1 /* 2 * Copyright 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.keystore.cts; 18 19 import android.app.KeyguardManager; 20 import android.content.Context; 21 import android.security.KeyPairGeneratorSpec; 22 import android.security.KeyStoreParameter; 23 import android.security.keystore.KeyProperties; 24 import android.security.keystore.KeyProtection; 25 import android.test.AndroidTestCase; 26 import android.test.MoreAsserts; 27 import android.test.suitebuilder.annotation.LargeTest; 28 import android.util.Log; 29 30 import android.keystore.cts.R; 31 32 import java.io.ByteArrayInputStream; 33 import java.io.ByteArrayOutputStream; 34 import java.io.OutputStream; 35 import java.math.BigInteger; 36 import java.security.AlgorithmParameters; 37 import java.security.Key; 38 import java.security.KeyFactory; 39 import java.security.KeyPairGenerator; 40 import java.security.KeyStore; 41 import java.security.KeyStore.Entry; 42 import java.security.KeyStore.PrivateKeyEntry; 43 import java.security.KeyStore.TrustedCertificateEntry; 44 import java.security.KeyStoreException; 45 import java.security.PrivateKey; 46 import java.security.PublicKey; 47 import java.security.Signature; 48 import java.security.cert.Certificate; 49 import java.security.cert.CertificateFactory; 50 import java.security.interfaces.ECKey; 51 import java.security.interfaces.RSAKey; 52 import java.security.spec.PKCS8EncodedKeySpec; 53 import java.util.ArrayList; 54 import java.util.Arrays; 55 import java.util.Calendar; 56 import java.util.Collection; 57 import java.util.Date; 58 import java.util.Enumeration; 59 import java.util.HashSet; 60 import java.util.Iterator; 61 import java.util.Set; 62 63 import javax.crypto.BadPaddingException; 64 import javax.crypto.Cipher; 65 import javax.crypto.Mac; 66 import javax.crypto.SecretKey; 67 import javax.security.auth.x500.X500Principal; 68 69 public class AndroidKeyStoreTest extends AndroidTestCase { 70 private static final String TAG = AndroidKeyStoreTest.class.getSimpleName(); 71 72 private KeyStore mKeyStore; 73 74 private static final String TEST_ALIAS_1 = "test1"; 75 76 private static final String TEST_ALIAS_2 = "test2"; 77 78 private static final String TEST_ALIAS_3 = "test3"; 79 80 /* 81 * The keys and certificates below are generated with: 82 * 83 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 84 * openssl req -newkey rsa:1024 -keyout userkey.pem -nodes -days 3650 -out userkey.req 85 * mkdir -p demoCA/newcerts 86 * touch demoCA/index.txt 87 * echo "01" > demoCA/serial 88 * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 89 */ 90 91 /** 92 * Generated from above and converted with: 93 * 94 * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 95 */ 96 private static final byte[] FAKE_RSA_CA_1 = { 97 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0xce, (byte) 0x30, (byte) 0x82, 98 (byte) 0x02, (byte) 0x37, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 99 (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0x6a, 100 (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, (byte) 0x55, (byte) 0x48, (byte) 0x0a, 101 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 102 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 103 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, 104 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 105 (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, 106 (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, 107 (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, 108 (byte) 0x41, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, 109 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, 110 (byte) 0x4d, (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, 111 (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, 112 (byte) 0x77, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, 113 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, 114 (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, 115 (byte) 0x64, (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, 116 (byte) 0x20, (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, 117 (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, 118 (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x34, (byte) 0x31, (byte) 0x36, 119 (byte) 0x35, (byte) 0x35, (byte) 0x34, (byte) 0x34, (byte) 0x5a, (byte) 0x17, 120 (byte) 0x0d, (byte) 0x32, (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, 121 (byte) 0x32, (byte) 0x31, (byte) 0x36, (byte) 0x35, (byte) 0x35, (byte) 0x34, 122 (byte) 0x34, (byte) 0x5a, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, 123 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 124 (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, 125 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 126 (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, 127 (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, 128 (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, 129 (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, 130 (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, 131 (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, 132 (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, 133 (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, 134 (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, 135 (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, 136 (byte) 0x81, (byte) 0x9f, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, 137 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, 138 (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, 139 (byte) 0x81, (byte) 0x8d, (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, 140 (byte) 0x02, (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0xa3, (byte) 0x72, 141 (byte) 0xab, (byte) 0xd0, (byte) 0xe4, (byte) 0xad, (byte) 0x2f, (byte) 0xe7, 142 (byte) 0xe2, (byte) 0x79, (byte) 0x07, (byte) 0x36, (byte) 0x3d, (byte) 0x0c, 143 (byte) 0x8d, (byte) 0x42, (byte) 0x9a, (byte) 0x0a, (byte) 0x33, (byte) 0x64, 144 (byte) 0xb3, (byte) 0xcd, (byte) 0xb2, (byte) 0xd7, (byte) 0x3a, (byte) 0x42, 145 (byte) 0x06, (byte) 0x77, (byte) 0x45, (byte) 0x29, (byte) 0xe9, (byte) 0xcb, 146 (byte) 0xb7, (byte) 0x4a, (byte) 0xd6, (byte) 0xee, (byte) 0xad, (byte) 0x01, 147 (byte) 0x91, (byte) 0x9b, (byte) 0x0c, (byte) 0x59, (byte) 0xa1, (byte) 0x03, 148 (byte) 0xfa, (byte) 0xf0, (byte) 0x5a, (byte) 0x7c, (byte) 0x4f, (byte) 0xf7, 149 (byte) 0x8d, (byte) 0x36, (byte) 0x0f, (byte) 0x1f, (byte) 0x45, (byte) 0x7d, 150 (byte) 0x1b, (byte) 0x31, (byte) 0xa1, (byte) 0x35, (byte) 0x0b, (byte) 0x00, 151 (byte) 0xed, (byte) 0x7a, (byte) 0xb6, (byte) 0xc8, (byte) 0x4e, (byte) 0xa9, 152 (byte) 0x86, (byte) 0x4c, (byte) 0x7b, (byte) 0x99, (byte) 0x57, (byte) 0x41, 153 (byte) 0x12, (byte) 0xef, (byte) 0x6b, (byte) 0xbc, (byte) 0x3d, (byte) 0x60, 154 (byte) 0xf2, (byte) 0x99, (byte) 0x1a, (byte) 0xcd, (byte) 0xed, (byte) 0x56, 155 (byte) 0xa4, (byte) 0xe5, (byte) 0x36, (byte) 0x9f, (byte) 0x24, (byte) 0x1f, 156 (byte) 0xdc, (byte) 0x89, (byte) 0x40, (byte) 0xc8, (byte) 0x99, (byte) 0x92, 157 (byte) 0xab, (byte) 0x4a, (byte) 0xb5, (byte) 0x61, (byte) 0x45, (byte) 0x62, 158 (byte) 0xff, (byte) 0xa3, (byte) 0x45, (byte) 0x65, (byte) 0xaf, (byte) 0xf6, 159 (byte) 0x27, (byte) 0x30, (byte) 0x51, (byte) 0x0e, (byte) 0x0e, (byte) 0xeb, 160 (byte) 0x79, (byte) 0x0c, (byte) 0xbe, (byte) 0xb3, (byte) 0x0a, (byte) 0x6f, 161 (byte) 0x29, (byte) 0x06, (byte) 0xdc, (byte) 0x2f, (byte) 0x6b, (byte) 0x51, 162 (byte) 0x02, (byte) 0x03, (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, 163 (byte) 0x81, (byte) 0xb1, (byte) 0x30, (byte) 0x81, (byte) 0xae, (byte) 0x30, 164 (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, 165 (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x33, (byte) 0x05, 166 (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, (byte) 0xc7, (byte) 0xf9, 167 (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, 168 (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, (byte) 0x5d, (byte) 0x51, 169 (byte) 0x30, (byte) 0x7f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, 170 (byte) 0x23, (byte) 0x04, (byte) 0x78, (byte) 0x30, (byte) 0x76, (byte) 0x80, 171 (byte) 0x14, (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, 172 (byte) 0x60, (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, 173 (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, 174 (byte) 0x8e, (byte) 0x5d, (byte) 0x51, (byte) 0xa1, (byte) 0x53, (byte) 0xa4, 175 (byte) 0x51, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 176 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 177 (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, 178 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 179 (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, 180 (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, 181 (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, 182 (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, 183 (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, 184 (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, 185 (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, 186 (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, 187 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, 188 (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x82, (byte) 0x09, 189 (byte) 0x00, (byte) 0xe1, (byte) 0x6a, (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, 190 (byte) 0x55, (byte) 0x48, (byte) 0x0a, (byte) 0x30, (byte) 0x0c, (byte) 0x06, 191 (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x05, 192 (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, 193 (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, 194 (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, 195 (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, (byte) 0x00, 196 (byte) 0x8c, (byte) 0x30, (byte) 0x42, (byte) 0xfa, (byte) 0xeb, (byte) 0x1a, 197 (byte) 0x26, (byte) 0xeb, (byte) 0xda, (byte) 0x56, (byte) 0x32, (byte) 0xf2, 198 (byte) 0x9d, (byte) 0xa5, (byte) 0x24, (byte) 0xd8, (byte) 0x3a, (byte) 0xda, 199 (byte) 0x30, (byte) 0xa6, (byte) 0x8b, (byte) 0x46, (byte) 0xfe, (byte) 0xfe, 200 (byte) 0xdb, (byte) 0xf1, (byte) 0xe6, (byte) 0xe1, (byte) 0x7c, (byte) 0x1b, 201 (byte) 0xe7, (byte) 0x77, (byte) 0x00, (byte) 0xa1, (byte) 0x1c, (byte) 0x19, 202 (byte) 0x17, (byte) 0x73, (byte) 0xb0, (byte) 0xf0, (byte) 0x9d, (byte) 0xf3, 203 (byte) 0x4f, (byte) 0xb6, (byte) 0xbc, (byte) 0xc7, (byte) 0x47, (byte) 0x85, 204 (byte) 0x2a, (byte) 0x4a, (byte) 0xa1, (byte) 0xa5, (byte) 0x58, (byte) 0xf5, 205 (byte) 0xc5, (byte) 0x1a, (byte) 0x51, (byte) 0xb1, (byte) 0x04, (byte) 0x80, 206 (byte) 0xee, (byte) 0x3a, (byte) 0xec, (byte) 0x2f, (byte) 0xe1, (byte) 0xfd, 207 (byte) 0x58, (byte) 0xeb, (byte) 0xed, (byte) 0x82, (byte) 0x9e, (byte) 0x38, 208 (byte) 0xa3, (byte) 0x24, (byte) 0x75, (byte) 0xf7, (byte) 0x3e, (byte) 0xc2, 209 (byte) 0xc5, (byte) 0x27, (byte) 0xeb, (byte) 0x6f, (byte) 0x7b, (byte) 0x50, 210 (byte) 0xda, (byte) 0x43, (byte) 0xdc, (byte) 0x3b, (byte) 0x0b, (byte) 0x6f, 211 (byte) 0x78, (byte) 0x8f, (byte) 0xb0, (byte) 0x66, (byte) 0xe1, (byte) 0x12, 212 (byte) 0x87, (byte) 0x5f, (byte) 0x97, (byte) 0x7b, (byte) 0xca, (byte) 0x14, 213 (byte) 0x79, (byte) 0xf7, (byte) 0xe8, (byte) 0x6c, (byte) 0x72, (byte) 0xdb, 214 (byte) 0x91, (byte) 0x65, (byte) 0x17, (byte) 0x54, (byte) 0xe0, (byte) 0x74, 215 (byte) 0x1d, (byte) 0xac, (byte) 0x47, (byte) 0x04, (byte) 0x12, (byte) 0xe0, 216 (byte) 0xc3, (byte) 0x66, (byte) 0x19, (byte) 0x05, (byte) 0x2e, (byte) 0x7e, 217 (byte) 0xf1, (byte) 0x61 218 }; 219 220 /** 221 * Generated from above and converted with: 222 * 223 * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' 224 */ 225 private static final byte[] FAKE_RSA_KEY_1 = new byte[] { 226 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x02, (byte) 0x01, 227 (byte) 0x00, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, 228 (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, 229 (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x82, 230 (byte) 0x02, (byte) 0x62, (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x5e, 231 (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x02, (byte) 0x81, (byte) 0x81, 232 (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, (byte) 0x5b, 233 (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, (byte) 0x66, 234 (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, (byte) 0x8a, 235 (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, (byte) 0x02, 236 (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, (byte) 0xf3, 237 (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, (byte) 0x6d, 238 (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, (byte) 0x67, 239 (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, (byte) 0xcb, 240 (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, (byte) 0xe2, 241 (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, (byte) 0x79, 242 (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, (byte) 0xce, 243 (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, (byte) 0x08, 244 (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, (byte) 0x3b, 245 (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, (byte) 0xc4, 246 (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, (byte) 0x0d, 247 (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, (byte) 0x23, 248 (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, (byte) 0x08, 249 (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, (byte) 0xf1, 250 (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, (byte) 0xb4, 251 (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, (byte) 0x16, 252 (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, (byte) 0x9e, 253 (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, (byte) 0x01, 254 (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x81, (byte) 0x80, (byte) 0x16, 255 (byte) 0x59, (byte) 0xc3, (byte) 0x24, (byte) 0x1d, (byte) 0x33, (byte) 0x98, 256 (byte) 0x9c, (byte) 0xc9, (byte) 0xc8, (byte) 0x2c, (byte) 0x88, (byte) 0xbf, 257 (byte) 0x0a, (byte) 0x01, (byte) 0xce, (byte) 0xfb, (byte) 0x34, (byte) 0x7a, 258 (byte) 0x58, (byte) 0x7a, (byte) 0xb0, (byte) 0xbf, (byte) 0xa6, (byte) 0xb2, 259 (byte) 0x60, (byte) 0xbe, (byte) 0x70, (byte) 0x21, (byte) 0xf5, (byte) 0xfc, 260 (byte) 0x85, (byte) 0x0d, (byte) 0x33, (byte) 0x58, (byte) 0xa1, (byte) 0xe5, 261 (byte) 0x09, (byte) 0x36, (byte) 0x84, (byte) 0xb2, (byte) 0x04, (byte) 0x0a, 262 (byte) 0x02, (byte) 0xd3, (byte) 0x88, (byte) 0x1f, (byte) 0x0c, (byte) 0x2b, 263 (byte) 0x1d, (byte) 0xe9, (byte) 0x3d, (byte) 0xe7, (byte) 0x79, (byte) 0xf9, 264 (byte) 0x32, (byte) 0x5c, (byte) 0x8a, (byte) 0x75, (byte) 0x49, (byte) 0x12, 265 (byte) 0xe4, (byte) 0x05, (byte) 0x26, (byte) 0xd4, (byte) 0x2e, (byte) 0x9e, 266 (byte) 0x1f, (byte) 0xcc, (byte) 0x54, (byte) 0xad, (byte) 0x33, (byte) 0x8d, 267 (byte) 0x99, (byte) 0x00, (byte) 0xdc, (byte) 0xf5, (byte) 0xb4, (byte) 0xa2, 268 (byte) 0x2f, (byte) 0xba, (byte) 0xe5, (byte) 0x62, (byte) 0x30, (byte) 0x6d, 269 (byte) 0xe6, (byte) 0x3d, (byte) 0xeb, (byte) 0x24, (byte) 0xc2, (byte) 0xdc, 270 (byte) 0x5f, (byte) 0xb7, (byte) 0x16, (byte) 0x35, (byte) 0xa3, (byte) 0x98, 271 (byte) 0x98, (byte) 0xa8, (byte) 0xef, (byte) 0xe8, (byte) 0xc4, (byte) 0x96, 272 (byte) 0x6d, (byte) 0x38, (byte) 0xab, (byte) 0x26, (byte) 0x6d, (byte) 0x30, 273 (byte) 0xc2, (byte) 0xa0, (byte) 0x44, (byte) 