diff options
| author | 2017-05-01 16:38:45 -0700 | |
|---|---|---|
| committer | 2017-05-01 16:39:20 -0700 | |
| commit | 91abf9f6e2c60b05377b2b82ea2a09fc25476e56 (patch) | |
| tree | 24739cefc13f9d57fa8c8e3574c7d6eb5efbe865 /keystore/tests | |
| parent | 7fdce769c3ef3885ec8f1716bdeedfc8b056a1d7 (diff) | |
Delete obsolete and unused KeyStoreTests
These depended on internal implementation details of Conscrypt that are
changing. Delete these tests since they're not included in builds any
more.
Test: make checkbuild
Change-Id: I6ddf832c30bcf49e940c55aa81534c3d987393fb
Diffstat (limited to 'keystore/tests')
7 files changed, 0 insertions, 3903 deletions
diff --git a/keystore/tests/Android.mk b/keystore/tests/Android.mk deleted file mode 100644 index a740b1342690..000000000000 --- a/keystore/tests/Android.mk +++ /dev/null @@ -1,16 +0,0 @@ -LOCAL_PATH:= $(call my-dir) -include $(CLEAR_VARS) - -# We only want this apk build for tests. -LOCAL_MODULE_TAGS := tests -LOCAL_CERTIFICATE := platform - -LOCAL_JAVA_LIBRARIES := android.test.runner bouncycastle conscrypt -LOCAL_STATIC_JAVA_LIBRARIES := junit legacy-android-test - -# Include all test java files. -LOCAL_SRC_FILES := $(call all-java-files-under, src) - -LOCAL_PACKAGE_NAME := KeyStoreTests - -include $(BUILD_PACKAGE) diff --git a/keystore/tests/AndroidManifest.xml b/keystore/tests/AndroidManifest.xml deleted file mode 100644 index 415442f85acb..000000000000 --- a/keystore/tests/AndroidManifest.xml +++ /dev/null @@ -1,29 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- Copyright (C) 2009 The Android Open Source Project - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> - -<manifest xmlns:android="http://schemas.android.com/apk/res/android" - package="android.security.tests" - android:sharedUserId="android.uid.system"> - - <application> - <uses-library android:name="android.test.runner" /> - </application> - - <instrumentation android:name="android.test.InstrumentationTestRunner" - android:targetPackage="android.security.tests" - android:label="KeyStore Tests"> - </instrumentation> -</manifest> diff --git a/keystore/tests/src/android/security/KeyPairGeneratorSpecTest.java b/keystore/tests/src/android/security/KeyPairGeneratorSpecTest.java deleted file mode 100644 index bc8dd13e99f3..000000000000 --- a/keystore/tests/src/android/security/KeyPairGeneratorSpecTest.java +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Copyright (C) 2012 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security; - -import android.test.AndroidTestCase; - -import java.math.BigInteger; -import java.util.Date; - -import javax.security.auth.x500.X500Principal; - -public class KeyPairGeneratorSpecTest extends AndroidTestCase { - private static final String TEST_ALIAS_1 = "test1"; - - private static final X500Principal TEST_DN_1 = new X500Principal("CN=test1"); - - private static final long NOW_MILLIS = System.currentTimeMillis(); - - private static final BigInteger SERIAL_1 = BigInteger.ONE; - - /* We have to round this off because X509v3 doesn't store milliseconds. */ - private static final Date NOW = new Date(NOW_MILLIS - (NOW_MILLIS % 1000L)); - - @SuppressWarnings("deprecation") - private static final Date NOW_PLUS_10_YEARS = new Date(NOW.getYear() + 10, 0, 1); - - public void testConstructor_Success() throws Exception { - KeyPairGeneratorSpec spec = - new KeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, - SERIAL_1, NOW, NOW_PLUS_10_YEARS, 0); - - assertEquals("Context should be the one specified", getContext(), spec.getContext()); - - assertEquals("Alias should be the one specified", TEST_ALIAS_1, spec.getKeystoreAlias()); - - assertEquals("Key algorithm should be the one specified", "RSA", spec.getKeyType()); - - assertEquals("Key size should be the one specified", 1024, spec.getKeySize()); - - assertEquals("subjectDN should be the one specified", TEST_DN_1, spec.getSubjectDN()); - - assertEquals("startDate should be the one specified", NOW, spec.getStartDate()); - - assertEquals("endDate should be the one specified", NOW_PLUS_10_YEARS, spec.getEndDate()); - } - - public void testBuilder_Success() throws Exception { - KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setKeyType("RSA") - .setKeySize(1024) - .setSubject(TEST_DN_1) - .setSerialNumber(SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .setEncryptionRequired() - .build(); - - assertEquals("Context should be the one specified", getContext(), spec.getContext()); - - assertEquals("Alias should be the one specified", TEST_ALIAS_1, spec.getKeystoreAlias()); - - assertEquals("Key algorithm should be the one specified", "RSA", spec.getKeyType()); - - assertEquals("Key size should be the one specified", 1024, spec.getKeySize()); - - assertEquals("subjectDN should be the one specified", TEST_DN_1, spec.getSubjectDN()); - - assertEquals("startDate should be the one specified", NOW, spec.getStartDate()); - - assertEquals("endDate should be the one specified", NOW_PLUS_10_YEARS, spec.getEndDate()); - - assertEquals("encryption flag should be on", KeyStore.FLAG_ENCRYPTED, spec.getFlags()); - } - - public void testConstructor_NullContext_Failure() throws Exception { - try { - new KeyPairGeneratorSpec(null, TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, SERIAL_1, NOW, - NOW_PLUS_10_YEARS, 0); - fail("Should throw IllegalArgumentException when context is null"); - } catch (IllegalArgumentException success) { - } - } - - public void testConstructor_NullKeystoreAlias_Failure() throws Exception { - try { - new KeyPairGeneratorSpec(getContext(), null, "RSA", 1024, null, TEST_DN_1, SERIAL_1, NOW, - NOW_PLUS_10_YEARS, 0); - fail("Should throw IllegalArgumentException when keystoreAlias is null"); - } catch (IllegalArgumentException success) { - } - } - - public void testConstructor_NullSubjectDN_Failure() throws Exception { - try { - new KeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, "RSA", 1024, null, null, SERIAL_1, NOW, - NOW_PLUS_10_YEARS, 0); - fail("Should throw IllegalArgumentException when subjectDN is null"); - } catch (IllegalArgumentException success) { - } - } - - public void testConstructor_NullSerial_Failure() throws Exception { - try { - new KeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, null, NOW, - NOW_PLUS_10_YEARS, 0); - fail("Should throw IllegalArgumentException when startDate is null"); - } catch (IllegalArgumentException success) { - } - } - - public void testConstructor_NullStartDate_Failure() throws Exception { - try { - new KeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, SERIAL_1, - null, NOW_PLUS_10_YEARS, 0); - fail("Should throw IllegalArgumentException when startDate is null"); - } catch (IllegalArgumentException success) { - } - } - - public void testConstructor_NullEndDate_Failure() throws Exception { - try { - new KeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, SERIAL_1, - NOW, null, 0); - fail("Should throw IllegalArgumentException when keystoreAlias is null"); - } catch (IllegalArgumentException success) { - } - } - - public void testConstructor_EndBeforeStart_Failure() throws Exception { - try { - new KeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, SERIAL_1, - NOW_PLUS_10_YEARS, NOW, 0); - fail("Should throw IllegalArgumentException when end is before start"); - } catch (IllegalArgumentException success) { - } - } -} diff --git a/keystore/tests/src/android/security/KeyStoreTest.java b/keystore/tests/src/android/security/KeyStoreTest.java deleted file mode 100644 index 319cf32397a1..000000000000 --- a/keystore/tests/src/android/security/KeyStoreTest.java +++ /dev/null @@ -1,974 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security; - -import android.app.Activity; -import android.os.Binder; -import android.os.IBinder; -import android.os.Process; -import android.security.keymaster.ExportResult; -import android.security.keymaster.KeyCharacteristics; -import android.security.keymaster.KeymasterArguments; -import android.security.keymaster.KeymasterBlob; -import android.security.keymaster.KeymasterDefs; -import android.security.keymaster.OperationResult; -import android.test.ActivityUnitTestCase; -import android.test.AssertionFailedError; -import android.test.MoreAsserts; -import android.test.suitebuilder.annotation.MediumTest; -import com.android.org.conscrypt.NativeConstants; -import java.nio.charset.StandardCharsets; -import java.util.Arrays; -import java.util.HashSet; -import java.security.spec.RSAKeyGenParameterSpec; - -/** - * Junit / Instrumentation test case for KeyStore class - * - * Running the test suite: - * - * runtest keystore-unit - * - * Or this individual test case: - * - * runtest --path frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java - */ -@MediumTest -public class KeyStoreTest extends ActivityUnitTestCase<Activity> { - private static final String TEST_PASSWD = "12345678"; - private static final String TEST_PASSWD2 = "87654321"; - private static final String TEST_KEYNAME = "test-key"; - private static final String TEST_KEYNAME1 = "test-key.1"; - private static final String TEST_KEYNAME2 = "test-key\02"; - private static final byte[] TEST_KEYVALUE = "test value".getBytes(StandardCharsets.UTF_8); - - // "Hello, World" in Chinese - private static final String TEST_I18N_KEY = "\u4F60\u597D, \u4E16\u754C"; - private static final byte[] TEST_I18N_VALUE = TEST_I18N_KEY.getBytes(StandardCharsets.UTF_8); - - // Test vector data for signatures - private static final int RSA_KEY_SIZE = 1024; - private static final byte[] TEST_DATA = new byte[RSA_KEY_SIZE / 8]; - static { - for (int i = 0; i < TEST_DATA.length; i++) { - TEST_DATA[i] = (byte) i; - } - } - - private KeyStore mKeyStore = null; - - public KeyStoreTest() { - super(Activity.class); - } - - private static final byte[] PRIVKEY_BYTES = hexToBytes( - "308204BE020100300D06092A864886F70D0101010500048204A8308204A4020100028201" + - "0100E0473E8AB8F2284FEB9E742FF9748FA118ED98633C92F52AEB7A2EBE0D3BE60329BE" + - "766AD10EB6A515D0D2CFD9BEA7930F0C306537899F7958CD3E85B01F8818524D312584A9" + - "4B251E3625B54141EDBFEE198808E1BB97FC7CB49B9EAAAF68E9C98D7D0EDC53BBC0FA00" + - "34356D6305FBBCC3C7001405386ABBC873CB0F3EF7425F3D33DF7B315AE036D2A0B66AFD" + - "47503B169BF36E3B5162515B715FDA83DEAF2C58AEB9ABFB3097C3CC9DD9DBE5EF296C17" + - "6139028E8A671E63056D45F40188D2C4133490845DE52C2534E9C6B2478C07BDAE928823" + - "B62D066C7770F9F63F3DBA247F530844747BE7AAA85D853B8BD244ACEC3DE3C89AB46453" + - "AB4D24C3AC6902030100010282010037784776A5F17698F5AC960DFB83A1B67564E648BD" + - "0597CF8AB8087186F2669C27A9ECBDD480F0197A80D07309E6C6A96F925331E57F8B4AC6" + - "F4D45EDA45A23269C09FC428C07A4E6EDF738A15DEC97FABD2F2BB47A14F20EA72FCFE4C" + - "36E01ADA77BD137CD8D4DA10BB162E94A4662971F175F985FA188F056CB97EE2816F43AB" + - "9D3747612486CDA8C16196C30818A995EC85D38467791267B3BF21F273710A6925862576" + - "841C5B6712C12D4BD20A2F3299ADB7C135DA5E9515ABDA76E7CAF2A3BE80551D073B78BF" + - "1162C48AD2B7F4743A0238EE4D252F7D5E7E6533CCAE64CCB39360075A2FD1E034EC3AE5" + - "CE9C408CCBF0E25E4114021687B3DD4754AE8102818100F541884BC3737B2922D4119EF4" + - "5E2DEE2CD4CBB75F45505A157AA5009F99C73A2DF0724AC46024306332EA898177634546" + - "5DC6DF1E0A6F140AFF3B7396E6A8994AC5DAA96873472FE37749D14EB3E075E629DBEB35" + - "83338A6F3649D0A2654A7A42FD9AB6BFA4AC4D481D390BB229B064BDC311CC1BE1B63189" + - "DA7C40CDECF2B102818100EA1A742DDB881CEDB7288C87E38D868DD7A409D15A43F445D5" + - "377A0B5731DDBFCA2DAF28A8E13CD5C0AFCEC3347D74A39E235A3CD9633F274DE2B94F92" + - "DF43833911D9E9F1CF58F27DE2E08FF45964C720D3EC2139DC7CAFC912953CDECB2F355A" + - "2E2C35A50FAD754CB3B23166424BA3B6E3112A2B898C38C5C15EDB238693390281805182" + - "8F1EC6FD996029901BAF1D7E337BA5F0AF27E984EAD895ACE62BD7DF4EE45A224089F2CC" + - "151AF3CD173FCE0474BCB04F386A2CDCC0E0036BA2419F54579262D47100BE931984A3EF" + - "A05BECF141574DC079B3A95C4A83E6C43F3214D6DF32D512DE198085E531E616B83FD7DD" + - "9D1F4E2607C3333D07C55D107D1D3893587102818100DB4FB50F50DE8EDB53FF34C80931" + - "88A0512867DA2CCA04897759E587C244010DAF8664D59E8083D16C164789301F67A9F078" + - "060D834A2ADBD367575B68A8A842C2B02A89B3F31FCCEC8A22FE395795C5C6C7422B4E5D" + - "74A1E9A8F30E7759B9FC2D639C1F15673E84E93A5EF1506F4315383C38D45CBD1B14048F" + - "4721DC82326102818100D8114593AF415FB612DBF1923710D54D07486205A76A3B431949" + - "68C0DFF1F11EF0F61A4A337D5FD3741BBC9640E447B8B6B6C47C3AC1204357D3B0C55BA9" + - "286BDA73F629296F5FA9146D8976357D3C751E75148696A40B74685C82CE30902D639D72" + - "4FF24D5E2E9407EE34EDED2E3B4DF65AA9BCFEB6DF28D07BA6903F165768"); - - private static final byte[] AES256_BYTES = hexToBytes( - "0CC175B9C0F1B6A831C399E269772661CEC520EA51EA0A47E87295FA3245A605"); - - private static byte[] hexToBytes(String s) { - int len = s.length(); - byte[] data = new byte[len / 2]; - for (int i = 0; i < len; i += 2) { - data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit( - s.charAt(i + 1), 16)); - } - return data; - } - - @Override - protected void setUp() throws Exception { - mKeyStore = KeyStore.getInstance(); - if (mKeyStore.state() != KeyStore.State.UNINITIALIZED) { - mKeyStore.reset(); - } - assertEquals("KeyStore should be in an uninitialized state", - KeyStore.State.UNINITIALIZED, mKeyStore.state()); - super.setUp(); - } - - @Override - protected void tearDown() throws Exception { - mKeyStore.reset(); - super.tearDown(); - } - - public void testState() throws Exception { - assertEquals(KeyStore.State.UNINITIALIZED, mKeyStore.state()); - } - - public void testPassword() throws Exception { - assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); - } - - public void testGet() throws Exception { - assertNull(mKeyStore.get(TEST_KEYNAME)); - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - assertNull(mKeyStore.get(TEST_KEYNAME)); - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, - KeyStore.FLAG_ENCRYPTED)); - assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); - } - - public void testPut() throws Exception { - assertNull(mKeyStore.get(TEST_KEYNAME)); - assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, - KeyStore.FLAG_ENCRYPTED)); - assertFalse(mKeyStore.contains(TEST_KEYNAME)); - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, - KeyStore.FLAG_ENCRYPTED)); - assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); - } - - public void testPut_grantedUid_Wifi() throws Exception { - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, - KeyStore.FLAG_ENCRYPTED)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, - KeyStore.FLAG_ENCRYPTED)); - assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - } - - public void testPut_ungrantedUid_Bluetooth() throws Exception { - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, - KeyStore.FLAG_ENCRYPTED)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, - KeyStore.FLAG_ENCRYPTED)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - } - - public void testI18n() throws Exception { - assertFalse(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE, KeyStore.UID_SELF, - KeyStore.FLAG_ENCRYPTED)); - assertFalse(mKeyStore.contains(TEST_I18N_KEY)); - mKeyStore.onUserPasswordChanged(TEST_I18N_KEY); - assertTrue(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE, KeyStore.UID_SELF, - KeyStore.FLAG_ENCRYPTED)); - assertTrue(mKeyStore.contains(TEST_I18N_KEY)); - } - - public void testDelete() throws Exception { - assertFalse(mKeyStore.delete(TEST_KEYNAME)); - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - assertFalse(mKeyStore.delete(TEST_KEYNAME)); - - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, - KeyStore.FLAG_ENCRYPTED)); - assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); - assertTrue(mKeyStore.delete(TEST_KEYNAME)); - assertNull(mKeyStore.get(TEST_KEYNAME)); - } - - public void testDelete_grantedUid_Wifi() throws Exception { - assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); - - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, - KeyStore.FLAG_ENCRYPTED)); - assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - assertTrue(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - } - - public void testDelete_ungrantedUid_Bluetooth() throws Exception { - assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); - - assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, - KeyStore.FLAG_ENCRYPTED)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - } - - public void testContains() throws Exception { - assertFalse(mKeyStore.contains(TEST_KEYNAME)); - - assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - assertFalse(mKeyStore.contains(TEST_KEYNAME)); - - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, - KeyStore.FLAG_ENCRYPTED)); - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - } - - public void testContains_grantedUid_Wifi() throws Exception { - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - - assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, - KeyStore.FLAG_ENCRYPTED)); - assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - } - - public void testContains_grantedUid_Bluetooth() throws Exception { - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - - assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - - assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, - KeyStore.FLAG_ENCRYPTED)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - } - - public void testList() throws Exception { - String[] emptyResult = mKeyStore.list(TEST_KEYNAME); - assertNotNull(emptyResult); - assertEquals(0, emptyResult.length); - - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); - mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); - - String[] results = mKeyStore.list(TEST_KEYNAME); - assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), - TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), - new