Merge "Fix DisabledAlgorithmConstraints whitespace and copyright header."
diff --git a/ojluni/src/main/java/javax/net/ssl/HttpsURLConnection.java b/ojluni/src/main/java/javax/net/ssl/HttpsURLConnection.java
index 9660643..ec4254a 100644
--- a/ojluni/src/main/java/javax/net/ssl/HttpsURLConnection.java
+++ b/ojluni/src/main/java/javax/net/ssl/HttpsURLConnection.java
@@ -178,6 +178,10 @@
}
}
+ // BEGIN Android-changed: Use lazily-created OkHttp hostname verifier
+ // The RI default hostname verifier is a static member of the class, which means
+ // it's created when the class is initialized. As well, its default verifier
+ // just fails all verification attempts, whereas we use OkHttp's verifier.
/*
* Holds the default instance so class preloading doesn't create an instance of
* it.
@@ -207,6 +211,7 @@
* The <code>hostnameVerifier</code> for this object.
*/
protected HostnameVerifier hostnameVerifier;
+ // END Android-changed: Use lazily-created OkHttp hostname verifier
/**
* Sets the default <code>HostnameVerifier</code> inherited by a
@@ -279,6 +284,7 @@
* @see #setDefaultHostnameVerifier(HostnameVerifier)
*/
public HostnameVerifier getHostnameVerifier() {
+ // Android-added: Use the default verifier if none is set
if (hostnameVerifier == null) {
hostnameVerifier = NoPreloadHolder.defaultHostnameVerifier;
}
diff --git a/ojluni/src/main/java/javax/net/ssl/SNIServerName.java b/ojluni/src/main/java/javax/net/ssl/SNIServerName.java
index c5bb253..1ef9d05 100644
--- a/ojluni/src/main/java/javax/net/ssl/SNIServerName.java
+++ b/ojluni/src/main/java/javax/net/ssl/SNIServerName.java
@@ -210,3 +210,4 @@
return sb.toString();
}
}
+
diff --git a/ojluni/src/main/java/javax/net/ssl/SSLContext.java b/ojluni/src/main/java/javax/net/ssl/SSLContext.java
index 71cfc23..4105282 100644
--- a/ojluni/src/main/java/javax/net/ssl/SSLContext.java
+++ b/ojluni/src/main/java/javax/net/ssl/SSLContext.java
@@ -178,7 +178,7 @@
* @return the new <code>SSLContext</code> object.
*
* @exception NoSuchAlgorithmException if no Provider supports a
- * TrustManagerFactorySpi implementation for the
+ * SSLContextSpi implementation for the
* specified protocol.
* @exception NullPointerException if protocol is null.
*
diff --git a/ojluni/src/main/java/javax/net/ssl/SSLEngine.java b/ojluni/src/main/java/javax/net/ssl/SSLEngine.java
index aa15ccc..20d7fa9 100644
--- a/ojluni/src/main/java/javax/net/ssl/SSLEngine.java
+++ b/ojluni/src/main/java/javax/net/ssl/SSLEngine.java
@@ -329,6 +329,7 @@
* is saved. All future delegated tasks will be processed using this
* context: that is, all access control decisions will be made using the
* context captured at engine creation.
+ *
* <HR>
*
* <B>Concurrency Notes</B>:
@@ -1183,7 +1184,7 @@
* If this <code>SSLEngine</code> has not yet started its initial
* handshake, this method will automatically start the handshake.
* <P>
- * This method will attempt to produce one SSL/TLS packet, and will
+ * This method will attempt to produce SSL/TLS records, and will
* consume as much source data as possible, but will never consume
* more than the sum of the bytes remaining in each buffer. Each
* <code>ByteBuffer</code>'s position is updated to reflect the
diff --git a/ojluni/src/main/java/javax/net/ssl/SSLPermission.java b/ojluni/src/main/java/javax/net/ssl/SSLPermission.java
index 0f6b5db..c40d1fa 100644
--- a/ojluni/src/main/java/javax/net/ssl/SSLPermission.java
+++ b/ojluni/src/main/java/javax/net/ssl/SSLPermission.java
@@ -27,6 +27,7 @@
import java.security.*;
+// Android-changed: We don't implement this permission system on Android.
/**
* Legacy security code; do not use.
