Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / be53f1806cf9f0ec69f785a0063227e0ed795eb8 / . / keystore / tests / src / android / security / AndroidKeyStoreTest.java
blob: 8798fb5879ab1ae0a01731c0219f3571b55a887a [file] [log] [blame]
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security;
18
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]19import com.android.org.bouncycastle.x509.X509V3CertificateGenerator;
20
21import org.apache.harmony.xnet.provider.jsse.OpenSSLEngine;
22
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]23import android.test.AndroidTestCase;
24
25import java.io.ByteArrayInputStream;
26import java.io.ByteArrayOutputStream;
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]27import java.io.OutputStream;
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]28import java.math.BigInteger;
29import java.security.InvalidKeyException;
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]30import java.security.Key;
31import java.security.KeyFactory;
32import java.security.KeyStore.Entry;
33import java.security.KeyStore.PrivateKeyEntry;
34import java.security.KeyStore.TrustedCertificateEntry;
35import java.security.KeyStoreException;
36import java.security.NoSuchAlgorithmException;
37import java.security.PrivateKey;
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]38import java.security.PublicKey;
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]39import java.security.cert.Certificate;
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]40import java.security.cert.CertificateFactory;
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]41import java.security.cert.X509Certificate;
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]42import java.security.interfaces.RSAPrivateKey;
43import java.security.spec.InvalidKeySpecException;
44import java.security.spec.PKCS8EncodedKeySpec;
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]45import java.security.spec.X509EncodedKeySpec;
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]46import java.util.Arrays;
47import java.util.Collection;
48import java.util.Date;
49import java.util.Enumeration;
50import java.util.HashSet;
51import java.util.Iterator;
52import java.util.Set;
53
Kenny Root656f92f2013-02-04 14:47:36 -0800[diff] [blame]54import javax.crypto.Cipher;
55import javax.crypto.SecretKey;
56import javax.crypto.spec.SecretKeySpec;
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]57import javax.security.auth.x500.X500Principal;
58
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]59public class AndroidKeyStoreTest extends AndroidTestCase {
60 private android.security.KeyStore mAndroidKeyStore;
61
62 private java.security.KeyStore mKeyStore;
63
64 private static final String TEST_ALIAS_1 = "test1";
65
66 private static final String TEST_ALIAS_2 = "test2";
67
68 private static final String TEST_ALIAS_3 = "test3";
69
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]70 private static final X500Principal TEST_DN_1 = new X500Principal("CN=test1");
71
72 private static final X500Principal TEST_DN_2 = new X500Principal("CN=test2");
73
74 private static final BigInteger TEST_SERIAL_1 = BigInteger.ONE;
75
76 private static final BigInteger TEST_SERIAL_2 = BigInteger.valueOf(2L);
77
78 private static final long NOW_MILLIS = System.currentTimeMillis();
79
80 /* We have to round this off because X509v3 doesn't store milliseconds. */
81 private static final Date NOW = new Date(NOW_MILLIS - (NOW_MILLIS % 1000L));
82
83 @SuppressWarnings("deprecation")
84 private static final Date NOW_PLUS_10_YEARS = new Date(NOW.getYear() + 10, 0, 1);
85
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]86 /*
87 * The keys and certificates below are generated with:
88 *
89 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem
90 * openssl req -newkey rsa:1024 -keyout userkey.pem -nodes -days 3650 -out userkey.req
91 * mkdir -p demoCA/newcerts
92 * touch demoCA/index.txt
93 * echo "01" > demoCA/serial
94 * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650
95 */
96
97 /**
98 * Generated from above and converted with:
99 *
100 * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g'
101 */
102 private static final byte[] FAKE_CA_1 = {
103 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0xce, (byte) 0x30, (byte) 0x82,
104 (byte) 0x02, (byte) 0x37, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01,
105 (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0x6a,
106 (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, (byte) 0x55, (byte) 0x48, (byte) 0x0a,
107 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86,
108 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01,
109 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31,
110 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55,
111 (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53,
112 (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03,
113 (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43,
114 (byte) 0x41, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06,
115 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d,
116 (byte) 0x4d, (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61,
117 (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65,
118 (byte) 0x77, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06,
119 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12,
120 (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69,
121 (byte) 0x64, (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74,
122 (byte) 0x20, (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73,
123 (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32,
124 (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x34, (byte) 0x31, (byte) 0x36,
125 (byte) 0x35, (byte) 0x35, (byte) 0x34, (byte) 0x34, (byte) 0x5a, (byte) 0x17,
126 (byte) 0x0d, (byte) 0x32, (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31,
127 (byte) 0x32, (byte) 0x31, (byte) 0x36, (byte) 0x35, (byte) 0x35, (byte) 0x34,
128 (byte) 0x34, (byte) 0x5a, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b,
129 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04,
130 (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31,
131 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55,
132 (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41,
133 (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03,
134 (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d,
135 (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69,
136 (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77,
137 (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03,
138 (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41,
139 (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64,
140 (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20,
141 (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30,
142 (byte) 0x81, (byte) 0x9f, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09,
143 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d,
144 (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03,
145 (byte) 0x81, (byte) 0x8d, (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89,
146 (byte) 0x02, (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0xa3, (byte) 0x72,
147 (byte) 0xab, (byte) 0xd0, (byte) 0xe4, (byte) 0xad, (byte) 0x2f, (byte) 0xe7,
148 (byte) 0xe2, (byte) 0x79, (byte) 0x07, (byte) 0x36, (byte) 0x3d, (byte) 0x0c,
149 (byte) 0x8d, (byte) 0x42, (byte) 0x9a, (byte) 0x0a, (byte) 0x33, (byte) 0x64,
150 (byte) 0xb3, (byte) 0xcd, (byte) 0xb2, (byte) 0xd7, (byte) 0x3a, (byte) 0x42,
151 (byte) 0x06, (byte) 0x77, (byte) 0x45, (byte) 0x29, (byte) 0xe9, (byte) 0xcb,
152 (byte) 0xb7, (byte) 0x4a, (byte) 0xd6, (byte) 0xee, (byte) 0xad, (byte) 0x01,
153 (byte) 0x91, (byte) 0x9b, (byte) 0x0c, (byte) 0x59, (byte) 0xa1, (byte) 0x03,
154 (byte) 0xfa, (byte) 0xf0, (byte) 0x5a, (byte) 0x7c, (byte) 0x4f, (byte) 0xf7,
155 (byte) 0x8d, (byte) 0x36, (byte) 0x0f, (byte) 0x1f, (byte) 0x45, (byte) 0x7d,
156 (byte) 0x1b, (byte) 0x31, (byte) 0xa1, (byte) 0x35, (byte) 0x0b, (byte) 0x00,
157 (byte) 0xed, (byte) 0x7a, (byte) 0xb6, (byte) 0xc8, (byte) 0x4e, (byte) 0xa9,
158 (byte) 0x86, (byte) 0x4c, (byte) 0x7b, (byte) 0x99, (byte) 0x57, (byte) 0x41,
159 (byte) 0x12, (byte) 0xef, (byte) 0x6b, (byte) 0xbc, (byte) 0x3d, (byte) 0x60,
160 (byte) 0xf2, (byte) 0x99, (byte) 0x1a, (byte) 0xcd, (byte) 0xed, (byte) 0x56,
161 (byte) 0xa4, (byte) 0xe5, (byte) 0x36, (byte) 0x9f, (byte) 0x24, (byte) 0x1f,
162 (byte) 0xdc, (byte) 0x89, (byte) 0x40, (byte) 0xc8, (byte) 0x99, (byte) 0x92,
163 (byte) 0xab, (byte) 0x4a, (byte) 0xb5, (byte) 0x61, (byte) 0x45, (byte) 0x62,
164 (byte) 0xff, (byte) 0xa3, (byte) 0x45, (byte) 0x65, (byte) 0xaf, (byte) 0xf6,
165 (byte) 0x27, (byte) 0x30, (byte) 0x51, (byte) 0x0e, (byte) 0x0e, (byte) 0xeb,
166 (byte) 0x79, (byte) 0x0c, (byte) 0xbe, (byte) 0xb3, (byte) 0x0a, (byte) 0x6f,
167 (byte) 0x29, (byte) 0x06, (byte) 0xdc, (byte) 0x2f, (byte) 0x6b, (byte) 0x51,
168 (byte) 0x02, (byte) 0x03, (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3,
169 (byte) 0x81, (byte) 0xb1, (byte) 0x30, (byte) 0x81, (byte) 0xae, (byte) 0x30,
170 (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e,
171 (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x33, (byte) 0x05,
172 (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, (byte) 0xc7, (byte) 0xf9,