HashSet(Arrays.asList(results))); - } - - public void testList_ungrantedUid_Bluetooth() throws Exception { - String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.BLUETOOTH_UID); - assertEquals(0, results1.length); - - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); - mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); - - String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.BLUETOOTH_UID); - assertEquals(0, results2.length); - } - - public void testList_grantedUid_Wifi() throws Exception { - String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.WIFI_UID); - assertNotNull(results1); - assertEquals(0, results1.length); - - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); - mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); - - String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.WIFI_UID); - assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), - TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), - new HashSet(Arrays.asList(results2))); - } - - public void testList_grantedUid_Vpn() throws Exception { - String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.VPN_UID); - assertNotNull(results1); - assertEquals(0, results1.length); - - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); - mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); - - String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.VPN_UID); - assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), - TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), - new HashSet(Arrays.asList(results2))); - } - - public void testLock() throws Exception { - assertFalse(mKeyStore.lock()); - - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); - - assertTrue(mKeyStore.lock()); - assertEquals(KeyStore.State.LOCKED, mKeyStore.state()); - } - - public void testUnlock() throws Exception { - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); - mKeyStore.lock(); - - assertFalse(mKeyStore.unlock(TEST_PASSWD2)); - assertTrue(mKeyStore.unlock(TEST_PASSWD)); - } - - public void testIsEmpty() throws Exception { - assertTrue(mKeyStore.isEmpty()); - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - assertTrue(mKeyStore.isEmpty()); - mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); - assertFalse(mKeyStore.isEmpty()); - mKeyStore.reset(); - assertTrue(mKeyStore.isEmpty()); - } - - public void testGenerate_NotInitialized_Fail() throws Exception { - assertFalse("Should fail when keystore is not initialized", - mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - } - - public void testGenerate_Locked_Fail() throws Exception { - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - mKeyStore.lock(); - assertFalse("Should fail when keystore is locked", - mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - } - - public void testGenerate_Success() throws Exception { - assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to generate key when unlocked", - mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - } - - public void testGenerate_grantedUid_Wifi_Success() throws Exception { - assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to generate key when unlocked", - mKeyStore.generate(TEST_KEYNAME, Process.WIFI_UID, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - assertFalse(mKeyStore.contains(TEST_KEYNAME)); - } - - public void testGenerate_ungrantedUid_Bluetooth_Failure() throws Exception { - assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertFalse(mKeyStore.generate(TEST_KEYNAME, Process.BLUETOOTH_UID, - NativeConstants.EVP_PKEY_RSA, RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - assertFalse(mKeyStore.contains(TEST_KEYNAME)); - } - - public void testImport_Success() throws Exception { - assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, - PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - } - - public void testImport_grantedUid_Wifi_Success() throws Exception { - assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, - PRIVKEY_BYTES, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - assertFalse(mKeyStore.contains(TEST_KEYNAME)); - } - - public void testImport_ungrantedUid_Bluetooth_Failure() throws Exception { - assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertFalse(mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES, Process.BLUETOOTH_UID, - KeyStore.FLAG_ENCRYPTED)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - assertFalse(mKeyStore.contains(TEST_KEYNAME)); - } - - public void testImport_Failure_BadEncoding() throws Exception { - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - - assertFalse("Invalid DER-encoded key should not be imported", mKeyStore.importKey( - TEST_KEYNAME, TEST_DATA, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertFalse(mKeyStore.contains(TEST_KEYNAME)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - } - - public void testSign_Success() throws Exception { - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - - assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA); - - assertNotNull("Signature should not be null", signature); - } - - public void testVerify_Success() throws Exception { - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - - assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA); - - assertNotNull("Signature should not be null", signature); - - assertTrue("Signature should verify with same data", - mKeyStore.verify(TEST_KEYNAME, TEST_DATA, signature)); - } - - public void testSign_NotInitialized_Failure() throws Exception { - assertNull("Should not be able to sign without first initializing the keystore", - mKeyStore.sign(TEST_KEYNAME, TEST_DATA)); - } - - public void testSign_NotGenerated_Failure() throws Exception { - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - - assertNull("Should not be able to sign without first generating keys", - mKeyStore.sign(TEST_KEYNAME, TEST_DATA)); - } - - public void testGrant_Generated_Success() throws Exception { - assertTrue("Password should work for keystore", - mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to generate key for testcase", - mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - - assertTrue("Should be able to grant key to other user", - mKeyStore.grant(TEST_KEYNAME, 0)); - } - - public void testGrant_Imported_Success() throws Exception { - assertTrue("Password should work for keystore", mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to import key for testcase", mKeyStore.importKey(TEST_KEYNAME, - PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertTrue("Should be able to grant key to other user", mKeyStore.grant(TEST_KEYNAME, 0)); - } - - public void testGrant_NoKey_Failure() throws Exception { - assertTrue("Should be able to unlock keystore for test", - mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertFalse("Should not be able to grant without first initializing the keystore", - mKeyStore.grant(TEST_KEYNAME, 0)); - } - - public void testGrant_NotInitialized_Failure() throws Exception { - assertFalse("Should not be able to grant without first initializing the keystore", - mKeyStore.grant(TEST_KEYNAME, 0)); - } - - public void testUngrant_Generated_Success() throws Exception { - assertTrue("Password should work for keystore", - mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to generate key for testcase", - mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - - assertTrue("Should be able to grant key to other user", - mKeyStore.grant(TEST_KEYNAME, 0)); - - assertTrue("Should be able to ungrant key to other user", - mKeyStore.ungrant(TEST_KEYNAME, 0)); - } - - public void testUngrant_Imported_Success() throws Exception { - assertTrue("Password should work for keystore", - mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to import key for testcase", mKeyStore.importKey(TEST_KEYNAME, - PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertTrue("Should be able to grant key to other user", - mKeyStore.grant(TEST_KEYNAME, 0)); - - assertTrue("Should be able to ungrant key to other user", - mKeyStore.ungrant(TEST_KEYNAME, 0)); - } - - public void testUngrant_NotInitialized_Failure() throws Exception { - assertFalse("Should fail to ungrant key when keystore not initialized", - mKeyStore.ungrant(TEST_KEYNAME, 0)); - } - - public void testUngrant_NoGrant_Failure() throws Exception { - assertTrue("Password should work for keystore", - mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to generate key for testcase", - mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - - assertFalse("Should not be able to revoke not existent grant", - mKeyStore.ungrant(TEST_KEYNAME, 0)); - } - - public void testUngrant_DoubleUngrant_Failure() throws Exception { - assertTrue("Password should work for keystore", - mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to generate key for testcase", - mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - - assertTrue("Should be able to grant key to other user", - mKeyStore.grant(TEST_KEYNAME, 0)); - - assertTrue("Should be able to ungrant key to other user", - mKeyStore.ungrant(TEST_KEYNAME, 0)); - - assertFalse("Should fail to ungrant key to other user second time", - mKeyStore.ungrant(TEST_KEYNAME, 0)); - } - - public void testUngrant_DoubleGrantUngrant_Failure() throws Exception { - assertTrue("Password should work for keystore", - mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to generate key for testcase", - mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - - assertTrue("Should be able to grant key to other user", - mKeyStore.grant(TEST_KEYNAME, 0)); - - assertTrue("Should be able to grant key to other user a second time", - mKeyStore.grant(TEST_KEYNAME, 0)); - - assertTrue("Should be able to ungrant key to other user", - mKeyStore.ungrant(TEST_KEYNAME, 0)); - - assertFalse("Should fail to ungrant key to other user second time", - mKeyStore.ungrant(TEST_KEYNAME, 0)); - } - - public void testDuplicate_grantedUid_Wifi_Success() throws Exception { - assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertFalse(mKeyStore.contains(TEST_KEYNAME)); - - assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - - // source doesn't exist - assertFalse(mKeyStore.duplicate(TEST_KEYNAME1, -1, TEST_KEYNAME1, Process.WIFI_UID)); - assertFalse(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID)); - - // Copy from current UID to granted UID - assertTrue(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME1, Process.WIFI_UID)); - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - assertFalse(mKeyStore.contains(TEST_KEYNAME1)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - assertTrue(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID)); - assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME1, Process.WIFI_UID)); - - // Copy from granted UID to same granted UID - assertTrue(mKeyStore.duplicate(TEST_KEYNAME1, Process.WIFI_UID, TEST_KEYNAME2, - Process.WIFI_UID)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - assertTrue(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID)); - assertTrue(mKeyStore.contains(TEST_KEYNAME2, Process.WIFI_UID)); - assertFalse(mKeyStore.duplicate(TEST_KEYNAME1, Process.WIFI_UID, TEST_KEYNAME2, - Process.WIFI_UID)); - - assertTrue(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, -1)); - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - assertFalse(mKeyStore.contains(TEST_KEYNAME1)); - assertTrue(mKeyStore.contains(TEST_KEYNAME2)); - assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, -1)); - } - - public void testDuplicate_ungrantedUid_Bluetooth_Failure() throws Exception { - assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertFalse(mKeyStore.contains(TEST_KEYNAME)); - - assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, - RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); - - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - - assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, Process.BLUETOOTH_UID)); - assertFalse(mKeyStore.duplicate(TEST_KEYNAME, Process.BLUETOOTH_UID, TEST_KEYNAME2, - Process.BLUETOOTH_UID)); - - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - } - - /** - * The amount of time to allow before and after expected time for variance - * in timing tests. - */ - private static final long SLOP_TIME_MILLIS = 15000L; - - public void testGetmtime_Success() throws Exception { - assertTrue("Password should work for keystore", - mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, - PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - long now = System.currentTimeMillis(); - long actual = mKeyStore.getmtime(TEST_KEYNAME); - - long expectedAfter = now - SLOP_TIME_MILLIS; - long expectedBefore = now + SLOP_TIME_MILLIS; - - assertLessThan("Time should be close to current time", expectedBefore, actual); - assertGreaterThan("Time should be close to current time", expectedAfter, actual); - } - - private static void assertLessThan(String explanation, long expectedBefore, long actual) { - if (actual >= expectedBefore) { - throw new AssertionFailedError(explanation + ": actual=" + actual - + ", expected before: " + expectedBefore); - } - } - - private static void assertGreaterThan(String explanation, long expectedAfter, long actual) { - if (actual <= expectedAfter) { - throw new AssertionFailedError(explanation + ": actual=" + actual - + ", expected after: " + expectedAfter); - } - } - - public void testGetmtime_NonExist_Failure() throws Exception { - assertTrue("Password should work for keystore", - mKeyStore.onUserPasswordChanged(TEST_PASSWD)); - - assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, - PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertEquals("-1 should be returned for non-existent key", - -1L, mKeyStore.getmtime(TEST_KEYNAME2)); - } - - private KeyCharacteristics generateRsaKey(String name) throws Exception { - KeymasterArguments args = new KeymasterArguments(); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); - args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); - args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); - args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); - args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); - args.addUnsignedLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4); - - KeyCharacteristics outCharacteristics = new KeyCharacteristics(); - int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); - assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result); - return outCharacteristics; - } - - public void testGenerateKey() throws Exception { - generateRsaKey("test"); - mKeyStore.delete("test"); - } - - public void testGenerateRsaWithEntropy() throws Exception { - byte[] entropy = new byte[] {1,2,3,4,5}; - String name = "test"; - KeymasterArguments args = new KeymasterArguments(); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); - args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); - args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); - args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); - args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); - args.addUnsignedLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4); - - KeyCharacteristics outCharacteristics = new KeyCharacteristics(); - int result = mKeyStore.generateKey(name, args, entropy, 0, outCharacteristics); - assertEquals("generateKey should succeed", KeyStore.NO_ERROR, result); - } - - public void testGenerateAndDelete() throws Exception { - generateRsaKey("test"); - assertTrue("delete should succeed", mKeyStore.delete("test")); - } - - public void testGetKeyCharacteristicsSuccess() throws Exception { - mKeyStore.onUserPasswordChanged(TEST_PASSWD); - String name = "test"; - KeyCharacteristics gen = generateRsaKey(name); - KeyCharacteristics call = new KeyCharacteristics(); - int result = mKeyStore.getKeyCharacteristics(name, null, null, call); - assertEquals("getKeyCharacteristics should succeed", KeyStore.NO_ERROR, result); - mKeyStore.delete("test"); - } - - public void testAppId() throws Exception { - String name = "test"; - byte[] id = new byte[] {0x01, 0x02, 0x03}; - KeymasterArguments args = new KeymasterArguments(); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); - args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); - args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); - args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); - args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB); - args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); - args.addBytes(KeymasterDefs.KM_TAG_APPLICATION_ID, id); - args.addUnsignedLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4); - - KeyCharacteristics outCharacteristics = new KeyCharacteristics(); - int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); - assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result); - assertEquals("getKeyCharacteristics should fail without application ID", - KeymasterDefs.KM_ERROR_INVALID_KEY_BLOB, - mKeyStore.getKeyCharacteristics(name, null, null, outCharacteristics)); - assertEquals("getKeyCharacteristics should succeed with application ID", - KeyStore.NO_ERROR, - mKeyStore.getKeyCharacteristics(name, new KeymasterBlob(id), null, - outCharacteristics)); - } - - - public void testExportRsa() throws Exception { - String name = "test"; - generateRsaKey(name); - ExportResult result = mKeyStore.exportKey(name, KeymasterDefs.KM_KEY_FORMAT_X509, null, - null); - assertEquals("Export success", KeyStore.NO_ERROR, result.resultCode); - // TODO: Verify we have an RSA public key that's well formed. - } - - public void testAesGcmEncryptSuccess() throws Exception { - String name = "test"; - KeymasterArguments args = new KeymasterArguments(); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); - args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); - args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); - args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256); - args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_GCM); - args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); - - KeyCharacteristics outCharacteristics = new KeyCharacteristics(); - int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); - assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); - - args = new KeymasterArguments(); - args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); - args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_GCM); - args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); - args.addUnsignedInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 128); - OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, - true, args, null); - IBinder token = result.token; - assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); - result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04}); - assertEquals("Update should succeed", KeyStore.NO_ERROR, result.resultCode); - assertEquals("Finish should succeed", KeyStore.NO_ERROR, - mKeyStore.finish(token, null, null).resultCode); - // TODO: Assert that an AEAD tag was returned by finish - } - - public void testBadToken() throws Exception { - IBinder token = new Binder(); - OperationResult result = mKeyStore.update(token, null, new byte[] {0x01}); - assertEquals("Update with invalid token should fail", - KeymasterDefs.KM_ERROR_INVALID_OPERATION_HANDLE, result.resultCode); - } - - private int importAesKey(String name, byte[] key, int size, int mode) { - KeymasterArguments args = new KeymasterArguments(); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); - args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); - args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); - args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, mode); - args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, size); - args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); - return mKeyStore.importKey(name, args, KeymasterDefs.KM_KEY_FORMAT_RAW, key, 0, - new KeyCharacteristics()); - } - private byte[] doOperation(String name, int purpose, byte[] in, KeymasterArguments beginArgs) { - OperationResult result = mKeyStore.begin(name, purpose, - true, beginArgs, null); - assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); - IBinder token = result.token; - result = mKeyStore.update(token, null, in); - assertEquals("Update should succeed", KeyStore.NO_ERROR, result.resultCode); - assertEquals("All data should be consumed", in.length, result.inputConsumed); - assertEquals("Finish should succeed", KeyStore.NO_ERROR, - mKeyStore.finish(token, null, null).resultCode); - return result.output; - } - - public void testImportAes() throws Exception { - int result = importAesKey("aes", AES256_BYTES, 256, KeymasterDefs.KM_MODE_ECB); - assertEquals("import should succeed", KeyStore.NO_ERROR, result); - mKeyStore.delete("aes"); - } - - public void testAes256Ecb() throws Exception { - byte[] key = - hexToBytes("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"); - String name = "aes"; - assertEquals(KeyStore.NO_ERROR, importAesKey(name, key, 256, KeymasterDefs.KM_MODE_ECB)); - byte[][] testVectors = new byte[][] { - hexToBytes("6bc1bee22e409f96e93d7e117393172a"), - hexToBytes("ae2d8a571e03ac9c9eb76fac45af8e51"), - hexToBytes("30c81c46a35ce411e5fbc1191a0a52ef"), - hexToBytes("f69f2445df4f9b17ad2b417be66c3710")}; - byte[][] cipherVectors = new byte[][] { - hexToBytes("f3eed1bdb5d2a03c064b5a7e3db181f8"), - hexToBytes("591ccb10d410ed26dc5ba74a31362870"), - hexToBytes("b6ed21b99ca6f4f9f153e7b1beafed1d"), - hexToBytes("23304b7a39f9f3ff067d8d8f9e24ecc7")}; - KeymasterArguments beginArgs = new KeymasterArguments(); - beginArgs.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); - beginArgs.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB); - beginArgs.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); - for (int i = 0; i < testVectors.length; i++) { - byte[] cipherText = doOperation(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, testVectors[i], - beginArgs); - MoreAsserts.assertEquals(cipherVectors[i], cipherText); - } - for (int i = 0; i < testVectors.length; i++) { - byte[] plainText = doOperation(name, KeymasterDefs.KM_PURPOSE_DECRYPT, - cipherVectors[i], beginArgs); - MoreAsserts.assertEquals(testVectors[i], plainText); - } - } - - // This is a very implementation specific test and should be thrown out eventually, however it - // is nice for now to test that keystore is properly pruning operations. - public void testOperationPruning() throws Exception { - String name = "test"; - KeymasterArguments args = new KeymasterArguments(); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); - args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); - args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); - args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256); - args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_CTR); - args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); - - KeyCharacteristics outCharacteristics = new KeyCharacteristics(); - int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); - assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); - - args = new KeymasterArguments(); - args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); - args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_CTR); - args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); - OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, - true, args, null); - assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); - IBinder first = result.token; - // Implementation detail: softkeymaster supports 16 concurrent operations - for (int i = 0; i < 16; i++) { - result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null); - assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); - } - // At this point the first operation should be pruned. - assertEquals("Operation should be pruned", KeymasterDefs.KM_ERROR_INVALID_OPERATION_HANDLE, - mKeyStore.update(first, null, new byte[] {0x01}).resultCode); - } - - public void testAuthNeeded() throws Exception { - String name = "test"; - KeymasterArguments args = new KeymasterArguments(); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); - args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); - args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); - args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_PKCS7); - args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256); - args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB); - args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, 1); - - KeyCharacteristics outCharacteristics = new KeyCharacteristics(); - int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); - assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); - OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, - true, args, null); - assertEquals("Begin should expect authorization", KeyStore.OP_AUTH_NEEDED, - result.resultCode); - IBinder token = result.token; - result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04}); - assertEquals("Update should require authorization", - KeymasterDefs.KM_ERROR_KEY_USER_NOT_AUTHENTICATED, result.resultCode); - } - - public void testPasswordRemovalEncryptedEntry() throws Exception { - mKeyStore.onUserPasswordChanged("test"); - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, - KeyStore.FLAG_ENCRYPTED)); - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); - mKeyStore.onUserPasswordChanged(""); - // Removing the password should have deleted all entries using FLAG_ENCRYPTED - assertNull(mKeyStore.get(TEST_KEYNAME)); - assertFalse(mKeyStore.contains(TEST_KEYNAME)); - } - - public void testPasswordRemovalUnencryptedEntry() throws Exception { - mKeyStore.onUserPasswordChanged("test"); - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, - KeyStore.FLAG_NONE)); - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); - mKeyStore.onUserPasswordChanged(""); - // Removing the password should not delete unencrypted entries. - assertTrue(mKeyStore.contains(TEST_KEYNAME)); - assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); - } -} diff --git a/keystore/tests/src/android/security/SystemKeyStoreTest.java b/keystore/tests/src/android/security/SystemKeyStoreTest.java deleted file mode 100644 index ecf7cbcb41c0..000000000000 --- a/keystore/tests/src/android/security/SystemKeyStoreTest.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (C) 2010 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security; - -import android.app.Activity; -import android.security.SystemKeyStore; -import android.test.ActivityUnitTestCase; -import android.test.suitebuilder.annotation.MediumTest; - -/** - * Junit / Instrumentation test case for KeyStore class - * - * Running the test suite: - * - * runtest keystore-unit - * - * Or this individual test case: - * - * runtest --path frameworks/base/keystore/tests/src/android/security/SystemKeyStoreTest.java - */ -@MediumTest -public class SystemKeyStoreTest extends ActivityUnitTestCase<Activity> { - - private static final String keyName = "TestKey"; - private static final String keyName2 = "TestKey2"; - private SystemKeyStore mSysKeyStore = null; - - public SystemKeyStoreTest() { - super(Activity.class); - } - - @Override - protected void setUp() throws Exception { - mSysKeyStore = SystemKeyStore.getInstance(); - try { - mSysKeyStore.deleteKey(keyName); - mSysKeyStore.deleteKey(keyName2); - } catch (Exception e) { } - super.setUp(); - } - - @Override - protected void tearDown() throws Exception { - try { - mSysKeyStore.deleteKey(keyName); - mSysKeyStore.deleteKey(keyName2); - } catch (Exception e) { } - super.tearDown(); - } - - public void testBasicAccess() throws Exception { - try { - byte[] newKey = mSysKeyStore.generateNewKey(128, "AES", keyName); - assertNotNull(newKey); - byte[] recKey = mSysKeyStore.retrieveKey(keyName); - assertEquals(newKey.length, recKey.length); - for (int i = 0; i < newKey.length; i++) { - assertEquals(newKey[i], recKey[i]); - } - mSysKeyStore.deleteKey(keyName); - byte[] nullKey = mSysKeyStore.retrieveKey(keyName); - assertNull(nullKey); - - String newKeyStr = mSysKeyStore.generateNewKeyHexString(128, "AES", keyName2); - assertNotNull(newKeyStr); - String recKeyStr = mSysKeyStore.retrieveKeyHexString(keyName2); - assertEquals(newKeyStr, recKeyStr); - - mSysKeyStore.deleteKey(keyName2); - String nullKey2 = mSysKeyStore.retrieveKeyHexString(keyName2); - assertNull(nullKey2); - } catch (Exception e) { - fail(); - } - } -} diff --git a/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java b/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java deleted file mode 100644 index 1af0b7d4212a..000000000000 --- a/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java +++ /dev/null @@ -1,432 +0,0 @@ -/* - * Copyright (C) 2012 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.keystore; - -import android.security.Credentials; -import android.security.KeyPairGeneratorSpec; -import android.security.KeyStore; -import android.security.keymaster.ExportResult; -import android.security.keymaster.KeymasterDefs; -import android.test.AndroidTestCase; - -import java.io.ByteArrayInputStream; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.security.interfaces.ECKey; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.RSAKeyGenParameterSpec; -import java.text.SimpleDateFormat; -import java.util.Arrays; -import java.util.Date; - -import javax.security.auth.x500.X500Principal; - -public class AndroidKeyPairGeneratorTest extends AndroidTestCase { - private android.security.KeyStore mAndroidKeyStore; - - private java.security.KeyPairGenerator mGenerator; - - private static final String TEST_ALIAS_1 = "test1"; - - private static final String TEST_ALIAS_2 = "test2"; - - private static final X500Principal TEST_DN_1 = new X500Principal("CN=test1"); - - private static final X500Principal TEST_DN_2 = new X500Principal("CN=test2"); - - private static final BigInteger TEST_SERIAL_1 = BigInteger.ONE; - - private static final BigInteger TEST_SERIAL_2 = BigInteger.valueOf(2L); - - private static final long NOW_MILLIS = System.currentTimeMillis(); - - /* We have to round this off because X509v3 doesn't store milliseconds. */ - private static final Date NOW = new Date(NOW_MILLIS - (NOW_MILLIS % 1000L)); - - @SuppressWarnings("deprecation") - private static final Date NOW_PLUS_10_YEARS = new Date(NOW.getYear() + 10, 0, 1); - - @Override - protected void setUp() throws Exception { - mAndroidKeyStore = android.security.KeyStore.getInstance(); - - assertTrue(mAndroidKeyStore.reset()); - - assertFalse(mAndroidKeyStore.isUnlocked()); - - mGenerator = java.security.KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); - } - - private void setupPassword() { - assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); - assertTrue(mAndroidKeyStore.isUnlocked()); - - String[] aliases = mAndroidKeyStore.list(""); - assertNotNull(aliases); - assertEquals(0, aliases.length); - } - - public void testKeyPairGenerator_Initialize_Params_Encrypted_Success() throws Exception { - setupPassword(); - - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setSubject(TEST_DN_1) - .setSerialNumber(TEST_SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .setEncryptionRequired() - .build()); - } - - public void testKeyPairGenerator_Initialize_KeySize_Encrypted_Failure() throws Exception { - setupPassword(); - - try { - mGenerator.initialize(1024); - fail("KeyPairGenerator should not support setting the key size"); - } catch (IllegalArgumentException success) { - } - } - - public void testKeyPairGenerator_Initialize_KeySizeAndSecureRandom_Encrypted_Failure() - throws Exception { - setupPassword(); - - try { - mGenerator.initialize(1024, new SecureRandom()); - fail("KeyPairGenerator should not support setting the key size"); - } catch (IllegalArgumentException success) { - } - } - - public void testKeyPairGenerator_Initialize_ParamsAndSecureRandom_Encrypted_Failure() - throws Exception { - setupPassword(); - - mGenerator.initialize( - new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setKeyType("RSA") - .setKeySize(1024) - .setSubject(TEST_DN_1) - .setSerialNumber(TEST_SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .setEncryptionRequired() - .build(), - new SecureRandom()); - } - - public void testKeyPairGenerator_GenerateKeyPair_Encrypted_Success() throws Exception { - setupPassword(); - - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setSubject(TEST_DN_1) - .setSerialNumber(TEST_SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .setEncryptionRequired() - .build()); - - final KeyPair pair = mGenerator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair); - - assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, NOW, - NOW_PLUS_10_YEARS); - } - - public void testKeyPairGenerator_GenerateKeyPair_EC_Unencrypted_Success() throws Exception { - KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore"); - generator.initialize(new KeyGenParameterSpec.Builder( - TEST_ALIAS_1, - KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY) - .setCertificateSubject(TEST_DN_1) - .setCertificateSerialNumber(TEST_SERIAL_1) - .setCertificateNotBefore(NOW) - .setCertificateNotAfter(NOW_PLUS_10_YEARS) - .setDigests(KeyProperties.DIGEST_SHA256) - .build()); - - final KeyPair pair = generator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair); - - assertKeyPairCorrect(pair, TEST_ALIAS_1, "EC", 256, null, TEST_DN_1, TEST_SERIAL_1, NOW, - NOW_PLUS_10_YEARS); - } - - public void testKeyPairGenerator_Legacy_GenerateKeyPair_EC_Unencrypted_Success() - throws Exception { - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setKeyType("EC") - .setSubject(TEST_DN_1) - .setSerialNumber(TEST_SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .build()); - - final KeyPair pair = mGenerator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair); - - assertKeyPairCorrect(pair, TEST_ALIAS_1, "EC", 256, null, TEST_DN_1, TEST_SERIAL_1, NOW, - NOW_PLUS_10_YEARS); - } - - public void testKeyPairGenerator_GenerateKeyPair_EC_P521_Unencrypted_Success() throws Exception { - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setKeyType("EC") - .setKeySize(521) - .setSubject(TEST_DN_1) - .setSerialNumber(TEST_SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .build()); - - final KeyPair pair = mGenerator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair); - - assertKeyPairCorrect(pair, TEST_ALIAS_1, "EC", 521, null, TEST_DN_1, TEST_SERIAL_1, NOW, - NOW_PLUS_10_YEARS); - } - - public void testKeyPairGenerator_GenerateKeyPair_RSA_Unencrypted_Success() throws Exception { - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setSubject(TEST_DN_1) - .setSerialNumber(TEST_SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .build()); - - final KeyPair pair = mGenerator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair); - - assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, NOW, - NOW_PLUS_10_YEARS); - } - - public void testKeyPairGenerator_GenerateKeyPair_RSA_WithParams_Unencrypted_Success() - throws Exception { - AlgorithmParameterSpec spec = new RSAKeyGenParameterSpec(1024, BigInteger.valueOf(3L)); - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setKeySize(1024) - .setAlgorithmParameterSpec(spec) - .setSubject(TEST_DN_1) - .setSerialNumber(TEST_SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .build()); - - final