Minor changes for error-prone lints errors.

common/src/main/java/org/conscrypt/Conscrypt.java

@@ -88,6 +88,7 @@ private Version(int major, int minor, int patch) {
                 patch = Integer.parseInt(props.getProperty("org.conscrypt.version.patch", "-1"));
             }
         } catch (IOException e) {
+            // TODO(prb): This should probably be fatal or have some fallback behaviour
         } finally {
             IoUtils.closeQuietly(stream);
         }

common/src/main/java/org/conscrypt/OpenSSLAeadCipher.java

@@ -220,15 +220,6 @@ boolean allowsNonceReuse() {
         return false;
     }
 
-    /**
-     * Encrypts of decrypts data in a single-part operations or finishes multiple part operation.
-     * @param input input data that is returned fully read
-     * @param output the storage buffer of the resulting encryption decryption.
-     * @return number of bytes the output buffer's position has moved by.
-     * @throws ShortBufferException if output.remaining() bytes are insufficient to hold the result.
-     * @throws IllegalBlockSizeException
-     * @throws BadPaddingException
-     */
     @Override
     protected int engineDoFinal(ByteBuffer input, ByteBuffer output) throws ShortBufferException,
             IllegalBlockSizeException, BadPaddingException {

common/src/main/java/org/conscrypt/OpenSSLX509CertificateFactory.java

@@ -114,6 +114,7 @@ T generateItem(InputStream inStream) throws ParsingException {
                     try {
                         inStream.reset();
                     } catch (IOException ignored) {
+                        // If resetting the stream fails, there's not much we can do
                     }
                 }
                 throw new ParsingException(e);
@@ -165,6 +166,7 @@ Collection<? extends T> generateItems(InputStream inStream)
                     try {
                         inStream.reset();
                     } catch (IOException ignored) {
+                        // If resetting the stream fails, there's not much we can do
                     }
                 }
                 throw new ParsingException(e);
@@ -197,6 +199,7 @@ Collection<? extends T> generateItems(InputStream inStream)
                         try {
                             inStream.reset();
                         } catch (IOException ignored) {
+                            // If resetting the stream fails, there's not much we can do
                         }
                     }
 

common/src/main/java/org/conscrypt/SSLParametersImpl.java

@@ -577,7 +577,9 @@ private static PSKKeyManager findFirstPSKKeyManager(KeyManager[] kms) {
             } else if (km != null) {
                 try {
                     return DuckTypedPSKKeyManager.getInstance(km);
-                } catch (NoSuchMethodException ignored) {}
+                } catch (NoSuchMethodException ignored) {
+                    // This PSKKeyManager doesn't support the required methods, go to the next
+                }
             }
         }
         return null;

common/src/main/java/org/conscrypt/TrustManagerImpl.java

@@ -427,10 +427,9 @@ private static byte[] getOcspDataFromSession(SSLSession session) {
                 if (rawResponses instanceof List) {
                     ocspResponses = (List<byte[]>) rawResponses;
                 }
-            } catch (NoSuchMethodException ignored) {
-            } catch (SecurityException ignored) {
-            } catch (IllegalAccessException ignored) {
-            } catch (IllegalArgumentException ignored) {
+            } catch (NoSuchMethodException | SecurityException
+                    | IllegalAccessException | IllegalArgumentException ignored) {
+                // Method not available, fall through and return null
             } catch (InvocationTargetException e) {
                 throw new RuntimeException(e.getCause());
             }
@@ -457,10 +456,9 @@ private byte[] getTlsSctDataFromSession(SSLSession session) {
             if (rawData instanceof byte[]) {
                 data = (byte[]) rawData;
             }
-        } catch (NoSuchMethodException ignored) {
-        } catch (SecurityException ignored) {
-        } catch (IllegalAccessException ignored) {
-        } catch (IllegalArgumentException ignored) {
+        } catch (NoSuchMethodException | SecurityException
+                | IllegalAccessException | IllegalArgumentException ignored) {
+            // Method not available, fall through and return null
         } catch (InvocationTargetException e) {
             throw new RuntimeException(e.getCause());
         }

common/src/test/java/org/conscrypt/java/security/KeyFactoryTestEC.java

@@ -24,8 +24,6 @@
 import java.security.spec.InvalidKeySpecException;
 import java.util.Arrays;
 import java.util.List;
-import org.junit.ClassRule;
-import org.junit.rules.TestRule;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import tests.util.ServiceTester;