173 (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, (byte) 0x8f, (byte) 0x6d,
174 (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, (byte) 0x5d, (byte) 0x51,
175 (byte) 0x30, (byte) 0x7f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d,
176 (byte) 0x23, (byte) 0x04, (byte) 0x78, (byte) 0x30, (byte) 0x76, (byte) 0x80,
177 (byte) 0x14, (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f,
178 (byte) 0x60, (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73,
179 (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97,
180 (byte) 0x8e, (byte) 0x5d, (byte) 0x51, (byte) 0xa1, (byte) 0x53, (byte) 0xa4,
181 (byte) 0x51, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30,
182 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06,
183 (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b,
184 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04,
185 (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31,
186 (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55,
187 (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f,
188 (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e,
189 (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31,
190 (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55,
191 (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e,
192 (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20,
193 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43,
194 (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x82, (byte) 0x09,
195 (byte) 0x00, (byte) 0xe1, (byte) 0x6a, (byte) 0xa2, (byte) 0xf4, (byte) 0x2e,
196 (byte) 0x55, (byte) 0x48, (byte) 0x0a, (byte) 0x30, (byte) 0x0c, (byte) 0x06,
197 (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x05,
198 (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30,
199 (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48,
200 (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05,
201 (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, (byte) 0x00,
202 (byte) 0x8c, (byte) 0x30, (byte) 0x42, (byte) 0xfa, (byte) 0xeb, (byte) 0x1a,
203 (byte) 0x26, (byte) 0xeb, (byte) 0xda, (byte) 0x56, (byte) 0x32, (byte) 0xf2,
204 (byte) 0x9d, (byte) 0xa5, (byte) 0x24, (byte) 0xd8, (byte) 0x3a, (byte) 0xda,
205 (byte) 0x30, (byte) 0xa6, (byte) 0x8b, (byte) 0x46, (byte) 0xfe, (byte) 0xfe,
206 (byte) 0xdb, (byte) 0xf1, (byte) 0xe6, (byte) 0xe1, (byte) 0x7c, (byte) 0x1b,
207 (byte) 0xe7, (byte) 0x77, (byte) 0x00, (byte) 0xa1, (byte) 0x1c, (byte) 0x19,
208 (byte) 0x17, (byte) 0x73, (byte) 0xb0, (byte) 0xf0, (byte) 0x9d, (byte) 0xf3,
209 (byte) 0x4f, (byte) 0xb6, (byte) 0xbc, (byte) 0xc7, (byte) 0x47, (byte) 0x85,
210 (byte) 0x2a, (byte) 0x4a, (byte) 0xa1, (byte) 0xa5, (byte) 0x58, (byte) 0xf5,
211 (byte) 0xc5, (byte) 0x1a, (byte) 0x51, (byte) 0xb1, (byte) 0x04, (byte) 0x80,
212 (byte) 0xee, (byte) 0x3a, (byte) 0xec, (byte) 0x2f, (byte) 0xe1, (byte) 0xfd,
213 (byte) 0x58, (byte) 0xeb, (byte) 0xed, (byte) 0x82, (byte) 0x9e, (byte) 0x38,
214 (byte) 0xa3, (byte) 0x24, (byte) 0x75, (byte) 0xf7, (byte) 0x3e, (byte) 0xc2,
215 (byte) 0xc5, (byte) 0x27, (byte) 0xeb, (byte) 0x6f, (byte) 0x7b, (byte) 0x50,
216 (byte) 0xda, (byte) 0x43, (byte) 0xdc, (byte) 0x3b, (byte) 0x0b, (byte) 0x6f,
217 (byte) 0x78, (byte) 0x8f, (byte) 0xb0, (byte) 0x66, (byte) 0xe1, (byte) 0x12,
218 (byte) 0x87, (byte) 0x5f, (byte) 0x97, (byte) 0x7b, (byte) 0xca, (byte) 0x14,
219 (byte) 0x79, (byte) 0xf7, (byte) 0xe8, (byte) 0x6c, (byte) 0x72, (byte) 0xdb,
220 (byte) 0x91, (byte) 0x65, (byte) 0x17, (byte) 0x54, (byte) 0xe0, (byte) 0x74,
221 (byte) 0x1d, (byte) 0xac, (byte) 0x47, (byte) 0x04, (byte) 0x12, (byte) 0xe0,
222 (byte) 0xc3, (byte) 0x66, (byte) 0x19, (byte) 0x05, (byte) 0x2e, (byte) 0x7e,
223 (byte) 0xf1, (byte) 0x61
224 };
225
226 /**
227 * Generated from above and converted with:
228 *
229 * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g'
230 */
231 private static final byte[] FAKE_KEY_1 = new byte[] {
232 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x02, (byte) 0x01,
233 (byte) 0x00, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a,
234 (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01,
235 (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x82,
236 (byte) 0x02, (byte) 0x62, (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x5e,
237 (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x02, (byte) 0x81, (byte) 0x81,
238 (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, (byte) 0x5b,
239 (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, (byte) 0x66,
240 (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, (byte) 0x8a,
241 (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, (byte) 0x02,
242 (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, (byte) 0xf3,
243 (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, (byte) 0x6d,
244 (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, (byte) 0x67,
245 (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, (byte) 0xcb,
246 (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, (byte) 0xe2,
247 (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, (byte) 0x79,
248 (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, (byte) 0xce,
249 (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, (byte) 0x08,
250 (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, (byte) 0x3b,
251 (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, (byte) 0xc4,
252 (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, (byte) 0x0d,
253 (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, (byte) 0x23,
254 (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, (byte) 0x08,
255 (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, (byte) 0xf1,
256 (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, (byte) 0xb4,
257 (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, (byte) 0x16,
258 (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, (byte) 0x9e,
259 (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, (byte) 0x01,
260 (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x81, (byte) 0x80, (byte) 0x16,
261 (byte) 0x59, (byte) 0xc3, (byte) 0x24, (byte) 0x1d, (byte) 0x33, (byte) 0x98,
262 (byte) 0x9c, (byte) 0xc9, (byte) 0xc8, (byte) 0x2c, (byte) 0x88, (byte) 0xbf,
263 (byte) 0x0a, (byte) 0x01, (byte) 0xce, (byte) 0xfb, (byte) 0x34, (byte) 0x7a,
264 (byte) 0x58, (byte) 0x7a, (byte) 0xb0, (byte) 0xbf, (byte) 0xa6, (byte) 0xb2,
265 (byte) 0x60, (byte) 0xbe, (byte) 0x70, (byte) 0x21, (byte) 0xf5, (byte) 0xfc,
266 (byte) 0x85, (byte) 0x0d, (byte) 0x33, (byte) 0x58, (byte) 0xa1, (byte) 0xe5,
267 (byte) 0x09, (byte) 0x36, (byte) 0x84, (byte) 0xb2, (byte) 0x04, (byte) 0x0a,
268 (byte) 0x02, (byte) 0xd3, (byte) 0x88, (byte) 0x1f, (byte) 0x0c, (byte) 0x2b,
269 (byte) 0x1d, (byte) 0xe9, (byte) 0x3d, (byte) 0xe7, (byte) 0x79, (byte) 0xf9,
270 (byte) 0x32, (byte) 0x5c, (byte) 0x8a, (byte) 0x75, (byte) 0x49, (byte) 0x12,
271 (byte) 0xe4, (byte) 0x05, (byte) 0x26, (byte) 0xd4, (byte) 0x2e, (byte) 0x9e,
272 (byte) 0x1f, (byte) 0xcc, (byte) 0x54, (byte) 0xad, (byte) 0x33, (byte) 0x8d,
273 (byte) 0x99, (byte) 0x00, (byte) 0xdc, (byte) 0xf5, (byte) 0xb4, (byte) 0xa2,
274 (byte) 0x2f, (byte) 0xba, (byte) 0xe5, (byte) 0x62, (byte) 0x30, (byte) 0x6d,
275 (byte) 0xe6, (byte) 0x3d, (byte) 0xeb, (byte) 0x24, (byte) 0xc2, (byte) 0xdc,
276 (byte) 0x5f, (byte) 0xb7, (byte) 0x16, (byte) 0x35, (byte) 0xa3, (byte) 0x98,
277 (byte) 0x98, (byte) 0xa8, (byte) 0xef, (byte) 0xe8, (byte) 0xc4, (byte) 0x96,
278 (byte) 0x6d, (byte) 0x38, (byte) 0xab, (byte) 0x26, (byte) 0x6d, (byte) 0x30,
279 (byte) 0xc2, (byte) 0xa0, (byte) 0x44, (byte) 0xe4, (byte) 0xff, (byte) 0x7e,
280 (byte) 0xbe, (byte) 0x7c, (byte) 0x33, (byte) 0xa5, (byte) 0x10, (byte) 0xad,
281 (byte) 0xd7, (byte) 0x1e, (byte) 0x13, (byte) 0x20, (byte) 0xb3, (byte) 0x1f,
282 (byte) 0x41, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xf1, (byte) 0x89,
283 (byte) 0x07, (byte) 0x0f, (byte) 0xe8, (byte) 0xcf, (byte) 0xab, (byte) 0x13,
284 (byte) 0x2a, (byte) 0x8f, (byte) 0x88, (byte) 0x80, (byte) 0x11, (byte) 0x9a,
285 (byte) 0x79, (byte) 0xb6, (byte) 0x59, (byte) 0x3a, (byte) 0x50, (byte) 0x6e,
286 (byte) 0x57, (byte) 0x37, (byte) 0xab, (byte) 0x2a, (byte) 0xd2, (byte) 0xaa,
287 (byte) 0xd9, (byte) 0x72, (byte) 0x73, (byte) 0xff, (byte) 0x8b, (byte) 0x47,
288 (byte) 0x76, (byte) 0xdd, (byte) 0xdc, (byte) 0xf5, (byte) 0x97, (byte) 0x44,
289 (byte) 0x3a, (byte) 0x78, (byte) 0xbe, (byte) 0x17, (byte) 0xb4, (byte) 0x22,
290 (byte) 0x6f, (byte) 0xe5, (byte) 0x23, (byte) 0x70, (byte) 0x1d, (byte) 0x10,
291 (byte) 0x5d, (byte) 0xba, (byte) 0x16, (byte) 0x81, (byte) 0xf1, (byte) 0x45,
292 (byte) 0xce, (byte) 0x30, (byte) 0xb4, (byte) 0xab, (byte) 0x80, (byte) 0xe4,
293 (byte) 0x98, (byte) 0x31, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xda,
294 (byte) 0x82, (byte) 0x9d, (byte) 0x3f, (byte) 0xca, (byte) 0x2f, (byte) 0xe1,
295 (byte) 0xd4, (byte) 0x86, (byte) 0x77, (byte) 0x48, (byte) 0xa6, (byte) 0xab,
296 (byte) 0xab, (byte) 0x1c, (byte) 0x42, (byte) 0x5c, (byte) 0xd5, (byte) 0xc7,
297 (byte) 0x46, (byte) 0x59, (byte) 0x91, (byte) 0x3f, (byte) 0xfc, (byte) 0xcc,
298 (byte) 0xec, (byte) 0xc2, (byte) 0x40, (byte) 0x12, (byte) 0x2c, (byte) 0x8d,
299 (byte) 0x1f, (byte) 0xa2, (byte) 0x18, (byte) 0x88, (byte) 0xee, (byte) 0x82,
300 (byte) 0x4a, (byte) 0x5a, (byte) 0x5e, (byte) 0x88, (byte) 0x20, (byte) 0xe3,
