git.osdn.net Git - android-x86/libcore.git/log

Merge "Favor Harmony's CertificateFactory.X509 over BouncyCastle's" into gingerbread

Favor Harmony's CertificateFactory.X509 over BouncyCastle's

Bug: 2225935
Change-Id: Ibca92c9fa34fc539ebb8ea86fb0ced62e3dbe5de

Merge "Test updates for new SecretKeyFactory.PBKDF2WithHmacSHA1 support" into gingerbread

Test updates for new SecretKeyFactory.PBKDF2WithHmacSHA1 support

Bug: 3059950

Change-Id: I24546cb9e38b17ea615e36de3606ec6d373df594

Merge "Remove logging tests duplicated from Harmony" into gingerbread

Merge "Delete test for the AES algorithm parameter generator, which we no longer support." into gingerbread

Delete test for the AES algorithm parameter generator, which we no longer support.

The RI does not include an algorithm parameter generator for AES.

http://b/3061194

BouncyCastle dropped support for AES on February 18 2007:
http://www.bouncycastle.org/viewcvs/viewcvs.cgi/java/crypto/src/org/bouncycastle/jce/provider/BouncyCastleProvider.java.diff?r1=1.38&r2=1.39
http://www.bouncycastle.org/viewcvs/viewcvs.cgi/java/crypto/src/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java.diff?r1=1.3&r2=1.4

Unfortunately, their checkin comment isn't intention-revealing:
  "fixed implictyCa to work with KeyFactory
   added SEED/Camllia support to CMS
   added further ISO9797 mac support
   further refactoring of JCE symmetric cipher code

Change-Id: I9aa045e1b5c8103cdf736efb1eb927c1acc747ae

Fix a test with broken expectations for localized arabic exponent.

Also tagging the RI as failing this test, and fixing a broken bug number
in another test.

Change-Id: I800e82832050d45df6853fd7d3c5bc14e60842d3
http://b/3060661

Merge "Update TestUtils certificates to fix CertPathBuilder1Test and CertPathTest" into gingerbread

Update TestUtils certificates to fix CertPathBuilder1Test and CertPathTest

Bug: 2322662
Change-Id: I8ad9a91f4095807bd710045eef3a97a86b560f49

Remove math tests duplicated from Harmony.

Change-Id: Ia7b24e2f7637b8036b646182cc0411ea83a4b09b

Remove logging tests duplicated from Harmony

Change-Id: I057552b555ee891810d4577b7359ed309d5c1611

Scrub test failures in java.text.

Change-Id: Icee3cd8bd3b8fa4b3902435c66021cabb7fc322d

Merge "SSL* AppData should not hold onto JNI global references" into gingerbread

SSL* AppData should not hold onto JNI global references

Summary:

NativeCrypto.SSL_do_handshake stored JNI global references in its
AppData instance for use in upcalls from OpenSSL that invoke Java
callbacks. However, one of the references was to the
SSLHandshakeCallbacks which in the common case of OpenSSLSocketImpl is
the OpenSSLSocketImpl instance itself. This meant that if code dropped
the OpenSSLSocketImpl without closing (such as Apache HTTP Client),
the instances would never be collected, and perhaps more importantly,
file descriptors would not be closed.

The fix is to pass in the objects required during a callback in all
downcalls to SSL_* methods that could result in a callback and clear
them on return. The existing code already did this for the JNIEnv*, so
that code was expanded to handle setting the jobjects as well.

Details:

In the native code used to extract the FileDescriptor object from a
Socket on the call to NativeCrypto.SSL_do_handshake. However, since we
need this for every read and write operations, we now do this in Java
to avoid the repeated overhead. NativeCrypto.SSL_do_handshake now
takes a FileDescriptor, which it extracted from the Socket the
convenience function using NativeCrypto.getFileDescriptor(Socket)

luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java

   In addition to tracking changes to pass FileDescriptor and
   SSLHandshakeCallbacks, removed final uses of getFieldId since the
   code no longer needs to extract FileDescriptors itself

luni/src/main/native/NativeCrypto.cpp

The Socket field used to be non-null in the wrapper case and null in
the non-wrapper case. To simplify things a bit, "socket == this" in
the non-wrapper case. The socket field is now also final and joined by
a final FileDescriptor field.

luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java

Updated NativeCryptoTest to track FileDescriptor and
SSLHandshakeCallbacks by expanding the Hooks.afterHandshake to provide
them. Also changed to add a 5 second timeout to many test cases.

luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java

Bug: 2989218

Change-Id: Iccef92b59475f3c1929e990893579493ece9d442

Remove an out-of-date expectation.

