Export from Google3

android/src/main/AndroidManifest.xml

@@ -1,3 +1,7 @@
-<manifest xmlns:android="http://schemas.android.com/apk/res/android">
-    <application/>
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="org.conscrypt">
+
+    <uses-sdk android:minSdkVersion="24" android:targetSdkVersion="30" />
+
 </manifest>

android/src/main/java/org/conscrypt/Platform.java

@@ -27,7 +27,6 @@
 import dalvik.system.BlockGuard;
 import dalvik.system.CloseGuard;
 
-import org.conscrypt.NativeCrypto;
 import org.conscrypt.ct.CertificateTransparency;
 import org.conscrypt.metrics.CertificateTransparencyVerificationReason;
 import org.conscrypt.metrics.NoopStatsLog;
@@ -50,7 +49,6 @@
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
 import java.security.Security;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -76,6 +74,7 @@
  * Platform-specific methods for unbundled Android.
  */
 @Internal
+@SuppressLint("DiscouragedPrivateApi")
 final public class Platform {
     private static final String TAG = "Conscrypt";
     private static boolean DEPRECATED_TLS_V1 = true;
@@ -787,6 +786,7 @@ public static SSLSession wrapSSLSession(ExternalSession sslSession) {
         return sslSession;
     }
 
+    @SuppressWarnings("SoonBlockedPrivateApi")
     public static String getOriginalHostNameFromInetAddress(InetAddress addr) {
         if (Build.VERSION.SDK_INT > 27) {
             try {

common/src/main/java/org/conscrypt/TrustManagerImpl.java

@@ -71,16 +71,15 @@
 import javax.net.ssl.X509ExtendedTrustManager;
 
 /**
- *
  * TrustManager implementation. The implementation is based on CertPathValidator
  * PKIX and CertificateFactory X509 implementations. This implementations should
  * be provided by some certification provider.
  *
  * @see javax.net.ssl.X509ExtendedTrustManager
  */
 @Internal
+@SuppressWarnings("CustomX509TrustManager")
 public final class TrustManagerImpl extends X509ExtendedTrustManager {
-
     private static final Logger logger = Logger.getLogger(TrustManagerImpl.class.getName());
 
     /**
@@ -431,7 +430,8 @@ private byte[] getTlsSctDataFromSession(SSLSession session) {
 
         byte[] data = null;
         try {
-            Method m_getTlsSctData = session.getClass().getDeclaredMethod("getPeerSignedCertificateTimestamp");
+            Method m_getTlsSctData =
+                    session.getClass().getDeclaredMethod("getPeerSignedCertificateTimestamp");
             m_getTlsSctData.setAccessible(true);
             Object rawData = m_getTlsSctData.invoke(session);
             if (rawData instanceof byte[]) {

common/src/test/java/org/conscrypt/HostnameVerifierTest.java

@@ -21,22 +21,24 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
+
 import java.io.ByteArrayInputStream;
 import java.nio.charset.Charset;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.Collection;
+
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.security.auth.x500.X500Principal;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized;
-import org.junit.runners.Parameterized.Parameter;
-import org.junit.runners.Parameterized.Parameters;
 
 /**
  * Tests for our hostname verifier. Most of these tests are from AOSP, which