301 (byte) 0x7b, (byte) 0xe0, (byte) 0xd8, (byte) 0x3a, (byte) 0x52, (byte) 0x9a,
302 (byte) 0x26, (byte) 0x6a, (byte) 0x04, (byte) 0xec, (byte) 0xe8, (byte) 0xb9,
303 (byte) 0x48, (byte) 0x40, (byte) 0xe1, (byte) 0xe1, (byte) 0x83, (byte) 0xa6,
304 (byte) 0x67, (byte) 0xa6, (byte) 0xfd, (byte) 0x02, (byte) 0x41, (byte) 0x00,
305 (byte) 0x89, (byte) 0x72, (byte) 0x3e, (byte) 0xb0, (byte) 0x90, (byte) 0xfd,
306 (byte) 0x4c, (byte) 0x0e, (byte) 0xd6, (byte) 0x13, (byte) 0x63, (byte) 0xcb,
307 (byte) 0xed, (byte) 0x38, (byte) 0x88, (byte) 0xb6, (byte) 0x79, (byte) 0xc4,
308 (byte) 0x33, (byte) 0x6c, (byte) 0xf6, (byte) 0xf8, (byte) 0xd8, (byte) 0xd0,
309 (byte) 0xbf, (byte) 0x9d, (byte) 0x35, (byte) 0xac, (byte) 0x69, (byte) 0xd2,
310 (byte) 0x2b, (byte) 0xc1, (byte) 0xf9, (byte) 0x24, (byte) 0x7b, (byte) 0xce,
311 (byte) 0xcd, (byte) 0xcb, (byte) 0xa7, (byte) 0xb2, (byte) 0x7a, (byte) 0x0a,
312 (byte) 0x27, (byte) 0x19, (byte) 0xc9, (byte) 0xaf, (byte) 0x0d, (byte) 0x21,
313 (byte) 0x89, (byte) 0x88, (byte) 0x7c, (byte) 0xad, (byte) 0x9e, (byte) 0x8d,
314 (byte) 0x47, (byte) 0x6d, (byte) 0x3f, (byte) 0xce, (byte) 0x7b, (byte) 0xa1,
315 (byte) 0x74, (byte) 0xf1, (byte) 0xa0, (byte) 0xa1, (byte) 0x02, (byte) 0x41,
316 (byte) 0x00, (byte) 0xd9, (byte) 0xa8, (byte) 0xf5, (byte) 0xfe, (byte) 0xce,
317 (byte) 0xe6, (byte) 0x77, (byte) 0x6b, (byte) 0xfe, (byte) 0x2d, (byte) 0xe0,
318 (byte) 0x1e, (byte) 0xb6, (byte) 0x2e, (byte) 0x12, (byte) 0x4e, (byte) 0x40,
319 (byte) 0xaf, (byte) 0x6a, (byte) 0x7b, (byte) 0x37, (byte) 0x49, (byte) 0x2a,
320 (byte) 0x96, (byte) 0x25, (byte) 0x83, (byte) 0x49, (byte) 0xd4, (byte) 0x0c,
321 (byte) 0xc6, (byte) 0x78, (byte) 0x25, (byte) 0x24, (byte) 0x90, (byte) 0x90,
322 (byte) 0x06, (byte) 0x15, (byte) 0x9e, (byte) 0xfe, (byte) 0xf9, (byte) 0xdf,
323 (byte) 0x5b, (byte) 0xf3, (byte) 0x7e, (byte) 0x38, (byte) 0x70, (byte) 0xeb,
324 (byte) 0x57, (byte) 0xd0, (byte) 0xd9, (byte) 0xa7, (byte) 0x0e, (byte) 0x14,
325 (byte) 0xf7, (byte) 0x95, (byte) 0x68, (byte) 0xd5, (byte) 0xc8, (byte) 0xab,
326 (byte) 0x9d, (byte) 0x3a, (byte) 0x2b, (byte) 0x51, (byte) 0xf9, (byte) 0x02,
327 (byte) 0x41, (byte) 0x00, (byte) 0x96, (byte) 0xdf, (byte) 0xe9, (byte) 0x67,
328 (byte) 0x6c, (byte) 0xdc, (byte) 0x90, (byte) 0x14, (byte) 0xb4, (byte) 0x1d,
329 (byte) 0x22, (byte) 0x33, (byte) 0x4a, (byte) 0x31, (byte) 0xc1, (byte) 0x9d,
330 (byte) 0x2e, (byte) 0xff, (byte) 0x9a, (byte) 0x2a, (byte) 0x95, (byte) 0x4b,
331 (byte) 0x27, (byte) 0x74, (byte) 0xcb, (byte) 0x21, (byte) 0xc3, (byte) 0xd2,
332 (byte) 0x0b, (byte) 0xb2, (byte) 0x46, (byte) 0x87, (byte) 0xf8, (byte) 0x28,
333 (byte) 0x01, (byte) 0x8b, (byte) 0xd8, (byte) 0xb9, (byte) 0x4b, (byte) 0xcd,
334 (byte) 0x9a, (byte) 0x96, (byte) 0x41, (byte) 0x0e, (byte) 0x36, (byte) 0x6d,
335 (byte) 0x40, (byte) 0x42, (byte) 0xbc, (byte) 0xd9, (byte) 0xd3, (byte) 0x7b,
336 (byte) 0xbc, (byte) 0xa7, (byte) 0x92, (byte) 0x90, (byte) 0xdd, (byte) 0xa1,
337 (byte) 0x9c, (byte) 0xce, (byte) 0xa1, (byte) 0x87, (byte) 0x11, (byte) 0x51
338 };
339
340 /**
341 * Generated from above and converted with:
342 *
343 * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g'
344 */
345 private static final byte[] FAKE_USER_1 = new byte[] {
346 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x95, (byte) 0x30, (byte) 0x82,
347 (byte) 0x01, (byte) 0xfe, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01,
348 (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d,
349 (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86,
350 (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05,
351 (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30,
352 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06,
353 (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b,
354 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04,
355 (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31,
356 (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55,
357 (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f,
358 (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e,
359 (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31,
360 (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55,
361 (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e,
362 (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20,
363 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43,
364 (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, (byte) 0x1e,
365 (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, (byte) 0x30, (byte) 0x38,
366 (byte) 0x31, (byte) 0x34, (byte) 0x32, (byte) 0x33, (byte) 0x32, (byte) 0x35,
367 (byte) 0x34, (byte) 0x38, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32,
368 (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x32, (byte) 0x32,
369 (byte) 0x33, (byte) 0x32, (byte) 0x35, (byte) 0x34, (byte) 0x38, (byte) 0x5a,
370 (byte) 0x30, (byte) 0x55, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09,
371 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13,
372 (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, (byte) 0x30,
373 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08,
374 (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, (byte) 0x1b,
375 (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04,
376 (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, (byte) 0x64,
377 (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x54,
378 (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, (byte) 0x61,
379 (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x31, (byte) 0x1c, (byte) 0x30,
380 (byte) 0x1a, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03,
381 (byte) 0x13, (byte) 0x13, (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76,
382 (byte) 0x65, (byte) 0x72, (byte) 0x31, (byte) 0x2e, (byte) 0x65, (byte) 0x78,
383 (byte) 0x61, (byte) 0x6d, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x2e,
384 (byte) 0x63, (byte) 0x6f, (byte) 0x6d, (byte) 0x30, (byte) 0x81, (byte) 0x9f,
385 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86,
386 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01,
387 (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d,
388 (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81,
389 (byte) 0x81, (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6,
390 (byte) 0x5b, (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c,
391 (byte) 0x66, (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86,
392 (byte) 0x8a, (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3,
393 (byte) 0x02, (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08,
394 (byte) 0xf3, (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04,
395 (byte) 0x6d, (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f,
396 (byte) 0x67, (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c,
397 (byte) 0xcb, (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30,
398 (byte) 0xe2, (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5,
399 (byte) 0x79, (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b,
400 (byte) 0xce, (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb,
401 (byte) 0x08, (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff,
402 (byte) 0x3b, (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9,
403 (byte) 0xc4, (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29,
404 (byte) 0x0d, (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b,
405 (byte) 0x23, (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78,
406 (byte) 0x08, (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5,
407 (byte) 0xf1, (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19,
408 (byte) 0xb4, (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03,
409 (byte) 0x16, (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce,
410 (byte) 0x9e, (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03,
411 (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x7b, (byte) 0x30,
412 (byte) 0x79, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55,
413 (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00,
414 (byte) 0x30, (byte) 0x2c, (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86,
415 (byte) 0x48, (byte) 0x01, (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01,
416 (byte) 0x0d, (byte) 0x04, (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f,
417 (byte) 0x70, (byte) 0x65, (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c,
418 (byte) 0x20, (byte) 0x47, (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72,
419 (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43,
420 (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69,
421 (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d,
422 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04,
423 (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x32, (byte) 0xa1, (byte) 0x1e,
424 (byte) 0x6b, (byte) 0x69, (byte) 0x04, (byte) 0xfe, (byte) 0xb3, (byte) 0xcd,
425 (byte) 0xf8, (byte) 0xbb, (byte) 0x14, (byte) 0xcd, (byte) 0xff, (byte) 0xd4,
426 (byte) 0x16, (byte) 0xc3, (byte) 0xab, (byte) 0x44, (byte) 0x2f, (byte) 0x30,
427 (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23,
428 (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14,
429 (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60,
430 (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c,
431 (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e,