KeyPair pair = mGenerator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair); - - assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 1024, spec, TEST_DN_1, TEST_SERIAL_1, NOW, - NOW_PLUS_10_YEARS); - } - - public void testKeyPairGenerator_GenerateKeyPair_Replaced_Success() throws Exception { - // Generate the first key - { - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setSubject(TEST_DN_1) - .setSerialNumber(TEST_SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .build()); - final KeyPair pair1 = mGenerator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair1); - assertKeyPairCorrect(pair1, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, - NOW, NOW_PLUS_10_YEARS); - } - - // Replace the original key - { - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_2) - .setSubject(TEST_DN_2) - .setSerialNumber(TEST_SERIAL_2) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .build()); - final KeyPair pair2 = mGenerator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair2); - assertKeyPairCorrect(pair2, TEST_ALIAS_2, "RSA", 2048, null, TEST_DN_2, TEST_SERIAL_2, - NOW, NOW_PLUS_10_YEARS); - } - } - - public void testKeyPairGenerator_GenerateKeyPair_Replaced_UnencryptedToEncrypted_Success() - throws Exception { - // Generate the first key - { - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setSubject(TEST_DN_1) - .setSerialNumber(TEST_SERIAL_1) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .build()); - final KeyPair pair1 = mGenerator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair1); - assertKeyPairCorrect(pair1, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, - NOW, NOW_PLUS_10_YEARS); - } - - // Attempt to replace previous key - { - mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) - .setAlias(TEST_ALIAS_1) - .setSubject(TEST_DN_2) - .setSerialNumber(TEST_SERIAL_2) - .setStartDate(NOW) - .setEndDate(NOW_PLUS_10_YEARS) - .setEncryptionRequired() - .build()); - try { - mGenerator.generateKeyPair(); - fail("Should not be able to generate encrypted key while not initialized"); - } catch (IllegalStateException expected) { - } - - assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); - assertTrue(mAndroidKeyStore.isUnlocked()); - - final KeyPair pair2 = mGenerator.generateKeyPair(); - assertNotNull("The KeyPair returned should not be null", pair2); - assertKeyPairCorrect(pair2, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_2, TEST_SERIAL_2, - NOW, NOW_PLUS_10_YEARS); - } - } - - private void assertKeyPairCorrect(KeyPair pair, String alias, String keyType, int keySize, - AlgorithmParameterSpec spec, X500Principal dn, BigInteger serial, Date start, Date end) - throws Exception { - final PublicKey pubKey = pair.getPublic(); - assertNotNull("The PublicKey for the KeyPair should be not null", pubKey); - assertEquals(keyType, pubKey.getAlgorithm()); - - if ("EC".equalsIgnoreCase(keyType)) { - assertEquals("Curve should be what was specified during initialization", keySize, - ((ECPublicKey) pubKey).getParams().getCurve().getField().getFieldSize()); - } else if ("RSA".equalsIgnoreCase(keyType)) { - RSAPublicKey rsaPubKey = (RSAPublicKey) pubKey; - assertEquals("Modulus size should be what is specified during initialization", - (keySize + 7) & ~7, (rsaPubKey.getModulus().bitLength() + 7) & ~7); - if (spec != null) { - RSAKeyGenParameterSpec params = (RSAKeyGenParameterSpec) spec; - assertEquals((keySize + 7) & ~7, (params.getKeysize() + 7) & ~7); - assertEquals(params.getPublicExponent(), rsaPubKey.getPublicExponent()); - } - } - - final PrivateKey privKey = pair.getPrivate(); - assertNotNull("The PrivateKey for the KeyPair should be not null", privKey); - assertEquals(keyType, privKey.getAlgorithm()); - - if ("EC".equalsIgnoreCase(keyType)) { - assertTrue("EC private key must be instanceof ECKey: " + privKey.getClass().getName(), - privKey instanceof ECKey); - assertEquals("Private and public key must have the same EC parameters", - ((ECKey) pubKey).getParams(), ((ECKey) privKey).getParams()); - } else if ("RSA".equalsIgnoreCase(keyType)) { - assertTrue("RSA private key must be instance of RSAKey: " - + privKey.getClass().getName(), - privKey instanceof RSAKey); - assertEquals("Private and public key must have the same RSA modulus", - ((RSAKey) pubKey).getModulus(), ((RSAKey) privKey).getModulus()); - } - - final byte[] userCertBytes = mAndroidKeyStore.get(Credentials.USER_CERTIFICATE + alias); - assertNotNull("The user certificate should exist for the generated entry", userCertBytes); - - final CertificateFactory cf = CertificateFactory.getInstance("X.509"); - final Certificate userCert = - cf.generateCertificate(new ByteArrayInputStream(userCertBytes)); - - assertTrue("Certificate should be in X.509 format", userCert instanceof X509Certificate); - - final X509Certificate x509userCert = (X509Certificate) userCert; - - assertEquals( - "Public key used to sign certificate should have the same algorithm as in KeyPair", - pubKey.getAlgorithm(), x509userCert.getPublicKey().getAlgorithm()); - - assertEquals("PublicKey used to sign certificate should match one returned in KeyPair", - pubKey, - AndroidKeyStoreProvider.getAndroidKeyStorePublicKey( - Credentials.USER_PRIVATE_KEY + alias, - KeyStore.UID_SELF, - x509userCert.getPublicKey().getAlgorithm(), - x509userCert.getPublicKey().getEncoded())); - - assertEquals("The Subject DN should be the one passed into the params", dn, - x509userCert.getSubjectDN()); - - assertEquals("The Issuer DN should be the same as the Subject DN", dn, - x509userCert.getIssuerDN()); - - assertEquals("The Serial should be the one passed into the params", serial, - x509userCert.getSerialNumber()); - - assertDateEquals("The notBefore date should be the one passed into the params", start, - x509userCert.getNotBefore()); - - assertDateEquals("The notAfter date should be the one passed into the params", end, - x509userCert.getNotAfter()); - - // Assert that the cert's signature verifies using the public key from generated KeyPair - x509userCert.verify(pubKey); - // Assert that the cert's signature verifies using the public key from the cert itself. - x509userCert.verify(x509userCert.getPublicKey()); - - final byte[] caCerts = mAndroidKeyStore.get(Credentials.CA_CERTIFICATE + alias); - assertNull("A list of CA certificates should not exist for the generated entry", caCerts); - - ExportResult exportResult = mAndroidKeyStore.exportKey( - Credentials.USER_PRIVATE_KEY + alias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null); - assertEquals(KeyStore.NO_ERROR, exportResult.resultCode); - final byte[] pubKeyBytes = exportResult.exportData; - assertNotNull("The keystore should return the public key for the generated key", - pubKeyBytes); - assertTrue("Public key X.509 format should be as expected", - Arrays.equals(pubKey.getEncoded(), pubKeyBytes)); - } - - private static void assertDateEquals(String message, Date date1, Date date2) throws Exception { - SimpleDateFormat formatter = new SimpleDateFormat("dd MMM yyyy HH:mm:ss"); - - String result1 = formatter.format(date1); - String result2 = formatter.format(date2); - - assertEquals(message, result1, result2); - } -} diff --git a/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java b/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java deleted file mode 100644 index aa718dca168e..000000000000 --- a/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java +++ /dev/null @@ -1,2210 +0,0 @@ -/* - * Copyright (C) 2012 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.keystore; - -import com.android.org.bouncycastle.x509.X509V3CertificateGenerator; - -import com.android.org.conscrypt.NativeConstants; - -import android.security.Credentials; -import android.security.KeyStore; -import android.security.KeyStoreParameter; -import android.test.AndroidTestCase; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.OutputStream; -import java.math.BigInteger; -import java.security.Key; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.KeyStore.Entry; -import java.security.KeyStore.PrivateKeyEntry; -import java.security.KeyStore.TrustedCertificateEntry; -import java.security.KeyStoreException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.security.interfaces.ECKey; -import java.security.interfaces.RSAKey; -import java.security.spec.PKCS8EncodedKeySpec; -import java.util.Arrays; -import java.util.Collection; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; -import javax.crypto.spec.SecretKeySpec; -import javax.security.auth.x500.X500Principal; - -public class AndroidKeyStoreTest extends AndroidTestCase { - private android.security.KeyStore mAndroidKeyStore; - - private java.security.KeyStore mKeyStore; - - private static final String TEST_ALIAS_1 = "test1"; - - private static final String TEST_ALIAS_2 = "test2"; - - private static final String TEST_ALIAS_3 = "test3"; - - private static final X500Principal TEST_DN_1 = new X500Principal("CN=test1"); - - private static final X500Principal TEST_DN_2 = new X500Principal("CN=test2"); - - private static final BigInteger TEST_SERIAL_1 = BigInteger.ONE; - - private static final BigInteger TEST_SERIAL_2 = BigInteger.valueOf(2L); - - private static final long NOW_MILLIS = System.currentTimeMillis(); - - /* We have to round this off because X509v3 doesn't store milliseconds. */ - private static final Date NOW = new Date(NOW_MILLIS - (NOW_MILLIS % 1000L)); - - @SuppressWarnings("deprecation") - private static final Date NOW_PLUS_10_YEARS = new Date(NOW.getYear() + 10, 0, 1); - - /* - * The keys and certificates below are generated with: - * - * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem - * openssl req -newkey rsa:1024 -keyout userkey.pem -nodes -days 3650 -out userkey.req - * mkdir -p demoCA/newcerts - * touch demoCA/index.txt - * echo "01" > demoCA/serial - * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 - */ - - /** - * Generated from above and converted with: - * - * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' - */ - private static final byte[] FAKE_RSA_CA_1 = { - (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0xce, (byte) 0x30, (byte) 0x82, - (byte) 0x02, (byte) 0x37, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, - (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0x6a, - (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, (byte) 0x55, (byte) 0x48, (byte) 0x0a, - (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, - (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, - (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, - (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, - (byte) 0x41, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, - (byte) 0x4d, (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, - (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, - (byte) 0x77, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, - (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, - (byte) 0x64, (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, - (byte) 0x20, (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, - (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, - (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x34, (byte) 0x31, (byte) 0x36, - (byte) 0x35, (byte) 0x35, (byte) 0x34, (byte) 0x34, (byte) 0x5a, (byte) 0x17, - (byte) 0x0d, (byte) 0x32, (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, - (byte) 0x32, (byte) 0x31, (byte) 0x36, (byte) 0x35, (byte) 0x35, (byte) 0x34, - (byte) 0x34, (byte) 0x5a, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, - (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, - (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, - (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, - (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, - (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, - (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, - (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, - (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, - (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, - (byte) 0x81, (byte) 0x9f, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, - (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, - (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, - (byte) 0x81, (byte) 0x8d, (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, - (byte) 0x02, (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0xa3, (byte) 0x72, - (byte) 0xab, (byte) 0xd0, (byte) 0xe4, (byte) 0xad, (byte) 0x2f, (byte) 0xe7, - (byte) 0xe2, (byte) 0x79, (byte) 0x07, (byte) 0x36, (byte) 0x3d, (byte) 0x0c, - (byte) 0x8d, (byte) 0x42, (byte) 0x9a, (byte) 0x0a, (byte) 0x33, (byte) 0x64, - (byte) 0xb3, (byte) 0xcd, (byte) 0xb2, (byte) 0xd7, (byte) 0x3a, (byte) 0x42, - (byte) 0x06, (byte) 0x77, (byte) 0x45, (byte) 0x29, (byte) 0xe9, (byte) 0xcb, - (byte) 0xb7, (byte) 0x4a, (byte) 0xd6, (byte) 0xee, (byte) 0xad, (byte) 0x01, - (byte) 0x91, (byte) 0x9b, (byte) 0x0c, (byte) 0x59, (byte) 0xa1, (byte) 0x03, - (byte) 0xfa, (byte) 0xf0, (byte) 0x5a, (byte) 0x7c, (byte) 0x4f, (byte) 0xf7, - (byte) 0x8d, (byte) 0x36, (byte) 0x0f, (byte) 0x1f, (byte) 0x45, (byte) 0x7d, - (byte) 0x1b, (byte) 0x31, (byte) 0xa1, (byte) 0x35, (byte) 0x0b, (byte) 0x00, - (byte) 0xed, (byte) 0x7a, (byte) 0xb6, (byte) 0xc8, (byte) 0x4e, (byte) 0xa9, - (byte) 0x86, (byte) 0x4c, (byte) 0x7b, (byte) 0x99, (byte) 0x57, (byte) 0x41, - (byte) 0x12, (byte) 0xef, (byte) 0x6b, (byte) 0xbc, (byte) 0x3d, (byte) 0x60, - (byte) 0xf2, (byte) 0x99, (byte) 0x1a, (byte) 0xcd, (byte) 0xed, (byte) 0x56, - (byte) 0xa4, (byte) 0xe5, (byte) 0x36, (byte) 0x9f, (byte) 0x24, (byte) 0x1f, - (byte) 0xdc, (byte) 0x89, (byte) 0x40, (byte) 0xc8, (byte) 0x99, (byte) 0x92, - (byte) 0xab, (byte) 0x4a, (byte) 0xb5, (byte) 0x61, (byte) 0x45, (byte) 0x62, - (byte) 0xff, (byte) 0xa3, (byte) 0x45, (byte) 0x65, (byte) 0xaf, (byte) 0xf6, - (byte) 0x27, (byte) 0x30, (byte) 0x51, (byte) 0x0e, (byte) 0x0e, (byte) 0xeb, - (byte) 0x79, (byte) 0x0c, (byte) 0xbe, (byte) 0xb3, (byte) 0x0a, (byte) 0x6f, - (byte) 0x29, (byte) 0x06, (byte) 0xdc, (byte) 0x2f, (byte) 0x6b, (byte) 0x51, - (byte) 0x02, (byte) 0x03, (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, - (byte) 0x81, (byte) 0xb1, (byte) 0x30, (byte) 0x81, (byte) 0xae, (byte) 0x30, - (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, - (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x33, (byte) 0x05, - (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, (byte) 0xc7, (byte) 0xf9, - (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, - (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, (byte) 0x5d, (byte) 0x51, - (byte) 0x30, (byte) 0x7f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, - (byte) 0x23, (byte) 0x04, (byte) 0x78, (byte) 0x30, (byte) 0x76, (byte) 0x80, - (byte) 0x14, (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, - (byte) 0x60, (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, - (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, - (byte) 0x8e, (byte) 0x5d, (byte) 0x51, (byte) 0xa1, (byte) 0x53, (byte) 0xa4, - (byte) 0x51, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, - (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, - (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, - (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, - (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, - (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, - (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, - (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, - (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, - (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, - (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x82, (byte) 0x09, - (byte) 0x00, (byte) 0xe1, (byte) 0x6a, (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, - (byte) 0x55, (byte) 0x48, (byte) 0x0a, (byte) 0x30, (byte) 0x0c, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x05, - (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, - (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, - (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, - (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, (byte) 0x00, - (byte) 0x8c, (byte) 0x30, (byte) 0x42, (byte) 0xfa, (byte) 0xeb, (byte) 0x1a, - (byte) 0x26, (byte) 0xeb, (byte) 0xda, (byte) 0x56, (byte) 0x32, (byte) 0xf2, - (byte) 0x9d, (byte) 0xa5, (byte) 0x24, (byte) 0xd8, (byte) 0x3a, (byte) 0xda, - (byte) 0x30, (byte) 0xa6, (byte) 0x8b, (byte) 0x46, (byte) 0xfe, (byte) 0xfe, - (byte) 0xdb, (byte) 0xf1, (byte) 0xe6, (byte) 0xe1, (byte) 0x7c, (byte) 0x1b, - (byte) 0xe7, (byte) 0x77, (byte) 0x00, (byte) 0xa1, (byte) 0x1c, (byte) 0x19, - (byte) 0x17, (byte) 0x73, (byte) 0xb0, (byte) 0xf0, (byte) 0x9d, (byte) 0xf3, - (byte) 0x4f, (byte) 0xb6, (byte) 0xbc, (byte) 0xc7, (byte) 0x47, (byte) 0x85, - (byte) 0x2a, (byte) 0x4a, (byte) 0xa1, (byte) 0xa5, (byte) 0x58, (byte) 0xf5, - (byte) 0xc5, (byte) 0x1a, (byte) 0x51, (byte) 0xb1, (byte) 0x04, (byte) 0x80, - (byte) 0xee, (byte) 0x3a, (byte) 0xec, (byte) 0x2f, (byte) 0xe1, (byte) 0xfd, - (byte) 0x58, (byte) 0xeb, (byte) 0xed, (byte) 0x82, (byte) 0x9e, (byte) 0x38, - (byte) 0xa3, (byte) 0x24, (byte) 0x75, (byte) 0xf7, (byte) 0x3e, (byte) 0xc2, - (byte) 0xc5, (byte) 0x27, (byte) 0xeb, (byte) 0x6f, (byte) 0x7b, (byte) 0x50, - (byte) 0xda, (byte) 0x43, (byte) 0xdc, (byte) 0x3b, (byte) 0x0b, (byte) 0x6f, - (byte) 0x78, (byte) 0x8f, (byte) 0xb0, (byte) 0x66, (byte) 0xe1, (byte) 0x12, - (byte) 0x87, (byte) 0x5f, (byte) 0x97, (byte) 0x7b, (byte) 0xca, (byte) 0x14, - (byte) 