common/src/test/java/org/conscrypt/java/security/KeyFactoryTestRSA.java

@@ -19,7 +19,6 @@
 
 import java.security.KeyFactory;
 import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.Provider;
 import java.security.PublicKey;
@@ -30,8 +29,6 @@
 import java.security.spec.RSAPrivateKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.security.spec.X509EncodedKeySpec;
-import java.util.Arrays;
-import java.util.List;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;

common/src/test/java/org/conscrypt/java/security/KeyFactoryTestRSACrt.java

@@ -18,9 +18,6 @@
 import java.security.KeyPair;
 import java.security.spec.RSAPrivateCrtKeySpec;
 import java.security.spec.RSAPublicKeySpec;
-import org.junit.ClassRule;
-import org.junit.Test;
-import org.junit.rules.TestRule;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import tests.util.ServiceTester;

common/src/test/java/org/conscrypt/java/security/KeyFactoryTestRSACustom.java

@@ -17,16 +17,11 @@
 
 import java.security.KeyPair;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.RSAPrivateKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.util.Arrays;
 import java.util.List;
-import org.junit.ClassRule;
-import org.junit.Test;
-import org.junit.rules.TestRule;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import tests.util.ServiceTester;

common/src/test/java/org/conscrypt/java/security/KeyPairGeneratorTestRSA.java

@@ -21,10 +21,7 @@
 @RunWith(JUnit4.class)
 public class KeyPairGeneratorTestRSA extends AbstractKeyPairGeneratorTest {
 
-    @SuppressWarnings("unchecked")
     public KeyPairGeneratorTestRSA() {
         super("RSA", new CipherAsymmetricCryptHelper("RSA"));
     }
-
 }
-

common/src/test/java/org/conscrypt/java/security/SignatureTest.java

@@ -2923,7 +2923,7 @@ public void test_NONEwithECDSA_OpaqueKey_BrokenProvider() throws Exception {
      * randomized, so this won't be the exact signature you'll get out of
      * another signing operation unless you use a fixed RNG.
      */
-    public static final byte[] SHA1withDSA_Vector2Signature = new byte[] {
+    private static final byte[] SHA1withDSA_Vector2Signature = new byte[] {
         (byte) 0x30, (byte) 0x2d, (byte) 0x02, (byte) 0x15, (byte) 0x00, (byte) 0x88, (byte) 0xef, (byte) 0xac,
         (byte) 0x2b, (byte) 0x8b, (byte) 0xe2, (byte) 0x61, (byte) 0xc6, (byte) 0x2b, (byte) 0xea, (byte) 0xd5,
         (byte) 0x96, (byte) 0xbc, (byte) 0xb0, (byte) 0xa1, (byte) 0x30, (byte) 0x0c, (byte) 0x1f, (byte) 0xed,
@@ -2937,7 +2937,7 @@ public void test_NONEwithECDSA_OpaqueKey_BrokenProvider() throws Exception {
      * randomized, so this won't be the exact signature you'll get out of
      * another signing operation unless you use a fixed RNG.
      */
-    public static final byte[] SHA224withDSA_Vector2Signature = new byte[] {
+    private static final byte[] SHA224withDSA_Vector2Signature = new byte[] {
         (byte) 0x30, (byte) 0x2D, (byte) 0x02, (byte) 0x15, (byte) 0x00, (byte) 0xAD, (byte) 0xE5, (byte) 0x6D,
         (byte) 0xF5, (byte) 0x11, (byte) 0x8D, (byte) 0x2E, (byte) 0x62, (byte) 0x5D, (byte) 0x98, (byte) 0x8A,
         (byte) 0xC4, (byte) 0x88, (byte) 0x7E, (byte) 0xE6, (byte) 0xA3, (byte) 0x44, (byte) 0x99, (byte) 0xEF,
@@ -2951,7 +2951,7 @@ public void test_NONEwithECDSA_OpaqueKey_BrokenProvider() throws Exception {
      * randomized, so this won't be the exact signature you'll get out of
      * another signing operation unless you use a fixed RNG.
      */
-    public static final byte[] SHA256withDSA_Vector2Signature = new byte[] {
+    private static final byte[] SHA256withDSA_Vector2Signature = new byte[] {
         (byte) 0x30, (byte) 0x2D, (byte) 0x02, (byte) 0x14, (byte) 0x0A, (byte) 0xB1, (byte) 0x74, (byte) 0x45,
         (byte) 0xE1, (byte) 0x63, (byte) 0x43, (byte) 0x68, (byte) 0x65, (byte) 0xBC, (byte) 0xCA, (byte) 0x45,
         (byte) 0x27, (byte) 0x11, (byte) 0x4D, (byte) 0x52, (byte) 0xFB, (byte) 0x22, (byte) 0x93, (byte) 0xDD,