(You have to remove all the SecurityManager cruft from this SecurityManager
test to see that this expectation is bogus.)

Bug: 1677221
Change-Id: I3907e0c105523195669c32d2aad7e8133f2e7f12

Merge "Better detail messages for System.loadLibrary UnsatisfiedLinkErrors." into gingerbread

Include a message when a task is rejected from an executor.

Browser folks have been seeing this exception in their logcat logs
and it would be handy to give them some insight on why the pool
rejected the task.

Change-Id: I7257b3b174e6e2342e63238a542095bb3f7845f2
http://b/issue?id=3023092

Better detail messages for System.loadLibrary UnsatisfiedLinkErrors.

This has a companion change in dalvik:
https://android-git.corp.google.com/g/71344

Bug: 3044042
Change-Id: Ia665ee59adf1ae1dbb45ba95988355839f4b0f23

Merge "Don't explode if flush() is called when an HTTP upload stream is closed." into gingerbread

Merge "Don't use the decompression-buffer as the skip buffer in InflaterInputStream." into gingerbread

Don't explode if flush() is called when an HTTP upload stream is closed.

Streams like BufferedOutputStream always call flush() even if it is
a no-op. These flushes must be permitted for compatibility with apps
that don't call close() until after the response has been retrieved.

Change-Id: Ic5c86ab6050c6c4d166c44ae5b4fc7a1688e7e45
http://b/3038470

Merge "Add More Support_Locale Conditions to ScannerTest" into gingerbread

Merge "Fix File.getCanonicalizePath to resolve symbolic links." into gingerbread

Fix File.getCanonicalizePath to resolve symbolic links.

This requires fixing a few tests that don't cope with the fact that
all our temporary files are created on /sdcard, which is a symbolic
link to /mnt/sdcard, meaning that the canonical path of any temporary
file is different from the file's absolute path.

Bug: 3047893
Change-Id: I02245a290b6d2962fb1dd4d2faba30d9aa7168e0

Don't use the decompression-buffer as the skip buffer in InflaterInputStream.

This has bad consequences for the GzipInputStream subclass, which can't
use the input buffer as a scratch space because it needs to CRC all of
the decompressed data.

Change-Id: I310261dc8ef7a5082768cc6d6a2eff4ef77f5a21
http://b/3042574

Merge "CA certificate update" into gingerbread

Add expectations for DecimalFormat test failures.

Change-Id: Iee4dffb4f3dded37866f35f0100d905553b9b3ca

Merge "Fix problems with OldSimpleDateFormatTest.java." into gingerbread

Fix problems with OldSimpleDateFormatTest.java.

This changes the single 'y' documentation to point out our behavior.
http://b/2788874

It also isolates two other failures for week-in-year and timezone
formatting.
http://b/1613709 Minimal days in first week is broken
http://b/3049014 Custom SimpleTimeZones not honored by SimpleDateFormat

Change-Id: Ic632bf70076fe0dfd376317379dc363269d5b2df

Fix IP_MULTICAST_IF getsockopt.

Also clean out test cruft so we can run on the RI, and remove
SecurityManager cruft so we can run more tests. Our failures
now match the RI's (but I'm not planning on fixing the tests
right now, nor have I checked the upstream tests).

Bug: 3045865
Change-Id: I326fff9753faa88eacb20a04ffd2f2e84e76259a

CA certificate update

Added    SHA1      : B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E
         Subject   : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2

Added    SHA1      : 92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F
         Subject   : C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2

Bug: 2994278
Change-Id: I29ab0219a8d5ba04b6812330516a781b9e25a929

Merge "Support creating unbound server sockets in DefaultServerSocketFactory." into gingerbread

Support creating unbound server sockets in DefaultServerSocketFactory.