0x79, (byte) 0xf7, (byte) 0xe8, (byte) 0x6c, (byte) 0x72, (byte) 0xdb, - (byte) 0x91, (byte) 0x65, (byte) 0x17, (byte) 0x54, (byte) 0xe0, (byte) 0x74, - (byte) 0x1d, (byte) 0xac, (byte) 0x47, (byte) 0x04, (byte) 0x12, (byte) 0xe0, - (byte) 0xc3, (byte) 0x66, (byte) 0x19, (byte) 0x05, (byte) 0x2e, (byte) 0x7e, - (byte) 0xf1, (byte) 0x61 - }; - - /** - * Generated from above and converted with: - * - * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' - */ - private static final byte[] FAKE_RSA_KEY_1 = new byte[] { - (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x02, (byte) 0x01, - (byte) 0x00, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, - (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, - (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x82, - (byte) 0x02, (byte) 0x62, (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x5e, - (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x02, (byte) 0x81, (byte) 0x81, - (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, (byte) 0x5b, - (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, (byte) 0x66, - (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, (byte) 0x8a, - (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, (byte) 0x02, - (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, (byte) 0xf3, - (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, (byte) 0x6d, - (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, (byte) 0x67, - (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, (byte) 0xcb, - (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, (byte) 0xe2, - (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, (byte) 0x79, - (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, (byte) 0xce, - (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, (byte) 0x08, - (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, (byte) 0x3b, - (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, (byte) 0xc4, - (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, (byte) 0x0d, - (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, (byte) 0x23, - (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, (byte) 0x08, - (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, (byte) 0xf1, - (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, (byte) 0xb4, - (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, (byte) 0x16, - (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, (byte) 0x9e, - (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, (byte) 0x01, - (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x81, (byte) 0x80, (byte) 0x16, - (byte) 0x59, (byte) 0xc3, (byte) 0x24, (byte) 0x1d, (byte) 0x33, (byte) 0x98, - (byte) 0x9c, (byte) 0xc9, (byte) 0xc8, (byte) 0x2c, (byte) 0x88, (byte) 0xbf, - (byte) 0x0a, (byte) 0x01, (byte) 0xce, (byte) 0xfb, (byte) 0x34, (byte) 0x7a, - (byte) 0x58, (byte) 0x7a, (byte) 0xb0, (byte) 0xbf, (byte) 0xa6, (byte) 0xb2, - (byte) 0x60, (byte) 0xbe, (byte) 0x70, (byte) 0x21, (byte) 0xf5, (byte) 0xfc, - (byte) 0x85, (byte) 0x0d, (byte) 0x33, (byte) 0x58, (byte) 0xa1, (byte) 0xe5, - (byte) 0x09, (byte) 0x36, (byte) 0x84, (byte) 0xb2, (byte) 0x04, (byte) 0x0a, - (byte) 0x02, (byte) 0xd3, (byte) 0x88, (byte) 0x1f, (byte) 0x0c, (byte) 0x2b, - (byte) 0x1d, (byte) 0xe9, (byte) 0x3d, (byte) 0xe7, (byte) 0x79, (byte) 0xf9, - (byte) 0x32, (byte) 0x5c, (byte) 0x8a, (byte) 0x75, (byte) 0x49, (byte) 0x12, - (byte) 0xe4, (byte) 0x05, (byte) 0x26, (byte) 0xd4, (byte) 0x2e, (byte) 0x9e, - (byte) 0x1f, (byte) 0xcc, (byte) 0x54, (byte) 0xad, (byte) 0x33, (byte) 0x8d, - (byte) 0x99, (byte) 0x00, (byte) 0xdc, (byte) 0xf5, (byte) 0xb4, (byte) 0xa2, - (byte) 0x2f, (byte) 0xba, (byte) 0xe5, (byte) 0x62, (byte) 0x30, (byte) 0x6d, - (byte) 0xe6, (byte) 0x3d, (byte) 0xeb, (byte) 0x24, (byte) 0xc2, (byte) 0xdc, - (byte) 0x5f, (byte) 0xb7, (byte) 0x16, (byte) 0x35, (byte) 0xa3, (byte) 0x98, - (byte) 0x98, (byte) 0xa8, (byte) 0xef, (byte) 0xe8, (byte) 0xc4, (byte) 0x96, - (byte) 0x6d, (byte) 0x38, (byte) 0xab, (byte) 0x26, (byte) 0x6d, (byte) 0x30, - (byte) 0xc2, (byte) 0xa0, (byte) 0x44, (byte) 0xe4, (byte) 0xff, (byte) 0x7e, - (byte) 0xbe, (byte) 0x7c, (byte) 0x33, (byte) 0xa5, (byte) 0x10, (byte) 0xad, - (byte) 0xd7, (byte) 0x1e, (byte) 0x13, (byte) 0x20, (byte) 0xb3, (byte) 0x1f, - (byte) 0x41, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xf1, (byte) 0x89, - (byte) 0x07, (byte) 0x0f, (byte) 0xe8, (byte) 0xcf, (byte) 0xab, (byte) 0x13, - (byte) 0x2a, (byte) 0x8f, (byte) 0x88, (byte) 0x80, (byte) 0x11, (byte) 0x9a, - (byte) 0x79, (byte) 0xb6, (byte) 0x59, (byte) 0x3a, (byte) 0x50, (byte) 0x6e, - (byte) 0x57, (byte) 0x37, (byte) 0xab, (byte) 0x2a, (byte) 0xd2, (byte) 0xaa, - (byte) 0xd9, (byte) 0x72, (byte) 0x73, (byte) 0xff, (byte) 0x8b, (byte) 0x47, - (byte) 0x76, (byte) 0xdd, (byte) 0xdc, (byte) 0xf5, (byte) 0x97, (byte) 0x44, - (byte) 0x3a, (byte) 0x78, (byte) 0xbe, (byte) 0x17, (byte) 0xb4, (byte) 0x22, - (byte) 0x6f, (byte) 0xe5, (byte) 0x23, (byte) 0x70, (byte) 0x1d, (byte) 0x10, - (byte) 0x5d, (byte) 0xba, (byte) 0x16, (byte) 0x81, (byte) 0xf1, (byte) 0x45, - (byte) 0xce, (byte) 0x30, (byte) 0xb4, (byte) 0xab, (byte) 0x80, (byte) 0xe4, - (byte) 0x98, (byte) 0x31, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xda, - (byte) 0x82, (byte) 0x9d, (byte) 0x3f, (byte) 0xca, (byte) 0x2f, (byte) 0xe1, - (byte) 0xd4, (byte) 0x86, (byte) 0x77, (byte) 0x48, (byte) 0xa6, (byte) 0xab, - (byte) 0xab, (byte) 0x1c, (byte) 0x42, (byte) 0x5c, (byte) 0xd5, (byte) 0xc7, - (byte) 0x46, (byte) 0x59, (byte) 0x91, (byte) 0x3f, (byte) 0xfc, (byte) 0xcc, - (byte) 0xec, (byte) 0xc2, (byte) 0x40, (byte) 0x12, (byte) 0x2c, (byte) 0x8d, - (byte) 0x1f, (byte) 0xa2, (byte) 0x18, (byte) 0x88, (byte) 0xee, (byte) 0x82, - (byte) 0x4a, (byte) 0x5a, (byte) 0x5e, (byte) 0x88, (byte) 0x20, (byte) 0xe3, - (byte) 0x7b, (byte) 0xe0, (byte) 0xd8, (byte) 0x3a, (byte) 0x52, (byte) 0x9a, - (byte) 0x26, (byte) 0x6a, (byte) 0x04, (byte) 0xec, (byte) 0xe8, (byte) 0xb9, - (byte) 0x48, (byte) 0x40, (byte) 0xe1, (byte) 0xe1, (byte) 0x83, (byte) 0xa6, - (byte) 0x67, (byte) 0xa6, (byte) 0xfd, (byte) 0x02, (byte) 0x41, (byte) 0x00, - (byte) 0x89, (byte) 0x72, (byte) 0x3e, (byte) 0xb0, (byte) 0x90, (byte) 0xfd, - (byte) 0x4c, (byte) 0x0e, (byte) 0xd6, (byte) 0x13, (byte) 0x63, (byte) 0xcb, - (byte) 0xed, (byte) 0x38, (byte) 0x88, (byte) 0xb6, (byte) 0x79, (byte) 0xc4, - (byte) 0x33, (byte) 0x6c, (byte) 0xf6, (byte) 0xf8, (byte) 0xd8, (byte) 0xd0, - (byte) 0xbf, (byte) 0x9d, (byte) 0x35, (byte) 0xac, (byte) 0x69, (byte) 0xd2, - (byte) 0x2b, (byte) 0xc1, (byte) 0xf9, (byte) 0x24, (byte) 0x7b, (byte) 0xce, - (byte) 0xcd, (byte) 0xcb, (byte) 0xa7, (byte) 0xb2, (byte) 0x7a, (byte) 0x0a, - (byte) 0x27, (byte) 0x19, (byte) 0xc9, (byte) 0xaf, (byte) 0x0d, (byte) 0x21, - (byte) 0x89, (byte) 0x88, (byte) 0x7c, (byte) 0xad, (byte) 0x9e, (byte) 0x8d, - (byte) 0x47, (byte) 0x6d, (byte) 0x3f, (byte) 0xce, (byte) 0x7b, (byte) 0xa1, - (byte) 0x74, (byte) 0xf1, (byte) 0xa0, (byte) 0xa1, (byte) 0x02, (byte) 0x41, - (byte) 0x00, (byte) 0xd9, (byte) 0xa8, (byte) 0xf5, (byte) 0xfe, (byte) 0xce, - (byte) 0xe6, (byte) 0x77, (byte) 0x6b, (byte) 0xfe, (byte) 0x2d, (byte) 0xe0, - (byte) 0x1e, (byte) 0xb6, (byte) 0x2e, (byte) 0x12, (byte) 0x4e, (byte) 0x40, - (byte) 0xaf, (byte) 0x6a, (byte) 0x7b, (byte) 0x37, (byte) 0x49, (byte) 0x2a, - (byte) 0x96, (byte) 0x25, (byte) 0x83, (byte) 0x49, (byte) 0xd4, (byte) 0x0c, - (byte) 0xc6, (byte) 0x78, (byte) 0x25, (byte) 0x24, (byte) 0x90, (byte) 0x90, - (byte) 0x06, (byte) 0x15, (byte) 0x9e, (byte) 0xfe, (byte) 0xf9, (byte) 0xdf, - (byte) 0x5b, (byte) 0xf3, (byte) 0x7e, (byte) 0x38, (byte) 0x70, (byte) 0xeb, - (byte) 0x57, (byte) 0xd0, (byte) 0xd9, (byte) 0xa7, (byte) 0x0e, (byte) 0x14, - (byte) 0xf7, (byte) 0x95, (byte) 0x68, (byte) 0xd5, (byte) 0xc8, (byte) 0xab, - (byte) 0x9d, (byte) 0x3a, (byte) 0x2b, (byte) 0x51, (byte) 0xf9, (byte) 0x02, - (byte) 0x41, (byte) 0x00, (byte) 0x96, (byte) 0xdf, (byte) 0xe9, (byte) 0x67, - (byte) 0x6c, (byte) 0xdc, (byte) 0x90, (byte) 0x14, (byte) 0xb4, (byte) 0x1d, - (byte) 0x22, (byte) 0x33, (byte) 0x4a, (byte) 0x31, (byte) 0xc1, (byte) 0x9d, - (byte) 0x2e, (byte) 0xff, (byte) 0x9a, (byte) 0x2a, (byte) 0x95, (byte) 0x4b, - (byte) 0x27, (byte) 0x74, (byte) 0xcb, (byte) 0x21, (byte) 0xc3, (byte) 0xd2, - (byte) 0x0b, (byte) 0xb2, (byte) 0x46, (byte) 0x87, (byte) 0xf8, (byte) 0x28, - (byte) 0x01, (byte) 0x8b, (byte) 0xd8, (byte) 0xb9, (byte) 0x4b, (byte) 0xcd, - (byte) 0x9a, (byte) 0x96, (byte) 0x41, (byte) 0x0e, (byte) 0x36, (byte) 0x6d, - (byte) 0x40, (byte) 0x42, (byte) 0xbc, (byte) 0xd9, (byte) 0xd3, (byte) 0x7b, - (byte) 0xbc, (byte) 0xa7, (byte) 0x92, (byte) 0x90, (byte) 0xdd, (byte) 0xa1, - (byte) 0x9c, (byte) 0xce, (byte) 0xa1, (byte) 0x87, (byte) 0x11, (byte) 0x51 - }; - - /** - * Generated from above and converted with: - * - * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' - */ - private static final byte[] FAKE_RSA_USER_1 = new byte[] { - (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x95, (byte) 0x30, (byte) 0x82, - (byte) 0x01, (byte) 0xfe, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, - (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, - (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, - (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, - (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, - (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, - (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, - (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, - (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, - (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, - (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, - (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, - (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, - (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, - (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, (byte) 0x1e, - (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, (byte) 0x30, (byte) 0x38, - (byte) 0x31, (byte) 0x34, (byte) 0x32, (byte) 0x33, (byte) 0x32, (byte) 0x35, - (byte) 0x34, (byte) 0x38, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, - (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x32, (byte) 0x32, - (byte) 0x33, (byte) 0x32, (byte) 0x35, (byte) 0x34, (byte) 0x38, (byte) 0x5a, - (byte) 0x30, (byte) 0x55, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, - (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, (byte) 0x30, - (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, - (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, (byte) 0x1b, - (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, (byte) 0x64, - (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x54, - (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, (byte) 0x61, - (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x31, (byte) 0x1c, (byte) 0x30, - (byte) 0x1a, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, - (byte) 0x13, (byte) 0x13, (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, - (byte) 0x65, (byte) 0x72, (byte) 0x31, (byte) 0x2e, (byte) 0x65, (byte) 0x78, - (byte) 0x61, (byte) 0x6d, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x2e, - (byte) 0x63, (byte) 0x6f, (byte) 0x6d, (byte) 0x30, (byte) 0x81, (byte) 0x9f, - (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, - (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, - (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, - (byte) 0x81, (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, - (byte) 0x5b, (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, - (byte) 0x66, (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, - (byte) 0x8a, (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, - (byte) 0x02, (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, - (byte) 0xf3, (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, - (byte) 0x6d, (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, - (byte) 0x67, (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, - (byte) 0xcb, (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, - (byte) 0xe2, (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, - (byte) 0x79, (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, - (byte) 0xce, (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, - (byte) 0x08, (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, - (byte) 0x3b, (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, - (byte) 0xc4, (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, - (byte) 0x0d, (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, - (byte) 0x23, (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, - (byte) 0x08, (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, - (byte) 0xf1, (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, - (byte) 0xb4, (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, - (byte) 0x16, (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, - (byte) 0x9e, (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, - (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, - (byte) 0x79, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, - (byte) 0x30, (byte) 0x2c, (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, - (byte) 0x48, (byte) 0x01, (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, - (byte) 0x0d, (byte) 0x04, (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, - (byte) 0x70, (byte) 0x65, (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, - (byte) 0x20, (byte) 0x47, (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, - (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, - (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, - (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, - (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x32, (byte) 0xa1, (byte) 0x1e, - (byte) 0x6b, (byte) 0x69, (byte) 0x04, (byte) 0xfe, (byte) 0xb3, (byte) 0xcd, - (byte) 0xf8, (byte) 0xbb, (byte) 0x14, (byte) 0xcd, (byte) 0xff, (byte) 0xd4, - (byte) 0x16, (byte) 0xc3, (byte) 0xab, (byte) 0x44, (byte) 0x2f, (byte) 0x30, - (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, - (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, - (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, - (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, - (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, - (byte) 0x5d, (byte) 0x51, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, - (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, - (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, - (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0x46, (byte) 0x42, (byte) 0xef, - (byte) 0x56, (byte) 0x89, (byte) 0x78, (byte) 0x90, (byte) 0x38, (byte) 0x24, - (byte) 0x9f, (byte) 0x8c, (byte) 0x7a, (byte) 0xce, (byte) 0x7a, (byte) 0xa5, - (byte) 0xb5, (byte) 0x1e, (byte) 0x74, (byte) 0x96, (byte) 0x34, (byte) 0x49, - (byte) 0x8b, (byte) 0xed, (byte) 0x44, (byte) 0xb3, (byte) 0xc9, (byte) 0x05, - (byte) 0xd7, (byte) 0x48, (byte) 0x55, (byte) 0x52, (byte) 0x59, (byte) 0x15, - (byte) 0x0b, (byte) 0xaa, (byte) 0x16, (byte) 0x86, (byte) 0xd2, (byte) 0x8e, - (byte) 0x16, (byte) 0x99, (byte) 0xe8, (byte) 0x5f, (byte) 0x11, (byte) 0x71, - (byte) 0x42, (byte) 0x55, (byte) 0xd1, (byte) 0xc4, (byte) 0x6f, (byte) 0x2e, - (byte) 0xa9, (byte) 0x64, (byte) 0x6f, (byte) 0xd8, (byte) 0xfd, (byte) 0x43, - (byte) 0x13, (byte) 0x24, (byte) 0xaa, (byte) 0x67, (byte) 0xe6, (byte) 0xf5, - (byte) 0xca, (byte) 0x80, (byte) 0x5e, (byte) 0x3a, (byte) 0x3e, (byte) 0xcc, - (byte) 0x4f, (byte) 0xba, (byte) 0x87, (byte) 0xe6, (byte) 0xae, (byte) 0xbf, - (byte) 0x8f, (byte) 0xd5, (byte) 0x28, (byte) 0x38, (byte) 0x58, (byte) 0x30, - (byte) 0x24, (byte) 0xf6, (byte) 0x53, (byte) 0x5b, (byte) 0x41, (byte) 0x53, - (byte) 0xe6, (byte) 0x45, (byte) 0xbc, (byte) 0xbe, (byte) 0xe6, (byte) 0xbb, - (byte) 0x5d, (byte) 0xd8, (byte) 0xa7, (byte) 0xf9, (byte) 0x64, (byte) 0x99, - (byte) 0x04, (byte) 0x43, (byte) 0x75, (byte) 0xd7, (byte) 0x2d, (byte) 0x32, - (byte) 0x0a, (byte) 0x94, (byte) 0xaf, (byte) 0x06, (byte) 0x34, (byte) 0xae, - (byte) 0x46, (byte) 0xbd, (byte) 0xda, (byte) 0x00, (byte) 0x0e, (byte) 0x25, - (byte) 0xc2, (byte) 0xf7, (byte) 0xc9, (byte) 0xc3, (byte) 0x65, (byte) 0xd2, - (byte) 0x08, (byte) 0x41, (byte) 0x0a, (byte) 0xf3, (byte) 0x72 - }; - - /* - * The keys and certificates below are generated with: - * - * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem - * openssl ecparam -name prime256v1 -out ecparam.pem - * openssl req -newkey ec:ecparam.pem -keyout userkey.pem -nodes -days 3650 -out userkey.req - * mkdir -p demoCA/newcerts - * touch demoCA/index.txt - * echo "01" > demoCA/serial - * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 - */ - - /** - * Generated from above and converted with: - * - * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' - */ - private static final byte[] FAKE_EC_CA_1 = { - (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x58, (byte) 0x30, (byte) 0x82, - (byte) 0x01, (byte) 0xc1, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, - (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0xb2, - (byte) 0x8c, (byte) 0x04, (byte) 0x95, (byte) 0xeb, (byte) 0x10, (byte) 0xcb, - (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, - (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x45, (byte) 0x31, - (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, - (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, - (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, - (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, - (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, - (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, - (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, - (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, - (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, - (byte) 