common/src/test/java/org/conscrypt/javax/crypto/CipherTest.java

@@ -2118,7 +2118,7 @@ private Certificate certificateWithKeyUsage(int keyUsage) throws Exception {
     /*
      * echo -n 'This is a test of OAEP' | xxd -p -i | sed 's/0x/(byte) 0x/g'
      */
-    public static final byte[] RSA_Vector2_Plaintext = new byte[] {
+    private static final byte[] RSA_Vector2_Plaintext = new byte[] {
             (byte) 0x54, (byte) 0x68, (byte) 0x69, (byte) 0x73, (byte) 0x20, (byte) 0x69,
             (byte) 0x73, (byte) 0x20, (byte) 0x61, (byte) 0x20, (byte) 0x74, (byte) 0x65,
             (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20,
@@ -2130,7 +2130,7 @@ private Certificate certificateWithKeyUsage(int keyUsage) throws Exception {
      * -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha1 -pkeyopt rsa_mgf1_md:sha1 \
      * | xxd -p -i | sed 's/0x/(byte) 0x/g'
      */
-    public static final byte[] RSA_Vector2_OAEP_SHA1_MGF1_SHA1 = new byte[] {
+    private static final byte[] RSA_Vector2_OAEP_SHA1_MGF1_SHA1 = new byte[] {
             (byte) 0x53, (byte) 0x71, (byte) 0x84, (byte) 0x2e, (byte) 0x01, (byte) 0x74,
             (byte) 0x82, (byte) 0xb3, (byte) 0x01, (byte) 0xac, (byte) 0x2b, (byte) 0xbd,
             (byte) 0x40, (byte) 0xa7, (byte) 0x5b, (byte) 0x60, (byte) 0xf1, (byte) 0xde,
@@ -2179,7 +2179,7 @@ private Certificate certificateWithKeyUsage(int keyUsage) throws Exception {
     /*
      * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey rsakey.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1 | xxd -p -i | sed 's/0x/(byte) 0x/g'
      */
-    public static final byte[] RSA_Vector2_OAEP_SHA256_MGF1_SHA1 = new byte[] {
+    private static final byte[] RSA_Vector2_OAEP_SHA256_MGF1_SHA1 = new byte[] {
             (byte) 0x25, (byte) 0x9f, (byte) 0xc3, (byte) 0x69, (byte) 0xbc, (byte) 0x3f,
             (byte) 0xe7, (byte) 0x9e, (byte) 0x76, (byte) 0xef, (byte) 0x6c, (byte) 0xd2,
             (byte) 0x2b, (byte) 0x7b, (byte) 0xf0, (byte) 0xeb, (byte) 0xc2, (byte) 0x28,
@@ -2228,7 +2228,7 @@ private Certificate certificateWithKeyUsage(int keyUsage) throws Exception {
     /*
      * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey /tmp/rsakey.txt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1 -pkeyopt rsa_oaep_label:010203FFA00A | xxd -p -i | sed 's/0x/(byte) 0x/g'
      */
-    public static final byte[] RSA_Vector2_OAEP_SHA256_MGF1_SHA1_LABEL = new byte[] {
+    private static final byte[] RSA_Vector2_OAEP_SHA256_MGF1_SHA1_LABEL = new byte[] {
             (byte) 0x80, (byte) 0xb1, (byte) 0xf2, (byte) 0xc2, (byte) 0x03, (byte) 0xc5,
             (byte) 0xdf, (byte) 0xbd, (byte) 0xed, (byte) 0xfe, (byte) 0xe6, (byte) 0xff,
             (byte) 0xd3, (byte) 0x38, (byte) 0x1e, (byte) 0x6d, (byte) 0xae, (byte) 0x47,
@@ -2279,7 +2279,7 @@ private Certificate certificateWithKeyUsage(int keyUsage) throws Exception {
      * -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha224 -pkeyopt rsa_mgf1_md:sha224 \
      * | xxd -p -i | sed 's/0x/(byte) 0x/g'
      */
-    public static final byte[] RSA_Vector2_OAEP_SHA224_MGF1_SHA224 = new byte[] {
+    private static final byte[] RSA_Vector2_OAEP_SHA224_MGF1_SHA224 = new byte[] {
