnect. _dynamic was cleaned up a bit as getting it working
   was the only goal of this change list. Fixed to filter
   SSL_RSA_EXPORT_ ciphers since our test certificate key length is
   too long for those. Lower test requirement to 3 unique cipher suites.

	luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java

   Added checks that cipher suites and protocols have standard names.

	luni/src/test/java/javax/net/ssl/SSLSessionTest.java

   Removing known failures related to cipher suite naming. Fixed bug
   of using assertNotNull instead of assertTrue. Added extra
   size/length check which would have found the
   assertNotNull/assertTrue issue.

	luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

   Fixing test the explicitly worked around broken cipher suite naming.

	luni/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java

   Updated standard cipher suites to RI 6 list, which also now
   specifies ordering, which we now align with.

	support/src/test/java/javax/net/ssl/StandardNames.java

Unrelated

   Remove more now obsolete jars from the test classpath

	run-core-tests

Change-Id: I45c274a9327c9a1aeeccb39ecaf5a3fbe2903c8f

Summary:
- SSLSocket.startHandshake now generalized to handle both client and
  server handshaking as well as client/server role reversal
- handshake_cutthrough.patch is properly integrated with support
  delayed handshake completion now integrated with delayed updates to
  session cache and callbacks to HandshakeCompletedListeners
- Many fixes to SSLSession, which is the end product of the handshake
- Generally more RI and SSLEngine compliant behavior.
- More native code deletion through unification of client/server
  handshake, unification of client/server certificate chain
  verification, etc. More native code moved from various OpenSSL
  classes to cleaner NativeCrypto interfaces that more directly mirror
  the OpenSSL interfaces.

Details:

Delay SSL_new call until handshake time when we know for sure whether
the OpenSSLSocket will be used in client or server mode and we can
allocate the SSL_new from the apppriate client or server SSL_CTX used
for session caching.

    Now that no SSL is allocated for an OpenSSLServerSocketImpl,
    store enabledProtocols and enabledCipherSuites in instance String
    arrays. Use new NativeCrypto.checkEnabled* methdods for argument
    validation. OpenSSLServerSocketImpl passes these enabled arrays to
    a new OpenSSLSocket constructor during accept(). Removed finalizer
    from OpenSSLServerSocketImpl since it no longer has any native
    storage and socket is already closed by PlainSocketImpl finalizer.

	X-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    OpenSSLSocket major overhaul to properly implement handshaking
    including switching client and server roles and session ID caching
    with handshake_cutthrough.patch.
    - now implements NativeCrypto.HandshakeCompletedListeners for
      properly timed callback when handshake_cutthrough.patch delays
      handshake completion until first SSLSocket.getInputStream()
      read.
    - similar enabledProtocols/enabledCipherSuites changes as
      OpenSSLServerSocketImpl since we need to store the state
      somewhere other than an openssl SSL struct until we are sure if
      we are doing a client or server handshake.
    - added handshake completed field so that startHandshake can tell
      if handshake was completed during SSL_do_handshake or will be
      completed later by a call to HandshakeCompletedCallback.handshakeCompleted.
    - removed nativegetsession as the equivalent value is now returned by SSL_do_handshake
    - removed nativecipherauthenticationmethod as the value is now passed to verifyCertificateChain
    - startHandshake is now a wrapper that forces a fully synchronous handshake
    - startHandshake(boolean) is the the most changed method in this
      changelist, combinding both the old startHandshake logic, but
      also the OpenSSLSocketImpl.accept code as well. Notable
      differences from the old code:
      * now responsible for SSL_new
      * single code path for client/server handshaking dealing with SSLSession caching
      * now handles server certificate requests previously in
        OpenSSLServerSocketImpl, since a client can request to act
        like a server and therefore need to be able to make suck
        demands on its peer.
      * supports turning off handshake_cutthrough at a callers request
        via explicit call to startHandshake()
      * certificate verification happens during an upcall from openssl
        during SSL_do_handshake to verifyCertificateChain for both
        client and server cases. previously there was not quite right
        upcall support on the server side and post-handshake checking
        on the client, which did not allow for a proper alert to be
        sent to the peer informing them of the issue, which the RI and
        SSLEngine code do.
      * Similarly, setEnableSessionCreation(false) did not send an
        alert to the peer as the RI and SSLEngine code in the client
        case. In the server case, nothing was previously done.
      * The use of local certificates was not determined from
        introspecting the SSL struct post-handshake. This is now
        partially implemented and will be completed in a later change.
    - SSLSocket.{shutdownInput,shutdownOutput} are now restored to the
      proper behavior of throwing UnsupportedOperationException.
    - Gutted OpenSSLSocketImpl finalizer. The comment explains in
      detail the trouble of having the finalizer do anything more than
      touch its the instances own state due to unpredictable order of
      finalization and the future possability of parallel
      finalization.