0x74, (byte) 0x64, (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, - (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, - (byte) 0x31, (byte) 0x36, (byte) 0x32, (byte) 0x38, (byte) 0x32, (byte) 0x38, - (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, - (byte) 0x38, (byte) 0x32, (byte) 0x35, (byte) 0x31, (byte) 0x36, (byte) 0x32, - (byte) 0x38, (byte) 0x32, (byte) 0x38, (byte) 0x5a, (byte) 0x30, (byte) 0x45, - (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, - (byte) 0x55, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, - (byte) 0x53, (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, - (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, - (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x0a, (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, - (byte) 0x65, (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, - (byte) 0x57, (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, - (byte) 0x73, (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, - (byte) 0x4c, (byte) 0x74, (byte) 0x64, (byte) 0x30, (byte) 0x81, (byte) 0x9f, - (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, - (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, - (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, - (byte) 0x81, (byte) 0x00, (byte) 0xb5, (byte) 0xf6, (byte) 0x08, (byte) 0x0f, - (byte) 0xc4, (byte) 0x4d, (byte) 0xe4, (byte) 0x0d, (byte) 0x34, (byte) 0x1d, - (byte) 0xe2, (byte) 0x23, (byte) 0x18, (byte) 0x63, (byte) 0x03, (byte) 0xf7, - (byte) 0x14, (byte) 0x0e, (byte) 0x98, (byte) 0xcd, (byte) 0x45, (byte) 0x1f, - (byte) 0xfe, (byte) 0xfb, (byte) 0x09, (byte) 0x3f, (byte) 0x5d, (byte) 0x36, - (byte) 0x3b, (byte) 0x0f, (byte) 0xf9, (byte) 0x5e, (byte) 0x86, (byte) 0x56, - (byte) 0x64, (byte) 0xd7, (byte) 0x3f, (byte) 0xae, (byte) 0x33, (byte) 0x09, - (byte) 0xd3, (byte) 0xdd, (byte) 0x06, (byte) 0x17, (byte) 0x26, (byte) 0xdc, - (byte) 0xa2, (byte) 0x8c, (byte) 0x3c, (byte) 0x65, (byte) 0xed, (byte) 0x03, - (byte) 0x82, (byte) 0x78, (byte) 0x9b, (byte) 0xee, (byte) 0xe3, (byte) 0x98, - (byte) 0x58, (byte) 0xe1, (byte) 0xf1, (byte) 0xa0, (byte) 0x85, (byte) 0xae, - (byte) 0x63, (byte) 0x84, (byte) 0x41, (byte) 0x46, (byte) 0xa7, (byte) 0x4f, - (byte) 0xdc, (byte) 0xbb, (byte) 0x1c, (byte) 0x6e, (byte) 0xec, (byte) 0x7b, - (byte) 0xd5, (byte) 0xab, (byte) 0x3d, (byte) 0x6a, (byte) 0x05, (byte) 0x58, - (byte) 0x0f, (byte) 0x9b, (byte) 0x6a, (byte) 0x67, (byte) 0x4b, (byte) 0xe9, - (byte) 0x2a, (byte) 0x6d, (byte) 0x96, (byte) 0x11, (byte) 0x53, (byte) 0x95, - (byte) 0x78, (byte) 0xaa, (byte) 0xd1, (byte) 0x91, (byte) 0x4a, (byte) 0xf8, - (byte) 0x54, (byte) 0x52, (byte) 0x6d, (byte) 0xb9, (byte) 0xca, (byte) 0x74, - (byte) 0x81, (byte) 0xf8, (byte) 0x99, (byte) 0x64, (byte) 0xd1, (byte) 0x4f, - (byte) 0x01, (byte) 0x38, (byte) 0x4f, (byte) 0x08, (byte) 0x5c, (byte) 0x31, - (byte) 0xcb, (byte) 0x7c, (byte) 0x5c, (byte) 0x78, (byte) 0x5d, (byte) 0x47, - (byte) 0xd9, (byte) 0xf0, (byte) 0x1a, (byte) 0xeb, (byte) 0x02, (byte) 0x03, - (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x50, (byte) 0x30, - (byte) 0x4e, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, - (byte) 0x5f, (byte) 0x5b, (byte) 0x5e, (byte) 0xac, (byte) 0x29, (byte) 0xfa, - (byte) 0xa1, (byte) 0x9f, (byte) 0x9e, (byte) 0xad, (byte) 0x46, (byte) 0xe1, - (byte) 0xbc, (byte) 0x20, (byte) 0x72, (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, - (byte) 0xfa, (byte) 0xe3, (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, (byte) 0x30, - (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x5f, (byte) 0x5b, (byte) 0x5e, - (byte) 0xac, (byte) 0x29, (byte) 0xfa, (byte) 0xa1, (byte) 0x9f, (byte) 0x9e, - (byte) 0xad, (byte) 0x46, (byte) 0xe1, (byte) 0xbc, (byte) 0x20, (byte) 0x72, - (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, (byte) 0xfa, (byte) 0xe3, (byte) 0x30, - (byte) 0x0c, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, - (byte) 0x04, (byte) 0x05, (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, - (byte) 0xff, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, - (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, - (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, - (byte) 0x81, (byte) 0x00, (byte) 0xa1, (byte) 0x4a, (byte) 0xe6, (byte) 0xfc, - (byte) 0x7f, (byte) 0x17, (byte) 0xaa, (byte) 0x65, (byte) 0x4a, (byte) 0x34, - (byte) 0xde, (byte) 0x69, (byte) 0x67, (byte) 0x54, (byte) 0x4d, (byte) 0xa2, - (byte) 0xc2, (byte) 0x98, (byte) 0x02, (byte) 0x43, (byte) 0x6a, (byte) 0x0e, - (byte) 0x0b, (byte) 0x7f, (byte) 0xa4, (byte) 0x46, (byte) 0xaf, (byte) 0xa4, - (byte) 0x65, (byte) 0xa0, (byte) 0xdb, (byte) 0xf1, (byte) 0x5b, (byte) 0xd5, - (byte) 0x09, (byte) 0xbc, (byte) 0xee, (byte) 0x37, (byte) 0x51, (byte) 0x19, - (byte) 0x36, (byte) 0xc0, (byte) 0x90, (byte) 0xd3, (byte) 0x5f, (byte) 0xf3, - (byte) 0x4f, (byte) 0xb9, (byte) 0x08, (byte) 0x45, (byte) 0x0e, (byte) 0x01, - (byte) 0x8a, (byte) 0x95, (byte) 0xef, (byte) 0x92, (byte) 0x95, (byte) 0x33, - (byte) 0x78, (byte) 0xdd, (byte) 0x90, (byte) 0xbb, (byte) 0xf3, (byte) 0x06, - (byte) 0x75, (byte) 0xd0, (byte) 0x66, (byte) 0xe6, (byte) 0xd0, (byte) 0x18, - (byte) 0x6e, (byte) 0xeb, (byte) 0x1c, (byte) 0x52, (byte) 0xc3, (byte) 0x2e, - (byte) 0x57, (byte) 0x7d, (byte) 0xa9, (byte) 0x03, (byte) 0xdb, (byte) 0xf4, - (byte) 0x57, (byte) 0x5f, (byte) 0x6c, (byte) 0x7e, (byte) 0x00, (byte) 0x0d, - (byte) 0x8f, (byte) 0xe8, (byte) 0x91, (byte) 0xf7, (byte) 0xae, (byte) 0x24, - (byte) 0x35, (byte) 0x07, (byte) 0xb5, (byte) 0x48, (byte) 0x2d, (byte) 0x36, - (byte) 0x30, (byte) 0x5d, (byte) 0xe9, (byte) 0x49, (byte) 0x2d, (byte) 0xd1, - (byte) 0x5d, (byte) 0xc5, (byte) 0xf4, (byte) 0x33, (byte) 0x77, (byte) 0x3c, - (byte) 0x71, (byte) 0xad, (byte) 0x90, (byte) 0x65, (byte) 0xa9, (byte) 0xc1, - (byte) 0x0b, (byte) 0x5c, (byte) 0x62, (byte) 0x55, (byte) 0x50, (byte) 0x6f, - (byte) 0x9b, (byte) 0xc9, (byte) 0x0d, (byte) 0xee - }; - - /** - * Generated from above and converted with: - * - * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' - */ - private static final byte[] FAKE_EC_KEY_1 = new byte[] { - (byte) 0x30, (byte) 0x81, (byte) 0x87, (byte) 0x02, (byte) 0x01, (byte) 0x00, - (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, (byte) 0x06, - (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, - (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x04, (byte) 0x6d, (byte) 0x30, - (byte) 0x6b, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x04, (byte) 0x20, - (byte) 0x3a, (byte) 0x8a, (byte) 0x02, (byte) 0xdc, (byte) 0xde, (byte) 0x70, - (byte) 0x84, (byte) 0x45, (byte) 0x34, (byte) 0xaf, (byte) 0xbd, (byte) 0xd5, - (byte) 0x02, (byte) 0x17, (byte) 0x69, (byte) 0x90, (byte) 0x65, (byte) 0x1e, - (byte) 0x87, (byte) 0xf1, (byte) 0x3d, (byte) 0x17, (byte) 0xb6, (byte) 0xf4, - (byte) 0x31, (byte) 0x94, (byte) 0x86, (byte) 0x76, (byte) 0x55, (byte) 0xf7, - (byte) 0xcc, (byte) 0xba, (byte) 0xa1, (byte) 0x44, (byte) 0x03, (byte) 0x42, - (byte) 0x00, (byte) 0x04, (byte) 0xd9, (byte) 0xcf, (byte) 0xe7, (byte) 0x9b, - (byte) 0x23, (byte) 0xc8, (byte) 0xa3, (byte) 0xb8, (byte) 0x33, (byte) 0x14, - (byte) 0xa4, (byte) 0x4d, (byte) 0x75, (byte) 0x90, (byte) 0xf3, (byte) 0xcd, - (byte) 0x43, (byte) 0xe5, (byte) 0x1b, (byte) 0x05, (byte) 0x1d, (byte) 0xf3, - (byte) 0xd0, (byte) 0xa3, (byte) 0xb7, (byte) 0x32, (byte) 0x5f, (byte) 0x79, - (byte) 0xdc, (byte) 0x88, (byte) 0xb8, (byte) 0x4d, (byte) 0xb3, (byte) 0xd1, - (byte) 0x6d, (byte) 0xf7, (byte) 0x75, (byte) 0xf3, (byte) 0xbf, (byte) 0x50, - (byte) 0xa1, (byte) 0xbc, (byte) 0x03, (byte) 0x64, (byte) 0x22, (byte) 0xe6, - (byte) 0x1a, (byte) 0xa1, (byte) 0xe1, (byte) 0x06, (byte) 0x68, (byte) 0x3b, - (byte) 0xbc, (byte) 0x9f, (byte) 0xd3, (byte) 0xae, (byte) 0x77, (byte) 0x5e, - (byte) 0x88, (byte) 0x0c, (byte) 0x5e, (byte) 0x0c, (byte) 0xb2, (byte) 0x38 - }; - - /** - * Generated from above and converted with: - * - * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' - */ - private static final byte[] FAKE_EC_USER_1 = new byte[] { - (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x51, (byte) 0x30, (byte) 0x82, - (byte) 0x01, (byte) 0xba, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, - (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, - (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, - (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, - (byte) 0x00, (byte) 0x30, (byte) 0x45, (byte) 0x31, (byte) 0x0b, (byte) 0x30, - (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, - (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, (byte) 0x13, - (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, (byte) 0x6d, - (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, (byte) 0x74, - (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x18, - (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x6e, - (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, (byte) 0x64, - (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, (byte) 0x50, - (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, (byte) 0x64, - (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x33, - (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, (byte) 0x31, (byte) 0x36, - (byte) 0x33, (byte) 0x30, (byte) 0x30, (byte) 0x38, (byte) 0x5a, (byte) 0x17, - (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, - (byte) 0x35, (byte) 0x31, (byte) 0x36, (byte) 0x33, (byte) 0x30, (byte) 0x30, - (byte) 0x38, (byte) 0x5a, (byte) 0x30, (byte) 0x62, (byte) 0x31, (byte) 0x0b, - (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, - (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, - (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, - (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, - (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, - (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, - (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, - (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, - (byte) 0x64, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x12, - (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, (byte) 0x65, (byte) 0x72, - (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x61, (byte) 0x6d, (byte) 0x70, - (byte) 0x6c, (byte) 0x65, (byte) 0x2e, (byte) 0x63, (byte) 0x6f, (byte) 0x6d, - (byte) 0x30, (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, - (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, - (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, - (byte) 0xce, (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, - (byte) 0x42, (byte) 0x00, (byte) 0x04, (byte) 0xd9, (byte) 0xcf, (byte) 0xe7, - (byte) 0x9b, (byte) 0x23, (byte) 0xc8, (byte) 0xa3, (byte) 0xb8, (byte) 0x33, - (byte) 0x14, (byte) 0xa4, (byte) 0x4d, (byte) 0x75, (byte) 0x90, (byte) 0xf3, - (byte) 0xcd, (byte) 0x43, (byte) 0xe5, (byte) 0x1b, (byte) 0x05, (byte) 0x1d, - (byte) 0xf3, (byte) 0xd0, (byte) 0xa3, (byte) 0xb7, (byte) 0x32, (byte) 0x5f, - (byte) 0x79, (byte) 0xdc, (byte) 0x88, (byte) 0xb8, (byte) 0x4d, (byte) 0xb3, - (byte) 0xd1, (byte) 0x6d, (byte) 0xf7, (byte) 0x75, (byte) 0xf3, (byte) 0xbf, - (byte) 0x50, (byte) 0xa1, (byte) 0xbc, (byte) 0x03, (byte) 0x64, (byte) 0x22, - (byte) 0xe6, (byte) 0x1a, (byte) 0xa1, (byte) 0xe1, (byte) 0x06, (byte) 0x68, - (byte) 0x3b, (byte) 0xbc, (byte) 0x9f, (byte) 0xd3, (byte) 0xae, (byte) 0x77, - (byte) 0x5e, (byte) 0x88, (byte) 0x0c, (byte) 0x5e, (byte) 0x0c, (byte) 0xb2, - (byte) 0x38, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, (byte) 0x79, (byte) 0x30, - (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, - (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, (byte) 0x30, (byte) 0x2c, - (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, (byte) 0x48, (byte) 0x01, - (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, (byte) 0x0d, (byte) 0x04, - (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, (byte) 0x70, (byte) 0x65, - (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, (byte) 0x20, (byte) 0x47, - (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, (byte) 0x61, (byte) 0x74, - (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, (byte) 0x65, (byte) 0x72, - (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61, - (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, - (byte) 0x14, (byte) 0xd5, (byte) 0xc4, (byte) 0x72, (byte) 0xbd, (byte) 0xd2, - (byte) 0x4e, (byte) 0x90, (byte) 0x1b, (byte) 0x14, (byte) 0x32, (byte) 0xdb, - (byte) 0x03, (byte) 0xae, (byte) 0xfa, (byte) 0x27, (byte) 0x7d, (byte) 0x8d, - (byte) 0xe4, (byte) 0x80, (byte) 0x58, (byte) 0x30, (byte) 0x1f, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, - (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x5f, (byte) 0x5b, - (byte) 0x5e, (byte) 0xac, (byte) 0x29, (byte) 0xfa, (byte) 0xa1, (byte) 0x9f, - (byte) 0x9e, (byte) 0xad, (byte) 0x46, (byte) 0xe1, (byte) 0xbc, (byte) 0x20, - (byte) 0x72, (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, (byte) 0xfa, (byte) 0xe3, - (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, - (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, - (byte) 0x00, (byte) 0x43, (byte) 0x99, (byte) 0x9f, (byte) 0x67, (byte) 0x08, - (byte) 0x43, (byte) 0xd5, (byte) 0x6b, (byte) 0x6f, (byte) 0xd7, (byte) 0x05, - (byte) 0xd6, (byte) 0x75, (byte) 0x34, (byte) 0x30, (byte) 0xca, (byte) 0x20, - (byte) 0x47, (byte) 0x61, (byte) 0xa1, (byte) 0x89, (byte) 0xb6, (byte) 0xf1, - (byte) 0x49, (byte) 0x7b, (byte) 0xd9, (byte) 0xb9, (byte) 0xe8, (byte) 0x1e, - (byte) 0x29, (byte) 0x74, (byte) 0x0a, (byte) 0x67, (byte) 0xc0, (byte) 0x7d, - (byte) 0xb8, (byte) 0xe6, (byte) 0x39, (byte) 0xa8, (byte) 0x5e, (byte) 0xc3, - (byte) 0xb0, (byte) 0xa1, (byte) 0x30, (byte) 0x6a, (byte) 0x1f, (byte) 0x1d, - (byte) 0xfc, (byte) 0x11, (byte) 0x59, (byte) 0x0b, (byte) 0xb9, (byte) 0xad, - (byte) 0x3a, (byte) 0x4e, (byte) 0x50, (byte) 0x0a, (byte) 0x61, (byte) 0xdb, - (byte) 0x75, (byte) 0x6b, (byte) 0xe5, (byte) 0x3f, (byte) 0x8d, (byte) 0xde, - (byte) 0x28, (byte) 0x68, (byte) 0xb1, (byte) 0x29, (byte) 0x9a, (byte) 0x18, - (byte) 0x8a, (byte) 0xfc, (byte) 0x3f, (byte) 0x13, (byte) 0x93, (byte) 0x29, - (byte) 0xed, (byte) 0x22, (byte) 0x7c, (byte) 0xb4, (byte) 0x50, (byte) 0xd5, - (byte) 0x4d, (byte) 0x32, (byte) 0x4d, (byte) 0x42, (byte) 0x2b, (byte) 0x29, - (byte) 0x97, (byte) 0x86, (byte) 0xc0, (byte) 0x01, (byte) 0x00, (byte) 0x25, - (byte) 0xf6, (byte) 0xd3, (byte) 0x2a, (byte) 0xd8, (byte) 0xda, (byte) 0x13, - (byte) 0x94, (byte) 0x12, (byte) 0x78, (byte) 0x14, (byte) 0x0b, (byte) 0x51, - (byte) 0xc0, (byte) 0x45, (byte) 0xb4, (byte) 0x02, (byte) 0x37, (byte) 0x98, - (byte) 0x42, (byte) 0x3c, (byte) 0xcb, (byte) 0x2e, (byte) 0xe4, (byte) 0x38, - (byte) 0x69, (byte) 0x1b, (byte) 0x72, (byte) 0xf0, (byte) 0xaa, (byte) 0x89, - (byte) 0x7e, (byte) 0xde, (byte) 0xb2 - }; - - /** - * The amount of time to allow before and after expected time for variance - * in timing tests. - */ - private static final long SLOP_TIME_MILLIS = 15000L; - - @Override - protected void setUp() throws Exception { - mAndroidKeyStore = android.security.KeyStore.getInstance(); - - assertTrue(mAndroidKeyStore.reset()); - assertFalse(mAndroidKeyStore.isUnlocked()); - - mKeyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); - } - - private void setupPassword() { - assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); - assertTrue(mAndroidKeyStore.isUnlocked()); - - assertEquals(0, mAndroidKeyStore.list("").length); - } - - private void assertAliases(final String[] expectedAliases) throws KeyStoreException { - final Enumeration<String> aliases = mKeyStore.aliases(); - int count = 0; - - final Set<String> expectedSet = new HashSet<String>(); - expectedSet.addAll(Arrays.asList(expectedAliases)); - - while (aliases.hasMoreElements()) { - count++; - final String alias = aliases.nextElement(); - assertTrue("The alias should be in the expected set", expectedSet.contains(alias)); - expectedSet.remove(alias); - } - assertTrue("The expected set and actual set should be exactly equal", expectedSet.isEmpty()); - assertEquals("There should be the correct number of keystore entries", - expectedAliases.length, count); - } - - public void testKeyStore_Aliases_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertAliases(new String[] {}); - - assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, - null)); - - assertAliases(new String[] { TEST_ALIAS_1 }); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); - } - - public void testKeyStore_Aliases_NotInitialized_Encrypted_Failure() throws Exception { - setupPassword(); - - try { - mKeyStore.aliases(); - fail("KeyStore should throw exception when not initialized"); - } catch (KeyStoreException success) { - } - } - - public void testKeyStore_ContainsAliases_PrivateAndCA_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertAliases(new String[] {}); - - assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, - null)); - - assertTrue("Should contain generated private key", mKeyStore.containsAlias(TEST_ALIAS_1)); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); - - assertFalse("Should not contain unadded certificate alias", - mKeyStore.containsAlias(TEST_ALIAS_3)); - } - - public void testKeyStore_ContainsAliases_CAOnly_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); - } - - public void testKeyStore_ContainsAliases_NonExistent_Encrypted_Failure() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertFalse("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_1)); - } - - public