             (byte) 0xae, (byte) 0xdd, (byte) 0xe6, (byte) 0xab, (byte) 0x00, (byte) 0xd6,
             (byte) 0x1e, (byte) 0x7e, (byte) 0x85, (byte) 0x63, (byte) 0xab, (byte) 0x51,
             (byte) 0x79, (byte) 0x92, (byte) 0xf1, (byte) 0xb9, (byte) 0x4f, (byte) 0x23,
@@ -2330,7 +2330,7 @@ private Certificate certificateWithKeyUsage(int keyUsage) throws Exception {
      * -pkeyopt rsa_padding_mode:oaep -pkey rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 \
      * | xxd -p -i | sed 's/0x/(byte) 0x/g'
      */
-    public static final byte[] RSA_Vector2_OAEP_SHA256_MGF1_SHA256 = new byte[] {
+    private static final byte[] RSA_Vector2_OAEP_SHA256_MGF1_SHA256 = new byte[] {
             (byte) 0x6a, (byte) 0x2b, (byte) 0xb2, (byte) 0xa3, (byte) 0x26, (byte) 0xa6,
             (byte) 0x7a, (byte) 0x4a, (byte) 0x1f, (byte) 0xe5, (byte) 0xc8, (byte) 0x94,
             (byte) 0x11, (byte) 0x1a, (byte) 0x92, (byte) 0x07, (byte) 0x0a, (byte) 0xf4,
@@ -2381,7 +2381,7 @@ private Certificate certificateWithKeyUsage(int keyUsage) throws Exception {
      * -pkeyopt rsa_padding_mode:oaep -pkey rsa_oaep_md:sha384 -pkeyopt rsa_mgf1_md:sha384 \
      * | xxd -p -i | sed 's/0x/(byte) 0x/g'
      */
-    public static final byte[] RSA_Vector2_OAEP_SHA384_MGF1_SHA384 = new byte[] {
+    private static final byte[] RSA_Vector2_OAEP_SHA384_MGF1_SHA384 = new byte[] {
             (byte) 0xa1, (byte) 0xb3, (byte) 0x3b, (byte) 0x34, (byte) 0x69, (byte) 0x9e,
             (byte) 0xd8, (byte) 0xa0, (byte) 0x37, (byte) 0x2c, (byte) 0xeb, (byte) 0xef,
             (byte) 0xf2, (byte) 0xaf, (byte) 0xfa, (byte) 0x63, (byte) 0x5d, (byte) 0x88,
@@ -2432,7 +2432,7 @@ private Certificate certificateWithKeyUsage(int keyUsage) throws Exception {
      * -pkeyopt rsa_padding_mode:oaep -pkey rsa_oaep_md:sha512 -pkeyopt rsa_mgf1_md:sha512 \
      * | xxd -p -i | sed 's/0x/(byte) 0x/g'
      */
-    public static final byte[] RSA_Vector2_OAEP_SHA512_MGF1_SHA512 = new byte[] {
+    private static final byte[] RSA_Vector2_OAEP_SHA512_MGF1_SHA512 = new byte[] {
             (byte) 0x75, (byte) 0x0f, (byte) 0xf9, (byte) 0x21, (byte) 0xca, (byte) 0xcc,
             (byte) 0x0e, (byte) 0x13, (byte) 0x9e, (byte) 0x38, (byte) 0xa4, (byte) 0xa7,
             (byte) 0xee, (byte) 0x61, (byte) 0x6d, (byte) 0x56, (byte) 0xea, (byte) 0x36,
@@ -2481,7 +2481,7 @@ private Certificate certificateWithKeyUsage(int keyUsage) throws Exception {
     /*
      * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey /tmp/rsakey.txt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha512 -pkeyopt rsa_mgf1_md:sha512 -pkeyopt rsa_oaep_label:010203FFA00A | xxd -p -i | sed 's/0x/(byte) 0x/g'
      */
-    public static final byte[] RSA_Vector2_OAEP_SHA512_MGF1_SHA512_LABEL = new byte[] {
+    private static final byte[] RSA_Vector2_OAEP_SHA512_MGF1_SHA512_LABEL = new byte[] {
             (byte) 0x31, (byte) 0x3b, (byte) 0x23, (byte) 0xcf, (byte) 0x40, (byte) 0xfe,
             (byte) 0x15, (byte) 0x94, (byte) 0xd6, (byte) 0x81, (byte) 0x21, (byte) 0x69,
             (byte) 0x8e, (byte) 0x58, (byte) 0xd5, (byte) 0x0f, (byte) 0xa8, (byte) 0x72,

