1 /* 2 * Copyright 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.keystore.cts; 18 19 import android.security.KeyPairGeneratorSpec; 20 import android.security.KeyStoreParameter; 21 import android.security.keystore.KeyProperties; 22 import android.security.keystore.KeyProtection; 23 import android.test.AndroidTestCase; 24 import android.test.MoreAsserts; 25 import android.test.suitebuilder.annotation.LargeTest; 26 import android.util.Log; 27 28 import com.android.cts.keystore.R; 29 30 import java.io.ByteArrayInputStream; 31 import java.io.ByteArrayOutputStream; 32 import java.io.OutputStream; 33 import java.math.BigInteger; 34 import java.security.AlgorithmParameters; 35 import java.security.Key; 36 import java.security.KeyFactory; 37 import java.security.KeyPairGenerator; 38 import java.security.KeyStore; 39 import java.security.KeyStore.Entry; 40 import java.security.KeyStore.PrivateKeyEntry; 41 import java.security.KeyStore.TrustedCertificateEntry; 42 import java.security.KeyStoreException; 43 import java.security.PrivateKey; 44 import java.security.PublicKey; 45 import java.security.Signature; 46 import java.security.cert.Certificate; 47 import java.security.cert.CertificateFactory; 48 import java.security.interfaces.ECKey; 49 import java.security.interfaces.RSAKey; 50 import java.security.spec.PKCS8EncodedKeySpec; 51 import java.util.ArrayList; 52 import java.util.Arrays; 53 import java.util.Calendar; 54 import java.util.Collection; 55 import java.util.Date; 56 import java.util.Enumeration; 57 import java.util.HashSet; 58 import java.util.Iterator; 59 import java.util.Set; 60 61 import javax.crypto.BadPaddingException; 62 import javax.crypto.Cipher; 63 import javax.crypto.Mac; 64 import javax.crypto.SecretKey; 65 import javax.security.auth.x500.X500Principal; 66 67 public class AndroidKeyStoreTest extends AndroidTestCase { 68 private static final String TAG = AndroidKeyStoreTest.class.getSimpleName(); 69 70 private KeyStore mKeyStore; 71 72 private static final String TEST_ALIAS_1 = "test1"; 73 74 private static final String TEST_ALIAS_2 = "test2"; 75 76 private static final String TEST_ALIAS_3 = "test3"; 77 78 /* 79 * The keys and certificates below are generated with: 80 * 81 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 82 * openssl req -newkey rsa:1024 -keyout userkey.pem -nodes -days 3650 -out userkey.req 83 * mkdir -p demoCA/newcerts 84 * touch demoCA/index.txt 85 * echo "01" > demoCA/serial 86 * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 87 */ 88 89 /** 90 * Generated from above and converted with: 91 * 92 * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 93 */ 94 private static final byte[] FAKE_RSA_CA_1 = { 95 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0xce, (byte) 0x30, (byte) 0x82, 96 (byte) 0x02, (byte) 0x37, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 97 (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0x6a, 98 (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, (byte) 0x55, (byte) 0x48, (byte) 0x0a, 99 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 100 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 101 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, 102 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 103 (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, 104 (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, 105 (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, 106 (byte) 0x41, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, 107 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, 108 (byte) 0x4d, (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, 109 (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, 110 (byte) 0x77, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, 111 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, 112 (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, 113 (byte) 0x64, (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, 114 (byte) 0x20, (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, 115 (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, 116 (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x34, (byte) 0x31, (byte) 0x36, 117 (byte) 0x35, (byte) 0x35, (byte) 0x34, (byte) 0x34, (byte) 0x5a, (byte) 0x17, 118 (byte) 0x0d, (byte) 0x32, (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, 119 (byte) 0x32, (byte) 0x31, (byte) 0x36, (byte) 0x35, (byte) 0x35, (byte) 0x34, 120 (byte) 0x34, (byte) 0x5a, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, 121 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 122 (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, 123 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 124 (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, 125 (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, 126 (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, 127 (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, 128 (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, 129 (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, 130 (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, 131 (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, 132 (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, 133 (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, 134 (byte) 0x81, (byte) 0x9f, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, 135 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, 136 (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, 137 (byte) 0x81, (byte) 0x8d, (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, 138 (byte) 0x02, (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0xa3, (byte) 0x72, 139 (byte) 0xab, (byte) 0xd0, (byte) 0xe4, (byte) 0xad, (byte) 0x2f, (byte) 0xe7, 140 (byte) 0xe2, (byte) 0x79, (byte) 0x07, (byte) 0x36, (byte) 0x3d, (byte) 0x0c, 141 (byte) 0x8d, (byte) 0x42, (byte) 0x9a, (byte) 0x0a, (byte) 0x33, (byte) 0x64, 142 (byte) 0xb3, (byte) 0xcd, (byte) 0xb2, (byte) 0xd7, (byte) 0x3a, (byte) 0x42, 143 (byte) 0x06, (byte) 0x77, (byte) 0x45, (byte) 0x29, (byte) 0xe9, (byte) 0xcb, 144 (byte) 0xb7, (byte) 0x4a, (byte) 0xd6, (byte) 0xee, (byte) 0xad, (byte) 0x01, 145 (byte) 0x91, (byte) 0x9b, (byte) 0x0c, (byte) 0x59, (byte) 0xa1, (byte) 0x03, 146 (byte) 0xfa, (byte) 0xf0, (byte) 0x5a, (byte) 0x7c, (byte) 0x4f, (byte) 0xf7, 147 (byte) 0x8d, (byte) 0x36, (byte) 0x0f, (byte) 0x1f, (byte) 0x45, (byte) 0x7d, 148 (byte) 0x1b, (byte) 0x31, (byte) 0xa1, (byte) 0x35, (byte) 0x0b, (byte) 0x00, 149 (byte) 0xed, (byte) 0x7a, (byte) 0xb6, (byte) 0xc8, (byte) 0x4e, (byte) 0xa9, 150 (byte) 0x86, (byte) 0x4c, (byte) 0x7b, (byte) 0x99, (byte) 0x57, (byte) 0x41, 151 (byte) 0x12, (byte) 0xef, (byte) 0x6b, (byte) 0xbc, (byte) 0x3d, (byte) 0x60, 152 (byte) 0xf2, (byte) 0x99, (byte) 0x1a, (byte) 0xcd, (byte) 0xed, (byte) 0x56, 153 (byte) 0xa4, (byte) 0xe5, (byte) 0x36, (byte) 0x9f, (byte) 0x24, (byte) 0x1f, 154 (byte) 0xdc, (byte) 0x89, (byte) 0x40, (byte) 0xc8, (byte) 0x99, (byte) 0x92, 155 (byte) 0xab, (byte) 0x4a, (byte) 0xb5, (byte) 0x61, (byte) 0x45, (byte) 0x62, 156 (byte) 0xff, (byte) 0xa3, (byte) 0x45, (byte) 0x65, (byte) 0xaf, (byte) 0xf6, 157 (byte) 0x27, (byte) 0x30, (byte) 0x51, (byte) 0x0e, (byte) 0x0e, (byte) 0xeb, 158 (byte) 0x79, (byte) 0x0c, (byte) 0xbe, (byte) 0xb3, (byte) 0x0a, (byte) 0x6f, 159 (byte) 0x29, (byte) 0x06, (byte) 0xdc, (byte) 0x2f, (byte) 0x6b, (byte) 0x51, 160 (byte) 0x02, (byte) 0x03, (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, 161 (byte) 0x81, (byte) 0xb1, (byte) 0x30, (byte) 0x81, (byte) 0xae, (byte) 0x30, 162 (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, 163 (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x33, (byte) 0x05, 164 (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, (byte) 0xc7, (byte) 0xf9, 165 (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, 166 (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, (byte) 0x5d, (byte) 0x51, 167 (byte) 0x30, (byte) 0x7f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, 168 (byte) 0x23, (byte) 0x04, (byte) 0x78, (byte) 0x30, (byte) 0x76, (byte) 0x80, 169 (byte) 0x14, (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, 170 (byte) 0x60, (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, 171 (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, 172 (byte) 0x8e, (byte) 0x5d, (byte) 0x51, (byte) 0xa1, (byte) 0x53, (byte) 0xa4, 173 (byte) 0x51, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 174 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 175 (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, 176 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 177 (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, 178 (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, 179 (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, 180 (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, 181 (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, 182 (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, 183 (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, 184 (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, 185 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, 186 (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x82, (byte) 0x09, 187 (byte) 0x00, (byte) 0xe1, (byte) 0x6a, (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, 188 (byte) 0x55, (byte) 0x48, (byte) 0x0a, (byte) 0x30, (byte) 0x0c, (byte) 0x06, 189 (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x05, 190 (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, 191 (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, 192 (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, 193 (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, (byte) 0x00, 194 (byte) 0x8c, (byte) 0x30, (byte) 0x42, (byte) 0xfa, (byte) 0xeb, (byte) 0x1a, 195 (byte) 0x26, (byte) 0xeb, (byte) 0xda, (byte) 0x56, (byte) 0x32, (byte) 0xf2, 196 (byte) 0x9d, (byte) 0xa5, (byte) 0x24, (byte) 0xd8, (byte) 0x3a, (byte) 0xda, 197 (byte) 0x30, (byte) 0xa6, (byte) 0x8b, (byte) 0x46, (byte) 0xfe, (byte) 0xfe, 198 (byte) 0xdb, (byte) 0xf1, (byte) 0xe6, (byte) 0xe1, (byte) 0x7c, (byte) 0x1b, 199 (byte) 0xe7, (byte) 0x77, (byte) 0x00, (byte) 0xa1, (byte) 0x1c, (byte) 0x19, 200 (byte) 0x17, (byte) 0x73, (byte) 0xb0, (byte) 0xf0, (byte) 0x9d, (byte) 0xf3, 201 (byte) 0x4f, (byte) 0xb6, (byte) 0xbc, (byte) 0xc7, (byte) 0x47, (byte) 0x85, 202 (byte) 0x2a, (byte) 0x4a, (byte) 0xa1, (byte) 0xa5, (byte) 0x58, (byte) 0xf5, 203 (byte) 0xc5, (byte) 0x1a, (byte) 0x51, (byte) 0xb1, (byte) 0x04, (byte) 0x80, 204 (byte) 0xee, (byte) 0x3a, (byte) 0xec, (byte) 0x2f, (byte) 0xe1, (byte) 0xfd, 205 (byte) 0x58, (byte) 0xeb, (byte) 0xed, (byte) 0x82, (byte) 0x9e, (byte) 0x38, 206 (byte) 0xa3, (byte) 0x24, (byte) 0x75, (byte) 0xf7, (byte) 0x3e, (byte) 0xc2, 207 (byte) 0xc5, (byte) 0x27, (byte) 0xeb, (byte) 0x6f, (byte) 0x7b, (byte) 0x50, 208 (byte) 0xda, (byte) 0x43, (byte) 0xdc, (byte) 0x3b, (byte) 0x0b, (byte) 0x6f, 209 (byte) 0x78, (byte) 0x8f, (byte) 0xb0, (byte) 0x66, (byte) 0xe1, (byte) 0x12, 210 (byte) 0x87, (byte) 0x5f, (byte) 0x97, (byte) 0x7b, (byte) 0xca, (byte) 0x14, 211 (byte) 0x79, (byte) 0xf7, (byte) 0xe8, (byte) 0x6c, (byte) 0x72, (byte) 0xdb, 212 (byte) 0x91, (byte) 0x65, (byte) 0x17, (byte) 0x54, (byte) 0xe0, (byte) 0x74, 213 (byte) 0x1d, (byte) 0xac, (byte) 0x47, (byte) 0x04, (byte) 0x12, (byte) 0xe0, 214 (byte) 0xc3, (byte) 0x66, (byte) 0x19, (byte) 0x05, (byte) 0x2e, (byte) 0x7e, 215 (byte) 0xf1, (byte) 0x61 216 }; 217 218 /** 219 * Generated from above and converted with: 220 * 221 * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' 222 */ 223 private static final byte[] FAKE_RSA_KEY_1 = new byte[] { 224 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x02, (byte) 0x01, 225 (byte) 0x00, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, 226 (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, 227 (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x82, 228 (byte) 0x02, (byte) 0x62, (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x5e, 229 (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x02, (byte) 0x81, (byte) 0x81, 230 (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, (byte) 0x5b, 231 (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, (byte) 0x66, 232 (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, (byte) 0x8a, 233 (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, (byte) 0x02, 234 (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, (byte) 0xf3, 235 (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, (byte) 0x6d, 236 (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, (byte) 0x67, 237 (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, (byte) 0xcb, 238 (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, (byte) 0xe2, 239 (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, (byte) 0x79, 240 (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, (byte) 0xce, 241 (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, (byte) 0x08, 242 (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, (byte) 0x3b, 243 (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, (byte) 0xc4, 244 (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, (byte) 0x0d, 245 (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, (byte) 0x23, 246 (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, (byte) 0x08, 247 (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, (byte) 0xf1, 248 (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, (byte) 0xb4, 249 (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, (byte) 0x16, 250 (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, (byte) 0x9e, 251 (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, (byte) 0x01, 252 (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x81, (byte) 0x80, (byte) 0x16, 253 (byte) 0x59, (byte) 0xc3, (byte) 0x24, (byte) 0x1d, (byte) 0x33, (byte) 0x98, 254 (byte) 0x9c, (byte) 0xc9, (byte) 0xc8, (byte) 0x2c, (byte) 0x88, (byte) 0xbf, 255 (byte) 0x0a, (byte) 0x01, (byte) 0xce, (byte) 0xfb, (byte) 0x34, (byte) 0x7a, 256 (byte) 0x58, (byte) 0x7a, (byte) 0xb0, (byte) 0xbf, (byte) 0xa6, (byte) 0xb2, 257 (byte) 0x60, (byte) 0xbe, (byte) 0x70, (byte) 0x21, (byte) 0xf5, (byte) 0xfc, 258 (byte) 0x85, (byte) 0x0d, (byte) 0x33, (byte) 0x58, (byte) 0xa1, (byte) 0xe5, 259 (byte) 0x09, (byte) 0x36, (byte) 0x84, (byte) 0xb2, (byte) 0x04, (byte) 0x0a, 260 (byte) 0x02, (byte) 0xd3, (byte) 0x88, (byte) 0x1f, (byte) 0x0c, (byte) 0x2b, 261 (byte) 0x1d, (byte) 0xe9, (byte) 0x3d, (byte) 0xe7, (byte) 0x79, (byte) 0xf9, 262 (byte) 0x32, (byte) 0x5c, (byte) 0x8a, (byte) 0x75, (byte) 0x49, (byte) 0x12, 263 (byte) 0xe4, (byte) 0x05, (byte) 0x26, (byte) 0xd4, (byte) 0x2e, (byte) 0x9e, 264 (byte) 0x1f, (byte) 0xcc, (byte) 0x54, (byte) 0xad, (byte) 0x33, (byte) 0x8d, 265 (byte) 0x99, (byte) 0x00, (byte) 0xdc, (byte) 0xf5, (byte) 0xb4, (byte) 0xa2, 266 (byte) 0x2f, (byte) 0xba, (byte) 0xe5, (byte) 0x62, (byte) 0x30, (byte) 0x6d, 267 (byte) 0xe6, (byte) 0x3d, (byte) 0xeb, (byte) 0x24, (byte) 0xc2, (byte) 0xdc, 268 (byte) 0x5f, (byte) 0xb7, (byte) 0x16, (byte) 0x35, (byte) 0xa3, (byte) 0x98, 269 (byte) 0x98, (byte) 0xa8, (byte) 0xef, (byte) 0xe8, (byte) 0xc4, (byte) 0x96, 270 (byte) 0x6d, (byte) 0x38, (byte) 0xab, (byte) 0x26, (byte) 0x6d, (byte) 0x30, 271 (byte) 0xc2, (byte) 0xa0, (byte) 0x44, (byte) 