Change-Id: I34106bb55ad99a134b4aae4e24e61b59c0aaa967
http://b/2587385

Merge "Scrub missing calls to super.finalize()" into gingerbread

Scrub missing calls to super.finalize()

Bug: 3024226
Change-Id: I6642cb9d4929ba72244529efe4ebdfa595ae4fa7

Merge "Tests for ServerSocketFactory.getDefault()." into gingerbread

Tests for ServerSocketFactory.getDefault().

Motivated by http://b/2587385

Change-Id: If30898859f869c88342d1069a2425575752ebf6e

Merge "Fix a problem where URL.equals() was returning true when both hosts couldn't resolve." into gingerbread

Fix a problem where URL.equals() was returning true when both hosts couldn't resolve.

See http://b/3045007

Change-Id: I83f2a0d8888dd30aaf6099049ce8008487d4337d

Fix problems where knownfailures has drifted out of date from our suite.

http://b/3045163.

Change-Id: I9c9c6d4429f09d5f5cd92447de9a3c9d67294286

Remove java.net tests that are redundant with Harmony.

Change-Id: I01d6b3633a6de8a075982975d4cbf6c08e757490

Merge "Remove java.text tests duplicated from Harmony" into gingerbread

Merge "Add submitter's test for a publicly-reported SimpleTimeZone.clone bug I already fixed." into gingerbread

Add submitter's test for a publicly-reported SimpleTimeZone.clone bug I already fixed.

Bug: http://code.google.com/p/android/issues/detail?id=11542
Change-Id: Ic13e6083ec26e9d8725e94294f7cd69902e69dd8

Merge "CA certificate update" into gingerbread

Merge "Update expectations for tests failing only on the host." into gingerbread

Update expectations for tests failing only on the host.

Change-Id: Ieb30ef5b4607f7dfed0b873a10e3dcb31139141d

Remove java.text tests duplicated from Harmony

Change-Id: Ib20c8956be045158225d08327781a5e16ca08689

Improve DateFormat.parse's exception detail.

Bug: 3041734
Change-Id: I73e9d2aefecc5fe67415eb3a6586294f8dbbcb82

Somewhat perfunctory javadoc for the new Java 6 JDBC APIs.

I feel dirty.

Bug: 3038452
Change-Id: I7ecd24b09c4e37a5ad29de4c6ba50a6e151a1296

Don't wrap select(2) in TEMP_FAILURE_RETRY.

Luckily, since the caller has to cope with us saying "we're not connected yet,
try again", we can just go that route.

I've also added another plausible possible exception to one of the tests, seen
once when testing on a host dalvikvm.

Bug: 3022824
Change-Id: Ia155f86f9f7b9b0a54e58c55f668faaebcbda55e

Merge "Remove FormatterTest tests duplicated with Harmony." into gingerbread

Remove FormatterTest tests duplicated with Harmony.

Change-Id: I9c95aac22b9df7efff6595e94700a17cfc5d3d7b

Merge "Fix OpenSSLSessionImpl.getValueNames regression" into gingerbread

Attach bugs to failures in MathTest and StrictMathTest.

Change-Id: Ifd0cf35e6e3dee4fe512db962db5f44c6e614af4

Fix OpenSSLSessionImpl.getValueNames regression

In e32b21f14d52bac429a9c54fe031f9e92c911d64, the code was converted to
use Objects.equals. However, because of a typo, an autoboxed Boolean
was passed instead of an AccessControlContext. I reviewed the rest of
the original change to make sure there were no other instances of this
regression.

Also cleaned up the SSLSessionTest (fixing two broken tests
test_getLocalPrincipal and test_getPeerPrincipal) and fixed a
whitespace issue in AccessControlContext.

Change-Id: Icaee8a0c2f5f527bea7a80037fe3f99c509d9f42

Attach charset tests to their tracking bugs.

