Merge "Add hostname aware isCleartextTrafficPermitted"
diff --git a/dalvik/src/main/java/dalvik/system/BaseDexClassLoader.java b/dalvik/src/main/java/dalvik/system/BaseDexClassLoader.java
index 5ef00bf..0e112fc 100644
--- a/dalvik/src/main/java/dalvik/system/BaseDexClassLoader.java
+++ b/dalvik/src/main/java/dalvik/system/BaseDexClassLoader.java
@@ -37,15 +37,46 @@
* defaults to {@code ":"} on Android
* @param optimizedDirectory directory where optimized dex files
* should be written; may be {@code null}
- * @param libraryPath the list of directories containing native
+ * @param librarySearchPath the list of directories containing native
* libraries, delimited by {@code File.pathSeparator}; may be
* {@code null}
* @param parent the parent class loader
+ *
+ * This method will be deprecated in the next release
*/
public BaseDexClassLoader(String dexPath, File optimizedDirectory,
- String libraryPath, ClassLoader parent) {
+ String librarySearchPath, ClassLoader parent) {
+ this(dexPath, optimizedDirectory, librarySearchPath, null, parent);
+ }
+
+ /**
+ * Constructs an instance.
+ *
+ * @param dexPath the list of jar/apk files containing classes and
+ * resources, delimited by {@code File.pathSeparator}, which
+ * defaults to {@code ":"} on Android
+ * @param optimizedDirectory directory where optimized dex files
+ * should be written; may be {@code null}
+ * @param librarySearchPath the list of directories containing native
+ * libraries, delimited by {@code File.pathSeparator}; may be
+ * {@code null}; directories in this list are used to search for
+ * a native library
+ * @param libraryPermittedPath allows opening native libraries under
+ * directories in this list. The list is delimited by
+ * {@code File.pathSeparator}. Note that the classloader
+ * is implicitly allowed to open libraries from the
+ * directories on libraryPath. Directories from this list
+ * are NOT used to search for the native library;
+ * may be {@code null}
+ * @param parent the parent class loader
+ *
+ * @hide
+ */
+ public BaseDexClassLoader(String dexPath, File optimizedDirectory,
+ String librarySearchPath, String libraryPermittedPath, ClassLoader parent) {
super(parent);
- this.pathList = new DexPathList(this, dexPath, libraryPath, optimizedDirectory);
+ this.pathList = new DexPathList(this, dexPath, librarySearchPath,
+ libraryPermittedPath, optimizedDirectory);
}
@Override
@@ -134,6 +165,13 @@
return result.toString();
}
+ /**
+ * @hide
+ */
+ public String getLibraryPermittedPath() {
+ return pathList.getLibraryPermittedPath();
+ }
+
@Override public String toString() {
return getClass().getName() + "[" + pathList + "]";
}
diff --git a/dalvik/src/main/java/dalvik/system/DexClassLoader.java b/dalvik/src/main/java/dalvik/system/DexClassLoader.java
index a645f42..4bbdbd8 100644
--- a/dalvik/src/main/java/dalvik/system/DexClassLoader.java
+++ b/dalvik/src/main/java/dalvik/system/DexClassLoader.java
@@ -47,13 +47,48 @@
* defaults to {@code ":"} on Android
* @param optimizedDirectory directory where optimized dex files
* should be written; must not be {@code null}
- * @param libraryPath the list of directories containing native
+ * @param librarySearchPath the list of directories containing native
* libraries, delimited by {@code File.pathSeparator}; may be
* {@code null}
* @param parent the parent class loader
+ *
+ * This method will be deprecated in the next release
*/
public DexClassLoader(String dexPath, String optimizedDirectory,
- String libraryPath, ClassLoader parent) {
- super(dexPath, new File(optimizedDirectory), libraryPath, parent);
+ String librarySearchPath, ClassLoader parent) {
+ super(dexPath, new File(optimizedDirectory), librarySearchPath, null, parent);
+ }
+
+ /**
+ * Creates a {@code DexClassLoader} that finds interpreted and native
+ * code. Interpreted classes are found in a set of DEX files contained
+ * in Jar or APK files.
+ *
+ * <p>The path lists are separated using the character specified by the
+ * {@code path.separator} system property, which defaults to {@code :}.
