Use JSSE cipher suite names and restore JSSE SSLSessionContext semantics
Summary:
- Switch to using JSSE cipher suite names
- SSLSessionContext implementation cleanup
- Updated tests
Details:
Switch to using JSSE cipher suite names
- We maintain backward compatability for enabling cipher suites using
OpenSSL names for old code that did so without checking for the
presence of the names in the supported list.
- We now have a well defined list of the supported cipher suites which
are sorted in priority order as specified in JSSE documentation so
that callers doing:
s.setEnabledCipherSuites(s.getSupportedCipherSuites())
will get something reasonable.
- We now have a default cipher suite list that is chose to match RI
behavior and priority, not based on OpenSSLs default and priorities.
Details:
- Added NativeCrypto OPENSSL_TO_STANDARD and STANDARD_TO_OPENSSL
mapping between naming conventions. STANDARD_TO_OPENSSL is a
LinkedHashMap so enumerating it gives the proper order for
SUPPORTED_CIPHER_SUITES.
- SSL_get_ciphers and SSL_set_cipher_list are removed, we now use
our own SSL_set_cipher_lists (defined seperately in
external/openssl/patches/jsse.patch) to set the set and order of
cipher suites. SSL_CTX_get_ciphers is also removed because we no
longer rely on the OpenSSL for the default cipher suites
behavior.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Add cipherSuite and protocol field caches for native values,
mapping the cipherSuite to a JSSE name from the OpenSSL name
returned by SSL_SESSION_cipher.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
Fixed a long standing bug where we reused sessions found in the
client host/port cache even if the old protocol and cipher suite
where no longer compatible with what was specified by
setEnabledCipherSuites and setProtocols. Also fixed a recently
introduced bug where lastAccessedTime was being set on a cached
session even if it was not reused, found by fixed the above.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Move most of SSLSessionContext implementation from subclasses to
AbstractSessionContext. This was primarily to align the
implementations of how different sessions id for the same host and
port were handled for RI compatability. client subclasses now focuses
on handling its host/port based cache and both deal with their own
persistent cache details.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java
Tests
Added some variants of assertSSLSessionContextSize to simplify tests code.
Broke test_SSLSessionContext_setSessionCacheSize_oneConnect out of
test_SSLSessionContext_setSessionCacheSize_dynamic. Renamed
test_SSLSessionContext_setSessionCacheSize_basic to
test_SSLSessionContext_setSessionCacheSize_noConnect to match name
of _oneConnect. _dynamic was cleaned up a bit as getting it working
was the only goal of this change list. Fixed to filter
SSL_RSA_EXPORT_ ciphers since our test certificate key length is
too long for those. Lower test requirement to 3 unique cipher suites.
luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
Added checks that cipher suites and protocols have standard names.
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
Removing known failures related to cipher suite naming. Fixed bug
of using assertNotNull instead of assertTrue. Added extra
size/length check which would have found the
assertNotNull/assertTrue issue.
luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
Fixing test the explicitly worked around broken cipher suite naming.
luni/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java
Updated standard cipher suites to RI 6 list, which also now
specifies ordering, which we now align with.
support/src/test/java/javax/net/ssl/StandardNames.java
Unrelated
Remove more now obsolete jars from the test classpath
run-core-tests
Change-Id: I45c274a9327c9a1aeeccb39ecaf5a3fbe2903c8f
14 files changed