Change-Id: I598a6b34a662e528f9b03a41f419bf7e47755ce2

Merge "OpenSSLSocketImpl should not call NativeCrypto.SSL_set_client_CA_list with an empty array" into gingerbread

OpenSSLSocketImpl should not call NativeCrypto.SSL_set_client_CA_list with an empty array

Bug: 3034616
Change-Id: Ib39ebfa737910f0ebce5ac2ad87715579bd7aa3d

Merge "Rely on the test runner to ensure a pristine VM." into gingerbread

Rely on the test runner to ensure a pristine VM.

Change-Id: I6f5bfad6f861eb7b398ed7d86747d66cea4f2343
http://b/issue?id=2660429

Throw SocketTimeoutException rather than SocketException if connect times out.

Bug: 3032900
Change-Id: I5da70fc55f2366a504b2492f2bc7f2269a57ef14

Merge "Add expectations for some tests failing in Hudson." into gingerbread

Add expectations for some tests failing in Hudson.

Change-Id: Iee064e099a30d4ab6de7a80863df6b1485e23b38

Strip usage of the term 'localhost' from URLConnectionTest.

Change-Id: I8ea7923c3ea72728c7df64c13bdd6f94b91be121
http://b/3032912

Fix ArrayIndexOutOfBoundsExceptions in cert Cache on zero filled array input

The Harmony cert Cache has a long[] where each long is a combination
of a hash and an one-based index into another table containing the
cached values. The cache is searched with Arrays.binarySearch, which
should never find an actual hit, since even a hash hit will look like
a miss since the input hash doesn't contain the one-based index and
entries in the table do. However, this approach has the property that
both hits and misses give the same location in the array, which is
subsequently checked for a real hit/miss with a mask.

However, the hash of a byte array filled with zeroes was zero, which
is found by Arrays.binarySearch in unused slots. Unfortunately, the
code never expects a direct hit, so when it does uses -index-1 to find
the slot to check for hit/miss, it ends up with a negative number,
causing the ArrayIndexOutOfBoundsExceptions.

The solution is ensure that when the hash function returns zero to
simply treat it as a miss. It should not be true for any non-trival
legal input.

Bug: 2753594
Change-Id: I2ee282cc28f22a0ca26da311ae683edf548c67a6

Merge "Use JSON for expectations files." into gingerbread

Use JSON for expectations files.

This allows us to print the expectation description when a test
fails. I'll follow this up by wiring vogar to do very clever things
with the statuses of linked bugs.

Change-Id: Idc3048b5dafff864675e760a3bb0c8fea48bb807

Squashed commit of three reverts related to permissions of new files and directories:

Revert "Create new files with permissions 0666 instead of 0777"

This reverts commit 4ea56d66e19d1450960ba26f60ca61a6804a3ba7.

Revert "Fix random permissions being set for new files."

This reverts commit 787bd9e6c46da7e229db6450d94409d2c6da6c2b.

Revert "Remove restricted permissions in file and directory creation"

This reverts commit 9b211124283bfb808e902b91da4df3e291d9bb6c.

BUG: 3028408

NativeCrypto_EVP_PKEY_new_RSA native NULL pointer reference WITH_JNI_TRACE

Device would not boot when WITH_JNI_TRACE was enabled because
RSA_check_key was called with NULL arguments.

Change-Id: I766cc027bab3f05f6b4956120002c572a5791af3

CA certificate update

Added, updated, and remove CAs in cacerts directory with summary below.
Regenerated cacerts.bks

Added    SHA1      : FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D
         Subject   : C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication EV RootCA1

Added    SHA1      : 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42
         Subject   : O=RSA Security Inc, OU=RSA Security 2048 V3

Added    SHA1      : DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
         Subject   : O=Digital Signature Trust Co., CN=DST Root CA X3

Added    SHA1      : 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C
         Subject   : C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr

Added    SHA1      : B4:35:D4:E1:11:9D:1C:66:90:A7:49:EB:B3:94:BD:63:7B:A7:82:B7
         Subject   : CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1, C=TR, L=Ankara, O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005