0xe4, (byte) 0xff, (byte) 0x7e, 274 (byte) 0xbe, (byte) 0x7c, (byte) 0x33, (byte) 0xa5, (byte) 0x10, (byte) 0xad, 275 (byte) 0xd7, (byte) 0x1e, (byte) 0x13, (byte) 0x20, (byte) 0xb3, (byte) 0x1f, 276 (byte) 0x41, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xf1, (byte) 0x89, 277 (byte) 0x07, (byte) 0x0f, (byte) 0xe8, (byte) 0xcf, (byte) 0xab, (byte) 0x13, 278 (byte) 0x2a, (byte) 0x8f, (byte) 0x88, (byte) 0x80, (byte) 0x11, (byte) 0x9a, 279 (byte) 0x79, (byte) 0xb6, (byte) 0x59, (byte) 0x3a, (byte) 0x50, (byte) 0x6e, 280 (byte) 0x57, (byte) 0x37, (byte) 0xab, (byte) 0x2a, (byte) 0xd2, (byte) 0xaa, 281 (byte) 0xd9, (byte) 0x72, (byte) 0x73, (byte) 0xff, (byte) 0x8b, (byte) 0x47, 282 (byte) 0x76, (byte) 0xdd, (byte) 0xdc, (byte) 0xf5, (byte) 0x97, (byte) 0x44, 283 (byte) 0x3a, (byte) 0x78, (byte) 0xbe, (byte) 0x17, (byte) 0xb4, (byte) 0x22, 284 (byte) 0x6f, (byte) 0xe5, (byte) 0x23, (byte) 0x70, (byte) 0x1d, (byte) 0x10, 285 (byte) 0x5d, (byte) 0xba, (byte) 0x16, (byte) 0x81, (byte) 0xf1, (byte) 0x45, 286 (byte) 0xce, (byte) 0x30, (byte) 0xb4, (byte) 0xab, (byte) 0x80, (byte) 0xe4, 287 (byte) 0x98, (byte) 0x31, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xda, 288 (byte) 0x82, (byte) 0x9d, (byte) 0x3f, (byte) 0xca, (byte) 0x2f, (byte) 0xe1, 289 (byte) 0xd4, (byte) 0x86, (byte) 0x77, (byte) 0x48, (byte) 0xa6, (byte) 0xab, 290 (byte) 0xab, (byte) 0x1c, (byte) 0x42, (byte) 0x5c, (byte) 0xd5, (byte) 0xc7, 291 (byte) 0x46, (byte) 0x59, (byte) 0x91, (byte) 0x3f, (byte) 0xfc, (byte) 0xcc, 292 (byte) 0xec, (byte) 0xc2, (byte) 0x40, (byte) 0x12, (byte) 0x2c, (byte) 0x8d, 293 (byte) 0x1f, (byte) 0xa2, (byte) 0x18, (byte) 0x88, (byte) 0xee, (byte) 0x82, 294 (byte) 0x4a, (byte) 0x5a, (byte) 0x5e, (byte) 0x88, (byte) 0x20, (byte) 0xe3, 295 (byte) 0x7b, (byte) 0xe0, (byte) 0xd8, (byte) 0x3a, (byte) 0x52, (byte) 0x9a, 296 (byte) 0x26, (byte) 0x6a, (byte) 0x04, (byte) 0xec, (byte) 0xe8, (byte) 0xb9, 297 (byte) 0x48, (byte) 0x40, (byte) 0xe1, (byte) 0xe1, (byte) 0x83, (byte) 0xa6, 298 (byte) 0x67, (byte) 0xa6, (byte) 0xfd, (byte) 0x02, (byte) 0x41, (byte) 0x00, 299 (byte) 0x89, (byte) 0x72, (byte) 0x3e, (byte) 0xb0, (byte) 0x90, (byte) 0xfd, 300 (byte) 0x4c, (byte) 0x0e, (byte) 0xd6, (byte) 0x13, (byte) 0x63, (byte) 0xcb, 301 (byte) 0xed, (byte) 0x38, (byte) 0x88, (byte) 0xb6, (byte) 0x79, (byte) 0xc4, 302 (byte) 0x33, (byte) 0x6c, (byte) 0xf6, (byte) 0xf8, (byte) 0xd8, (byte) 0xd0, 303 (byte) 0xbf, (byte) 0x9d, (byte) 0x35, (byte) 0xac, (byte) 0x69, (byte) 0xd2, 304 (byte) 0x2b, (byte) 0xc1, (byte) 0xf9, (byte) 0x24, (byte) 0x7b, (byte) 0xce, 305 (byte) 0xcd, (byte) 0xcb, (byte) 0xa7, (byte) 0xb2, (byte) 0x7a, (byte) 0x0a, 306 (byte) 0x27, (byte) 0x19, (byte) 0xc9, (byte) 0xaf, (byte) 0x0d, (byte) 0x21, 307 (byte) 0x89, (byte) 0x88, (byte) 0x7c, (byte) 0xad, (byte) 0x9e, (byte) 0x8d, 308 (byte) 0x47, (byte) 0x6d, (byte) 0x3f, (byte) 0xce, (byte) 0x7b, (byte) 0xa1, 309 (byte) 0x74, (byte) 0xf1, (byte) 0xa0, (byte) 0xa1, (byte) 0x02, (byte) 0x41, 310 (byte) 0x00, (byte) 0xd9, (byte) 0xa8, (byte) 0xf5, (byte) 0xfe, (byte) 0xce, 311 (byte) 0xe6, (byte) 0x77, (byte) 0x6b, (byte) 0xfe, (byte) 0x2d, (byte) 0xe0, 312 (byte) 0x1e, (byte) 0xb6, (byte) 0x2e, (byte) 0x12, (byte) 0x4e, (byte) 0x40, 313 (byte) 0xaf, (byte) 0x6a, (byte) 0x7b, (byte) 0x37, (byte) 0x49, (byte) 0x2a, 314 (byte) 0x96, (byte) 0x25, (byte) 0x83, (byte) 0x49, (byte) 0xd4, (byte) 0x0c, 315 (byte) 0xc6, (byte) 0x78, (byte) 0x25, (byte) 0x24, (byte) 0x90, (byte) 0x90, 316 (byte) 0x06, (byte) 0x15, (byte) 0x9e, (byte) 0xfe, (byte) 0xf9, (byte) 0xdf, 317 (byte) 0x5b, (byte) 0xf3, (byte) 0x7e, (byte) 0x38, (byte) 0x70, (byte) 0xeb, 318 (byte) 0x57, (byte) 0xd0, (byte) 0xd9, (byte) 0xa7, (byte) 0x0e, (byte) 0x14, 319 (byte) 0xf7, (byte) 0x95, (byte) 0x68, (byte) 0xd5, (byte) 0xc8, (byte) 0xab, 320 (byte) 0x9d, (byte) 0x3a, (byte) 0x2b, (byte) 0x51, (byte) 0xf9, (byte) 0x02, 321 (byte) 0x41, (byte) 0x00, (byte) 0x96, (byte) 0xdf, (byte) 0xe9, (byte) 0x67, 322 (byte) 0x6c, (byte) 0xdc, (byte) 0x90, (byte) 0x14, (byte) 0xb4, (byte) 0x1d, 323 (byte) 0x22, (byte) 0x33, (byte) 0x4a, (byte) 0x31, (byte) 0xc1, (byte) 0x9d, 324 (byte) 0x2e, (byte) 0xff, (byte) 0x9a, (byte) 0x2a, (byte) 0x95, (byte) 0x4b, 325 (byte) 0x27, (byte) 0x74, (byte) 0xcb, (byte) 0x21, (byte) 0xc3, (byte) 0xd2, 326 (byte) 0x0b, (byte) 0xb2, (byte) 0x46, (byte) 0x87, (byte) 0xf8, (byte) 0x28, 327 (byte) 0x01, (byte) 0x8b, (byte) 0xd8, (byte) 0xb9, (byte) 0x4b, (byte) 0xcd, 328 (byte) 0x9a, (byte) 0x96, (byte) 0x41, (byte) 0x0e, (byte) 0x36, (byte) 0x6d, 329 (byte) 0x40, (byte) 0x42, (byte) 0xbc, (byte) 0xd9, (byte) 0xd3, (byte) 0x7b, 330 (byte) 0xbc, (byte) 0xa7, (byte) 0x92, (byte) 0x90, (byte) 0xdd, (byte) 0xa1, 331 (byte) 0x9c, (byte) 0xce, (byte) 0xa1, (byte) 0x87, (byte) 0x11, (byte) 0x51 332 }; 333 334 /** 335 * Generated from above and converted with: 336 * 337 * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 338 */ 339 private static final byte[] FAKE_RSA_USER_1 = new byte[] { 340 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x95, (byte) 0x30, (byte) 0x82, 341 (byte) 0x01, (byte) 0xfe, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 342 (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, 343 (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, 344 (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, 345 (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 346 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 347 (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, 348 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 349 (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, 350 (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, 351 (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, 352 (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, 353 (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, 354 (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, 355 (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, 356 (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, 357 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, 358 (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, (byte) 0x1e, 359 (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, (byte) 0x30, (byte) 0x38, 360 (byte) 0x31, (byte) 0x34, (byte) 0x32, (byte) 0x33, (byte) 0x32, (byte) 0x35, 361 (byte) 0x34, (byte) 0x38, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, 362 (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x32, (byte) 0x32, 363 (byte) 0x33, (byte) 0x32, (byte) 0x35, (byte) 0x34, (byte) 0x38, (byte) 0x5a, 364 (byte) 0x30, (byte) 0x55, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, 365 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, 366 (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 367 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, 368 (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, (byte) 0x1b, 369 (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 370 (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, (byte) 0x64, 371 (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x54, 372 (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, (byte) 0x61, 373 (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x31, (byte) 0x1c, (byte) 0x30, 374 (byte) 0x1a, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, 375 (byte) 0x13, (byte) 0x13, (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, 376 (byte) 0x65, (byte) 0x72, (byte) 0x31, (byte) 0x2e, (byte) 0x65, (byte) 0x78, 377 (byte) 0x61, (byte) 0x6d, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x2e, 378 (byte) 0x63, (byte) 0x6f, (byte) 0x6d, (byte) 0x30, (byte) 0x81, (byte) 0x9f, 379 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 380 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 381 (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, 382 (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, 383 (byte) 0x81, (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, 384 (byte) 0x5b, (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, 385 (byte) 0x66, (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, 386 (byte) 0x8a, (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, 387 (byte) 0x02, (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, 388 (byte) 0xf3, (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, 389 (byte) 0x6d, (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, 390 (byte) 0x67, (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, 391 (byte) 0xcb, (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, 392 (byte) 0xe2, (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, 393 (byte) 0x79, (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, 394 (byte) 0xce, (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, 395 (byte) 0x08, (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, 396 (byte) 0x3b, (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, 397 (byte) 0xc4, (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, 398 (byte) 0x0d, (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, 399 (byte) 0x23, (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, 400 (byte) 0x08, (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, 401 (byte) 0xf1, (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, 402 (byte) 0xb4, (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, 403 (byte) 0x16, (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, 404 (byte) 0x9e, (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, 405 (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, 406 (byte) 0x79, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 407 (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, 408 (byte) 0x30, (byte) 0x2c, (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, 409 (byte) 0x48, (byte) 0x01, (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, 410 (byte) 0x0d, (byte) 0x04, (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, 411 (byte) 0x70, (byte) 0x65, (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, 412 (byte) 0x20, (byte) 0x47, (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, 413 (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, 414 (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, 415 (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, 416 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, 417 (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x32, (byte) 0xa1, (byte) 0x1e, 418 (byte) 0x6b, (byte) 0x69, (byte) 0x04, (byte) 0xfe, (byte) 0xb3, (byte) 0xcd, 419 (byte) 0xf8, (byte) 0xbb, (byte) 0x14, (byte) 0xcd, (byte) 0xff, (byte) 0xd4, 420 (byte) 0x16, (byte) 0xc3, (byte) 0xab, (byte) 0x44, (byte) 0x2f, (byte) 0x30, 421 (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, 422 (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, 423 (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, 424 (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, 425 (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, 426 (byte) 0x5d, (byte) 0x51, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, 427 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, 428 (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, 429 (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0x46, (byte) 0x42, (byte) 0xef, 430 (byte) 0x56, (byte) 0x89, (byte) 0x78, (byte) 0x90, (byte) 0x38, (byte) 0x24, 431 (byte) 0x9f, (byte) 0x8c, (byte) 0x7a, (byte) 0xce, (byte) 0x7a, (byte) 0xa5, 432 (byte) 0xb5, (byte) 0x1e, (byte) 0x74, (byte) 0x96, (byte) 0x34, (byte) 0x49, 433 (byte) 0x8b, (byte) 0xed, (byte) 0x44, (byte) 0xb3, (byte) 0xc9, (byte) 0x05, 434 (byte) 0xd7, (byte) 0x48, (byte) 0x55, (byte) 0x52, (byte) 0x59, (byte) 0x15, 435 (byte) 0x0b, (byte) 0xaa, (byte) 0x16, (byte) 0x86, (byte) 0xd2, (byte) 0x8e, 436 (byte) 0x16, (byte) 0x99, (byte) 0xe8, (byte) 0x5f, (byte) 0x11, (byte) 0x71, 437 (byte) 0x42, (byte) 0x55, (byte) 0xd1, (byte) 0xc4, (byte) 0x6f, (byte) 0x2e, 438 (byte) 0xa9, (byte) 0x64, (byte) 0x6f, (byte) 0xd8, (byte) 0xfd, (byte) 0x43, 439 (byte) 0x13, (byte) 0x24, (byte) 0xaa, (byte) 0x67, (byte) 0xe6, (byte) 0xf5, 440 (byte) 0xca, (byte) 0x80, (byte) 0x5e, (byte) 0x3a, (byte) 0x3e, (byte) 0xcc, 441 (byte) 0x4f, (byte) 0xba, (byte) 0x87, (byte) 0xe6, (byte) 0xae, (byte) 0xbf, 442 (byte) 0x8f, (byte) 0xd5, (byte) 0x28, (byte) 0x38, (byte) 0x58, (byte) 0x30, 443 (byte) 0x24, (byte) 0xf6, (byte) 0x53, (byte) 0x5b, (byte) 0x41, (byte) 0x53, 444 (byte) 0xe6, (byte) 0x45, (byte) 0xbc, (byte) 0xbe, (byte) 0xe6, (byte) 0xbb, 445 (byte) 0x5d, (byte) 0xd8, (byte) 0xa7, (byte) 0xf9, (byte) 0x64, (byte) 0x99, 446 (byte) 0x04, (byte) 0x43, (byte) 0x75, (byte) 0xd7, (byte) 0x2d, (byte) 0x32, 447 (byte) 0x0a, (byte) 0x94, (byte) 0xaf, (byte) 0x06, (byte) 0x34, (byte) 0xae, 448 (byte) 0x46, (byte) 0xbd, (byte) 0xda, (byte) 0x00, (byte) 0x0e, (byte) 0x25, 449 (byte) 0xc2, (byte) 0xf7, (byte) 0xc9, (byte) 0xc3, (byte) 0x65, (byte) 0xd2, 450 (byte) 0x08, (byte) 0x41, (byte) 0x0a, (byte) 0xf3, (byte) 0x72 451 }; 452 453 /* 454 * The keys and certificates below are generated with: 455 * 456 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 457 * openssl ecparam -name prime256v1 -out ecparam.pem 458 * openssl req -newkey ec:ecparam.pem -keyout userkey.pem -nodes -days 3650 -out userkey.req 459 * mkdir -p demoCA/newcerts 460 * touch demoCA/index.txt 461 * echo "01" > demoCA/serial 462 * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 463 */ 464 465 /** 466 * Generated from above and converted with: 467 * 468 * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 469 */ 470 private static final byte[] FAKE_EC_CA_1 = { 471 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x58, (byte) 0x30, (byte) 0x82, 472 (byte) 0x01, (byte) 0xc1, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 473 (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0xb2, 474 (byte) 0x8c, (byte) 0x04, (byte) 0x95, (byte) 0xeb, (byte) 0x10, (byte) 0xcb, 475 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 476 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 477 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x45, (byte) 0x31, 478 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 479 (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, 480 (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, 481 (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, 482 (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, 483 (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, 484 (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, 485 (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, 486 (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, 487 (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, 488 (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, 489 (byte) 0x74, (byte) 0x64, (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, 490 (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, 491 (byte) 0x31, (byte) 0x36, (byte) 0x32, (byte) 0x38, (byte) 0x32, (byte) 0x38, 492 (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, 493 (byte) 0x38, (byte) 0x32, (byte) 0x35, (byte) 0x31, (byte) 0x36, (byte) 0x32, 494 (byte) 0x38, (byte) 0x32, (byte) 0x38, (byte) 0x5a, (byte) 0x30, (byte) 0x45, 495 (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, 496 (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, 497 (byte) 