1 /* 2 * Copyright 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.keystore.cts; 18 19 import android.app.KeyguardManager; 20 import android.content.Context; 21 import android.content.pm.PackageManager; 22 import android.security.KeyPairGeneratorSpec; 23 import android.security.KeyStoreParameter; 24 import android.security.keystore.KeyProperties; 25 import android.security.keystore.KeyProtection; 26 import android.test.AndroidTestCase; 27 import android.test.MoreAsserts; 28 import android.test.suitebuilder.annotation.LargeTest; 29 import android.util.Log; 30 31 import android.keystore.cts.R; 32 33 import java.io.ByteArrayInputStream; 34 import java.io.ByteArrayOutputStream; 35 import java.io.OutputStream; 36 import java.math.BigInteger; 37 import java.security.AlgorithmParameters; 38 import java.security.Key; 39 import java.security.KeyFactory; 40 import java.security.KeyPairGenerator; 41 import java.security.KeyStore; 42 import java.security.KeyStore.Entry; 43 import java.security.KeyStore.PrivateKeyEntry; 44 import java.security.KeyStore.TrustedCertificateEntry; 45 import java.security.KeyStoreException; 46 import java.security.PrivateKey; 47 import java.security.PublicKey; 48 import java.security.Signature; 49 import java.security.cert.Certificate; 50 import java.security.cert.CertificateFactory; 51 import java.security.interfaces.ECKey; 52 import java.security.interfaces.RSAKey; 53 import java.security.spec.PKCS8EncodedKeySpec; 54 import java.util.ArrayList; 55 import java.util.Arrays; 56 import java.util.Calendar; 57 import java.util.Collection; 58 import java.util.Date; 59 import java.util.Enumeration; 60 import java.util.HashSet; 61 import java.util.Iterator; 62 import java.util.Set; 63 64 import javax.crypto.BadPaddingException; 65 import javax.crypto.Cipher; 66 import javax.crypto.IllegalBlockSizeException; 67 import javax.crypto.Mac; 68 import javax.crypto.SecretKey; 69 import javax.security.auth.x500.X500Principal; 70 71 public class AndroidKeyStoreTest extends AndroidTestCase { 72 private static final String TAG = AndroidKeyStoreTest.class.getSimpleName(); 73 74 private KeyStore mKeyStore; 75 76 private static final String TEST_ALIAS_1 = "test1"; 77 78 private static final String TEST_ALIAS_2 = "test2"; 79 80 private static final String TEST_ALIAS_3 = "test3"; 81 82 private long mMaxTestDurationMillis; 83 84 /* 85 * The keys and certificates below are generated with: 86 * 87 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 88 * openssl req -newkey rsa:1024 -keyout userkey.pem -nodes -days 3650 -out userkey.req 89 * mkdir -p demoCA/newcerts 90 * touch demoCA/index.txt 91 * echo "01" > demoCA/serial 92 * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 93 */ 94 95 /** 96 * Generated from above and converted with: 97 * 98 * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 99 */ 100 private static final byte[] FAKE_RSA_CA_1 = { 101 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0xce, (byte) 0x30, (byte) 0x82, 102 (byte) 0x02, (byte) 0x37, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 103 (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0x6a, 104 (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, (byte) 0x55, (byte) 0x48, (byte) 0x0a, 105 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 106 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 107 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, 108 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 109 (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, 110 (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, 111 (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, 112 (byte) 0x41, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, 113 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, 114 (byte) 0x4d, (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, 115 (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, 116 (byte) 0x77, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, 117 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, 118 (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, 119 (byte) 0x64, (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, 120 (byte) 0x20, (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, 121 (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, 122 (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x34, (byte) 0x31, (byte) 0x36, 123 (byte) 0x35, (byte) 0x35, (byte) 0x34, (byte) 0x34, (byte) 0x5a, (byte) 0x17, 124 (byte) 0x0d, (byte) 0x32, (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, 125 (byte) 0x32, (byte) 0x31, (byte) 0x36, (byte) 0x35, (byte) 0x35, (byte) 0x34, 126 (byte) 0x34, (byte) 0x5a, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, 127 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 128 (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, 129 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 130 (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, 131 (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, 132 (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, 133 (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, 134 (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, 135 (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, 136 (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, 137 (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, 138 (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, 139 (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, 140 (byte) 0x81, (byte) 0x9f, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, 141 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, 142 (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, 143 (byte) 0x81, (byte) 0x8d, (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, 144 (byte) 0x02, (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0xa3, (byte) 0x72, 145 (byte) 0xab, (byte) 0xd0, (byte) 0xe4, (byte) 0xad, (byte) 0x2f, (byte) 0xe7, 146 (byte) 0xe2, (byte) 0x79, (byte) 0x07, (byte) 0x36, (byte) 0x3d, (byte) 0x0c, 147 (byte) 0x8d, (byte) 0x42, (byte) 0x9a, (byte) 0x0a, (byte) 0x33, (byte) 0x64, 148 (byte) 0xb3, (byte) 0xcd, (byte) 0xb2, (byte) 0xd7, (byte) 0x3a, (byte) 0x42, 149 (byte) 0x06, (byte) 0x77, (byte) 0x45, (byte) 0x29, (byte) 0xe9, (byte) 0xcb, 150 (byte) 0xb7, (byte) 0x4a, (byte) 0xd6, (byte) 0xee, (byte) 0xad, (byte) 0x01, 151 (byte) 0x91, (byte) 0x9b, (byte) 0x0c, (byte) 0x59, (byte) 0xa1, (byte) 0x03, 152 (byte) 0xfa, (byte) 0xf0, (byte) 0x5a, (byte) 0x7c, (byte) 0x4f, (byte) 0xf7, 153 (byte) 0x8d, (byte) 0x36, (byte) 0x0f, (byte) 0x1f, (byte) 0x45, (byte) 0x7d, 154 (byte) 0x1b, (byte) 0x31, (byte) 0xa1, (byte) 0x35, (byte) 0x0b, (byte) 0x00, 155 (byte) 0xed, (byte) 0x7a, (byte) 0xb6, (byte) 0xc8, (byte) 0x4e, (byte) 0xa9, 156 (byte) 0x86, (byte) 0x4c, (byte) 0x7b, (byte) 0x99, (byte) 0x57, (byte) 0x41, 157 (byte) 0x12, (byte) 0xef, (byte) 0x6b, (byte) 0xbc, (byte) 0x3d, (byte) 0x60, 158 (byte) 0xf2, (byte) 0x99, (byte) 0x1a, (byte) 0xcd, (byte) 0xed, (byte) 0x56, 159 (byte) 0xa4, (byte) 0xe5, (byte) 0x36, (byte) 0x9f, (byte) 0x24, (byte) 0x1f, 160 (byte) 0xdc, (byte) 0x89, (byte) 0x40, (byte) 0xc8, (byte) 0x99, (byte) 0x92, 161 (byte) 0xab, (byte) 0x4a, (byte) 0xb5, (byte) 0x61, (byte) 0x45, (byte) 0x62, 162 (byte) 0xff, (byte) 0xa3, (byte) 0x45, (byte) 0x65, (byte) 0xaf, (byte) 0xf6, 163 (byte) 0x27, (byte) 0x30, (byte) 0x51, (byte) 0x0e, (byte) 0x0e, (byte) 0xeb, 164 (byte) 0x79, (byte) 0x0c, (byte) 0xbe, (byte) 0xb3, (byte) 0x0a, (byte) 0x6f, 165 (byte) 0x29, (byte) 0x06, (byte) 0xdc, (byte) 0x2f, (byte) 0x6b, (byte) 0x51, 166 (byte) 0x02, (byte) 0x03, (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, 167 (byte) 0x81, (byte) 0xb1, (byte) 0x30, (byte) 0x81, (byte) 0xae, (byte) 0x30, 168 (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, 169 (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x33, (byte) 0x05, 170 (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, (byte) 0xc7, (byte) 0xf9, 171 (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, 172 (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, (byte) 0x5d, (byte) 0x51, 173 (byte) 0x30, (byte) 0x7f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, 174 (byte) 0x23, (byte) 0x04, (byte) 0x78, (byte) 0x30, (byte) 0x76, (byte) 0x80, 175 (byte) 0x14, (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, 176 (byte) 0x60, (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, 177 (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, 178 (byte) 0x8e, (byte) 0x5d, (byte) 0x51, (byte) 0xa1, (byte) 0x53, (byte) 0xa4, 179 (byte) 0x51, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 180 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 181 (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, 182 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 183 (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, 184 (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, 185 (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, 186 (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, 187 (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, 188 (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, 189 (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, 190 (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, 191 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, 192 (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x82, (byte) 0x09, 193 (byte) 0x00, (byte) 0xe1, (byte) 0x6a, (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, 194 (byte) 0x55, (byte) 0x48, (byte) 0x0a, (byte) 0x30, (byte) 0x0c, (byte) 0x06, 195 (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x05, 196 (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, 197 (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, 198 (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, 199 (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, (byte) 0x00, 200 (byte) 0x8c, (byte) 0x30, (byte) 0x42, (byte) 0xfa, (byte) 0xeb, (byte) 0x1a, 201 (byte) 0x26, (byte) 0xeb, (byte) 0xda, (byte) 0x56, (byte) 0x32, (byte) 0xf2, 202 (byte) 0x9d, (byte) 0xa5, (byte) 0x24, (byte) 0xd8, (byte) 0x3a, (byte) 0xda, 203 (byte) 0x30, (byte) 0xa6, (byte) 0x8b, (byte) 0x46, (byte) 0xfe, (byte) 0xfe, 204 (byte) 0xdb, (byte) 0xf1, (byte) 0xe6, (byte) 0xe1, (byte) 0x7c, (byte) 0x1b, 205 (byte) 0xe7, (byte) 0x77, (byte) 0x00, (byte) 0xa1, (byte) 0x1c, (byte) 0x19, 206 (byte) 0x17, (byte) 0x73, (byte) 0xb0, (byte) 0xf0, (byte) 0x9d, (byte) 0xf3, 207 (byte) 0x4f, (byte) 0xb6, (byte) 0xbc, (byte) 0xc7, (byte) 0x47, (byte) 0x85, 208 (byte) 0x2a, (byte) 0x4a, (byte) 0xa1, (byte) 0xa5, (byte) 0x58, (byte) 0xf5, 209 (byte) 0xc5, (byte) 0x1a, (byte) 0x51, (byte) 0xb1, (byte) 0x04, (byte) 0x80, 210 (byte) 0xee, (byte) 0x3a, (byte) 0xec, (byte) 0x2f, (byte) 0xe1, (byte) 0xfd, 211 (byte) 0x58, (byte) 0xeb, (byte) 0xed, (byte) 0x82, (byte) 0x9e, (byte) 0x38, 212 (byte) 0xa3, (byte) 0x24, (byte) 0x75, (byte) 0xf7, (byte) 0x3e, (byte) 0xc2, 213 (byte) 0xc5, (byte) 0x27, (byte) 0xeb, (byte) 0x6f, (byte) 0x7b, (byte) 0x50, 214 (byte) 0xda, (byte) 0x43, (byte) 0xdc, (byte) 0x3b, (byte) 0x0b, (byte) 0x6f, 215 (byte) 0x78, (byte) 0x8f, (byte) 0xb0, (byte) 0x66, (byte) 0xe1, (byte) 0x12, 216 (byte) 0x87, (byte) 0x5f, (byte) 0x97, (byte) 0x7b, (byte) 0xca, (byte) 0x14, 217 (byte) 0x79, (byte) 0xf7, (byte) 0xe8, (byte) 0x6c, (byte) 0x72, (byte) 0xdb, 218 (byte) 0x91, (byte) 0x65, (byte) 0x17, (byte) 0x54, (byte) 0xe0, (byte) 0x74, 219 (byte) 0x1d, (byte) 0xac, (byte) 0x47, (byte) 0x04, (byte) 0x12, (byte) 0xe0, 220 (byte) 0xc3, (byte) 0x66, (byte) 0x19, (byte) 0x05, (byte) 0x2e, (byte) 0x7e, 221 (byte) 0xf1, (byte) 0x61 222 }; 223 224 /** 225 * Generated from above and converted with: 226 * 227 * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' 228 */ 229 private static final byte[] FAKE_RSA_KEY_1 = new byte[] { 230 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x02, (byte) 0x01, 231 (byte) 0x00, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, 232 (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, 233 (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x82, 234 (byte) 0x02, (byte) 0x62, (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x5e, 235 (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x02, (byte) 0x81, (byte) 0x81, 236 (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, (byte) 0x5b, 237 (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, (byte) 0x66, 238 (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, (byte) 0x8a, 239 (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, (byte) 0x02, 240 (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, (byte) 0xf3, 241 (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, (byte) 0x6d, 242 (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, (byte) 0x67, 243 (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, (byte) 0xcb, 244 (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, (byte) 0xe2, 245 (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, (byte) 0x79, 246 (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, (byte) 0xce, 247 (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, (byte) 0x08, 248 (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, (byte) 0x3b, 249 (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, (byte) 0xc4, 250 (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, (byte) 0x0d, 251 (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, (byte) 0x23, 252 (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, (byte) 0x08, 253 (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, (byte) 0xf1, 254 (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, (byte) 0xb4, 255 (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, (byte) 0x16, 256 (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, (byte) 0x9e, 257 (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, (byte) 0x01, 258 (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x81, (byte) 0x80, (byte) 0x16, 259 (byte) 0x59, (byte) 0xc3, (byte) 0x24, (byte) 0x1d, (byte) 0x33, (byte) 0x98, 260 (byte) 0x9c, (byte) 0xc9, (byte) 0xc8, (byte) 0x2c, (byte) 0x88, (byte) 0xbf, 261 (byte) 0x0a, (byte) 0x01, (byte) 0xce, (byte) 0xfb, (byte) 0x34, (byte) 0x7a, 262 (byte) 0x58, (byte) 0x7a, (byte) 0xb0, (byte) 0xbf, (byte) 0xa6, (byte) 0xb2, 263 (byte) 0x60, (byte) 0xbe, (byte) 0x70, (byte) 0x21, (byte) 0xf5, (byte) 0xfc, 264 (byte) 0x85, (byte) 0x0d, (byte) 0x33, (byte) 0x58, (byte) 0xa1, (byte) 0xe5, 265 (byte) 0x09, (byte) 0x36, (byte) 0x84, (byte) 0xb2, (byte) 0x04, (byte) 0x0a, 266 (byte) 0x02, (byte) 0xd3, (byte) 0x88, (byte) 0x1f, (byte) 0x0c, (byte) 0x2b, 267 (byte) 0x1d, (byte) 0xe9, (byte) 0x3d, (byte) 0xe7, (byte) 0x79, (byte) 0xf9, 268 (byte) 0x32, (byte) 0x5c, (byte) 0x8a, (byte) 0x75, (byte) 0x49, (byte) 0x12, 269 (byte) 0xe4, (byte) 0x05, (byte) 0x26, (byte) 0xd4, (byte) 0x2e, (byte) 0x9e, 270 (byte) 0x1f, (byte) 0xcc, (byte) 0x54, (byte) 0xad, (byte) 0x33, (byte) 0x8d, 271 (byte) 0x99, (byte) 0x00, (byte) 0xdc, (byte) 0xf5, (byte) 0xb4, (byte) 0xa2, 272 (byte) 0x2f, (byte) 0xba, (byte) 0xe5, (byte) 0x62, (byte) 0x30, (byte) 0x6d, 273 (byte) 0xe6, (byte) 0x3d, (byte) 0xeb, (byte) 0x24, (byte) 0xc2, (byte) 0xdc, 274 (byte) 0x5f, (byte) 0xb7, (byte) 0x16, (byte) 