432 (byte) 0x5d, (byte) 0x51, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09,
433 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d,
434 (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03,
435 (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0x46, (byte) 0x42, (byte) 0xef,
436 (byte) 0x56, (byte) 0x89, (byte) 0x78, (byte) 0x90, (byte) 0x38, (byte) 0x24,
437 (byte) 0x9f, (byte) 0x8c, (byte) 0x7a, (byte) 0xce, (byte) 0x7a, (byte) 0xa5,
438 (byte) 0xb5, (byte) 0x1e, (byte) 0x74, (byte) 0x96, (byte) 0x34, (byte) 0x49,
439 (byte) 0x8b, (byte) 0xed, (byte) 0x44, (byte) 0xb3, (byte) 0xc9, (byte) 0x05,
440 (byte) 0xd7, (byte) 0x48, (byte) 0x55, (byte) 0x52, (byte) 0x59, (byte) 0x15,
441 (byte) 0x0b, (byte) 0xaa, (byte) 0x16, (byte) 0x86, (byte) 0xd2, (byte) 0x8e,
442 (byte) 0x16, (byte) 0x99, (byte) 0xe8, (byte) 0x5f, (byte) 0x11, (byte) 0x71,
443 (byte) 0x42, (byte) 0x55, (byte) 0xd1, (byte) 0xc4, (byte) 0x6f, (byte) 0x2e,
444 (byte) 0xa9, (byte) 0x64, (byte) 0x6f, (byte) 0xd8, (byte) 0xfd, (byte) 0x43,
445 (byte) 0x13, (byte) 0x24, (byte) 0xaa, (byte) 0x67, (byte) 0xe6, (byte) 0xf5,
446 (byte) 0xca, (byte) 0x80, (byte) 0x5e, (byte) 0x3a, (byte) 0x3e, (byte) 0xcc,
447 (byte) 0x4f, (byte) 0xba, (byte) 0x87, (byte) 0xe6, (byte) 0xae, (byte) 0xbf,
448 (byte) 0x8f, (byte) 0xd5, (byte) 0x28, (byte) 0x38, (byte) 0x58, (byte) 0x30,
449 (byte) 0x24, (byte) 0xf6, (byte) 0x53, (byte) 0x5b, (byte) 0x41, (byte) 0x53,
450 (byte) 0xe6, (byte) 0x45, (byte) 0xbc, (byte) 0xbe, (byte) 0xe6, (byte) 0xbb,
451 (byte) 0x5d, (byte) 0xd8, (byte) 0xa7, (byte) 0xf9, (byte) 0x64, (byte) 0x99,
452 (byte) 0x04, (byte) 0x43, (byte) 0x75, (byte) 0xd7, (byte) 0x2d, (byte) 0x32,
453 (byte) 0x0a, (byte) 0x94, (byte) 0xaf, (byte) 0x06, (byte) 0x34, (byte) 0xae,
454 (byte) 0x46, (byte) 0xbd, (byte) 0xda, (byte) 0x00, (byte) 0x0e, (byte) 0x25,
455 (byte) 0xc2, (byte) 0xf7, (byte) 0xc9, (byte) 0xc3, (byte) 0x65, (byte) 0xd2,
456 (byte) 0x08, (byte) 0x41, (byte) 0x0a, (byte) 0xf3, (byte) 0x72
457 };
458
459 /**
460 * The amount of time to allow before and after expected time for variance
461 * in timing tests.
462 */
463 private static final long SLOP_TIME_MILLIS = 15000L;
464
465 @Override
466 protected void setUp() throws Exception {
467 mAndroidKeyStore = android.security.KeyStore.getInstance();
468
469 assertTrue(mAndroidKeyStore.reset());
Kenny Rootb9594ce2013-02-14 10:18:38 -0800[diff] [blame]470 assertFalse(mAndroidKeyStore.isUnlocked());
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]471
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]472 mKeyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
473 }
474
475 private void setupPassword() {
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]476 assertTrue(mAndroidKeyStore.password("1111"));
Kenny Rootb9594ce2013-02-14 10:18:38 -0800[diff] [blame]477 assertTrue(mAndroidKeyStore.isUnlocked());
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]478
479 assertEquals(0, mAndroidKeyStore.saw("").length);
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]480 }
481
482 private void assertAliases(final String[] expectedAliases) throws KeyStoreException {
483 final Enumeration<String> aliases = mKeyStore.aliases();
484 int count = 0;
485
486 final Set<String> expectedSet = new HashSet<String>();
487 expectedSet.addAll(Arrays.asList(expectedAliases));
488
489 while (aliases.hasMoreElements()) {
490 count++;
491 final String alias = aliases.nextElement();
492 assertTrue("The alias should be in the expected set", expectedSet.contains(alias));
493 expectedSet.remove(alias);
494 }
495 assertTrue("The expected set and actual set should be exactly equal", expectedSet.isEmpty());
496 assertEquals("There should be the correct number of keystore entries",
497 expectedAliases.length, count);
498 }
499
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]500 public void testKeyStore_Aliases_Encrypted_Success() throws Exception {
501 setupPassword();
502
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]503 mKeyStore.load(null, null);
504
505 assertAliases(new String[] {});
506
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]507 assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
508 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]509
510 assertAliases(new String[] { TEST_ALIAS_1 });
511
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]512 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1,
513 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]514
515 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 });
516 }
517
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]518 public void testKeyStore_Aliases_NotInitialized_Encrypted_Failure() throws Exception {
519 setupPassword();
520
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]521 try {
522 mKeyStore.aliases();
523 fail("KeyStore should throw exception when not initialized");
524 } catch (KeyStoreException success) {
525 }
526 }
527
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]528 public void testKeyStore_ContainsAliases_PrivateAndCA_Encrypted_Success() throws Exception {
529 setupPassword();
530
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]531 mKeyStore.load(null, null);
532
533 assertAliases(new String[] {});
534
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]535 assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
536 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]537
538 assertTrue("Should contain generated private key", mKeyStore.containsAlias(TEST_ALIAS_1));
539
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]540 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1,
541 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]542
543 assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2));
544
545 assertFalse("Should not contain unadded certificate alias",
546 mKeyStore.containsAlias(TEST_ALIAS_3));
547 }
548
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]549 public void testKeyStore_ContainsAliases_CAOnly_Encrypted_Success() throws Exception {
550 setupPassword();
551
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]552 mKeyStore.load(null, null);
553
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]554 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1,
555 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]556
557 assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2));
558 }
559
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]560 public void testKeyStore_ContainsAliases_NonExistent_Encrypted_Failure() throws Exception {
561 setupPassword();
562
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]563 mKeyStore.load(null, null);
564
565 assertFalse("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_1));
566 }
567
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]568 public void testKeyStore_DeleteEntry_Encrypted_Success() throws Exception {
569 setupPassword();
570
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]571 mKeyStore.load(null, null);
572
573 // TEST_ALIAS_1
574 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]575 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
576 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
577 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
578 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
579 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]580
581 // TEST_ALIAS_2
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]582 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1,
583 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]584
585 // TEST_ALIAS_3
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]586 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_3, FAKE_CA_1,
587 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]588
589 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 });
590
591 mKeyStore.deleteEntry(TEST_ALIAS_1);
592
593 assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 });
594
595 mKeyStore.deleteEntry(TEST_ALIAS_3);
596
597 assertAliases(new String[] { TEST_ALIAS_2 });
598
599 mKeyStore.deleteEntry(TEST_ALIAS_2);
600
601 assertAliases(new String[] { });
602 }
603
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]604 public void testKeyStore_DeleteEntry_EmptyStore_Encrypted_Success() throws Exception {
605 setupPassword();
606
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]607 mKeyStore.load(null, null);
608
Kenny Root8b58c522013-02-04 14:47:23 -0800[diff] [blame]609 // Should not throw when a non-existent entry is requested for delete.
610 mKeyStore.deleteEntry(TEST_ALIAS_1);
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]611 }
612
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]613 public void testKeyStore_DeleteEntry_NonExistent_Encrypted_Success() throws Exception {
614 setupPassword();
615
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]616 mKeyStore.load(null, null);
617
618 // TEST_ALIAS_1
619 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]620 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
621 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
622 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
623 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
624 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]625
Kenny Root8b58c522013-02-04 14:47:23 -0800[diff] [blame]626 // Should not throw when a non-existent entry is requested for delete.