void testKeyStore_DeleteEntry_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - // TEST_ALIAS_1 - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - // TEST_ALIAS_2 - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - // TEST_ALIAS_3 - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_3, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); - - mKeyStore.deleteEntry(TEST_ALIAS_1); - - assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); - - mKeyStore.deleteEntry(TEST_ALIAS_3); - - assertAliases(new String[] { TEST_ALIAS_2 }); - - mKeyStore.deleteEntry(TEST_ALIAS_2); - - assertAliases(new String[] { }); - } - - public void testKeyStore_DeleteEntry_EmptyStore_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - // Should not throw when a non-existent entry is requested for delete. - mKeyStore.deleteEntry(TEST_ALIAS_1); - } - - public void testKeyStore_DeleteEntry_NonExistent_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - // TEST_ALIAS_1 - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - // Should not throw when a non-existent entry is requested for delete. - mKeyStore.deleteEntry(TEST_ALIAS_2); - } - - public void testKeyStore_GetCertificate_Single_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertAliases(new String[] { TEST_ALIAS_1 }); - - assertNull("Certificate should not exist in keystore", - mKeyStore.getCertificate(TEST_ALIAS_2)); - - Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); - - assertNotNull("Retrieved certificate should not be null", retrieved); - - CertificateFactory f = CertificateFactory.getInstance("X.509"); - Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - assertEquals("Actual and retrieved certificates should be the same", actual, retrieved); - } - - public void testKeyStore_GetCertificate_NonExist_Encrypted_Failure() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertNull("Certificate should not exist in keystore", - mKeyStore.getCertificate(TEST_ALIAS_1)); - } - - public void testKeyStore_GetCertificateAlias_CAEntry_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - CertificateFactory f = CertificateFactory.getInstance("X.509"); - Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, - mKeyStore.getCertificateAlias(actual)); - } - - public void testKeyStore_GetCertificateAlias_PrivateKeyEntry_Encrypted_Success() - throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - CertificateFactory f = CertificateFactory.getInstance("X.509"); - Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - - assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, - mKeyStore.getCertificateAlias(actual)); - } - - public void testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Encrypted_Success() - throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - // Insert TrustedCertificateEntry with CA name - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - // Insert PrivateKeyEntry that uses the same CA - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - CertificateFactory f = CertificateFactory.getInstance("X.509"); - Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - assertEquals("Stored certificate alias should be found", TEST_ALIAS_2, - mKeyStore.getCertificateAlias(actual)); - } - - public void testKeyStore_GetCertificateAlias_NonExist_Empty_Encrypted_Failure() - throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - CertificateFactory f = CertificateFactory.getInstance("X.509"); - Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - assertNull("Stored certificate alias should not be found", - mKeyStore.getCertificateAlias(actual)); - } - - public void testKeyStore_GetCertificateAlias_NonExist_Encrypted_Failure() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - CertificateFactory f = CertificateFactory.getInstance("X.509"); - Certificate userCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - - assertNull("Stored certificate alias should be found", - mKeyStore.getCertificateAlias(userCert)); - } - - public void testKeyStore_GetCertificateChain_SingleLength_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - Certificate[] expected = new Certificate[2]; - expected[0] = cf.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - expected[1] = cf.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - Certificate[] actual = mKeyStore.getCertificateChain(TEST_ALIAS_1); - - assertNotNull("Returned certificate chain should not be null", actual); - assertEquals("Returned certificate chain should be correct size", expected.length, - actual.length); - assertEquals("First certificate should be user certificate", expected[0], actual[0]); - assertEquals("Second certificate should be CA certificate", expected[1], actual[1]); - - // Negative test when keystore is populated. - assertNull("Stored certificate alias should not be found", - mKeyStore.getCertificateChain(TEST_ALIAS_2)); - } - - public void testKeyStore_GetCertificateChain_NonExist_Encrypted_Failure() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertNull("Stored certificate alias should not be found", - mKeyStore.getCertificateChain(TEST_ALIAS_1)); - } - - public void testKeyStore_GetCreationDate_PrivateKeyEntry_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - Date now = new Date(); - Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); - - Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); - Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); - - assertTrue("Time should be close to current time", actual.before(expectedBefore)); - assertTrue("Time should be close to current time", actual.after(expectedAfter)); - } - - public void testKeyStore_GetCreationDate_PrivateKeyEntry_Unencrypted_Success() throws Exception { - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - - Date now = new Date(); - Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); - - Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); - Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); - - assertTrue("Time should be close to current time", actual.before(expectedBefore)); - assertTrue("Time should be close to current time", actual.after(expectedAfter)); - } - - public void testKeyStore_GetCreationDate_CAEntry_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - Date now = new Date(); - Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); - assertNotNull("Certificate should be found", actual); - - Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); - Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); - - assertTrue("Time should be close to current time", actual.before(expectedBefore)); - assertTrue("Time should be close to current time", actual.after(expectedAfter)); - } - - public void testKeyStore_GetEntry_NullParams_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Entry should exist", entry); - - assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); - - PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; - - assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, - FAKE_RSA_CA_1); - } - - public void testKeyStore_GetEntry_EC_NullParams_Unencrypted_Success() throws Exception { - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_EC_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, - FAKE_EC_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_EC_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - - Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Entry should exist", entry); - - assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); - - PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; - - assertPrivateKeyEntryEquals(keyEntry, "EC", FAKE_EC_KEY_1, FAKE_EC_USER_1, FAKE_EC_CA_1); - } - - public void testKeyStore_GetEntry_RSA_NullParams_Unencrypted_Success() throws Exception { - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, - FAKE_RSA_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - - Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Entry should exist", entry); - - assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); - - PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; - - assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, - FAKE_RSA_CA_1); - } - - @SuppressWarnings("unchecked") - private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, String keyType, byte[] key, - byte[] cert, byte[] ca) throws Exception { - KeyFactory keyFact = KeyFactory.getInstance(keyType); - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(key)); - - CertificateFactory certFact = CertificateFactory.getInstance("X.509"); - Certificate expectedCert = certFact.generateCertificate(new ByteArrayInputStream(cert)); - - final Collection<Certificate> expectedChain; - if (ca != null) { - expectedChain = (Collection<Certificate>) certFact - .generateCertificates(new ByteArrayInputStream(ca)); - } else { - expectedChain = null; - } - - assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, expectedChain); - } - - private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey, - Certificate expectedCert, Collection<Certificate> expectedChain) throws Exception { - if (expectedKey instanceof ECKey) { - assertEquals("Returned PrivateKey should be what we inserted", - ((ECKey) expectedKey).getParams().getCurve(), - ((ECKey) keyEntry.getCertificate().getPublicKey()).getParams().getCurve()); - } else if (expectedKey instanceof RSAKey) { - assertEquals("Returned PrivateKey should be what we inserted", - ((RSAKey) expectedKey).getModulus(), - ((RSAKey) keyEntry.getPrivateKey()).getModulus()); - } - - assertEquals("Returned Certificate should be what we inserted", expectedCert, - keyEntry.getCertificate()); - - Certificate[] actualChain = keyEntry.getCertificateChain(); - - assertEquals("First certificate in chain should be user cert", expectedCert, actualChain[0]); - - if (expectedChain == null) { - assertEquals("Certificate chain should not include CAs", 1, actualChain.length); - } else { - int i = 1; - final Iterator<Certificate> it = expectedChain.iterator(); - while (it.hasNext()) { - assertEquals("CA chain certificate should equal what we put in", it.next(), - actualChain[i++]); - } - } - } - - public void testKeyStore_GetEntry_Nonexistent_NullParams_Encrypted_Failure() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertNull("A non-existent entry should return null", - mKeyStore.getEntry(TEST_ALIAS_1, null)); - } - - public void testKeyStore_GetEntry_Nonexistent_NullParams_Unencrypted_Failure() throws Exception { - mKeyStore.load(null, null); - - assertNull("A non-existent entry should return null", - mKeyStore.getEntry(TEST_ALIAS_1, null)); - } - - public void testKeyStore_GetKey_NoPassword_Encrypted_Success() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - Key key = mKeyStore.getKey(TEST_ALIAS_1, null); - assertNotNull("Key should exist", key); - - assertTrue("Should be a PrivateKey", key instanceof PrivateKey); - assertTrue("Should be a RSAKey", key instanceof RSAKey); - - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - - assertEquals("Inserted key should be same as retrieved key", - ((RSAKey) expectedKey).getModulus(), ((RSAKey) key).getModulus()); - } - - public void testKeyStore_GetKey_NoPassword_Unencrypted_Success() throws Exception { - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_NONE)); - - Key key = mKeyStore.getKey(TEST_ALIAS_1, null); - assertNotNull("Key should exist", key); - - assertTrue("Should be a PrivateKey", key instanceof PrivateKey); - assertTrue("Should be a RSAKey", key instanceof RSAKey); - - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - - assertEquals("Inserted key should be same as retrieved key", - ((RSAKey) expectedKey).getModulus(), ((RSAKey) key).getModulus()); - } - - public void testKeyStore_GetKey_Certificate_Encrypted_Failure() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertNull("Certificate entries should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); - } - - public void testKeyStore_GetKey_NonExistent_Encrypted_Failure() throws Exception { - setupPassword(); - - mKeyStore.load(null, null); - - assertNull("A non-existent entry should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); - } - - public void testKeyStore_GetProvider_Encrypted_Success() throws Exception { - assertEquals(AndroidKeyStoreProvider.PROVIDER_NAME, mKeyStore.getProvider().getName()); - setupPassword(); - assertEquals(AndroidKeyStoreProvider.PROVIDER_NAME, mKeyStore.getProvider().getName()); - } - - public void testKeyStore_GetType_Encrypted_Success() throws Exception { - assertEquals(AndroidKeyStoreSpi.NAME, mKeyStore.getType()); - setupPassword(); - assertEquals(AndroidKeyStoreSpi.NAME, mKeyStore.getType()); - } - - public void testKeyStore_IsCertificateEntry_CA_Encrypted_Success() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertTrue("Should return true for CA certificate", - mKeyStore.isCertificateEntry(TEST_ALIAS_1)); - } - - public void testKeyStore_IsCertificateEntry_PrivateKey_Encrypted_Failure() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertFalse("Should return false for PrivateKeyEntry", - mKeyStore.isCertificateEntry(TEST_ALIAS_1)); - } - - public void testKeyStore_IsCertificateEntry_NonExist_Encrypted_Failure() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - assertFalse("Should return false for non-existent entry", - mKeyStore.isCertificateEntry(TEST_ALIAS_1)); - } - - public void testKeyStore_IsCertificateEntry_NonExist_Unencrypted_Failure() throws Exception { - mKeyStore.load(null, null); - - assertFalse("Should return false for non-existent entry", - mKeyStore.isCertificateEntry(TEST_ALIAS_1)); - } - - public void testKeyStore_IsKeyEntry_PrivateKey_Encrypted_Success() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertTrue("Should return true for PrivateKeyEntry", mKeyStore.isKeyEntry(TEST_ALIAS_1)); - } - - public void testKeyStore_IsKeyEntry_CA_Encrypted_Failure() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertFalse("Should return false for CA certificate", mKeyStore.isKeyEntry(TEST_ALIAS_1)); - } - - public void testKeyStore_IsKeyEntry_NonExist_Encrypted_Failure() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - assertFalse("Should return false for non-existent entry", - mKeyStore.isKeyEntry(TEST_ALIAS_1)); - } - - public void testKeyStore_SetCertificate_CA_Encrypted_Success() throws Exception { - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - final Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - setupPassword(); - mKeyStore.load(null, null); - - mKeyStore.setCertificateEntry(TEST_ALIAS_1, actual); - assertAliases(new String[] { TEST_ALIAS_1 }); - - Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); - - assertEquals("Retrieved certificate should be the same as the one inserted", actual, - retrieved); - } - - public void testKeyStore_SetCertificate_CAExists_Overwrite_Encrypted_Success() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertAliases(new String[] { TEST_ALIAS_1 }); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - final Certificate cert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - // TODO have separate FAKE_CA for second test - mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); - - assertAliases(new String[] { TEST_ALIAS_1 }); - } - - public void testKeyStore_SetCertificate_PrivateKeyExists_Encrypted_Failure() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertAliases(new String[] { TEST_ALIAS_1 }); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - final Certificate cert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - try { - mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); - fail("Should throw when trying to overwrite a PrivateKey entry with a Certificate"); - } catch (KeyStoreException success) { - } - } - - public void testKeyStore_SetEntry_PrivateKeyEntry_Encrypted_Success() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - final Certificate[] expectedChain = new Certificate[2]; - expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); - - mKeyStore.setEntry(TEST_ALIAS_1, expected, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; - - assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); - } - - public void testKeyStore_SetEntry_PrivateKeyEntry_EC_Unencrypted_Success() throws Exception { - mKeyStore.load(null, null); - - KeyFactory keyFact = KeyFactory.getInstance("EC"); - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_EC_KEY_1)); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - final Certificate[] expectedChain = new Certificate[2]; - expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_EC_USER_1)); - expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_EC_CA_1)); - - PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); - - mKeyStore.setEntry(TEST_ALIAS_1, expected, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; - - assertPrivateKeyEntryEquals(actual, "EC", FAKE_EC_KEY_1, FAKE_EC_USER_1, FAKE_EC_CA_1); - } - - public void testKeyStore_SetEntry_PrivateKeyEntry_RSA_Unencrypted_Success() throws Exception { - mKeyStore.load(null, null); - - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - final Certificate[] expectedChain = new Certificate[2]; - expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); - - mKeyStore.setEntry(TEST_ALIAS_1, expected, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; - - assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); - } - - public void testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure() throws Exception { - mKeyStore.load(null, null); - - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - final Certificate[] expectedChain = new