+ *
+ * @param dexPath the list of jar/apk files containing classes and
+ * resources, delimited by {@code File.pathSeparator}, which
+ * defaults to {@code ":"} on Android
+ * @param optimizedDirectory directory where optimized dex files
+ * should be written; must not be {@code null}
+ * @param librarySearchPath the list of directories containing native
+ * libraries, delimited by {@code File.pathSeparator}; may be
+ * {@code null}
+ * @param libraryPermittedPath Allowing open native libraries under
+ * directories in this list. The list is delimited by
+ * {@code File.pathSeparator}. Note that the classloader
+ * is implicitly allowed to open libraries from the
+ * directories on librarySearchPath. Directories from this list
+ * are NOT used to search for the native library;
+ * may be {@code null}
+ * @param parent the parent class loader
+ *
+ * @hide
+ */
+ public DexClassLoader(String dexPath, String optimizedDirectory,
+ String librarySearchPath, String libraryPermittedPath, ClassLoader parent) {
+ super(dexPath, new File(optimizedDirectory), librarySearchPath,
+ libraryPermittedPath, parent);
}
}
diff --git a/dalvik/src/main/java/dalvik/system/DexPathList.java b/dalvik/src/main/java/dalvik/system/DexPathList.java
index d4f80e9..e9a73de 100644
--- a/dalvik/src/main/java/dalvik/system/DexPathList.java
+++ b/dalvik/src/main/java/dalvik/system/DexPathList.java
@@ -70,6 +70,9 @@
/** List of system native library directories. */
private final List<File> systemNativeLibraryDirectories;
+ /** The permitted library path for classloader-namespaces */
+ private final String libraryPermittedPath;
+
/**
* Exceptions thrown during creation of the dexElements list.
*/
@@ -82,14 +85,19 @@
* classes should be defined
* @param dexPath list of dex/resource path elements, separated by
* {@code File.pathSeparator}
- * @param libraryPath list of native library directory path elements,
+ * @param librarySearchPath list of native library directory path elements,
* separated by {@code File.pathSeparator}
+ * @param libraryPermittedPath is path containing permitted directories for
+ * linker isolated namespaces (in addition to librarySearchPath which is allowed
+ * implicitly). Note that this path does not affect the search order for the library
+ * and intended for white-listing additional paths when loading native libraries
+ * by absolute path.
* @param optimizedDirectory directory where optimized {@code .dex} files
* should be found and written to, or {@code null} to use the default
* system directory for same
*/
public DexPathList(ClassLoader definingContext, String dexPath,
- String libraryPath, File optimizedDirectory) {
+ String librarySearchPath, String libraryPermittedPath, File optimizedDirectory) {
if (definingContext == null) {
throw new NullPointerException("definingContext == null");
@@ -124,14 +132,14 @@
// Native libraries may exist in both the system and
// application library paths, and we use this search order:
//
- // 1. This class loader's library path for application libraries (libraryPath):
+ // 1. This class loader's library path for application libraries (librarySearchPath):
// 1.1. Native library directories
// 1.2. Path to libraries in apk-files
// 2. The VM's library path from the system property for system libraries
// also known as java.library.path
//
// This order was reversed prior to Gingerbread; see http://b/2933456.
- this.nativeLibraryDirectories = splitPaths(libraryPath, false);
+ this.nativeLibraryDirectories = splitPaths(librarySearchPath, false);
this.systemNativeLibraryDirectories =
splitPaths(System.getProperty("java.library.path"), true);
List<File> allNativeLibraryDirectories = new ArrayList<>(nativeLibraryDirectories);
@@ -147,6 +155,8 @@
} else {
dexElementsSuppressedExceptions = null;
}
+
+ this.libraryPermittedPath = libraryPermittedPath;
}
@Override public String toString() {
@@ -169,6 +179,13 @@
}
/**
+ * For BaseDexClassLoader.getLibraryPermittedPath.