0x55, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, 498 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, 499 (byte) 0x53, (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, 500 (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, 501 (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 502 (byte) 0x0a, (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, 503 (byte) 0x65, (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, 504 (byte) 0x57, (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, 505 (byte) 0x73, (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, 506 (byte) 0x4c, (byte) 0x74, (byte) 0x64, (byte) 0x30, (byte) 0x81, (byte) 0x9f, 507 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 508 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 509 (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, 510 (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, 511 (byte) 0x81, (byte) 0x00, (byte) 0xb5, (byte) 0xf6, (byte) 0x08, (byte) 0x0f, 512 (byte) 0xc4, (byte) 0x4d, (byte) 0xe4, (byte) 0x0d, (byte) 0x34, (byte) 0x1d, 513 (byte) 0xe2, (byte) 0x23, (byte) 0x18, (byte) 0x63, (byte) 0x03, (byte) 0xf7, 514 (byte) 0x14, (byte) 0x0e, (byte) 0x98, (byte) 0xcd, (byte) 0x45, (byte) 0x1f, 515 (byte) 0xfe, (byte) 0xfb, (byte) 0x09, (byte) 0x3f, (byte) 0x5d, (byte) 0x36, 516 (byte) 0x3b, (byte) 0x0f, (byte) 0xf9, (byte) 0x5e, (byte) 0x86, (byte) 0x56, 517 (byte) 0x64, (byte) 0xd7, (byte) 0x3f, (byte) 0xae, (byte) 0x33, (byte) 0x09, 518 (byte) 0xd3, (byte) 0xdd, (byte) 0x06, (byte) 0x17, (byte) 0x26, (byte) 0xdc, 519 (byte) 0xa2, (byte) 0x8c, (byte) 0x3c, (byte) 0x65, (byte) 0xed, (byte) 0x03, 520 (byte) 0x82, (byte) 0x78, (byte) 0x9b, (byte) 0xee, (byte) 0xe3, (byte) 0x98, 521 (byte) 0x58, (byte) 0xe1, (byte) 0xf1, (byte) 0xa0, (byte) 0x85, (byte) 0xae, 522 (byte) 0x63, (byte) 0x84, (byte) 0x41, (byte) 0x46, (byte) 0xa7, (byte) 0x4f, 523 (byte) 0xdc, (byte) 0xbb, (byte) 0x1c, (byte) 0x6e, (byte) 0xec, (byte) 0x7b, 524 (byte) 0xd5, (byte) 0xab, (byte) 0x3d, (byte) 0x6a, (byte) 0x05, (byte) 0x58, 525 (byte) 0x0f, (byte) 0x9b, (byte) 0x6a, (byte) 0x67, (byte) 0x4b, (byte) 0xe9, 526 (byte) 0x2a, (byte) 0x6d, (byte) 0x96, (byte) 0x11, (byte) 0x53, (byte) 0x95, 527 (byte) 0x78, (byte) 0xaa, (byte) 0xd1, (byte) 0x91, (byte) 0x4a, (byte) 0xf8, 528 (byte) 0x54, (byte) 0x52, (byte) 0x6d, (byte) 0xb9, (byte) 0xca, (byte) 0x74, 529 (byte) 0x81, (byte) 0xf8, (byte) 0x99, (byte) 0x64, (byte) 0xd1, (byte) 0x4f, 530 (byte) 0x01, (byte) 0x38, (byte) 0x4f, (byte) 0x08, (byte) 0x5c, (byte) 0x31, 531 (byte) 0xcb, (byte) 0x7c, (byte) 0x5c, (byte) 0x78, (byte) 0x5d, (byte) 0x47, 532 (byte) 0xd9, (byte) 0xf0, (byte) 0x1a, (byte) 0xeb, (byte) 0x02, (byte) 0x03, 533 (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x50, (byte) 0x30, 534 (byte) 0x4e, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, 535 (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, 536 (byte) 0x5f, (byte) 0x5b, (byte) 0x5e, (byte) 0xac, (byte) 0x29, (byte) 0xfa, 537 (byte) 0xa1, (byte) 0x9f, (byte) 0x9e, (byte) 0xad, (byte) 0x46, (byte) 0xe1, 538 (byte) 0xbc, (byte) 0x20, (byte) 0x72, (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, 539 (byte) 0xfa, (byte) 0xe3, (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, 540 (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, (byte) 0x30, 541 (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x5f, (byte) 0x5b, (byte) 0x5e, 542 (byte) 0xac, (byte) 0x29, (byte) 0xfa, (byte) 0xa1, (byte) 0x9f, (byte) 0x9e, 543 (byte) 0xad, (byte) 0x46, (byte) 0xe1, (byte) 0xbc, (byte) 0x20, (byte) 0x72, 544 (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, (byte) 0xfa, (byte) 0xe3, (byte) 0x30, 545 (byte) 0x0c, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 546 (byte) 0x04, (byte) 0x05, (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, 547 (byte) 0xff, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, 548 (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, 549 (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, 550 (byte) 0x81, (byte) 0x00, (byte) 0xa1, (byte) 0x4a, (byte) 0xe6, (byte) 0xfc, 551 (byte) 0x7f, (byte) 0x17, (byte) 0xaa, (byte) 0x65, (byte) 0x4a, (byte) 0x34, 552 (byte) 0xde, (byte) 0x69, (byte) 0x67, (byte) 0x54, (byte) 0x4d, (byte) 0xa2, 553 (byte) 0xc2, (byte) 0x98, (byte) 0x02, (byte) 0x43, (byte) 0x6a, (byte) 0x0e, 554 (byte) 0x0b, (byte) 0x7f, (byte) 0xa4, (byte) 0x46, (byte) 0xaf, (byte) 0xa4, 555 (byte) 0x65, (byte) 0xa0, (byte) 0xdb, (byte) 0xf1, (byte) 0x5b, (byte) 0xd5, 556 (byte) 0x09, (byte) 0xbc, (byte) 0xee, (byte) 0x37, (byte) 0x51, (byte) 0x19, 557 (byte) 0x36, (byte) 0xc0, (byte) 0x90, (byte) 0xd3, (byte) 0x5f, (byte) 0xf3, 558 (byte) 0x4f, (byte) 0xb9, (byte) 0x08, (byte) 0x45, (byte) 0x0e, (byte) 0x01, 559 (byte) 0x8a, (byte) 0x95, (byte) 0xef, (byte) 0x92, (byte) 0x95, (byte) 0x33, 560 (byte) 0x78, (byte) 0xdd, (byte) 0x90, (byte) 0xbb, (byte) 0xf3, (byte) 0x06, 561 (byte) 0x75, (byte) 0xd0, (byte) 0x66, (byte) 0xe6, (byte) 0xd0, (byte) 0x18, 562 (byte) 0x6e, (byte) 0xeb, (byte) 0x1c, (byte) 0x52, (byte) 0xc3, (byte) 0x2e, 563 (byte) 0x57, (byte) 0x7d, (byte) 0xa9, (byte) 0x03, (byte) 0xdb, (byte) 0xf4, 564 (byte) 0x57, (byte) 0x5f, (byte) 0x6c, (byte) 0x7e, (byte) 0x00, (byte) 0x0d, 565 (byte) 0x8f, (byte) 0xe8, (byte) 0x91, (byte) 0xf7, (byte) 0xae, (byte) 0x24, 566 (byte) 0x35, (byte) 0x07, (byte) 0xb5, (byte) 0x48, (byte) 0x2d, (byte) 0x36, 567 (byte) 0x30, (byte) 0x5d, (byte) 0xe9, (byte) 0x49, (byte) 0x2d, (byte) 0xd1, 568 (byte) 0x5d, (byte) 0xc5, (byte) 0xf4, (byte) 0x33, (byte) 0x77, (byte) 0x3c, 569 (byte) 0x71, (byte) 0xad, (byte) 0x90, (byte) 0x65, (byte) 0xa9, (byte) 0xc1, 570 (byte) 0x0b, (byte) 0x5c, (byte) 0x62, (byte) 0x55, (byte) 0x50, (byte) 0x6f, 571 (byte) 0x9b, (byte) 0xc9, (byte) 0x0d, (byte) 0xee 572 }; 573 574 /** 575 * Generated from above and converted with: 576 * 577 * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' 578 */ 579 private static final byte[] FAKE_EC_KEY_1 = new byte[] { 580 (byte) 0x30, (byte) 0x81, (byte) 0x87, (byte) 0x02, (byte) 0x01, (byte) 0x00, 581 (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, 582 (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, (byte) 0x06, 583 (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, 584 (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x04, (byte) 0x6d, (byte) 0x30, 585 (byte) 0x6b, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x04, (byte) 0x20, 586 (byte) 0x3a, (byte) 0x8a, (byte) 0x02, (byte) 0xdc, (byte) 0xde, (byte) 0x70, 587 (byte) 0x84, (byte) 0x45, (byte) 0x34, (byte) 0xaf, (byte) 0xbd, (byte) 0xd5, 588 (byte) 0x02, (byte) 0x17, (byte) 0x69, (byte) 0x90, (byte) 0x65, (byte) 0x1e, 589 (byte) 0x87, (byte) 0xf1, (byte) 0x3d, (byte) 0x17, (byte) 0xb6, (byte) 0xf4, 590 (byte) 0x31, (byte) 0x94, (byte) 0x86, (byte) 0x76, (byte) 0x55, (byte) 0xf7, 591 (byte) 0xcc, (byte) 0xba, (byte) 0xa1, (byte) 0x44, (byte) 0x03, (byte) 0x42, 592 (byte) 0x00, (byte) 0x04, (byte) 0xd9, (byte) 0xcf, (byte) 0xe7, (byte) 0x9b, 593 (byte) 0x23, (byte) 0xc8, (byte) 0xa3, (byte) 0xb8, (byte) 0x33, (byte) 0x14, 594 (byte) 0xa4, (byte) 0x4d, (byte) 0x75, (byte) 0x90, (byte) 0xf3, (byte) 0xcd, 595 (byte) 0x43, (byte) 0xe5, (byte) 0x1b, (byte) 0x05, (byte) 0x1d, (byte) 0xf3, 596 (byte) 0xd0, (byte) 0xa3, (byte) 0xb7, (byte) 0x32, (byte) 0x5f, (byte) 0x79, 597 (byte) 0xdc, (byte) 0x88, (byte) 0xb8, (byte) 0x4d, (byte) 0xb3, (byte) 0xd1, 598 (byte) 0x6d, (byte) 0xf7, (byte) 0x75, (byte) 0xf3, (byte) 0xbf, (byte) 0x50, 599 (byte) 0xa1, (byte) 0xbc, (byte) 0x03, (byte) 0x64, (byte) 0x22, (byte) 0xe6, 600 (byte) 0x1a, (byte) 0xa1, (byte) 0xe1, (byte) 0x06, (byte) 0x68, (byte) 0x3b, 601 (byte) 0xbc, (byte) 0x9f, (byte) 0xd3, (byte) 0xae, (byte) 0x77, (byte) 0x5e, 602 (byte) 0x88, (byte) 0x0c, (byte) 0x5e, (byte) 0x0c, (byte) 0xb2, (byte) 0x38 603 }; 604 605 /** 606 * Generated from above and converted with: 607 * 608 * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 609 */ 610 private static final byte[] FAKE_EC_USER_1 = new byte[] { 611 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x51, (byte) 0x30, (byte) 0x82, 612 (byte) 0x01, (byte) 0xba, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 613 (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, 614 (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, 615 (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, 616 (byte) 0x00, (byte) 0x30, (byte) 0x45, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 617 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 618 (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, (byte) 0x13, 619 (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 620 (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, (byte) 0x6d, 621 (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, (byte) 0x74, 622 (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, (byte) 0x06, 623 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x18, 624 (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x6e, 625 (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, (byte) 0x64, 626 (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, (byte) 0x50, 627 (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, (byte) 0x64, 628 (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x33, 629 (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, (byte) 0x31, (byte) 0x36, 630 (byte) 0x33, (byte) 0x30, (byte) 0x30, (byte) 0x38, (byte) 0x5a, (byte) 0x17, 631 (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, 632 (byte) 0x35, (byte) 0x31, (byte) 0x36, (byte) 0x33, (byte) 0x30, (byte) 0x30, 633 (byte) 0x38, (byte) 0x5a, (byte) 0x30, (byte) 0x62, (byte) 0x31, (byte) 0x0b, 634 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 635 (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, 636 (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, 637 (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, 638 (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, 639 (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, 640 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, 641 (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, 642 (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, 643 (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, 644 (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, 645 (byte) 0x64, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, 646 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x12, 647 (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, (byte) 0x65, (byte) 0x72, 648 (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x61, (byte) 0x6d, (byte) 0x70, 649 (byte) 0x6c, (byte) 0x65, (byte) 0x2e, (byte) 0x63, (byte) 0x6f, (byte) 0x6d, 650 (byte) 0x30, (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, 651 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, 652 (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, 653 (byte) 0xce, (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, 654 (byte) 0x42, (byte) 0x00, (byte) 0x04, (byte) 0xd9, (byte) 0xcf, (byte) 0xe7, 655 (byte) 0x9b, (byte) 0x23, (byte) 0xc8, (byte) 0xa3, (byte) 0xb8, (byte) 0x33, 656 (byte) 0x14, (byte) 0xa4, (byte) 0x4d, (byte) 0x75, (byte) 0x90, (byte) 0xf3, 657 (byte) 0xcd, (byte) 0x43, (byte) 0xe5, (byte) 0x1b, (byte) 0x05, (byte) 0x1d, 658 (byte) 0xf3, (byte) 0xd0, (byte) 0xa3, (byte) 0xb7, (byte) 0x32, (byte) 0x5f, 659 (byte) 0x79, (byte) 0xdc, (byte) 0x88, (byte) 0xb8, (byte) 0x4d, (byte) 0xb3, 660 (byte) 0xd1, (byte) 0x6d, (byte) 0xf7, (byte) 0x75, (byte) 0xf3, (byte) 0xbf, 661 (byte) 0x50, (byte) 0xa1, (byte) 0xbc, (byte) 0x03, (byte) 0x64, (byte) 0x22, 662 (byte) 0xe6, (byte) 0x1a, (byte) 0xa1, (byte) 0xe1, (byte) 0x06, (byte) 0x68, 663 (byte) 0x3b, (byte) 0xbc, (byte) 0x9f, (byte) 0xd3, (byte) 0xae, (byte) 0x77, 664 (byte) 0x5e, (byte) 0x88, (byte) 0x0c, (byte) 0x5e, (byte) 0x0c, (byte) 0xb2, 665 (byte) 0x38, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, (byte) 0x79, (byte) 0x30, 666 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 667 (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, (byte) 0x30, (byte) 0x2c, 668 (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, (byte) 0x48, (byte) 0x01, 669 (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, (byte) 0x0d, (byte) 0x04, 670 (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, (byte) 0x70, (byte) 0x65, 671 (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, (byte) 0x20, (byte) 0x47, 672 (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, (byte) 0x61, (byte) 0x74, 673 (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, (byte) 0x65, (byte) 0x72, 674 (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61, 675 (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, 676 (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, 677 (byte) 0x14, (byte) 0xd5, (byte) 0xc4, (byte) 0x72, (byte) 0xbd, (byte) 0xd2, 678 (byte) 0x4e, (byte) 0x90, (byte) 0x1b, (byte) 0x14, (byte) 0x32, (byte) 0xdb, 679 (byte) 0x03, (byte) 0xae, (byte) 0xfa, (byte) 0x27, (byte) 0x7d, (byte) 0x8d, 680 (byte) 0xe4, (byte) 0x80, (byte) 0x58, (byte) 0x30, (byte) 0x1f, (byte) 0x06, 681 (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, 682 (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x5f, (byte) 0x5b, 683 (byte) 0x5e, (byte) 0xac, (byte) 0x29, (byte) 0xfa, (byte) 0xa1, (byte) 0x9f, 684 (byte) 0x9e, (byte) 0xad, (byte) 0x46, (byte) 0xe1, (byte) 0xbc, (byte) 0x20, 685 (byte) 0x72, (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, (byte) 0xfa, (byte) 0xe3, 686 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 687 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 688 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, 689 (byte) 0x00, (byte) 0x43, (byte) 0x99, (byte) 0x9f, (byte) 0x67, (byte) 0x08, 690 (byte) 0x43, (byte) 0xd5, (byte) 0x6b, (byte) 0x6f, (byte) 0xd7, (byte) 0x05, 691 (byte) 0xd6, (byte) 0x75, (byte) 0x34, (byte) 0x30, (byte) 0xca, (byte) 0x20, 692 (byte) 0x47, (byte) 0x61, (byte) 0xa1, (byte) 0x89, (byte) 0xb6, (byte) 0xf1, 693 (byte) 0x49, (byte) 0x7b, (byte) 0xd9, (byte) 0xb9, (byte) 0xe8, (byte) 0x1e, 694 (byte) 0x29, (byte) 0x74, (byte) 0x0a, (byte) 0x67, (byte) 0xc0, (byte) 0x7d, 695 (byte) 0xb8, (byte) 0xe6, (byte) 0x39, (byte) 0xa8, (byte) 0x5e, (byte) 0xc3, 696 (byte) 0xb0, (byte) 0xa1, (byte) 0x30, (byte) 0x6a, (byte) 0x1f, (byte) 0x1d, 697 (byte) 0xfc, (byte) 0x11, (byte) 0x59, (byte) 0x0b, (byte) 0xb9, (byte) 0xad, 698 (byte) 0x3a, (byte) 0x4e, (byte) 0x50, (byte) 0x0a, (byte) 0x61, (byte) 0xdb, 699 (byte) 0x75, (byte) 0x6b, (byte) 0xe5, (byte) 0x3f, (byte) 0x8d, (byte) 0xde, 700 (byte) 0x28, (byte) 0x68, (byte) 0xb1, (byte) 0x29, (byte) 0x9a, (byte) 0x18, 701 (byte) 0x8a, (byte) 0xfc, (byte) 0x3f, (byte) 0x13, (byte) 0x93, (byte) 0x29, 702 (byte) 0xed, (byte) 0x22, (byte) 0x7c, (byte) 0xb4, (byte) 0x50, (byte) 0xd5, 703 (byte) 0x4d, (byte) 0x32, (byte) 0x4d, (byte) 0x42, (byte) 0x2b, (byte) 0x29, 704 (byte) 0x97, (byte) 0x86, (byte) 0xc0, (byte) 0x01, (byte) 0x00, (byte) 0x25, 705 (byte) 0xf6, (byte) 0xd3, (byte) 0x2a, (byte) 0xd8, (byte) 0xda, (byte) 0x13, 706 (byte) 0x94, (byte) 0x12, (byte) 0x78, (byte) 0x14, (byte) 0x0b, (byte) 0x51, 707 (byte) 0xc0, (byte) 0x45, (byte) 0xb4, (byte) 0x02, (byte) 0x37, (byte) 0x98, 708 (byte) 0x42, (byte) 0x3c, (byte) 0xcb, (byte) 0x2e, (byte) 0xe4, (byte) 0x38, 709 (byte) 0x69, (byte) 0x1b, (byte) 0x72, (byte) 0xf0, (byte) 0xaa, (byte) 0x89, 710 (byte) 0x7e, (byte) 0xde, (byte) 0xb2 711 }; 712 713 /** 714 * The amount of time to allow before and after expected time for variance 715 * in timing tests. 