*/
diff --git a/ojluni/src/main/java/sun/security/x509/AVA.java b/ojluni/src/main/java/sun/security/x509/AVA.java
index ff9c62a..a047500 100644
--- a/ojluni/src/main/java/sun/security/x509/AVA.java
+++ b/ojluni/src/main/java/sun/security/x509/AVA.java
@@ -150,9 +150,6 @@
/**
* Parse an AVA string formatted according to format.
- *
- * XXX format RFC1779 should only allow RFC1779 syntax but is
- * actually DEFAULT with RFC1779 keywords.
*/
AVA(Reader in, int format) throws IOException {
this(in, format, Collections.<String, String>emptyMap());
@@ -272,7 +269,7 @@
break;
}
- // Android-changed: Skip trailing whitespace.
+ // BEGIN Android-added: AVA: Support DerValue hex strings that contain ' ' or '\n'
if (c == ' ' || c == '\n') {
do {
if (c != ' ' && c != '\n') {
@@ -282,7 +279,7 @@
} while (!isTerminator(c, format));
break;
}
-
+ // END Android-added: AVA: Support DerValue hex strings that contain ' ' or '\n'
int cVal = hexDigits.indexOf(Character.toUpperCase((char)c));
if (cVal == -1) {
@@ -384,11 +381,17 @@
PRESERVE_OLD_DC_ENCODING == false)) {
// EmailAddress and DomainComponent must be IA5String
return new DerValue(DerValue.tag_IA5String,
+ // Android-changed: Do not trim() DerValue strings.
+ // temp.toString().trim());
temp.toString());
} else if (isPrintableString) {
+ // Android-changed: Do not trim() DerValue strings.
+ //return new DerValue(temp.toString().trim());
return new DerValue(temp.toString());
} else {
return new DerValue(DerValue.tag_UTF8String,
+ // Android-changed: Do not trim() DerValue strings.
+ // temp.toString().trim());
temp.toString());
}
}
@@ -900,6 +903,8 @@
* the dotted-decimal form.
*/
if ((typeAndValue.charAt(0) >= '0' && typeAndValue.charAt(0) <= '9') ||
+ // Android-changed: AVA: Support DerValue hex strings that contain ' ' or '\n'
+ //!isDerString(value, true))
(!isDerString(value, true) && value.tag != DerValue.tag_T61String))
{
byte[] data = null;
diff --git a/ojluni/src/main/java/sun/security/x509/AlgorithmId.java b/ojluni/src/main/java/sun/security/x509/AlgorithmId.java
index 378ca2f..260d4aa 100644
--- a/ojluni/src/main/java/sun/security/x509/AlgorithmId.java
+++ b/ojluni/src/main/java/sun/security/x509/AlgorithmId.java
@@ -121,18 +121,14 @@
try {
algParams = AlgorithmParameters.getInstance(algidString);
} catch (NoSuchAlgorithmException e) {
- // BEGIN Android-changed
- // It was searching for the EC parameters in an internal provider in the deleted package
- // sun.security.ec before setting them to null. Since EC is in the OpenSSL provider,
- // there's no need for such fallback. Setting it to null directly.
/*
* This algorithm parameter type is not supported, so we cannot
* parse the parameters.
*/
algParams = null;
return;
- // END Android-changed
}
+
// Decode (parse) the parameters
algParams.init(params.toByteArray());
}
@@ -246,11 +242,13 @@
}
}
+ // BEGIN Android-added: Update algorithm mapping tables for names when OID is used
// Try to update the name <-> OID mapping table.