+ */
+ public String getLibraryPermittedPath() {
+ return libraryPermittedPath;
+ }
+
+ /**
* Splits the given dex path string into elements using the path
* separator, pruning out any elements that do not refer to existing
* and readable files.
diff --git a/dalvik/src/main/java/dalvik/system/PathClassLoader.java b/dalvik/src/main/java/dalvik/system/PathClassLoader.java
index 32c5586..83b4366 100644
--- a/dalvik/src/main/java/dalvik/system/PathClassLoader.java
+++ b/dalvik/src/main/java/dalvik/system/PathClassLoader.java
@@ -35,7 +35,7 @@
* @param parent the parent class loader
*/
public PathClassLoader(String dexPath, ClassLoader parent) {
- super(dexPath, null, null, parent);
+ super(dexPath, null, null, null, parent);
}
/**
@@ -55,13 +55,48 @@
* @param dexPath the list of jar/apk files containing classes and
* resources, delimited by {@code File.pathSeparator}, which
* defaults to {@code ":"} on Android
- * @param libraryPath the list of directories containing native
+ * @param librarySearchPath the list of directories containing native
* libraries, delimited by {@code File.pathSeparator}; may be
* {@code null}
* @param parent the parent class loader
+ *
+ * This method will be deprecated in the next release
*/
- public PathClassLoader(String dexPath, String libraryPath,
+ public PathClassLoader(String dexPath, String librarySearchPath, ClassLoader parent) {
+ super(dexPath, null, librarySearchPath, null, parent);
+ }
+
+ /**
+ * Creates a {@code PathClassLoader} that operates on two given
+ * lists of files and directories. The entries of the first list
+ * should be one of the following:
+ *
+ * <ul>
+ * <li>JAR/ZIP/APK files, possibly containing a "classes.dex" file as
+ * well as arbitrary resources.
+ * <li>Raw ".dex" files (not inside a zip file).
+ * </ul>
+ *
+ * The entries of the second list should be directories containing
+ * native library files.
+ *
+ * @param dexPath the list of jar/apk files containing classes and
+ * resources, delimited by {@code File.pathSeparator}, which
+ * defaults to {@code ":"} on Android
+ * @param librarySearchPath the list of directories containing native
+ * libraries, delimited by {@code File.pathSeparator}; may be
+ * {@code null}
+ * @param libraryPermittedPath allowing to open native libraries under
+ * directories in this list. The list is delimited by {@code File.pathSeparator}.
+ * Note that the classloader is implicitly allowed to open libraries from the
+ * directories on librarySearchPath. Directories from this list are NOT used
+ * to search for the native library; may be {@code null}
+ * @param parent the parent class loader
+ *
+ * @hide
+ */
+ public PathClassLoader(String dexPath, String librarySearchPath, String libraryPermittedPath,
ClassLoader parent) {
- super(dexPath, null, libraryPath, parent);
+ super(dexPath, null, librarySearchPath, libraryPermittedPath, parent);
}
}
diff --git a/libart/src/main/java/dalvik/system/VMRuntime.java b/libart/src/main/java/dalvik/system/VMRuntime.java
index aa3f154..eb1f703 100644
--- a/libart/src/main/java/dalvik/system/VMRuntime.java
+++ b/libart/src/main/java/dalvik/system/VMRuntime.java
@@ -349,7 +349,8 @@
/**
* Register application info
*/
- public static native void registerAppInfo(String appDir, String processName, String pkgname);
+ public static native void registerAppInfo(String packageName, String appDir,
+ String[] codePaths);
/**
* Returns the runtime instruction set corresponding to a given ABI. Multiple
diff --git a/libart/src/main/java/java/lang/Class.java b/libart/src/main/java/java/lang/Class.java
index b710867..5d87ac3 100644
--- a/libart/src/main/java/java/lang/Class.java
+++ b/libart/src/main/java/java/lang/Class.java
@@ -189,9 +189,6 @@
/** access flags; low 16 bits are defined by VM spec */
private transient int accessFlags;
- /** static, private, and <init> methods. */
- private transient long directMethods;
-
/**
* Instance fields. These describe the layout of the contents of an Object. Note that only the
* fields directly declared by this class are listed in iFields; fields declared by a
@@ -202,12 +199,12 @@
*/
private transient long iFields;
+ /** All methods with this class as the base for virtual dispatch. */
+ private transient long methods;
+
/** Static fields */
private transient long sFields;
- /** Virtual methods defined in this class; invoked through vtable. */
- private transient long virtualMethods;
-
/** Class flags to help the GC with object scanning. */
private transient int classFlags;
@@ -260,6 +257,12 @@
/** State of class initialization */
private transient int status;
+ /** Offset of the first virtual method copied from an interface in the methods array. */
+ private transient short copiedMethodsOffset;
+
+ /** Offset of the first virtual method defined in this class in the methods array. */
+ private transient short virtualMethodsOffset;
+
private Class() {
// Prevent this class from being instantiated,
// instances should be created by the runtime only.
diff --git a/luni/src/main/java/java/lang/Runtime.java b/luni/src/main/java/java/lang/Runtime.java
index f1f6438..5b86346 100644
--- a/luni/src/main/java/java/lang/Runtime.java
+++ b/luni/src/main/java/java/lang/Runtime.java
@@ -419,6 +419,7 @@
// So, find out what the native library search path is for the ClassLoader in question...