627 mKeyStore.deleteEntry(TEST_ALIAS_2);
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]628 }
629
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]630 public void testKeyStore_GetCertificate_Single_Encrypted_Success() throws Exception {
631 setupPassword();
632
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]633 mKeyStore.load(null, null);
634
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]635 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
636 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]637
638 assertAliases(new String[] { TEST_ALIAS_1 });
639
640 assertNull("Certificate should not exist in keystore",
641 mKeyStore.getCertificate(TEST_ALIAS_2));
642
643 Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1);
644
645 assertNotNull("Retrieved certificate should not be null", retrieved);
646
647 CertificateFactory f = CertificateFactory.getInstance("X.509");
648 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
649
650 assertEquals("Actual and retrieved certificates should be the same", actual, retrieved);
651 }
652
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]653 public void testKeyStore_GetCertificate_NonExist_Encrypted_Failure() throws Exception {
654 setupPassword();
655
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]656 mKeyStore.load(null, null);
657
658 assertNull("Certificate should not exist in keystore",
659 mKeyStore.getCertificate(TEST_ALIAS_1));
660 }
661
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]662 public void testKeyStore_GetCertificateAlias_CAEntry_Encrypted_Success() throws Exception {
663 setupPassword();
664
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]665 mKeyStore.load(null, null);
666
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]667 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
668 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]669
670 CertificateFactory f = CertificateFactory.getInstance("X.509");
671 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
672
673 assertEquals("Stored certificate alias should be found", TEST_ALIAS_1,
674 mKeyStore.getCertificateAlias(actual));
675 }
676
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]677 public void testKeyStore_GetCertificateAlias_PrivateKeyEntry_Encrypted_Success()
678 throws Exception {
679 setupPassword();
680
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]681 mKeyStore.load(null, null);
682
683 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]684 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
685 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
686 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
687 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
688 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]689
690 CertificateFactory f = CertificateFactory.getInstance("X.509");
691 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
692
693 assertEquals("Stored certificate alias should be found", TEST_ALIAS_1,
694 mKeyStore.getCertificateAlias(actual));
695 }
696
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]697 public void testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Encrypted_Success()
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]698 throws Exception {
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]699 setupPassword();
700
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]701 mKeyStore.load(null, null);
702
703 // Insert TrustedCertificateEntry with CA name
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]704 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1,
705 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]706
707 // Insert PrivateKeyEntry that uses the same CA
708 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]709 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
710 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
711 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
712 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
713 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]714
715 CertificateFactory f = CertificateFactory.getInstance("X.509");
716 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
717
718 assertEquals("Stored certificate alias should be found", TEST_ALIAS_2,
719 mKeyStore.getCertificateAlias(actual));
720 }
721
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]722 public void testKeyStore_GetCertificateAlias_NonExist_Empty_Encrypted_Failure()
723 throws Exception {
724 setupPassword();
725
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]726 mKeyStore.load(null, null);
727
728 CertificateFactory f = CertificateFactory.getInstance("X.509");
729 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
730
731 assertNull("Stored certificate alias should not be found",
732 mKeyStore.getCertificateAlias(actual));
733 }
734
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]735 public void testKeyStore_GetCertificateAlias_NonExist_Encrypted_Failure() throws Exception {
736 setupPassword();
737
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]738 mKeyStore.load(null, null);
739
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]740 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
741 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]742
743 CertificateFactory f = CertificateFactory.getInstance("X.509");
744 Certificate userCert = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
745
746 assertNull("Stored certificate alias should be found",
747 mKeyStore.getCertificateAlias(userCert));
748 }
749
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]750 public void testKeyStore_GetCertificateChain_SingleLength_Encrypted_Success() throws Exception {
751 setupPassword();
752
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]753 mKeyStore.load(null, null);
754
755 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]756 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
757 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
758 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
759 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
760 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]761
762 CertificateFactory cf = CertificateFactory.getInstance("X.509");
763 Certificate[] expected = new Certificate[2];
764 expected[0] = cf.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
765 expected[1] = cf.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
766
767 Certificate[] actual = mKeyStore.getCertificateChain(TEST_ALIAS_1);
768
769 assertNotNull("Returned certificate chain should not be null", actual);
770 assertEquals("Returned certificate chain should be correct size", expected.length,
771 actual.length);
772 assertEquals("First certificate should be user certificate", expected[0], actual[0]);
773 assertEquals("Second certificate should be CA certificate", expected[1], actual[1]);
774
775 // Negative test when keystore is populated.
776 assertNull("Stored certificate alias should not be found",
777 mKeyStore.getCertificateChain(TEST_ALIAS_2));
778 }
779
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]780 public void testKeyStore_GetCertificateChain_NonExist_Encrypted_Failure() throws Exception {
781 setupPassword();
782
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]783 mKeyStore.load(null, null);
784
785 assertNull("Stored certificate alias should not be found",
786 mKeyStore.getCertificateChain(TEST_ALIAS_1));
787 }
788
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]789 public void testKeyStore_GetCreationDate_PrivateKeyEntry_Encrypted_Success() throws Exception {
790 setupPassword();
791
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]792 mKeyStore.load(null, null);
793
794 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]795 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
796 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
797 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
798 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
799 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]800
801 Date now = new Date();
802 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1);
803
804 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS);
805 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS);
806
807 assertTrue("Time should be close to current time", actual.before(expectedBefore));
808 assertTrue("Time should be close to current time", actual.after(expectedAfter));
809 }
810
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]811 public void testKeyStore_GetCreationDate_PrivateKeyEntry_Unencrypted_Success() throws Exception {
812 mKeyStore.load(null, null);
813
814 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
815 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE));
816 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
817 KeyStore.UID_SELF, KeyStore.FLAG_NONE));
818 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
819 KeyStore.UID_SELF, KeyStore.FLAG_NONE));
820
821 Date now = new Date();
822 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1);
823
824 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS);
825 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS);
826
827 assertTrue("Time should be close to current time", actual.before(expectedBefore));
828 assertTrue("Time should be close to current time", actual.after(expectedAfter));
829 }
830
831 public void testKeyStore_GetCreationDate_CAEntry_Encrypted_Success() throws Exception {
832 setupPassword();
833
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]834 mKeyStore.load(null, null);
835
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]836 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
837 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]838
839 Date now = new Date();
840 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1);
841 assertNotNull("Certificate should be found", actual);
842
843 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS);
844 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS);
845
846 assertTrue("Time should be close to current time", actual.before(expectedBefore));
847 assertTrue("Time should be close to current time", actual.after(expectedAfter));
848 }
849
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]850 public void testKeyStore_GetEntry_NullParams_Encrypted_Success() throws Exception {
851 setupPassword();
852
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]853 mKeyStore.load(null, null);
854
855 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]856 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
857 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
858 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
859 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
860 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]861
862 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null);
863 assertNotNull("Entry should exist", entry);
864
865 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry);
866
867 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
868
869 assertPrivateKeyEntryEquals(keyEntry, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
870 }
871
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]872 public void testKeyStore_GetEntry_NullParams_Unencrypted_Success() throws Exception {
873 mKeyStore.load(null, null);
874
875 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
876 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE));
877 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
878 KeyStore.UID_SELF, KeyStore.FLAG_NONE));
879 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
880 KeyStore.UID_SELF, KeyStore.FLAG_NONE));
881
882 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null);
883 assertNotNull("Entry should exist", entry);
884
885 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry);
886
887 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
888
889 assertPrivateKeyEntryEquals(keyEntry, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
890 }
891
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]892 @SuppressWarnings("unchecked")
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]893 private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, byte[] key, byte[] cert,
894 byte[] ca) throws Exception {
895 KeyFactory keyFact = KeyFactory.getInstance("RSA");
896 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(key));
897
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]898 CertificateFactory certFact = CertificateFactory.getInstance("X.509");
899 Certificate expectedCert = certFact.generateCertificate(new ByteArrayInputStream(cert));
900
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]901 final Collection<Certificate> expectedChain;
902 if (ca != null) {
903 expectedChain = (Collection<Certificate>) certFact
904 .generateCertificates(new ByteArrayInputStream(ca));
905 } else {
906 expectedChain = null;
907 }
908
909 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, expectedChain);
910 }
911
912 private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey,
913 Certificate expectedCert, Collection<Certificate> expectedChain) throws Exception {
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]914 assertEquals("Returned PrivateKey should be what we inserted",
915 ((RSAPrivateKey) expectedKey).getModulus(),
916 ((RSAPrivateKey) keyEntry.getPrivateKey()).getModulus());
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]917
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]918 assertEquals("Returned Certificate should be what we inserted", expectedCert,
919 keyEntry.getCertificate());
920
921 Certificate[] actualChain = keyEntry.getCertificateChain();
922