0x35, (byte) 0xa3, (byte) 0x98, 275 (byte) 0x98, (byte) 0xa8, (byte) 0xef, (byte) 0xe8, (byte) 0xc4, (byte) 0x96, 276 (byte) 0x6d, (byte) 0x38, (byte) 0xab, (byte) 0x26, (byte) 0x6d, (byte) 0x30, 277 (byte) 0xc2, (byte) 0xa0, (byte) 0x44, (byte) 0xe4, (byte) 0xff, (byte) 0x7e, 278 (byte) 0xbe, (byte) 0x7c, (byte) 0x33, (byte) 0xa5, (byte) 0x10, (byte) 0xad, 279 (byte) 0xd7, (byte) 0x1e, (byte) 0x13, (byte) 0x20, (byte) 0xb3, (byte) 0x1f, 280 (byte) 0x41, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xf1, (byte) 0x89, 281 (byte) 0x07, (byte) 0x0f, (byte) 0xe8, (byte) 0xcf, (byte) 0xab, (byte) 0x13, 282 (byte) 0x2a, (byte) 0x8f, (byte) 0x88, (byte) 0x80, (byte) 0x11, (byte) 0x9a, 283 (byte) 0x79, (byte) 0xb6, (byte) 0x59, (byte) 0x3a, (byte) 0x50, (byte) 0x6e, 284 (byte) 0x57, (byte) 0x37, (byte) 0xab, (byte) 0x2a, (byte) 0xd2, (byte) 0xaa, 285 (byte) 0xd9, (byte) 0x72, (byte) 0x73, (byte) 0xff, (byte) 0x8b, (byte) 0x47, 286 (byte) 0x76, (byte) 0xdd, (byte) 0xdc, (byte) 0xf5, (byte) 0x97, (byte) 0x44, 287 (byte) 0x3a, (byte) 0x78, (byte) 0xbe, (byte) 0x17, (byte) 0xb4, (byte) 0x22, 288 (byte) 0x6f, (byte) 0xe5, (byte) 0x23, (byte) 0x70, (byte) 0x1d, (byte) 0x10, 289 (byte) 0x5d, (byte) 0xba, (byte) 0x16, (byte) 0x81, (byte) 0xf1, (byte) 0x45, 290 (byte) 0xce, (byte) 0x30, (byte) 0xb4, (byte) 0xab, (byte) 0x80, (byte) 0xe4, 291 (byte) 0x98, (byte) 0x31, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xda, 292 (byte) 0x82, (byte) 0x9d, (byte) 0x3f, (byte) 0xca, (byte) 0x2f, (byte) 0xe1, 293 (byte) 0xd4, (byte) 0x86, (byte) 0x77, (byte) 0x48, (byte) 0xa6, (byte) 0xab, 294 (byte) 0xab, (byte) 0x1c, (byte) 0x42, (byte) 0x5c, (byte) 0xd5, (byte) 0xc7, 295 (byte) 0x46, (byte) 0x59, (byte) 0x91, (byte) 0x3f, (byte) 0xfc, (byte) 0xcc, 296 (byte) 0xec, (byte) 0xc2, (byte) 0x40, (byte) 0x12, (byte) 0x2c, (byte) 0x8d, 297 (byte) 0x1f, (byte) 0xa2, (byte) 0x18, (byte) 0x88, (byte) 0xee, (byte) 0x82, 298 (byte) 0x4a, (byte) 0x5a, (byte) 0x5e, (byte) 0x88, (byte) 0x20, (byte) 0xe3, 299 (byte) 0x7b, (byte) 0xe0, (byte) 0xd8, (byte) 0x3a, (byte) 0x52, (byte) 0x9a, 300 (byte) 0x26, (byte) 0x6a, (byte) 0x04, (byte) 0xec, (byte) 0xe8, (byte) 0xb9, 301 (byte) 0x48, (byte) 0x40, (byte) 0xe1, (byte) 0xe1, (byte) 0x83, (byte) 0xa6, 302 (byte) 0x67, (byte) 0xa6, (byte) 0xfd, (byte) 0x02, (byte) 0x41, (byte) 0x00, 303 (byte) 0x89, (byte) 0x72, (byte) 0x3e, (byte) 0xb0, (byte) 0x90, (byte) 0xfd, 304 (byte) 0x4c, (byte) 0x0e, (byte) 0xd6, (byte) 0x13, (byte) 0x63, (byte) 0xcb, 305 (byte) 0xed, (byte) 0x38, (byte) 0x88, (byte) 0xb6, (byte) 0x79, (byte) 0xc4, 306 (byte) 0x33, (byte) 0x6c, (byte) 0xf6, (byte) 0xf8, (byte) 0xd8, (byte) 0xd0, 307 (byte) 0xbf, (byte) 0x9d, (byte) 0x35, (byte) 0xac, (byte) 0x69, (byte) 0xd2, 308 (byte) 0x2b, (byte) 0xc1, (byte) 0xf9, (byte) 0x24, (byte) 0x7b, (byte) 0xce, 309 (byte) 0xcd, (byte) 0xcb, (byte) 0xa7, (byte) 0xb2, (byte) 0x7a, (byte) 0x0a, 310 (byte) 0x27, (byte) 0x19, (byte) 0xc9, (byte) 0xaf, (byte) 0x0d, (byte) 0x21, 311 (byte) 0x89, (byte) 0x88, (byte) 0x7c, (byte) 0xad, (byte) 0x9e, (byte) 0x8d, 312 (byte) 0x47, (byte) 0x6d, (byte) 0x3f, (byte) 0xce, (byte) 0x7b, (byte) 0xa1, 313 (byte) 0x74, (byte) 0xf1, (byte) 0xa0, (byte) 0xa1, (byte) 0x02, (byte) 0x41, 314 (byte) 0x00, (byte) 0xd9, (byte) 0xa8, (byte) 0xf5, (byte) 0xfe, (byte) 0xce, 315 (byte) 0xe6, (byte) 0x77, (byte) 0x6b, (byte) 0xfe, (byte) 0x2d, (byte) 0xe0, 316 (byte) 0x1e, (byte) 0xb6, (byte) 0x2e, (byte) 0x12, (byte) 0x4e, (byte) 0x40, 317 (byte) 0xaf, (byte) 0x6a, (byte) 0x7b, (byte) 0x37, (byte) 0x49, (byte) 0x2a, 318 (byte) 0x96, (byte) 0x25, (byte) 0x83, (byte) 0x49, (byte) 0xd4, (byte) 0x0c, 319 (byte) 0xc6, (byte) 0x78, (byte) 0x25, (byte) 0x24, (byte) 0x90, (byte) 0x90, 320 (byte) 0x06, (byte) 0x15, (byte) 0x9e, (byte) 0xfe, (byte) 0xf9, (byte) 0xdf, 321 (byte) 0x5b, (byte) 0xf3, (byte) 0x7e, (byte) 0x38, (byte) 0x70, (byte) 0xeb, 322 (byte) 0x57, (byte) 0xd0, (byte) 0xd9, (byte) 0xa7, (byte) 0x0e, (byte) 0x14, 323 (byte) 0xf7, (byte) 0x95, (byte) 0x68, (byte) 0xd5, (byte) 0xc8, (byte) 0xab, 324 (byte) 0x9d, (byte) 0x3a, (byte) 0x2b, (byte) 0x51, (byte) 0xf9, (byte) 0x02, 325 (byte) 0x41, (byte) 0x00, (byte) 0x96, (byte) 0xdf, (byte) 0xe9, (byte) 0x67, 326 (byte) 0x6c, (byte) 0xdc, (byte) 0x90, (byte) 0x14, (byte) 0xb4, (byte) 0x1d, 327 (byte) 0x22, (byte) 0x33, (byte) 0x4a, (byte) 0x31, (byte) 0xc1, (byte) 0x9d, 328 (byte) 0x2e, (byte) 0xff, (byte) 0x9a, (byte) 0x2a, (byte) 0x95, (byte) 0x4b, 329 (byte) 0x27, (byte) 0x74, (byte) 0xcb, (byte) 0x21, (byte) 0xc3, (byte) 0xd2, 330 (byte) 0x0b, (byte) 0xb2, (byte) 0x46, (byte) 0x87, (byte) 0xf8, (byte) 0x28, 331 (byte) 0x01, (byte) 0x8b, (byte) 0xd8, (byte) 0xb9, (byte) 0x4b, (byte) 0xcd, 332 (byte) 0x9a, (byte) 0x96, (byte) 0x41, (byte) 0x0e, (byte) 0x36, (byte) 0x6d, 333 (byte) 0x40, (byte) 0x42, (byte) 0xbc, (byte) 0xd9, (byte) 0xd3, (byte) 0x7b, 334 (byte) 0xbc, (byte) 0xa7, (byte) 0x92, (byte) 0x90, (byte) 0xdd, (byte) 0xa1, 335 (byte) 0x9c, (byte) 0xce, (byte) 0xa1, (byte) 0x87, (byte) 0x11, (byte) 0x51 336 }; 337 338 /** 339 * Generated from above and converted with: 340 * 341 * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 342 */ 343 private static final byte[] FAKE_RSA_USER_1 = new byte[] { 344 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x95, (byte) 0x30, (byte) 0x82, 345 (byte) 0x01, (byte) 0xfe, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 346 (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, 347 (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, 348 (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, 349 (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 350 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 351 (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, 352 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 353 (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, 354 (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, 355 (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, 356 (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, 357 (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, 358 (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, 359 (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, 360 (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, 361 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, 362 (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, (byte) 0x1e, 363 (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, (byte) 0x30, (byte) 0x38, 364 (byte) 0x31, (byte) 0x34, (byte) 0x32, (byte) 0x33, (byte) 0x32, (byte) 0x35, 365 (byte) 0x34, (byte) 0x38, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, 366 (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x32, (byte) 0x32, 367 (byte) 0x33, (byte) 0x32, (byte) 0x35, (byte) 0x34, (byte) 0x38, (byte) 0x5a, 368 (byte) 0x30, (byte) 0x55, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, 369 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, 370 (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 371 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, 372 (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, (byte) 0x1b, 373 (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 374 (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, (byte) 0x64, 375 (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x54, 376 (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, (byte) 0x61, 377 (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x31, (byte) 0x1c, (byte) 0x30, 378 (byte) 0x1a, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, 379 (byte) 0x13, (byte) 0x13, (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, 380 (byte) 0x65, (byte) 0x72, (byte) 0x31, (byte) 0x2e, (byte) 0x65, (byte) 0x78, 381 (byte) 0x61, (byte) 0x6d, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x2e, 382 (byte) 0x63, (byte) 0x6f, (byte) 0x6d, (byte) 0x30, (byte) 0x81, (byte) 0x9f, 383 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 384 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 385 (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, 386 (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, 387 (byte) 0x81, (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, 388 (byte) 0x5b, (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, 389 (byte) 0x66, (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, 390 (byte) 0x8a, (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, 391 (byte) 0x02, (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, 392 (byte) 0xf3, (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, 393 (byte) 0x6d, (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, 394 (byte) 0x67, (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, 395 (byte) 0xcb, (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, 396 (byte) 0xe2, (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, 397 (byte) 0x79, (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, 398 (byte) 0xce, (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, 399 (byte) 0x08, (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, 400 (byte) 0x3b, (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, 401 (byte) 0xc4, (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, 402 (byte) 0x0d, (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, 403 (byte) 0x23, (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, 404 (byte) 0x08, (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, 405 (byte) 0xf1, (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, 406 (byte) 0xb4, (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, 407 (byte) 0x16, (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, 408 (byte) 0x9e, (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, 409 (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, 410 (byte) 0x79, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 411 (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, 412 (byte) 0x30, (byte) 0x2c, (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, 413 (byte) 0x48, (byte) 0x01, (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, 414 (byte) 0x0d, (byte) 0x04, (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, 415 (byte) 0x70, (byte) 0x65, (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, 416 (byte) 0x20, (byte) 0x47, (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, 417 (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, 418 (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, 419 (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, 420 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, 421 (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x32, (byte) 0xa1, (byte) 0x1e, 422 (byte) 0x6b, (byte) 0x69, (byte) 0x04, (byte) 0xfe, (byte) 0xb3, (byte) 0xcd, 423 (byte) 0xf8, (byte) 0xbb, (byte) 0x14, (byte) 0xcd, (byte) 0xff, (byte) 0xd4, 424 (byte) 0x16, (byte) 0xc3, (byte) 0xab, (byte) 0x44, (byte) 0x2f, (byte) 0x30, 425 (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, 426 (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, 427 (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, 428 (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, 429 (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, 430 (byte) 0x5d, (byte) 0x51, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, 431 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, 432 (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, 433 (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0x46, (byte) 0x42, (byte) 0xef, 434 (byte) 0x56, (byte) 0x89, (byte) 0x78, (byte) 0x90, (byte) 0x38, (byte) 0x24, 435 (byte) 0x9f, (byte) 0x8c, (byte) 0x7a, (byte) 0xce, (byte) 0x7a, (byte) 0xa5, 436 (byte) 0xb5, (byte) 0x1e, (byte) 0x74, (byte) 0x96, (byte) 0x34, (byte) 0x49, 437 (byte) 0x8b, (byte) 0xed, (byte) 0x44, (byte) 0xb3, (byte) 0xc9, (byte) 0x05, 438 (byte) 0xd7, (byte) 0x48, (byte) 0x55, (byte) 0x52, (byte) 0x59, (byte) 0x15, 439 (byte) 0x0b, (byte) 0xaa, (byte) 0x16, (byte) 0x86, (byte) 0xd2, (byte) 0x8e, 440 (byte) 0x16, (byte) 0x99, (byte) 0xe8, (byte) 0x5f, (byte) 0x11, (byte) 0x71, 441 (byte) 0x42, (byte) 0x55, (byte) 0xd1, (byte) 0xc4, (byte) 0x6f, (byte) 0x2e, 442 (byte) 0xa9, (byte) 0x64, (byte) 0x6f, (byte) 0xd8, (byte) 0xfd, (byte) 0x43, 443 (byte) 0x13, (byte) 0x24, (byte) 0xaa, (byte) 0x67, (byte) 0xe6, (byte) 0xf5, 444 (byte) 0xca, (byte) 0x80, (byte) 0x5e, (byte) 0x3a, (byte) 0x3e, (byte) 0xcc, 445 (byte) 0x4f, (byte) 0xba, (byte) 0x87, (byte) 0xe6, (byte) 0xae, (byte) 0xbf, 446 (byte) 0x8f, (byte) 0xd5, (byte) 0x28, (byte) 0x38, (byte) 0x58, (byte) 0x30, 447 (byte) 0x24, (byte) 0xf6, (byte) 0x53, (byte) 0x5b, (byte) 0x41, (byte) 0x53, 448 (byte) 0xe6, (byte) 0x45, (byte) 0xbc, (byte) 0xbe, (byte) 0xe6, (byte) 0xbb, 449 (byte) 0x5d, (byte) 0xd8, (byte) 0xa7, (byte) 0xf9, (byte) 0x64, (byte) 0x99, 450 (byte) 0x04, (byte) 0x43, (byte) 0x75, (byte) 0xd7, (byte) 0x2d, (byte) 0x32, 451 (byte) 0x0a, (byte) 0x94, (byte) 0xaf, (byte) 0x06, (byte) 0x34, (byte) 0xae, 452 (byte) 0x46, (byte) 0xbd, (byte) 0xda, (byte) 0x00, (byte) 0x0e, (byte) 0x25, 453 (byte) 0xc2, (byte) 0xf7, (byte) 0xc9, (byte) 0xc3, (byte) 0x65, (byte) 0xd2, 454 (byte) 0x08, (byte) 0x41, (byte) 0x0a, (byte) 0xf3, (byte) 0x72 455 }; 456 457 /* 458 * The keys and certificates below are generated with: 459 * 460 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 461 * openssl ecparam -name prime256v1 -out ecparam.pem 462 * openssl req -newkey ec:ecparam.pem -keyout userkey.pem -nodes -days 3650 -out userkey.req 463 * mkdir -p demoCA/newcerts 464 * touch demoCA/index.txt 465 * echo "01" > demoCA/serial 466 * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 467 */ 468 469 /** 470 * Generated from above and converted with: 471 * 472 * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 473 */ 474 private static final byte[] FAKE_EC_CA_1 = { 475 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x58, (byte) 0x30, (byte) 0x82, 476 (byte) 0x01, (byte) 0xc1, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 477 (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0xb2, 478 (byte) 0x8c, (byte) 0x04, (byte) 0x95, (byte) 0xeb, (byte) 0x10, (byte) 0xcb, 479 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 480 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 481 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x45, (byte) 0x31, 482 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 483 (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, 484 (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, 485 (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, 486 (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, 487 (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, 488 (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, 489 (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, 490 (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, 491 (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, 492 (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, 493 (byte) 0x74, (byte) 0x64, (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, 494 (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, 495 (byte) 0x31, (byte) 0x36, (byte) 0x32, (byte) 0x38, (byte) 0x32, (byte) 0x38, 496 (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, 497 (byte) 0x38, (byte) 0x32, (byte) 0x35, (byte) 0x31, (byte) 0x36, (byte) 0x32, 498 (byte) 0x38, (byte) 0x32, (byte) 0x38, (byte) 0x5a, (byte) 0x30, (byte) 0x45, 499 (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, 500 (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, 501 (byte) 0x55, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, 502 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, 503 (byte) 0x53, (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, 504 (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, 505 (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 506 (byte) 0x0a, (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, 507 (byte) 0x65, (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, 508 (byte) 0x57, (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, 509 (byte) 0x73, (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, 510 (byte) 0x4c, (byte) 0x74, (byte) 0x64, (byte) 0x30, (byte) 0x81, (byte) 0x9f, 511 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 512 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 513 (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, 514 (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, 515 (byte) 0x81, (byte) 0x00, (byte) 0xb5, (byte) 0xf6, (byte) 0x08, (byte) 0x0f, 516 (byte) 0xc4, (byte) 0x4d, (byte) 0xe4, (byte) 0x0d, (byte) 0x34, (byte) 0x1d, 517 (byte) 0xe2, (byte) 0x23, (byte) 0x18, (byte) 0x63, (byte) 0x03, (byte) 0xf7, 518 (byte) 0x14, (byte) 0x0e, (byte) 0x98, (byte) 0xcd, (byte) 0x45, (byte) 0x1f, 519 (byte) 0xfe, (byte) 0xfb, (byte) 0x09, (byte) 0x3f, (byte) 0x5d, (byte) 0x36, 520 (byte) 0x3b, (byte) 0x0f, (byte) 0xf9, (byte) 0x5e, (byte) 0x86, (byte) 0x56, 521 (byte) 0x64, (byte) 0xd7, (byte) 0x3f, (byte) 0xae, (byte) 0x33, (byte) 0x09, 522 (byte) 0xd3, (byte) 0xdd, (byte) 0x06, (byte) 0x17, (byte) 0x26, (byte) 0xdc, 523 (byte) 0xa2, (byte) 0x8c, (byte) 0x3c, (byte) 0x65, (byte) 0xed, (byte) 0x03, 524 (byte) 0x82, (byte) 0x78, (byte) 0x9b, (byte) 0xee, (byte) 0xe3, (byte) 0x98, 525 (byte) 0x58, (byte) 0xe1, (byte) 0xf1, (byte) 0xa0, (byte) 0x85, (byte) 0xae, 526 (byte) 0x63, (byte) 0x84, (byte) 0x41, (byte) 0x46, (byte) 0xa7, (byte) 0x4f, 527 (byte) 0xdc, (byte) 0xbb, (byte) 0x1c, (byte) 0x6e, (byte) 0xec, (byte) 0x7b, 528 (byte) 0xd5, (byte) 0xab, (byte) 0x3d, (byte) 0x6a, (byte) 0x05, (byte) 0x58, 529 (byte) 0x0f, (byte) 0x9b, (byte) 0x6a, (byte) 0x67, (byte) 0x4b, (byte) 0xe9, 530 (byte) 0x2a, (byte) 0x6d, (byte) 0x96, (byte) 0x11, (byte) 0x53, (byte) 0x95, 531 (byte) 0x78, (byte) 0xaa, (byte) 0xd1, (byte) 0x91, (byte) 0x4a, (byte) 0xf8, 532 (byte) 0x54, (byte) 0x52, (byte) 0x6d, (byte) 0xb9, (byte) 0xca, (byte) 0x74, 533 (byte) 0x81, (byte) 0xf8, (byte) 0x99, (byte) 0x64, (byte) 0xd1, (byte) 0x4f, 534 (byte) 0x01, (byte) 0x38, (byte) 0x4f, (byte) 0x08, (byte) 0x5c, (byte) 0x31, 535 (byte) 0xcb, (byte) 0x7c, (byte) 0x5c, (byte) 0x78, (byte) 0x5d, (byte) 0x47, 536 (byte) 0xd9, (byte) 0xf0, (byte) 0x1a, (byte) 0xeb, (byte) 0x02, (byte) 0x03, 537 (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x50, (byte) 0x30, 538 (byte) 0x4e, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, 539 (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, 540 (byte) 0x5f, (byte) 0x5b, (byte) 0x5e, (byte) 0xac, (byte) 0x29, (byte) 0xfa, 541 (byte) 0xa1, (byte) 0x9f, (byte) 0x9e, (byte) 0xad, (byte) 0x46, (byte) 0xe1, 542 (byte) 0xbc, (byte) 0x20, (byte) 0x72, (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, 543 (byte) 0xfa, (byte) 0xe3, (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, 544 (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, (byte) 0x30, 545 (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x5f, (byte) 0x5b, (byte) 0x5e, 546 (byte) 0xac, (byte) 0x29, (byte) 0xfa, (byte) 0xa1, (byte) 0x9f, (byte) 0x9e, 547 (byte) 0xad, (byte) 0x46, (byte) 0xe1, (byte) 0xbc, (byte) 0x20, (byte) 0x72, 548 (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, (byte) 0xfa, (byte) 0xe3, (byte) 0x30, 549 (byte) 0x0c, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 550 (byte) 0x04, (byte) 0x05, (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, 551 (byte) 0xff, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, 552 (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, 553 (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, 554 (byte) 0x81, (byte) 0x00, (byte) 0xa1, (byte) 0x4a, (byte) 0xe6, (byte) 0xfc, 555 (byte) 0x7f, (byte) 0x17, (byte) 0xaa, (byte) 0x65, (byte) 0x4a, (byte) 0x34, 556 (byte) 0xde, (byte) 0x69, (byte) 0x67, (byte) 0x54, (byte) 0x4d, (byte) 0xa2, 557 (byte) 0xc2, (byte) 0x98, (byte) 0x02, (byte) 0x43, (byte) 0x6a, (byte) 0x0e, 558 (byte) 0x0b, (byte) 0x7f, (byte) 0xa4, (byte) 0x46, (byte) 0xaf, (byte) 0xa4, 559 (byte) 0x65, (byte) 0xa0, (byte) 0xdb, (byte) 0xf1, (byte) 0x5b, (byte) 0xd5, 560 (byte) 0x09, (byte) 0xbc, (byte) 0xee, (byte) 0x37, (byte) 0x51, (byte) 0x19, 561 (byte) 0x36, (byte) 0xc0, (byte) 0x90, (byte) 0xd3, (byte) 0x5f, (byte) 0xf3, 562 (byte) 0x4f, (byte) 0xb9, (byte) 0x08, (byte) 0x45, (byte) 0x0e, (byte) 0x01, 563 (byte) 0x8a, (byte) 0x95, (byte) 0xef, (byte) 0x92, (byte) 0x95, (byte) 0x33, 564 (byte) 0x78, (byte) 0xdd, (byte) 0x90, (byte) 0xbb, (byte) 0xf3, (byte) 0x06, 565 (byte) 0x75, (byte) 0xd0, (byte) 0x66, (byte) 0xe6, (byte) 0xd0, (byte) 0x18, 566 (byte) 0x6e, (byte) 0xeb, (byte) 0x1c, (byte) 0x52, (byte) 0xc3, (byte) 0x2e, 567 (byte) 0x57, (byte) 0x7d, (byte) 0xa9, (byte) 0x03, (byte) 0xdb, (byte) 0xf4, 568 (byte) 0x57, (byte) 0x5f, (byte) 0x6c, (byte) 0x7e, (byte) 0x00, (byte) 0x0d, 569 (byte) 0x8f, (byte) 0xe8, (byte) 0x91, (byte) 0xf7, (byte) 0xae, (byte) 0x24, 570 (byte) 0x35, (byte) 0x07, (byte) 0xb5, (byte) 0x48, (byte) 0x2d, (byte) 0x36, 571 (byte) 0x30, (byte) 0x5d, (byte) 0xe9, (byte) 0x49, (byte) 0x2d, (byte) 0xd1, 572 (byte) 0x5d, (byte) 0xc5, (byte) 0xf4, (byte) 0x33, (byte) 0x77, (byte) 0x3c, 573 (byte) 0x71, (byte) 0xad, (byte) 0x90, (byte) 0x65, (byte) 0xa9, (byte) 0xc1, 574 (byte) 0x0b, (byte) 0x5c, (byte) 0x62, (byte) 0x55, (byte) 0x50, (byte) 0x6f, 575 (byte) 0x9b, (byte) 0xc9, (byte) 0x0d, (byte) 0xee 576 }; 577 578 /** 579 * Generated from above and converted with: 580 * 581 * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' 582 */ 583 private static final byte[] FAKE_EC_KEY_1 = new byte[] { 584 (byte) 0x30, (byte) 0x81, (byte) 0x87, (byte) 0x02, (byte) 0x01, (byte) 0x00, 585 (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, 586 (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, (byte) 0x06, 587 (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, 588 (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x04, (byte) 0x6d, (byte) 0x30, 589 (byte) 0x6b, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x04, (byte) 0x20, 590 (byte) 0x3a, (byte) 0x8a, (byte) 0x02, (byte) 0xdc, (byte) 0xde, (byte) 0x70, 591 (byte) 0x84, (byte) 0x45, (byte) 0x34, (byte) 0xaf, (byte) 0xbd, (byte) 0xd5, 592 (byte) 0x02, (byte) 0x17, (byte) 0x69, (byte) 0x90, (byte) 0x65, (byte) 0x1e, 593 (byte) 0x87, (byte) 0xf1, (byte) 0x3d, (byte) 0x17, (byte) 0xb6, (byte) 0xf4, 594 (byte) 0x31, (byte) 0x94, (byte) 0x86, (byte) 0x76, (byte) 0x55, (byte) 0xf7, 595 (byte) 0xcc, (byte) 0xba, (byte) 0xa1, (byte) 0x44, (byte) 0x03, (byte) 0x42, 596 (byte) 0x00, (byte) 0x04, (byte) 0xd9, (byte) 0xcf, (byte) 0xe7, (byte) 0x9b, 597 (byte) 0x23, (byte) 0xc8, (byte) 0xa3, (byte) 0xb8, (byte) 0x33, (byte) 0x14, 598 (byte) 0xa4, (byte) 0x4d, (byte) 0x75, (byte) 0x90, (byte) 0xf3, (byte) 0xcd, 599 (byte) 0x43, (byte) 0xe5, (byte) 0x1b, (byte) 0x05, (byte) 0x1d, (byte) 0xf3, 600 (byte) 0xd0, (byte) 0xa3, (byte) 0xb7, (byte) 0x32, (byte) 0x5f, (byte) 0x79, 601 (byte) 0xdc, (byte) 0x88, (byte) 0xb8, (byte) 0x4d, (byte) 0xb3, (byte) 0xd1, 602 (byte) 0x6d, (byte) 0xf7, (byte) 0x75, (byte) 0xf3, (byte) 0xbf, (byte) 0x50, 603 (byte) 0xa1, (byte) 0xbc, (byte) 0x03, (byte) 0x64, (byte) 0x22, (byte) 0xe6, 604 (byte) 0x1a, (byte) 0xa1, (byte) 0xe1, (byte) 0x06, (byte) 0x68, (byte) 0x3b, 605 (byte) 0xbc, (byte) 0x9f, (byte) 0xd3, (byte) 0xae, (byte) 0x77, (byte) 0x5e, 606 (byte) 0x88, (byte) 0x0c, (byte) 0x5e, (byte) 0x0c, (byte) 0xb2, (byte) 0x38 607 }; 608 609 /** 610 * Generated from above and converted with: 611 * 612 * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 613 */ 614 private static final byte[] FAKE_EC_USER_1 = new byte[] { 615 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x51, (byte) 0x30, (byte) 0x82, 616 (byte) 0x01, (byte) 0xba, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 617 (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, 618 (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, 619 (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, 620 (byte) 0x00, (byte) 0x30, (byte) 0x45, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 621 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 622 (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, (byte) 0x13, 623 (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 624 (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, (byte) 0x6d, 625 (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, (byte) 0x74, 626 (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, (byte) 0x06, 627 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x18, 628 (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x6e, 629 (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, (byte) 0x64, 630 (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, (byte) 0x50, 631 (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, (byte) 0x64, 632 (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x33, 633 (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, (byte) 0x31, (byte) 0x36, 634 (byte) 0x33, (byte) 0x30, (byte) 0x30, (byte) 0x38, (byte) 0x5a, (byte) 0x17, 635 (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, 636 (byte) 0x35, (byte) 0x31, (byte) 0x36, (byte) 0x33, (byte) 0x30, (byte) 0x30, 637 (byte) 0x38, (byte) 0x5a, (byte) 0x30, (byte) 0x62, (byte) 0x31, (byte) 0x0b, 638 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 639 (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, 640 (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, 641 (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, 642 (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, 643 (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, 644 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, 645 (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, 646 (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, 647 (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, 648 (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, 649 (byte) 0x64, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, 650 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x12, 651 (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, (byte) 0x65, (byte) 0x72, 652 (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x61, (byte) 0x6d, (byte) 0x70, 653 (byte) 0x6c, (byte) 0x65, (byte) 0x2e, (byte) 0x63, (byte) 0x6f, (byte) 0x6d, 654 (byte) 0x30, (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, 655 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, 656 (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, 657 (byte) 0xce, (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, 658 (byte) 0x42, (byte) 0x00, (byte) 0x04, (byte) 0xd9, (byte) 0xcf, (byte) 0xe7, 659 (byte) 0x9b, (byte) 0x23, (byte) 0xc8, (byte) 0xa3, (byte) 0xb8, (byte) 0x33, 660 (byte) 0x14, (byte) 0xa4, (byte) 0x4d, (byte) 0x75, (byte) 0x90, (byte) 0xf3, 661 (byte) 0xcd, (byte) 0x43, (byte) 0xe5, (byte) 0x1b, (byte) 0x05, (byte) 0x1d, 662 (byte) 0xf3, (byte) 0xd0, (byte) 0xa3, (byte) 0xb7, (byte) 0x32, (byte) 0x5f, 663 (byte) 0x79, (byte) 0xdc, (byte) 0x88, (byte) 0xb8, (byte) 0x4d, (byte) 0xb3, 664 (byte) 0xd1, (byte) 0x6d, (byte) 0xf7, (byte) 0x75, (byte) 0xf3, (byte) 0xbf, 665 (byte) 0x50, (byte) 0xa1, (byte) 0xbc, (byte) 0x03, (byte) 0x64, (byte) 0x22, 666 (byte) 0xe6, (byte) 0x1a, (byte) 0xa1, (byte) 0xe1, (byte) 0x06, (byte) 0x68, 667 (byte) 0x3b, (byte) 0xbc, (byte) 0x9f, (byte) 0xd3, (byte) 0xae, (byte) 0x77, 668 (byte) 0x5e, (byte) 0x88, (byte) 0x0c, (byte) 0x5e, (byte) 0x0c, (byte) 0xb2, 669 (byte) 0x38, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, (byte) 0x79, (byte) 0x30, 670 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 671 (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, (byte) 0x30, (byte) 0x2c, 672 (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, (byte) 0x48, (byte) 0x01, 673 (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, (byte) 0x0d, (byte) 0x04, 674 (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, (byte) 0x70, (byte) 0x65, 675 (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, (byte) 0x20, (byte) 0x47, 676 (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, (byte) 0x61, (byte) 0x74, 677 (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, (byte) 0x65, (byte) 0x72, 678 (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61, 679 (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, 680 (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, 681 (byte) 0x14, (byte) 0xd5, (byte) 0xc4, (byte) 0x72, (byte) 0xbd, (byte) 0xd2, 682 (byte) 0x4e, (byte) 0x90, (byte) 0x1b, (byte) 0x14, (byte) 0x32, (byte) 0xdb, 683 (byte) 0x03, (byte) 0xae, (byte) 0xfa, (byte) 0x27, (byte) 0x7d, (byte) 0x8d, 684 (byte) 0xe4, (byte) 0x80, (byte) 0x58, (byte) 0x30, (byte) 0x1f, (byte) 0x06, 685 (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, 686 (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x5f, (byte) 0x5b, 687 (byte) 0x5e, (byte) 0xac, (byte) 0x29, (byte) 0xfa, (byte) 0xa1, (byte) 0x9f, 688 (byte) 0x9e, (byte) 0xad, (byte) 0x46, (byte) 0xe1, (byte) 0xbc, (byte) 0x20, 689 (byte) 0x72, (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, (byte) 0xfa, (byte) 0xe3, 690 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 691 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 692 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, 693 (byte) 0x00, (byte) 0x43, (byte) 0x99, (byte) 0x9f, (byte) 0x67, (byte) 0x08, 694 (byte) 0x43, (byte) 0xd5, (byte) 0x6b, (byte) 0x6f, (byte) 0xd7, (byte) 0x05, 695 (byte) 0xd6, (byte) 0x75, (byte) 0x34, (byte) 0x30, (byte) 0xca, (byte) 0x20, 696 (byte) 0x47, (byte) 0x61, (byte) 0xa1, (byte) 0x89, (byte) 0xb6, (byte) 0xf1, 697 (byte) 0x49, (byte) 0x7b, (byte) 0xd9, (byte) 0xb9, (byte) 0xe8, (byte) 0x1e, 698 (byte) 0x29, (byte) 0x74, (byte) 0x0a, (byte) 0x67, (byte) 0xc0, (byte) 0x7d, 699 (byte) 0xb8, (byte) 0xe6, (byte) 0x39, (byte) 0xa8, (byte) 0x5e, (byte) 0xc3, 700 (byte) 0xb0, (byte) 0xa1, (byte) 0x30, (byte) 0x6a, (byte) 0x1f, (byte) 0x1d, 701 (byte) 0xfc, (byte) 0x11, (byte) 0x59, (byte) 0x0b, (byte) 0xb9, (byte) 0xad, 702 (byte) 0x3a, (byte) 0x4e, (byte) 0x50, (byte) 0x0a, (byte) 0x61, (byte) 0xdb, 703 (byte) 0x75, (byte) 0x6b, (byte) 0xe5, (byte) 0x3f, (byte) 0x8d, (byte) 0xde, 704 (byte) 0x28, (byte) 0x68, (byte) 0xb1, (byte) 0x29, (byte) 0x9a, (byte) 0x18, 705 (byte) 0x8a, (byte) 0xfc, (byte) 0x3f, (byte) 0x13, (byte) 0x93, (byte) 0x29, 706 (byte) 0xed, (byte) 0x22, (byte) 0x7c, (byte) 0xb4, (byte) 0x50, (byte) 0xd5, 707 (byte) 0x4d, (byte) 0x32, (byte) 0x4d, (byte) 0x42, (byte) 0x2b, (byte) 0x29, 708 (byte) 0x97, (byte) 0x86, (byte) 0xc0, (byte) 0x01, (byte) 0x00, (byte) 0x25, 709 (byte) 0xf6, (byte) 0xd3, (byte) 0x2a, (byte) 0xd8, (byte) 0xda, (byte) 0x13, 710 (byte) 0x94, (byte) 0x12, (byte) 0x78, (byte) 0x14, (byte) 0x0b, (byte) 0x51, 711 (byte) 0xc0, (byte) 0x45, (byte) 0xb4, (byte) 0x02, (byte) 0x37, (byte) 0x98, 712 (byte) 0x42, (byte) 0x3c, (byte) 0xcb, (byte) 0x2e, (byte) 0xe4, (byte) 0x38, 713 (byte) 0x69, (byte) 0x1b, (byte) 0x72, (byte) 0xf0, (byte) 0xaa, (byte) 0x89, 714 (byte) 0x7e, (byte) 0xde, (byte) 0xb2 715 }; 716 717 /** 718 * The amount of time to allow before and after expected time for variance 719 * in timing tests. 