String ldLibraryPath = null;
+ String permittedPath = null;
String dexPath = null;
if (loader == null) {
// We use the given library path for the boot class loader. This is the path
@@ -427,18 +428,20 @@
} else if (loader instanceof BaseDexClassLoader) {
BaseDexClassLoader dexClassLoader = (BaseDexClassLoader) loader;
ldLibraryPath = dexClassLoader.getLdLibraryPath();
+ permittedPath = dexClassLoader.getLibraryPermittedPath();
}
+
// nativeLoad should be synchronized so there's only one LD_LIBRARY_PATH in use regardless
// of how many ClassLoaders are in the system, but dalvik doesn't support synchronized
// internal natives.
synchronized (this) {
- return nativeLoad(name, loader, ldLibraryPath);
+ return nativeLoad(name, loader, ldLibraryPath, permittedPath);
}
}
// TODO: should be synchronized, but dalvik doesn't support synchronized internal natives.
private static native String nativeLoad(String filename, ClassLoader loader,
- String ldLibraryPath);
+ String ldLibraryPath, String libraryPermittedPath);
/**
* Provides a hint to the runtime that it would be useful to attempt
diff --git a/luni/src/test/java/libcore/io/ClassPathURLStreamHandlerTest.java b/luni/src/test/java/libcore/io/ClassPathURLStreamHandlerTest.java
index 9992aeb..0785b30 100644
--- a/luni/src/test/java/libcore/io/ClassPathURLStreamHandlerTest.java
+++ b/luni/src/test/java/libcore/io/ClassPathURLStreamHandlerTest.java
@@ -49,8 +49,8 @@
private File jarFile;
@Override
- protected void setUp() {
- File resources = Support_Resources.createTempFolder();
+ protected void setUp() throws Exception {
+ File resources = Support_Resources.createTempFolder().getCanonicalFile();
Support_Resources.copyFile(resources, null, JAR);
jarFile = new File(resources, JAR);
}
@@ -62,13 +62,13 @@
} catch (IOException expected) {
}
- String fileName = jarFile.getCanonicalPath();
+ String fileName = jarFile.getPath();
ClassPathURLStreamHandler streamHandler = new ClassPathURLStreamHandler(fileName);
streamHandler.close();
}
public void testGetEntryOrNull() throws Exception {
- String fileName = jarFile.getCanonicalPath();
+ String fileName = jarFile.getPath();
ClassPathURLStreamHandler streamHandler = new ClassPathURLStreamHandler(fileName);
assertNotNull(streamHandler.getEntryUrlOrNull(ENTRY_IN_ROOT));
@@ -97,7 +97,7 @@
}
public void testIsEntryStored() throws IOException {
- String fileName = jarFile.getCanonicalPath();
+ String fileName = jarFile.getPath();
ClassPathURLStreamHandler streamHandler = new ClassPathURLStreamHandler(fileName);
assertFalse(streamHandler.isEntryStored("this/file/does/not/exist.txt"));
@@ -113,7 +113,7 @@
}
public void testOpenConnection() throws Exception {
- String fileName = jarFile.getCanonicalPath();
+ String fileName = jarFile.getPath();
ClassPathURLStreamHandler streamHandler = new ClassPathURLStreamHandler(fileName);
assertOpenConnectionOk(jarFile, ENTRY_IN_ROOT, streamHandler);
diff --git a/luni/src/test/java/org/apache/harmony/security/tests/java/security/ProviderTest.java b/luni/src/test/java/org/apache/harmony/security/tests/java/security/ProviderTest.java
index 9a90424..625da8a 100644
--- a/luni/src/test/java/org/apache/harmony/security/tests/java/security/ProviderTest.java
+++ b/luni/src/test/java/org/apache/harmony/security/tests/java/security/ProviderTest.java
@@ -387,11 +387,11 @@
Provider.Service s[] = new Provider.Service[3];
- s[0] = new Provider.Service(p, "type1", "algorithm1", "className1",
+ s[0] = new Provider.Service(myProvider, "type1", "algorithm1", "className1",
null, null);
- s[1] = new Provider.Service(p, "type2", "algorithm2", "className2",
+ s[1] = new Provider.Service(myProvider, "type2", "algorithm2", "className2",
null, null);
- s[2] = new Provider.Service(p, "type3", "algorithm3", "className3",
+ s[2] = new Provider.Service(myProvider, "type3", "algorithm3", "className3",