923 assertEquals("First certificate in chain should be user cert", expectedCert, actualChain[0]);
924
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]925 if (expectedChain == null) {
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]926 assertEquals("Certificate chain should not include CAs", 1, actualChain.length);
927 } else {
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]928 int i = 1;
929 final Iterator<Certificate> it = expectedChain.iterator();
930 while (it.hasNext()) {
931 assertEquals("CA chain certificate should equal what we put in", it.next(),
932 actualChain[i++]);
933 }
934 }
935 }
936
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]937 public void testKeyStore_GetEntry_Nonexistent_NullParams_Encrypted_Failure() throws Exception {
938 setupPassword();
939
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]940 mKeyStore.load(null, null);
941
942 assertNull("A non-existent entry should return null",
943 mKeyStore.getEntry(TEST_ALIAS_1, null));
944 }
945
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]946 public void testKeyStore_GetEntry_Nonexistent_NullParams_Unencrypted_Failure() throws Exception {
947 mKeyStore.load(null, null);
948
949 assertNull("A non-existent entry should return null",
950 mKeyStore.getEntry(TEST_ALIAS_1, null));
951 }
952
953 public void testKeyStore_GetKey_NoPassword_Encrypted_Success() throws Exception {
954 setupPassword();
955
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]956 mKeyStore.load(null, null);
957
958 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]959 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
960 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
961 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
962 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
963 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]964
965 Key key = mKeyStore.getKey(TEST_ALIAS_1, null);
966 assertNotNull("Key should exist", key);
967
968 assertTrue("Should be a RSAPrivateKey", key instanceof RSAPrivateKey);
969
970 RSAPrivateKey actualKey = (RSAPrivateKey) key;
971
972 KeyFactory keyFact = KeyFactory.getInstance("RSA");
973 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
974
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]975 assertEquals("Inserted key should be same as retrieved key",
976 ((RSAPrivateKey) expectedKey).getModulus(), actualKey.getModulus());
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]977 }
978
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]979 public void testKeyStore_GetKey_NoPassword_Unencrypted_Success() throws Exception {
980 mKeyStore.load(null, null);
981
982 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
983 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE));
984 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
985 KeyStore.UID_SELF, KeyStore.FLAG_NONE));
986 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
987 KeyStore.UID_SELF, KeyStore.FLAG_NONE));
988
989 Key key = mKeyStore.getKey(TEST_ALIAS_1, null);
990 assertNotNull("Key should exist", key);
991
992 assertTrue("Should be a RSAPrivateKey", key instanceof RSAPrivateKey);
993
994 RSAPrivateKey actualKey = (RSAPrivateKey) key;
995
996 KeyFactory keyFact = KeyFactory.getInstance("RSA");
997 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
998
999 assertEquals("Inserted key should be same as retrieved key",
1000 ((RSAPrivateKey) expectedKey).getModulus(), actualKey.getModulus());
1001 }
1002
1003 public void testKeyStore_GetKey_Certificate_Encrypted_Failure() throws Exception {
1004 setupPassword();
1005
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1006 mKeyStore.load(null, null);
1007
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1008 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
1009 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1010
1011 assertNull("Certificate entries should return null", mKeyStore.getKey(TEST_ALIAS_1, null));
1012 }
1013
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1014 public void testKeyStore_GetKey_NonExistent_Encrypted_Failure() throws Exception {
1015 setupPassword();
1016
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1017 mKeyStore.load(null, null);
1018
1019 assertNull("A non-existent entry should return null", mKeyStore.getKey(TEST_ALIAS_1, null));
1020 }
1021
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1022 public void testKeyStore_GetProvider_Encrypted_Success() throws Exception {
1023 assertEquals(AndroidKeyStoreProvider.PROVIDER_NAME, mKeyStore.getProvider().getName());
1024 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1025 assertEquals(AndroidKeyStoreProvider.PROVIDER_NAME, mKeyStore.getProvider().getName());
1026 }
1027
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1028 public void testKeyStore_GetType_Encrypted_Success() throws Exception {
1029 assertEquals(AndroidKeyStore.NAME, mKeyStore.getType());
1030 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1031 assertEquals(AndroidKeyStore.NAME, mKeyStore.getType());
1032 }
1033
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1034 public void testKeyStore_IsCertificateEntry_CA_Encrypted_Success() throws Exception {
1035 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1036 mKeyStore.load(null, null);
1037
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1038 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
1039 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1040
1041 assertTrue("Should return true for CA certificate",
1042 mKeyStore.isCertificateEntry(TEST_ALIAS_1));
1043 }
1044
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1045 public void testKeyStore_IsCertificateEntry_PrivateKey_Encrypted_Failure() throws Exception {
1046 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1047 mKeyStore.load(null, null);
1048
1049 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1050 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
1051 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
1052 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
1053 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
1054 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1055
1056 assertFalse("Should return false for PrivateKeyEntry",
1057 mKeyStore.isCertificateEntry(TEST_ALIAS_1));
1058 }
1059
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1060 public void testKeyStore_IsCertificateEntry_NonExist_Encrypted_Failure() throws Exception {
1061 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1062 mKeyStore.load(null, null);
1063
1064 assertFalse("Should return false for non-existent entry",
1065 mKeyStore.isCertificateEntry(TEST_ALIAS_1));
1066 }
1067
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1068 public void testKeyStore_IsCertificateEntry_NonExist_Unencrypted_Failure() throws Exception {
1069 mKeyStore.load(null, null);
1070
1071 assertFalse("Should return false for non-existent entry",
1072 mKeyStore.isCertificateEntry(TEST_ALIAS_1));
1073 }
1074
1075 public void testKeyStore_IsKeyEntry_PrivateKey_Encrypted_Success() throws Exception {
1076 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1077 mKeyStore.load(null, null);
1078
1079 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1080 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
1081 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
1082 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
1083 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
1084 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1085
1086 assertTrue("Should return true for PrivateKeyEntry", mKeyStore.isKeyEntry(TEST_ALIAS_1));
1087 }
1088
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1089 public void testKeyStore_IsKeyEntry_CA_Encrypted_Failure() throws Exception {
1090 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1091 mKeyStore.load(null, null);
1092
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1093 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
1094 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1095
1096 assertFalse("Should return false for CA certificate", mKeyStore.isKeyEntry(TEST_ALIAS_1));
1097 }
1098
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1099 public void testKeyStore_IsKeyEntry_NonExist_Encrypted_Failure() throws Exception {
1100 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1101 mKeyStore.load(null, null);
1102
1103 assertFalse("Should return false for non-existent entry",
1104 mKeyStore.isKeyEntry(TEST_ALIAS_1));
1105 }
1106
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1107 public void testKeyStore_SetCertificate_CA_Encrypted_Success() throws Exception {
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1108 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1109 final Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1110
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1111 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1112 mKeyStore.load(null, null);
1113
1114 mKeyStore.setCertificateEntry(TEST_ALIAS_1, actual);
1115 assertAliases(new String[] { TEST_ALIAS_1 });
1116
1117 Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1);
1118
1119 assertEquals("Retrieved certificate should be the same as the one inserted", actual,
1120 retrieved);
1121 }
1122
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1123 public void testKeyStore_SetCertificate_CAExists_Overwrite_Encrypted_Success() throws Exception {
1124 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1125 mKeyStore.load(null, null);
1126
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1127 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
1128 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1129
1130 assertAliases(new String[] { TEST_ALIAS_1 });
1131
1132 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1133 final Certificate cert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1134
1135 // TODO have separate FAKE_CA for second test
1136 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert);
1137
1138 assertAliases(new String[] { TEST_ALIAS_1 });
1139 }
1140
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1141 public void testKeyStore_SetCertificate_PrivateKeyExists_Encrypted_Failure() throws Exception {
1142 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1143 mKeyStore.load(null, null);
1144
1145 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1146 FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
1147 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,
1148 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
1149 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
1150 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1151
1152 assertAliases(new String[] { TEST_ALIAS_1 });
1153
1154 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1155 final Certificate cert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1156
1157 try {
1158 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert);
1159 fail("Should throw when trying to overwrite a PrivateKey entry with a Certificate");
1160 } catch (KeyStoreException success) {
1161 }
1162 }
1163
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1164 public void testKeyStore_SetEntry_PrivateKeyEntry_Encrypted_Success() throws Exception {
1165 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1166 mKeyStore.load(null, null);
1167
1168 KeyFactory keyFact = KeyFactory.getInstance("RSA");
1169 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1170
1171 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1172
1173 final Certificate[] expectedChain = new Certificate[2];
1174 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1175 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1176
1177 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain);
1178
1179 mKeyStore.setEntry(TEST_ALIAS_1, expected, null);
1180
1181 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1182 assertNotNull("Retrieved entry should exist", actualEntry);
1183
1184 assertTrue("Retrieved entry should be of type PrivateKeyEntry",
1185 actualEntry instanceof PrivateKeyEntry);
1186
1187 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
1188
1189 assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
1190 }
1191
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1192 public void testKeyStore_SetEntry_PrivateKeyEntry_Unencrypted_Success() throws Exception {
1193 mKeyStore.load(null, null);
1194
1195 KeyFactory keyFact = KeyFactory.getInstance("RSA");
1196 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1197
1198 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1199
1200 final Certificate[] expectedChain = new Certificate[2];
1201 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1202 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1203
1204 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain);
1205
1206 mKeyStore.setEntry(TEST_ALIAS_1, expected, null);
1207
1208 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1209 assertNotNull("Retrieved entry should exist", actualEntry);
1210
1211 assertTrue("Retrieved entry should be of type PrivateKeyEntry",
1212 actualEntry instanceof PrivateKeyEntry);
1213
1214 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
1215
1216 assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
1217 }
1218
1219 public void testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure() throws Exception {
1220 mKeyStore.load(null, null);
1221
1222 KeyFactory keyFact = KeyFactory.getInstance("RSA");
1223 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1224
1225 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1226
1227 final Certificate[] expectedChain = new Certificate[2];
1228 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1229 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1230