716 */ 717 private static final long SLOP_TIME_MILLIS = 15000L; 718 719 @Override setUp()720 protected void setUp() throws Exception { 721 super.setUp(); 722 723 // Wipe any existing entries in the KeyStore 724 KeyStore ksTemp = KeyStore.getInstance("AndroidKeyStore"); 725 ksTemp.load(null, null); 726 Enumeration<String> aliases = ksTemp.aliases(); 727 while (aliases.hasMoreElements()) { 728 String alias = aliases.nextElement(); 729 ksTemp.deleteEntry(alias); 730 } 731 732 // Get a new instance because some tests need it uninitialized 733 mKeyStore = KeyStore.getInstance("AndroidKeyStore"); 734 } 735 736 @Override tearDown()737 protected void tearDown() throws Exception { 738 try { 739 KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); 740 keyStore.load(null, null); 741 Enumeration<String> aliases = keyStore.aliases(); 742 while (aliases.hasMoreElements()) { 743 String alias = aliases.nextElement(); 744 keyStore.deleteEntry(alias); 745 } 746 } finally { 747 super.tearDown(); 748 } 749 } 750 generatePrivateKey(String keyType, byte[] fakeKey1)751 private PrivateKey generatePrivateKey(String keyType, byte[] fakeKey1) throws Exception { 752 KeyFactory kf = KeyFactory.getInstance(keyType); 753 return kf.generatePrivate(new PKCS8EncodedKeySpec(fakeKey1)); 754 } 755 generateCertificate(byte[] fakeUser1)756 private Certificate generateCertificate(byte[] fakeUser1) throws Exception { 757 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 758 return cf.generateCertificate(new ByteArrayInputStream(fakeUser1)); 759 } 760 makeUserEcKey1()761 private PrivateKeyEntry makeUserEcKey1() throws Exception { 762 return new KeyStore.PrivateKeyEntry(generatePrivateKey("EC", FAKE_EC_KEY_1), 763 new Certificate[] { 764 generateCertificate(FAKE_EC_USER_1), generateCertificate(FAKE_EC_CA_1) 765 }); 766 } 767 makeUserRsaKey1()768 private PrivateKeyEntry makeUserRsaKey1() throws Exception { 769 return new KeyStore.PrivateKeyEntry(generatePrivateKey("RSA", FAKE_RSA_KEY_1), 770 new Certificate[] { 771 generateCertificate(FAKE_RSA_USER_1), generateCertificate(FAKE_RSA_CA_1) 772 }); 773 } 774 makeCa1()775 private Entry makeCa1() throws Exception { 776 return new KeyStore.TrustedCertificateEntry(generateCertificate(FAKE_RSA_CA_1)); 777 } 778 assertAliases(final String[] expectedAliases)779 private void assertAliases(final String[] expectedAliases) throws KeyStoreException { 780 final Enumeration<String> aliases = mKeyStore.aliases(); 781 int count = 0; 782 783 final Set<String> expectedSet = new HashSet<String>(); 784 expectedSet.addAll(Arrays.asList(expectedAliases)); 785 786 while (aliases.hasMoreElements()) { 787 count++; 788 final String alias = aliases.nextElement(); 789 assertTrue("The alias should be in the expected set", expectedSet.contains(alias)); 790 expectedSet.remove(alias); 791 } 792 assertTrue("The expected set and actual set should be exactly equal", expectedSet.isEmpty()); 793 assertEquals("There should be the correct number of keystore entries", 794 expectedAliases.length, count); 795 } 796 testKeyStore_Aliases_Unencrypted_Success()797 public void testKeyStore_Aliases_Unencrypted_Success() throws Exception { 798 mKeyStore.load(null, null); 799 800 assertAliases(new String[] {}); 801 802 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 803 804 assertAliases(new String[] { TEST_ALIAS_1 }); 805 806 mKeyStore.setEntry(TEST_ALIAS_2, makeCa1(), null); 807 808 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); 809 } 810 testKeyStore_Aliases_NotInitialized_Unencrypted_Failure()811 public void testKeyStore_Aliases_NotInitialized_Unencrypted_Failure() throws Exception { 812 try { 813 mKeyStore.aliases(); 814 fail("KeyStore should throw exception when not initialized"); 815 } catch (KeyStoreException success) { 816 } 817 } 818 testKeyStore_ContainsAliases_PrivateAndCA_Unencrypted_Success()819 public void testKeyStore_ContainsAliases_PrivateAndCA_Unencrypted_Success() throws Exception { 820 mKeyStore.load(null, null); 821 822 assertAliases(new String[] {}); 823 824 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 825 826 assertTrue("Should contain generated private key", mKeyStore.containsAlias(TEST_ALIAS_1)); 827 828 mKeyStore.setEntry(TEST_ALIAS_2, makeCa1(), null); 829 830 assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); 831 832 assertFalse("Should not contain unadded certificate alias", 833 mKeyStore.containsAlias(TEST_ALIAS_3)); 834 } 835 testKeyStore_ContainsAliases_CAOnly_Unencrypted_Success()836 public void testKeyStore_ContainsAliases_CAOnly_Unencrypted_Success() throws Exception { 837 mKeyStore.load(null, null); 838 839 mKeyStore.setEntry(TEST_ALIAS_2, makeCa1(), null); 840 841 assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); 842 } 843 testKeyStore_ContainsAliases_NonExistent_Unencrypted_Failure()844 public void testKeyStore_ContainsAliases_NonExistent_Unencrypted_Failure() throws Exception { 845 mKeyStore.load(null, null); 846 847 assertFalse("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_1)); 848 } 849 testKeyStore_DeleteEntry_Unencrypted_Success()850 public void testKeyStore_DeleteEntry_Unencrypted_Success() throws Exception { 851 mKeyStore.load(null, null); 852 853 // TEST_ALIAS_1 854 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 855 856 // TEST_ALIAS_2 857 mKeyStore.setCertificateEntry(TEST_ALIAS_2, generateCertificate(FAKE_RSA_CA_1)); 858 859 // TEST_ALIAS_3 860 mKeyStore.setCertificateEntry(TEST_ALIAS_3, generateCertificate(FAKE_RSA_CA_1)); 861 862 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); 863 864 mKeyStore.deleteEntry(TEST_ALIAS_1); 865 866 assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); 867 868 mKeyStore.deleteEntry(TEST_ALIAS_3); 869 870 assertAliases(new String[] { TEST_ALIAS_2 }); 871 872 mKeyStore.deleteEntry(TEST_ALIAS_2); 873 874 assertAliases(new String[] { }); 875 } 876 testKeyStore_DeleteEntry_EmptyStore_Unencrypted_Success()877 public void testKeyStore_DeleteEntry_EmptyStore_Unencrypted_Success() throws Exception { 878 mKeyStore.load(null, null); 879 880 // Should not throw when a non-existent entry is requested for delete. 881 mKeyStore.deleteEntry(TEST_ALIAS_1); 882 } 883 testKeyStore_DeleteEntry_NonExistent_Unencrypted_Success()884 public void testKeyStore_DeleteEntry_NonExistent_Unencrypted_Success() throws Exception { 885 mKeyStore.load(null, null); 886 887 // TEST_ALIAS_1 888 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 889 890 // Should not throw when a non-existent entry is requested for delete. 891 mKeyStore.deleteEntry(TEST_ALIAS_2); 892 } 893 testKeyStore_GetCertificate_Single_Unencrypted_Success()894 public void testKeyStore_GetCertificate_Single_Unencrypted_Success() throws Exception { 895 mKeyStore.load(null, null); 896 897 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 898 899 assertAliases(new String[] { TEST_ALIAS_1 }); 900 901 assertNull("Certificate should not exist in keystore", 902 mKeyStore.getCertificate(TEST_ALIAS_2)); 903 904 Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); 905 906 assertNotNull("Retrieved certificate should not be null", retrieved); 907 908 CertificateFactory f = CertificateFactory.getInstance("X.509"); 909 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 910 911 assertEquals("Actual and retrieved certificates should be the same", actual, retrieved); 912 } 913 testKeyStore_GetCertificate_NonExist_Unencrypted_Failure()914 public void testKeyStore_GetCertificate_NonExist_Unencrypted_Failure() throws Exception { 915 mKeyStore.load(null, null); 916 917 assertNull("Certificate should not exist in keystore", 918 mKeyStore.getCertificate(TEST_ALIAS_1)); 919 } 920 testKeyStore_GetCertificateAlias_CAEntry_Unencrypted_Success()921 public void testKeyStore_GetCertificateAlias_CAEntry_Unencrypted_Success() throws Exception { 922 mKeyStore.load(null, null); 923 924 Certificate cert = generateCertificate(FAKE_RSA_CA_1); 925 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 926 927 assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, 928 mKeyStore.getCertificateAlias(cert)); 929 } 930 testKeyStore_GetCertificateAlias_PrivateKeyEntry_Unencrypted_Success()931 public void testKeyStore_GetCertificateAlias_PrivateKeyEntry_Unencrypted_Success() 932 throws Exception { 933 mKeyStore.load(null, null); 934 935 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 936 937 CertificateFactory f = CertificateFactory.getInstance("X.509"); 938 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 939 940 assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, 941 mKeyStore.getCertificateAlias(actual)); 942 } 943 testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Unencrypted_Success()944 public void testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Unencrypted_Success() 945 throws Exception { 946 mKeyStore.load(null, null); 947 948 Certificate actual = generateCertificate(FAKE_RSA_CA_1); 949 950 // Insert TrustedCertificateEntry with CA name 951 mKeyStore.setCertificateEntry(TEST_ALIAS_2, actual); 952 953 // Insert PrivateKeyEntry that uses the same CA 954 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 955 956 assertEquals("Stored certificate alias should be found", TEST_ALIAS_2, 957 mKeyStore.getCertificateAlias(actual)); 958 } 959 testKeyStore_GetCertificateAlias_NonExist_Empty_Unencrypted_Failure()960 public void testKeyStore_GetCertificateAlias_NonExist_Empty_Unencrypted_Failure() 961 throws Exception { 962 mKeyStore.load(null, null); 963 964 CertificateFactory f = CertificateFactory.getInstance("X.509"); 965 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 966 967 assertNull("Stored certificate alias should not be found", 968 mKeyStore.getCertificateAlias(actual)); 969 } 970 testKeyStore_GetCertificateAlias_NonExist_Unencrypted_Failure()971 public void testKeyStore_GetCertificateAlias_NonExist_Unencrypted_Failure() throws Exception { 972 mKeyStore.load(null, null); 973 974 Certificate ca = generateCertificate(FAKE_RSA_CA_1); 975 976 // Insert TrustedCertificateEntry with CA name 977 mKeyStore.setCertificateEntry(TEST_ALIAS_1, ca); 978 979 Certificate userCert = generateCertificate(FAKE_RSA_USER_1); 980 981 assertNull("Stored certificate alias should be found", 982 mKeyStore.getCertificateAlias(userCert)); 983 } 984 testKeyStore_GetCertificateChain_SingleLength_Unencrypted_Success()985 public void testKeyStore_GetCertificateChain_SingleLength_Unencrypted_Success() throws Exception { 986 mKeyStore.load(null, null); 987 988 // TEST_ALIAS_1 989 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 990 991 Certificate[] expected = new Certificate[2]; 992 expected[0] = generateCertificate(FAKE_RSA_USER_1); 993 expected[1] = generateCertificate(FAKE_RSA_CA_1); 994 995 Certificate[] actual = mKeyStore.getCertificateChain(TEST_ALIAS_1); 996 997 assertNotNull("Returned certificate chain should not be null", actual); 998 assertEquals("Returned certificate chain should be correct size", expected.length, 999 actual.length); 1000 assertEquals("First certificate should be user certificate", expected[0], actual[0]); 1001 assertEquals("Second certificate should be CA certificate", expected[1], actual[1]); 1002 1003 // Negative test when keystore is populated. 1004 assertNull("Stored certificate alias should not be found", 1005 mKeyStore.getCertificateChain(TEST_ALIAS_2)); 1006 } 1007 testKeyStore_GetCertificateChain_NonExist_Unencrypted_Failure()1008 public void testKeyStore_GetCertificateChain_NonExist_Unencrypted_Failure() throws Exception { 1009 mKeyStore.load(null, null); 1010 1011 assertNull("Stored certificate alias should not be found", 1012 mKeyStore.getCertificateChain(TEST_ALIAS_1)); 1013 } 1014 testKeyStore_GetCreationDate_PrivateKeyEntry_Unencrypted_Success()1015 public void testKeyStore_GetCreationDate_PrivateKeyEntry_Unencrypted_Success() throws Exception { 1016 mKeyStore.load(null, null); 1017 1018 // TEST_ALIAS_1 1019 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1020 1021 Date now = new Date(); 1022 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 1023 1024 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 1025 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 1026 1027 assertTrue("Time should be close to current time", actual.before(expectedBefore)); 1028 assertTrue("Time should be close to current time", actual.after(expectedAfter)); 1029 } 1030 testKeyStore_GetCreationDate_CAEntry_Unencrypted_Success()1031 public void testKeyStore_GetCreationDate_CAEntry_Unencrypted_Success() throws Exception { 1032 mKeyStore.load(null, null); 1033 1034 // Insert TrustedCertificateEntry with CA name 1035 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1036 1037 Date now = new Date(); 1038 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 1039 assertNotNull("Certificate should be found", actual); 1040 1041 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 1042 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 1043 1044 assertTrue("Time should be close to current time", actual.before(expectedBefore)); 1045 assertTrue("Time should be close to current time", actual.after(expectedAfter)); 1046 } 1047 testKeyStore_GetEntry_NullParams_Unencrypted_Success()1048 public void testKeyStore_GetEntry_NullParams_Unencrypted_Success() throws Exception { 1049 mKeyStore.load(null, null); 1050 1051 // TEST_ALIAS_1 1052 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1053 1054 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1055 assertNotNull("Entry should exist", entry); 1056 1057 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1058 1059 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1060 1061 assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1062 } 1063 testKeyStore_GetEntry_EC_NullParams_Unencrypted_Success()1064 public void testKeyStore_GetEntry_EC_NullParams_Unencrypted_Success() throws Exception { 1065 mKeyStore.load(null, null); 1066 1067 // TEST_ALIAS_1 1068 mKeyStore.setEntry(TEST_ALIAS_1, makeUserEcKey1(), null); 1069 1070 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1071 assertNotNull("Entry should exist", entry); 1072 1073 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1074 1075 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1076 1077 assertPrivateKeyEntryEquals(keyEntry, "EC", FAKE_EC_KEY_1, FAKE_EC_USER_1, FAKE_EC_CA_1); 1078 } 1079 testKeyStore_GetEntry_RSA_NullParams_Unencrypted_Success()1080 public void testKeyStore_GetEntry_RSA_NullParams_Unencrypted_Success() throws Exception { 1081 mKeyStore.load(null, null); 1082 1083 // TEST_ALIAS_1 1084 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1085 1086 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1087 assertNotNull("Entry should exist", entry); 1088 1089 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1090 1091 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1092 1093 assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1094 FAKE_RSA_CA_1); 1095 } 1096 1097 @SuppressWarnings("unchecked") assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, String keyType, byte[] key, byte[] cert, byte[] ca)1098 private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, String keyType, byte[] key, 1099 byte[] cert, byte[] ca) throws Exception { 1100 KeyFactory keyFact = KeyFactory.getInstance(keyType); 1101 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(key)); 1102 1103 CertificateFactory certFact = CertificateFactory.getInstance("X.509"); 1104 Certificate expectedCert = certFact.generateCertificate(new ByteArrayInputStream(cert)); 1105 1106 final Collection<Certificate> expectedChain; 1107 if (ca != null) { 1108 expectedChain = (Collection<Certificate>) certFact 1109 .generateCertificates(new ByteArrayInputStream(ca)); 1110 } else { 1111 expectedChain = null; 1112 } 1113 1114 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, expectedChain); 1115 } 1116 assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey, Certificate expectedCert, Collection<Certificate> expectedChain)1117 private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey, 1118 Certificate expectedCert, Collection<Certificate> expectedChain) throws Exception { 1119 final PrivateKey privKey = keyEntry.getPrivateKey(); 1120 final PublicKey pubKey = keyEntry.getCertificate().getPublicKey(); 1121 1122 if (expectedKey instanceof ECKey) { 1123 assertTrue("Returned PrivateKey " + privKey.getClass() + " should be instanceof ECKey", 1124 privKey instanceof ECKey); 1125 assertEquals("Returned PrivateKey should be what we inserted", 1126 ((ECKey) expectedKey).getParams().getCurve(), 1127 ((ECKey) privKey).getParams().getCurve()); 1128 } else if (expectedKey instanceof RSAKey) { 1129 assertTrue("Returned PrivateKey " + privKey.getClass() + " should be instanceof RSAKey", 1130 privKey instanceof RSAKey); 1131 assertEquals("Returned PrivateKey should be what we inserted", 1132 ((RSAKey) expectedKey).getModulus(), 1133 ((RSAKey) privKey).getModulus()); 1134 } 1135 1136 assertNull("getFormat() should return null", privKey.getFormat()); 1137 assertNull("getEncoded() should return null", privKey.getEncoded()); 1138 1139 assertEquals("Public keys should be in X.509 format", "X.509", pubKey.getFormat()); 1140 assertNotNull("Public keys should be encodable", pubKey.getEncoded()); 1141 1142 assertEquals("Returned Certificate should be what we inserted", expectedCert, 1143 keyEntry.getCertificate()); 1144 1145 Certificate[] actualChain = keyEntry.getCertificateChain(); 1146 1147 assertEquals("First certificate in chain should be user cert", expectedCert, actualChain[0]); 1148 1149 if (expectedChain == null) { 1150 assertEquals("Certificate chain should not include CAs", 1, actualChain.length); 1151 } else { 1152 assertEquals("Chains should be the same size", expectedChain.size() + 1, 1153 actualChain.length); 1154 int i = 1; 1155 final Iterator<Certificate> it = expectedChain.iterator(); 1156 while (it.hasNext() && i < actualChain.length) { 1157 assertEquals("CA chain certificate should equal what we put in", it.next(), 1158 actualChain[i++]); 1159 } 1160 } 1161 } 1162 testKeyStore_GetEntry_Nonexistent_NullParams_Unencrypted_Failure()1163 public void testKeyStore_GetEntry_Nonexistent_NullParams_Unencrypted_Failure() throws Exception { 1164 mKeyStore.load(null, null); 1165 1166 assertNull("A non-existent entry should return null", 1167 mKeyStore.getEntry(TEST_ALIAS_1, null)); 1168 } 1169 testKeyStore_GetKey_NoPassword_Unencrypted_Success()1170 public void testKeyStore_GetKey_NoPassword_Unencrypted_Success() throws Exception { 1171 mKeyStore.load(null, null); 1172 1173 // TEST_ALIAS_1 1174 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1175 1176 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1177 assertNotNull("Key should exist", key); 1178 1179 assertTrue("Should be a PrivateKey", key instanceof PrivateKey); 1180 assertTrue("Should be a RSAKey", key instanceof RSAKey); 1181 1182 RSAKey actualKey = (RSAKey) key; 1183 1184 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1185 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1186 1187 assertEquals("Inserted key should be same as retrieved key", 1188 ((RSAKey) expectedKey).getModulus(), actualKey.getModulus()); 1189 } 1190 testKeyStore_GetKey_Certificate_Unencrypted_Failure()1191 public void testKeyStore_GetKey_Certificate_Unencrypted_Failure() throws Exception { 1192 mKeyStore.load(null, null); 1193 1194 // Insert TrustedCertificateEntry with CA name 1195 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1196 1197 assertNull("Certificate entries should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); 1198 } 1199 testKeyStore_GetKey_NonExistent_Unencrypted_Failure()1200 public void testKeyStore_GetKey_NonExistent_Unencrypted_Failure() throws Exception { 1201 mKeyStore.load(null, null); 1202 1203 assertNull("A non-existent entry should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); 1204 } 1205 testKeyStore_GetProvider_Unencrypted_Success()1206 public void testKeyStore_GetProvider_Unencrypted_Success() throws Exception { 1207 assertEquals("AndroidKeyStore", mKeyStore.getProvider().getName()); 1208 } 1209 testKeyStore_GetType_Unencrypted_Success()1210 public void testKeyStore_GetType_Unencrypted_Success() throws Exception { 1211 assertEquals("AndroidKeyStore", mKeyStore.getType()); 1212 } 1213 testKeyStore_IsCertificateEntry_CA_Unencrypted_Success()1214 public void testKeyStore_IsCertificateEntry_CA_Unencrypted_Success() throws Exception { 1215 mKeyStore.load(null, null); 1216 1217 // Insert TrustedCertificateEntry with CA name 1218 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1219 1220 assertTrue("Should return true for CA certificate", 1221 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1222 } 1223 testKeyStore_IsCertificateEntry_PrivateKey_Unencrypted_Failure()1224 public void testKeyStore_IsCertificateEntry_PrivateKey_Unencrypted_Failure() throws Exception { 1225 mKeyStore.load(null, null); 1226 1227 // TEST_ALIAS_1 1228 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1229 1230 assertFalse("Should return false for PrivateKeyEntry", 1231 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1232 } 1233 testKeyStore_IsCertificateEntry_NonExist_Unencrypted_Failure()1234 public void testKeyStore_IsCertificateEntry_NonExist_Unencrypted_Failure() throws Exception { 1235 mKeyStore.load(null, null); 1236 1237 assertFalse("Should return false for non-existent entry", 1238 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1239 } 1240 testKeyStore_IsKeyEntry_PrivateKey_Unencrypted_Success()1241 public void testKeyStore_IsKeyEntry_PrivateKey_Unencrypted_Success() throws Exception { 1242 mKeyStore.load(null, null); 1243 1244 // TEST_ALIAS_1 1245 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1246 1247 assertTrue("Should return true for PrivateKeyEntry", mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1248 } 1249 testKeyStore_IsKeyEntry_CA_Unencrypted_Failure()1250 public void testKeyStore_IsKeyEntry_CA_Unencrypted_Failure() throws Exception { 1251 mKeyStore.load(null, null); 1252 1253 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1254 1255 assertFalse("Should return false for CA certificate", mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1256 } 1257 testKeyStore_IsKeyEntry_NonExist_Unencrypted_Failure()1258 public void testKeyStore_IsKeyEntry_NonExist_Unencrypted_Failure() throws Exception { 1259 mKeyStore.load(null, null); 1260 1261 assertFalse("Should return false for non-existent entry", 1262 mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1263 } 1264 testKeyStore_SetCertificate_CA_Unencrypted_Success()1265 public void testKeyStore_SetCertificate_CA_Unencrypted_Success() throws Exception { 1266 final Certificate actual = generateCertificate(FAKE_RSA_CA_1); 1267 1268 mKeyStore.load(null, null); 1269 1270 mKeyStore.setCertificateEntry(TEST_ALIAS_1, actual); 1271 assertAliases(new String[] { TEST_ALIAS_1 }); 1272 1273 Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); 1274 1275 assertEquals("Retrieved certificate should be the same as the one inserted", actual, 1276 retrieved); 1277 } 1278 testKeyStore_SetCertificate_CAExists_Overwrite_Unencrypted_Success()1279 public void testKeyStore_SetCertificate_CAExists_Overwrite_Unencrypted_Success() 1280 throws Exception { 1281 mKeyStore.load(null, null); 1282 1283 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1284 1285 assertAliases(new String[] { TEST_ALIAS_1 }); 1286 1287 final Certificate cert = generateCertificate(FAKE_RSA_CA_1); 1288 1289 // TODO have separate FAKE_CA for second test 1290 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 1291 1292 assertAliases(new String[] { TEST_ALIAS_1 }); 1293 } 1294 testKeyStore_SetCertificate_PrivateKeyExists_Unencrypted_Failure()1295 public void testKeyStore_SetCertificate_PrivateKeyExists_Unencrypted_Failure() throws Exception { 1296 mKeyStore.load(null, null); 1297 1298 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1299 1300 assertAliases(new String[] { TEST_ALIAS_1 }); 1301 1302 final Certificate cert = generateCertificate(FAKE_RSA_CA_1); 1303 1304 try { 1305 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 1306 fail("Should throw when trying to overwrite a PrivateKey entry with a Certificate"); 1307 } catch (KeyStoreException success) { 1308 } 1309 } 1310 testKeyStore_SetEntry_PrivateKeyEntry_Unencrypted_Success()1311 public void testKeyStore_SetEntry_PrivateKeyEntry_Unencrypted_Success() throws Exception { 1312 mKeyStore.load(null, null); 1313 1314 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1315 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1316 1317 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1318 1319 final Certificate[] expectedChain = new Certificate[2]; 1320 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1321 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1322 1323 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1324 1325 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1326 1327 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1328 assertNotNull("Retrieved entry should exist", actualEntry); 1329 1330 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1331 actualEntry instanceof PrivateKeyEntry); 1332 1333 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1334 1335 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1336 } 1337 testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure()1338 public void testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure() throws Exception { 1339 // This test asserts that Android Keystore refuses to create/import keys encrypted at rest 1340 // using the secure lock screen credential. The test assumes that the secure lock screen is 1341 // not set up. 1342 KeyguardManager keyguardManager = 1343 (KeyguardManager) getContext().getSystemService(Context.KEYGUARD_SERVICE); 1344 assertNotNull(keyguardManager); 1345 assertFalse("Secure lock screen must not be configured", keyguardManager.isDeviceSecure()); 1346 1347 mKeyStore.load(null, null); 1348 1349 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1350 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1351 1352 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1353 1354 final Certificate[] expectedChain = new Certificate[2]; 1355 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1356 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1357 1358 PrivateKeyEntry entry = new PrivateKeyEntry(expectedKey, expectedChain); 1359 1360 try { 1361 mKeyStore.setEntry(TEST_ALIAS_1, entry, 1362 new KeyStoreParameter.Builder(getContext()) 1363 .setEncryptionRequired(true) 1364 .build()); 1365 fail("Shouldn't be able to insert encrypted entry when KeyStore uninitialized"); 1366 } catch (KeyStoreException expected) { 1367 } 1368 1369 assertNull(mKeyStore.getEntry(TEST_ALIAS_1, null)); 1370 } 1371 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Unencrypted_Success()1372 public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Unencrypted_Success() 1373 throws Exception { 1374 mKeyStore.load(null, null); 1375 1376 final KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1377 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1378 1379 // Start with PrivateKeyEntry 1380 { 1381 PrivateKey expectedKey = keyFact 1382 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1383 1384 final Certificate[] expectedChain = new Certificate[2]; 1385 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1386 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1387 1388 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1389 1390 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1391 1392 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1393 assertNotNull("Retrieved entry should exist", actualEntry); 1394 1395 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1396 actualEntry instanceof PrivateKeyEntry); 1397 1398 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1399 1400 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1401 FAKE_RSA_CA_1); 1402 } 1403 1404 // TODO make entirely new test vector for the overwrite 1405 // Replace with PrivateKeyEntry 1406 { 1407 PrivateKey expectedKey = keyFact 1408 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1409 1410 final Certificate[] expectedChain = new Certificate[2]; 1411 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1412 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1413 1414 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1415 1416 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1417 1418 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1419 assertNotNull("Retrieved entry should exist", actualEntry); 1420 1421 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1422 actualEntry instanceof PrivateKeyEntry); 1423 1424 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1425 1426 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1427 FAKE_RSA_CA_1); 1428 } 1429 } 1430 testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Unencrypted_Success()1431 public void testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Unencrypted_Success() 1432 throws Exception { 1433 mKeyStore.load(null, null); 1434 1435 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1436 1437 // Start with TrustedCertificateEntry 1438 { 1439 final Certificate caCert = f 1440 .generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1441 1442 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1443 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1444 1445 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1446 assertNotNull("Retrieved entry should exist", actualEntry); 1447 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1448 actualEntry instanceof TrustedCertificateEntry); 1449 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1450 assertEquals("Stored and retrieved certificates should be the same", 1451 expectedCertEntry.getTrustedCertificate(), 1452 actualCertEntry.getTrustedCertificate()); 1453 } 1454 1455 // Replace with PrivateKeyEntry 1456 { 1457 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1458 PrivateKey expectedKey = keyFact 1459 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1460 final Certificate[] expectedChain = new Certificate[2]; 1461 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1462 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1463 1464 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1465 1466 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1467 1468 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1469 assertNotNull("Retrieved entry should exist", actualEntry); 1470 