null, null);
myProvider.putService(s[0]);
myProvider.putService(s[1]);
@@ -424,11 +424,11 @@
MyProvider myProvider = new MyProvider(null, 1, null);
Provider.Service s[] = new Provider.Service[3];
- s[0] = new Provider.Service(p, "type1", "algorithm1", "className1",
+ s[0] = new Provider.Service(myProvider, "type1", "algorithm1", "className1",
null, null);
- s[1] = new Provider.Service(p, "type2", "algorithm2", "className2",
+ s[1] = new Provider.Service(myProvider, "type2", "algorithm2", "className2",
null, null);
- s[2] = new Provider.Service(p, "type3", "algorithm3", "className3",
+ s[2] = new Provider.Service(myProvider, "type3", "algorithm3", "className3",
null, null);
myProvider.putService(s[0]);
myProvider.putService(s[1]);
@@ -482,11 +482,11 @@
Provider.Service s[] = new Provider.Service[3];
- s[0] = new Provider.Service(p, "type0", "algorithm0", "className0",
+ s[0] = new Provider.Service(myProvider, "type0", "algorithm0", "className0",
null, null);
- s[1] = new Provider.Service(p, "type1", "algorithm1", "className1",
+ s[1] = new Provider.Service(myProvider, "type1", "algorithm1", "className1",
null, null);
- s[2] = new Provider.Service(p, "type2", "algorithm2", "className2",
+ s[2] = new Provider.Service(myProvider, "type2", "algorithm2", "className2",
null, null);
try {
diff --git a/support/src/test/java/tests/resources/x509/create.sh b/support/src/test/java/tests/resources/x509/create.sh
index 0020b47..7902e5b 100755
--- a/support/src/test/java/tests/resources/x509/create.sh
+++ b/support/src/test/java/tests/resources/x509/create.sh
@@ -16,68 +16,68 @@
set -o nounset # Treat unset variables as an error
set -e
-DIR=$(dirname $0)
+DIR=$(dirname "$0")
-if [ ! -f ${DIR}/privkey.pem ]; then
- openssl genrsa -out ${DIR}/privkey.pem 2048
+if [ ! -f "$DIR/privkey.pem" ]; then
+ openssl genrsa -out "$DIR/privkey.pem" 2048
fi
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch > /tmp/cert-rsa-req.pem
-openssl req -in /tmp/cert-rsa-req.pem -pubkey -noout | openssl rsa -pubin -pubout -outform der > ${DIR}/cert-rsa-pubkey.der
-openssl x509 -extfile ${DIR}/default.cnf -days 3650 -extensions usr_cert -req -signkey ${DIR}/privkey.pem -outform d -set_serial -99999999999999999999 < /tmp/cert-rsa-req.pem > ${DIR}/cert-rsa.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch > /tmp/cert-rsa-req.pem
+openssl req -in /tmp/cert-rsa-req.pem -pubkey -noout | openssl rsa -pubin -pubout -outform der > "$DIR/cert-rsa-pubkey.der"
+openssl x509 -extfile "$DIR/default.cnf" -days 3650 -extensions usr_cert -req -signkey "$DIR/privkey.pem" -outform d -set_serial -99999999999999999999 < /tmp/cert-rsa-req.pem > "$DIR/cert-rsa.der"
rm /tmp/cert-rsa-req.pem
-openssl asn1parse -in ${DIR}/cert-rsa.der -inform d -out ${DIR}/cert-rsa-tbs.der -noout -strparse 4
-SIG_OFFSET=$(openssl asn1parse -in ${DIR}/cert-rsa.der -inform d | tail -1 | cut -f1 -d:)
-openssl asn1parse -in ${DIR}/cert-rsa.der -inform d -strparse ${SIG_OFFSET} -noout -out ${DIR}/cert-rsa-sig.der
+openssl asn1parse -in "$DIR/cert-rsa.der" -inform d -out "$DIR/cert-rsa-tbs.der" -noout -strparse 4
+SIG_OFFSET=$(openssl asn1parse -in "$DIR/cert-rsa.der" -inform d | tail -1 | cut -f1 -d:)
+openssl asn1parse -in "$DIR/cert-rsa.der" -inform d -strparse "$SIG_OFFSET" -noout -out "$DIR/cert-rsa-sig.der"
# extract startdate and enddate
-openssl x509 -in ${DIR}/cert-rsa.der -inform d -noout -startdate -enddate > ${DIR}/cert-rsa-dates.txt
+openssl x509 -in "$DIR/cert-rsa.der" -inform d -noout -startdate -enddate > "$DIR/cert-rsa-dates.txt"
# extract serial
-openssl x509 -in ${DIR}/cert-rsa.der -inform d -noout -serial > ${DIR}/cert-rsa-serial.txt