1231 PrivateKeyEntry entry = new PrivateKeyEntry(expectedKey, expectedChain);
1232
1233 try {
1234 mKeyStore.setEntry(TEST_ALIAS_1, entry,
Kenny Root1c219f62013-04-18 17:57:03 -0700[diff] [blame]1235 new KeyStoreParameter.Builder(getContext())
1236 .setEncryptionRequired(true)
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1237 .build());
1238 fail("Shouldn't be able to insert encrypted entry when KeyStore uninitialized");
1239 } catch (KeyStoreException expected) {
1240 }
1241
1242 assertNull(mKeyStore.getEntry(TEST_ALIAS_1, null));
1243 }
1244
1245 public void
1246 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Encrypted_Success()
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1247 throws Exception {
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1248 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1249 mKeyStore.load(null, null);
1250
1251 final KeyFactory keyFact = KeyFactory.getInstance("RSA");
1252 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1253
1254 // Start with PrivateKeyEntry
1255 {
1256 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1257
1258 final Certificate[] expectedChain = new Certificate[2];
1259 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1260 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1261
1262 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain);
1263
1264 mKeyStore.setEntry(TEST_ALIAS_1, expected, null);
1265
1266 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1267 assertNotNull("Retrieved entry should exist", actualEntry);
1268
1269 assertTrue("Retrieved entry should be of type PrivateKeyEntry",
1270 actualEntry instanceof PrivateKeyEntry);
1271
1272 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
1273
1274 assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
1275 }
1276
1277 // TODO make entirely new test vector for the overwrite
1278 // Replace with PrivateKeyEntry
1279 {
1280 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1281
1282 final Certificate[] expectedChain = new Certificate[2];
1283 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1284 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1285
1286 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain);
1287
1288 mKeyStore.setEntry(TEST_ALIAS_1, expected, null);
1289
1290 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1291 assertNotNull("Retrieved entry should exist", actualEntry);
1292
1293 assertTrue("Retrieved entry should be of type PrivateKeyEntry",
1294 actualEntry instanceof PrivateKeyEntry);
1295
1296 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
1297
1298 assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
1299 }
1300 }
1301
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1302 public void testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Encrypted_Success()
1303 throws Exception {
1304 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1305 mKeyStore.load(null, null);
1306
1307 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1308
1309 // Start with TrustedCertificateEntry
1310 {
1311 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1312
1313 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert);
1314 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null);
1315
1316 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1317 assertNotNull("Retrieved entry should exist", actualEntry);
1318 assertTrue("Retrieved entry should be of type TrustedCertificateEntry",
1319 actualEntry instanceof TrustedCertificateEntry);
1320 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry;
1321 assertEquals("Stored and retrieved certificates should be the same",
1322 expectedCertEntry.getTrustedCertificate(),
1323 actualCertEntry.getTrustedCertificate());
1324 }
1325
1326 // Replace with PrivateKeyEntry
1327 {
1328 KeyFactory keyFact = KeyFactory.getInstance("RSA");
1329 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1330 final Certificate[] expectedChain = new Certificate[2];
1331 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1332 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1333
1334 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
1335
1336 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
1337
1338 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1339 assertNotNull("Retrieved entry should exist", actualEntry);
1340 assertTrue("Retrieved entry should be of type PrivateKeyEntry",
1341 actualEntry instanceof PrivateKeyEntry);
1342
1343 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
1344 assertPrivateKeyEntryEquals(actualPrivEntry, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
1345 }
1346 }
1347
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1348 public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success()
1349 throws Exception {
1350 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1351 mKeyStore.load(null, null);
1352
1353 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1354
1355 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1356
1357 // Start with PrivateKeyEntry
1358 {
1359 KeyFactory keyFact = KeyFactory.getInstance("RSA");
1360 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1361 final Certificate[] expectedChain = new Certificate[2];
1362 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1363 expectedChain[1] = caCert;
1364
1365 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
1366
1367 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
1368
1369 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1370 assertNotNull("Retrieved entry should exist", actualEntry);
1371 assertTrue("Retrieved entry should be of type PrivateKeyEntry",
1372 actualEntry instanceof PrivateKeyEntry);
1373
1374 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
1375 assertPrivateKeyEntryEquals(actualPrivEntry, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
1376 }
1377
1378 // Replace with TrustedCertificateEntry
1379 {
1380 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert);
1381 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null);
1382
1383 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1384 assertNotNull("Retrieved entry should exist", actualEntry);
1385 assertTrue("Retrieved entry should be of type TrustedCertificateEntry",
1386 actualEntry instanceof TrustedCertificateEntry);
1387 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry;
1388 assertEquals("Stored and retrieved certificates should be the same",
1389 expectedCertEntry.getTrustedCertificate(),
1390 actualCertEntry.getTrustedCertificate());
1391 }
1392 }
1393
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1394 public
1395 void
1396 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Encrypted_Success()
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1397 throws Exception {
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1398 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1399 mKeyStore.load(null, null);
1400
1401 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1402
1403 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1404
1405 // Start with PrivateKeyEntry
1406 {
1407 KeyFactory keyFact = KeyFactory.getInstance("RSA");
1408 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1409 final Certificate[] expectedChain = new Certificate[2];
1410 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1411 expectedChain[1] = caCert;
1412
1413 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
1414
1415 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
1416
1417 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1418 assertNotNull("Retrieved entry should exist", actualEntry);
1419 assertTrue("Retrieved entry should be of type PrivateKeyEntry",
1420 actualEntry instanceof PrivateKeyEntry);
1421
1422 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
1423 assertPrivateKeyEntryEquals(actualPrivEntry, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
1424 }
1425
1426 // Replace with PrivateKeyEntry that has no chain
1427 {
1428 KeyFactory keyFact = KeyFactory.getInstance("RSA");
1429 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1430 final Certificate[] expectedChain = new Certificate[1];
1431 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1432
1433 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
1434
1435 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
1436
1437 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1438 assertNotNull("Retrieved entry should exist", actualEntry);
1439 assertTrue("Retrieved entry should be of type PrivateKeyEntry",
1440 actualEntry instanceof PrivateKeyEntry);
1441
1442 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
1443 assertPrivateKeyEntryEquals(actualPrivEntry, FAKE_KEY_1, FAKE_USER_1, null);
1444 }
1445 }
1446
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1447 public void testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Encrypted_Success()
1448 throws Exception {
1449 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1450 mKeyStore.load(null, null);
1451
1452 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1453
1454 // Insert TrustedCertificateEntry
1455 {
1456 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1457
1458 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert);
1459 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null);
1460
1461 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1462 assertNotNull("Retrieved entry should exist", actualEntry);
1463 assertTrue("Retrieved entry should be of type TrustedCertificateEntry",
1464 actualEntry instanceof TrustedCertificateEntry);
1465 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry;
1466 assertEquals("Stored and retrieved certificates should be the same",
1467 expectedCertEntry.getTrustedCertificate(),
1468 actualCertEntry.getTrustedCertificate());
1469 }
1470
1471 // Replace with TrustedCertificateEntry of USER
1472 {
1473 final Certificate userCert = f
1474 .generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1475
1476 TrustedCertificateEntry expectedUserEntry = new TrustedCertificateEntry(userCert);
1477 mKeyStore.setEntry(TEST_ALIAS_1, expectedUserEntry, null);
1478
1479 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1480 assertNotNull("Retrieved entry should exist", actualEntry);
1481 assertTrue("Retrieved entry should be of type TrustedCertificateEntry",
1482 actualEntry instanceof TrustedCertificateEntry);
1483 TrustedCertificateEntry actualUserEntry = (TrustedCertificateEntry) actualEntry;
1484 assertEquals("Stored and retrieved certificates should be the same",
1485 expectedUserEntry.getTrustedCertificate(),
1486 actualUserEntry.getTrustedCertificate());
1487 }
1488 }
1489
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1490 public void testKeyStore_SetKeyEntry_ProtectedKey_Encrypted_Failure() throws Exception {
1491 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1492 mKeyStore.load(null, null);
1493
1494 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1495
1496 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1497
1498 KeyFactory keyFact = KeyFactory.getInstance("RSA");
1499 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1500 final Certificate[] chain = new Certificate[2];
1501 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1502 chain[1] = caCert;
1503
1504 try {
1505 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, "foo".toCharArray(), chain);
1506 fail("Should fail when a password is specified");
1507 } catch (KeyStoreException success) {
1508 }
1509 }
1510
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1511 public void testKeyStore_SetKeyEntry_Encrypted_Success() throws Exception {
1512 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1513 mKeyStore.load(null, null);
1514
1515 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1516
1517 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1518
1519 KeyFactory keyFact = KeyFactory.getInstance("RSA");
1520 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1521 final Certificate[] chain = new Certificate[2];
1522 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1523 chain[1] = caCert;
1524
1525 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain);
1526
1527 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1528 assertNotNull("Retrieved entry should exist", actualEntry);
1529
1530 assertTrue("Retrieved entry should be of type PrivateKeyEntry",
1531 actualEntry instanceof PrivateKeyEntry);
1532
1533 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
1534
1535 assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
1536 }
1537
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1538 public void testKeyStore_SetKeyEntry_Replaced_Encrypted_Success() throws Exception {
1539 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1540 mKeyStore.load(null, null);
1541
1542 final CertificateFactory f = CertificateFactory.getInstance("X.509");
1543
1544 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
1545
1546 // Insert initial key
1547 {
1548 KeyFactory keyFact = KeyFactory.getInstance("RSA");
1549 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1550 final Certificate[] chain = new Certificate[2];
1551 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1552 chain[1] = caCert;
1553
1554 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain);
1555
1556 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1557 assertNotNull("Retrieved entry should exist", actualEntry);
1558
1559 assertTrue("Retrieved entry should be of type PrivateKeyEntry",
1560 actualEntry instanceof PrivateKeyEntry);
1561
1562 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
1563
1564 assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
1565 }
1566
1567 // TODO make a separate key
