Upstream multiple AOSP changes. (#1226)

With working tests this time.  Passing on OpenJDK with
both isTlsV1Enabled() returning true and file (We should
make that configurable from Conscrypt.Builder).

Contains the following AOSP changes + test fixes:
e6827ba2b Validate LogStore against the Policy
3fe1ea3e9 Filter out SCTs emitted after a log expired
e841e6c0d Use enum as outcome of doesResultConformToPolicy
dbdd64cfd Add PolicyImplTest for Certificate Transparency
97918a0cd Implement Android CT Policy for embedded SCTs
c9f38dbdb Remove logStore attribute from Policy
9d5f0c3aa Fix hashcode for LogInfo
a59840d01 Keep LogInfo in VerifiedSCT
2eb5e7506 Add operator name to LogInfo
d8519cf7e Remove PolicyImpl minimumLogCount argument
92961a569 Remove "CT" prefix from org.conscrypt.ct classes
81d0929eb Use Flags.certificateTransparencyPlatform()
30b81399 Use ByteArray consistently
98f0f2b1 Support parsing CT v3 JSON log list
bb60a900 TrustedCertificateStore: Mitigate NPE when checking updateable certs directory
feacee50 Add State to CTLogInfo
633a2475 Remove ct SystemLogDir
dab378e0 Remove InternalUtil
4c224130 Remove ct fallback logs
9b48e0e5 Add a java_library target for conscrypt-tests
e33c851e Gate tls removal by api level
65e6c8ef Bring back sslv3
c90bd39b Add caching for cert blocklist
5de91066 Read default SHA256 pubkey blocklist
8e656b13 Add support for SHA256 blocklist entries
12c479ac Deprecate the serial-based blocklist
396823df Rename SSL_CONTEXT_ALL
b0825731 Filter protocols when creating SSLParameterImpl
46 files changed
tree: f2d1c46a0f7475a2f4eda17050c339846a773c7e
  1. .github/
  2. android/
  3. android-stub/
  4. api-doclet/
  5. benchmark-android/
  6. benchmark-base/
  7. benchmark-graphs/
  8. benchmark-jmh/
  9. common/
  10. constants/
  11. gradle/
  12. libcore-stub/
  13. licenses/
  14. openjdk/
  15. openjdk-uber/
  16. platform/
  17. release/
  18. testing/
  19. .clang-format
  20. .gitignore
  21. .lgtm.yml
  22. .travis.yml
  23. build.gradle
  24. BUILDING.md
  25. CAPABILITIES.md
  26. CONTRIBUTING.md
  27. CPPLINT.cfg
  28. gradle.properties
  29. gradlew
  30. gradlew.bat
  31. IMPLEMENTATION_NOTES.md
  32. LICENSE
  33. MODULE_LICENSE_APACHE2
  34. NOTICE
  35. PREUPLOAD.cfg
  36. README.md
  37. settings.gradle
  38. test_logging.properties
README.md

Conscrypt - A Java Security Provider

Conscrypt is a Java Security Provider (JSP) that implements parts of the Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE). It uses BoringSSL to provide cryptographic primitives and Transport Layer Security (TLS) for Java applications on Android and OpenJDK. See the capabilities documentation for detailed information on what is provided.

The core SSL engine has borrowed liberally from the Netty project and their work on netty-tcnative, giving Conscrypt similar performance.

Download

Conscrypt supports Java 7 or later on OpenJDK and Gingerbread (API Level 9) or later on Android. The build artifacts are available on Maven Central.

Download JARs

You can download the JARs directly from the Maven repositories.

OpenJDK (i.e. non-Android)

Native Classifiers

The OpenJDK artifacts are platform-dependent since each embeds a native library for a particular platform. We publish artifacts to Maven Central for the following platforms:

ClassifierOSArchitecture
linux-x86_64Linuxx86_64 (64-bit)
osx-x86_64Macx86_64 (64-bit)
windows-x86Windowsx86 (32-bit)
windows-x86_64Windowsx86_64 (64-bit)

Maven

Use the os-maven-plugin to add the dependency:

<build>
  <extensions>
    <extension>
      <groupId>kr.motd.maven</groupId>
      <artifactId>os-maven-plugin</artifactId>
      <version>1.4.1.Final</version>
    </extension>
  </extensions>
</build>

<dependency>
  <groupId>org.conscrypt</groupId>
  <artifactId>conscrypt-openjdk</artifactId>
  <version>2.5.2</version>
  <classifier>${os.detected.classifier}</classifier>
</dependency>

Gradle

Use the osdetector-gradle-plugin (which is a wrapper around the os-maven-plugin) to add the dependency:

buildscript {
  repositories {
    mavenCentral()
  }
  dependencies {
    classpath 'com.google.gradle:osdetector-gradle-plugin:1.4.0'
  }
}

// Use the osdetector-gradle-plugin
apply plugin: "com.google.osdetector"

dependencies {
  compile 'org.conscrypt:conscrypt-openjdk:2.5.2:' + osdetector.classifier
}

Uber JAR

For convenience, we also publish an Uber JAR to Maven Central that contains the shared libraries for all of the published platforms. While the overall size of the JAR is larger than depending on a platform-specific artifact, it greatly simplifies the task of dependency management for most platforms.

To depend on the uber jar, simply use the conscrypt-openjdk-uber artifacts.

Maven
<dependency>
  <groupId>org.conscrypt</groupId>
  <artifactId>conscrypt-openjdk-uber</artifactId>
  <version>2.5.2</version>
</dependency>
Gradle
dependencies {
  compile 'org.conscrypt:conscrypt-openjdk-uber:2.5.2'
}

Android

The Android AAR file contains native libraries for x86, x86_64, armeabi-v7a, and arm64-v8a.

Gradle

dependencies {
  implementation 'org.conscrypt:conscrypt-android:2.5.2'
}

How to Build

If you are making changes to Conscrypt, see the building instructions.