+openssl x509 -in "$DIR/cert-rsa.der" -inform d -noout -serial > "$DIR/cert-rsa-serial.txt"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions keyUsage_extraLong_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-keyUsage-extraLong.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions keyUsage_extraLong_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-keyUsage-extraLong.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions extendedKeyUsage_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-extendedKeyUsage.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions extendedKeyUsage_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-extendedKeyUsage.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions ca_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-ca.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions ca_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-ca.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions userWithPathLen_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-userWithPathLen.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions userWithPathLen_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-userWithPathLen.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions caWithPathLen_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-caWithPathLen.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions caWithPathLen_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-caWithPathLen.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_other_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-alt-other.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions alt_other_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-alt-other.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_email_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-alt-email.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions alt_email_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-alt-email.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_dns_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-alt-dns.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions alt_dns_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-alt-dns.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_dirname_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-alt-dirname.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions alt_dirname_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-alt-dirname.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_uri_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-alt-uri.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions alt_uri_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-alt-uri.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_rid_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-alt-rid.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions alt_rid_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-alt-rid.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_none_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-alt-none.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions alt_none_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-alt-none.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions ipv6_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-ipv6.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions ipv6_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-ipv6.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions unsupported_cert -req -signkey ${DIR}/privkey.pem -outform d > ${DIR}/cert-unsupported.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions unsupported_cert -req -signkey "$DIR/privkey.pem" -outform d > "$DIR/cert-unsupported.der"