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1471 actualEntry instanceof PrivateKeyEntry); 1472 1473 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1474 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1475 FAKE_RSA_CA_1); 1476 } 1477 } 1478 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Unencrypted_Success()1479 public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Unencrypted_Success() 1480 throws Exception { 1481 mKeyStore.load(null, null); 1482 1483 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1484 1485 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1486 1487 // Start with PrivateKeyEntry 1488 { 1489 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1490 PrivateKey expectedKey = keyFact 1491 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1492 final Certificate[] expectedChain = new Certificate[2]; 1493 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1494 expectedChain[1] = caCert; 1495 1496 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1497 1498 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1499 1500 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1501 assertNotNull("Retrieved entry should exist", actualEntry); 1502 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1503 actualEntry instanceof PrivateKeyEntry); 1504 1505 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1506 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1507 FAKE_RSA_CA_1); 1508 } 1509 1510 // Replace with TrustedCertificateEntry 1511 { 1512 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1513 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1514 1515 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1516 assertNotNull("Retrieved entry should exist", actualEntry); 1517 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1518 actualEntry instanceof TrustedCertificateEntry); 1519 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1520 assertEquals("Stored and retrieved certificates should be the same", 1521 expectedCertEntry.getTrustedCertificate(), 1522 actualCertEntry.getTrustedCertificate()); 1523 } 1524 } 1525 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Unencrypted_Success()1526 public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Unencrypted_Success() 1527 throws Exception { 1528 mKeyStore.load(null, null); 1529 1530 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1531 1532 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1533 1534 // Start with PrivateKeyEntry 1535 { 1536 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1537 PrivateKey expectedKey = keyFact 1538 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1539 final Certificate[] expectedChain = new Certificate[2]; 1540 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1541 expectedChain[1] = caCert; 1542 1543 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1544 1545 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1546 1547 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1548 assertNotNull("Retrieved entry should exist", actualEntry); 1549 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1550 actualEntry instanceof PrivateKeyEntry); 1551 1552 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1553 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1554 FAKE_RSA_CA_1); 1555 } 1556 1557 // Replace with PrivateKeyEntry that has no chain 1558 { 1559 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1560 PrivateKey expectedKey = keyFact 1561 .generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1562 final Certificate[] expectedChain = new Certificate[1]; 1563 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1564 1565 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1566 1567 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1568 1569 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1570 assertNotNull("Retrieved entry should exist", actualEntry); 1571 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1572 actualEntry instanceof PrivateKeyEntry); 1573 1574 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1575 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1576 null); 1577 } 1578 } 1579 testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Unencrypted_Success()1580 public void testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Unencrypted_Success() 1581 throws Exception { 1582 mKeyStore.load(null, null); 1583 1584 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1585 1586 // Insert TrustedCertificateEntry 1587 { 1588 final Certificate caCert = f 1589 .generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1590 1591 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1592 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1593 1594 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1595 assertNotNull("Retrieved entry should exist", actualEntry); 1596 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1597 actualEntry instanceof TrustedCertificateEntry); 1598 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1599 assertEquals("Stored and retrieved certificates should be the same", 1600 expectedCertEntry.getTrustedCertificate(), 1601 actualCertEntry.getTrustedCertificate()); 1602 } 1603 1604 // Replace with TrustedCertificateEntry of USER 1605 { 1606 final Certificate userCert = f.generateCertificate(new ByteArrayInputStream( 1607 FAKE_RSA_USER_1)); 1608 1609 TrustedCertificateEntry expectedUserEntry = new TrustedCertificateEntry(userCert); 1610 mKeyStore.setEntry(TEST_ALIAS_1, expectedUserEntry, null); 1611 1612 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1613 assertNotNull("Retrieved entry should exist", actualEntry); 1614 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1615 actualEntry instanceof TrustedCertificateEntry); 1616 TrustedCertificateEntry actualUserEntry = (TrustedCertificateEntry) actualEntry; 1617 assertEquals("Stored and retrieved certificates should be the same", 1618 expectedUserEntry.getTrustedCertificate(), 1619 actualUserEntry.getTrustedCertificate()); 1620 } 1621 } 1622 testKeyStore_SetKeyEntry_ProtectedKey_Unencrypted_Failure()1623 public void testKeyStore_SetKeyEntry_ProtectedKey_Unencrypted_Failure() throws Exception { 1624 mKeyStore.load(null, null); 1625 1626 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1627 1628 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1629 1630 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1631 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1632 final Certificate[] chain = new Certificate[2]; 1633 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1634 chain[1] = caCert; 1635 1636 try { 1637 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, "foo".toCharArray(), chain); 1638 fail("Should fail when a password is specified"); 1639 } catch (KeyStoreException success) { 1640 } 1641 } 1642 testKeyStore_SetKeyEntry_Unencrypted_Success()1643 public void testKeyStore_SetKeyEntry_Unencrypted_Success() throws Exception { 1644 mKeyStore.load(null, null); 1645 1646 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1647 1648 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1649 1650 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1651 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1652 final Certificate[] chain = new Certificate[2]; 1653 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1654 chain[1] = caCert; 1655 1656 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1657 1658 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1659 assertNotNull("Retrieved entry should exist", actualEntry); 1660 1661 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1662 actualEntry instanceof PrivateKeyEntry); 1663 1664 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1665 1666 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1667 } 1668 testKeyStore_SetKeyEntry_Replaced_Unencrypted_Success()1669 public void testKeyStore_SetKeyEntry_Replaced_Unencrypted_Success() throws Exception { 1670 mKeyStore.load(null, null); 1671 1672 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1673 1674 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1675 1676 // Insert initial key 1677 { 1678 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1679 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1680 final Certificate[] chain = new Certificate[2]; 1681 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1682 chain[1] = caCert; 1683 1684 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1685 1686 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1687 assertNotNull("Retrieved entry should exist", actualEntry); 1688 1689 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1690 actualEntry instanceof PrivateKeyEntry); 1691 1692 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1693 1694 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1695 FAKE_RSA_CA_1); 1696 } 1697 1698 // TODO make a separate key 1699 // Replace key 1700 { 1701 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1702 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1703 final Certificate[] chain = new Certificate[2]; 1704 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1705 chain[1] = caCert; 1706 1707 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1708 1709 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1710 assertNotNull("Retrieved entry should exist", actualEntry); 1711 1712 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1713 actualEntry instanceof PrivateKeyEntry); 1714 1715 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1716 1717 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1718 FAKE_RSA_CA_1); 1719 } 1720 } 1721 testKeyStore_SetKeyEntry_ReplacedChain_Unencrypted_Success()1722 public void testKeyStore_SetKeyEntry_ReplacedChain_Unencrypted_Success() throws Exception { 1723 mKeyStore.load(null, null); 1724 1725 // Create key #1 1726 { 1727 KeyStore.PrivateKeyEntry privEntry = makeUserRsaKey1(); 1728 mKeyStore.setEntry(TEST_ALIAS_1, privEntry, null); 1729 1730 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1731 1732 assertTrue(entry instanceof PrivateKeyEntry); 1733 1734 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1735 1736 ArrayList<Certificate> chain = new ArrayList<Certificate>(); 1737 chain.add(generateCertificate(FAKE_RSA_CA_1)); 1738 assertPrivateKeyEntryEquals(keyEntry, privEntry.getPrivateKey(), 1739 privEntry.getCertificate(), chain); 1740 } 1741 1742 // Replace key #1 with new chain 1743 { 1744 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1745 1746 assertTrue(key instanceof PrivateKey); 1747 1748 PrivateKey expectedKey = (PrivateKey) key; 1749 1750 Certificate expectedCert = generateCertificate(FAKE_RSA_USER_1); 1751 1752 mKeyStore.setKeyEntry(TEST_ALIAS_1, expectedKey, null, 1753 new Certificate[] { expectedCert }); 1754 1755 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1756 1757 assertTrue(entry instanceof PrivateKeyEntry); 1758 1759 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1760 1761 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null); 1762 } 1763 } 1764 testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Unencrypted_Failure()1765 public void testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Unencrypted_Failure() 1766 throws Exception { 1767 mKeyStore.load(null, null); 1768 1769 // Create key #1 1770 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1771 1772 // Create key #2 1773 mKeyStore.setEntry(TEST_ALIAS_2, makeUserRsaKey1(), null); 1774 1775 1776 // Replace key #1 with key #2 1777 { 1778 Key key1 = mKeyStore.getKey(TEST_ALIAS_2, null); 1779 1780 Certificate cert = generateCertificate(FAKE_RSA_USER_1); 1781 1782 try { 1783 mKeyStore.setKeyEntry(TEST_ALIAS_1, key1, null, new Certificate[] { cert }); 1784 fail("Should not allow setting of KeyEntry with wrong PrivaetKey"); 1785 } catch (KeyStoreException success) { 1786 } 1787 } 1788 } 1789 testKeyStore_SetKeyEntry_ReplacedWithSame_UnencryptedToUnencrypted_Failure()1790 public void testKeyStore_SetKeyEntry_ReplacedWithSame_UnencryptedToUnencrypted_Failure() 1791 throws Exception { 1792 mKeyStore.load(null, null); 1793 1794 // Create key #1 1795 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1796 1797 // Replace with same 1798 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1799 mKeyStore.setEntry(TEST_ALIAS_1, entry, null); 1800 } 1801 testKeyStore_Size_Unencrypted_Success()1802 public void testKeyStore_Size_Unencrypted_Success() throws Exception { 1803 mKeyStore.load(null, null); 1804 1805 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_RSA_CA_1)); 1806 1807 assertEquals("The keystore size should match expected", 1, mKeyStore.size()); 1808 assertAliases(new String[] { TEST_ALIAS_1 }); 1809 1810 mKeyStore.setCertificateEntry(TEST_ALIAS_2, generateCertificate(FAKE_RSA_CA_1)); 1811 1812 assertEquals("The keystore size should match expected", 2, mKeyStore.size()); 1813 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); 1814 1815 mKeyStore.setEntry(TEST_ALIAS_3, makeUserRsaKey1(), null); 1816 1817 assertEquals("The keystore size should match expected", 3, mKeyStore.size()); 1818 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); 1819 1820 mKeyStore.deleteEntry(TEST_ALIAS_1); 1821 1822 assertEquals("The keystore size should match expected", 2, mKeyStore.size()); 1823 assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); 1824 1825 mKeyStore.deleteEntry(TEST_ALIAS_3); 1826 1827 assertEquals("The keystore size should match expected", 1, mKeyStore.size()); 1828 assertAliases(new String[] { TEST_ALIAS_2 }); 1829 } 1830 testKeyStore_Store_LoadStoreParam_Unencrypted_Failure()1831 public void testKeyStore_Store_LoadStoreParam_Unencrypted_Failure() throws Exception { 1832 mKeyStore.load(null, null); 1833 1834 try { 1835 mKeyStore.store(null); 1836 fail("Should throw UnsupportedOperationException when trying to store"); 1837 } catch (UnsupportedOperationException success) { 1838 } 1839 } 1840 testKeyStore_Load_InputStreamSupplied_Unencrypted_Failure()1841 public void testKeyStore_Load_InputStreamSupplied_Unencrypted_Failure() throws Exception { 1842 byte[] buf = "FAKE KEYSTORE".getBytes(); 1843 ByteArrayInputStream is = new ByteArrayInputStream(buf); 1844 1845 try { 1846 mKeyStore.load(is, null); 1847 fail("Should throw IllegalArgumentException when InputStream is supplied"); 1848 } catch (IllegalArgumentException success) { 1849 } 1850 } 1851 testKeyStore_Load_PasswordSupplied_Unencrypted_Failure()1852 public void testKeyStore_Load_PasswordSupplied_Unencrypted_Failure() throws Exception { 1853 try { 1854 mKeyStore.load(null, "password".toCharArray()); 1855 fail("Should throw IllegalArgumentException when password is supplied"); 1856 } catch (IllegalArgumentException success) { 1857 } 1858 } 1859 testKeyStore_Store_OutputStream_Unencrypted_Failure()1860 public void testKeyStore_Store_OutputStream_Unencrypted_Failure() throws Exception { 1861 mKeyStore.load(null, null); 1862 1863 OutputStream sink = new ByteArrayOutputStream(); 1864 try { 1865 mKeyStore.store(sink, null); 1866 fail("Should throw UnsupportedOperationException when trying to store"); 1867 } catch (UnsupportedOperationException success) { 1868 } 1869 1870 try { 1871 mKeyStore.store(sink, "blah".toCharArray()); 1872 fail("Should throw UnsupportedOperationException when trying to store"); 1873 } catch (UnsupportedOperationException success) { 1874 } 1875 } 1876 testKeyStore_KeyOperations_Wrap_Unencrypted_Success()1877 