openjdk/src/test/java/org/conscrypt/ConscryptAndroidSuite.java

@@ -0,0 +1,156 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.conscrypt;
+
+import static org.conscrypt.TestUtils.installConscryptAsDefaultProvider;
+
+import org.conscrypt.ct.SerializationTest;
+import org.conscrypt.ct.VerifierTest;
+import org.conscrypt.java.security.AlgorithmParameterGeneratorTestDH;
+import org.conscrypt.java.security.AlgorithmParameterGeneratorTestDSA;
+import org.conscrypt.java.security.AlgorithmParametersPSSTest;
+import org.conscrypt.java.security.AlgorithmParametersTestAES;
+import org.conscrypt.java.security.AlgorithmParametersTestDES;
+import org.conscrypt.java.security.AlgorithmParametersTestDESede;
+import org.conscrypt.java.security.AlgorithmParametersTestDH;
+import org.conscrypt.java.security.AlgorithmParametersTestDSA;
+import org.conscrypt.java.security.AlgorithmParametersTestEC;
+import org.conscrypt.java.security.AlgorithmParametersTestGCM;
+import org.conscrypt.java.security.AlgorithmParametersTestOAEP;
+import org.conscrypt.java.security.KeyFactoryTestDH;
+import org.conscrypt.java.security.KeyFactoryTestDSA;
+import org.conscrypt.java.security.KeyFactoryTestEC;
+import org.conscrypt.java.security.KeyFactoryTestRSACrt;
+import org.conscrypt.java.security.KeyPairGeneratorTest;
+import org.conscrypt.java.security.KeyPairGeneratorTestDH;
+import org.conscrypt.java.security.KeyPairGeneratorTestDSA;
+import org.conscrypt.java.security.KeyPairGeneratorTestRSA;
+import org.conscrypt.java.security.KeyPairGeneratorTestXDH;
+import org.conscrypt.java.security.MessageDigestTest;
+import org.conscrypt.java.security.SignatureTest;
+import org.conscrypt.java.security.cert.CertificateFactoryTest;
+import org.conscrypt.java.security.cert.X509CRLTest;
+import org.conscrypt.java.security.cert.X509CertificateTest;
+import org.conscrypt.javax.crypto.AeadCipherTest;
+import org.conscrypt.javax.crypto.CipherBasicsTest;
+import org.conscrypt.javax.crypto.ECDHKeyAgreementTest;
+import org.conscrypt.javax.crypto.KeyGeneratorTest;
+import org.conscrypt.javax.crypto.ScryptTest;
+import org.conscrypt.javax.crypto.XDHKeyAgreementTest;
+import org.conscrypt.javax.crypto.XdhKeyFactoryTest;
+import org.conscrypt.javax.crypto.XdhKeyTest;
+import org.conscrypt.javax.net.ssl.KeyManagerFactoryTest;
+import org.conscrypt.javax.net.ssl.KeyStoreBuilderParametersTest;
+import org.conscrypt.javax.net.ssl.SNIHostNameTest;
+import org.conscrypt.javax.net.ssl.SSLParametersTest;
+import org.conscrypt.javax.net.ssl.X509KeyManagerTest;
+import org.conscrypt.metrics.CipherSuiteTest;
+import org.conscrypt.metrics.OptionalMethodTest;
+import org.conscrypt.metrics.ProtocolTest;
+import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite;
+
+@RunWith(Suite.class)
+@Suite.SuiteClasses({
+        // org.conscrypt tests
+        AddressUtilsTest.class,
+        ApplicationProtocolSelectorAdapterTest.class,
+        ArrayUtilsTest.class,
+        CertPinManagerTest.class,
+        ChainStrengthAnalyzerTest.class,
+        DuckTypedHpkeSpiTest.class,
+        EdDsaTest.class,
+        ExposedByteArrayOutputStreamTest.class,
+        FileClientSessionCacheTest.class,
+        HostnameVerifierTest.class,
+        HpkeContextTest.class,
+        HpkeContextRecipientTest.class,
+        HpkeContextSenderTest.class,
+        HpkeSuiteTest.class,
+        HpkeTestVectorsTest.class,
+        KeySpecUtilTest.class,
+        MlDsaTest.class,
+        NativeCryptoArgTest.class,
+        NativeCryptoTest.class,
+        NativeRefTest.class,
+        NativeSslSessionTest.class,
+        OpenSSLKeyTest.class,
+        OpenSSLX509CertificateTest.class,
+        SSLUtilsTest.class,
+        SlhDsaTest.class,
+        TestSessionBuilderTest.class,
+        TrustManagerImplTest.class,
+        X25519Test.class,
+        XwingTest.class,
+        // org.conscrypt.ct tests
+        VerifierTest.class,
+        SerializationTest.class,
+        // java.security tests
+        CertificateFactoryTest.class,
+        X509CertificateTest.class,
+        X509CRLTest.class,
+        AlgorithmParameterGeneratorTestDH.class,
+        AlgorithmParameterGeneratorTestDSA.class,
+        AlgorithmParametersPSSTest.class,
+        AlgorithmParametersTestAES.class,
+        AlgorithmParametersTestDES.class,
+        AlgorithmParametersTestDESede.class,
+        AlgorithmParametersTestDH.class,
+        AlgorithmParametersTestDSA.class,
+        AlgorithmParametersTestEC.class,
+        AlgorithmParametersTestGCM.class,
+        AlgorithmParametersTestOAEP.class,
+        BufferUtilsTest.class,
+        CipherSuiteTest.class,
+        KeyFactoryTestDH.class,
+        KeyFactoryTestDSA.class,
+        KeyFactoryTestEC.class,
+        KeyFactoryTestRSACrt.class,
+        KeyPairGeneratorTest.class,
+        KeyPairGeneratorTestDH.class,
+        KeyPairGeneratorTestDSA.class,
+        KeyPairGeneratorTestRSA.class,
+        KeyPairGeneratorTestXDH.class,
+        MessageDigestTest.class,
+        SignatureTest.class,
+        // javax.crypto tests
+        AeadCipherTest.class,
+        CipherBasicsTest.class,
+        MacTest.class,
+        ECDHKeyAgreementTest.class,
+        KeyGeneratorTest.class,
+        XDHKeyAgreementTest.class,
+        XdhKeyFactoryTest.class,
+        XdhKeyTest.class,
+        // javax.net.ssl tests
+        KeyManagerFactoryTest.class,
+        KeyStoreBuilderParametersTest.class,
+        OptionalMethodTest.class,
+        ProtocolTest.class,
+        ScryptTest.class,
+        SNIHostNameTest.class,
+        SSLParametersTest.class,
+        VeryBasicHttpServerTest.class,
+        X509KeyManagerTest.class,
+})
+public class ConscryptAndroidSuite {
+    @BeforeClass
+    public static void setupStatic() {
+        installConscryptAsDefaultProvider();
+    }
+}