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/privkey.pem -nodes -batch -config ${DIR}/default.cnf -extensions usr_cert -x509 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:1 -outform d > ${DIR}/cert-sigopt.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/privkey.pem" -nodes -batch -config "$DIR/default.cnf" -extensions usr_cert -x509 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:1 -outform d > "$DIR/cert-sigopt.der"
-if [ ! -f ${DIR}/dsapriv.pem ]; then
+if [ ! -f "$DIR/dsapriv.pem" ]; then
openssl dsaparam -out /tmp/dsaparam.pem 1024
- openssl gendsa -out ${DIR}/dsapriv.pem /tmp/dsaparam.pem
+ openssl gendsa -out "$DIR/dsapriv.pem" /tmp/dsaparam.pem
rm -f /tmp/dsaparam.pem
fi
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/dsapriv.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions keyUsage_cert -req -signkey ${DIR}/dsapriv.pem -outform d > ${DIR}/cert-dsa.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/dsapriv.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions keyUsage_cert -req -signkey "$DIR/dsapriv.pem" -outform d > "$DIR/cert-dsa.der"
-if [ ! -f ${DIR}/ecpriv.pem ]; then
- openssl ecparam -name prime256v1 -genkey -out ${DIR}/ecpriv.pem -noout
+if [ ! -f "$DIR/ecpriv.pem" ]; then
+ openssl ecparam -name prime256v1 -genkey -out "$DIR/ecpriv.pem" -noout
fi
-openssl req -config ${DIR}/default.cnf -new -key ${DIR}/ecpriv.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions keyUsage_critical_cert -req -signkey ${DIR}/ecpriv.pem -outform d > ${DIR}/cert-ec.der
+openssl req -config "$DIR/default.cnf" -new -key "$DIR/ecpriv.pem" -nodes -batch | openssl x509 -extfile "$DIR/default.cnf" -extensions keyUsage_critical_cert -req -signkey "$DIR/ecpriv.pem" -outform d > "$DIR/cert-ec.der"
# Create temporary CA for CRL generation
rm -rf /tmp/ca
@@ -85,47 +85,47 @@
touch /tmp/ca/index.txt
touch /tmp/ca/index.txt.attr
echo "01" > /tmp/ca/serial
-if [ ! -f ${DIR}/cakey.pem ]; then
- openssl req -new -nodes -batch -x509 -extensions v3_ca -keyout ${DIR}/cakey.pem -out ${DIR}/cacert.pem -days 3650 -config ${DIR}/default.cnf
+if [ ! -f "$DIR/cakey.pem" ]; then
+ openssl req -new -nodes -batch -x509 -extensions v3_ca -keyout "$DIR/cakey.pem" -out "$DIR/cacert.pem" -days 3650 -config "$DIR/default.cnf"
fi
-cp ${DIR}/cakey.pem ${DIR}/cacert.pem /tmp
-openssl x509 -in /tmp/cacert.pem -outform d > ${DIR}/cert-crl-ca.der
+cp "$DIR/cakey.pem" "$DIR/cacert.pem" /tmp
+openssl x509 -in /tmp/cacert.pem -outform d > "$DIR/cert-crl-ca.der"
-openssl ca -gencrl -crlhours 70 -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -out /tmp/crl-empty.pem -config ${DIR}/default.cnf
-openssl crl -in /tmp/crl-empty.pem -outform d -out ${DIR}/crl-empty.der
+openssl ca -gencrl -crlhours 70 -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -out /tmp/crl-empty.pem -config "$DIR/default.cnf"
+openssl crl -in /tmp/crl-empty.pem -outform d -out "$DIR/crl-empty.der"
-openssl x509 -inform d -in ${DIR}/cert-rsa.der -out /tmp/cert-rsa.pem
-openssl ca -revoke /tmp/cert-rsa.pem -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -config ${DIR}/default.cnf
-openssl ca -gencrl -crlhours 70 -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -out /tmp/crl-rsa.pem -config ${DIR}/default.cnf
-openssl crl -in /tmp/crl-rsa.pem -outform d -out ${DIR}/crl-rsa.der
+openssl x509 -inform d -in "$DIR/cert-rsa.der" -out /tmp/cert-rsa.pem
+openssl ca -revoke /tmp/cert-rsa.pem -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -config "$DIR/default.cnf"
+openssl ca -gencrl -crlhours 70 -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -out /tmp/crl-rsa.pem -config "$DIR/default.cnf"
+openssl crl -in /tmp/crl-rsa.pem -outform d -out "$DIR/crl-rsa.der"
-openssl asn1parse -in ${DIR}/crl-rsa.der -inform d -out ${DIR}/crl-rsa-tbs.der -noout -strparse 4
-SIG_OFFSET=$(openssl asn1parse -in ${DIR}/crl-rsa.der -inform d | tail -1 | cut -f1 -d:)