720 */ 721 private static final long SLOP_TIME_MILLIS = 15000L; 722 723 @Override setUp()724 protected void setUp() throws Exception { 725 super.setUp(); 726 727 // Wipe any existing entries in the KeyStore 728 KeyStore ksTemp = KeyStore.getInstance("AndroidKeyStore"); 729 ksTemp.load(null, null); 730 Enumeration<String> aliases = ksTemp.aliases(); 731 while (aliases.hasMoreElements()) { 732 String alias = aliases.nextElement(); 733 ksTemp.deleteEntry(alias); 734 } 735 736 // Get a new instance because some tests need it uninitialized 737 mKeyStore = KeyStore.getInstance("AndroidKeyStore"); 738 739 // Use a longer timeout on watches, which are generally less performant. 740 mMaxTestDurationMillis = 741 getContext().getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH) 742 ? LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_WATCH_MILLIS 743 : LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_MILLIS; 744 } 745 746 @Override tearDown()747 protected void tearDown() throws Exception { 748 try { 749 KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); 750 keyStore.load(null, null); 751 Enumeration<String> aliases = keyStore.aliases(); 752 while (aliases.hasMoreElements()) { 753 String alias = aliases.nextElement(); 754 keyStore.deleteEntry(alias); 755 } 756 } finally { 757 super.tearDown(); 758 } 759 } 760 generatePrivateKey(String keyType, byte[] fakeKey1)761 private PrivateKey generatePrivateKey(String keyType, byte[] fakeKey1) throws Exception { 762 KeyFactory kf = KeyFactory.getInstance(keyType); 763 return kf.generatePrivate(new PKCS8EncodedKeySpec(fakeKey1)); 764 } 765 generateCertificate(byte[] fakeUser1)766 private Certificate generateCertificate(byte[] fakeUser1) throws Exception { 767 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 768 return cf.generateCertificate(new ByteArrayInputStream(fakeUser1)); 769 } 770 makeUserEcKey1()771 private PrivateKeyEntry makeUserEcKey1() throws Exception { 772 return new KeyStore.PrivateKeyEntry(generatePrivateKey("EC", FAKE_EC_KEY_1), 773 new Certificate[] { 774 generateCertificate(FAKE_EC_USER_1), generateCertificate(FAKE_EC_CA_1) 775 }); 776 } 777 makeUserRsaKey1()778 private PrivateKeyEntry makeUserRsaKey1() throws Exception { 779 return new KeyStore.PrivateKeyEntry(generatePrivateKey("RSA", FAKE_RSA_KEY_1), 780 new Certificate[] { 781 generateCertificate(FAKE_RSA_USER_1), generateCertificate(FAKE_RSA_CA_1) 782 }); 783 } 784 makeCa1()785 private Entry makeCa1() throws Exception { 786 return new KeyStore.TrustedCertificateEntry(generateCertificate(FAKE_RSA_CA_1)); 787 } 788 assertAliases(final String[] expectedAliases)789 private void assertAliases(final String[] expectedAliases) throws KeyStoreException { 790 final Enumeration<String> aliases = mKeyStore.aliases(); 791 int count = 0; 792 793 final Set<String> expectedSet = new HashSet<String>(); 794 expectedSet.addAll(Arrays.asList(expectedAliases)); 795 796 while (aliases.hasMoreElements()) { 797 count++; 798 final String alias = aliases.nextElement(); 799 assertTrue("The alias should be in the expected set", expectedSet.contains(alias)); 800 expectedSet.remove(alias); 801 } 802 assertTrue("The expected set and actual set should be exactly equal", expectedSet.isEmpty()); 803 assertEquals("There should be the correct number of keystore entries", 804 expectedAliases.length, count); 805 } 806 testKeyStore_Aliases_Unencrypted_Success()807 public void testKeyStore_Aliases_Unencrypted_Success() throws Exception { 808 mKeyStore.load(null, null); 809 810 assertAliases(new String[] {}); 811 812 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 813 814 assertAliases(new String[] { TEST_ALIAS_1 }); 815 816 mKeyStore.setEntry(TEST_ALIAS_2, makeCa1(), null); 817 818 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); 819 } 820 testKeyStore_Aliases_NotInitialized_Unencrypted_Failure()821 public void testKeyStore_Aliases_NotInitialized_Unencrypted_Failure() throws Exception { 822 try { 823 mKeyStore.aliases(); 824 fail("KeyStore should throw exception when not initialized"); 825 } catch (KeyStoreException success) { 826 } 827 } 828 testKeyStore_ContainsAliases_PrivateAndCA_Unencrypted_Success()829 public void testKeyStore_ContainsAliases_PrivateAndCA_Unencrypted_Success() throws Exception { 830 mKeyStore.load(null, null); 831 832 assertAliases(new String[] {}); 833 834 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 835 836 assertTrue("Should contain generated private key", mKeyStore.containsAlias(TEST_ALIAS_1)); 837 838 mKeyStore.setEntry(TEST_ALIAS_2, makeCa1(), null); 839 840 assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); 841 842 assertFalse("Should not contain unadded certificate alias", 843 mKeyStore.containsAlias(TEST_ALIAS_3)); 844 } 845 testKeyStore_ContainsAliases_CAOnly_Unencrypted_Success()846 public void testKeyStore_ContainsAliases_CAOnly_Unencrypted_Success() throws Exception { 847 mKeyStore.load(null, null); 848 849 mKeyStore.setEntry(TEST_ALIAS_2, makeCa1(), null); 850 851 assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); 852 } 853 testKeyStore_ContainsAliases_NonExistent_Unencrypted_Failure()854 public void testKeyStore_ContainsAliases_NonExistent_Unencrypted_Failure() throws Exception { 855 mKeyStore.load(null, null); 856 857 assertFalse("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_1)); 858 } 859 testKeyStore_DeleteEntry_Unencrypted_Success()860 public void testKeyStore_DeleteEntry_Unencrypted_Success() throws Exception { 861 mKeyStore.load(null, null); 862 863 // TEST_ALIAS_1 864 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 865 866 // TEST_ALIAS_2 867 mKeyStore.setCertificateEntry(TEST_ALIAS_2, generateCertificate(FAKE_RSA_CA_1)); 868 869 // TEST_ALIAS_3 870 mKeyStore.setCertificateEntry(TEST_ALIAS_3, generateCertificate(FAKE_RSA_CA_1)); 871 872 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); 873 874 mKeyStore.deleteEntry(TEST_ALIAS_1); 875 876 assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); 877 878 mKeyStore.deleteEntry(TEST_ALIAS_3); 879 880 assertAliases(new String[] { TEST_ALIAS_2 }); 881 882 mKeyStore.deleteEntry(TEST_ALIAS_2); 883 884 assertAliases(new String[] { }); 885 } 886 testKeyStore_DeleteEntry_EmptyStore_Unencrypted_Success()887 public void testKeyStore_DeleteEntry_EmptyStore_Unencrypted_Success() throws Exception { 888 mKeyStore.load(null, null); 889 890 // Should not throw when a non-existent entry is requested for delete. 891 mKeyStore.deleteEntry(TEST_ALIAS_1); 892 } 893 testKeyStore_DeleteEntry_NonExistent_Unencrypted_Success()894 public void testKeyStore_DeleteEntry_NonExistent_Unencrypted_Success() throws Exception { 895 mKeyStore.load(null, null); 896 897 // TEST_ALIAS_1 898 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 899 900 // Should not throw when a non-existent entry is requested for delete. 901 mKeyStore.deleteEntry(TEST_ALIAS_2); 902 } 903 testKeyStore_GetCertificate_Single_Unencrypted_Success()904 public void testKeyStore_GetCertificate_Single_Unencrypted_Success() throws Exception { 905 mKeyStore.load(null, null); 906 907 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 908 909 assertAliases(new String[] { TEST_ALIAS_1 }); 910 911 assertNull("Certificate should not exist in keystore", 912 mKeyStore.getCertificate(TEST_ALIAS_2)); 913 914 Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); 915 916 assertNotNull("Retrieved certificate should not be null", retrieved); 917 918 CertificateFactory f = CertificateFactory.getInstance("X.509"); 919 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 920 921 assertEquals("Actual and retrieved certificates should be the same", actual, retrieved); 922 } 923 testKeyStore_GetCertificate_NonExist_Unencrypted_Failure()924 public void testKeyStore_GetCertificate_NonExist_Unencrypted_Failure() throws Exception { 925 mKeyStore.load(null, null); 926 927 assertNull("Certificate should not exist in keystore", 928 mKeyStore.getCertificate(TEST_ALIAS_1)); 929 } 930 testKeyStore_GetCertificateAlias_CAEntry_Unencrypted_Success()931 public void testKeyStore_GetCertificateAlias_CAEntry_Unencrypted_Success() throws Exception { 932 mKeyStore.load(null, null); 933 934 Certificate cert = generateCertificate(FAKE_RSA_CA_1); 935 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 936 937 assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, 938 mKeyStore.getCertificateAlias(cert)); 939 } 940 testKeyStore_GetCertificateAlias_PrivateKeyEntry_Unencrypted_Success()941 public void testKeyStore_GetCertificateAlias_PrivateKeyEntry_Unencrypted_Success() 942 throws Exception { 943 mKeyStore.load(null, null); 944 945 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 946 947 CertificateFactory f = CertificateFactory.getInstance("X.509"); 948 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 949 950 assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, 951 mKeyStore.getCertificateAlias(actual)); 952 } 953 testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Unencrypted_Success()954 public void testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Unencrypted_Success() 955 throws Exception { 956 mKeyStore.load(null, null); 957 958 Certificate actual = generateCertificate(FAKE_RSA_CA_1); 959 960 // Insert TrustedCertificateEntry with CA name 961 mKeyStore.setCertificateEntry(TEST_ALIAS_2, actual); 962 963 // Insert PrivateKeyEntry that uses the same CA 964 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 965 966 assertEquals("Stored certificate alias should be found", TEST_ALIAS_2, 967 mKeyStore.getCertificateAlias(actual)); 968 } 969 testKeyStore_GetCertificateAlias_NonExist_Empty_Unencrypted_Failure()970 public void testKeyStore_GetCertificateAlias_NonExist_Empty_Unencrypted_Failure() 971 throws Exception { 972 mKeyStore.load(null, null); 973 974 CertificateFactory f = CertificateFactory.getInstance("X.509"); 975 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 976 977 assertNull("Stored certificate alias should not be found", 978 mKeyStore.getCertificateAlias(actual)); 979 } 980 testKeyStore_GetCertificateAlias_NonExist_Unencrypted_Failure()981 public void testKeyStore_GetCertificateAlias_NonExist_Unencrypted_Failure() throws Exception { 982 mKeyStore.load(null, null); 983 984 Certificate ca = generateCertificate(FAKE_RSA_CA_1); 985 986 // Insert TrustedCertificateEntry with CA name 987 mKeyStore.setCertificateEntry(TEST_ALIAS_1, ca); 988 989 Certificate userCert = generateCertificate(FAKE_RSA_USER_1); 990 991 assertNull("Stored certificate alias should be found", 992 mKeyStore.getCertificateAlias(userCert)); 993 } 994 testKeyStore_GetCertificateChain_SingleLength_Unencrypted_Success()995 public void testKeyStore_GetCertificateChain_SingleLength_Unencrypted_Success() throws Exception { 996 mKeyStore.load(null, null); 997 998 // TEST_ALIAS_1 999 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1000 1001 Certificate[] expected = new Certificate[2]; 1002 expected[0] = generateCertificate(FAKE_RSA_USER_1); 1003 expected[1] = generateCertificate(FAKE_RSA_CA_1); 1004 1005 Certificate[] actual = mKeyStore.getCertificateChain(TEST_ALIAS_1); 1006 1007 assertNotNull("Returned certificate chain should not be null", actual); 1008 assertEquals("Returned certificate chain should be correct size", expected.length, 1009 actual.length); 1010 assertEquals("First certificate should be user certificate", expected[0], actual[0]); 1011 assertEquals("Second certificate should be CA certificate", expected[1], actual[1]); 1012 1013 // Negative test when keystore is populated. 1014 assertNull("Stored certificate alias should not be found", 1015 mKeyStore.getCertificateChain(TEST_ALIAS_2)); 1016 } 1017 testKeyStore_GetCertificateChain_NonExist_Unencrypted_Failure()1018 public void testKeyStore_GetCertificateChain_NonExist_Unencrypted_Failure() throws Exception { 1019 mKeyStore.load(null, null); 1020 1021 assertNull("Stored certificate alias should not be found", 1022 mKeyStore.getCertificateChain(TEST_ALIAS_1)); 1023 } 1024 testKeyStore_GetCreationDate_PrivateKeyEntry_Unencrypted_Success()1025 public void testKeyStore_GetCreationDate_PrivateKeyEntry_Unencrypted_Success() throws Exception { 1026 mKeyStore.load(null, null); 1027 1028 // TEST_ALIAS_1 1029 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1030 1031 Date now = new Date(); 1032 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 1033 1034 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 1035 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 1036 1037 assertTrue("Time should be close to current time", actual.before(expectedBefore)); 1038 assertTrue("Time should be close to current time", actual.after(expectedAfter)); 1039 } 1040 testKeyStore_GetCreationDate_CAEntry_Unencrypted_Success()1041 public void testKeyStore_GetCreationDate_CAEntry_Unencrypted_Success() throws Exception { 1042 mKeyStore.load(null, null); 1043 1044 // Insert TrustedCertificateEntry with CA name 1045 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1046 1047 Date now = new Date(); 1048 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 1049 assertNotNull("Certificate should be found", actual); 1050 1051 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 1052 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 1053 1054 assertTrue("Time should be close to current time", actual.before(expectedBefore)); 1055 assertTrue("Time should be close to current time", actual.after(expectedAfter)); 1056 } 1057 testKeyStore_GetEntry_NullParams_Unencrypted_Success()1058 public void testKeyStore_GetEntry_NullParams_Unencrypted_Success() throws Exception { 1059 mKeyStore.load(null, null); 1060 1061 // TEST_ALIAS_1 1062 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1063 1064 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1065 assertNotNull("Entry should exist", entry); 1066 1067 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1068 1069 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1070 1071 assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1072 } 1073 testKeyStore_GetEntry_EC_NullParams_Unencrypted_Success()1074 public void testKeyStore_GetEntry_EC_NullParams_Unencrypted_Success() throws Exception { 1075 mKeyStore.load(null, null); 1076 1077 // TEST_ALIAS_1 1078 mKeyStore.setEntry(TEST_ALIAS_1, makeUserEcKey1(), null); 1079 1080 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1081 assertNotNull("Entry should exist", entry); 1082 1083 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1084 1085 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1086 1087 assertPrivateKeyEntryEquals(keyEntry, "EC", FAKE_EC_KEY_1, FAKE_EC_USER_1, FAKE_EC_CA_1); 