public void testKeyStore_KeyOperations_Wrap_Unencrypted_Success() throws Exception { 1878 mKeyStore.load(null, null); 1879 1880 mKeyStore.setEntry(TEST_ALIAS_1, makeUserRsaKey1(), null); 1881 1882 // Test key usage 1883 Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null); 1884 assertNotNull(e); 1885 assertTrue(e instanceof PrivateKeyEntry); 1886 1887 PrivateKeyEntry privEntry = (PrivateKeyEntry) e; 1888 PrivateKey privKey = privEntry.getPrivateKey(); 1889 assertNotNull(privKey); 1890 1891 PublicKey pubKey = privEntry.getCertificate().getPublicKey(); 1892 1893 Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding"); 1894 c.init(Cipher.WRAP_MODE, pubKey); 1895 1896 byte[] expectedKey = new byte[] { 1897 0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A 1898 }; 1899 1900 SecretKey expectedSecret = new TransparentSecretKey(expectedKey, "AES"); 1901 1902 byte[] wrappedExpected = c.wrap(expectedSecret); 1903 1904 c.init(Cipher.UNWRAP_MODE, privKey); 1905 SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY); 1906 1907 assertEquals(Arrays.toString(expectedSecret.getEncoded()), 1908 Arrays.toString(actualSecret.getEncoded())); 1909 } 1910 testKeyStore_Encrypting_RSA_NONE_NOPADDING()1911 public void testKeyStore_Encrypting_RSA_NONE_NOPADDING() throws Exception { 1912 1913 String alias = "MyKey"; 1914 KeyStore ks = KeyStore.getInstance("AndroidKeyStore"); 1915 assertNotNull(ks); 1916 ks.load(null); 1917 1918 Calendar cal = Calendar.getInstance(); 1919 cal.set(1944, 5, 6); 1920 Date now = cal.getTime(); 1921 cal.clear(); 1922 1923 cal.set(1945, 8, 2); 1924 Date end = cal.getTime(); 1925 1926 KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); 1927 assertNotNull(kpg); 1928 kpg.initialize(new KeyPairGeneratorSpec.Builder(mContext) 1929 .setAlias(alias) 1930 .setStartDate(now) 1931 .setEndDate(end) 1932 .setSerialNumber(BigInteger.valueOf(1)) 1933 .setSubject(new X500Principal("CN=test1")) 1934 .build()); 1935 1936 kpg.generateKeyPair(); 1937 1938 PrivateKey privateKey = (PrivateKey) ks.getKey(alias, null); 1939 assertNotNull(privateKey); 1940 PublicKey publicKey = ks.getCertificate(alias).getPublicKey(); 1941 assertNotNull(publicKey); 1942 String cipher = privateKey.getAlgorithm() + "/NONE/NOPADDING"; 1943 Cipher encrypt = Cipher.getInstance(cipher); 1944 assertNotNull(encrypt); 1945 encrypt.init(Cipher.ENCRYPT_MODE, privateKey); 1946 1947 int modulusSizeBytes = (((RSAKey) publicKey).getModulus().bitLength() + 7) / 8; 1948 byte[] plainText = new byte[modulusSizeBytes]; 1949 Arrays.fill(plainText, (byte) 0xFF); 1950 1951 // We expect a BadPaddingException here as the message size (plaintext) 1952 // is bigger than the modulus. 1953 try { 1954 encrypt.doFinal(plainText); 1955 fail("Expected BadPaddingException"); 1956 } catch (BadPaddingException e) { 1957 // pass on exception as it is expected 1958 } 1959 } 1960 testKeyStore_PrivateKeyEntry_RSA_PublicKeyWorksWithCrypto()1961 public void testKeyStore_PrivateKeyEntry_RSA_PublicKeyWorksWithCrypto() 1962 throws Exception { 1963 mKeyStore.load(null, null); 1964 mKeyStore.setKeyEntry(TEST_ALIAS_2, 1965 KeyFactory.getInstance("RSA").generatePrivate( 1966 new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)), 1967 null, // no password (it's not even supported) 1968 new Certificate[] {generateCertificate(FAKE_RSA_USER_1)}); 1969 PublicKey publicKey = mKeyStore.getCertificate(TEST_ALIAS_2).getPublicKey(); 1970 assertNotNull(publicKey); 1971 1972 Signature.getInstance("SHA256withRSA").initVerify(publicKey); 1973 Signature.getInstance("NONEwithRSA").initVerify(publicKey); 1974 Signature.getInstance("SHA256withRSA/PSS").initVerify(publicKey); 1975 1976 Cipher.getInstance("RSA/ECB/PKCS1Padding").init(Cipher.ENCRYPT_MODE, publicKey); 1977 Cipher.getInstance("RSA/ECB/NoPadding").init(Cipher.ENCRYPT_MODE, publicKey); 1978 Cipher.getInstance("RSA/ECB/OAEPPadding").init(Cipher.ENCRYPT_MODE, publicKey); 1979 } 1980 testKeyStore_PrivateKeyEntry_EC_PublicKeyWorksWithCrypto()1981 public void testKeyStore_PrivateKeyEntry_EC_PublicKeyWorksWithCrypto() 1982 throws Exception { 1983 mKeyStore.load(null, null); 1984 mKeyStore.setKeyEntry(TEST_ALIAS_1, 1985 KeyFactory.getInstance("EC").generatePrivate( 1986 new PKCS8EncodedKeySpec(FAKE_EC_KEY_1)), 1987 null, // no password (it's not even supported) 1988 new Certificate[] {generateCertificate(FAKE_EC_USER_1)}); 1989 PublicKey publicKey = mKeyStore.getCertificate(TEST_ALIAS_1).getPublicKey(); 1990 assertNotNull(publicKey); 1991 1992 Signature.getInstance("SHA256withECDSA").initVerify(publicKey); 1993 Signature.getInstance("NONEwithECDSA").initVerify(publicKey); 1994 } 1995 testKeyStore_TrustedCertificateEntry_RSA_PublicKeyWorksWithCrypto()1996 public void testKeyStore_TrustedCertificateEntry_RSA_PublicKeyWorksWithCrypto() 1997 throws Exception { 1998 mKeyStore.load(null, null); 1999 mKeyStore.setCertificateEntry(TEST_ALIAS_2, generateCertificate(FAKE_RSA_USER_1)); 2000 PublicKey publicKey = mKeyStore.getCertificate(TEST_ALIAS_2).getPublicKey(); 2001 assertNotNull(publicKey); 2002 2003 Signature.getInstance("SHA256withRSA").initVerify(publicKey); 2004 Signature.getInstance("NONEwithRSA").initVerify(publicKey); 2005 2006 Cipher.getInstance("RSA/ECB/PKCS1Padding").init(Cipher.ENCRYPT_MODE, publicKey); 2007 Cipher.getInstance("RSA/ECB/NoPadding").init(Cipher.ENCRYPT_MODE, publicKey); 2008 } 2009 testKeyStore_TrustedCertificateEntry_EC_PublicKeyWorksWithCrypto()2010 public void testKeyStore_TrustedCertificateEntry_EC_PublicKeyWorksWithCrypto() 2011 throws Exception { 2012 mKeyStore.load(null, null); 2013 mKeyStore.setCertificateEntry(TEST_ALIAS_1, generateCertificate(FAKE_EC_USER_1)); 2014 PublicKey publicKey = mKeyStore.getCertificate(TEST_ALIAS_1).getPublicKey(); 2015 assertNotNull(publicKey); 2016 2017 Signature.getInstance("SHA256withECDSA").initVerify(publicKey); 2018 Signature.getInstance("NONEwithECDSA").initVerify(publicKey); 2019 } 2020 2021 private static final int MIN_SUPPORTED_KEY_COUNT = 1500; 2022 private static final long MINUTE_IN_MILLIS = 1000 * 60; 2023 private static final long LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_MILLIS = 2 * MINUTE_IN_MILLIS; 2024 isDeadlineReached(long startTimeMillis, long durationMillis)2025 private static boolean isDeadlineReached(long startTimeMillis, long durationMillis) { 2026 long nowMillis = System.currentTimeMillis(); 2027 if (nowMillis < startTimeMillis) { 2028 return true; 2029 } 2030 return nowMillis - startTimeMillis > durationMillis; 2031 } 2032 2033 @LargeTest testKeyStore_LargeNumberOfKeysSupported_RSA()2034 public void testKeyStore_LargeNumberOfKeysSupported_RSA() throws Exception { 2035 // This test imports key1, then lots of other keys, then key2, and then confirms that 2036 // key1 and key2 backed by Android Keystore work fine. The assumption is that if the 2037 // underlying implementation has a limit on the number of keys, it'll either delete the 2038 // oldest key (key1), or will refuse to add keys (key2). 2039 // The test imports as many keys as it can in a fixed amount of time instead of stopping 2040 // at MIN_SUPPORTED_KEY_COUNT to balance the desire to support an unlimited number of keys 2041 // with the constraints on how long the test can run and performance differences of hardware 2042 // under test. 2043 2044 long testStartTimeMillis = System.currentTimeMillis(); 2045 2046 Certificate cert1 = TestUtils.getRawResX509Certificate(getContext(), R.raw.rsa_key1_cert); 2047 PrivateKey privateKey1 = TestUtils.getRawResPrivateKey(getContext(), R.raw.rsa_key1_pkcs8); 2048 String entryName1 = "test0"; 2049 2050 Certificate cert2 = TestUtils.getRawResX509Certificate(getContext(), R.raw.rsa_key2_cert); 2051 PrivateKey privateKey2 = TestUtils.getRawResPrivateKey(getContext(), R.raw.rsa_key2_pkcs8); 2052 2053 Certificate cert3 = generateCertificate(FAKE_RSA_USER_1); 2054 PrivateKey privateKey3 = generatePrivateKey("RSA", FAKE_RSA_KEY_1); 2055 2056 mKeyStore.load(null); 2057 int latestImportedEntryNumber = 0; 2058 try { 2059 KeyProtection protectionParams = new KeyProtection.Builder( 2060 KeyProperties.PURPOSE_SIGN) 2061 .setDigests(KeyProperties.DIGEST_SHA256) 2062 .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1) 2063 .build(); 2064 mKeyStore.setEntry(entryName1, 2065 new KeyStore.PrivateKeyEntry(privateKey1, new Certificate[] {cert1}), 2066 protectionParams); 2067 2068 // Import key3 lots of times, under different aliases. 2069 while (!isDeadlineReached( 2070 testStartTimeMillis, LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_MILLIS)) { 2071 latestImportedEntryNumber++; 2072 if ((latestImportedEntryNumber % 1000) == 0) { 2073 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2074 } 2075 String entryAlias = "test" + latestImportedEntryNumber; 2076 try { 2077 mKeyStore.setEntry(entryAlias, 2078 new KeyStore.PrivateKeyEntry(privateKey3, new Certificate[] {cert3}), 2079 protectionParams); 2080 } catch (Throwable e) { 2081 throw new RuntimeException("Entry " + entryAlias + " import failed", e); 2082 } 2083 } 2084 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2085 if (latestImportedEntryNumber < MIN_SUPPORTED_KEY_COUNT) { 2086 fail("Failed to import " + MIN_SUPPORTED_KEY_COUNT + " keys in " 2087 + (System.currentTimeMillis() - testStartTimeMillis) 2088 + " ms. Imported: " + latestImportedEntryNumber + " keys"); 2089 } 2090 2091 latestImportedEntryNumber++; 2092 String entryName2 = "test" + latestImportedEntryNumber; 2093 mKeyStore.setEntry(entryName2, 2094 new KeyStore.PrivateKeyEntry(privateKey2, new Certificate[] {cert2}), 2095 protectionParams); 2096 PrivateKey keystorePrivateKey2 = (PrivateKey) mKeyStore.getKey(entryName2, null); 2097 PrivateKey keystorePrivateKey1 = (PrivateKey) mKeyStore.getKey(entryName1, null); 2098 2099 byte[] message = "This is a test".getBytes("UTF-8"); 2100 2101 Signature sig = Signature.getInstance("SHA256withRSA"); 2102 sig.initSign(keystorePrivateKey1); 2103 sig.update(message); 2104 byte[] signature = sig.sign(); 2105 sig = Signature.getInstance(sig.getAlgorithm()); 2106 sig.initVerify(cert1.getPublicKey()); 2107 sig.update(message); 2108 assertTrue(sig.verify(signature)); 2109 2110 sig = Signature.getInstance(sig.getAlgorithm()); 2111 sig.initSign(keystorePrivateKey2); 2112 sig.update(message); 2113 signature = sig.sign(); 2114 sig = Signature.getInstance(sig.getAlgorithm()); 2115 sig.initVerify(cert2.getPublicKey()); 2116 sig.update(message); 2117 assertTrue(sig.verify(signature)); 2118 } finally { 2119 // Clean up Keystore without using KeyStore.aliases() which can't handle this many 2120 // entries. 2121 Log.i(TAG, "Deleting imported keys"); 2122 for (int i = 0; i <= latestImportedEntryNumber; i++) { 2123 if ((i > 0) && ((i % 1000) == 0)) { 2124 Log.i(TAG, "Deleted " + i + " keys"); 2125 } 2126 mKeyStore.deleteEntry("test" + i); 2127 } 2128 Log.i(TAG, "Deleted " + (latestImportedEntryNumber + 1) + " keys"); 2129 } 2130 } 2131 2132 @LargeTest testKeyStore_LargeNumberOfKeysSupported_EC()2133 public void testKeyStore_LargeNumberOfKeysSupported_EC() throws Exception { 2134 // This test imports key1, then lots of other keys, then key2, and then confirms that 2135 // key1 and key2 backed by Android Keystore work fine. The assumption is that if the 2136 // underlying implementation has a limit on the number of keys, it'll either delete the 2137 // oldest key (key1), or will refuse to add keys (key2). 2138 // The test imports as many keys as it can in a fixed amount of time instead of stopping 2139 // at MIN_SUPPORTED_KEY_COUNT to balance the desire to support an unlimited number of keys 2140 // with the constraints on how long the test can run and performance differences of hardware 2141 // under test. 2142 2143 long testStartTimeMillis = System.currentTimeMillis(); 2144 2145 Certificate cert1 = TestUtils.getRawResX509Certificate(getContext(), R.raw.ec_key1_cert); 2146 PrivateKey privateKey1 = TestUtils.getRawResPrivateKey(getContext(), R.raw.ec_key1_pkcs8); 2147 String entryName1 = "test0"; 2148 2149 Certificate cert2 = TestUtils.getRawResX509Certificate(getContext(), R.raw.ec_key2_cert); 2150 PrivateKey privateKey2 = TestUtils.getRawResPrivateKey(getContext(), R.raw.ec_key2_pkcs8); 2151 2152 Certificate cert3 = generateCertificate(FAKE_EC_USER_1); 2153 PrivateKey privateKey3 = generatePrivateKey("EC", FAKE_EC_KEY_1); 2154 2155 mKeyStore.load(null); 2156 int latestImportedEntryNumber = 0; 2157 try { 2158 KeyProtection protectionParams = new KeyProtection.Builder( 2159 KeyProperties.PURPOSE_SIGN) 2160 .setDigests(KeyProperties.DIGEST_SHA256) 2161 .build(); 2162 mKeyStore.setEntry(entryName1, 2163 new KeyStore.PrivateKeyEntry(privateKey1, new Certificate[] {cert1}), 2164 protectionParams); 2165 2166 // Import key3 lots of times, under different aliases. 2167 while (!isDeadlineReached( 2168 testStartTimeMillis, LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_MILLIS)) { 2169 latestImportedEntryNumber++; 2170 if ((latestImportedEntryNumber % 1000) == 0) { 2171 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2172 } 2173 String entryAlias = "test" + latestImportedEntryNumber; 2174 try { 2175 mKeyStore.setEntry(entryAlias, 2176 new KeyStore.PrivateKeyEntry(privateKey3, new Certificate[] {cert3}), 2177 protectionParams); 2178 } catch (Throwable e) { 2179 throw new RuntimeException("Entry " + entryAlias + " import failed", e); 2180 } 2181 } 2182 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2183 if (latestImportedEntryNumber < MIN_SUPPORTED_KEY_COUNT) { 2184 fail("Failed to import " + MIN_SUPPORTED_KEY_COUNT + " keys in " 2185 + (System.currentTimeMillis() - testStartTimeMillis) 2186 + " ms. Imported: " + latestImportedEntryNumber + " keys"); 2187 } 2188 2189 latestImportedEntryNumber++; 2190 String entryName2 = "test" + latestImportedEntryNumber; 2191 mKeyStore.setEntry(entryName2, 2192 new KeyStore.PrivateKeyEntry(privateKey2, new Certificate[] {cert2}), 2193 protectionParams); 2194 PrivateKey keystorePrivateKey2 = (PrivateKey) mKeyStore.getKey(entryName2, null); 2195 PrivateKey keystorePrivateKey1 = (PrivateKey) mKeyStore.getKey(entryName1, null); 2196 2197 byte[] message = "This is a test".getBytes("UTF-8"); 2198 2199 Signature sig = Signature.getInstance("SHA256withECDSA"); 2200 sig.initSign(keystorePrivateKey1); 2201 sig.update(message); 2202 byte[] signature = sig.sign(); 2203 sig = Signature.getInstance(sig.getAlgorithm()); 2204 sig.initVerify(cert1.getPublicKey()); 2205 sig.update(message); 2206 assertTrue(sig.verify(signature)); 2207 2208 sig = Signature.getInstance(sig.getAlgorithm()); 2209 sig.initSign(keystorePrivateKey2); 2210 sig.update(message); 2211 signature = sig.sign(); 2212 sig = Signature.getInstance(sig.getAlgorithm()); 2213 sig.initVerify(cert2.getPublicKey()); 2214 sig.update(message); 2215 assertTrue(sig.verify(signature)); 2216 } finally { 2217 // Clean up Keystore without using KeyStore.aliases() which can't handle this many 2218 // entries. 2219 Log.i(TAG, "Deleting imported keys"); 2220 for (int i = 0; i <= latestImportedEntryNumber; i++) { 2221 if ((i > 0) && ((i % 1000) == 0)) { 2222 Log.i(TAG, "Deleted " + i + " keys"); 2223 } 2224 mKeyStore.deleteEntry("test" + i); 2225 } 2226 Log.i(TAG, "Deleted " + (latestImportedEntryNumber + 1) + " keys"); 2227 } 2228 } 2229 2230 @LargeTest testKeyStore_LargeNumberOfKeysSupported_AES()2231 public void testKeyStore_LargeNumberOfKeysSupported_AES() throws Exception { 2232 // This test imports key1, then lots of other keys, then key2, and then confirms that 2233 // key1 and key2 backed by Android Keystore work fine. The assumption is that if the 2234 // underlying implementation has a limit on the number of keys, it'll either delete the 2235 // oldest key (key1), or will refuse to add keys (key2). 