0xe4, (byte) 0xff, (byte) 0x7e, 272 (byte) 0xbe, (byte) 0x7c, (byte) 0x33, (byte) 0xa5, (byte) 0x10, (byte) 0xad, 273 (byte) 0xd7, (byte) 0x1e, (byte) 0x13, (byte) 0x20, (byte) 0xb3, (byte) 0x1f, 274 (byte) 0x41, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xf1, (byte) 0x89, 275 (byte) 0x07, (byte) 0x0f, (byte) 0xe8, (byte) 0xcf, (byte) 0xab, (byte) 0x13, 276 (byte) 0x2a, (byte) 0x8f, (byte) 0x88, (byte) 0x80, (byte) 0x11, (byte) 0x9a, 277 (byte) 0x79, (byte) 0xb6, (byte) 0x59, (byte) 0x3a, (byte) 0x50, (byte) 0x6e, 278 (byte) 0x57, (byte) 0x37, (byte) 0xab, (byte) 0x2a, (byte) 0xd2, (byte) 0xaa, 279 (byte) 0xd9, (byte) 0x72, (byte) 0x73, (byte) 0xff, (byte) 0x8b, (byte) 0x47, 280 (byte) 0x76, (byte) 0xdd, (byte) 0xdc, (byte) 0xf5, (byte) 0x97, (byte) 0x44, 281 (byte) 0x3a, (byte) 0x78, (byte) 0xbe, (byte) 0x17, (byte) 0xb4, (byte) 0x22, 282 (byte) 0x6f, (byte) 0xe5, (byte) 0x23, (byte) 0x70, (byte) 0x1d, (byte) 0x10, 283 (byte) 0x5d, (byte) 0xba, (byte) 0x16, (byte) 0x81, (byte) 0xf1, (byte) 0x45, 284 (byte) 0xce, (byte) 0x30, (byte) 0xb4, (byte) 0xab, (byte) 0x80, (byte) 0xe4, 285 (byte) 0x98, (byte) 0x31, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xda, 286 (byte) 0x82, (byte) 0x9d, (byte) 0x3f, (byte) 0xca, (byte) 0x2f, (byte) 0xe1, 287 (byte) 0xd4, (byte) 0x86, (byte) 0x77, (byte) 0x48, (byte) 0xa6, (byte) 0xab, 288 (byte) 0xab, (byte) 0x1c, (byte) 0x42, (byte) 0x5c, (byte) 0xd5, (byte) 0xc7, 289 (byte) 0x46, (byte) 0x59, (byte) 0x91, (byte) 0x3f, (byte) 0xfc, (byte) 0xcc, 290 (byte) 0xec, (byte) 0xc2, (byte) 0x40, (byte) 0x12, (byte) 0x2c, (byte) 0x8d, 291 (byte) 0x1f, (byte) 0xa2, (byte) 0x18, (byte) 0x88, (byte) 0xee, (byte) 0x82, 292 (byte) 0x4a, (byte) 0x5a, (byte) 0x5e, (byte) 0x88, (byte) 0x20, (byte) 0xe3, 293 (byte) 0x7b, (byte) 0xe0, (byte) 0xd8, (byte) 0x3a, (byte) 0x52, (byte) 0x9a, 294 (byte) 0x26, (byte) 0x6a, (byte) 0x04, (byte) 0xec, (byte) 0xe8, (byte) 0xb9, 295 (byte) 0x48, (byte) 0x40, (byte) 0xe1, (byte) 0xe1, (byte) 0x83, (byte) 0xa6, 296 (byte) 0x67, (byte) 0xa6, (byte) 0xfd, (byte) 0x02, (byte) 0x41, (byte) 0x00, 297 (byte) 0x89, (byte) 0x72, (byte) 0x3e, (byte) 0xb0, (byte) 0x90, (byte) 0xfd, 298 (byte) 0x4c, (byte) 0x0e, (byte) 0xd6, (byte) 0x13, (byte) 0x63, (byte) 0xcb, 299 (byte) 0xed, (byte) 0x38, (byte) 0x88, (byte) 0xb6, (byte) 0x79, (byte) 0xc4, 300 (byte) 0x33, (byte) 0x6c, (byte) 0xf6, (byte) 0xf8, (byte) 0xd8, (byte) 0xd0, 301 (byte) 0xbf, (byte) 0x9d, (byte) 0x35, (byte) 0xac, (byte) 0x69, (byte) 0xd2, 302 (byte) 0x2b, (byte) 0xc1, (byte) 0xf9, (byte) 0x24, (byte) 0x7b, (byte) 0xce, 303 (byte) 0xcd, (byte) 0xcb, (byte) 0xa7, (byte) 0xb2, (byte) 0x7a, (byte) 0x0a, 304 (byte) 0x27, (byte) 0x19, (byte) 0xc9, (byte) 0xaf, (byte) 0x0d, (byte) 0x21, 305 (byte) 0x89, (byte) 0x88, (byte) 0x7c, (byte) 0xad, (byte) 0x9e, (byte) 0x8d, 306 (byte) 0x47, (byte) 0x6d, (byte) 0x3f, (byte) 0xce, (byte) 0x7b, (byte) 0xa1, 307 (byte) 0x74, (byte) 0xf1, (byte) 0xa0, (byte) 0xa1, (byte) 0x02, (byte) 0x41, 308 (byte) 0x00, (byte) 0xd9, (byte) 0xa8, (byte) 0xf5, (byte) 0xfe, (byte) 0xce, 309 (byte) 0xe6, (byte) 0x77, (byte) 0x6b, (byte) 0xfe, (byte) 0x2d, (byte) 0xe0, 310 (byte) 0x1e, (byte) 0xb6, (byte) 0x2e, (byte) 0x12, (byte) 0x4e, (byte) 0x40, 311 (byte) 0xaf, (byte) 0x6a, (byte) 0x7b, (byte) 0x37, (byte) 0x49, (byte) 0x2a, 312 (byte) 0x96, (byte) 0x25, (byte) 0x83, (byte) 0x49, (byte) 0xd4, (byte) 0x0c, 313 (byte) 0xc6, (byte) 0x78, (byte) 0x25, (byte) 0x24, (byte) 0x90, (byte) 0x90, 314 (byte) 0x06, (byte) 0x15, (byte) 0x9e, (byte) 0xfe, (byte) 0xf9, (byte) 0xdf, 315 (byte) 0x5b, (byte) 0xf3, (byte) 0x7e, (byte) 0x38, (byte) 0x70, (byte) 0xeb, 316 (byte) 0x57, (byte) 0xd0, (byte) 0xd9, (byte) 0xa7, (byte) 0x0e, (byte) 0x14, 317 (byte) 0xf7, (byte) 0x95, (byte) 0x68, (byte) 0xd5, (byte) 0xc8, (byte) 0xab, 318 (byte) 0x9d, (byte) 0x3a, (byte) 0x2b, (byte) 0x51, (byte) 0xf9, (byte) 0x02, 319 (byte) 0x41, (byte) 0x00, (byte) 0x96, (byte) 0xdf, (byte) 0xe9, (byte) 0x67, 320 (byte) 0x6c, (byte) 0xdc, (byte) 0x90, (byte) 0x14, (byte) 0xb4, (byte) 0x1d, 321 (byte) 0x22, (byte) 0x33, (byte) 0x4a, (byte) 0x31, (byte) 0xc1, (byte) 0x9d, 322 (byte) 0x2e, (byte) 0xff, (byte) 0x9a, (byte) 0x2a, (byte) 0x95, (byte) 0x4b, 323 (byte) 0x27, (byte) 0x74, (byte) 0xcb, (byte) 0x21, (byte) 0xc3, (byte) 0xd2, 324 (byte) 0x0b, (byte) 0xb2, (byte) 0x46, (byte) 0x87, (byte) 0xf8, (byte) 0x28, 325 (byte) 0x01, (byte) 0x8b, (byte) 0xd8, (byte) 0xb9, (byte) 0x4b, (byte) 0xcd, 326 (byte) 0x9a, (byte) 0x96, (byte) 0x41, (byte) 0x0e, (byte) 0x36, (byte) 0x6d, 327 (byte) 0x40, (byte) 0x42, (byte) 0xbc, (byte) 0xd9, (byte) 0xd3, (byte) 0x7b, 328 (byte) 0xbc, (byte) 0xa7, (byte) 0x92, (byte) 0x90, (byte) 0xdd, (byte) 0xa1, 329 (byte) 0x9c, (byte) 0xce, (byte) 0xa1, (byte) 0x87, (byte) 0x11, (byte) 0x51 330 }; 331 332 /** 333 * Generated from above and converted with: 334 * 335 * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 336 */ 337 private static final byte[] FAKE_RSA_USER_1 = new byte[] { 338 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x95, (byte) 0x30, (byte) 0x82, 339 (byte) 0x01, (byte) 0xfe, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 340 (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, 341 (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, 342 (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, 343 (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 344 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 345 (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, 346 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 347 (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, 348 (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, 349 (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, 350 (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, 351 (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, 352 (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, 353 (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, 354 (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, 355 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, 356 (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, (byte) 0x1e, 357 (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, (byte) 0x30, (byte) 0x38, 358 (byte) 0x31, (byte) 0x34, (byte) 0x32, (byte) 0x33, (byte) 0x32, (byte) 0x35, 359 (byte) 0x34, (byte) 0x38, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, 360 (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x32, (byte) 0x32, 361 (byte) 0x33, (byte) 0x32, (byte) 0x35, (byte) 0x34, (byte) 0x38, (byte) 0x5a, 362 (byte) 0x30, (byte) 0x55, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, 363 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, 364 (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 365 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, 366 (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, (byte) 0x1b, 367 (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 368 (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, (byte) 0x64, 369 (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x54, 370 (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, (byte) 0x61, 371 (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x31, (byte) 0x1c, (byte) 0x30, 372 (byte) 0x1a, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, 373 (byte) 0x13, (byte) 0x13, (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, 374 (byte) 0x65, (byte) 0x72, (byte) 0x31, (byte) 0x2e, (byte) 0x65, (byte) 0x78, 375 (byte) 0x61, (byte) 0x6d, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x2e, 376 (byte) 0x63, (byte) 0x6f, (byte) 0x6d, (byte) 0x30, (byte) 0x81, (byte) 0x9f, 377 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 378 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 379 (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, 380 (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, 381 (byte) 0x81, (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, 382 (byte) 0x5b, (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, 383 (byte) 0x66, (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, 384 (byte) 0x8a, (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, 385 (byte) 0x02, (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, 386 (byte) 0xf3, (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, 387 (byte) 0x6d, (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, 388 (byte) 0x67, (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, 389 (byte) 0xcb, (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, 390 (byte) 0xe2, (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, 391 (byte) 0x79, (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, 392 (byte) 0xce, (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, 393 (byte) 0x08, (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, 394 (byte) 0x3b, (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, 395 (byte) 0xc4, (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, 396 (byte) 0x0d, (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, 397 (byte) 0x23, (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, 398 (byte) 0x08, (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, 399 (byte) 0xf1, (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, 400 (byte) 0xb4, (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, 401 (byte) 0x16, (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, 402 (byte) 0x9e, (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, 403 (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, 404 (byte) 0x79, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 405 (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, 406 (byte) 0x30, (byte) 0x2c, (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, 407 (byte) 0x48, (byte) 0x01, (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, 408 (byte) 0x0d, (byte) 0x04, (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, 409 (byte) 0x70, (byte) 0x65, (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, 410 (byte) 0x20, (byte) 0x47, (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, 411 (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, 412 (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, 413 (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, 414 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, 415 (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x32, (byte) 0xa1, (byte) 0x1e, 416 (byte) 0x6b, (byte) 0x69, (byte) 0x04, (byte) 0xfe, (byte) 0xb3, (byte) 0xcd, 417 (byte) 0xf8, (byte) 0xbb, (byte) 0x14, (byte) 0xcd, (byte) 0xff, (byte) 0xd4, 418 (byte) 0x16, (byte) 0xc3, (byte) 0xab, (byte) 0x44, (byte) 0x2f, (byte) 0x30, 419 (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, 420 (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, 421 (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, 422 (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, 423 (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, 424 (byte) 0x5d, (byte) 0x51, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, 425 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, 426 (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, 427 (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0x46, (byte) 0x42, (byte) 0xef, 428 (byte) 0x56, (byte) 0x89, (byte) 0x78, (byte) 0x90, (byte) 0x38, (byte) 0x24, 429 (byte) 0x9f, (byte) 0x8c, (byte) 0x7a, (byte) 0xce, (byte) 0x7a, (byte) 0xa5, 430 (byte) 0xb5, (byte) 0x1e, (byte) 0x74, (byte) 0x96, (byte) 0x34, (byte) 0x49, 431 (byte) 0x8b, (byte) 0xed, (byte) 0x44, (byte) 0xb3, (byte) 0xc9, (byte) 0x05, 432 (byte) 0xd7, (byte) 0x48, (byte) 0x55, (byte) 0x52, (byte) 0x59, (byte) 0x15, 433 (byte) 0x0b, (byte) 0xaa, (byte) 0x16, (byte) 0x86, (byte) 0xd2, (byte) 0x8e, 434 (byte) 0x16, (byte) 0x99, (byte) 0xe8, (byte) 0x5f, (byte) 0x11, (byte) 0x71, 435 (byte) 0x42, (byte) 0x55, (byte) 0xd1, (byte) 0xc4, (byte) 0x6f, (byte) 0x2e, 436 (byte) 0xa9, (byte) 0x64, (byte) 0x6f, (byte) 0xd8, (byte) 0xfd, (byte) 0x43, 437 (byte) 0x13, (byte) 0x24, (byte) 0xaa, (byte) 0x67, (byte) 0xe6, (byte) 0xf5, 438 (byte) 0xca, (byte) 0x80, (byte) 0x5e, (byte) 0x3a, (byte) 0x3e, (byte) 0xcc, 439 (byte) 0x4f, (byte) 0xba, (byte) 0x87, (byte) 0xe6, (byte) 0xae, (byte) 0xbf, 440 (byte) 0x8f, (byte) 0xd5, (byte) 0x28, (byte) 0x38, (byte) 0x58, (byte) 0x30, 441 (byte) 0x24, (byte) 0xf6, (byte) 0x53, (byte) 0x5b, (byte) 0x41, (byte) 0x53, 442 (byte) 0xe6, (byte) 0x45, (byte) 0xbc, (byte) 0xbe, (byte) 0xe6, (byte) 0xbb, 443 (byte) 0x5d, (byte) 0xd8, (byte) 0xa7, (byte) 0xf9, (byte) 0x64, (byte) 0x99, 444 (byte) 0x04, (byte) 0x43, (byte) 0x75, (byte) 0xd7, (byte) 0x2d, (byte) 0x32, 445 (byte) 0x0a, (byte) 0x94, (byte) 0xaf, (byte) 0x06, (byte) 0x34, (byte) 0xae, 446 (byte) 0x46, (byte) 0xbd, (byte) 0xda, (byte) 0x00, (byte) 0x0e, (byte) 0x25, 447 (byte) 0xc2, (byte) 0xf7, (byte) 0xc9, (byte) 0xc3, (byte) 0x65, (byte) 0xd2, 448 (byte) 0x08, (byte) 0x41, (byte) 0x0a, (byte) 0xf3, (byte) 0x72 449 }; 450 451 /* 452 * The keys and certificates below are generated with: 453 * 454 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 455 * openssl ecparam -name prime256v1 -out ecparam.pem 456 * openssl req -newkey ec:ecparam.pem -keyout userkey.pem -nodes -days 3650 -out userkey.req 457 * mkdir -p demoCA/newcerts 458 * touch demoCA/index.txt 459 * echo "01" > demoCA/serial 460 * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 461 */ 462 463 /** 464 * Generated from above and converted with: 465 * 466 * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 467 */ 468 private static final byte[] FAKE_EC_CA_1 = { 469 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x58, (byte) 0x30, (byte) 0x82, 470 (byte) 0x01, (byte) 0xc1, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 471 (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0xb2, 472 (byte) 0x8c, (byte) 0x04, (byte) 0x95, (byte) 0xeb, (byte) 0x10, (byte) 0xcb, 473 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 474 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 475 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x45, (byte) 0x31, 476 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 477 (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, 478 (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, 479 (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, 480 (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, 481 (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, 482 (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, 483 (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, 484 (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, 485 (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, 486 (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, 487 (byte) 0x74, (byte) 0x64, (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, 488 (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, 489 (byte) 0x31, (byte) 0x36, (byte) 0x32, (byte) 0x38, (byte) 0x32, (byte) 0x38, 490 (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, 491 (byte) 0x38, (byte) 0x32, (byte) 0x35, (byte) 0x31, (byte) 0x36, (byte) 0x32, 492 (byte) 0x38, (byte) 0x32, (byte) 0x38, (byte) 0x5a, (byte) 0x30, (byte) 0x45, 493 (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, 494 (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, 495 (byte) 0x55, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, 496 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, 497 (byte) 0x53, (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, 498 (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, 499 (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 500 (byte) 0x0a, (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, 501 (byte) 0x65, (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, 502 (byte) 0x57, (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, 503 (byte) 0x73, (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, 504 (byte) 0x4c, (byte) 0x74, (byte) 0x64, (byte) 0x30, (byte) 0x81, (byte) 0x9f, 505 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 506 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 507 (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, 508 (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, 509 (byte) 0x81, (byte) 0x00, (byte) 0xb5, (byte) 0xf6, (byte) 0x08, (byte) 0x0f, 510 (byte) 0xc4, (byte) 0x4d, (byte) 0xe4, (byte) 0x0d, (byte) 0x34, (byte) 0x1d, 511 (byte) 0xe2, (byte) 0x23, (byte) 0x18, (byte) 0x63, (byte) 0x03, (byte) 0xf7, 512 (byte) 0x14, (byte) 0x0e, (byte) 0x98, (byte) 0xcd, (byte) 0x45, (byte) 0x1f, 513 (byte) 0xfe, (byte) 0xfb, (byte) 0x09, (byte) 0x3f, (byte) 0x5d, (byte) 0x36, 514 (byte) 0x3b, (byte) 0x0f, (byte) 0xf9, (byte) 0x5e, (byte) 0x86, (byte) 0x56, 515 (byte) 0x64, (byte) 0xd7, (byte) 0x3f, (byte) 0xae, (byte) 0x33, (byte) 0x09, 516 (byte) 0xd3, (byte) 0xdd, (byte) 0x06, (byte) 0x17, (byte) 0x26, (byte) 0xdc, 517 (byte) 0xa2, (byte) 0x8c, (byte) 0x3c, (byte) 0x65, (byte) 0xed, (byte) 0x03, 518 (byte) 0x82, (byte) 0x78, (byte) 0x9b, (byte) 0xee, (byte) 0xe3, (byte) 0x98, 519 (byte) 0x58, (byte) 0xe1, (byte) 0xf1, (byte) 0xa0, (byte) 0x85, (byte) 0xae, 520 (byte) 0x63, (byte) 0x84, (byte) 0x41, (byte) 0x46, (byte) 0xa7, (byte) 0x4f, 521 (byte) 0xdc, (byte) 0xbb, (byte) 0x1c, (byte) 0x6e, (byte) 0xec, (byte) 0x7b, 522 (byte) 0xd5, (byte) 0xab, (byte) 0x3d, (byte) 0x6a, (byte) 0x05, (byte) 0x58, 523 (byte) 0x0f, (byte) 0x9b, (byte) 0x6a, (byte) 0x67, (byte) 0x4b, (byte) 0xe9, 524 (byte) 0x2a, (byte) 0x6d, (byte) 0x96, (byte) 0x11, (byte) 0x53, (byte) 0x95, 525 (byte) 0x78, (byte) 0xaa, (byte) 0xd1, (byte) 0x91, (byte) 0x4a, (byte) 0xf8, 526 (byte) 0x54, (byte) 0x52, (byte) 0x6d, (byte) 0xb9, (byte) 0xca, (byte) 0x74, 527 (byte) 0x81, (byte) 0xf8, (byte) 0x99, (byte) 0x64, (byte) 0xd1, (byte) 0x4f, 528 (byte) 0x01, (byte) 0x38, (byte) 0x4f, (byte) 0x08, (byte) 0x5c, (byte) 0x31, 529 (byte) 0xcb, (byte) 0x7c, (byte) 0x5c, (byte) 0x78, (byte) 0x5d, (byte) 0x47, 530 (byte) 0xd9, (byte) 0xf0, (byte) 0x1a, (byte) 0xeb, (byte) 0x02, (byte) 0x03, 531 (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x50, (byte) 0x30, 532 (byte) 0x4e, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, 533 (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, 534 (byte) 0x5f, (byte) 0x5b, (byte) 0x5e, (byte) 0xac, (byte) 0x29, (byte) 0xfa, 535 (byte) 0xa1, (byte) 0x9f, (byte) 0x9e, (byte) 0xad, (byte) 0x46, (byte) 0xe1, 536 (byte) 0xbc, (byte) 0x20, (byte) 0x72, (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, 537 (byte) 0xfa, (byte) 0xe3, (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, 538 (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, (byte) 0x30, 539 (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x5f, (byte) 0x5b, (byte) 0x5e, 540 (byte) 0xac, (byte) 0x29, (byte) 0xfa, (byte) 0xa1, (byte) 0x9f, (byte) 0x9e, 541 (byte) 0xad, (byte) 0x46, (byte) 0xe1, (byte) 0xbc, (byte) 0x20, (byte) 0x72, 542 (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, (byte) 0xfa, (byte) 0xe3, (byte) 0x30, 543 (byte) 0x0c, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 544 (byte) 0x04, (byte) 0x05, (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, 545 (byte) 0xff, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, 546 (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, 547 (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, 548 (byte) 0x81, (byte) 0x00, (byte) 0xa1, (byte) 0x4a, (byte) 0xe6, (byte) 0xfc, 549 (byte) 0x7f, (byte) 0x17, (byte) 0xaa, (byte) 0x65, (byte) 0x4a, (byte) 0x34, 550 (byte) 0xde, (byte) 0x69, (byte) 0x67, (byte) 0x54, (byte) 0x4d, (byte) 0xa2, 551 (byte) 0xc2, (byte) 0x98, (byte) 0x02, (byte) 0x43, (byte) 0x6a, (byte) 0x0e, 552 (byte) 0x0b, (byte) 0x7f, (byte) 0xa4, (byte) 0x46, (byte) 0xaf, (byte) 0xa4, 553 (byte) 0x65, (byte) 0xa0, (byte) 0xdb, (byte) 0xf1, (byte) 0x5b, (byte) 0xd5, 554 (byte) 0x09, (byte) 0xbc, (byte) 0xee, (byte) 0x37, (byte) 0x51, (byte) 0x19, 555 (byte) 0x36, (byte) 0xc0, (byte) 0x90, (byte) 0xd3, (byte) 0x5f, (byte) 0xf3, 556 (byte) 0x4f, (byte) 0xb9, (byte) 0x08, (byte) 0x45, (byte) 0x0e, (byte) 0x01, 557 (byte) 0x8a, (byte) 0x95, (byte) 0xef, (byte) 0x92, (byte) 0x95, (byte) 0x33, 558 (byte) 0x78, (byte) 0xdd, (byte) 0x90, (byte) 0xbb, (byte) 0xf3, (byte) 0x06, 559 (byte) 0x75, (byte) 0xd0, (byte) 0x66, (byte) 0xe6, (byte) 0xd0, (byte) 0x18, 560 (byte) 0x6e, (byte) 0xeb, (byte) 0x1c, (byte) 0x52, (byte) 0xc3, (byte) 0x2e, 561 (byte) 0x57, (byte) 0x7d, (byte) 0xa9, (byte) 0x03, (byte) 0xdb, (byte) 0xf4, 562 (byte) 0x57, (byte) 0x5f, (byte) 0x6c, (byte) 0x7e, (byte) 0x00, (byte) 0x0d, 563 (byte) 0x8f, (byte) 0xe8, (byte) 0x91, (byte) 0xf7, (byte) 0xae, (byte) 0x24, 564 (byte) 0x35, (byte) 0x07, (byte) 0xb5, (byte) 0x48, (byte) 0x2d, (byte) 0x36, 565 (byte) 0x30, (byte) 0x5d, (byte) 0xe9, (byte) 0x49, (byte) 0x2d, (byte) 0xd1, 566 (byte) 0x5d, (byte) 0xc5, (byte) 0xf4, (byte) 0x33, (byte) 0x77, (byte) 0x3c, 567 (byte) 0x71, (byte) 0xad, (byte) 0x90, (byte) 0x65, (byte) 0xa9, (byte) 0xc1, 568 (byte) 0x0b, (byte) 0x5c, (byte) 0x62, (byte) 0x55, (byte) 0x50, (byte) 0x6f, 569 (byte) 0x9b, (byte) 0xc9, (byte) 0x0d, (byte) 0xee 570 }; 571 572 /** 573 * Generated from above and converted with: 574 * 575 * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' 576 */ 577 private static final byte[] FAKE_EC_KEY_1 = new byte[] { 578 (byte) 0x30, (byte) 0x81, (byte) 0x87, (byte) 0x02, (byte) 0x01, (byte) 0x00, 579 (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, 580 (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, (byte) 0x06, 581 (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, 582 (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x04, (byte) 0x6d, (byte) 0x30, 583 (byte) 0x6b, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x04, (byte) 0x20, 584 (byte) 0x3a, (byte) 0x8a, (byte) 0x02, (byte) 0xdc, (byte) 0xde, (byte) 0x70, 585 (byte) 0x84, (byte) 0x45, (byte) 0x34, (byte) 0xaf, (byte) 0xbd, (byte) 0xd5, 586 (byte) 0x02, (byte) 0x17, (byte) 0x69, (byte) 0x90, (byte) 0x65, (byte) 0x1e, 587 (byte) 0x87, (byte) 0xf1, (byte) 0x3d, (byte) 0x17, (byte) 0xb6, (byte) 0xf4, 588 (byte) 0x31, (byte) 0x94, (byte) 0x86, (byte) 0x76, (byte) 0x55, (byte) 0xf7, 589 (byte) 0xcc, (byte) 0xba, (byte) 0xa1, (byte) 0x44, (byte) 0x03, (byte) 0x42, 590 (byte) 0x00, (byte) 0x04, (byte) 0xd9, (byte) 0xcf, (byte) 0xe7, (byte) 0x9b, 591 (byte) 0x23, (byte) 0xc8, (byte) 0xa3, (byte) 0xb8, (byte) 0x33, (byte) 0x14, 592 (byte) 0xa4, (byte) 0x4d, (byte) 0x75, (byte) 0x90, (byte) 0xf3, (byte) 0xcd, 593 (byte) 0x43, (byte) 0xe5, (byte) 0x1b, (byte) 0x05, (byte) 0x1d, (byte) 0xf3, 594 (byte) 0xd0, (byte) 0xa3, (byte) 0xb7, (byte) 0x32, (byte) 0x5f, (byte) 0x79, 595 (byte) 0xdc, (byte) 0x88, (byte) 0xb8, (byte) 0x4d, (byte) 0xb3, (byte) 0xd1, 596 (byte) 0x6d, (byte) 0xf7, (byte) 0x75, (byte) 0xf3, (byte) 0xbf, (byte) 0x50, 597 (byte) 0xa1, (byte) 0xbc, (byte) 0x03, (byte) 0x64, (byte) 0x22, (byte) 0xe6, 598 (byte) 0x1a, (byte) 0xa1, (byte) 0xe1, (byte) 0x06, (byte) 0x68, (byte) 0x3b, 599 (byte) 0xbc, (byte) 0x9f, (byte) 0xd3, (byte) 0xae, (byte) 0x77, (byte) 0x5e, 600 (byte) 0x88, (byte) 0x0c, (byte) 0x5e, (byte) 0x0c, (byte) 0xb2, (byte) 0x38 601 }; 602 603 /** 604 * Generated from above and converted with: 605 * 606 * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 607 */ 608 private static final byte[] FAKE_EC_USER_1 = new byte[] { 609 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x51, (byte) 0x30, (byte) 0x82, 610 (byte) 0x01, (byte) 0xba, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 611 (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, 612 (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, 613 (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, 614 (byte) 0x00, (byte) 0x30, (byte) 0x45, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 615 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 616 (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, (byte) 0x13, 617 (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 618 (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, (byte) 0x6d, 619 (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, (byte) 0x74, 620 (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, (byte) 0x06, 621 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x18, 622 (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x6e, 623 (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, (byte) 0x64, 624 (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, (byte) 0x50, 625 (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, (byte) 0x64, 626 (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x33, 627 (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, (byte) 0x31, (byte) 0x36, 628 (byte) 0x33, (byte) 0x30, (byte) 0x30, (byte) 0x38, (byte) 0x5a, (byte) 0x17, 629 (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, 630 (byte) 0x35, (byte) 0x31, (byte) 0x36, (byte) 0x33, (byte) 0x30, (byte) 0x30, 631 (byte) 0x38, (byte) 0x5a, (byte) 0x30, (byte) 0x62, (byte) 0x31, (byte) 0x0b, 632 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 633 (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, 634 (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, 635 (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, 636 (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, 637 (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, 638 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, 639 (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, 640 (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, 641 (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, 642 (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, 643 (byte) 0x64, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, 644 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x12, 645 (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, (byte) 0x65, (byte) 0x72, 646 (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x61, (byte) 0x6d, (byte) 0x70, 647 (byte) 0x6c, (byte) 0x65, (byte) 0x2e, (byte) 0x63, (byte) 0x6f, (byte) 0x6d, 648 (byte) 0x30, (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, 649 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, 650 (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, 651 (byte) 0xce, (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, 652 (byte) 0x42, (byte) 0x00, (byte) 0x04, (byte) 0xd9, (byte) 0xcf, (byte) 0xe7, 653 (byte) 0x9b, (byte) 0x23, (byte) 0xc8, (byte) 0xa3, (byte) 0xb8, (byte) 0x33, 654 (byte) 0x14, (byte) 0xa4, (byte) 0x4d, (byte) 0x75, (byte) 0x90, (byte) 0xf3, 655 (byte) 0xcd, (byte) 0x43, (byte) 0xe5, (byte) 0x1b, (byte) 0x05, (byte) 0x1d, 656 (byte) 0xf3, (byte) 0xd0, (byte) 0xa3, (byte) 0xb7, (byte) 0x32, (byte) 0x5f, 657 (byte) 0x79, (byte) 0xdc, (byte) 0x88, (byte) 0xb8, (byte) 0x4d, (byte) 0xb3, 658 (byte) 0xd1, (byte) 0x6d, (byte) 0xf7, (byte) 0x75, (byte) 0xf3, (byte) 0xbf, 659 (byte) 0x50, (byte) 0xa1, (byte) 0xbc, (byte) 0x03, (byte) 0x64, (byte) 0x22, 660 (byte) 0xe6, (byte) 0x1a, (byte) 0xa1, (byte) 0xe1, (byte) 0x06, (byte) 0x68, 661 (byte) 0x3b, (byte) 0xbc, (byte) 0x9f, (byte) 0xd3, (byte) 0xae, (byte) 0x77, 662 (byte) 0x5e, (byte) 0x88, (byte) 0x0c, (byte) 0x5e, (byte) 0x0c, (byte) 0xb2, 663 (byte) 0x38, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, (byte) 0x79, (byte) 0x30, 664 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 665 (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, (byte) 0x30, (byte) 0x2c, 666 (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, (byte) 0x48, (byte) 0x01, 667 (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, (byte) 0x0d, (byte) 0x04, 668 (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, (byte) 0x70, (byte) 0x65, 669 (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, (byte) 0x20, (byte) 0x47, 670 (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, (byte) 0x61, (byte) 0x74, 671 (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, (byte) 0x65, (byte) 0x72, 672 (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61, 673 (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, 674 (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, 675 (byte) 0x14, (byte) 0xd5, (byte) 0xc4, (byte) 0x72, (byte) 0xbd, (byte) 0xd2, 676 (byte) 0x4e, (byte) 0x90, (byte) 0x1b, (byte) 0x14, (byte) 0x32, (byte) 0xdb, 677 (byte) 0x03, (byte) 0xae, (byte) 0xfa, (byte) 0x27, (byte) 0x7d, (byte) 0x8d, 678 (byte) 0xe4, (byte) 0x80, (byte) 0x58, (byte) 0x30, (byte) 0x1f, (byte) 0x06, 679 (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, 680 (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x5f, (byte) 0x5b, 681 (byte) 0x5e, (byte) 0xac, (byte) 0x29, (byte) 0xfa, (byte) 0xa1, (byte) 0x9f, 682 (byte) 0x9e, (byte) 0xad, (byte) 0x46, (byte) 0xe1, (byte) 0xbc, (byte) 0x20, 683 (byte) 0x72, (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, (byte) 0xfa, (byte) 0xe3, 684 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 685 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 686 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, 687 (byte) 0x00, (byte) 0x43, (byte) 0x99, (byte) 0x9f, (byte) 0x67, (byte) 0x08, 688 (byte) 0x43, (byte) 0xd5, (byte) 0x6b, (byte) 0x6f, (byte) 0xd7, (byte) 0x05, 689 (byte) 0xd6, (byte) 0x75, (byte) 0x34, (byte) 0x30, (byte) 0xca, (byte) 0x20, 690 (byte) 0x47, (byte) 0x61, (byte) 0xa1, (byte) 0x89, (byte) 0xb6, (byte) 0xf1, 691 (byte) 0x49, (byte) 0x7b, (byte) 0xd9, (byte) 0xb9, (byte) 0xe8, (byte) 0x1e, 692 (byte) 0x29, (byte) 0x74, (byte) 0x0a, (byte) 0x67, (byte) 0xc0, (byte) 0x7d, 693 (byte) 0xb8, (byte) 0xe6, (byte) 0x39, (byte) 0xa8, (byte) 0x5e, (byte) 0xc3, 694 (byte) 0xb0, (byte) 0xa1, (byte) 0x30, (byte) 0x6a, (byte) 0x1f, (byte) 0x1d, 695 (byte) 0xfc, (byte) 0x11, (byte) 0x59, (byte) 0x0b, (byte) 0xb9, (byte) 0xad, 696 (byte) 0x3a, (byte) 0x4e, (byte) 0x50, (byte) 0x0a, (byte) 0x61, (byte) 0xdb, 697 (byte) 0x75, (byte) 0x6b, (byte) 0xe5, (byte) 0x3f, (byte) 0x8d, (byte) 0xde, 698 (byte) 0x28, (byte) 0x68, (byte) 0xb1, (byte) 0x29, (byte) 0x9a, (byte) 0x18, 699 (byte) 0x8a, (byte) 0xfc, (byte) 0x3f, (byte) 0x13, (byte) 0x93, (byte) 0x29, 700 (byte) 0xed, (byte) 0x22, (byte) 0x7c, (byte) 0xb4, (byte) 0x50, (byte) 0xd5, 701 (byte) 0x4d, (byte) 0x32, (byte) 0x4d, (byte) 0x42, (byte) 0x2b, (byte) 0x29, 702 (byte) 0x97, (byte) 0x86, (byte) 0xc0, (byte) 0x01, (byte) 0x00, (byte) 0x25, 703 (byte) 0xf6, (byte) 0xd3, (byte) 0x2a, (byte) 0xd8, (byte) 0xda, (byte) 0x13, 704 (byte) 0x94, (byte) 0x12, (byte) 0x78, (byte) 0x14, (byte) 0x0b, (byte) 0x51, 705 (byte) 0xc0, (byte) 0x45, (byte) 0xb4, (byte) 0x02, (byte) 0x37, (byte) 0x98, 706 (byte) 0x42, (byte) 0x3c, (byte) 0xcb, (byte) 0x2e, (byte) 0xe4, (byte) 0x38, 707 (byte) 0x69, (byte) 0x1b, (byte) 0x72, (byte) 0xf0, (byte) 0xaa, (byte) 0x89, 708 (byte) 0x7e, (byte) 0xde, (byte) 0xb2 709 }; 710 711 /** 712 * The amount of time to allow before and after expected time for variance 713 * in timing tests. 