openjdk/src/test/java/org/conscrypt/ConscryptSocketTest.java

@@ -29,6 +29,17 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
 
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+
 import java.io.IOException;
 import java.lang.reflect.Field;
 import java.net.InetAddress;
@@ -49,6 +60,7 @@
 import java.util.concurrent.Executors;
 import java.util.concurrent.Future;
 import java.util.concurrent.TimeUnit;
+
 import javax.net.ssl.HandshakeCompletedEvent;
 import javax.net.ssl.HandshakeCompletedListener;
 import javax.net.ssl.KeyManager;
@@ -59,16 +71,6 @@
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized;
-import org.junit.runners.Parameterized.Parameter;
-import org.junit.runners.Parameterized.Parameters;
-import org.mockito.ArgumentMatchers;
-import org.mockito.Mockito;
 
 @RunWith(Parameterized.class)
 public class ConscryptSocketTest {

openjdk/src/test/java/org/conscrypt/ConscryptTest.java

@@ -23,7 +23,7 @@
 import static org.junit.Assert.fail;
 
 import org.conscrypt.java.security.StandardNames;
-// g3-add: import org.junit.Ignore;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;

openjdk/src/test/java/org/conscrypt/OpenSSLX509CertificateTest.java

@@ -24,6 +24,13 @@
 import static org.junit.Assert.fail;
 import static org.junit.Assume.assumeFalse;
 
+import org.conscrypt.OpenSSLX509CertificateFactory.ParsingException;
+import org.junit.Assume;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.FileNotFoundException;
@@ -35,12 +42,6 @@
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
 import java.util.Arrays;
-import org.conscrypt.OpenSSLX509CertificateFactory.ParsingException;
-import org.junit.Assume;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
 
 @RunWith(JUnit4.class)
 public class OpenSSLX509CertificateTest {

openjdk/src/test/java/org/conscrypt/ServerSessionContextTest.java

@@ -39,7 +39,7 @@ int size(ServerSessionContext context) {
         int count = 0;
         Enumeration<byte[]> ids = context.getIds();
         while (ids.hasMoreElements()) {
-            ids.nextElement();
+            Object unused = ids.nextElement();
             count++;
         }
         return count;

platform/src/main/java/org/conscrypt/Platform.java

@@ -217,7 +217,6 @@ static void setSSLParameters(
         } catch (NoSuchMethodException | IllegalArgumentException e) {
             // Do nothing.
         }
-
         List<SNIServerName> serverNames = params.getServerNames();
         if (serverNames != null) {
             for (SNIServerName serverName : serverNames) {
@@ -242,7 +241,6 @@ static void getSSLParameters(
         } catch (NoSuchMethodException | IllegalArgumentException e) {
             // Do nothing.
         }
-
         if (impl.getUseSni() && AddressUtils.isValidSniHostname(engine.getHostname())) {
             params.setServerNames(Collections.<SNIServerName>singletonList(
                     new SNIHostName(engine.getHostname())));

testing/src/main/java/org/conscrypt/java/security/CpuFeatures.java

@@ -111,6 +111,7 @@ private static List<String> getListFromCpuinfo(String fieldName) {
         return Arrays.asList(features.split("\\s"));
     }
 
+    @SuppressWarnings("RuntimeExec")
     private static List<String> getCpuFeaturesMac() {
         try {
             StringBuilder output = new StringBuilder();