2236 // The test imports as many keys as it can in a fixed amount of time instead of stopping 2237 // at MIN_SUPPORTED_KEY_COUNT to balance the desire to support an unlimited number of keys 2238 // with the constraints on how long the test can run and performance differences of hardware 2239 // under test. 2240 2241 long testStartTimeMillis = System.currentTimeMillis(); 2242 2243 SecretKey key1 = new TransparentSecretKey( 2244 HexEncoding.decode("010203040506070809fafbfcfdfeffcc"), "AES"); 2245 String entryName1 = "test0"; 2246 2247 SecretKey key2 = new TransparentSecretKey( 2248 HexEncoding.decode("808182838485868788897a7b7c7d7e7f"), "AES"); 2249 2250 SecretKey key3 = new TransparentSecretKey( 2251 HexEncoding.decode("33333333333333333333777777777777"), "AES"); 2252 2253 mKeyStore.load(null); 2254 int latestImportedEntryNumber = 0; 2255 try { 2256 KeyProtection protectionParams = new KeyProtection.Builder( 2257 KeyProperties.PURPOSE_ENCRYPT) 2258 .setBlockModes(KeyProperties.BLOCK_MODE_GCM) 2259 .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) 2260 .build(); 2261 mKeyStore.setEntry(entryName1, new KeyStore.SecretKeyEntry(key1), protectionParams); 2262 2263 // Import key3 lots of times, under different aliases. 2264 while (!isDeadlineReached( 2265 testStartTimeMillis, LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_MILLIS)) { 2266 latestImportedEntryNumber++; 2267 if ((latestImportedEntryNumber % 1000) == 0) { 2268 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2269 } 2270 String entryAlias = "test" + latestImportedEntryNumber; 2271 try { 2272 mKeyStore.setEntry(entryAlias, 2273 new KeyStore.SecretKeyEntry(key3), protectionParams); 2274 } catch (Throwable e) { 2275 throw new RuntimeException("Entry " + entryAlias + " import failed", e); 2276 } 2277 } 2278 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2279 if (latestImportedEntryNumber < MIN_SUPPORTED_KEY_COUNT) { 2280 fail("Failed to import " + MIN_SUPPORTED_KEY_COUNT + " keys in " 2281 + (System.currentTimeMillis() - testStartTimeMillis) 2282 + " ms. Imported: " + latestImportedEntryNumber + " keys"); 2283 } 2284 2285 latestImportedEntryNumber++; 2286 String entryName2 = "test" + latestImportedEntryNumber; 2287 mKeyStore.setEntry(entryName2, new KeyStore.SecretKeyEntry(key2), protectionParams); 2288 SecretKey keystoreKey2 = (SecretKey) mKeyStore.getKey(entryName2, null); 2289 SecretKey keystoreKey1 = (SecretKey) mKeyStore.getKey(entryName1, null); 2290 2291 byte[] plaintext = "This is a test".getBytes("UTF-8"); 2292 Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); 2293 cipher.init(Cipher.ENCRYPT_MODE, keystoreKey1); 2294 byte[] ciphertext = cipher.doFinal(plaintext); 2295 AlgorithmParameters cipherParams = cipher.getParameters(); 2296 cipher = Cipher.getInstance(cipher.getAlgorithm()); 2297 cipher.init(Cipher.DECRYPT_MODE, key1, cipherParams); 2298 MoreAsserts.assertEquals(plaintext, cipher.doFinal(ciphertext)); 2299 2300 cipher = Cipher.getInstance(cipher.getAlgorithm()); 2301 cipher.init(Cipher.ENCRYPT_MODE, keystoreKey2); 2302 ciphertext = cipher.doFinal(plaintext); 2303 cipherParams = cipher.getParameters(); 2304 cipher = Cipher.getInstance(cipher.getAlgorithm()); 2305 cipher.init(Cipher.DECRYPT_MODE, key2, cipherParams); 2306 MoreAsserts.assertEquals(plaintext, cipher.doFinal(ciphertext)); 2307 } finally { 2308 // Clean up Keystore without using KeyStore.aliases() which can't handle this many 2309 // entries. 2310 Log.i(TAG, "Deleting imported keys"); 2311 for (int i = 0; i <= latestImportedEntryNumber; i++) { 2312 if ((i > 0) && ((i % 1000) == 0)) { 2313 Log.i(TAG, "Deleted " + i + " keys"); 2314 } 2315 mKeyStore.deleteEntry("test" + i); 2316 } 2317 Log.i(TAG, "Deleted " + (latestImportedEntryNumber + 1) + " keys"); 2318 } 2319 } 2320 2321 @LargeTest testKeyStore_LargeNumberOfKeysSupported_HMAC()2322 public void testKeyStore_LargeNumberOfKeysSupported_HMAC() throws Exception { 2323 // This test imports key1, then lots of other keys, then key2, and then confirms that 2324 // key1 and key2 backed by Android Keystore work fine. The assumption is that if the 2325 // underlying implementation has a limit on the number of keys, it'll either delete the 2326 // oldest key (key1), or will refuse to add keys (key2). 2327 // The test imports as many keys as it can in a fixed amount of time instead of stopping 2328 // at MIN_SUPPORTED_KEY_COUNT to balance the desire to support an unlimited number of keys 2329 // with the constraints on how long the test can run and performance differences of hardware 2330 // under test. 2331 2332 long testStartTimeMillis = System.currentTimeMillis(); 2333 2334 SecretKey key1 = new TransparentSecretKey( 2335 HexEncoding.decode("010203040506070809fafbfcfdfeffcc"), "HmacSHA256"); 2336 String entryName1 = "test0"; 2337 2338 SecretKey key2 = new TransparentSecretKey( 2339 HexEncoding.decode("808182838485868788897a7b7c7d7e7f"), "HmacSHA256"); 2340 2341 SecretKey key3 = new TransparentSecretKey( 2342 HexEncoding.decode("33333333333333333333777777777777"), "HmacSHA256"); 2343 2344 mKeyStore.load(null); 2345 int latestImportedEntryNumber = 0; 2346 try { 2347 KeyProtection protectionParams = new KeyProtection.Builder( 2348 KeyProperties.PURPOSE_SIGN) 2349 .build(); 2350 mKeyStore.setEntry(entryName1, new KeyStore.SecretKeyEntry(key1), protectionParams); 2351 2352 // Import key3 lots of times, under different aliases. 2353 while (!isDeadlineReached( 2354 testStartTimeMillis, LARGE_NUMBER_OF_KEYS_TEST_MAX_DURATION_MILLIS)) { 2355 latestImportedEntryNumber++; 2356 if ((latestImportedEntryNumber % 1000) == 0) { 2357 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2358 } 2359 String entryAlias = "test" + latestImportedEntryNumber; 2360 try { 2361 mKeyStore.setEntry(entryAlias, 2362 new KeyStore.SecretKeyEntry(key3), protectionParams); 2363 } catch (Throwable e) { 2364 throw new RuntimeException("Entry " + entryAlias + " import failed", e); 2365 } 2366 } 2367 Log.i(TAG, "Imported " + latestImportedEntryNumber + " keys"); 2368 if (latestImportedEntryNumber < MIN_SUPPORTED_KEY_COUNT) { 2369 fail("Failed to import " + MIN_SUPPORTED_KEY_COUNT + " keys in " 2370 + (System.currentTimeMillis() - testStartTimeMillis) 2371 + " ms. Imported: " + latestImportedEntryNumber + " keys"); 2372 } 2373 2374 latestImportedEntryNumber++; 2375 String entryName2 = "test" + latestImportedEntryNumber; 2376 mKeyStore.setEntry(entryName2, new KeyStore.SecretKeyEntry(key2), protectionParams); 2377 SecretKey keystoreKey2 = (SecretKey) mKeyStore.getKey(entryName2, null); 2378 SecretKey keystoreKey1 = (SecretKey) mKeyStore.getKey(entryName1, null); 2379 2380 byte[] message = "This is a test".getBytes("UTF-8"); 2381 Mac mac = Mac.getInstance(key1.getAlgorithm()); 2382 mac.init(keystoreKey1); 2383 MoreAsserts.assertEquals( 2384 HexEncoding.decode( 2385 "905e36f5a175f4ca54ad56b860b46f6502f883a90628dca2d33a953fb7224eaf"), 2386 mac.doFinal(message)); 2387 2388 mac = Mac.getInstance(key2.getAlgorithm()); 2389 mac.init(keystoreKey2); 2390 MoreAsserts.assertEquals( 2391 HexEncoding.decode( 2392 "59b57e77e4e2cb36b5c7b84af198ac004327bc549de6931a1b5505372dd8c957"), 2393 mac.doFinal(message)); 2394 } finally { 2395 // Clean up Keystore without using KeyStore.aliases() which can't handle this many 2396 // entries. 2397 Log.i(TAG, "Deleting imported keys"); 2398 for (int i = 0; i <= latestImportedEntryNumber; i++) { 2399 if ((i > 0) && ((i % 1000) == 0)) { 2400 Log.i(TAG, "Deleted " + i + " keys"); 2401 } 2402 mKeyStore.deleteEntry("test" + i); 2403 } 2404 Log.i(TAG, "Deleted " + (latestImportedEntryNumber + 1) + " keys"); 2405 } 2406 } 2407 testKeyStore_OnlyOneDigestCanBeAuthorized_HMAC()2408 public void testKeyStore_OnlyOneDigestCanBeAuthorized_HMAC() throws Exception { 2409 mKeyStore.load(null); 2410 2411 for (String algorithm : KeyGeneratorTest.EXPECTED_ALGORITHMS) { 2412 if (!TestUtils.isHmacAlgorithm(algorithm)) { 2413 continue; 2414 } 2415 try { 2416 String digest = TestUtils.getHmacAlgorithmDigest(algorithm); 2417 assertNotNull(digest); 2418 SecretKey keyBeingImported = new TransparentSecretKey(new byte[16], algorithm); 2419 2420 KeyProtection.Builder goodSpec = 2421 new KeyProtection.Builder(KeyProperties.PURPOSE_SIGN); 2422 2423 // Digests authorization not specified in import parameters 2424 assertFalse(goodSpec.build().isDigestsSpecified()); 2425 mKeyStore.setEntry(TEST_ALIAS_1, 2426 new KeyStore.SecretKeyEntry(keyBeingImported), 2427 goodSpec.build()); 2428 SecretKey key = (SecretKey) mKeyStore.getKey(TEST_ALIAS_1, null); 2429 TestUtils.assertContentsInAnyOrder( 2430 Arrays.asList(TestUtils.getKeyInfo(key).getDigests()), digest); 2431 2432 // The same digest is specified in import parameters 2433 mKeyStore.setEntry(TEST_ALIAS_1, 2434 new KeyStore.SecretKeyEntry(keyBeingImported), 2435 TestUtils.buildUpon(goodSpec).setDigests(digest).build()); 2436 key = (SecretKey) mKeyStore.getKey(TEST_ALIAS_1, null); 2437 TestUtils.assertContentsInAnyOrder( 2438 Arrays.asList(TestUtils.getKeyInfo(key).getDigests()), digest); 2439 2440 // Empty set of digests specified in import parameters 2441 try { 2442 mKeyStore.setEntry(TEST_ALIAS_1, 2443 new KeyStore.SecretKeyEntry(keyBeingImported), 2444 TestUtils.buildUpon(goodSpec).setDigests().build()); 2445 fail(); 2446 } catch (KeyStoreException expected) {} 2447 2448 // A different digest specified in import parameters 2449 String anotherDigest = "SHA-256".equalsIgnoreCase(digest) ? "SHA-384" : "SHA-256"; 2450 try { 2451 mKeyStore.setEntry(TEST_ALIAS_1, 2452 new KeyStore.SecretKeyEntry(keyBeingImported), 2453 TestUtils.buildUpon(goodSpec).setDigests(anotherDigest).build()); 2454 fail(); 2455 } catch (KeyStoreException expected) {} 2456 try { 2457 mKeyStore.setEntry(TEST_ALIAS_1, 2458 new KeyStore.SecretKeyEntry(keyBeingImported), 2459 TestUtils.buildUpon(goodSpec) 2460 .setDigests(digest, anotherDigest) 2461 .build()); 2462 fail(); 2463 } catch (KeyStoreException expected) {} 2464 } catch (Throwable e) { 2465 throw new RuntimeException("Failed for " + algorithm, e); 2466 } 2467 } 2468 } 2469 testKeyStore_ImportSupportedSizes_AES()2470 public void testKeyStore_ImportSupportedSizes_AES() throws Exception { 2471 mKeyStore.load(null); 2472 2473 KeyProtection params = new KeyProtection.Builder( 2474 KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) 2475 .build(); 2476 String alias = "test1"; 2477 mKeyStore.deleteEntry(alias); 2478 assertFalse(mKeyStore.containsAlias(alias)); 2479 for (int keySizeBytes = 0; keySizeBytes <= 512 / 8; keySizeBytes++) { 2480 int keySizeBits = keySizeBytes * 8; 2481 try { 2482 KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry( 2483 new TransparentSecretKey(new byte[keySizeBytes], "AES")); 2484 if (TestUtils.contains(KeyGeneratorTest.AES_SUPPORTED_KEY_SIZES, keySizeBits)) { 2485 mKeyStore.setEntry(alias, entry, params); 2486 SecretKey key = (SecretKey) mKeyStore.getKey(alias, null); 2487 assertEquals("AES", key.getAlgorithm()); 2488 assertEquals(keySizeBits, TestUtils.getKeyInfo(key).getKeySize()); 2489 } else { 2490 mKeyStore.deleteEntry(alias); 2491 assertFalse(mKeyStore.containsAlias(alias)); 2492 try { 2493 mKeyStore.setEntry(alias, entry, params); 2494 fail(); 2495 } catch (KeyStoreException expected) {} 2496 assertFalse(mKeyStore.containsAlias(alias)); 2497 } 2498 } catch (Throwable e) { 2499 throw new RuntimeException("Failed for key size " + keySizeBits, e); 2500 } 2501 } 2502 } 2503 testKeyStore_ImportSupportedSizes_HMAC()2504 public void testKeyStore_ImportSupportedSizes_HMAC() throws Exception { 2505 mKeyStore.load(null); 2506 2507 KeyProtection params = new KeyProtection.Builder(KeyProperties.PURPOSE_SIGN).build(); 2508 String alias = "test1"; 2509 mKeyStore.deleteEntry(alias); 2510 assertFalse(mKeyStore.containsAlias(alias)); 2511 for (String algorithm : KeyGeneratorTest.EXPECTED_ALGORITHMS) { 2512 if (!TestUtils.isHmacAlgorithm(algorithm)) { 2513 continue; 2514 } 2515 for (int keySizeBytes = 0; keySizeBytes <= 1024 / 8; keySizeBytes++) { 2516 try { 2517 KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry( 2518 new TransparentSecretKey(new byte[keySizeBytes], algorithm)); 2519 if (keySizeBytes > 0) { 2520 mKeyStore.setEntry(alias, entry, params); 2521 SecretKey key = (SecretKey) mKeyStore.getKey(alias, null); 2522 assertEquals(algorithm, key.getAlgorithm()); 2523 assertEquals(keySizeBytes * 8, TestUtils.getKeyInfo(key).getKeySize()); 2524 } else { 2525 mKeyStore.deleteEntry(alias); 2526 assertFalse(mKeyStore.containsAlias(alias)); 2527 try { 2528 mKeyStore.setEntry(alias, entry, params); 2529 fail(); 2530 } catch (KeyStoreException expected) {} 2531 } 2532 } catch (Throwable e) { 2533 throw new RuntimeException( 2534 "Failed for " + algorithm + " with key size " + (keySizeBytes * 8), e); 2535 } 2536 } 2537 } 2538 } 2539 testKeyStore_ImportSupportedSizes_EC()2540 public void testKeyStore_ImportSupportedSizes_EC() throws Exception { 2541 mKeyStore.load(null); 2542 KeyProtection params = 2543 TestUtils.getMinimalWorkingImportParametersForSigningingWith("SHA256withECDSA"); 2544 checkKeyPairImportSucceeds( 2545 "secp224r1", R.raw.ec_key3_secp224r1_pkcs8, R.raw.ec_key3_secp224r1_cert, params); 2546 checkKeyPairImportSucceeds( 2547 "secp256r1", R.raw.ec_key4_secp256r1_pkcs8, R.raw.ec_key4_secp256r1_cert, params); 2548 checkKeyPairImportSucceeds( 2549 "secp384r1", R.raw.ec_key5_secp384r1_pkcs8, R.raw.ec_key5_secp384r1_cert, params); 2550 checkKeyPairImportSucceeds( 2551 "secp512r1", R.raw.ec_key6_secp521r1_pkcs8, R.raw.ec_key6_secp521r1_cert, params); 2552 } 2553 testKeyStore_ImportSupportedSizes_RSA()2554 public void testKeyStore_ImportSupportedSizes_RSA() throws Exception { 2555 mKeyStore.load(null); 2556 KeyProtection params = 2557 TestUtils.getMinimalWorkingImportParametersForSigningingWith("SHA256withRSA"); 2558 checkKeyPairImportSucceeds( 2559 "512", R.raw.rsa_key5_512_pkcs8, R.raw.rsa_key5_512_cert, params); 2560 checkKeyPairImportSucceeds( 2561 "768", R.raw.rsa_key6_768_pkcs8, R.raw.rsa_key6_768_cert, params); 2562 checkKeyPairImportSucceeds( 2563 "1024", R.raw.rsa_key3_1024_pkcs8, R.raw.rsa_key3_1024_cert, params); 2564 checkKeyPairImportSucceeds( 2565 "2048", R.raw.rsa_key8_2048_pkcs8, R.raw.rsa_key8_2048_cert, params); 2566 checkKeyPairImportSucceeds( 2567 "3072", R.raw.rsa_key7_3072_pksc8, R.raw.rsa_key7_3072_cert, params); 2568 checkKeyPairImportSucceeds( 2569 "4096", R.raw.rsa_key4_4096_pkcs8, R.raw.rsa_key4_4096_cert, params); 2570 } 2571 checkKeyPairImportSucceeds( String alias, int privateResId, int certResId, KeyProtection params)2572 private void checkKeyPairImportSucceeds( 2573 String alias, int privateResId, int certResId, KeyProtection params) throws Exception { 2574 try { 2575 mKeyStore.deleteEntry(alias); 2576 TestUtils.importIntoAndroidKeyStore( 2577 alias, getContext(), privateResId, certResId, params); 2578 } catch (Throwable e) { 2579 throw new RuntimeException("Failed for " + alias, e); 2580 } finally { 2581 try { 2582 mKeyStore.deleteEntry(alias); 2583 } catch (Exception ignored) {} 2584 } 2585 } 2586 } 2587