Added    SHA1      : 81:96:8B:3A:EF:1C:DC:70:F5:FA:32:69:C2:92:A3:63:5B:D1:23:D3
         Subject   : C=US, O=Digital Signature Trust Co., OU=DSTCA E1

Added    SHA1      : A9:E9:78:08:14:37:58:88:F2:05:19:B0:6D:2B:0D:2B:60:16:90:7D
         Subject   : C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2

Added    SHA1      : 66:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B
         Subject   : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority

Added    SHA1      : B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97
         Subject   : C=FR, O=Dhimyotis, CN=Certigna

Added    SHA1      : C8:EC:8C:87:92:69:CB:4B:AB:39:E9:8D:7E:57:67:F3:14:95:73:9D
         Subject   : C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3

Added    SHA1      : CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36
         Subject   : C=CO, O=Sociedad Cameral de Certificaci\xC3\xB3n Digital - Certic\xC3\xA1mara S.A., CN=AC Ra\xC3\xADz Certic\xC3\xA1mara S.A.

Added    SHA1      : 79:98:A3:08:E1:4D:65:85:E6:C2:1E:15:3A:71:9F:BA:5A:D3:4A:D9
         Subject   : CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1, C=TR, L=ANKARA, O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.

Added    SHA1      : D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61
         Subject   : C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2

Added    SHA1      : 33:9B:6B:14:50:24:9B:55:7A:01:87:72:84:D9:E0:2F:C3:D2:D8:E9
         Subject   : C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
Added    SHA1      : DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
         Subject   : C=US, O=GeoTrust Inc., CN=GeoTrust Global CA

Added    SHA1      : 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96
         Subject   : C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority

Added    SHA1      : 85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84
         Subject   : C=US, O=America Online Inc., CN=America Online Root Certification Authority 2

Added    SHA1      : 5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6
         Subject   : O=Cybertrust, Inc, CN=Cybertrust Global Root

Added    SHA1      : AB:48:F3:33:DB:04:AB:B9:C0:72:DA:5B:0C:C1:D0:57:F0:36:9B:46
         Subject   : C=US, O=Digital Signature Trust Co., OU=DSTCA E2

Added    SHA1      : 3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B
         Subject   : C=US, O=SecureTrust Corporation, CN=Secure Global CA

Added    SHA1      : 74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE
         Subject   : C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority

Added    SHA1      : 9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11
         Subject   : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority

Added    SHA1      : 39:4F:F6:85:0B:06:BE:52:E5:18:56:CC:10:E1:80:E8:82:B3:85:CC
         Subject   : C=US, O=Equifax Secure, OU=Equifax Secure eBusiness CA-2

Added    SHA1      : 59:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9
         Subject   : C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA

Replaced SHA1      : BE:E7:72:B3:19:0A:C8:4B:F8:31:F9:60:7D:98:89:EC:6A:96:6C:16
         Subject   : C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
    with SHA1      : B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
         Subject   : C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority

Added    SHA1      : 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
         Subject   : C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3

Added    SHA1      : 37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79
         Subject   : C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2

Added    SHA1      : 87:81:C2:5A:96:BD:C2:FB:4C:65:06:4F:F9:39:0B:26:04:8A:0E:01
         Subject   : C=DK, O=TDC, CN=TDC OCES CA

Added    SHA1      : E7:B4:F6:9D:61:EC:90:69:DB:7E:90:A7:40:1A:3C:F4:7D:4F:E8:EE
         Subject   : C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certificate Authority

Added    SHA1      : C0:60:ED:44:CB:D8:81:BD:0E:F8:6C:0B:A2:87:DD:CF:81:67:47:8C
         Subject   : C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl

Added    SHA1      : F9:CD:0E:2C:DA:76:24:C1:8F:BD:F0:F0:AB:B6:45:B8:F7:FE:D5:7A
         Subject   : CN=ComSign Secured CA, O=ComSign, C=IL

Added    SHA1      : 80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5
         Subject   : C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 3 CA, CN=TC TrustCenter Class 3 CA II