714 */ 715 private static final long SLOP_TIME_MILLIS = 15000L; 716 717 @Override setUp()718 protected void setUp() throws Exception { 719 super.setUp(); 720 721 // Wipe any existing entries in the KeyStore 722 KeyStore ksTemp = KeyStore.getInstance("AndroidKeyStore"); 723 ksTemp.load(null, null); 724 Enumeration<String> aliases = ksTemp.aliases(); 725 while (aliases.hasMoreElements()) { 726 String alias = aliases.nextElement(); 727 ksTemp.deleteEntry(alias); 728 } 729 730 // Get a new instance because some tests need it uninitialized 731 mKeyStore = KeyStore.getInstance("AndroidKeyStore"); 732 } 733 734 @Override tearDown()735 protected void tearDown() throws Exception { 736 try { 737 KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); 738 keyStore.load(null, null); 739 Enumeration<String> aliases = keyStore.aliases(); 740 while (aliases.hasMoreElements()) { 741 String alias = aliases.nextElement(); 742 keyStore.deleteEntry(alias); 743 } 744 } finally { 745 super.tearDown(); 746 } 747 } 748 generatePrivateKey(String keyType, byte[] fakeKey1)749 private PrivateKey generatePrivateKey(String keyType, byte[] fakeKey1) throws Exception { 750 KeyFactory kf = KeyFactory.getInstance(keyType); 751 return kf.generatePrivate(new PKCS8EncodedKeySpec(fakeKey1)); 752 } 753 generateCertificate(byte[] fakeUser1)754 private Certificate generateCertificate(byte[] fakeUser1) throws Exception { 755 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 756 return cf.generateCertificate(new ByteArrayInputStream(fakeUser1)); 757 } 758 makeUserEcKey1()759 private PrivateKeyEntry makeUserEcKey1() throws Exception { 760 return new KeyStore.PrivateKeyEntry(generatePrivateKey("EC", FAKE_EC_KEY_1), 761 new Certificate[] { 762 generateCertificate(FAKE_EC_USER_1), generateCertificate(FAKE_EC_CA_1) 763 }); 764 } 765 makeUserRsaKey1()766 private PrivateKeyEntry makeUserRsaKey1() throws Exception { 767 return new KeyStore.PrivateKeyEntry(generatePrivateKey("RSA", FAKE_RSA_KEY_1), 768 new Certificate[] { 769 generateCertificate(FAKE_RSA_USER_1), generateCertificate(FAKE_RSA_CA_1) 770 }); 771 } 772 makeCa1()773 private Entry makeCa1() throws Exception { 774 return new KeyStore.TrustedCertificateEntry(generateCertificate(FAKE_RSA_CA_1)); 775 } 776 assertAliases(final String[] expectedAliases)777 private void assertAliases(final String[] expectedAliases) throws KeyStoreException { 778 final Enumeration<String> aliases = mKeyStore.aliases(); 779 int count = 0; 780 781 final Set<String> expectedSet = new HashSet<String>(); 782 expectedSet.addAll(Arrays.asList(expectedAliases)); 783 784 while (aliases.hasMoreElements()) { 785 count++; 786 final String alias = aliases.nextElement(); 787 assertTrue("The alias should be in the expected set", expectedSet.contains(alias)); 788 expectedSet.remove(alias); 789 } 790 assertTrue("The expected set and actual set should be exactly equal", expectedSet.isEmpty()); 791 assertEquals("There should be the correct number of keystore entries", 792 expectedAliases.length, count); 793 } 794 testKeyStore_Aliases_Unencrypted_Success()795 public void testKeyStore_Aliases_Unencrypted_Success() throws Exception { 796 mKeyStore.load(null, null); 797 798 assertAliases(new String[] {}); 799 800 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 801 802 assertAliases(new String[] { TEST_ALIAS_1 }); 803 804 mKeyStore.setEntry(TEST_ALIAS_2, makeCa1(), null); 805 806 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); 807 } 808 testKeyStore_Aliases_NotInitialized_Unencrypted_Failure()809 public void testKeyStore_Aliases_NotInitialized_Unencrypted_Failure() throws Exception { 810 try { 811 mKeyStore.aliases(); 812 fail("KeyStore should throw exception when not initialized"); 813 } catch (KeyStoreException success) { 814 } 815 } 816 testKeyStore_ContainsAliases_PrivateAndCA_Unencrypted_Success()817 public void testKeyStore_ContainsAliases_PrivateAndCA_Unencrypted_Success() throws Exception { 818 mKeyStore.load(null, null); 819 820 assertAliases(new String[] {}); 821 822 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 823 824 assertTrue("Should contain generated private key", mKeyStore.containsAlias(TEST_ALIAS_1)); 825 826 mKeyStore.setEntry(TEST_ALIAS_2, makeCa1(), null); 827 828 assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); 829 830 assertFalse("Should not contain unadded certificate alias", 831 mKeyStore.containsAlias(TEST_ALIAS_3)); 832 } 833 testKeyStore_ContainsAliases_CAOnly_Unencrypted_Success()834 public void testKeyStore_ContainsAliases_CAOnly_Unencrypted_Success() throws Exception { 835 mKeyStore.load(null, null); 836 837 mKeyStore.setEntry(TEST_ALIAS_2, makeCa1(), null); 838 839 assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); 840 } 841 testKeyStore_ContainsAliases_NonExistent_Unencrypted_Failure()842 public void testKeyStore_ContainsAliases_NonExistent_Unencrypted_Failure() throws Exception { 843 mKeyStore.load(null, null); 844 845 assertFalse("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_1)); 846 } 847 testKeyStore_DeleteEntry_Unencrypted_Success()848 public void testKeyStore_DeleteEntry_Unencrypted_Success() throws Exception { 849 mKeyStore.load(null, null); 850 851 // TEST_ALIAS_1 852 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 853 854 // TEST_ALIAS_2 855 mKeyStore.setCertificateEntry(TEST_ALIAS_2, generateCertificate(FAKE_RSA_CA_1)); 856 857 // TEST_ALIAS_3 858 mKeyStore.setCertificateEntry(TEST_ALIAS_3, generateCertificate(FAKE_RSA_CA_1)); 859 860 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); 861 862 mKeyStore.deleteEntry(TEST_ALIAS_1); 863 864 assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); 865 866 mKeyStore.deleteEntry(TEST_ALIAS_3); 867 868 assertAliases(new String[] { TEST_ALIAS_2 }); 869 870 mKeyStore.deleteEntry(TEST_ALIAS_2); 871 872 assertAliases(new String[] { }); 873 } 874 testKeyStore_DeleteEntry_EmptyStore_Unencrypted_Success()875 public void testKeyStore_DeleteEntry_EmptyStore_Unencrypted_Success() throws Exception { 876 mKeyStore.load(null, null); 877 878 // Should not throw when a non-existent entry is requested for delete. 879 mKeyStore.deleteEntry(TEST_ALIAS_1); 880 } 881 testKeyStore_DeleteEntry_NonExistent_Unencrypted_Success()882 public void testKeyStore_DeleteEntry_NonExistent_Unencrypted_Success() throws Exception { 883 mKeyStore.load(null, null); 884 885 // TEST_ALIAS_1 886 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 887 888 // Should not throw when a non-existent entry is requested for delete. 889 mKeyStore.deleteEntry(TEST_ALIAS_2); 890 } 891 testKeyStore_GetCertificate_Single_Unencrypted_Success()892 public void testKeyStore_GetCertificate_Single_Unencrypted_Success() throws Exception { 893 mKeyStore.load(null, null); 894 895 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 896 897 assertAliases(new String[] { TEST_ALIAS_1 }); 898 899 assertNull("Certificate should not exist in keystore", 900 mKeyStore.getCertificate(TEST_ALIAS_2)); 901 902 Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); 903 904 assertNotNull("Retrieved certificate should not be null", retrieved); 905 906 CertificateFactory f = CertificateFactory.getInstance("X.509"); 907 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 908 909 assertEquals("Actual and retrieved certificates should be the same", actual, retrieved); 910 } 911 testKeyStore_GetCertificate_NonExist_Unencrypted_Failure()912 public void testKeyStore_GetCertificate_NonExist_Unencrypted_Failure() throws Exception { 913 mKeyStore.load(null, null); 914 915 assertNull("Certificate should not exist in keystore", 916 mKeyStore.getCertificate(TEST_ALIAS_1)); 917 } 918 testKeyStore_GetCertificateAlias_CAEntry_Unencrypted_Success()919 public void testKeyStore_GetCertificateAlias_CAEntry_Unencrypted_Success() throws Exception { 920 mKeyStore.load(null, null); 921 922 Certificate cert = generateCertificate(FAKE_RSA_CA_1); 923 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 924 925 assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, 926 mKeyStore.getCertificateAlias(cert)); 927 } 928 testKeyStore_GetCertificateAlias_PrivateKeyEntry_Unencrypted_Success()929 public void testKeyStore_GetCertificateAlias_PrivateKeyEntry_Unencrypted_Success() 930 throws Exception { 931 mKeyStore.load(null, null); 932 933 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 934 935 CertificateFactory f = CertificateFactory.getInstance("X.509"); 936 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 937 938 assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, 939 mKeyStore.getCertificateAlias(actual)); 940 } 941 testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Unencrypted_Success()942 public void testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Unencrypted_Success() 943 throws Exception { 944 mKeyStore.load(null, null); 945 946 Certificate actual = generateCertificate(FAKE_RSA_CA_1); 947 948 // Insert TrustedCertificateEntry with CA name 949 mKeyStore.setCertificateEntry(TEST_ALIAS_2, actual); 950 951 // Insert PrivateKeyEntry that uses the same CA 952 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 953 954 assertEquals("Stored certificate alias should be found", TEST_ALIAS_2, 955 mKeyStore.getCertificateAlias(actual)); 956 } 957 testKeyStore_GetCertificateAlias_NonExist_Empty_Unencrypted_Failure()958 public void testKeyStore_GetCertificateAlias_NonExist_Empty_Unencrypted_Failure() 959 throws Exception { 960 mKeyStore.load(null, null); 961 962 CertificateFactory f = CertificateFactory.getInstance("X.509"); 963 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 964 965 assertNull("Stored certificate alias should not be found", 966 mKeyStore.getCertificateAlias(actual)); 967 } 968 testKeyStore_GetCertificateAlias_NonExist_Unencrypted_Failure()969 public void testKeyStore_GetCertificateAlias_NonExist_Unencrypted_Failure() throws Exception { 970 mKeyStore.load(null, null); 971 972 Certificate ca = generateCertificate(FAKE_RSA_CA_1); 973 974 // Insert TrustedCertificateEntry with CA name 975 mKeyStore.setCertificateEntry(TEST_ALIAS_1, ca); 976 977 Certificate userCert = generateCertificate(FAKE_RSA_USER_1); 978 979 assertNull("Stored certificate alias should be found", 980 mKeyStore.getCertificateAlias(userCert)); 981 } 982 testKeyStore_GetCertificateChain_SingleLength_Unencrypted_Success()983 public void testKeyStore_GetCertificateChain_SingleLength_Unencrypted_Success() throws Exception { 984 mKeyStore.load(null, null); 985 986 // TEST_ALIAS_1 987 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 988 989 Certificate[] expected = new Certificate[2]; 990 expected[0] = generateCertificate(FAKE_RSA_USER_1); 991 expected[1] = generateCertificate(FAKE_RSA_CA_1); 992 993 Certificate[] actual = mKeyStore.getCertificateChain(TEST_ALIAS_1); 994 995 assertNotNull("Returned certificate chain should not be null", actual); 996 assertEquals("Returned certificate chain should be correct size", expected.length, 997 actual.length); 998 assertEquals("First certificate should be user certificate", expected[0], actual[0]); 999 assertEquals("Second certificate should be CA certificate", expected[1], actual[1]); 1000 1001 // Negative test when keystore is populated. 1002 assertNull("Stored certificate alias should not be found", 1003 mKeyStore.getCertificateChain(TEST_ALIAS_2)); 1004 } 1005 testKeyStore_GetCertificateChain_NonExist_Unencrypted_Failure()1006 public void testKeyStore_GetCertificateChain_NonExist_Unencrypted_Failure() throws Exception { 1007 mKeyStore.load(null, null); 1008 1009 assertNull("Stored certificate alias should not be found", 1010 mKeyStore.getCertificateChain(TEST_ALIAS_1)); 1011 } 1012 testKeyStore_GetCreationDate_PrivateKeyEntry_Unencrypted_Success()1013 public void testKeyStore_GetCreationDate_PrivateKeyEntry_Unencrypted_Success() throws Exception { 1014 mKeyStore.load(null, null); 1015 1016 // TEST_ALIAS_1 1017 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1018 1019 Date now = new Date(); 1020 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 1021 1022 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 1023 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 1024 1025 assertTrue("Time should be close to current time", actual.before(expectedBefore)); 1026 assertTrue("Time should be close to current time", actual.after(expectedAfter)); 1027 } 1028 testKeyStore_GetCreationDate_CAEntry_Unencrypted_Success()1029 public void testKeyStore_GetCreationDate_CAEntry_Unencrypted_Success() throws Exception { 1030 mKeyStore.load(null, null); 1031 1032 // Insert TrustedCertificateEntry with CA name 1033 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1034 1035 Date now = new Date(); 1036 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 1037 assertNotNull("Certificate should be found", actual); 1038 1039 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 1040 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 1041 1042 assertTrue("Time should be close to current time", actual.before(expectedBefore)); 1043 assertTrue("Time should be close to current time", actual.after(expectedAfter)); 1044 } 1045 testKeyStore_GetEntry_NullParams_Unencrypted_Success()1046 public void testKeyStore_GetEntry_NullParams_Unencrypted_Success() throws Exception { 1047 mKeyStore.load(null, null); 1048 1049 // TEST_ALIAS_1 1050 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1051 1052 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1053 assertNotNull("Entry should exist", entry); 1054 1055 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1056 1057 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1058 1059 assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1060 } 1061 testKeyStore_GetEntry_EC_NullParams_Unencrypted_Success()1062 public void testKeyStore_GetEntry_EC_NullParams_Unencrypted_Success() throws Exception { 1063 mKeyStore.load(null, null); 1064 1065 // TEST_ALIAS_1 1066 mKeyStore.setEntry(TEST_ALIAS_1, makeUserEcKey1(), null); 1067 1068 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1069 assertNotNull("Entry should exist", entry); 1070 1071 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1072 1073 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1074 1075 assertPrivateKeyEntryEquals(keyEntry, "EC", FAKE_EC_KEY_1, FAKE_EC_USER_1, FAKE_EC_CA_1); 1076 } 1077 testKeyStore_GetEntry_RSA_NullParams_Unencrypted_Success()1078 public void testKeyStore_GetEntry_RSA_NullParams_Unencrypted_Success() throws Exception { 1079 mKeyStore.load(null, null); 1080 1081 // TEST_ALIAS_1 1082 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1083 1084 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1085 assertNotNull("Entry should exist", entry); 1086 1087 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1088 1089 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1090 1091 assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1092 FAKE_RSA_CA_1); 1093 } 1094 1095 @SuppressWarnings("unchecked") assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, String