-openssl asn1parse -in ${DIR}/crl-rsa.der -inform d -strparse ${SIG_OFFSET} -noout -out ${DIR}/crl-rsa-sig.der
+openssl asn1parse -in "$DIR/crl-rsa.der" -inform d -out "$DIR/crl-rsa-tbs.der" -noout -strparse 4
+SIG_OFFSET=$(openssl asn1parse -in "$DIR/crl-rsa.der" -inform d | tail -1 | cut -f1 -d:)
+openssl asn1parse -in "$DIR/crl-rsa.der" -inform d -strparse "$SIG_OFFSET" -noout -out "$DIR/crl-rsa-sig.der"
-openssl x509 -inform d -in ${DIR}/cert-dsa.der -out /tmp/cert-dsa.pem
-openssl ca -revoke /tmp/cert-dsa.pem -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -crl_reason cessationOfOperation -extensions unsupported_cert -config ${DIR}/default.cnf
-openssl ca -gencrl -startdate 140101010101Z -crldays 30 -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -out /tmp/crl-rsa-dsa.pem -config ${DIR}/default.cnf
-openssl ca -gencrl -startdate 140101010101Z -crldays 30 -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -out ${DIR}/crl-rsa-dsa-sigopt.pem -config ${DIR}/default.cnf -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:1
-openssl crl -in /tmp/crl-rsa-dsa.pem -outform d -out ${DIR}/crl-rsa-dsa.der
-openssl crl -in ${DIR}/crl-rsa-dsa-sigopt.pem -outform d -out ${DIR}/crl-rsa-dsa-sigopt.der
+openssl x509 -inform d -in "$DIR/cert-dsa.der" -out /tmp/cert-dsa.pem
+openssl ca -revoke /tmp/cert-dsa.pem -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -crl_reason cessationOfOperation -extensions unsupported_cert -config "$DIR/default.cnf"
+openssl ca -gencrl -startdate 140101010101Z -crldays 30 -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -out /tmp/crl-rsa-dsa.pem -config "$DIR/default.cnf"
+openssl ca -gencrl -startdate 140101010101Z -crldays 30 -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -out "$DIR/crl-rsa-dsa-sigopt.pem" -config "$DIR/default.cnf" -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:1
+openssl crl -in /tmp/crl-rsa-dsa.pem -outform d -out "$DIR/crl-rsa-dsa.der"
+openssl crl -in "$DIR/crl-rsa-dsa-sigopt.pem" -outform d -out "$DIR/crl-rsa-dsa-sigopt.der"
# Unsupported extensions
-openssl ca -gencrl -crlexts unsupported_cert -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -out /tmp/crl-unsupported.pem -config ${DIR}/default.cnf
-openssl crl -in /tmp/crl-unsupported.pem -outform d -out ${DIR}/crl-unsupported.der
+openssl ca -gencrl -crlexts unsupported_cert -keyfile /tmp/cakey.pem -cert /tmp/cacert.pem -out /tmp/crl-unsupported.pem -config "$DIR/default.cnf"
+openssl crl -in /tmp/crl-unsupported.pem -outform d -out "$DIR/crl-unsupported.der"
-openssl crl -inform d -in ${DIR}/crl-rsa.der -noout -lastupdate -nextupdate > ${DIR}/crl-rsa-dates.txt
-openssl crl -inform d -in ${DIR}/crl-rsa-dsa.der -noout -lastupdate -nextupdate > ${DIR}/crl-rsa-dsa-dates.txt
+openssl crl -inform d -in "$DIR/crl-rsa.der" -noout -lastupdate -nextupdate > "$DIR/crl-rsa-dates.txt"
+openssl crl -inform d -in "$DIR/crl-rsa-dsa.der" -noout -lastupdate -nextupdate > "$DIR/crl-rsa-dsa-dates.txt"
rm /tmp/cert-rsa.pem /tmp/cert-dsa.pem /tmp/cacert.pem /tmp/cakey.pem /tmp/crl-rsa.pem /tmp/crl-rsa-dsa.pem /tmp/crl-unsupported.pem /tmp/crl-empty.pem
rm -r /tmp/ca
-cat ${DIR}/cert-rsa.der ${DIR}/cert-dsa.der > /tmp/certs.der
-openssl x509 -inform d -in ${DIR}/cert-rsa.der > /tmp/certs.pem
-openssl x509 -inform d -in ${DIR}/cert-dsa.der >> /tmp/certs.pem
+cat "$DIR/cert-rsa.der" "$DIR/cert-dsa.der" > /tmp/certs.der
+openssl x509 -inform d -in "$DIR/cert-rsa.der" > /tmp/certs.pem
+openssl x509 -inform d -in "$DIR/cert-dsa.der" >> /tmp/certs.pem
-openssl crl2pkcs7 -certfile /tmp/certs.pem -nocrl > ${DIR}/certs-pk7.pem
-openssl crl2pkcs7 -certfile /tmp/certs.pem -nocrl -outform d > ${DIR}/certs-pk7.der
+openssl crl2pkcs7 -certfile /tmp/certs.pem -nocrl > "$DIR/certs-pk7.pem"
+openssl crl2pkcs7 -certfile /tmp/certs.pem -nocrl -outform d > "$DIR/certs-pk7.der"
rm /tmp/certs.pem