commit 309ac34aee99c50730e86058e8bc57c6cff32d34
author Pete Bentley <prb@google.com> Wed Dec 16 14:31:09 2020 +0000
committer Pete Bentley <prb@google.com> Thu Jan 14 21:42:07 2021 +0000
tree 5a12f182cc9c911ff4fa907f8040624d32a255b1
parent 04f820a636f2c926aed425347b29c100983da54b

[RESTRICT AUTOMERGE] Remove test until Feb Security Bulletin lands.

Reasoning:
Fix for b/175528568 was merged into rvc-dev and automerged
to mainline-release this changes the behaviour and tests for
HostnameVerifier in the platform.

HostnameVerifierTest is part of MtsConscryptTestCases so MTS
picked up the new test expectations.

mainline-release-daily is tested by installing the latest
modules on the latest RVC release and running MTS.  Because the
Feb bulletin has not yet landed, HostnameVerifier has the old
behaviour and the tests fail.

The correct fix is to make the test expectation different
depending on the security patch level (SPL) of the device,
however 1) SPL date is not yet known as the bulletin had not
yet landed.  2) Reading the device SPL requires framework code
which we can't call from libcore tests.

The framework code is a thin wrapper which reads a system
property, so the correct long term fix here is probably to add
functionality to libcore read system properties independent
of the framework as we have other potential use cases
(e.g. detecting "NIAP mode").

Short term fix is to remove this test until the Feb bulletin
lands and is in use in the base images used for mainline testing.

Bug: 175528568
Bug: 176209555
Bug: 177412090
Test: TH
Change-Id: Ia3ddc32e0c4091bd73a9862db0b1a2ccb7d4cf2d
(cherry picked from commit 8c5c1f8b4d82ae21e867fcacbaa1e2f0e74a4b01)

harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java

diff --git a/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java b/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java
index 96384ad..44572ab 100644
--- a/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java
+++ b/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/HostnameVerifierTest.java
@@ -40,104 +40,6 @@
         assertFalse(hv.verify("localhost", session));
     }
 