keyType, byte[] key, byte[] cert, byte[] ca)1096 private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, String keyType, byte[] key, 1097 byte[] cert, byte[] ca) throws Exception { 1098 KeyFactory keyFact = KeyFactory.getInstance(keyType); 1099 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(key)); 1100 1101 CertificateFactory certFact = CertificateFactory.getInstance("X.509"); 1102 Certificate expectedCert = certFact.generateCertificate(new ByteArrayInputStream(cert)); 1103 1104 final Collection<Certificate> expectedChain; 1105 if (ca != null) { 1106 expectedChain = (Collection<Certificate>) certFact 1107 .generateCertificates(new ByteArrayInputStream(ca)); 1108 } else { 1109 expectedChain = null; 1110 } 1111 1112 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, expectedChain); 1113 } 1114 assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey, Certificate expectedCert, Collection<Certificate> expectedChain)1115 private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey, 1116 Certificate expectedCert, Collection<Certificate> expectedChain) throws Exception { 1117 final PrivateKey privKey = keyEntry.getPrivateKey(); 1118 final PublicKey pubKey = keyEntry.getCertificate().getPublicKey(); 1119 1120 if (expectedKey instanceof ECKey) { 1121 assertTrue("Returned PrivateKey " + privKey.getClass() + " should be instanceof ECKey", 1122 privKey instanceof ECKey); 1123 assertEquals("Returned PrivateKey should be what we inserted", 1124 ((ECKey) expectedKey).getParams().getCurve(), 1125 ((ECKey) privKey).getParams().getCurve()); 1126 } else if (expectedKey instanceof RSAKey) { 1127 assertTrue("Returned PrivateKey " + privKey.getClass() + " should be instanceof RSAKey", 1128 privKey instanceof RSAKey); 1129 assertEquals("Returned PrivateKey should be what we inserted", 1130 ((RSAKey) expectedKey).getModulus(), 1131 ((RSAKey) privKey).getModulus()); 1132 } 1133 1134 assertNull("getFormat() should return null", privKey.getFormat()); 1135 assertNull("getEncoded() should return null", privKey.getEncoded()); 1136 1137 assertEquals("Public keys should be in X.509 format", "X.509", pubKey.getFormat()); 1138 assertNotNull("Public keys should be encodable", pubKey.getEncoded()); 1139 1140 assertEquals("Returned Certificate should be what we inserted", expectedCert, 1141 keyEntry.getCertificate()); 1142 1143 Certificate[] actualChain = keyEntry.getCertificateChain(); 1144 1145 assertEquals("First certificate in chain should be user cert", expectedCert, actualChain[0]); 1146 1147 if (expectedChain == null) { 1148 assertEquals("Certificate chain should not include CAs", 1, actualChain.length); 1149 } else { 1150 assertEquals("Chains should be the same size", expectedChain.size() + 1, 1151 actualChain.length); 1152 int i = 1; 1153 final Iterator<Certificate> it = expectedChain.iterator(); 1154 while (it.hasNext() && i < actualChain.length) { 1155 assertEquals("CA chain certificate should equal what we put in", it.next(), 1156 actualChain[i++]); 1157 } 1158 } 1159 } 1160 testKeyStore_GetEntry_Nonexistent_NullParams_Unencrypted_Failure()1161 public void testKeyStore_GetEntry_Nonexistent_NullParams_Unencrypted_Failure() throws Exception { 1162 mKeyStore.load(null, null); 1163 1164 assertNull("A non-existent entry should return null", 1165 mKeyStore.getEntry(TEST_ALIAS_1, null)); 1166 } 1167 testKeyStore_GetKey_NoPassword_Unencrypted_Success()1168 public void testKeyStore_GetKey_NoPassword_Unencrypted_Success() throws Exception { 1169 mKeyStore.load(null, null); 1170 1171 // TEST_ALIAS_1 1172 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1173 1174 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1175 assertNotNull("Key should exist", key); 1176 1177 assertTrue("Should be a PrivateKey", key instanceof PrivateKey); 1178 assertTrue("Should be a RSAKey", key instanceof RSAKey); 1179 1180 RSAKey actualKey = (RSAKey) key; 1181 1182 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1183 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1184 1185 assertEquals("Inserted key should be same as retrieved key", 1186 ((RSAKey) expectedKey).getModulus(), actualKey.getModulus()); 1187 } 1188 testKeyStore_GetKey_Certificate_Unencrypted_Failure()1189 public void testKeyStore_GetKey_Certificate_Unencrypted_Failure() throws Exception { 1190 mKeyStore.load(null, null); 1191 1192 // Insert TrustedCertificateEntry with CA name 1193 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1194 1195 assertNull("Certificate entries should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); 1196 } 1197 testKeyStore_GetKey_NonExistent_Unencrypted_Failure()1198 public void testKeyStore_GetKey_NonExistent_Unencrypted_Failure() throws Exception { 1199 mKeyStore.load(null, null); 1200 1201 assertNull("A non-existent entry should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); 1202 } 1203 testKeyStore_GetProvider_Unencrypted_Success()1204 public void testKeyStore_GetProvider_Unencrypted_Success() throws Exception { 1205 assertEquals("AndroidKeyStore", mKeyStore.getProvider().getName()); 1206 } 1207 testKeyStore_GetType_Unencrypted_Success()1208 public void testKeyStore_GetType_Unencrypted_Success() throws Exception { 1209 assertEquals("AndroidKeyStore", mKeyStore.getType()); 1210 } 1211 testKeyStore_IsCertificateEntry_CA_Unencrypted_Success()1212 public void testKeyStore_IsCertificateEntry_CA_Unencrypted_Success() throws Exception { 1213 mKeyStore.load(null, null); 1214 1215 // Insert TrustedCertificateEntry with CA name 1216 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1217 1218 assertTrue("Should return true for CA certificate", 1219 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1220 } 1221 testKeyStore_IsCertificateEntry_PrivateKey_Unencrypted_Failure()1222 public void testKeyStore_IsCertificateEntry_PrivateKey_Unencrypted_Failure() throws Exception { 1223 mKeyStore.load(null, null); 1224 1225 // TEST_ALIAS_1 1226 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1227 1228 assertFalse("Should return false for PrivateKeyEntry", 1229 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1230 } 1231 testKeyStore_IsCertificateEntry_NonExist_Unencrypted_Failure()1232 public void testKeyStore_IsCertificateEntry_NonExist_Unencrypted_Failure() throws Exception { 1233 mKeyStore.load(null, null); 1234 1235 assertFalse("Should return false for non-existent entry", 1236 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1237 } 1238 testKeyStore_IsKeyEntry_PrivateKey_Unencrypted_Success()1239 public void testKeyStore_IsKeyEntry_PrivateKey_Unencrypted_Success() throws Exception { 1240 mKeyStore.load(null, null); 1241 1242 // TEST_ALIAS_1 1243 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1244 1245 assertTrue("Should return true for PrivateKeyEntry", mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1246 } 1247 testKeyStore_IsKeyEntry_CA_Unencrypted_Failure()1248 public void testKeyStore_IsKeyEntry_CA_Unencrypted_Failure() throws Exception { 1249 mKeyStore.load(null, null); 1250 1251 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1252 1253 assertFalse("Should return false for CA certificate", mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1254 } 1255 testKeyStore_IsKeyEntry_NonExist_Unencrypted_Failure()1256 public void testKeyStore_IsKeyEntry_NonExist_Unencrypted_Failure() throws Exception { 1257 mKeyStore.load(null, null); 1258 1259 assertFalse("Should return false for non-existent entry", 1260 mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1261 } 1262 testKeyStore_SetCertificate_CA_Unencrypted_Success()1263 public void testKeyStore_SetCertificate_CA_Unencrypted_Success() throws Exception { 1264 final Certificate actual = generateCertificate(FAKE_RSA_CA_1); 1265 1266 mKeyStore.load(null, null); 1267 1268 mKeyStore.setCertificateEntry(TEST_ALIAS_1, actual); 1269 assertAliases(new String[] { TEST_ALIAS_1 }); 1270 1271 Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); 1272 1273 assertEquals("Retrieved certificate should be the same as the one inserted", actual, 1274 retrieved); 1275 } 1276 testKeyStore_SetCertificate_CAExists_Overwrite_Unencrypted_Success()1277 public void testKeyStore_SetCertificate_CAExists_Overwrite_Unencrypted_Success() 1278 throws Exception { 1279 mKeyStore.load(null, null); 1280 1281 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1282 1283 assertAliases(new String[] { TEST_ALIAS_1 }); 1284 1285 final Certificate cert = generateCertificate(FAKE_RSA_CA_1); 1286 1287 // TODO have separate FAKE_CA for second test 1288 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 1289 1290 assertAliases(new String[] { TEST_ALIAS_1 }); 1291 } 1292 testKeyStore_SetCertificate_PrivateKeyExists_Unencrypted_Failure()1293 public void testKeyStore_SetCertificate_PrivateKeyExists_Unencrypted_Failure() throws Exception { 1294 mKeyStore.load(null, null); 1295 1296 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1297 1298 assertAliases(new String[] { TEST_ALIAS_1 }); 1299 1300 final Certificate cert = generateCertificate(FAKE_RSA_CA_1); 1301 1302 try { 1303 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 1304 fail("Should throw when trying to overwrite a PrivateKey entry with a Certificate"); 1305 } catch (KeyStoreException success) { 1306 } 1307 } 1308 testKeyStore_SetEntry_PrivateKeyEntry_Unencrypted_Success()1309 public void testKeyStore_SetEntry_PrivateKeyEntry_Unencrypted_Success() throws Exception { 1310 mKeyStore.load(null, null); 1311 1312 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1313 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1314 1315 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1316 1317 final Certificate[] expectedChain = new Certificate[2]; 1318 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1319 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1320 1321 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1322 1323 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1324 1325 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1326 assertNotNull("Retrieved entry should exist", actualEntry); 1327 1328 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1329 actualEntry instanceof PrivateKeyEntry); 1330 1331 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1332 1333 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1334 } 1335 testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure()1336 public void testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure() throws Exception { 1337 mKeyStore.load(null, null); 1338 1339 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1340 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1341 1342 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1343 1344 final Certificate[] expectedChain = new Certificate[2]; 1345 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1346 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1347 1348 PrivateKeyEntry entry = new PrivateKeyEntry(expectedKey, expectedChain); 1349 1350 try { 1351 mKeyStore.setEntry(TEST_ALIAS_1, entry, 1352 new KeyStoreParameter.Builder(getContext()) 1353 .setEncryptionRequired(true) 1354 .build()); 1355 fail("Shouldn't be able to insert encrypted entry when KeyStore uninitialized"); 1356 } catch (KeyStoreException expected) { 1357 } 1358 1359 assertNull(mKeyStore.getEntry(TEST_ALIAS_1, null)); 1360 } 1361 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Unencrypted_Success()1362 public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Unencrypted_Success() 1363 throws Exception { 1364 mKeyStore.load(null, null); 1365 1366 final KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1367 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1368 1369 // Start with PrivateKeyEntry 1370 { 1371 PrivateKey expectedKey = keyFact 1372 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1373 1374 final Certificate[] expectedChain = new Certificate[2]; 1375 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1376 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1377 1378 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1379 1380 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1381 1382 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1383 assertNotNull("Retrieved entry should exist", actualEntry); 1384 1385 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1386 actualEntry instanceof PrivateKeyEntry); 1387 1388 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1389 1390 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1391 FAKE_RSA_CA_1); 1392 } 1393 1394 // TODO make entirely new test vector for the overwrite 1395 // Replace with PrivateKeyEntry 1396 { 1397 PrivateKey expectedKey = keyFact 1398 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1399 1400 final Certificate[] expectedChain = new Certificate[2]; 1401 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1402 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1403 1404 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1405 1406 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1407 1408 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1409 assertNotNull("Retrieved entry should exist", actualEntry); 1410 1411 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1412 actualEntry instanceof PrivateKeyEntry); 1413 1414 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1415 1416 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1417 FAKE_RSA_CA_1); 1418 } 1419 } 1420 testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Unencrypted_Success()1421 public void testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Unencrypted_Success() 1422 throws Exception { 1423 mKeyStore.load(null, null); 1424 1425 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1426 1427 // Start with TrustedCertificateEntry 1428 { 1429 final Certificate caCert = f 1430 .generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1431 1432 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1433 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1434 1435 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1436 assertNotNull("Retrieved entry should exist", actualEntry); 1437 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1438 actualEntry instanceof TrustedCertificateEntry); 1439 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1440 assertEquals("Stored and retrieved certificates should be the same", 1441 expectedCertEntry.getTrustedCertificate(), 1442 actualCertEntry.getTrustedCertificate()); 1443 } 1444 1445 // Replace with PrivateKeyEntry 1446 { 1447 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1448 PrivateKey expectedKey = keyFact 1449 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1450 final Certificate[] expectedChain = new Certificate[2]; 1451 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1452 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1453 1454 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1455 1456 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1457 1458 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1459 assertNotNull("Retrieved entry should exist", actualEntry); 1460 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1461 actualEntry instanceof PrivateKeyEntry); 1462 1463 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1464 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1465 