1568 // Replace key
1569 {
1570 KeyFactory keyFact = KeyFactory.getInstance("RSA");
1571 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
1572 final Certificate[] chain = new Certificate[2];
1573 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
1574 chain[1] = caCert;
1575
1576 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain);
1577
1578 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1579 assertNotNull("Retrieved entry should exist", actualEntry);
1580
1581 assertTrue("Retrieved entry should be of type PrivateKeyEntry",
1582 actualEntry instanceof PrivateKeyEntry);
1583
1584 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
1585
1586 assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
1587 }
1588 }
1589
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]1590 @SuppressWarnings("deprecation")
1591 private static X509Certificate generateCertificate(android.security.KeyStore keyStore,
1592 String alias, BigInteger serialNumber, X500Principal subjectDN, Date notBefore,
1593 Date notAfter) throws Exception {
1594 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias;
1595
1596 final PrivateKey privKey;
1597 final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore");
1598 try {
1599 privKey = engine.getPrivateKeyById(privateKeyAlias);
1600 } catch (InvalidKeyException e) {
1601 throw new RuntimeException("Can't get key", e);
1602 }
1603
1604 final byte[] pubKeyBytes = keyStore.getPubkey(privateKeyAlias);
1605
1606 final PublicKey pubKey;
1607 try {
1608 final KeyFactory keyFact = KeyFactory.getInstance("RSA");
1609 pubKey = keyFact.generatePublic(new X509EncodedKeySpec(pubKeyBytes));
1610 } catch (NoSuchAlgorithmException e) {
1611 throw new IllegalStateException("Can't instantiate RSA key generator", e);
1612 } catch (InvalidKeySpecException e) {
1613 throw new IllegalStateException("keystore returned invalid key encoding", e);
1614 }
1615
1616 final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
1617 certGen.setPublicKey(pubKey);
1618 certGen.setSerialNumber(serialNumber);
1619 certGen.setSubjectDN(subjectDN);
1620 certGen.setIssuerDN(subjectDN);
1621 certGen.setNotBefore(notBefore);
1622 certGen.setNotAfter(notAfter);
1623 certGen.setSignatureAlgorithm("sha1WithRSA");
1624
1625 final X509Certificate cert = certGen.generate(privKey);
1626
1627 return cert;
1628 }
1629
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1630 public void testKeyStore_SetKeyEntry_ReplacedChain_Encrypted_Success() throws Exception {
1631 setupPassword();
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]1632 mKeyStore.load(null, null);
1633
1634 // Create key #1
1635 {
1636 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1;
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1637 assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF,
1638 KeyStore.FLAG_ENCRYPTED));
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]1639
1640 Key key = mKeyStore.getKey(TEST_ALIAS_1, null);
1641
1642 assertTrue(key instanceof PrivateKey);
1643
1644 PrivateKey expectedKey = (PrivateKey) key;
1645
1646 X509Certificate expectedCert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1,
1647 TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS);
1648
1649 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1650 expectedCert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]1651
1652 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1653
1654 assertTrue(entry instanceof PrivateKeyEntry);
1655
1656 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
1657
1658 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null);
1659 }
1660
1661 // Replace key #1 with new chain
1662 {
1663 Key key = mKeyStore.getKey(TEST_ALIAS_1, null);
1664
1665 assertTrue(key instanceof PrivateKey);
1666
1667 PrivateKey expectedKey = (PrivateKey) key;
1668
1669 X509Certificate expectedCert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1,
1670 TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS);
1671
1672 mKeyStore.setKeyEntry(TEST_ALIAS_1, expectedKey, null,
1673 new Certificate[] { expectedCert });
1674
1675 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1676
1677 assertTrue(entry instanceof PrivateKeyEntry);
1678
1679 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
1680
1681 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null);
1682 }
1683 }
1684
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1685 public void testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Encrypted_Failure()
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]1686 throws Exception {
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1687 setupPassword();
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]1688 mKeyStore.load(null, null);
1689
1690 // Create key #1
1691 {
1692 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1;
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1693 assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF,
1694 KeyStore.FLAG_ENCRYPTED));
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]1695
1696 X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1,
1697 TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS);
1698
1699 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1700 cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]1701 }
1702
1703 // Create key #2
1704 {
1705 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_2;
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1706 assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF,
1707 KeyStore.FLAG_ENCRYPTED));
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]1708
1709 X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2,
1710 TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS);
1711
1712 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_2,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1713 cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]1714 }
1715
1716 // Replace key #1 with key #2
1717 {
1718 Key key1 = mKeyStore.getKey(TEST_ALIAS_2, null);
1719
1720 X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2,
1721 TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS);
1722
1723 try {
1724 mKeyStore.setKeyEntry(TEST_ALIAS_1, key1, null, new Certificate[] { cert });
1725 fail("Should not allow setting of KeyEntry with wrong PrivaetKey");
1726 } catch (KeyStoreException success) {
1727 }
1728 }
1729 }
1730
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1731 public void testKeyStore_SetKeyEntry_ReplacedChain_UnencryptedToEncrypted_Failure()
1732 throws Exception {
1733 mKeyStore.load(null, null);
1734
1735 // Create key #1
1736 {
1737 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1;
1738 assertTrue(mAndroidKeyStore.generate(privateKeyAlias,
1739 android.security.KeyStore.UID_SELF, android.security.KeyStore.FLAG_NONE));
1740
1741 X509Certificate cert =
1742 generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1, TEST_DN_1,
1743 NOW, NOW_PLUS_10_YEARS);
1744
1745 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1,
1746 cert.getEncoded(), android.security.KeyStore.UID_SELF,
1747 android.security.KeyStore.FLAG_NONE));
1748 }
1749
1750 // Replace with one that requires encryption
1751 {
1752 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null);
1753
1754 try {
Kenny Root1c219f62013-04-18 17:57:03 -0700[diff] [blame]1755 mKeyStore.setEntry(TEST_ALIAS_1, entry,
1756 new KeyStoreParameter.Builder(getContext())
1757 .setEncryptionRequired(true)
1758 .build());
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1759 fail("Should not allow setting of Entry without unlocked keystore");
1760 } catch (KeyStoreException success) {
1761 }
1762
1763 assertTrue(mAndroidKeyStore.password("1111"));
1764 assertTrue(mAndroidKeyStore.isUnlocked());
1765
1766 mKeyStore.setEntry(TEST_ALIAS_1, entry,
Kenny Root1c219f62013-04-18 17:57:03 -0700[diff] [blame]1767 new KeyStoreParameter.Builder(getContext())
1768 .setEncryptionRequired(true)
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1769 .build());
1770 }
1771 }
1772
1773 public void testKeyStore_Size_Encrypted_Success() throws Exception {
1774 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1775 mKeyStore.load(null, null);
1776
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1777 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,
1778 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1779
1780 assertEquals("The keystore size should match expected", 1, mKeyStore.size());
1781 assertAliases(new String[] { TEST_ALIAS_1 });
1782
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1783 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1,
1784 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1785
1786 assertEquals("The keystore size should match expected", 2, mKeyStore.size());
1787 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 });
1788
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1789 assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3,
1790 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1791
1792 assertEquals("The keystore size should match expected", 3, mKeyStore.size());
1793 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 });
1794
1795 assertTrue(mAndroidKeyStore.delete(Credentials.CA_CERTIFICATE + TEST_ALIAS_1));
1796
1797 assertEquals("The keystore size should match expected", 2, mKeyStore.size());
1798 assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 });
1799
1800 assertTrue(mAndroidKeyStore.delKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3));
1801
1802 assertEquals("The keystore size should match expected", 1, mKeyStore.size());
1803 assertAliases(new String[] { TEST_ALIAS_2 });
1804 }
1805
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1806 public void testKeyStore_Store_LoadStoreParam_Encrypted_Failure() throws Exception {
1807 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1808 mKeyStore.load(null, null);
1809
1810 try {
1811 mKeyStore.store(null);
1812 fail("Should throw UnsupportedOperationException when trying to store");
1813 } catch (UnsupportedOperationException success) {
1814 }
1815 }
1816
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1817 public void testKeyStore_Load_InputStreamSupplied_Encrypted_Failure() throws Exception {
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1818 byte[] buf = "FAKE KEYSTORE".getBytes();
1819 ByteArrayInputStream is = new ByteArrayInputStream(buf);
1820
1821 try {
1822 mKeyStore.load(is, null);
1823 fail("Should throw IllegalArgumentException when InputStream is supplied");
1824 } catch (IllegalArgumentException success) {
1825 }
1826 }
1827
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1828 public void testKeyStore_Load_PasswordSupplied_Encrypted_Failure() throws Exception {
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1829 try {
1830 mKeyStore.load(null, "password".toCharArray());
1831 fail("Should throw IllegalArgumentException when password is supplied");
1832 } catch (IllegalArgumentException success) {
1833 }
1834 }
1835
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1836 public void testKeyStore_Store_OutputStream_Encrypted_Failure() throws Exception {
1837 setupPassword();
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1838 mKeyStore.load(null, null);
1839
1840 OutputStream sink = new ByteArrayOutputStream();
1841 try {
1842 mKeyStore.store(sink, null);
1843 fail("Should throw UnsupportedOperationException when trying to store");
1844 } catch (UnsupportedOperationException success) {
1845 }
1846
1847 try {
1848 mKeyStore.store(sink, "blah".toCharArray());
1849 fail("Should throw UnsupportedOperationException when trying to store");
1850 } catch (UnsupportedOperationException success) {
1851 }
1852 }
Kenny Root656f92f2013-02-04 14:47:36 -0800[diff] [blame]1853
1854 private void setupKey() throws Exception {
1855 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1;
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1856 assertTrue(mAndroidKeyStore
1857 .generate(privateKeyAlias, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Root656f92f2013-02-04 14:47:36 -0800[diff] [blame]1858
1859 X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1,
1860 TEST_DN_1, NOW, NOW_PLUS_10_YEARS);
1861
1862 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1,
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]1863 cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Root656f92f2013-02-04 14:47:36 -0800[diff] [blame]1864 }
1865
Kenny Root2eeda722013-04-10 11:30:58 -0700[diff] [blame]1866 public void testKeyStore_KeyOperations_Wrap_Encrypted_Success() throws Exception {
1867 setupPassword();
Kenny Root656f92f2013-02-04 14:47:36 -0800[diff] [blame]1868 mKeyStore.load(null, null);
1869
1870 setupKey();
1871
1872 // Test key usage
1873 Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null);
1874 assertNotNull(e);
1875 assertTrue(e instanceof PrivateKeyEntry);
1876
1877 PrivateKeyEntry privEntry = (PrivateKeyEntry) e;
1878 PrivateKey privKey = privEntry.getPrivateKey();
1879 assertNotNull(privKey);
1880
1881 PublicKey pubKey = privEntry.getCertificate().getPublicKey();
1882
1883 Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
1884 c.init(Cipher.WRAP_MODE, pubKey);
1885
1886 byte[] expectedKey = new byte[] {
1887 0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A
1888 };
1889
1890 SecretKey expectedSecret = new SecretKeySpec(expectedKey, "AES");
1891
1892 byte[] wrappedExpected = c.wrap(expectedSecret);
1893
1894 c.init(Cipher.UNWRAP_MODE, privKey);
1895 SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY);
1896
1897 assertEquals(Arrays.toString(expectedSecret.getEncoded()),
1898 Arrays.toString(actualSecret.getEncoded()));
1899 }
Kenny Roote29df162012-08-10 08:28:37 -0700[diff] [blame]1900}