        x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

    SSLSession fixes
    - Made OpenSSLSessionImpl.sessionContext non-final so it could be
      nulled by SSLSession.invalidate to match RI behavior.
    - As noted in AbstractSessionContext discussion, removed
      OpenSSLSessionImpl constructor that took SSLParameters, instead
      we take the possibly null localCertificates
      directly. OpenSSLSessionImpl.getLocalCertificates now simply
      returns the localCertificates member variable instead of
      incorrectly trying to query the KeyManager for certificates that
      may not have been used.
    - OpenSSLSessionImpl now caches its native ID to avoid numerious
      native calls but also now provides as resetId which will update
      the cache when a delayed handshake happens due to the
      handshake_cutthrough.patch
    - Fixed bug in getPeerPrincipal that it wasn't calling
      getPeerCertificates to initialize peerCertificates field.
    - freeImpl is now 'public static' in preparation for move to NativeCrypto.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java

    The old SSLSessionImpl class that is still used for representing
    the invalid session now returns
       isValid => false
    and
       getProtocol => "NONE"
    to match the RI.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLSessionImpl.java

    NativeCrypto improvements
    - Adding NativeCrypto.SSL_{get,set,clear}_mode similar to
      NativeCrypto.SSL_{get,set,clear}_options along with
      SSL_MODE_HANDSHAKE_CUTTHROUGH constant which is used to
      explicitly disable/enable the Android handshake_cutthrough.patch
      behavior.
    - Added missing NativeCrypto.SSL_clear_options and used to properly
      implement NativeCrypto.setEnabledProtocols.
    - Added NativeCrypto.checkEnabledProtocols and
      NativeCrypto.checkEnabledCipherSuites helpers to implement
      exception compatability with the RI. While some of this code is
      refactored from existing NativeCrypto code, it is now also used
      by OpenSSLServerSocketImpl and OpenSSLSocketImpl which maintain
      their own String[]s of what is enabled until startHandshake time. (see below)
    - Changed NativeCrypto.findSuite to use foreach style loop for clarity.
    - Moved OpenSSLServerSocketImpl nativesetclientauth and
      SSL_VERIFY_* constants to NativeCrypto.SSL_set_verify
    - Added NativeCrypto.SSL_set_session based on part of old OpenSSLSocketImpl.nativeconnect
    - Added NativeCrypto.SSL_set_session_creation_enabled to properly implement
      SSLSocket.setEnableSessionCreation(false) which uses new
      external/openssl/patches/jsse.patch functionality.
    - New NativeCrypto.SSL_do_handshake consolidates
      OpenSSLSocketImpl.{nativeconnect, nativeaccept} while properly
      implementing SSLSocket.setUseClientMode(false) for clients and
      SSLSocket.setUseClientMode(true) for servers.
    - New NativeCrypto.SSL_get_certificate is determine if local
      certificate requested by peer. While functional, currently
      NativeCrypto.SSL_new always sets a value via SSL_use_certificate
      instead of relying on a callback set via SSL_CTX_set_client_cert_cb.
    - Changed NativeCrypto.CertificateChainVerifier.verifyCertificateChain
      to throw a checked CertificateException to match TrustManager.{checkServerTrusted,
      checkClientTrusted}. It also takes an authMethod so avoid the need to call
      the old OpenSSLSocketImpl.nativecipherauthenticationmethod.
    - Added NativeCrypto.HandshakeCompletedCallback which has its
      handshakeCompleted method called from OpenSSL when the now
      delayed handshake_cutthrough.patch handshake is completed so
      SSLSession caching can be delayed until a session ID is available
      and to provide a better time for HandshakeCompletedListeners to
      be notified.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

    Some other changes specific to the naitve side of the code
    - Added JNITRACE calls (enabled at compile time with JNI_TRACE)
      for future debugging.
    - throw SSLException subclass of IOException instead IOException
      itself for better RI compatability
	x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
    - changed from old struct app_data to new class AppData at enh's request

    Remove dubious usage of SSLParameters within AbstractSessionContext
    to pass through to OpenSSLSessionImpl constructor for use in
    calling getLocalCertificates for sessions created from a byte array
    with AbstractSessionContext.toSession. Our
    AbstractSessionContext.toBytes doesn't currently include the local
    certificates in its output, so it cannot be expected to have in toSession.