1088 } 1089 testKeyStore_GetEntry_RSA_NullParams_Unencrypted_Success()1090 public void testKeyStore_GetEntry_RSA_NullParams_Unencrypted_Success() throws Exception { 1091 mKeyStore.load(null, null); 1092 1093 // TEST_ALIAS_1 1094 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1095 1096 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1097 assertNotNull("Entry should exist", entry); 1098 1099 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1100 1101 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1102 1103 assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1104 FAKE_RSA_CA_1); 1105 } 1106 1107 @SuppressWarnings("unchecked") assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, String keyType, byte[] key, byte[] cert, byte[] ca)1108 private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, String keyType, byte[] key, 1109 byte[] cert, byte[] ca) throws Exception { 1110 KeyFactory keyFact = KeyFactory.getInstance(keyType); 1111 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(key)); 1112 1113 CertificateFactory certFact = CertificateFactory.getInstance("X.509"); 1114 Certificate expectedCert = certFact.generateCertificate(new ByteArrayInputStream(cert)); 1115 1116 final Collection<Certificate> expectedChain; 1117 if (ca != null) { 1118 expectedChain = (Collection<Certificate>) certFact 1119 .generateCertificates(new ByteArrayInputStream(ca)); 1120 } else { 1121 expectedChain = null; 1122 } 1123 1124 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, expectedChain); 1125 } 1126 assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey, Certificate expectedCert, Collection<Certificate> expectedChain)1127 private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey, 1128 Certificate expectedCert, Collection<Certificate> expectedChain) throws Exception { 1129 final PrivateKey privKey = keyEntry.getPrivateKey(); 1130 final PublicKey pubKey = keyEntry.getCertificate().getPublicKey(); 1131 1132 if (expectedKey instanceof ECKey) { 1133 assertTrue("Returned PrivateKey " + privKey.getClass() + " should be instanceof ECKey", 1134 privKey instanceof ECKey); 1135 assertEquals("Returned PrivateKey should be what we inserted", 1136 ((ECKey) expectedKey).getParams().getCurve(), 1137 ((ECKey) privKey).getParams().getCurve()); 1138 } else if (expectedKey instanceof RSAKey) { 1139 assertTrue("Returned PrivateKey " + privKey.getClass() + " should be instanceof RSAKey", 1140 privKey instanceof RSAKey); 1141 assertEquals("Returned PrivateKey should be what we inserted", 1142 ((RSAKey) expectedKey).getModulus(), 1143 ((RSAKey) privKey).getModulus()); 1144 } 1145 1146 assertNull("getFormat() should return null", privKey.getFormat()); 1147 assertNull("getEncoded() should return null", privKey.getEncoded()); 1148 1149 assertEquals("Public keys should be in X.509 format", "X.509", pubKey.getFormat()); 1150 assertNotNull("Public keys should be encodable", pubKey.getEncoded()); 1151 1152 assertEquals("Returned Certificate should be what we inserted", expectedCert, 1153 keyEntry.getCertificate()); 1154 1155 Certificate[] actualChain = keyEntry.getCertificateChain(); 1156 1157 assertEquals("First certificate in chain should be user cert", expectedCert, actualChain[0]); 1158 1159 if (expectedChain == null) { 1160 assertEquals("Certificate chain should not include CAs", 1, actualChain.length); 1161 } else { 1162 assertEquals("Chains should be the same size", expectedChain.size() + 1, 1163 actualChain.length); 1164 int i = 1; 1165 final Iterator<Certificate> it = expectedChain.iterator(); 1166 while (it.hasNext() && i < actualChain.length) { 1167 assertEquals("CA chain certificate should equal what we put in", it.next(), 1168 actualChain[i++]); 1169 } 1170 } 1171 } 1172 testKeyStore_GetEntry_Nonexistent_NullParams_Unencrypted_Failure()1173 public void testKeyStore_GetEntry_Nonexistent_NullParams_Unencrypted_Failure() throws Exception { 1174 mKeyStore.load(null, null); 1175 1176 assertNull("A non-existent entry should return null", 1177 mKeyStore.getEntry(TEST_ALIAS_1, null)); 1178 } 1179 testKeyStore_GetKey_NoPassword_Unencrypted_Success()1180 public void testKeyStore_GetKey_NoPassword_Unencrypted_Success() throws Exception { 1181 mKeyStore.load(null, null); 1182 1183 // TEST_ALIAS_1 1184 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1185 1186 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1187 assertNotNull("Key should exist", key); 1188 1189 assertTrue("Should be a PrivateKey", key instanceof PrivateKey); 1190 assertTrue("Should be a RSAKey", key instanceof RSAKey); 1191 1192 RSAKey actualKey = (RSAKey) key; 1193 1194 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1195 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1196 1197 assertEquals("Inserted key should be same as retrieved key", 1198 ((RSAKey) expectedKey).getModulus(), actualKey.getModulus()); 1199 } 1200 testKeyStore_GetKey_Certificate_Unencrypted_Failure()1201 public void testKeyStore_GetKey_Certificate_Unencrypted_Failure() throws Exception { 1202 mKeyStore.load(null, null); 1203 1204 // Insert TrustedCertificateEntry with CA name 1205 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1206 1207 assertNull("Certificate entries should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); 1208 } 1209 testKeyStore_GetKey_NonExistent_Unencrypted_Failure()1210 public void testKeyStore_GetKey_NonExistent_Unencrypted_Failure() throws Exception { 1211 mKeyStore.load(null, null); 1212 1213 assertNull("A non-existent entry should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); 1214 } 1215 testKeyStore_GetProvider_Unencrypted_Success()1216 public void testKeyStore_GetProvider_Unencrypted_Success() throws Exception { 1217 assertEquals("AndroidKeyStore", mKeyStore.getProvider().getName()); 1218 } 1219 testKeyStore_GetType_Unencrypted_Success()1220 public void testKeyStore_GetType_Unencrypted_Success() throws Exception { 1221 assertEquals("AndroidKeyStore", mKeyStore.getType()); 1222 } 1223 testKeyStore_IsCertificateEntry_CA_Unencrypted_Success()1224 public void testKeyStore_IsCertificateEntry_CA_Unencrypted_Success() throws Exception { 1225 mKeyStore.load(null, null); 1226 1227 // Insert TrustedCertificateEntry with CA name 1228 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1229 1230 assertTrue("Should return true for CA certificate", 1231 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1232 } 1233 testKeyStore_IsCertificateEntry_PrivateKey_Unencrypted_Failure()1234 public void testKeyStore_IsCertificateEntry_PrivateKey_Unencrypted_Failure() throws Exception { 1235 mKeyStore.load(null, null); 1236 1237 // TEST_ALIAS_1 1238 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1239 1240 assertFalse("Should return false for PrivateKeyEntry", 1241 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1242 } 1243 testKeyStore_IsCertificateEntry_NonExist_Unencrypted_Failure()1244 public void testKeyStore_IsCertificateEntry_NonExist_Unencrypted_Failure() throws Exception { 1245 mKeyStore.load(null, null); 1246 1247 assertFalse("Should return false for non-existent entry", 1248 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1249 } 1250 testKeyStore_IsKeyEntry_PrivateKey_Unencrypted_Success()1251 public void testKeyStore_IsKeyEntry_PrivateKey_Unencrypted_Success() throws Exception { 1252 mKeyStore.load(null, null); 1253 1254 // TEST_ALIAS_1 1255 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1256 1257 assertTrue("Should return true for PrivateKeyEntry", mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1258 } 1259 testKeyStore_IsKeyEntry_CA_Unencrypted_Failure()1260 public void testKeyStore_IsKeyEntry_CA_Unencrypted_Failure() throws Exception { 1261 mKeyStore.load(null, null); 1262 1263 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1264 1265 assertFalse("Should return false for CA certificate", mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1266 } 1267 testKeyStore_IsKeyEntry_NonExist_Unencrypted_Failure()1268 public void testKeyStore_IsKeyEntry_NonExist_Unencrypted_Failure() throws Exception { 1269 mKeyStore.load(null, null); 1270 1271 assertFalse("Should return false for non-existent entry", 1272 mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1273 } 1274 testKeyStore_SetCertificate_CA_Unencrypted_Success()1275 public void testKeyStore_SetCertificate_CA_Unencrypted_Success() throws Exception { 1276 final Certificate actual = generateCertificate(FAKE_RSA_CA_1); 1277 1278 mKeyStore.load(null, null); 1279 1280 mKeyStore.setCertificateEntry(TEST_ALIAS_1, actual); 1281 assertAliases(new String[] { TEST_ALIAS_1 }); 1282 1283 Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); 1284 1285 assertEquals("Retrieved certificate should be the same as the one inserted", actual, 1286 retrieved); 1287 } 1288 testKeyStore_SetCertificate_CAExists_Overwrite_Unencrypted_Success()1289 public void testKeyStore_SetCertificate_CAExists_Overwrite_Unencrypted_Success() 1290 throws Exception { 1291 mKeyStore.load(null, null); 1292 1293 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1294 1295 assertAliases(new String[] { TEST_ALIAS_1 }); 1296 1297 final Certificate cert = generateCertificate(FAKE_RSA_CA_1); 1298 1299 // TODO have separate FAKE_CA for second test 1300 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 1301 1302 assertAliases(new String[] { TEST_ALIAS_1 }); 1303 } 1304 testKeyStore_SetCertificate_PrivateKeyExists_Unencrypted_Failure()1305 public void testKeyStore_SetCertificate_PrivateKeyExists_Unencrypted_Failure() throws Exception { 1306 mKeyStore.load(null, null); 1307 1308 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1309 1310 assertAliases(new String[] { TEST_ALIAS_1 }); 1311 1312 final Certificate cert = generateCertificate(FAKE_RSA_CA_1); 1313 1314 try { 1315 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 1316 fail("Should throw when trying to overwrite a PrivateKey entry with a Certificate"); 1317 } catch (KeyStoreException success) { 1318 } 1319 } 1320 testKeyStore_SetEntry_PrivateKeyEntry_Unencrypted_Success()1321 public void testKeyStore_SetEntry_PrivateKeyEntry_Unencrypted_Success() throws Exception { 1322 mKeyStore.load(null, null); 1323 1324 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1325 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1326 1327 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1328 1329 final Certificate[] expectedChain = new Certificate[2]; 1330 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1331 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1332 1333 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1334 1335 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1336 1337 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1338 assertNotNull("Retrieved entry should exist", actualEntry); 1339 1340 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1341 actualEntry instanceof PrivateKeyEntry); 1342 1343 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1344 1345 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1346 } 1347 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Unencrypted_Success()1348 public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Unencrypted_Success() 1349 throws Exception { 1350 mKeyStore.load(null, null); 1351 1352 final KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1353 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1354 1355 // Start with PrivateKeyEntry 1356 { 1357 PrivateKey expectedKey = keyFact 1358 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1359 1360 final Certificate[] expectedChain = new Certificate[2]; 1361 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1362 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1363 1364 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1365 1366 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1367 1368 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1369 assertNotNull("Retrieved entry should exist", actualEntry); 1370 1371 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1372 actualEntry instanceof PrivateKeyEntry); 1373 1374 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1375 1376 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1377 FAKE_RSA_CA_1); 1378 } 1379 1380 // TODO make entirely new test vector for the overwrite 1381 // Replace with PrivateKeyEntry 1382 { 1383 PrivateKey expectedKey = keyFact 1384 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1385 1386 final Certificate[] expectedChain = new Certificate[2]; 1387 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1388 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1389 1390 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1391 1392 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1393 1394 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1395 assertNotNull("Retrieved entry should exist", actualEntry); 1396 1397 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1398 actualEntry instanceof PrivateKeyEntry); 1399 1400 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1401 1402 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1403 FAKE_RSA_CA_1); 1404 } 1405 } 1406 testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Unencrypted_Success()1407 public void testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Unencrypted_Success() 1408 throws Exception { 1409 mKeyStore.load(null, null); 1410 1411 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1412 1413 // Start with TrustedCertificateEntry 1414 { 1415 final Certificate caCert = f 1416 .generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1417 1418 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1419 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1420 1421 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1422 assertNotNull("Retrieved entry should exist", actualEntry); 1423 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1424 actualEntry instanceof TrustedCertificateEntry); 1425 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1426 assertEquals("Stored and retrieved certificates should be the same", 1427 expectedCertEntry.getTrustedCertificate(), 1428 actualCertEntry.getTrustedCertificate()); 1429 } 1430 1431 // Replace with PrivateKeyEntry 1432 { 1433 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1434 PrivateKey expectedKey = keyFact 1435 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1436 final Certificate[] expectedChain = new Certificate[2]; 1437 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1438 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1439 1440 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1441 1442 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1443 1444 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1445 assertNotNull("Retrieved entry should exist", actualEntry); 1446 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1447 actualEntry instanceof PrivateKeyEntry); 1448 1449 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1450 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1451 FAKE_RSA_CA_1); 1452 } 1453 } 1454 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Unencrypted_Success()1455 public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Unencrypted_Success() 1456 throws Exception { 1457 mKeyStore.load(null, null); 1458 1459 