synchronized (oidTable) {
reinitializeMappingTableLocked();
algName = nameTable.get(algid);
}
+ // END Android-added: Update algorithm mapping tables for names when OID is used
return (algName == null) ? algid.toString() : algName;
}
@@ -566,6 +564,7 @@
// See if any of the installed providers supply a mapping from
// the given algorithm name to an OID string
+ // BEGIN Android-changed: Update algorithm mapping tables for names when OID is used
synchronized (oidTable) {
reinitializeMappingTableLocked();
return oidTable.get(name.toUpperCase(Locale.ENGLISH));
@@ -644,17 +643,20 @@
initOidTableVersion = currentVersion;
}
+ // END Android-changed: Update algorithm mapping tables for names when OID is used
}
private static ObjectIdentifier oid(int ... values) {
return ObjectIdentifier.newInternal(values);
}
+ // BEGIN Android-changed: Parsing mapping as OID even if "OID." prefix isn't specified
private static int initOidTableVersion = -1;
private static final Map<String,ObjectIdentifier> oidTable =
new HashMap<String,ObjectIdentifier>(1);
private static final Map<ObjectIdentifier,String> nameTable =
new HashMap<ObjectIdentifier,String>();
+ // END Android-changed: Parsing mapping as OID even if "OID." prefix isn't specified
/*****************************************************************/
@@ -939,6 +941,8 @@
*/
sha1WithDSA_oid = ObjectIdentifier.newInternal(dsaWithSHA1_PKIX_data);
+ // Android-removed: Parsing mapping as OID even if "OID." prefix isn't specified
+ //nameTable = new HashMap<ObjectIdentifier,String>();
nameTable.put(MD5_oid, "MD5");
nameTable.put(MD2_oid, "MD2");
nameTable.put(SHA_oid, "SHA-1");
diff --git a/ojluni/src/main/java/sun/security/x509/OIDMap.java b/ojluni/src/main/java/sun/security/x509/OIDMap.java
index 9eed0f2..0e3ae16 100644
--- a/ojluni/src/main/java/sun/security/x509/OIDMap.java
+++ b/ojluni/src/main/java/sun/security/x509/OIDMap.java
@@ -112,6 +112,8 @@
/** Map String(friendly name) -> OIDInfo(info) */
private final static Map<String,OIDInfo> nameMap;
+ // BEGIN Android-changed: Specify Class objects rather for oidMap rather than String
+ // literals + reflection.
static {
oidMap = new HashMap<ObjectIdentifier,OIDInfo>();
nameMap = new HashMap<String,OIDInfo>();
@@ -200,6 +202,8 @@
return clazz;
}
}
+ // END Android-changed: Specify Class objects rather for oidMap rather than String
+ // literals + reflection.
/**
* Add a name to lookup table.
diff --git a/ojluni/src/main/java/sun/security/x509/RDN.java b/ojluni/src/main/java/sun/security/x509/RDN.java
index 5a4c243..3bfc524 100644
--- a/ojluni/src/main/java/sun/security/x509/RDN.java
+++ b/ojluni/src/main/java/sun/security/x509/RDN.java
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2014 The Android Open Source Project
- * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -478,11 +478,11 @@
* AVA's containing a standard keyword are ordered alphabetically,
* followed by AVA's containing an OID keyword, ordered numerically
*/
- @Override
public int compare(AVA a1, AVA a2) {
boolean a1Has2253 = a1.hasRFC2253Keyword();
boolean a2Has2253 = a2.hasRFC2253Keyword();
+ // BEGIN Android-changed: Keep sort order of RDN from Android M
if (a1Has2253) {
if (a2Has2253) {
return a1.toRFC2253CanonicalString().compareTo
@@ -506,6 +506,7 @@
a1Oid[pos] - a2Oid[pos];
}
}
+ // BEGIN Android-changed: Keep sort order of RDN from prev impl
}
}
diff --git a/ojluni/src/main/java/sun/security/x509/X500Name.java b/ojluni/src/main/java/sun/security/x509/X500Name.java
index 166ce3c..e708837 100644
--- a/ojluni/src/main/java/sun/security/x509/X500Name.java
+++ b/ojluni/src/main/java/sun/security/x509/X500Name.java
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2014 The Android Open Source Project
- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -876,6 +876,7 @@
return;
}
+ // Android-added: refuse DN starting with new line or tab
checkNoNewLinesNorTabsAtBeginningOfDN(input);
List<RDN> dnVector = new ArrayList<>();
@@ -944,6 +945,7 @@
names = dnVector.toArray(new RDN[dnVector.size()]);
}
+ // BEGIN Android-added: refuse DN starting with new line or tab
/**
* Disallow new lines and tabs at the beginning of DN.
*
@@ -960,6 +962,7 @@
}
}
}
+ // END Android-added: refuse DN starting with new line or tab
private void parseRFC2253DN(String dnString) throws IOException {
if (dnString.length() == 0) {
@@ -1019,6 +1022,7 @@
static int countQuotes(String string, int from, int to) {
int count = 0;
+ // BEGIN Android-changed: Fix countQuotes in case of escaped backslashes: \\"
int escape = 0;
for (int i = from; i < to; i++) {
if (string.charAt(i) == '"' && escape % 2 == 0) {
@@ -1026,6 +1030,7 @@
}
escape = (string.charAt(i) == '\\') ? escape + 1 : 0;
}
+ // END Android-changed: Fix countQuotes in case of escaped backslashes: \\"
return count;
}