Fix HttpsURLConnectionTest failures
Focusing on HttpsURLConnectionTest.test_doOutput found a number of
unrelated issues, all of which are addressed by this change:
- {HttpURLConnection,HttpsURLConnection}.connect not ignored on subsequent calls
- OpenSSLSessionImpl.{getPeerCertificates,getPeerCertificateChain} did not include client certificate
- OpenSSLSocketImpl.getSession did not skip handshake when SSLSession was already available
- Fix 3 test issues in HttpsURLConnectionTest
- Fix 2 test issues in NativeCryptoTest
Details:
HttpsURLConnectionTest tests (such as test_doOutput) that
tried to call URLConnection.connect() at the end of the test
were raising exception. The RI URLConnection.connect
documentation says calls on connected URLConnections should be ignored.
Use "connected" instead of "connection != null" as reason to ignore "connect"
luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpURLConnectionImpl.java
luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/https/HttpsURLConnectionImpl.java
Converted one caller of getPeerCertificateChain to
getPeerCertificates which is the new fast path. Track
OpenSSLSessionImpl change to take "java" vs "javax" certificates.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
Move SSL_SESSION_get_peer_cert_chain to be SSL_get_peer_cert_chain
(similar to SSL_get_certificate). The problem was that
SSL_SESSION_get_peer_cert_chain used SSL_get_peer_cert_chain which
in the server case did not include the client cert itself, which
required a call to SSL_get_peer_certificate, which needed the
SSL instance pointer.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
luni/src/main/native/NativeCrypto.cpp
Improved NativeCrypto_SSL_set_verify tracing
luni/src/main/native/NativeCrypto.cpp
As a side effect of the move to
NativeCrypto.SSL_get_peer_certificate, it no longer made sense to
lazily create the peer certificate chain since the SSLSession
should not depend on a particular SSL instance. The peer chain is
now passed in as part of the constructor and the peerCertifcates
in the OpenSSLSession can be final (also made localCertificates
final). Since peerCertifcates is the newew (java not javax) API
and more commonly used, it is what is created from the native
code, and peerCertificateChain is not derived from peerCertifcates
instead of vice versa.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
Factored out code to used to create local certificate chain to
from array of DER byte arrays into createCertChain so it can be
reused to create peer certificate chain.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Fix OpenSSLSocketImpl.getSession to check for existing sslSession
to and skip handshake, which was causing an exception if the
connection had already been closed.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Fix test issues: Removed PrintStream wrapper of System.out which
was causing vogar to lose output. Added null check in closeSocket,
which can happen in timeout case. Removed use of
InputStream.available which in OpenSSLSocket case returned 0,
causing test to fail incorrectly.
luni/src/test/java/org/apache/harmony/luni/tests/internal/net/www/protocol/https/HttpsURLConnectionTest.java
Updating to track change to SSL_get_peer_cert_chain. Also fixed
some other unrelated test failures caused by IOException on
shutdown and false start (aka SSL_MODE_HANDSHAKE_CUTTHROUGH)
causing clientCallback.handshakeCompleted to be false.
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Bug: b/
2981767
Change-Id: Id083beb6496558296c2f74f51ab0970e158b23a9