	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
	x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java

Test maintenance

    openssl 1.0.0 adds support for RFC 4507 session tickets which
    remove the need for server side session state. These tests needed
    to be updated for this new behavior. If IS_RI is true, they still
    follow the old behavior.

	luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
	luni/src/test/java/javax/net/ssl/SSLSessionTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

    Update KnownFailures and add specific comments at point of failure
    about what remains to be fixed.

	luni/src/test/java/javax/net/ssl/SSLSessionTest.java

    Added tests to cover the use of standard cipher suite
    names. Historically Android has used OpenSSL string constants for
    cipher suite names, but JSSE actually specifies supported and
    expected names.

	luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

    Create new support/src/test/java/javax/net/ssl with old Helper
    support code pulled from javax.net.ssl tests:
      SSLContextTest.Helper -> TestSSLContext
      SSLSocketTest.Helper -> TestSSLSocketPair
      SSLSessionTest.Helper -> TestSSLSessions
    Also added new StandardNames here, which contains a collection of
    expected constants for test validation.

	luni/src/test/java/javax/net/ssl/SSLContextTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java
	luni/src/test/java/javax/net/ssl/SSLSessionTest.java
	support/src/test/java/javax/net/ssl/TestSSLContext.java
	support/src/test/java/javax/net/ssl/TestSSLSocketPair.java
	support/src/test/java/javax/net/ssl/TestSSLSessions.java
	support/src/test/java/javax/net/ssl/StandardNames.java

    Removed some now fixed KnownFailures and unneeded !IS_RI
    code. Marked some [Un]KnownFailures where exceptions are thrown
    and visible in the output but aren't correctly causing the test to
    fail. Fixed assertNonNull to assertTrue in
    test_SSLSocketTest_Test_create. Added
    stress_test_SSLSocketTest_Test_create to track down test
    flakiness, leading to rewrite of SSLSocket finalization.

	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

    Reenable javax.net.ssl.AllTests now that it is does not hang

	luni/src/test/java/tests/AllTests.java

    Improve error messages while debugging overflow problem.
    Added new assert when debugging new RFC 4507 behavior.
    Removed KnownFailure annotation for now working test case.
	x-net/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java

Client code changes

   Now that startHandshake implies synchronous vs Android's default async handshake, remove unneeded explict calls to SSLSocket.startHandshake

	luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java

   Removed IBM 1.4.x codepath that involved startHandshake

	x-net/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java

Unrelated

   Remove unneed SSLSocket.setUseClientMode while removing unneeded SSLSocket.startHandshake

	luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java

   Removed warnings due to now missing modules in classpath

	run-core-tests

Change-Id: I6e149ae259b3feccdfb0673209c85cfeb60befc8

Change-Id: Ib4356b3cd57490df8ff246ea6a4bc1c269ba848b

Also move our ICU tests into our little tree of tests.

Bug: 2596471
Change-Id: I73b53d74c26ef9bf670f12cac58b51ba61eefead

These new tests focusi on areas where I am making OpenSSL
implementation chages, where I found differences from the RI when
working on that code, and places where we were missing functionality
compared to the spec. They all work on the RI, many fail on Dalvik

	luni/src/test/java/javax/net/ssl/AllTests.java
	luni/src/test/java/javax/net/ssl/SSLContextTest.java
	luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
	luni/src/test/java/javax/net/ssl/SSLSessionTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
	luni/src/test/java/javax/net/ssl/SSLSocketTest.java

    Adding my javax.net.ssl.AllTests to the main list

	luni/src/test/java/tests/AllTests.java

    Adding Bouncy Castle provider /usr/share/java/bcprov.jar to host
    classpath for testing with --java-home /usr/lib/jvm/java-6-openjdk

	tools/runner/java/dalvik/runner/JavaVm.java

    Fix usage comment to reboot to bootloader
	run-core-tests

Change-Id: I7a7998fc7bedc7a00b1836517d043c6a27c8bd4d

cshapiro was complaining about this the other week, and I needed it today.
We should fix the duplication, but Android's crippled shell makes that
awkward, and this is the simplest thing that lets us carry on working...

Change-Id: I4c1a764d6069ba55a021631acdc4d6a665df0089

The JDBC driver is from a different source
(http://www.ch-werner.de/javasqlite/overview-summary.html) and is only
really needed for testing.