Added    SHA1      : 23:88:C9:D3:71:CC:9E:96:3D:FF:7D:3C:A7:CE:FC:D6:25:EC:19:0D
         Subject   : C=HU, L=Budapest, O=Microsec Ltd., OU=e-Szigno CA, CN=Microsec e-Szigno Root CA

Added    SHA1      : E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79
         Subject   : C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA

Added    SHA1      : 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81
         Subject   : C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA

Added    SHA1      : 0B:77:BE:BB:CB:7A:A2:47:05:DE:CC:0F:BD:6A:02:FC:7A:BD:9B:52
         Subject   : C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network

Added    SHA1      : 93:E6:AB:22:03:03:B5:23:28:DC:DA:56:9E:BA:E4:D1:D1:CC:FB:65
         Subject   : C=US, O=Wells Fargo, OU=Wells Fargo Certification Authority, CN=Wells Fargo Root Certificate Authority

Added    SHA1      : 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62
         Subject   : C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root

Added    SHA1      : 87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11
         Subject   : C=US, O=SecureTrust Corporation, CN=SecureTrust CA

Added    SHA1      : 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
         Subject   : C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2

Added    SHA1      : D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
         Subject   : C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services

Added    SHA1      : B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6
         Subject   : C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority

Added    SHA1      : D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
         Subject   : C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root

Remove   SHA1      : 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
         Subject   : C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority

Added    SHA1      : A1:DB:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B
         Subject   : C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority

Replaced SHA1      : 80:1D:62:D0:7B:44:9D:5C:5C:03:5C:98:EA:61:FA:44:3C:2A:58:FE
         Subject   : O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
    with SHA1      : 50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31
         Subject   : O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)

Added    SHA1      : 8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4
         Subject   : C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2

Added    SHA1      : 56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66
         Subject   : C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2

Added    SHA1      : 3C:71:D7:0E:35:A5:DA:A8:B2:E3:81:2D:C3:67:74:17:F5:99:0D:F3
         Subject   : C=ES, ST=Madrid, L=Madrid, O=IPS Certification Authority s.l. ipsCA, OU=ipsCA, CN=ipsCA Global CA Root/emailAddress=global01@ipsca.com

Added    SHA1      : 47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B
         Subject   : C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2

Added    SHA1      : 02:72:68:29:3E:5F:5D:17:AA:A4:B3:C3:E6:36:1E:1F:92:57:5E:AA
         Subject   : C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 1

Added    SHA1      : 5F:4E:1F:CF:31:B7:91:3B:85:0B:54:F6:E5:FF:50:1A:2B:6F:C6:CF
         Subject   : C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 3

Added    SHA1      : 96:56:CD:7B:57:96:98:95:D0:E1:41:46:68:06:FB:B8:C6:11:06:87
         Subject   : C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA III

Added    SHA1      : D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD
         Subject   : OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign

Remove   SHA1      : 19:98:49:D9:A9:E9:F5:28:43:6C:72:65:30:2A:15:2C:C0:9B:CA:9E
         Subject   : C=US, O=Entrust, Inc., OU=AND ADDITIONAL TERMS GOVERNING USE AND RELIANCE, OU=CPS CONTAINS IMPORTANT LIMITATIONS OF WARRANTIES AND LIABILITY, OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2008 Entrust, Inc., CN=Entrust Certification Authority - L1B

Remove   SHA1      : 4A:8A:2A:0E:27:6F:F3:3B:5D:D8:8A:36:21:46:01:0F:2A:8B:6A:EE
         Subject   : C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA

Remove   SHA1      : 65:73:55:A6:BB:68:F9:3D:33:CC:B7:58:B4:2F:5E:1A:7D:85:C9:C4
         Subject   : C=IL, O=StartCom Ltd., OU=StartCom Certification Authority, CN=StartCom Extended Validation Server CA

Bug: 2994278
Change-Id: I4f05182fbec1053299e8ba68553116773f4eac18

Tracking external/bouncycastle OpenSSLDigest

Making OpenSSLMessageDigestJDK final to match OpenSSLDigest version
Fixing WITH_JNI_TRACE used for debugging OpenSSLDigest

Bug: 3024499
Change-Id: I919749348e531d074a25e16ab13315cede4f88e5

Merge "Fix problem where single-byte reads were unsigned." into gingerbread

Fix problem where single-byte reads were unsigned.