FAKE_RSA_CA_1); 1466 } 1467 } 1468 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Unencrypted_Success()1469 public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Unencrypted_Success() 1470 throws Exception { 1471 mKeyStore.load(null, null); 1472 1473 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1474 1475 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1476 1477 // Start with PrivateKeyEntry 1478 { 1479 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1480 PrivateKey expectedKey = keyFact 1481 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1482 final Certificate[] expectedChain = new Certificate[2]; 1483 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1484 expectedChain[1] = caCert; 1485 1486 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1487 1488 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1489 1490 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1491 assertNotNull("Retrieved entry should exist", actualEntry); 1492 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1493 actualEntry instanceof PrivateKeyEntry); 1494 1495 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1496 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1497 FAKE_RSA_CA_1); 1498 } 1499 1500 // Replace with TrustedCertificateEntry 1501 { 1502 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1503 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1504 1505 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1506 assertNotNull("Retrieved entry should exist", actualEntry); 1507 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1508 actualEntry instanceof TrustedCertificateEntry); 1509 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1510 assertEquals("Stored and retrieved certificates should be the same", 1511 expectedCertEntry.getTrustedCertificate(), 1512 actualCertEntry.getTrustedCertificate()); 1513 } 1514 } 1515 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Unencrypted_Success()1516 public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Unencrypted_Success() 1517 throws Exception { 1518 mKeyStore.load(null, null); 1519 1520 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1521 1522 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1523 1524 // Start with PrivateKeyEntry 1525 { 1526 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1527 PrivateKey expectedKey = keyFact 1528 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1529 final Certificate[] expectedChain = new Certificate[2]; 1530 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1531 expectedChain[1] = caCert; 1532 1533 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1534 1535 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1536 1537 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1538 assertNotNull("Retrieved entry should exist", actualEntry); 1539 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1540 actualEntry instanceof PrivateKeyEntry); 1541 1542 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1543 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1544 FAKE_RSA_CA_1); 1545 } 1546 1547 // Replace with PrivateKeyEntry that has no chain 1548 { 1549 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1550 PrivateKey expectedKey = keyFact 1551 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1552 final Certificate[] expectedChain = new Certificate[1]; 1553 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1554 1555 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1556 1557 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1558 1559 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1560 assertNotNull("Retrieved entry should exist", actualEntry); 1561 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1562 actualEntry instanceof PrivateKeyEntry); 1563 1564 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1565 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1566 null); 1567 } 1568 } 1569 testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Unencrypted_Success()1570 public void testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Unencrypted_Success() 1571 throws Exception { 1572 mKeyStore.load(null, null); 1573 1574 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1575 1576 // Insert TrustedCertificateEntry 1577 { 1578 final Certificate caCert = f 1579 .generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1580 1581 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1582 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1583 1584 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1585 assertNotNull("Retrieved entry should exist", actualEntry); 1586 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1587 actualEntry instanceof TrustedCertificateEntry); 1588 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1589 assertEquals("Stored and retrieved certificates should be the same", 1590 expectedCertEntry.getTrustedCertificate(), 1591 actualCertEntry.getTrustedCertificate()); 1592 } 1593 1594 // Replace with TrustedCertificateEntry of USER 1595 { 1596 final Certificate userCert = f.generateCertificate(new ByteArrayInputStream( 1597 FAKE_RSA_USER_1)); 1598 1599 TrustedCertificateEntry expectedUserEntry = new TrustedCertificateEntry(userCert); 1600 mKeyStore.setEntry(TEST_ALIAS_1, expectedUserEntry, null); 1601 1602 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1603 assertNotNull("Retrieved entry should exist", actualEntry); 1604 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1605 actualEntry instanceof TrustedCertificateEntry); 1606 TrustedCertificateEntry actualUserEntry = (TrustedCertificateEntry) actualEntry; 1607 assertEquals("Stored and retrieved certificates should be the same", 1608 expectedUserEntry.getTrustedCertificate(), 1609 actualUserEntry.getTrustedCertificate()); 1610 } 1611 } 1612 testKeyStore_SetKeyEntry_ProtectedKey_Unencrypted_Failure()1613 public void testKeyStore_SetKeyEntry_ProtectedKey_Unencrypted_Failure() throws Exception { 1614 mKeyStore.load(null, null); 1615 1616 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1617 1618 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1619 1620 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1621 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1622 final Certificate[] chain = new Certificate[2]; 1623 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1624 chain[1] = caCert; 1625 1626 try { 1627 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, "foo".toCharArray(), chain); 1628 fail("Should fail when a password is specified"); 1629 } catch (KeyStoreException success) { 1630 } 1631 } 1632 testKeyStore_SetKeyEntry_Unencrypted_Success()1633 public void testKeyStore_SetKeyEntry_Unencrypted_Success() throws Exception { 1634 mKeyStore.load(null, null); 1635 1636 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1637 1638 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1639 1640 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1641 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1642 final Certificate[] chain = new Certificate[2]; 1643 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1644 chain[1] = caCert; 1645 1646 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1647 1648 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1649 assertNotNull("Retrieved entry should exist", actualEntry); 1650 1651 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1652 actualEntry instanceof PrivateKeyEntry); 1653 1654 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1655 1656 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1657 } 1658 testKeyStore_SetKeyEntry_Replaced_Unencrypted_Success()1659 public void testKeyStore_SetKeyEntry_Replaced_Unencrypted_Success() throws Exception { 1660 mKeyStore.load(null, null); 1661 1662 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1663 1664 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1665 1666 // Insert initial key 1667 { 1668 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1669 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1670 final Certificate[] chain = new Certificate[2]; 1671 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1672 chain[1] = caCert; 1673 1674 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1675 1676 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1677 assertNotNull("Retrieved entry should exist", actualEntry); 1678 1679 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1680 actualEntry instanceof PrivateKeyEntry); 1681 1682 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1683 1684 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1685 FAKE_RSA_CA_1); 1686 } 1687 1688 // TODO make a separate key 1689 // Replace key 1690 { 1691 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1692 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1693 final Certificate[] chain = new Certificate[2]; 1694 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1695 chain[1] = caCert; 1696 1697 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1698 1699 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1700 assertNotNull("Retrieved entry should exist", actualEntry); 1701 1702 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1703 actualEntry instanceof PrivateKeyEntry); 1704 1705 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1706 1707 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1708 FAKE_RSA_CA_1); 1709 } 1710 } 1711 testKeyStore_SetKeyEntry_ReplacedChain_Unencrypted_Success()1712 public void testKeyStore_SetKeyEntry_ReplacedChain_Unencrypted_Success() throws Exception { 1713 mKeyStore.load(null, null); 1714 1715 // Create key #1 1716 { 1717 KeyStore.PrivateKeyEntry privEntry = makeUserRsaKey1(); 1718 mKeyStore.setEntry(TEST_ALIAS_1, privEntry, null); 1719 1720 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1721 1722 assertTrue(entry instanceof PrivateKeyEntry); 1723 1724 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1725 1726 ArrayList<Certificate> chain = new ArrayList<Certificate>(); 1727 chain.add(generateCertificate(FAKE_RSA_CA_1)); 1728 assertPrivateKeyEntryEquals(keyEntry, privEntry.getPrivateKey(), 1729 privEntry.getCertificate(), chain); 1730 } 1731 1732 // Replace key #1 with new chain 1733 { 1734 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1735 1736 assertTrue(key instanceof PrivateKey); 1737 1738 PrivateKey expectedKey = (PrivateKey) key; 1739 1740 Certificate expectedCert = generateCertificate(FAKE_RSA_USER_1); 1741 1742 mKeyStore.setKeyEntry(TEST_ALIAS_1, expectedKey, null, 1743 new Certificate[] { expectedCert }); 1744 1745 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1746 1747 assertTrue(entry instanceof PrivateKeyEntry); 1748 1749 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1750 1751 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null); 1752 } 1753 } 1754 testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Unencrypted_Failure()1755 public void testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Unencrypted_Failure() 1756 throws Exception { 1757 mKeyStore.load(null, null); 1758 1759 // Create key #1 1760 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1761 1762 // Create key #2 1763 mKeyStore.setEntry(TEST_ALIAS_2, makeUserRsaKey1(), null); 1764 1765 1766 // Replace key #1 with key #2 1767 { 1768 Key key1 = mKeyStore.getKey(TEST_ALIAS_2, null); 1769 1770 Certificate cert = generateCertificate(FAKE_RSA_USER_1); 1771 1772 try { 1773 mKeyStore.setKeyEntry(TEST_ALIAS_1, key1, null, new Certificate[] { cert }); 1774 fail("Should not allow setting of KeyEntry with wrong PrivaetKey"); 1775 } catch (KeyStoreException success) { 1776 } 1777 } 1778 } 1779 testKeyStore_SetKeyEntry_ReplacedWithSame_UnencryptedToUnencrypted_Failure()1780 public void testKeyStore_SetKeyEntry_ReplacedWithSame_UnencryptedToUnencrypted_Failure() 1781 throws Exception { 1782 mKeyStore.load(null, null); 1783 1784 // Create key #1 1785 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1786 1787 // Replace with same 1788 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1789 mKeyStore.setEntry(TEST_ALIAS_1, entry, null); 1790 } 1791 testKeyStore_Size_Unencrypted_Success()1792 public void testKeyStore_Size_Unencrypted_Success() throws Exception { 1793 mKeyStore.load(null, null); 1794 1795 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1796 1797 assertEquals("The keystore size should match expected", 1, mKeyStore.size()); 1798 assertAliases(new String[] { TEST_ALIAS_1 }); 1799 1800 mKeyStore.setCertificateEntry(TEST_ALIAS_2, generateCertificate(FAKE_RSA_CA_1)); 1801 1802 assertEquals("The keystore size should match expected", 2, mKeyStore.size()); 1803 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); 1804 1805 mKeyStore.setEntry(TEST_ALIAS_3, makeUserRsaKey1(), null); 1806 1807 assertEquals("The keystore size should match expected", 3, mKeyStore.size()); 1808 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); 1809 1810 mKeyStore.deleteEntry(TEST_ALIAS_1); 1811 1812 assertEquals("The keystore size should match expected", 2, mKeyStore.size()); 1813 assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); 1814 1815 mKeyStore.deleteEntry(TEST_ALIAS_3); 1816 1817 assertEquals("The keystore size should match expected", 1, mKeyStore.size()); 1818 assertAliases(new String[] { TEST_ALIAS_2 }); 1819 } 1820 testKeyStore_Store_LoadStoreParam_Unencrypted_Failure()1821 public void testKeyStore_Store_LoadStoreParam_Unencrypted_Failure() throws Exception { 1822 mKeyStore.load(null, null); 1823 1824 try { 1825 mKeyStore.store(null); 1826 fail("Should throw UnsupportedOperationException when trying to store"); 1827 } catch (UnsupportedOperationException success) { 1828 } 1829 } 1830 testKeyStore_Load_InputStreamSupplied_Unencrypted_Failure()1831 public void testKeyStore_Load_InputStreamSupplied_Unencrypted_Failure() throws Exception { 1832 byte[] buf = "FAKE KEYSTORE".getBytes(); 1833 ByteArrayInputStream is = new ByteArrayInputStream(buf); 1834 1835 try { 1836 mKeyStore.load(is, null); 1837 fail("Should throw IllegalArgumentException when InputStream is supplied"); 1838 } catch (IllegalArgumentException success) { 1839 } 1840 } 1841 testKeyStore_Load_PasswordSupplied_Unencrypted_Failure()1842 public void testKeyStore_Load_PasswordSupplied_Unencrypted_Failure() throws Exception { 1843 try { 1844 mKeyStore.load(null, "password".toCharArray()); 1845 fail("Should throw IllegalArgumentException when password is supplied"); 1846 } catch (IllegalArgumentException success) { 1847 } 1848 } 1849 testKeyStore_Store_OutputStream_Unencrypted_Failure()1850 public void testKeyStore_Store_OutputStream_Unencrypted_Failure() throws Exception { 1851 mKeyStore.load(null, null); 1852 1853 OutputStream sink = new ByteArrayOutputStream(); 1854 try { 1855 mKeyStore.store(sink, null); 1856 fail("Should throw UnsupportedOperationException when trying to store"); 1857 } catch (UnsupportedOperationException success) { 1858 } 1859 1860 try { 1861 mKeyStore.store(sink, "blah".toCharArray()); 1862 fail("Should throw UnsupportedOperationException when trying to store"); 1863 } catch (UnsupportedOperationException success) { 1864 } 1865 } 1866 testKeyStore_KeyOperations_Wrap_Unencrypted_Success()1867 public void testKeyStore_KeyOperations_Wrap_Unencrypted_Success() throws Exception { 1868 mKeyStore.load(null, null); 