-    // copied and modified from apache http client test suite.
-    public void testVerify() throws Exception {
-        HostnameVerifier verifier = HttpsURLConnection.getDefaultHostnameVerifier();
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-        InputStream in;
-        X509Certificate x509;
-        // CN=foo.com, no subjectAlt
-        in = new ByteArrayInputStream(X509_FOO);
-        x509 = (X509Certificate) cf.generateCertificate(in);
-        mySSLSession session = new mySSLSession(new X509Certificate[] {x509});
-        assertFalse(verifier.verify("foo.com", session));
-        assertFalse(verifier.verify("a.foo.com", session));
-        assertFalse(verifier.verify("bar.com", session));
-
-        // CN=花子.co.jp, no subjectAlt
-        in = new ByteArrayInputStream(X509_HANAKO);
-        x509 = (X509Certificate) cf.generateCertificate(in);
-        session = new mySSLSession(new X509Certificate[] {x509});
-        assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
-        assertFalse(verifier.verify("a.\u82b1\u5b50.co.jp", session));
-
-        // CN=foo.com, subjectAlt=bar.com
-        in = new ByteArrayInputStream(X509_FOO_BAR);
-        x509 = (X509Certificate) cf.generateCertificate(in);
-        session = new mySSLSession(new X509Certificate[] {x509});
-        assertFalse(verifier.verify("foo.com", session));
-        assertFalse(verifier.verify("a.foo.com", session));
-        assertTrue(verifier.verify("bar.com", session));
-        assertFalse(verifier.verify("a.bar.com", session));
-
-        // CN=foo.com, subjectAlt=bar.com, subjectAlt=花子.co.jp
-        in = new ByteArrayInputStream(X509_FOO_BAR_HANAKO);
-        x509 = (X509Certificate) cf.generateCertificate(in);
-        session = new mySSLSession(new X509Certificate[] {x509});
-        assertFalse(verifier.verify("foo.com", session));
-        assertFalse(verifier.verify("a.foo.com", session));
-        assertTrue(verifier.verify("bar.com", session));
-        assertFalse(verifier.verify("a.bar.com", session));
-        // The certificate has this name in the altnames section, but OkHostnameVerifier drops
-        // any altnames that are improperly encoded according to RFC 5280, which requires
-        // non-ASCII characters to be encoded in ASCII via Punycode.
-        assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
-        assertFalse(verifier.verify("a.\u82b1\u5b50.co.jp", session));
-
-        // no CN, subjectAlt=foo.com
-        in = new ByteArrayInputStream(X509_NO_CNS_FOO);
-        x509 = (X509Certificate) cf.generateCertificate(in);
-        session = new mySSLSession(new X509Certificate[] {x509});
-        assertTrue(verifier.verify("foo.com", session));
-        assertFalse(verifier.verify("a.foo.com", session));
-
-        // CN=foo.com, CN=bar.com, CN=花子.co.jp, no subjectAlt
-        in = new ByteArrayInputStream(X509_THREE_CNS_FOO_BAR_HANAKO);
-        x509 = (X509Certificate) cf.generateCertificate(in);
-        session = new mySSLSession(new X509Certificate[] {x509});
-        assertFalse(verifier.verify("foo.com", session));
-        assertFalse(verifier.verify("a.foo.com", session));
-        assertFalse(verifier.verify("bar.com", session));
-        assertFalse(verifier.verify("a.bar.com", session));
-        assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
-        assertFalse(verifier.verify("a.\u82b1\u5b50.co.jp", session));
-
-        // CN=*.foo.com, no subjectAlt
-        in = new ByteArrayInputStream(X509_WILD_FOO);
-        x509 = (X509Certificate) cf.generateCertificate(in);
-        session = new mySSLSession(new X509Certificate[] {x509});
-        assertFalse(verifier.verify("foo.com", session));
-        assertFalse(verifier.verify("www.foo.com", session));
-        assertFalse(verifier.verify("\u82b1\u5b50.foo.com", session));
-        assertFalse(verifier.verify("a.b.foo.com", session));
-
-        // CN=*.co.jp, no subjectAlt
-        in = new ByteArrayInputStream(X509_WILD_CO_JP);
-        x509 = (X509Certificate) cf.generateCertificate(in);
-        session = new mySSLSession(new X509Certificate[] {x509});
-        assertFalse(verifier.verify("foo.co.jp", session));
-        assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
-
-        // CN=*.foo.com, subjectAlt=*.bar.com, subjectAlt=花子.co.jp
-        in = new ByteArrayInputStream(X509_WILD_FOO_BAR_HANAKO);
-        x509 = (X509Certificate) cf.generateCertificate(in);
-        session = new mySSLSession(new X509Certificate[] {x509});
-        // try the foo.com variations
-        assertFalse(verifier.verify("foo.com", session));
-        assertFalse(verifier.verify("www.foo.com", session));
-        assertFalse(verifier.verify("\u82b1\u5b50.foo.com", session));
-        assertFalse(verifier.verify("a.b.foo.com", session));
-        assertFalse(verifier.verify("bar.com", session));
-        assertTrue(verifier.verify("www.bar.com", session));
-        assertFalse(verifier.verify("a.b.bar.com", session));
-        // The certificate has this name in the altnames section, but OkHostnameVerifier drops
-        // any altnames that are improperly encoded according to RFC 5280, which requires
-        // non-ASCII characters to be encoded in ASCII via Punycode.
-        assertFalse(verifier.verify("\u82b1\u5b50.bar.com", session));
-        assertFalse(verifier.verify("\u82b1\u5b50.co.jp", session));
-        assertFalse(verifier.verify("a.\u82b1\u5b50.co.jp", session));
-    }
-
     public void testSubjectAlt() throws Exception {
         CertificateFactory cf = CertificateFactory.getInstance("X.509");
         InputStream in = new ByteArrayInputStream(X509_MULTIPLE_SUBJECT_ALT);