Change-Id: Ib0bc273698b71d13a90a03a8c60498ad7de5ad9d
http://b/3023872

Make SSL network I/O interruptible

- Changed NativeCrypto code to hold onto java.io.FileDescriptor so it
  can see observe when another thread calls Socket.close and sets the
  FileDescriptor's fd to -1. Changed AppData::setEnv to check
  NetFd::isClosed, it was already being used before each SSL I/O
  operation.

- Changed sslSelect to no longer take an int fd, it now uses the
  AppData to get access the FileDescriptor. Within sslSelect, the
  select call is now protected with AsynchronousSocketCloseMonitor.
  The select call is now retried on EINTR, checking for socket close
  similar to NET_FAILURE_RETRY. sslSelect now returns
  THROWN_SOCKETEXCEPTION to indicate that NetFd::isClosed has already
  thrown.

- sslRead and sslWrite now similarly returns THROWN_SOCKETEXCEPTION to
  indicate that Net::isClosed detected a closed FileDescriptor.

luni/src/main/native/NativeCrypto.cpp

Moved NetFd from OSNetworkSystem.cpp to new NetFd.h for reuse by NativeCrypto

luni/src/main/native/NetFd.h
luni/src/main/native/org_apache_harmony_luni_platform_OSNetworkSystem.cpp

Added test of 4 Socket/SSLSocket interrupt cases

    1.) read    Socket / close    Socket (redundant with AsynchronousCloseExceptionTest)
    2.) read    Socket / close SSLSocket
    3.) read SSLSocket / close    Socket
    4.) read SSLSocket / close SSLSocket

luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java

Bug: 2973020
Change-Id: I9037738dd1d1c09c03c99e3403e086366aa25109

Move ThirdPartyProject.prop for bouncycastle from libcore

Change-Id: I13aa5e61e81e363b41fe463223fd65030da6c9d0

Merge "SSLSocket should respect timeout of a wrapped Socket" into gingerbread

Merge "Use BufferedInputStream when reading cacerts.bks" into gingerbread

SSLSocket should respect timeout of a wrapped Socket

Change to using getSoTimeout in OpenSSLSocketImpl instead of directly
using the timeout field. This means the proper timeout will be used
for instances of the OpenSSLSocketImplWrapper subclass, which is used
when an SSLSocket is wrapped around an existing connected non-SSL
Socket. The code still maintains the local timeout field, now renamed
timeoutMilliseconds, which is now accesed via
OpenSSLSocketImpl.getSoTimeout. Doing so prevents a getsockopt syscall
that otherwise would be necessary if the super.getSoTimeout() was used.

Added two unit tests for testing timeouts with SSLSockets wrapped
around Socket. One is simply for getters/setters. The second makes
sure the timeout is functioning when set on the underlying socket.

Bug: 2973305
Change-Id: Idac52853f5d777fae5060a840eefbfe85d448e4c

Use BufferedInputStream when reading cacerts.bks

Change-Id: Ibc20bdcadb5c3bc4bcebfeb96b10c42d9c05e7c8

Update supported cipher suites list

Update list of cipher suites supported by the current RI

Change-Id: Ifa2a799bd3ca40b4979fa44f5423d744e90af35c

Handle the different definitions of 'connected' in HttpURLConnection.

Previously we were failing with a NullPointerException when
HTTP redirects required connecting to a different server.

The connected field means 'we can't change request parameters'.
The connection being non-null means 'we're currently connected'.

Internally, multiple connections are permitted in order to support
HTTP redirects. But in the public API only one connect() call is
permitted.

I've added a new method, makeConnection() to make the magic work.

Change-Id: Ic644d5d192ec2b1de781dc271ae149bcd1655de4

Fix two HTTP issues that came up when writing HttpURLConnection docs.

We're now more careful about which headers are sent to HTTP proxies.
And getContentEncoding() is better documented.