1869 1870 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1871 1872 // Test key usage 1873 Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null); 1874 assertNotNull(e); 1875 assertTrue(e instanceof PrivateKeyEntry); 1876 1877 PrivateKeyEntry privEntry = (PrivateKeyEntry) e; 1878 PrivateKey privKey = privEntry.getPrivateKey(); 1879 assertNotNull(privKey); 1880 1881 PublicKey pubKey = privEntry.getCertificate().getPublicKey(); 1882 1883 Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding"); 1884 c.init(Cipher.WRAP_MODE, pubKey); 1885 1886 byte[] expectedKey = new byte[] { 1887 0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A 1888 }; 1889 1890 SecretKey expectedSecret = new TransparentSecretKey(expectedKey, "AES"); 1891 1892 byte[] wrappedExpected = c.wrap(expectedSecret); 1893 1894 c.init(Cipher.UNWRAP_MODE, privKey); 1895 SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY); 1896 1897 assertEquals(Arrays.toString(expectedSecret.getEncoded()), 1898 Arrays.toString(actualSecret.getEncoded())); 1899 } 1900 testKeyStore_Encrypting_RSA_NONE_NOPADDING()1901 public void testKeyStore_Encrypting_RSA_NONE_NOPADDING() throws Exception { 1902 1903 String alias = "MyKey"; 1904 KeyStore ks = KeyStore.getInstance("AndroidKeyStore"); 1905 assertNotNull(ks); 1906 ks.load(null); 1907 1908 Calendar cal = Calendar.getInstance(); 1909 cal.set(1944, 5, 6); 1910 Date now = cal.getTime(); 1911 cal.clear(); 1912 1913 cal.set(1945, 8, 2); 1914 Date end = cal.getTime(); 1915 1916 KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); 1917 assertNotNull(kpg); 1918 kpg.initialize(new KeyPairGeneratorSpec.Builder(mContext) 1919 .setAlias(alias) 1920 .setStartDate(now) 1921 .setEndDate(end) 1922 .setSerialNumber(BigInteger.valueOf(1)) 1923 .setSubject(new X500Principal("CN=test1")) 1924 .build()); 1925 1926 kpg.generateKeyPair(); 1927 1928 PrivateKey privateKey = (PrivateKey) ks.getKey(alias, null); 1929 assertNotNull(privateKey); 1930 PublicKey publicKey = ks.getCertificate(alias).getPublicKey(); 1931 assertNotNull(publicKey); 1932 String cipher = privateKey.getAlgorithm() + "/NONE/NOPADDING"; 1933 Cipher encrypt = Cipher.getInstance(cipher); 1934 assertNotNull(encrypt); 1935 encrypt.init(Cipher.ENCRYPT_MODE, privateKey); 1936 1937 int modulusSizeBytes = (((RSAKey) publicKey).getModulus().bitLength() + 7) / 8; 1938 byte[] plainText = new byte[modulusSizeBytes]; 1939 Arrays.fill(plainText, (byte) 0xFF); 1940 1941 // We expect a BadPaddingException here as the message size (plaintext) 1942 // is bigger than the modulus. 1943 try { 1944 encrypt.doFinal(plainText); 1945 fail("Expected BadPaddingException"); 1946 } catch (BadPaddingException e) { 1947 // pass on exception as it is expected 1948 } 1949 } 1950 testKeyStore_PrivateKeyEntry_RSA_PublicKeyWorksWithCrypto()1951 public void testKeyStore_PrivateKeyEntry_RSA_PublicKeyWorksWithCrypto() 1952 throws Exception { 1953 mKeyStore.load(null, null); 1954 mKeyStore.setKeyEntry(TEST_ALIAS_2, 1955 KeyFactory.getInstance("RSA").generatePrivate( 1956 new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)), 1957 null, // no password (it's not even supported) 1958 new Certificate[] {generateCertificate(FAKE_RSA_USER_1)}); 1959 PublicKey publicKey = mKeyStore.getCertificate(TEST_ALIAS_2).getPublicKey(); 1960 assertNotNull(publicKey); 1961 1962 Signature.getInstance("SHA256withRSA").initVerify(publicKey); 1963 Signature.getInstance("NONEwithRSA").initVerify(publicKey); 1964 Signature.getInstance("SHA256withRSA/PSS").initVerify(publicKey); 1965 1966 Cipher.getInstance("RSA/ECB/PKCS1Padding").init(Cipher.ENCRYPT_MODE, publicKey); 1967 Cipher.getInstance("RSA/ECB/NoPadding").init(Cipher.ENCRYPT_MODE, publicKey); 1968 Cipher.getInstance("RSA/ECB/OAEPPadding").init(Cipher.ENCRYPT_MODE, publicKey); 1969 } 1970 testKeyStore_PrivateKeyEntry_EC_PublicKeyWorksWithCrypto()1971 public void testKeyStore_PrivateKeyEntry_EC_PublicKeyWorksWithCrypto() 1972 throws Exception { 1973 mKeyStore.load(null, null); 1974 mKeyStore.setKeyEntry(TEST_ALIAS_1, 1975 KeyFactory.getInstance("EC").generatePrivate( 1976 new PKCS8EncodedKeySpec(FAKE_EC_KEY_1)), 1977 null, // no password (it's not even supported) 1978 new Certificate[] {generateCertificate(FAKE_EC_USER_1)}); 1979 PublicKey publicKey = mKeyStore.getCertificate(TEST_ALIAS_1).getPublicKey(); 1980 assertNotNull(publicKey); 1981 1982 Signature.getInstance("SHA256withECDSA").initVerify(publicKey); 1983 Signature.getInstance("NONEwithECDSA").initVerify(publicKey); 1984 } 1985 testKeyStore_TrustedCertificateEntry_RSA_PublicKeyWorksWithCrypto()1986 public void testKeyStore_TrustedCertificateEntry_RSA_PublicKeyWorksWithCrypto() 1987 throws Exception { 1988 mKeyStore.load(null, null); 1989 mKeyStore.setCertificateEntry(TEST_ALIAS_2, generateCertificate(FAKE_RSA_USER_1)); 1990 PublicKey publicKey = mKeyStore.getCertificate(TEST_ALIAS_2).getPublicKey(); 1991 assertNotNull(publicKey); 1992 1993 Signature.getInstance("SHA256withRSA").initVerify(publicKey); 1994 Signature.getInstance("NONEwithRSA").initVerify(publicKey); 1995 1996 Cipher.getInstance("RSA/ECB/PKCS1Padding").init(Cipher.ENCRYPT_MODE, publicKey); 1997 Cipher.getInstance("RSA/ECB/NoPadding").init(Cipher.ENCRYPT_MODE, publicKey); 1998 } 1999 testKeyStore_TrustedCertificateEntry_EC_PublicKeyWorksWithCrypto()2000 public void testKeyStore_TrustedCertificateEntry_EC_PublicKeyWorksWithCrypto() 2001 throws Exception { 2002 mKeyStore.load(null, null); 2003 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_EC_USER_1)); 2004 PublicKey publicKey = mKeyStore.getCertificate(TEST_ALIAS_1).getPublicKey(); 2005 assertNotNull(publicKey); 2006 2007 Signature.getInstance("SHA256withECDSA").initVerify(publicKey); 2008 Signature.getInstance("NONEwithECDSA").initVerify(publicKey); 2009 } 2010 2011 private static final int MIN_SUPPORTED_KEY_COUNT = 1500; 2012 private static final long MINUTE_IN_MILLIS = 1000 * 60; 2013 private static final long LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_MILLIS = 2 * MINUTE_IN_MILLIS; 2014 isDeadlineReached(long startTimeMillis, long durationMillis)2015 private static boolean isDeadlineReached(long startTimeMillis, long durationMillis) { 2016 long nowMillis = System.currentTimeMillis(); 2017 if (nowMillis < startTimeMillis) { 2018 return true; 2019 } 2020 return nowMillis - startTimeMillis > durationMillis; 2021 } 2022 2023 @LargeTest testKeyStore_LargeNumberOfKeysSupported_RSA()2024 public void testKeyStore_LargeNumberOfKeysSupported_RSA() throws Exception { 2025 // This test imports key1, then lots of other keys, then key2, and then confirms that 2026 // key1 and key2 backed by Android Keystore work fine. The assumption is that if the 2027 // underlying implementation has a limit on the number of keys, it'll either delete the 2028 // oldest key (key1), or will refuse to add keys (key2). 2029 // The test imports as many keys as it can in a fixed amount of time instead of stopping 2030 // at MIN_SUPPORTED_KEY_COUNT to balance the desire to support an unlimited number of keys 2031 // with the constraints on how long the test can run and performance differences of hardware 2032 // under test. 2033 2034 long testStartTimeMillis = System.currentTimeMillis(); 2035 2036 Certificate cert1 = TestUtils.getRawResX509Certificate(getContext(), R.raw.rsa_key1_cert); 2037 PrivateKey privateKey1 = TestUtils.getRawResPrivateKey(getContext(), R.raw.rsa_key1_pkcs8); 2038 String entryName1 = "test0"; 2039 2040 Certificate cert2 = TestUtils.getRawResX509Certificate(getContext(), R.raw.rsa_key2_cert); 2041 PrivateKey privateKey2 = TestUtils.getRawResPrivateKey(getContext(), R.raw.rsa_key2_pkcs8); 2042 2043 Certificate cert3 = generateCertificate(FAKE_RSA_USER_1); 2044 PrivateKey privateKey3 = generatePrivateKey("RSA", FAKE_RSA_KEY_1); 2045 2046 mKeyStore.load(null); 2047 int latestImportedEntryNumber = 0; 2048 try { 2049 KeyProtection protectionParams = new KeyProtection.Builder( 2050 KeyProperties.PURPOSE_SIGN) 2051 .setDigests(KeyProperties.DIGEST_SHA256) 2052 .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1) 2053 .build(); 2054 mKeyStore.setEntry(entryName1, 2055 new KeyStore.PrivateKeyEntry(privateKey1, new Certificate[] {cert1}), 2056 protectionParams); 2057 2058 // Import key3 lots of times, under different aliases. 2059 while (!isDeadlineReached( 2060 testStartTimeMillis, LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_MILLIS)) { 2061 latestImportedEntryNumber++; 2062 if ((latestImportedEntryNumber % 1000) == 0) { 2063 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2064 } 2065 String entryAlias = "test" + latestImportedEntryNumber; 2066 try { 2067 mKeyStore.setEntry(entryAlias, 2068 new KeyStore.PrivateKeyEntry(privateKey3, new Certificate[] {cert3}), 2069 protectionParams); 2070 } catch (Throwable e) { 2071 throw new RuntimeException("Entry " + entryAlias + " import failed", e); 2072 } 2073 } 2074 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2075 if (latestImportedEntryNumber < MIN_SUPPORTED_KEY_COUNT) { 2076 fail("Failed to import " + MIN_SUPPORTED_KEY_COUNT + " keys in " 2077 + (System.currentTimeMillis() - testStartTimeMillis) 2078 + " ms. Imported: " + latestImportedEntryNumber + " keys"); 2079 } 2080 2081 latestImportedEntryNumber++; 2082 String entryName2 = "test" + latestImportedEntryNumber; 2083 mKeyStore.setEntry(entryName2, 2084 new KeyStore.PrivateKeyEntry(privateKey2, new Certificate[] {cert2}), 2085 protectionParams); 2086 PrivateKey keystorePrivateKey2 = (PrivateKey) mKeyStore.getKey(entryName2, null); 2087 PrivateKey keystorePrivateKey1 = (PrivateKey) mKeyStore.getKey(entryName1, null); 2088 2089 byte[] message = "This is a test".getBytes("UTF-8"); 2090 2091 Signature sig = Signature.getInstance("SHA256withRSA"); 2092 sig.initSign(keystorePrivateKey1); 2093 sig.update(message); 2094 byte[] signature = sig.sign(); 2095 sig = Signature.getInstance(sig.getAlgorithm()); 2096 sig.initVerify(cert1.getPublicKey()); 2097 sig.update(message); 2098 assertTrue(sig.verify(signature)); 2099 2100 sig = Signature.getInstance(sig.getAlgorithm()); 2101 sig.initSign(keystorePrivateKey2); 2102 sig.update(message); 2103 signature = sig.sign(); 2104 sig = Signature.getInstance(sig.getAlgorithm()); 2105 sig.initVerify(cert2.getPublicKey()); 2106 sig.update(message); 2107 assertTrue(sig.verify(signature)); 2108 } finally { 2109 // Clean up Keystore without using KeyStore.aliases() which can't handle this many 2110 // entries. 2111 Log.i(TAG, "Deleting imported keys"); 2112 for (int i = 0; i <= latestImportedEntryNumber; i++) { 2113 if ((i > 0) && ((i % 1000) == 0)) { 2114 Log.i(TAG, "Deleted " + i + " keys"); 2115 } 2116 mKeyStore.deleteEntry("test" + i); 2117 } 2118 Log.i(TAG, "Deleted " + (latestImportedEntryNumber + 1) + " keys"); 2119 } 2120 } 2121 2122 @LargeTest testKeyStore_LargeNumberOfKeysSupported_EC()2123 public void testKeyStore_LargeNumberOfKeysSupported_EC() throws Exception { 2124 // This test imports key1, then lots of other keys, then key2, and then confirms that 2125 // key1 and key2 backed by Android Keystore work fine. The assumption is that if the 2126 // underlying implementation has a limit on the number of keys, it'll either delete the 2127 // oldest key (key1), or will refuse to add keys (key2). 2128 // The test imports as many keys as it can in a fixed amount of time instead of stopping 2129 // at MIN_SUPPORTED_KEY_COUNT to balance the desire to support an unlimited number of keys 2130 // with the constraints on how long the test can run and performance differences of hardware 2131 // under test. 2132 2133 long testStartTimeMillis = System.currentTimeMillis(); 2134 2135 Certificate cert1 = TestUtils.getRawResX509Certificate(getContext(), R.raw.ec_key1_cert); 2136 PrivateKey privateKey1 = TestUtils.getRawResPrivateKey(getContext(), R.raw.ec_key1_pkcs8); 2137 String entryName1 = "test0"; 2138 2139 Certificate cert2 = TestUtils.getRawResX509Certificate(getContext(), R.raw.ec_key2_cert); 2140 PrivateKey privateKey2 = TestUtils.getRawResPrivateKey(getContext(), R.raw.ec_key2_pkcs8); 2141 2142 Certificate cert3 = generateCertificate(FAKE_EC_USER_1); 2143 PrivateKey privateKey3 = generatePrivateKey("EC", FAKE_EC_KEY_1); 2144 2145 mKeyStore.load(null); 2146 int latestImportedEntryNumber = 0; 2147 try { 2148 KeyProtection protectionParams = new KeyProtection.Builder( 2149 KeyProperties.PURPOSE_SIGN) 2150 .setDigests(KeyProperties.DIGEST_SHA256) 2151 .build(); 2152 mKeyStore.setEntry(entryName1, 2153 new KeyStore.PrivateKeyEntry(privateKey1, new Certificate[] {cert1}), 2154 protectionParams); 2155 2156 // Import key3 lots of times, under different aliases. 2157 while (!isDeadlineReached( 2158 testStartTimeMillis, LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_MILLIS)) { 2159 latestImportedEntryNumber++; 2160 if ((latestImportedEntryNumber % 1000) == 0) { 2161 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2162 } 2163 String entryAlias = "test" + latestImportedEntryNumber; 2164 try { 2165 mKeyStore.setEntry(entryAlias, 2166 new KeyStore.PrivateKeyEntry(privateKey3, new Certificate[] {cert3}), 2167 protectionParams); 2168 } catch (Throwable e) { 2169 throw new RuntimeException("Entry " + entryAlias + " import failed", e); 2170 } 2171 } 2172 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2173 if (latestImportedEntryNumber < MIN_SUPPORTED_KEY_COUNT) { 2174 fail("Failed to import " + MIN_SUPPORTED_KEY_COUNT + " keys in " 2175 + (System.currentTimeMillis() - testStartTimeMillis) 2176 + " ms. Imported: " + latestImportedEntryNumber + " keys"); 2177 } 2178 2179 latestImportedEntryNumber++; 2180 String entryName2 = "test" + latestImportedEntryNumber; 2181 mKeyStore.setEntry(entryName2, 2182 new KeyStore.PrivateKeyEntry(privateKey2, new Certificate[] {cert2}), 2183 protectionParams); 2184 PrivateKey keystorePrivateKey2 = (PrivateKey) mKeyStore.getKey(entryName2, null); 2185 PrivateKey keystorePrivateKey1 = (PrivateKey) mKeyStore.getKey(entryName1, null); 2186 2187 byte[] message = "This is a test".getBytes("UTF-8"); 2188 2189 Signature sig = Signature.getInstance("SHA256withECDSA"); 2190 sig.initSign(keystorePrivateKey1); 2191 sig.update(message); 2192 byte[] signature = sig.sign(); 2193 sig = Signature.getInstance(sig.getAlgorithm()); 2194 sig.initVerify(cert1.getPublicKey()); 2195 sig.update(message); 2196 assertTrue(sig.verify(signature)); 2197 2198 sig = Signature.getInstance(sig.getAlgorithm()); 2199 sig.initSign(keystorePrivateKey2); 2200 sig.update(message); 2201 signature = sig.sign(); 2202 sig = Signature.getInstance(sig.getAlgorithm()); 2203 sig.initVerify(cert2.getPublicKey()); 2204 sig.update(message); 2205 assertTrue(sig.verify(signature)); 2206 } finally { 2207 // Clean up Keystore without using KeyStore.aliases() which can't handle this many 2208 // entries. 2209 Log.i(TAG, "Deleting imported keys"); 2210 for (int i = 0; i <= latestImportedEntryNumber; i++) { 2211 if ((i > 0) && ((i % 1000) == 0)) { 2212 Log.i(TAG, "Deleted " + i + " keys"); 2213 } 2214 mKeyStore.deleteEntry("test" + i); 2215 } 2216 Log.i(TAG, "Deleted " + (latestImportedEntryNumber + 1) + " keys"); 2217 } 2218 } 2219 2220 @LargeTest testKeyStore_LargeNumberOfKeysSupported_AES()2221 public void testKeyStore_LargeNumberOfKeysSupported_AES() throws Exception { 2222 // This test imports key1, then lots of other keys, then key2, and then confirms that 2223 // key1 and key2 backed by Android Keystore work fine. The assumption is that if the 2224 // underlying implementation has a limit on the number of keys, it'll either delete the 2225 // oldest key (key1), or will refuse to add keys (key2). 