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1460 1461 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1462 1463 // Start with PrivateKeyEntry 1464 { 1465 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1466 PrivateKey expectedKey = keyFact 1467 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1468 final Certificate[] expectedChain = new Certificate[2]; 1469 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1470 expectedChain[1] = caCert; 1471 1472 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1473 1474 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1475 1476 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1477 assertNotNull("Retrieved entry should exist", actualEntry); 1478 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1479 actualEntry instanceof PrivateKeyEntry); 1480 1481 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1482 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1483 FAKE_RSA_CA_1); 1484 } 1485 1486 // Replace with TrustedCertificateEntry 1487 { 1488 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1489 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1490 1491 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1492 assertNotNull("Retrieved entry should exist", actualEntry); 1493 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1494 actualEntry instanceof TrustedCertificateEntry); 1495 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1496 assertEquals("Stored and retrieved certificates should be the same", 1497 expectedCertEntry.getTrustedCertificate(), 1498 actualCertEntry.getTrustedCertificate()); 1499 } 1500 } 1501 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Unencrypted_Success()1502 public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Unencrypted_Success() 1503 throws Exception { 1504 mKeyStore.load(null, null); 1505 1506 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1507 1508 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1509 1510 // Start with PrivateKeyEntry 1511 { 1512 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1513 PrivateKey expectedKey = keyFact 1514 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1515 final Certificate[] expectedChain = new Certificate[2]; 1516 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1517 expectedChain[1] = caCert; 1518 1519 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1520 1521 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1522 1523 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1524 assertNotNull("Retrieved entry should exist", actualEntry); 1525 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1526 actualEntry instanceof PrivateKeyEntry); 1527 1528 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1529 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1530 FAKE_RSA_CA_1); 1531 } 1532 1533 // Replace with PrivateKeyEntry that has no chain 1534 { 1535 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1536 PrivateKey expectedKey = keyFact 1537 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1538 final Certificate[] expectedChain = new Certificate[1]; 1539 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1540 1541 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1542 1543 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1544 1545 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1546 assertNotNull("Retrieved entry should exist", actualEntry); 1547 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1548 actualEntry instanceof PrivateKeyEntry); 1549 1550 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1551 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1552 null); 1553 } 1554 } 1555 testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Unencrypted_Success()1556 public void testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Unencrypted_Success() 1557 throws Exception { 1558 mKeyStore.load(null, null); 1559 1560 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1561 1562 // Insert TrustedCertificateEntry 1563 { 1564 final Certificate caCert = f 1565 .generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1566 1567 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1568 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1569 1570 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1571 assertNotNull("Retrieved entry should exist", actualEntry); 1572 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1573 actualEntry instanceof TrustedCertificateEntry); 1574 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1575 assertEquals("Stored and retrieved certificates should be the same", 1576 expectedCertEntry.getTrustedCertificate(), 1577 actualCertEntry.getTrustedCertificate()); 1578 } 1579 1580 // Replace with TrustedCertificateEntry of USER 1581 { 1582 final Certificate userCert = f.generateCertificate(new ByteArrayInputStream( 1583 FAKE_RSA_USER_1)); 1584 1585 TrustedCertificateEntry expectedUserEntry = new TrustedCertificateEntry(userCert); 1586 mKeyStore.setEntry(TEST_ALIAS_1, expectedUserEntry, null); 1587 1588 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1589 assertNotNull("Retrieved entry should exist", actualEntry); 1590 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1591 actualEntry instanceof TrustedCertificateEntry); 1592 TrustedCertificateEntry actualUserEntry = (TrustedCertificateEntry) actualEntry; 1593 assertEquals("Stored and retrieved certificates should be the same", 1594 expectedUserEntry.getTrustedCertificate(), 1595 actualUserEntry.getTrustedCertificate()); 1596 } 1597 } 1598 testKeyStore_SetKeyEntry_ProtectedKey_Unencrypted_Failure()1599 public void testKeyStore_SetKeyEntry_ProtectedKey_Unencrypted_Failure() throws Exception { 1600 mKeyStore.load(null, null); 1601 1602 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1603 1604 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1605 1606 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1607 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1608 final Certificate[] chain = new Certificate[2]; 1609 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1610 chain[1] = caCert; 1611 1612 try { 1613 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, "foo".toCharArray(), chain); 1614 fail("Should fail when a password is specified"); 1615 } catch (KeyStoreException success) { 1616 } 1617 } 1618 testKeyStore_SetKeyEntry_Unencrypted_Success()1619 public void testKeyStore_SetKeyEntry_Unencrypted_Success() throws Exception { 1620 mKeyStore.load(null, null); 1621 1622 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1623 1624 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1625 1626 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1627 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1628 final Certificate[] chain = new Certificate[2]; 1629 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1630 chain[1] = caCert; 1631 1632 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1633 1634 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1635 assertNotNull("Retrieved entry should exist", actualEntry); 1636 1637 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1638 actualEntry instanceof PrivateKeyEntry); 1639 1640 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1641 1642 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1643 } 1644 testKeyStore_SetKeyEntry_Replaced_Unencrypted_Success()1645 public void testKeyStore_SetKeyEntry_Replaced_Unencrypted_Success() throws Exception { 1646 mKeyStore.load(null, null); 1647 1648 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1649 1650 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1651 1652 // Insert initial key 1653 { 1654 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1655 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1656 final Certificate[] chain = new Certificate[2]; 1657 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1658 chain[1] = caCert; 1659 1660 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1661 1662 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1663 assertNotNull("Retrieved entry should exist", actualEntry); 1664 1665 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1666 actualEntry instanceof PrivateKeyEntry); 1667 1668 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1669 1670 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1671 FAKE_RSA_CA_1); 1672 } 1673 1674 // TODO make a separate key 1675 // Replace key 1676 { 1677 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1678 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1679 final Certificate[] chain = new Certificate[2]; 1680 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1681 chain[1] = caCert; 1682 1683 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1684 1685 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1686 assertNotNull("Retrieved entry should exist", actualEntry); 1687 1688 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1689 actualEntry instanceof PrivateKeyEntry); 1690 1691 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1692 1693 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1694 FAKE_RSA_CA_1); 1695 } 1696 } 1697 testKeyStore_SetKeyEntry_ReplacedChain_Unencrypted_Success()1698 public void testKeyStore_SetKeyEntry_ReplacedChain_Unencrypted_Success() throws Exception { 1699 mKeyStore.load(null, null); 1700 1701 // Create key #1 1702 { 1703 KeyStore.PrivateKeyEntry privEntry = makeUserRsaKey1(); 1704 mKeyStore.setEntry(TEST_ALIAS_1, privEntry, null); 1705 1706 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1707 1708 assertTrue(entry instanceof PrivateKeyEntry); 1709 1710 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1711 1712 ArrayList<Certificate> chain = new ArrayList<Certificate>(); 1713 chain.add(generateCertificate(FAKE_RSA_CA_1)); 1714 assertPrivateKeyEntryEquals(keyEntry, privEntry.getPrivateKey(), 1715 privEntry.getCertificate(), chain); 1716 } 1717 1718 // Replace key #1 with new chain 1719 { 1720 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1721 1722 assertTrue(key instanceof PrivateKey); 1723 1724 PrivateKey expectedKey = (PrivateKey) key; 1725 1726 Certificate expectedCert = generateCertificate(FAKE_RSA_USER_1); 1727 1728 mKeyStore.setKeyEntry(TEST_ALIAS_1, expectedKey, null, 1729 new Certificate[] { expectedCert }); 1730 1731 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1732 1733 assertTrue(entry instanceof PrivateKeyEntry); 1734 1735 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1736 1737 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null); 1738 } 1739 } 1740 testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Unencrypted_Failure()1741 public void testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Unencrypted_Failure() 1742 throws Exception { 1743 mKeyStore.load(null, null); 1744 1745 // Create key #1 1746 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1747 1748 // Create key #2 1749 mKeyStore.setEntry(TEST_ALIAS_2, makeUserRsaKey1(), null); 1750 1751 1752 // Replace key #1 with key #2 1753 { 1754 Key key1 = mKeyStore.getKey(TEST_ALIAS_2, null); 1755 1756 Certificate cert = generateCertificate(FAKE_RSA_USER_1); 1757 1758 try { 1759 mKeyStore.setKeyEntry(TEST_ALIAS_1, key1, null, new Certificate[] { cert }); 1760 fail("Should not allow setting of KeyEntry with wrong PrivaetKey"); 1761 } catch (KeyStoreException success) { 1762 } 1763 } 1764 } 1765 testKeyStore_SetKeyEntry_ReplacedWithSame_UnencryptedToUnencrypted_Failure()1766 public void testKeyStore_SetKeyEntry_ReplacedWithSame_UnencryptedToUnencrypted_Failure() 1767 throws Exception { 1768 mKeyStore.load(null, null); 1769 1770 // Create key #1 1771 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1772 1773 // Replace with same 1774 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1775 mKeyStore.setEntry(TEST_ALIAS_1, entry, null); 1776 } 1777 testKeyStore_Size_Unencrypted_Success()1778 public void testKeyStore_Size_Unencrypted_Success() throws Exception { 1779 mKeyStore.load(null, null); 1780 1781 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1782 1783 assertEquals("The keystore size should match expected", 1, mKeyStore.size()); 1784 assertAliases(new String[] { TEST_ALIAS_1 }); 1785 1786 mKeyStore.setCertificateEntry(TEST_ALIAS_2, generateCertificate(FAKE_RSA_CA_1)); 1787 1788 assertEquals("The keystore size should match expected", 2, mKeyStore.size()); 1789 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); 1790 1791 mKeyStore.setEntry(TEST_ALIAS_3, makeUserRsaKey1(), null); 1792 1793 assertEquals("The keystore size should match expected", 3, mKeyStore.size()); 1794 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); 1795 1796 mKeyStore.deleteEntry(TEST_ALIAS_1); 1797 1798 assertEquals("The keystore size should match expected", 2, mKeyStore.size()); 1799 assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); 1800 1801 mKeyStore.deleteEntry(TEST_ALIAS_3); 1802 1803 assertEquals("The keystore size should match expected", 1, mKeyStore.size()); 1804 assertAliases(new String[] { TEST_ALIAS_2 }); 1805 } 1806 testKeyStore_Store_LoadStoreParam_Unencrypted_Failure()1807 public void testKeyStore_Store_LoadStoreParam_Unencrypted_Failure() throws Exception { 1808 mKeyStore.load(null, null); 1809 1810 try { 1811 mKeyStore.store(null); 1812 fail("Should throw UnsupportedOperationException when trying to store"); 1813 } catch (UnsupportedOperationException success) { 1814 } 1815 } 1816 testKeyStore_Load_InputStreamSupplied_Unencrypted_Failure()1817 public void testKeyStore_Load_InputStreamSupplied_Unencrypted_Failure() throws Exception { 1818 byte[] buf = "FAKE KEYSTORE".getBytes(); 1819 ByteArrayInputStream is = new ByteArrayInputStream(buf); 1820 1821 try { 1822 mKeyStore.load(is, null); 1823 fail("Should throw IllegalArgumentException when InputStream is supplied"); 1824 } catch (IllegalArgumentException success) { 1825 } 1826 } 1827 testKeyStore_Load_PasswordSupplied_Unencrypted_Failure()1828 public void testKeyStore_Load_PasswordSupplied_Unencrypted_Failure() throws Exception { 1829 try { 1830 mKeyStore.load(null, "password".toCharArray()); 1831 fail("Should throw IllegalArgumentException when password is supplied"); 1832 } catch (IllegalArgumentException success) { 1833 } 1834 } 1835 testKeyStore_Store_OutputStream_Unencrypted_Failure()1836 public void testKeyStore_Store_OutputStream_Unencrypted_Failure() throws Exception { 1837 mKeyStore.load(null, null); 1838 1839 OutputStream sink = new ByteArrayOutputStream(); 1840 try { 1841 mKeyStore.store(sink, null); 1842 fail("Should throw UnsupportedOperationException when trying to store"); 1843 } catch (UnsupportedOperationException success) { 1844 } 1845 1846 try { 1847 mKeyStore.store(sink, "blah".toCharArray()); 1848 fail("Should throw UnsupportedOperationException when trying to store"); 1849 } catch (UnsupportedOperationException success) { 1850 } 1851 } 1852 testKeyStore_KeyOperations_Wrap_Unencrypted_Success()1853 public void testKeyStore_KeyOperations_Wrap_Unencrypted_Success() throws Exception { 1854 mKeyStore.load(null, null); 1855 1856 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1857 1858 // Test key usage 1859 Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null); 1860 assertNotNull(e); 1861 assertTrue(e instanceof PrivateKeyEntry); 1862 1863 