common/src/test/java/org/conscrypt/javax/net/ssl/SSLEngineVersionCompatibilityTest.java

@@ -758,7 +758,7 @@ void beforeBeginHandshake(SSLEngine client, SSLEngine server) {
                     });
             fail();
         } catch (SSLHandshakeException e) {
-            assertEquals(e.getMessage(), "SNI match failed: any.host");
+            assertEquals("SNI match failed: any.host", e.getMessage());
         }
     }
 

openjdk/src/main/java/org/conscrypt/Java8PlatformUtil.java

@@ -42,15 +42,6 @@ static void setSSLParameters(
         }
     }
 
-    static void getSSLParameters(
-            SSLParameters params, SSLParametersImpl impl, AbstractConscryptSocket socket) {
-        getSSLParameters(params, impl);
-        if (impl.getUseSni() && AddressUtils.isValidSniHostname(socket.getHostname())) {
-            params.setServerNames(Collections.singletonList(
-                    (SNIServerName) new SNIHostName(socket.getHostname())));
-        }
-    }
-
     static void setSSLParameters(
             SSLParameters params, SSLParametersImpl impl, ConscryptEngine engine) {
         setSSLParameters(params, impl);
@@ -60,6 +51,16 @@ static void setSSLParameters(
             engine.setHostname(sniHost);
         }
     }
+
+    static void getSSLParameters(
+            SSLParameters params, SSLParametersImpl impl, AbstractConscryptSocket socket) {
+        getSSLParameters(params, impl);
+        if (impl.getUseSni() && AddressUtils.isValidSniHostname(socket.getHostname())) {
+            params.setServerNames(Collections.singletonList(
+                    (SNIServerName) new SNIHostName(socket.getHostname())));
+        }
+    }
+
     static void getSSLParameters(
             SSLParameters params, SSLParametersImpl impl, ConscryptEngine engine) {
         getSSLParameters(params, impl);

openjdk/src/main/java/org/conscrypt/Platform.java

@@ -99,6 +99,7 @@ final class Platform {
             getCurveNameMethod = ECParameterSpec.class.getDeclaredMethod("getCurveName");
             getCurveNameMethod.setAccessible(true);
         } catch (Exception ignored) {
+            // Method not available, leave it as null, which is checked before use
         }
         GET_CURVE_NAME_METHOD = getCurveNameMethod;
     }
@@ -580,10 +581,8 @@ public static String getOriginalHostNameFromInetAddress(InetAddress addr) {
             return originalHostName;
         } catch (InvocationTargetException e) {
             throw new RuntimeException("Failed to get originalHostName", e);
-        } catch (ClassNotFoundException ignore) {
+        } catch (ClassNotFoundException | IllegalAccessException | NoSuchMethodException ignore) {
             // passthrough and return addr.getHostAddress()
-        } catch (IllegalAccessException ignore) {
-        } catch (NoSuchMethodException ignore) {
         }
 
         return addr.getHostAddress();
@@ -657,9 +656,10 @@ static KeyStore getDefaultCertKeyStore() throws KeyStoreException {
         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
         try {
             ks.load(null, null);
-        } catch (CertificateException ignored) {
         } catch (NoSuchAlgorithmException ignored) {
-        } catch (IOException ignored) {
+            // TODO(prb): Should this be re-thrown? It happens if "the algorithm used to check
+            // the integrity of the KeyStore cannot be found".
+        } catch (IOException | CertificateException ignored) {
             // We're not loading anything, so ignore it
         }
         // Find the highest-priority non-Conscrypt provider that provides a PKIX