2226 // The test imports as many keys as it can in a fixed amount of time instead of stopping 2227 // at MIN_SUPPORTED_KEY_COUNT to balance the desire to support an unlimited number of keys 2228 // with the constraints on how long the test can run and performance differences of hardware 2229 // under test. 2230 2231 long testStartTimeMillis = System.currentTimeMillis(); 2232 2233 SecretKey key1 = new TransparentSecretKey( 2234 HexEncoding.decode("010203040506070809fafbfcfdfeffcc"), "AES"); 2235 String entryName1 = "test0"; 2236 2237 SecretKey key2 = new TransparentSecretKey( 2238 HexEncoding.decode("808182838485868788897a7b7c7d7e7f"), "AES"); 2239 2240 SecretKey key3 = new TransparentSecretKey( 2241 HexEncoding.decode("33333333333333333333777777777777"), "AES"); 2242 2243 mKeyStore.load(null); 2244 int latestImportedEntryNumber = 0; 2245 try { 2246 KeyProtection protectionParams = new KeyProtection.Builder( 2247 KeyProperties.PURPOSE_ENCRYPT) 2248 .setBlockModes(KeyProperties.BLOCK_MODE_GCM) 2249 .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) 2250 .build(); 2251 mKeyStore.setEntry(entryName1, new KeyStore.SecretKeyEntry(key1), protectionParams); 2252 2253 // Import key3 lots of times, under different aliases. 2254 while (!isDeadlineReached( 2255 testStartTimeMillis, LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_MILLIS)) { 2256 latestImportedEntryNumber++; 2257 if ((latestImportedEntryNumber % 1000) == 0) { 2258 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2259 } 2260 String entryAlias = "test" + latestImportedEntryNumber; 2261 try { 2262 mKeyStore.setEntry(entryAlias, 2263 new KeyStore.SecretKeyEntry(key3), protectionParams); 2264 } catch (Throwable e) { 2265 throw new RuntimeException("Entry " + entryAlias + " import failed", e); 2266 } 2267 } 2268 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2269 if (latestImportedEntryNumber < MIN_SUPPORTED_KEY_COUNT) { 2270 fail("Failed to import " + MIN_SUPPORTED_KEY_COUNT + " keys in " 2271 + (System.currentTimeMillis() - testStartTimeMillis) 2272 + " ms. Imported: " + latestImportedEntryNumber + " keys"); 2273 } 2274 2275 latestImportedEntryNumber++; 2276 String entryName2 = "test" + latestImportedEntryNumber; 2277 mKeyStore.setEntry(entryName2, new KeyStore.SecretKeyEntry(key2), protectionParams); 2278 SecretKey keystoreKey2 = (SecretKey) mKeyStore.getKey(entryName2, null); 2279 SecretKey keystoreKey1 = (SecretKey) mKeyStore.getKey(entryName1, null); 2280 2281 byte[] plaintext = "This is a test".getBytes("UTF-8"); 2282 Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); 2283 cipher.init(Cipher.ENCRYPT_MODE, keystoreKey1); 2284 byte[] ciphertext = cipher.doFinal(plaintext); 2285 AlgorithmParameters cipherParams = cipher.getParameters(); 2286 cipher = Cipher.getInstance(cipher.getAlgorithm()); 2287 cipher.init(Cipher.DECRYPT_MODE, key1, cipherParams); 2288 MoreAsserts.assertEquals(plaintext, cipher.doFinal(ciphertext)); 2289 2290 cipher = Cipher.getInstance(cipher.getAlgorithm()); 2291 cipher.init(Cipher.ENCRYPT_MODE, keystoreKey2); 2292 ciphertext = cipher.doFinal(plaintext); 2293 cipherParams = cipher.getParameters(); 2294 cipher = Cipher.getInstance(cipher.getAlgorithm()); 2295 cipher.init(Cipher.DECRYPT_MODE, key2, cipherParams); 2296 MoreAsserts.assertEquals(plaintext, cipher.doFinal(ciphertext)); 2297 } finally { 2298 // Clean up Keystore without using KeyStore.aliases() which can't handle this many 2299 // entries. 2300 Log.i(TAG, "Deleting imported keys"); 2301 for (int i = 0; i <= latestImportedEntryNumber; i++) { 2302 if ((i > 0) && ((i % 1000) == 0)) { 2303 Log.i(TAG, "Deleted " + i + " keys"); 2304 } 2305 mKeyStore.deleteEntry("test" + i); 2306 } 2307 Log.i(TAG, "Deleted " + (latestImportedEntryNumber + 1) + " keys"); 2308 } 2309 } 2310 2311 @LargeTest testKeyStore_LargeNumberOfKeysSupported_HMAC()2312 public void testKeyStore_LargeNumberOfKeysSupported_HMAC() throws Exception { 2313 // This test imports key1, then lots of other keys, then key2, and then confirms that 2314 // key1 and key2 backed by Android Keystore work fine. The assumption is that if the 2315 // underlying implementation has a limit on the number of keys, it'll either delete the 2316 // oldest key (key1), or will refuse to add keys (key2). 2317 // The test imports as many keys as it can in a fixed amount of time instead of stopping 2318 // at MIN_SUPPORTED_KEY_COUNT to balance the desire to support an unlimited number of keys 2319 // with the constraints on how long the test can run and performance differences of hardware 2320 // under test. 2321 2322 long testStartTimeMillis = System.currentTimeMillis(); 2323 2324 SecretKey key1 = new TransparentSecretKey( 2325 HexEncoding.decode("010203040506070809fafbfcfdfeffcc"), "HmacSHA256"); 2326 String entryName1 = "test0"; 2327 2328 SecretKey key2 = new TransparentSecretKey( 2329 HexEncoding.decode("808182838485868788897a7b7c7d7e7f"), "HmacSHA256"); 2330 2331 SecretKey key3 = new TransparentSecretKey( 2332 HexEncoding.decode("33333333333333333333777777777777"), "HmacSHA256"); 2333 2334 mKeyStore.load(null); 2335 int latestImportedEntryNumber = 0; 2336 try { 2337 KeyProtection protectionParams = new KeyProtection.Builder( 2338 KeyProperties.PURPOSE_SIGN) 2339 .build(); 2340 mKeyStore.setEntry(entryName1, new KeyStore.SecretKeyEntry(key1), protectionParams); 2341 2342 // Import key3 lots of times, under different aliases. 2343 while (!isDeadlineReached( 2344 testStartTimeMillis, LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_MILLIS)) { 2345 latestImportedEntryNumber++; 2346 if ((latestImportedEntryNumber % 1000) == 0) { 2347 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2348 } 2349 String entryAlias = "test" + latestImportedEntryNumber; 2350 try { 2351 mKeyStore.setEntry(entryAlias, 2352 new KeyStore.SecretKeyEntry(key3), protectionParams); 2353 } catch (Throwable e) { 2354 throw new RuntimeException("Entry " + entryAlias + " import failed", e); 2355 } 2356 } 2357 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2358 if (latestImportedEntryNumber < MIN_SUPPORTED_KEY_COUNT) { 2359 fail("Failed to import " + MIN_SUPPORTED_KEY_COUNT + " keys in " 2360 + (System.currentTimeMillis() - testStartTimeMillis) 2361 + " ms. Imported: " + latestImportedEntryNumber + " keys"); 2362 } 2363 2364 latestImportedEntryNumber++; 2365 String entryName2 = "test" + latestImportedEntryNumber; 2366 mKeyStore.setEntry(entryName2, new KeyStore.SecretKeyEntry(key2), protectionParams); 2367 SecretKey keystoreKey2 = (SecretKey) mKeyStore.getKey(entryName2, null); 2368 SecretKey keystoreKey1 = (SecretKey) mKeyStore.getKey(entryName1, null); 2369 2370 byte[] message = "This is a test".getBytes("UTF-8"); 2371 Mac mac = Mac.getInstance(key1.getAlgorithm()); 2372 mac.init(keystoreKey1); 2373 MoreAsserts.assertEquals( 2374 HexEncoding.decode( 2375 "905e36f5a175f4ca54ad56b860b46f6502f883a90628dca2d33a953fb7224eaf"), 2376 mac.doFinal(message)); 2377 2378 mac = Mac.getInstance(key2.getAlgorithm()); 2379 mac.init(keystoreKey2); 2380 MoreAsserts.assertEquals( 2381 HexEncoding.decode( 2382 "59b57e77e4e2cb36b5c7b84af198ac004327bc549de6931a1b5505372dd8c957"), 2383 mac.doFinal(message)); 2384 } finally { 2385 // Clean up Keystore without using KeyStore.aliases() which can't handle this many 2386 // entries. 2387 Log.i(TAG, "Deleting imported keys"); 2388 for (int i = 0; i <= latestImportedEntryNumber; i++) { 2389 if ((i > 0) && ((i % 1000) == 0)) { 2390 Log.i(TAG, "Deleted " + i + " keys"); 2391 } 2392 mKeyStore.deleteEntry("test" + i); 2393 } 2394 Log.i(TAG, "Deleted " + (latestImportedEntryNumber + 1) + " keys"); 2395 } 2396 } 2397 testKeyStore_OnlyOneDigestCanBeAuthorized_HMAC()2398 public void testKeyStore_OnlyOneDigestCanBeAuthorized_HMAC() throws Exception { 2399 mKeyStore.load(null); 2400 2401 for (String algorithm : KeyGeneratorTest.EXPECTED_ALGORITHMS) { 2402 if (!TestUtils.isHmacAlgorithm(algorithm)) { 2403 continue; 2404 } 2405 try { 2406 String digest = TestUtils.getHmacAlgorithmDigest(algorithm); 2407 assertNotNull(digest); 2408 SecretKey keyBeingImported = new TransparentSecretKey(new byte[16], algorithm); 2409 2410 KeyProtection.Builder goodSpec = 2411 new KeyProtection.Builder(KeyProperties.PURPOSE_SIGN); 2412 2413 // Digests authorization not specified in import parameters 2414 assertFalse(goodSpec.build().isDigestsSpecified()); 2415 mKeyStore.setEntry(TEST_ALIAS_1, 2416 new KeyStore.SecretKeyEntry(keyBeingImported), 2417 goodSpec.build()); 2418 SecretKey key = (SecretKey) mKeyStore.getKey(TEST_ALIAS_1, null); 2419 TestUtils.assertContentsInAnyOrder( 2420 Arrays.asList(TestUtils.getKeyInfo(key).getDigests()), digest); 2421 2422 // The same digest is specified in import parameters 2423 mKeyStore.setEntry(TEST_ALIAS_1, 2424 new KeyStore.SecretKeyEntry(keyBeingImported), 2425 TestUtils.buildUpon(goodSpec).setDigests(digest).build()); 2426 key = (SecretKey) mKeyStore.getKey(TEST_ALIAS_1, null); 2427 TestUtils.assertContentsInAnyOrder( 2428 Arrays.asList(TestUtils.getKeyInfo(key).getDigests()), digest); 2429 2430 // Empty set of digests specified in import parameters 2431 try { 2432 mKeyStore.setEntry(TEST_ALIAS_1, 2433 new KeyStore.SecretKeyEntry(keyBeingImported), 2434 TestUtils.buildUpon(goodSpec).setDigests().build()); 2435 fail(); 2436 } catch (KeyStoreException expected) {} 2437 2438 // A different digest specified in import parameters 2439 String anotherDigest = "SHA-256".equalsIgnoreCase(digest) ? "SHA-384" : "SHA-256"; 2440 try { 2441 mKeyStore.setEntry(TEST_ALIAS_1, 2442 new KeyStore.SecretKeyEntry(keyBeingImported), 2443 TestUtils.buildUpon(goodSpec).setDigests(anotherDigest).build()); 2444 fail(); 2445 } catch (KeyStoreException expected) {} 2446 try { 2447 mKeyStore.setEntry(TEST_ALIAS_1, 2448 new KeyStore.SecretKeyEntry(keyBeingImported), 2449 TestUtils.buildUpon(goodSpec) 2450 .setDigests(digest, anotherDigest) 2451 .build()); 2452 fail(); 2453 } catch (KeyStoreException expected) {} 2454 } catch (Throwable e) { 2455 throw new RuntimeException("Failed for " + algorithm, e); 2456 } 2457 } 2458 } 2459 testKeyStore_ImportSupportedSizes_AES()2460 public void testKeyStore_ImportSupportedSizes_AES() throws Exception { 2461 mKeyStore.load(null); 2462 2463 KeyProtection params = new KeyProtection.Builder( 2464 KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) 2465 .build(); 2466 String alias = "test1"; 2467 mKeyStore.deleteEntry(alias); 2468 assertFalse(mKeyStore.containsAlias(alias)); 2469 for (int keySizeBytes = 0; keySizeBytes <= 512 / 8; keySizeBytes++) { 2470 int keySizeBits = keySizeBytes * 8; 2471 try { 2472 KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry( 2473 new TransparentSecretKey(new byte[keySizeBytes], "AES")); 2474 if (TestUtils.contains(KeyGeneratorTest.AES_SUPPORTED_KEY_SIZES, keySizeBits)) { 2475 mKeyStore.setEntry(alias, entry, params); 2476 SecretKey key = (SecretKey) mKeyStore.getKey(alias, null); 2477 assertEquals("AES", key.getAlgorithm()); 2478 assertEquals(keySizeBits, TestUtils.getKeyInfo(key).getKeySize()); 2479 } else { 2480 mKeyStore.deleteEntry(alias); 2481 assertFalse(mKeyStore.containsAlias(alias)); 2482 try { 2483 mKeyStore.setEntry(alias, entry, params); 2484 fail(); 2485 } catch (KeyStoreException expected) {} 2486 assertFalse(mKeyStore.containsAlias(alias)); 2487 } 2488 } catch (Throwable e) { 2489 throw new RuntimeException("Failed for key size " + keySizeBits, e); 2490 } 2491 } 2492 } 2493 testKeyStore_ImportSupportedSizes_HMAC()2494 public void testKeyStore_ImportSupportedSizes_HMAC() throws Exception { 2495 mKeyStore.load(null); 2496 2497 KeyProtection params = new KeyProtection.Builder(KeyProperties.PURPOSE_SIGN).build(); 2498 String alias = "test1"; 2499 mKeyStore.deleteEntry(alias); 2500 assertFalse(mKeyStore.containsAlias(alias)); 2501 for (String algorithm : KeyGeneratorTest.EXPECTED_ALGORITHMS) { 2502 if (!TestUtils.isHmacAlgorithm(algorithm)) { 2503 continue; 2504 } 2505 for (int keySizeBytes = 0; keySizeBytes <= 1024 / 8; keySizeBytes++) { 2506 try { 2507 KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry( 2508 new TransparentSecretKey(new byte[keySizeBytes], algorithm)); 2509 if (keySizeBytes > 0) { 2510 mKeyStore.setEntry(alias, entry, params); 2511 SecretKey key = (SecretKey) mKeyStore.getKey(alias, null); 2512 assertEquals(algorithm, key.getAlgorithm()); 2513 assertEquals(keySizeBytes * 8, TestUtils.getKeyInfo(key).getKeySize()); 2514 } else { 2515 mKeyStore.deleteEntry(alias); 2516 assertFalse(mKeyStore.containsAlias(alias)); 2517 try { 2518 mKeyStore.setEntry(alias, entry, params); 2519 fail(); 2520 } catch (KeyStoreException expected) {} 2521 } 2522 } catch (Throwable e) { 2523 throw new RuntimeException( 2524 "Failed for " + algorithm + " with key size " + (keySizeBytes * 8), e); 2525 } 2526 } 2527 } 2528 } 2529 testKeyStore_ImportSupportedSizes_EC()2530 public void testKeyStore_ImportSupportedSizes_EC() throws Exception { 2531 mKeyStore.load(null); 2532 KeyProtection params = 2533 TestUtils.getMinimalWorkingImportParametersForSigningingWith("SHA256withECDSA"); 2534 checkKeyPairImportSucceeds( 2535 "secp224r1", R.raw.ec_key3_secp224r1_pkcs8, R.raw.ec_key3_secp224r1_cert, params); 2536 checkKeyPairImportSucceeds( 2537 "secp256r1", R.raw.ec_key4_secp256r1_pkcs8, R.raw.ec_key4_secp256r1_cert, params); 2538 checkKeyPairImportSucceeds( 2539 "secp384r1", R.raw.ec_key5_secp384r1_pkcs8, R.raw.ec_key5_secp384r1_cert, params); 2540 checkKeyPairImportSucceeds( 2541 "secp512r1", R.raw.ec_key6_secp521r1_pkcs8, R.raw.ec_key6_secp521r1_cert, params); 2542 } 2543 testKeyStore_ImportSupportedSizes_RSA()2544 public void testKeyStore_ImportSupportedSizes_RSA() throws Exception { 2545 mKeyStore.load(null); 2546 KeyProtection params = 2547 TestUtils.getMinimalWorkingImportParametersForSigningingWith("SHA256withRSA"); 2548 checkKeyPairImportSucceeds( 2549 "512", R.raw.rsa_key5_512_pkcs8, R.raw.rsa_key5_512_cert, params); 2550 checkKeyPairImportSucceeds( 2551 "768", R.raw.rsa_key6_768_pkcs8, R.raw.rsa_key6_768_cert, params); 2552 checkKeyPairImportSucceeds( 2553 "1024", R.raw.rsa_key3_1024_pkcs8, R.raw.rsa_key3_1024_cert, params); 2554 checkKeyPairImportSucceeds( 2555 "2048", R.raw.rsa_key8_2048_pkcs8, R.raw.rsa_key8_2048_cert, params); 2556 checkKeyPairImportSucceeds( 2557 "3072", R.raw.rsa_key7_3072_pksc8, R.raw.rsa_key7_3072_cert, params); 2558 checkKeyPairImportSucceeds( 2559 "4096", R.raw.rsa_key4_4096_pkcs8, R.raw.rsa_key4_4096_cert, params); 2560 } 2561 checkKeyPairImportSucceeds( String alias, int privateResId, int certResId, KeyProtection params)2562 private void checkKeyPairImportSucceeds( 2563 String alias, int privateResId, int certResId, KeyProtection params) throws Exception { 2564 try { 2565 mKeyStore.deleteEntry(alias); 2566 TestUtils.importIntoAndroidKeyStore( 2567 alias, getContext(), privateResId, certResId, params); 2568 } catch (Throwable e) { 2569 throw new RuntimeException("Failed for " + alias, e); 2570 } finally { 2571 try { 2572 mKeyStore.deleteEntry(alias); 2573 } catch (Exception ignored) {} 2574 } 2575 } 2576 } 2577