PrivateKeyEntry privEntry = (PrivateKeyEntry) e; 1864 PrivateKey privKey = privEntry.getPrivateKey(); 1865 assertNotNull(privKey); 1866 1867 PublicKey pubKey = privEntry.getCertificate().getPublicKey(); 1868 1869 Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding"); 1870 c.init(Cipher.WRAP_MODE, pubKey); 1871 1872 byte[] expectedKey = new byte[] { 1873 0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A 1874 }; 1875 1876 SecretKey expectedSecret = new TransparentSecretKey(expectedKey, "AES"); 1877 1878 byte[] wrappedExpected = c.wrap(expectedSecret); 1879 1880 c.init(Cipher.UNWRAP_MODE, privKey); 1881 SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY); 1882 1883 assertEquals(Arrays.toString(expectedSecret.getEncoded()), 1884 Arrays.toString(actualSecret.getEncoded())); 1885 } 1886 testKeyStore_Encrypting_RSA_NONE_NOPADDING()1887 public void testKeyStore_Encrypting_RSA_NONE_NOPADDING() throws Exception { 1888 1889 String alias = "MyKey"; 1890 KeyStore ks = KeyStore.getInstance("AndroidKeyStore"); 1891 assertNotNull(ks); 1892 ks.load(null); 1893 1894 Calendar cal = Calendar.getInstance(); 1895 cal.set(1944, 5, 6); 1896 Date now = cal.getTime(); 1897 cal.clear(); 1898 1899 cal.set(1945, 8, 2); 1900 Date end = cal.getTime(); 1901 1902 KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); 1903 assertNotNull(kpg); 1904 kpg.initialize(new KeyPairGeneratorSpec.Builder(mContext) 1905 .setAlias(alias) 1906 .setStartDate(now) 1907 .setEndDate(end) 1908 .setSerialNumber(BigInteger.valueOf(1)) 1909 .setSubject(new X500Principal("CN=test1")) 1910 .build()); 1911 1912 kpg.generateKeyPair(); 1913 1914 PrivateKey privateKey = (PrivateKey) ks.getKey(alias, null); 1915 assertNotNull(privateKey); 1916 PublicKey publicKey = ks.getCertificate(alias).getPublicKey(); 1917 assertNotNull(publicKey); 1918 String cipher = privateKey.getAlgorithm() + "/NONE/NOPADDING"; 1919 Cipher encrypt = Cipher.getInstance(cipher); 1920 assertNotNull(encrypt); 1921 encrypt.init(Cipher.ENCRYPT_MODE, privateKey); 1922 1923 int modulusSizeBytes = (((RSAKey) publicKey).getModulus().bitLength() + 7) / 8; 1924 byte[] plainText = new byte[modulusSizeBytes]; 1925 Arrays.fill(plainText, (byte) 0xFF); 1926 1927 // We expect a BadPaddingException here as the message size (plaintext) 1928 // is bigger than the modulus. 1929 try { 1930 encrypt.doFinal(plainText); 1931 fail("Expected BadPaddingException or IllegalBlockSizeException"); 1932 } catch (BadPaddingException e) { 1933 // pass on exception as it is expected 1934 } catch (IllegalBlockSizeException e) { 1935 // pass on exception as it is expected 1936 } 1937 } 1938 testKeyStore_PrivateKeyEntry_RSA_PublicKeyWorksWithCrypto()1939 public void testKeyStore_PrivateKeyEntry_RSA_PublicKeyWorksWithCrypto() 1940 throws Exception { 1941 mKeyStore.load(null, null); 1942 mKeyStore.setKeyEntry(TEST_ALIAS_2, 1943 KeyFactory.getInstance("RSA").generatePrivate( 1944 new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)), 1945 null, // no password (it's not even supported) 1946 new Certificate[] {generateCertificate(FAKE_RSA_USER_1)}); 1947 PublicKey publicKey = mKeyStore.getCertificate(TEST_ALIAS_2).getPublicKey(); 1948 assertNotNull(publicKey); 1949 1950 Signature.getInstance("SHA256withRSA").initVerify(publicKey); 1951 Signature.getInstance("NONEwithRSA").initVerify(publicKey); 1952 Signature.getInstance("SHA256withRSA/PSS").initVerify(publicKey); 1953 1954 Cipher.getInstance("RSA/ECB/PKCS1Padding").init(Cipher.ENCRYPT_MODE, publicKey); 1955 Cipher.getInstance("RSA/ECB/NoPadding").init(Cipher.ENCRYPT_MODE, publicKey); 1956 Cipher.getInstance("RSA/ECB/OAEPPadding").init(Cipher.ENCRYPT_MODE, publicKey); 1957 } 1958 testKeyStore_PrivateKeyEntry_EC_PublicKeyWorksWithCrypto()1959 public void testKeyStore_PrivateKeyEntry_EC_PublicKeyWorksWithCrypto() 1960 throws Exception { 1961 mKeyStore.load(null, null); 1962 mKeyStore.setKeyEntry(TEST_ALIAS_1, 1963 KeyFactory.getInstance("EC").generatePrivate( 1964 new PKCS8EncodedKeySpec(FAKE_EC_KEY_1)), 1965 null, // no password (it's not even supported) 1966 new Certificate[] {generateCertificate(FAKE_EC_USER_1)}); 1967 PublicKey publicKey = mKeyStore.getCertificate(TEST_ALIAS_1).getPublicKey(); 1968 assertNotNull(publicKey); 1969 1970 Signature.getInstance("SHA256withECDSA").initVerify(publicKey); 1971 Signature.getInstance("NONEwithECDSA").initVerify(publicKey); 1972 } 1973 testKeyStore_TrustedCertificateEntry_RSA_PublicKeyWorksWithCrypto()1974 public void testKeyStore_TrustedCertificateEntry_RSA_PublicKeyWorksWithCrypto() 1975 throws Exception { 1976 mKeyStore.load(null, null); 1977 mKeyStore.setCertificateEntry(TEST_ALIAS_2, generateCertificate(FAKE_RSA_USER_1)); 1978 PublicKey publicKey = mKeyStore.getCertificate(TEST_ALIAS_2).getPublicKey(); 1979 assertNotNull(publicKey); 1980 1981 Signature.getInstance("SHA256withRSA").initVerify(publicKey); 1982 Signature.getInstance("NONEwithRSA").initVerify(publicKey); 1983 1984 Cipher.getInstance("RSA/ECB/PKCS1Padding").init(Cipher.ENCRYPT_MODE, publicKey); 1985 Cipher.getInstance("RSA/ECB/NoPadding").init(Cipher.ENCRYPT_MODE, publicKey); 1986 } 1987 testKeyStore_TrustedCertificateEntry_EC_PublicKeyWorksWithCrypto()1988 public void testKeyStore_TrustedCertificateEntry_EC_PublicKeyWorksWithCrypto() 1989 throws Exception { 1990 mKeyStore.load(null, null); 1991 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_EC_USER_1)); 1992 PublicKey publicKey = mKeyStore.getCertificate(TEST_ALIAS_1).getPublicKey(); 1993 assertNotNull(publicKey); 1994 1995 Signature.getInstance("SHA256withECDSA").initVerify(publicKey); 1996 Signature.getInstance("NONEwithECDSA").initVerify(publicKey); 1997 } 1998 1999 private static final int MIN_SUPPORTED_KEY_COUNT = 1500; 2000 private static final long MINUTE_IN_MILLIS = 1000 * 60; 2001 private static final long LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_MILLIS = 4 * MINUTE_IN_MILLIS; 2002 private static final long LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_WATCH_MILLIS = 6 * MINUTE_IN_MILLIS; 2003 isDeadlineReached(long startTimeMillis, long durationMillis)2004 private static boolean isDeadlineReached(long startTimeMillis, long durationMillis) { 2005 long nowMillis = System.currentTimeMillis(); 2006 if (nowMillis < startTimeMillis) { 2007 return true; 2008 } 2009 return nowMillis - startTimeMillis > durationMillis; 2010 } 2011 2012 @LargeTest testKeyStore_LargeNumberOfKeysSupported_RSA()2013 public void testKeyStore_LargeNumberOfKeysSupported_RSA() throws Exception { 2014 // This test imports key1, then lots of other keys, then key2, and then confirms that 2015 // key1 and key2 backed by Android Keystore work fine. The assumption is that if the 2016 // underlying implementation has a limit on the number of keys, it'll either delete the 2017 // oldest key (key1), or will refuse to add keys (key2). 2018 // The test imports as many keys as it can in a fixed amount of time instead of stopping 2019 // at MIN_SUPPORTED_KEY_COUNT to balance the desire to support an unlimited number of keys 2020 // with the constraints on how long the test can run and performance differences of hardware 2021 // under test. 2022 2023 long testStartTimeMillis = System.currentTimeMillis(); 2024 2025 Certificate cert1 = TestUtils.getRawResX509Certificate(getContext(), R.raw.rsa_key1_cert); 2026 PrivateKey privateKey1 = TestUtils.getRawResPrivateKey(getContext(), R.raw.rsa_key1_pkcs8); 2027 String entryName1 = "test0"; 2028 2029 Certificate cert2 = TestUtils.getRawResX509Certificate(getContext(), R.raw.rsa_key2_cert); 2030 PrivateKey privateKey2 = TestUtils.getRawResPrivateKey(getContext(), R.raw.rsa_key2_pkcs8); 2031 2032 Certificate cert3 = generateCertificate(FAKE_RSA_USER_1); 2033 PrivateKey privateKey3 = generatePrivateKey("RSA", FAKE_RSA_KEY_1); 2034 2035 mKeyStore.load(null); 2036 int latestImportedEntryNumber = 0; 2037 try { 2038 KeyProtection protectionParams = new KeyProtection.Builder( 2039 KeyProperties.PURPOSE_SIGN) 2040 .setDigests(KeyProperties.DIGEST_SHA256) 2041 .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1) 2042 .build(); 2043 mKeyStore.setEntry(entryName1, 2044 new KeyStore.PrivateKeyEntry(privateKey1, new Certificate[] {cert1}), 2045 protectionParams); 2046 2047 // Import key3 lots of times, under different aliases. 2048 while (!isDeadlineReached(testStartTimeMillis, mMaxTestDurationMillis)) { 2049 latestImportedEntryNumber++; 2050 if ((latestImportedEntryNumber % 1000) == 0) { 2051 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2052 } 2053 String entryAlias = "test" + latestImportedEntryNumber; 2054 try { 2055 mKeyStore.setEntry(entryAlias, 2056 new KeyStore.PrivateKeyEntry(privateKey3, new Certificate[] {cert3}), 2057 protectionParams); 2058 } catch (Throwable e) { 2059 throw new RuntimeException("Entry " + entryAlias + " import failed", e); 2060 } 2061 } 2062 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2063 if (latestImportedEntryNumber < MIN_SUPPORTED_KEY_COUNT) { 2064 fail("Failed to import " + MIN_SUPPORTED_KEY_COUNT + " keys in " 2065 + (System.currentTimeMillis() - testStartTimeMillis) 2066 + " ms. Imported: " + latestImportedEntryNumber + " keys"); 2067 } 2068 2069 latestImportedEntryNumber++; 2070 String entryName2 = "test" + latestImportedEntryNumber; 2071 mKeyStore.setEntry(entryName2, 2072 new KeyStore.PrivateKeyEntry(privateKey2, new Certificate[] {cert2}), 2073 protectionParams); 2074 PrivateKey keystorePrivateKey2 = (PrivateKey) mKeyStore.getKey(entryName2, null); 2075 PrivateKey keystorePrivateKey1 = (PrivateKey) mKeyStore.getKey(entryName1, null); 2076 2077 byte[] message = "This is a test".getBytes("UTF-8"); 2078 2079 Signature sig = Signature.getInstance("SHA256withRSA"); 2080 sig.initSign(keystorePrivateKey1); 2081 sig.update(message); 2082 byte[] signature = sig.sign(); 2083 sig = Signature.getInstance(sig.getAlgorithm()); 2084 sig.initVerify(cert1.getPublicKey()); 2085 sig.update(message); 2086 assertTrue(sig.verify(signature)); 2087 2088 sig = Signature.getInstance(sig.getAlgorithm()); 2089 sig.initSign(keystorePrivateKey2); 2090 sig.update(message); 2091 signature = sig.sign(); 2092 sig = Signature.getInstance(sig.getAlgorithm()); 2093 sig.initVerify(cert2.getPublicKey()); 2094 sig.update(message); 2095 assertTrue(sig.verify(signature)); 2096 } finally { 2097 // Clean up Keystore without using KeyStore.aliases() which can't handle this many 2098 // entries. 2099 Log.i(TAG, "Deleting imported keys"); 2100 for (int i = 0; i <= latestImportedEntryNumber; i++) { 2101 if ((i > 0) && ((i % 1000) == 0)) { 2102 Log.i(TAG, "Deleted " + i + " keys"); 2103 } 2104 mKeyStore.deleteEntry("test" + i); 2105 } 2106 Log.i(TAG, "Deleted " + (latestImportedEntryNumber + 1) + " keys"); 2107 } 2108 } 2109 2110 @LargeTest testKeyStore_LargeNumberOfKeysSupported_EC()2111 public void testKeyStore_LargeNumberOfKeysSupported_EC() throws Exception { 2112 // This test imports key1, then lots of other keys, then key2, and then confirms that 2113 // key1 and key2 backed by Android Keystore work fine. The assumption is that if the 2114 // underlying implementation has a limit on the number of keys, it'll either delete the 2115 // oldest key (key1), or will refuse to add keys (key2). 2116 // The test imports as many keys as it can in a fixed amount of time instead of stopping 2117 // at MIN_SUPPORTED_KEY_COUNT to balance the desire to support an unlimited number of keys 2118 // with the constraints on how long the test can run and performance differences of hardware 2119 // under test. 2120 2121 long testStartTimeMillis = System.currentTimeMillis(); 2122 2123 Certificate cert1 = TestUtils.getRawResX509Certificate(getContext(), R.raw.ec_key1_cert); 2124 PrivateKey privateKey1 = TestUtils.getRawResPrivateKey(getContext(), R.raw.ec_key1_pkcs8); 2125 String entryName1 = "test0"; 2126 2127 Certificate cert2 = TestUtils.getRawResX509Certificate(getContext(), R.raw.ec_key2_cert); 2128 PrivateKey privateKey2 = TestUtils.getRawResPrivateKey(getContext(), R.raw.ec_key2_pkcs8); 2129 2130 Certificate cert3 = generateCertificate(FAKE_EC_USER_1); 2131 PrivateKey privateKey3 = generatePrivateKey("EC", FAKE_EC_KEY_1); 2132 2133 mKeyStore.load(null); 2134 int latestImportedEntryNumber = 0; 2135 try { 2136 KeyProtection protectionParams = new KeyProtection.Builder( 2137 KeyProperties.PURPOSE_SIGN) 2138 .setDigests(KeyProperties.DIGEST_SHA256) 2139 .build(); 2140 mKeyStore.setEntry(entryName1, 2141 new KeyStore.PrivateKeyEntry(privateKey1, new Certificate[] {cert1}), 2142 protectionParams); 2143 2144 // Import key3 lots of times, under different aliases. 2145 while (!isDeadlineReached( 2146 testStartTimeMillis, mMaxTestDurationMillis)) { 2147 latestImportedEntryNumber++; 2148 if ((latestImportedEntryNumber % 1000) == 0) { 2149 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2150 } 2151 String entryAlias = "test" + latestImportedEntryNumber; 2152 try { 2153 mKeyStore.setEntry(entryAlias, 2154 new KeyStore.PrivateKeyEntry(privateKey3, new Certificate[] {cert3}), 2155 protectionParams); 2156 } catch (Throwable e) { 2157 throw new RuntimeException("Entry " + entryAlias + " import failed", e); 2158 } 2159 } 2160 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2161 if (latestImportedEntryNumber < MIN_SUPPORTED_KEY_COUNT) { 2162 fail("Failed to import " + MIN_SUPPORTED_KEY_COUNT + " keys in " 2163 + (System.currentTimeMillis() - testStartTimeMillis) 2164 + " ms. Imported: " + latestImportedEntryNumber + " keys"); 2165 } 2166 2167 latestImportedEntryNumber++; 2168 String entryName2 = "test" + latestImportedEntryNumber; 2169 mKeyStore.setEntry(entryName2, 2170 new KeyStore.PrivateKeyEntry(privateKey2, new Certificate[] {cert2}), 2171 protectionParams); 2172 PrivateKey keystorePrivateKey2 = (PrivateKey) mKeyStore.getKey(entryName2, null); 2173 PrivateKey keystorePrivateKey1 = (PrivateKey) mKeyStore.getKey(entryName1, null); 2174 2175 byte[] message = "This is a test".getBytes("UTF-8"); 2176 2177 Signature sig = Signature.getInstance("SHA256withECDSA"); 2178 sig.initSign(keystorePrivateKey1); 2179 sig.update(message); 2180 byte[] signature = sig.sign(); 2181 sig = Signature.getInstance(sig.getAlgorithm()); 2182 sig.initVerify(cert1.getPublicKey()); 2183 sig.update(message); 2184 assertTrue(sig.verify(signature)); 2185 2186 sig = Signature.getInstance(sig.getAlgorithm()); 2187 sig.initSign(keystorePrivateKey2); 2188 sig.update(message); 2189 signature = sig.sign(); 2190 sig = Signature.getInstance(sig.getAlgorithm()); 2191 sig.initVerify(cert2.getPublicKey()); 2192 sig.update(message); 2193 assertTrue(sig.verify(signature)); 2194 } finally { 2195 // Clean up Keystore without using KeyStore.aliases() which can't handle this many 2196 // entries. 2197 Log.i(TAG, "Deleting imported keys"); 2198 for (int i = 0; i <= latestImportedEntryNumber; i++) { 2199 if ((i > 0) && ((i % 1000) == 0)) { 2200 Log.i(TAG, "Deleted " + i + " keys"); 2201 } 2202 mKeyStore.deleteEntry("test" + i); 2203 } 2204 Log.i(TAG, "Deleted " + (latestImportedEntryNumber + 1) + " keys"); 2205 } 2206 } 2207 2208 @LargeTest testKeyStore_LargeNumberOfKeysSupported_AES()2209 public void testKeyStore_LargeNumberOfKeysSupported_AES() throws Exception { 2210 // This test imports key1, then lots of other keys, then key2, and then confirms that 2211 // key1 and key2 backed by Android Keystore work fine. The assumption is that if the 2212 // underlying implementation has a limit on the number of keys, it'll either delete the 2213 // oldest key (key1), or will refuse to add keys (key2). 