Certificate[2]; - expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - PrivateKeyEntry entry = new PrivateKeyEntry(expectedKey, expectedChain); - - try { - mKeyStore.setEntry(TEST_ALIAS_1, entry, - new KeyStoreParameter.Builder(getContext()) - .setEncryptionRequired(true) - .build()); - fail("Shouldn't be able to insert encrypted entry when KeyStore uninitialized"); - } catch (KeyStoreException expected) { - } - - assertNull(mKeyStore.getEntry(TEST_ALIAS_1, null)); - } - - public void - testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Encrypted_Success() - throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - final KeyFactory keyFact = KeyFactory.getInstance("RSA"); - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - // Start with PrivateKeyEntry - { - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - - final Certificate[] expectedChain = new Certificate[2]; - expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); - - mKeyStore.setEntry(TEST_ALIAS_1, expected, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; - - assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, - FAKE_RSA_CA_1); - } - - // TODO make entirely new test vector for the overwrite - // Replace with PrivateKeyEntry - { - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - - final Certificate[] expectedChain = new Certificate[2]; - expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); - - mKeyStore.setEntry(TEST_ALIAS_1, expected, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; - - assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, - FAKE_RSA_CA_1); - } - } - - public void testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Encrypted_Success() - throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - // Start with TrustedCertificateEntry - { - final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); - mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - assertTrue("Retrieved entry should be of type TrustedCertificateEntry", - actualEntry instanceof TrustedCertificateEntry); - TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; - assertEquals("Stored and retrieved certificates should be the same", - expectedCertEntry.getTrustedCertificate(), - actualCertEntry.getTrustedCertificate()); - } - - // Replace with PrivateKeyEntry - { - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - final Certificate[] expectedChain = new Certificate[2]; - expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); - - mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; - assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, - FAKE_RSA_CA_1); - } - } - - public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success() - throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - // Start with PrivateKeyEntry - { - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - final Certificate[] expectedChain = new Certificate[2]; - expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - expectedChain[1] = caCert; - - PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); - - mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; - assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, - FAKE_RSA_CA_1); - } - - // Replace with TrustedCertificateEntry - { - TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); - mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - assertTrue("Retrieved entry should be of type TrustedCertificateEntry", - actualEntry instanceof TrustedCertificateEntry); - TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; - assertEquals("Stored and retrieved certificates should be the same", - expectedCertEntry.getTrustedCertificate(), - actualCertEntry.getTrustedCertificate()); - } - } - - public - void - testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Encrypted_Success() - throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - // Start with PrivateKeyEntry - { - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - final Certificate[] expectedChain = new Certificate[2]; - expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - expectedChain[1] = caCert; - - PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); - - mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; - assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, - FAKE_RSA_CA_1); - } - - // Replace with PrivateKeyEntry that has no chain - { - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - final Certificate[] expectedChain = new Certificate[1]; - expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - - PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); - - mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; - assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, - null); - } - } - - public void testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Encrypted_Success() - throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - // Insert TrustedCertificateEntry - { - final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); - mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - assertTrue("Retrieved entry should be of type TrustedCertificateEntry", - actualEntry instanceof TrustedCertificateEntry); - TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; - assertEquals("Stored and retrieved certificates should be the same", - expectedCertEntry.getTrustedCertificate(), - actualCertEntry.getTrustedCertificate()); - } - - // Replace with TrustedCertificateEntry of USER - { - final Certificate userCert = f - .generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - - TrustedCertificateEntry expectedUserEntry = new TrustedCertificateEntry(userCert); - mKeyStore.setEntry(TEST_ALIAS_1, expectedUserEntry, null); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - assertTrue("Retrieved entry should be of type TrustedCertificateEntry", - actualEntry instanceof TrustedCertificateEntry); - TrustedCertificateEntry actualUserEntry = (TrustedCertificateEntry) actualEntry; - assertEquals("Stored and retrieved certificates should be the same", - expectedUserEntry.getTrustedCertificate(), - actualUserEntry.getTrustedCertificate()); - } - } - - public void testKeyStore_SetKeyEntry_ProtectedKey_Encrypted_Failure() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - final Certificate[] chain = new Certificate[2]; - chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - chain[1] = caCert; - - try { - mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, "foo".toCharArray(), chain); - fail("Should fail when a password is specified"); - } catch (KeyStoreException success) { - } - } - - public void testKeyStore_SetKeyEntry_Encrypted_Success() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - final Certificate[] chain = new Certificate[2]; - chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - chain[1] = caCert; - - mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; - - assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); - } - - public void testKeyStore_SetKeyEntry_Replaced_Encrypted_Success() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - final CertificateFactory f = CertificateFactory.getInstance("X.509"); - - final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); - - // Insert initial key - { - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - final Certificate[] chain = new Certificate[2]; - chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - chain[1] = caCert; - - mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; - - assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, - FAKE_RSA_CA_1); - } - - // TODO make a separate key - // Replace key - { - KeyFactory keyFact = KeyFactory.getInstance("RSA"); - PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); - final Certificate[] chain = new Certificate[2]; - chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); - chain[1] = caCert; - - mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); - - Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull("Retrieved entry should exist", actualEntry); - - assertTrue("Retrieved entry should be of type PrivateKeyEntry", - actualEntry instanceof PrivateKeyEntry); - - PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; - - assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, - FAKE_RSA_CA_1); - } - } - - @SuppressWarnings("deprecation") - private static X509Certificate generateCertificate(android.security.KeyStore keyStore, - String alias, BigInteger serialNumber, X500Principal subjectDN, Date notBefore, - Date notAfter) throws Exception { - final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias; - - KeyPair keyPair = AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore( - keyStore, privateKeyAlias, KeyStore.UID_SELF); - - final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); - certGen.setPublicKey(keyPair.getPublic()); - certGen.setSerialNumber(serialNumber); - certGen.setSubjectDN(subjectDN); - certGen.setIssuerDN(subjectDN); - certGen.setNotBefore(notBefore); - certGen.setNotAfter(notAfter); - certGen.setSignatureAlgorithm("sha1WithRSA"); - - final X509Certificate cert = certGen.generate(keyPair.getPrivate()); - - return cert; - } - - public void testKeyStore_SetKeyEntry_ReplacedChain_Encrypted_Success() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - // Create key #1 - { - final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; - assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, - NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null)); - - Key key = mKeyStore.getKey(TEST_ALIAS_1, null); - - assertTrue(key instanceof PrivateKey); - - PrivateKey expectedKey = (PrivateKey) key; - - X509Certificate expectedCert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, - TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS); - - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, - expectedCert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); - - assertTrue(entry instanceof PrivateKeyEntry); - - PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; - - assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null); - } - - // Replace key #1 with new chain - { - Key key = mKeyStore.getKey(TEST_ALIAS_1, null); - - assertTrue(key instanceof PrivateKey); - - PrivateKey expectedKey = (PrivateKey) key; - - X509Certificate expectedCert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, - TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); - - mKeyStore.setKeyEntry(TEST_ALIAS_1, expectedKey, null, - new Certificate[] { expectedCert }); - - Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); - - assertTrue(entry instanceof PrivateKeyEntry); - - PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; - - assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null); - } - } - - public void testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Encrypted_Failure() - throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - // Create key #1 - { - final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; - assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, - NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null)); - - X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, - TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS); - - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, - cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - } - - // Create key #2 - { - final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_2; - assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, - NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null)); - - X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2, - TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); - - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_2, - cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - } - - // Replace key #1 with key #2 - { - Key key1 = mKeyStore.getKey(TEST_ALIAS_2, null); - - X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2, - TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); - - try { - mKeyStore.setKeyEntry(TEST_ALIAS_1, key1, null, new Certificate[] { cert }); - fail("Should not allow setting of KeyEntry with wrong PrivaetKey"); - } catch (KeyStoreException success) { - } - } - } - - public void testKeyStore_SetKeyEntry_ReplacedChain_UnencryptedToEncrypted_Failure() - throws Exception { - mKeyStore.load(null, null); - - // Create key #1 - { - final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; - assertTrue(mAndroidKeyStore.generate(privateKeyAlias, - android.security.KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, - android.security.KeyStore.FLAG_NONE, null)); - - X509Certificate cert = - generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1, TEST_DN_1, - NOW, NOW_PLUS_10_YEARS); - - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, - cert.getEncoded(), android.security.KeyStore.UID_SELF, - android.security.KeyStore.FLAG_NONE)); - } - - // Replace with one that requires encryption - { - Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); - - try { - mKeyStore.setEntry(TEST_ALIAS_1, entry, - new KeyStoreParameter.Builder(getContext()) - .setEncryptionRequired(true) - .build()); - fail("Should not allow setting of Entry without unlocked keystore"); - } catch (KeyStoreException success) { - } - - assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); - assertTrue(mAndroidKeyStore.isUnlocked()); - - mKeyStore.setEntry(TEST_ALIAS_1, entry, - new KeyStoreParameter.Builder(getContext()) - .setEncryptionRequired(true) - .build()); - } - } - - public void testKeyStore_Size_Encrypted_Success() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertEquals("The keystore size should match expected", 1, mKeyStore.size()); - assertAliases(new String[] { TEST_ALIAS_1 }); - - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, - KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - - assertEquals("The keystore size should match expected", 2, mKeyStore.size()); - assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); - - assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3, - KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, - null)); - - assertEquals("The keystore size should match expected", 3, mKeyStore.size()); - assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); - - assertTrue(mAndroidKeyStore.delete(Credentials.CA_CERTIFICATE + TEST_ALIAS_1)); - - assertEquals("The keystore size should match expected", 2, mKeyStore.size()); - assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); - - assertTrue(mAndroidKeyStore.delete(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3)); - - assertEquals("The keystore size should match expected", 1, mKeyStore.size()); - assertAliases(new String[] { TEST_ALIAS_2 }); - } - - public void testKeyStore_Store_LoadStoreParam_Encrypted_Failure() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - try { - mKeyStore.store(null); - fail("Should throw UnsupportedOperationException when trying to store"); - } catch (UnsupportedOperationException success) { - } - } - - public void testKeyStore_Load_InputStreamSupplied_Encrypted_Failure() throws Exception { - byte[] buf = "FAKE KEYSTORE".getBytes(); - ByteArrayInputStream is = new ByteArrayInputStream(buf); - - try { - mKeyStore.load(is, null); - fail("Should throw IllegalArgumentException when InputStream is supplied"); - } catch (IllegalArgumentException success) { - } - } - - public void testKeyStore_Load_PasswordSupplied_Encrypted_Failure() throws Exception { - try { - mKeyStore.load(null, "password".toCharArray()); - fail("Should throw IllegalArgumentException when password is supplied"); - } catch (IllegalArgumentException success) { - } - } - - public void testKeyStore_Store_OutputStream_Encrypted_Failure() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - OutputStream sink = new ByteArrayOutputStream(); - try { - mKeyStore.store(sink, null); - fail("Should throw UnsupportedOperationException when trying to store"); - } catch (UnsupportedOperationException success) { - } - - try { - mKeyStore.store(sink, "blah".toCharArray()); - fail("Should throw UnsupportedOperationException when trying to store"); - } catch (UnsupportedOperationException success) { - } - } - - private void setupKey() throws Exception { - final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; - assertTrue(mAndroidKeyStore - .generate(privateKeyAlias, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, - KeyStore.FLAG_ENCRYPTED, null)); - - X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1, - TEST_DN_1, NOW, NOW_PLUS_10_YEARS); - - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, - cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); - } - - public void testKeyStore_KeyOperations_Wrap_Encrypted_Success() throws Exception { - setupPassword(); - mKeyStore.load(null, null); - - setupKey(); - - // Test key usage - Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null); - assertNotNull(e); - assertTrue(e instanceof PrivateKeyEntry); - - PrivateKeyEntry privEntry = (PrivateKeyEntry) e; - PrivateKey privKey = privEntry.getPrivateKey(); - assertNotNull(privKey); - - PublicKey pubKey = privEntry.getCertificate().getPublicKey(); - - Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding"); - c.init(Cipher.WRAP_MODE, pubKey); - - byte[] expectedKey = new byte[] { - 0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A - }; - - SecretKey expectedSecret = new SecretKeySpec(expectedKey, "AES"); - - byte[] wrappedExpected = c.wrap(expectedSecret); - - c.init(Cipher.UNWRAP_MODE, privKey); - SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY); - - assertEquals(Arrays.toString(expectedSecret.getEncoded()), - Arrays.toString(actualSecret.getEncoded())); - } -} |