Bug 2468870 asks that we don't eagerly register the native methods for
these classes. That bug is fixed by this change.

Bug 2198667 asks that we stop shipping this JDBC driver as part of the
base system. That bug is not addressed by this change: the classes and
native code are now in their own, separate, .jar and .so files -- so
they'll be easier to remove in future -- but for now those files are
still in /system/framework and /system/lib respectively.

Bug: 2468870
Bug: 2198667

Update run-core-tests' documentation, remove the leading : from the classpath, and add the json tests to the classpath.

(I did look at replacing this with a bash script we run on the host, but adb
turns out to have a command-line limit of 1024 bytes, and our classpath alone
is ~850 bytes long!)

I started off with a mission to remove uses of dalvik.annotation.* (stuff
like @TestTargetNew and other useless junk that just makes it harder to
stay in sync with upstream). I wrote a script to go through tests showing
me the diff between what we have and what upstream has, thinking that in
cases where upstream has also added tests, I may as well pull them in at
the same time...

...but I didn't realize how close we were to having dx fill its 1.5GiB heap.

After trying various alternatives, I decided to bite the bullet and break
core-tests up into one .jar per module. This adds parallelism back into this,
the slowest part of our build. (I can do even better, but I'll do that in a
separate patch, preferably after we've merged recent changes from master.)

Only a couple of dependencies were problematic: the worthless TestSuiteFactory
which already contained a comment suggesting we get rid of it, and the fact
that some tests -- most notably the concurrent ones -- also contained main
methods that started the JUnit tty-based TestRunner.

(In the long run, we want to be running the harmony tests directly from a
pristine "svn co" of upstream, using DalvikRunner. But this will be a big
help in the meantime, and starts the work of getting our current copy of
the tests into a state where we can start to extract any meaningful
changes/additions we've made.)

This adds -Xcheck:jni to the core test command line.  The tests will run
a bit more slowly when native code is involved, but I don't think we're
doing any performance testing in here, and the extra JNI testing is
useful.

dalvikvm sets "user.name" to $USER, but that environment variable isn't set
when we run the tests. I was looking at our DatagramSocketTest failure, and
it turns out it's another instance of "root can do stuff other users can't".
The typical way harmony tests check whether they're running as root is to
compare "user.name" against "root", but from run-core-tests they see "".

This helps to avoid bad interactions between tests that rely
on the "java.home" property for different things. Preferences
tests tend to change it (to the writable temp directory), but
the certs tests fall back to it for the trust store.

See also TrustManagerFactoryImpl.java.

Notable changes
     - Stripped "@since Android 1.0" from many files. Most files
       are now 100% the same in Dalvik and Harmony.
     - AbstractStringBuilder.reverse() supports surrogates
     - AbstractStringBuilder shares less to waste less memory
     - Bitset optimized
     - BufferedInputStream changed to support unsynchronized close()
     - BufferedOutputStream does flushInternal
     - BufferedReader supports EBCDIC NEL
     - Collections.synchronizedList().indexOf() does a copy for more concurrency
     - Classes in nio module changed: DatagramChannelImpl, SocketChannelImpl
       and ServerSocketChannelImpl (these depend on internal APIs changed in
       this update)
     - DataInputStream/DataOutputStream now use a small buffer to limit the
       number of times the underlying stream is accessed
     - Date now has a minutes offset, more efficient toString()
     - ExposedByteArrayInputStream: new internal class
     - DeleteOnExit moved to top-level class
     - FileDescriptor.isValid() now non-native
     - Float, Double lessThan optimized (fix for compare(-0.0F, 0.0F) still pending)
     - FileURLConnection now guesses content types from streams
     - HashMap iterator changes
     - Hashtable iterator changes
     - INetworkSystem
       - removes bind2(), createMulticastSocket, sendStream(),
       - renames createSocket to createStreamSocket
     - JarURLConnection rewritten
     - LinkedHashMap: new iterator
     - Locale, Currency, TimeZone: now use ICU in Harmony, plain Java in Dalvik
     - ObjectInputStream: Accessor objects in Harmony, direct native in Dalvik
     - ProxyClassFile - many changes
     - String - optimized ascii for toLowerCase, toUpperCase, compare
     - Timer - rewritten
     - TreeMap - rewritten
     - URLClassLoader - new
     - URLConnection - new guessContentTypeFromStream(), uses org.apache.harmony.awt.www.content
       to lookup content type handlers