Change-Id: I04241f99c2f32c25ba005fbd6ff9ef7236c3c9d3

Merge "Don't leave the Content-Encoding header around after transparent gzip." into gingerbread

Don't leave the Content-Encoding header around after transparent gzip.

Otherwise clients may be tempted to double-decompress.
http://b/issue?id=3009828

Change-Id: I4832da1c2aff9bad8d452ffc4a0f98ee27d44f49

Restore OpenSSLMessageDigestJDK.digest reset behavior

SSLEngine tests started failing due to the recent incorrect change to
OpenSSLMessageDigestJDK.digest() that removed the reset of
MessageDigest state on call to digest(). The problem was not that the
digest was resetting, but that it was resetting to use a SHA-0
algorithm. See recent change c38b8476e7e4bd4b091d9f0e8fe8b2b972e7bc81.

Change-Id: I40ef4e18a1b546eac5a487cb8a808d4897b301b0

Merge "OpenSSLMessageDigestJDK.reset should not change from SHA-1 to SHA-0" into gingerbread

OpenSSLMessageDigestJDK.reset should not change from SHA-1 to SHA-0

For SHA-1, the OpenSSLMessageDigestJDK constructor was called with the
algorithm name "SHA-1", which it passed to the superclass constructor
for use as the algorithm field. However, MessageDigest.getInstance
would then override this value with the its own algorithm argument. In the
case of getInstance("SHA"), this mean the constructor would set the
value to "SHA-1" (from the OpenSSLMessageDigestJDK.SHA1 subclass
constructor) which would then be overridden by getInstance to
"SHA". Because the OpenSSLMessageDigestJDK would then initialize using
"SHA-1", the MessageDigest worked in the common case. However, when it
was MessageDigest.reset(), it called getAlgorithm() which returned
"SHA", which was then passed to OpenSSL as "sha" which interpretted
this as "SHA-0".

The fix is to change to pass both a standard name (e.g "SHA-1") as
well as openssl name expliclty (e.g. "sha1"), removing the somewhat
hacky code that tried to algorithmically transform from the standard
names to the openssl ones.

The same fix needs to be made to OpenSSLDigest. We also are removing
SHA-0 from openssl since it is unneeded and would have cause an clear
error if it had been absent.

Change-Id: Iaa8f5b93a572fb043fa4f2618070ebb5054f82b1

Merge "Add optional tags to libcore." into gingerbread

Add optional tags to libcore.

Change-Id: Iac339144ed448848c96852da8d301d528ebfa0e6

Use DecimalFormatSymbols.getExponentSeparator in DecimalFormat.

A last-minute bit of Java 6 work...

Bug: 3008411
Change-Id: Ic197de8ddc92afcaa661875a2c99c8352237642a

Make the implementation of Formatter %e more similar to %f.

Also comment the code that turns 'E' into 'e' in %e. I tried doing this in
native code but it crufts the implementation and slightly slows the path we
care about (%f) for the benefit of the one we don't (%e).

I have optimized %e (without a precision) in the same way that I did with %f.

Bug: 2934304
Change-Id: I3c99be2157f4448c1b290d5578eeb6fc14965c59

Return char[] instead of String from NativeDecimalFormat.

One last little speedup for Formatter %f before I call it a day for now...

Bug: 2934304
Change-Id: I9edd02d1ba8dc40a2b28fea34d7bccf95eeb56ab

Merge "Speed up Formatter %f a bit more by using a thread-local NativeDecimalFormat." into gingerbread

Speed up Formatter %f a bit more by using a thread-local NativeDecimalFormat.

Bug: 2934304
Change-Id: I5ddcfc01bf1dc57917a544d00d4dc0d4a37ffe5c

Merge "Add a test case to demonstrate MessageDigest.reset() doesn't." into gingerbread

Merge "In javadoc, it's @return, not @returns." into gingerbread

In javadoc, it's @return, not @returns.

Change-Id: I88a6207c93559c445d5498b41c6d345fe28e3473

Add a test case to demonstrate MessageDigest.reset() doesn't.

Uncovered by a more general test:
org.apache.harmony.security.tests.java.security.MessageDigest2Test#test_digest