2214 // The test imports as many keys as it can in a fixed amount of time instead of stopping 2215 // at MIN_SUPPORTED_KEY_COUNT to balance the desire to support an unlimited number of keys 2216 // with the constraints on how long the test can run and performance differences of hardware 2217 // under test. 2218 2219 long testStartTimeMillis = System.currentTimeMillis(); 2220 2221 SecretKey key1 = new TransparentSecretKey( 2222 HexEncoding.decode("010203040506070809fafbfcfdfeffcc"), "AES"); 2223 String entryName1 = "test0"; 2224 2225 SecretKey key2 = new TransparentSecretKey( 2226 HexEncoding.decode("808182838485868788897a7b7c7d7e7f"), "AES"); 2227 2228 SecretKey key3 = new TransparentSecretKey( 2229 HexEncoding.decode("33333333333333333333777777777777"), "AES"); 2230 2231 mKeyStore.load(null); 2232 int latestImportedEntryNumber = 0; 2233 try { 2234 KeyProtection protectionParams = new KeyProtection.Builder( 2235 KeyProperties.PURPOSE_ENCRYPT) 2236 .setBlockModes(KeyProperties.BLOCK_MODE_GCM) 2237 .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) 2238 .build(); 2239 mKeyStore.setEntry(entryName1, new KeyStore.SecretKeyEntry(key1), protectionParams); 2240 2241 // Import key3 lots of times, under different aliases. 2242 while (!isDeadlineReached(testStartTimeMillis, mMaxTestDurationMillis)) { 2243 latestImportedEntryNumber++; 2244 if ((latestImportedEntryNumber % 1000) == 0) { 2245 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2246 } 2247 String entryAlias = "test" + latestImportedEntryNumber; 2248 try { 2249 mKeyStore.setEntry(entryAlias, 2250 new KeyStore.SecretKeyEntry(key3), protectionParams); 2251 } catch (Throwable e) { 2252 throw new RuntimeException("Entry " + entryAlias + " import failed", e); 2253 } 2254 } 2255 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2256 if (latestImportedEntryNumber < MIN_SUPPORTED_KEY_COUNT) { 2257 fail("Failed to import " + MIN_SUPPORTED_KEY_COUNT + " keys in " 2258 + (System.currentTimeMillis() - testStartTimeMillis) 2259 + " ms. Imported: " + latestImportedEntryNumber + " keys"); 2260 } 2261 2262 latestImportedEntryNumber++; 2263 String entryName2 = "test" + latestImportedEntryNumber; 2264 mKeyStore.setEntry(entryName2, new KeyStore.SecretKeyEntry(key2), protectionParams); 2265 SecretKey keystoreKey2 = (SecretKey) mKeyStore.getKey(entryName2, null); 2266 SecretKey keystoreKey1 = (SecretKey) mKeyStore.getKey(entryName1, null); 2267 2268 byte[] plaintext = "This is a test".getBytes("UTF-8"); 2269 Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); 2270 cipher.init(Cipher.ENCRYPT_MODE, keystoreKey1); 2271 byte[] ciphertext = cipher.doFinal(plaintext); 2272 AlgorithmParameters cipherParams = cipher.getParameters(); 2273 cipher = Cipher.getInstance(cipher.getAlgorithm()); 2274 cipher.init(Cipher.DECRYPT_MODE, key1, cipherParams); 2275 MoreAsserts.assertEquals(plaintext, cipher.doFinal(ciphertext)); 2276 2277 cipher = Cipher.getInstance(cipher.getAlgorithm()); 2278 cipher.init(Cipher.ENCRYPT_MODE, keystoreKey2); 2279 ciphertext = cipher.doFinal(plaintext); 2280 cipherParams = cipher.getParameters(); 2281 cipher = Cipher.getInstance(cipher.getAlgorithm()); 2282 cipher.init(Cipher.DECRYPT_MODE, key2, cipherParams); 2283 MoreAsserts.assertEquals(plaintext, cipher.doFinal(ciphertext)); 2284 } finally { 2285 // Clean up Keystore without using KeyStore.aliases() which can't handle this many 2286 // entries. 2287 Log.i(TAG, "Deleting imported keys"); 2288 for (int i = 0; i <= latestImportedEntryNumber; i++) { 2289 if ((i > 0) && ((i % 1000) == 0)) { 2290 Log.i(TAG, "Deleted " + i + " keys"); 2291 } 2292 mKeyStore.deleteEntry("test" + i); 2293 } 2294 Log.i(TAG, "Deleted " + (latestImportedEntryNumber + 1) + " keys"); 2295 } 2296 } 2297 2298 @LargeTest testKeyStore_LargeNumberOfKeysSupported_HMAC()2299 public void testKeyStore_LargeNumberOfKeysSupported_HMAC() throws Exception { 2300 // This test imports key1, then lots of other keys, then key2, and then confirms that 2301 // key1 and key2 backed by Android Keystore work fine. The assumption is that if the 2302 // underlying implementation has a limit on the number of keys, it'll either delete the 2303 // oldest key (key1), or will refuse to add keys (key2). 2304 // The test imports as many keys as it can in a fixed amount of time instead of stopping 2305 // at MIN_SUPPORTED_KEY_COUNT to balance the desire to support an unlimited number of keys 2306 // with the constraints on how long the test can run and performance differences of hardware 2307 // under test. 2308 2309 long testStartTimeMillis = System.currentTimeMillis(); 2310 2311 SecretKey key1 = new TransparentSecretKey( 2312 HexEncoding.decode("010203040506070809fafbfcfdfeffcc"), "HmacSHA256"); 2313 String entryName1 = "test0"; 2314 2315 SecretKey key2 = new TransparentSecretKey( 2316 HexEncoding.decode("808182838485868788897a7b7c7d7e7f"), "HmacSHA256"); 2317 2318 SecretKey key3 = new TransparentSecretKey( 2319 HexEncoding.decode("33333333333333333333777777777777"), "HmacSHA256"); 2320 2321 mKeyStore.load(null); 2322 int latestImportedEntryNumber = 0; 2323 try { 2324 KeyProtection protectionParams = new KeyProtection.Builder( 2325 KeyProperties.PURPOSE_SIGN) 2326 .build(); 2327 mKeyStore.setEntry(entryName1, new KeyStore.SecretKeyEntry(key1), protectionParams); 2328 2329 // Import key3 lots of times, under different aliases. 2330 while (!isDeadlineReached(testStartTimeMillis, mMaxTestDurationMillis)) { 2331 latestImportedEntryNumber++; 2332 if ((latestImportedEntryNumber % 1000) == 0) { 2333 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2334 } 2335 String entryAlias = "test" + latestImportedEntryNumber; 2336 try { 2337 mKeyStore.setEntry(entryAlias, 2338 new KeyStore.SecretKeyEntry(key3), protectionParams); 2339 } catch (Throwable e) { 2340 throw new RuntimeException("Entry " + entryAlias + " import failed", e); 2341 } 2342 } 2343 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2344 if (latestImportedEntryNumber < MIN_SUPPORTED_KEY_COUNT) { 2345 fail("Failed to import " + MIN_SUPPORTED_KEY_COUNT + " keys in " 2346 + (System.currentTimeMillis() - testStartTimeMillis) 2347 + " ms. Imported: " + latestImportedEntryNumber + " keys"); 2348 } 2349 2350 latestImportedEntryNumber++; 2351 String entryName2 = "test" + latestImportedEntryNumber; 2352 mKeyStore.setEntry(entryName2, new KeyStore.SecretKeyEntry(key2), protectionParams); 2353 SecretKey keystoreKey2 = (SecretKey) mKeyStore.getKey(entryName2, null); 2354 SecretKey keystoreKey1 = (SecretKey) mKeyStore.getKey(entryName1, null); 2355 2356 byte[] message = "This is a test".getBytes("UTF-8"); 2357 Mac mac = Mac.getInstance(key1.getAlgorithm()); 2358 mac.init(keystoreKey1); 2359 MoreAsserts.assertEquals( 2360 HexEncoding.decode( 2361 "905e36f5a175f4ca54ad56b860b46f6502f883a90628dca2d33a953fb7224eaf"), 2362 mac.doFinal(message)); 2363 2364 mac = Mac.getInstance(key2.getAlgorithm()); 2365 mac.init(keystoreKey2); 2366 MoreAsserts.assertEquals( 2367 HexEncoding.decode( 2368 "59b57e77e4e2cb36b5c7b84af198ac004327bc549de6931a1b5505372dd8c957"), 2369 mac.doFinal(message)); 2370 } finally { 2371 // Clean up Keystore without using KeyStore.aliases() which can't handle this many 2372 // entries. 2373 Log.i(TAG, "Deleting imported keys"); 2374 for (int i = 0; i <= latestImportedEntryNumber; i++) { 2375 if ((i > 0) && ((i % 1000) == 0)) { 2376 Log.i(TAG, "Deleted " + i + " keys"); 2377 } 2378 mKeyStore.deleteEntry("test" + i); 2379 } 2380 Log.i(TAG, "Deleted " + (latestImportedEntryNumber + 1) + " keys"); 2381 } 2382 } 2383 testKeyStore_OnlyOneDigestCanBeAuthorized_HMAC()2384 public void testKeyStore_OnlyOneDigestCanBeAuthorized_HMAC() throws Exception { 2385 mKeyStore.load(null); 2386 2387 for (String algorithm : KeyGeneratorTest.EXPECTED_ALGORITHMS) { 2388 if (!TestUtils.isHmacAlgorithm(algorithm)) { 2389 continue; 2390 } 2391 try { 2392 String digest = TestUtils.getHmacAlgorithmDigest(algorithm); 2393 assertNotNull(digest); 2394 SecretKey keyBeingImported = new TransparentSecretKey(new byte[16], algorithm); 2395 2396 KeyProtection.Builder goodSpec = 2397 new KeyProtection.Builder(KeyProperties.PURPOSE_SIGN); 2398 2399 // Digests authorization not specified in import parameters 2400 assertFalse(goodSpec.build().isDigestsSpecified()); 2401 mKeyStore.setEntry(TEST_ALIAS_1, 2402 new KeyStore.SecretKeyEntry(keyBeingImported), 2403 goodSpec.build()); 2404 SecretKey key = (SecretKey) mKeyStore.getKey(TEST_ALIAS_1, null); 2405 TestUtils.assertContentsInAnyOrder( 2406 Arrays.asList(TestUtils.getKeyInfo(key).getDigests()), digest); 2407 2408 // The same digest is specified in import parameters 2409 mKeyStore.setEntry(TEST_ALIAS_1, 2410 new KeyStore.SecretKeyEntry(keyBeingImported), 2411 TestUtils.buildUpon(goodSpec).setDigests(digest).build()); 2412 key = (SecretKey) mKeyStore.getKey(TEST_ALIAS_1, null); 2413 TestUtils.assertContentsInAnyOrder( 2414 Arrays.asList(TestUtils.getKeyInfo(key).getDigests()), digest); 2415 2416 // Empty set of digests specified in import parameters 2417 try { 2418 mKeyStore.setEntry(TEST_ALIAS_1, 2419 new KeyStore.SecretKeyEntry(keyBeingImported), 2420 TestUtils.buildUpon(goodSpec).setDigests().build()); 2421 fail(); 2422 } catch (KeyStoreException expected) {} 2423 2424 // A different digest specified in import parameters 2425 String anotherDigest = "SHA-256".equalsIgnoreCase(digest) ? "SHA-384" : "SHA-256"; 2426 try { 2427 mKeyStore.setEntry(TEST_ALIAS_1, 2428 new KeyStore.SecretKeyEntry(keyBeingImported), 2429 TestUtils.buildUpon(goodSpec).setDigests(anotherDigest).build()); 2430 fail(); 2431 } catch (KeyStoreException expected) {} 2432 try { 2433 mKeyStore.setEntry(TEST_ALIAS_1, 2434 new KeyStore.SecretKeyEntry(keyBeingImported), 2435 TestUtils.buildUpon(goodSpec) 2436 .setDigests(digest, anotherDigest) 2437 .build()); 2438 fail(); 2439 } catch (KeyStoreException expected) {} 2440 } catch (Throwable e) { 2441 throw new RuntimeException("Failed for " + algorithm, e); 2442 } 2443 } 2444 } 2445 testKeyStore_ImportSupportedSizes_AES()2446 public void testKeyStore_ImportSupportedSizes_AES() throws Exception { 2447 mKeyStore.load(null); 2448 2449 KeyProtection params = new KeyProtection.Builder( 2450 KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) 2451 .setBlockModes(KeyProperties.BLOCK_MODE_CBC) 2452 .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) 2453 .build(); 2454 String alias = "test1"; 2455 mKeyStore.deleteEntry(alias); 2456 assertFalse(mKeyStore.containsAlias(alias)); 2457 for (int keySizeBytes = 0; keySizeBytes <= 512 / 8; keySizeBytes++) { 2458 int keySizeBits = keySizeBytes * 8; 2459 try { 2460 KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry( 2461 new TransparentSecretKey(new byte[keySizeBytes], "AES")); 2462 if (TestUtils.contains(KeyGeneratorTest.AES_SUPPORTED_KEY_SIZES, keySizeBits)) { 2463 mKeyStore.setEntry(alias, entry, params); 2464 SecretKey key = (SecretKey) mKeyStore.getKey(alias, null); 2465 assertEquals("AES", key.getAlgorithm()); 2466 assertEquals(keySizeBits, TestUtils.getKeyInfo(key).getKeySize()); 2467 } else { 2468 mKeyStore.deleteEntry(alias); 2469 assertFalse(mKeyStore.containsAlias(alias)); 2470 try { 2471 mKeyStore.setEntry(alias, entry, params); 2472 fail(); 2473 } catch (KeyStoreException expected) {} 2474 assertFalse(mKeyStore.containsAlias(alias)); 2475 } 2476 } catch (Throwable e) { 2477 throw new RuntimeException("Failed for key size " + keySizeBits, e); 2478 } 2479 } 2480 } 2481 testKeyStore_ImportSupportedSizes_HMAC()2482 public void testKeyStore_ImportSupportedSizes_HMAC() throws Exception { 2483 mKeyStore.load(null); 2484 2485 KeyProtection params = new KeyProtection.Builder(KeyProperties.PURPOSE_SIGN).build(); 2486 String alias = "test1"; 2487 mKeyStore.deleteEntry(alias); 2488 assertFalse(mKeyStore.containsAlias(alias)); 2489 for (String algorithm : KeyGeneratorTest.EXPECTED_ALGORITHMS) { 2490 if (!TestUtils.isHmacAlgorithm(algorithm)) { 2491 continue; 2492 } 2493 for (int keySizeBytes = 8; keySizeBytes <= 1024 / 8; keySizeBytes++) { 2494 try { 2495 KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry( 2496 new TransparentSecretKey(new byte[keySizeBytes], algorithm)); 2497 if (keySizeBytes > 0) { 2498 mKeyStore.setEntry(alias, entry, params); 2499 SecretKey key = (SecretKey) mKeyStore.getKey(alias, null); 2500 assertEquals(algorithm, key.getAlgorithm()); 2501 assertEquals(keySizeBytes * 8, TestUtils.getKeyInfo(key).getKeySize()); 2502 } else { 2503 mKeyStore.deleteEntry(alias); 2504 assertFalse(mKeyStore.containsAlias(alias)); 2505 try { 2506 mKeyStore.setEntry(alias, entry, params); 2507 fail(); 2508 } catch (KeyStoreException expected) {} 2509 } 2510 } catch (Throwable e) { 2511 throw new RuntimeException( 2512 "Failed for " + algorithm + " with key size " + (keySizeBytes * 8), e); 2513 } 2514 } 2515 } 2516 } 2517 testKeyStore_ImportSupportedSizes_EC()2518 public void testKeyStore_ImportSupportedSizes_EC() throws Exception { 2519 mKeyStore.load(null); 2520 KeyProtection params = 2521 TestUtils.getMinimalWorkingImportParametersForSigningingWith("SHA256withECDSA"); 2522 checkKeyPairImportSucceeds( 2523 "secp224r1", R.raw.ec_key3_secp224r1_pkcs8, R.raw.ec_key3_secp224r1_cert, params); 2524 checkKeyPairImportSucceeds( 2525 "secp256r1", R.raw.ec_key4_secp256r1_pkcs8, R.raw.ec_key4_secp256r1_cert, params); 2526 checkKeyPairImportSucceeds( 2527 "secp384r1", R.raw.ec_key5_secp384r1_pkcs8, R.raw.ec_key5_secp384r1_cert, params); 2528 checkKeyPairImportSucceeds( 2529 "secp512r1", R.raw.ec_key6_secp521r1_pkcs8, R.raw.ec_key6_secp521r1_cert, params); 2530 } 2531 testKeyStore_ImportSupportedSizes_RSA()2532 public void testKeyStore_ImportSupportedSizes_RSA() throws Exception { 2533 mKeyStore.load(null); 2534 KeyProtection params = 2535 TestUtils.getMinimalWorkingImportParametersForSigningingWith("SHA256withRSA"); 2536 checkKeyPairImportSucceeds( 2537 "512", R.raw.rsa_key5_512_pkcs8, R.raw.rsa_key5_512_cert, params); 2538 checkKeyPairImportSucceeds( 2539 "768", R.raw.rsa_key6_768_pkcs8, R.raw.rsa_key6_768_cert, params); 2540 checkKeyPairImportSucceeds( 2541 "1024", R.raw.rsa_key3_1024_pkcs8, R.raw.rsa_key3_1024_cert, params); 2542 checkKeyPairImportSucceeds( 2543 "2048", R.raw.rsa_key8_2048_pkcs8, R.raw.rsa_key8_2048_cert, params); 2544 checkKeyPairImportSucceeds( 2545 "3072", R.raw.rsa_key7_3072_pksc8, R.raw.rsa_key7_3072_cert, params); 2546 checkKeyPairImportSucceeds( 2547 "4096", R.raw.rsa_key4_4096_pkcs8, R.raw.rsa_key4_4096_cert, params); 2548 } 2549 checkKeyPairImportSucceeds( String alias, int privateResId, int certResId, KeyProtection params)2550 private void checkKeyPairImportSucceeds( 2551 String alias, int privateResId, int certResId, KeyProtection params) throws Exception { 2552 try { 2553 mKeyStore.deleteEntry(alias); 2554 TestUtils.importIntoAndroidKeyStore( 2555 alias, getContext(), privateResId, certResId, params); 2556 } catch (Throwable e) { 2557 throw new RuntimeException("Failed for " + alias, e); 2558 } finally { 2559 try { 2560 mKeyStore.deleteEntry(alias); 2561 } catch (Exception ignored) {} 2562 } 2563 } 2564 } 2565