1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package libcore.java.security; 18 19import java.io.ByteArrayInputStream; 20import java.io.ByteArrayOutputStream; 21import java.io.File; 22import java.io.FileInputStream; 23import java.io.FileOutputStream; 24import java.io.IOException; 25import java.io.InputStream; 26import java.io.OutputStream; 27import java.security.Key; 28import java.security.KeyStore; 29import java.security.KeyStore.Builder; 30import java.security.KeyStore.Entry; 31import java.security.KeyStore.LoadStoreParameter; 32import java.security.KeyStore.PasswordProtection; 33import java.security.KeyStore.PrivateKeyEntry; 34import java.security.KeyStore.ProtectionParameter; 35import java.security.KeyStore.SecretKeyEntry; 36import java.security.KeyStore.TrustedCertificateEntry; 37import java.security.KeyStoreException; 38import java.security.NoSuchAlgorithmException; 39import java.security.Provider; 40import java.security.Security; 41import java.security.UnrecoverableKeyException; 42import java.security.cert.Certificate; 43import java.security.cert.X509Certificate; 44import java.util.ArrayList; 45import java.util.Arrays; 46import java.util.Collections; 47import java.util.Date; 48import java.util.Enumeration; 49import java.util.HashSet; 50import java.util.List; 51import java.util.Set; 52import javax.crypto.KeyGenerator; 53import javax.crypto.SecretKey; 54import junit.framework.TestCase; 55 56public class KeyStoreTest extends TestCase { 57 58 private static PrivateKeyEntry PRIVATE_KEY; 59 private static PrivateKeyEntry PRIVATE_KEY_2; 60 61 private static SecretKey SECRET_KEY; 62 private static SecretKey SECRET_KEY_2; 63 64 private static final String ALIAS_PRIVATE = "private"; 65 private static final String ALIAS_CERTIFICATE = "certificate"; 66 private static final String ALIAS_SECRET = "secret"; 67 68 private static final String ALIAS_ALT_CASE_PRIVATE = "pRiVaTe"; 69 private static final String ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE = "PrIvAtE-no-password"; 70 private static final String ALIAS_ALT_CASE_CERTIFICATE = "cErTiFiCaTe"; 71 private static final String ALIAS_ALT_CASE_SECRET = "sEcRet"; 72 73 private static final String ALIAS_UNICODE_PRIVATE = "\u6400\u7902\u3101\u8c02\u5002\u8702\udd01"; 74 private static final String ALIAS_UNICODE_NO_PASSWORD_PRIVATE = "\u926c\u0967\uc65b\ubc78"; 75 private static final String ALIAS_UNICODE_CERTIFICATE = "\u5402\udd01\u7902\u8702\u3101\u5f02\u3101\u5402\u5002\u8702\udd01"; 76 private static final String ALIAS_UNICODE_SECRET = "\ue224\ud424\ud224\ue124\ud424\ue324"; 77 78 private static final String ALIAS_NO_PASSWORD_PRIVATE = "private-no-password"; 79 private static final String ALIAS_NO_PASSWORD_SECRET = "secret-no-password"; 80 81 private static final char[] PASSWORD_STORE = "store password".toCharArray(); 82 private static final char[] PASSWORD_KEY = "key password".toCharArray(); 83 private static final char[] PASSWORD_BAD = "dummy".toCharArray(); 84 85 private static final ProtectionParameter PARAM_STORE = new PasswordProtection(PASSWORD_STORE); 86 private static final ProtectionParameter PARAM_KEY = new PasswordProtection(PASSWORD_KEY); 87 private static final ProtectionParameter PARAM_BAD = new PasswordProtection(PASSWORD_BAD); 88 89 private static PrivateKeyEntry getPrivateKey() { 90 if (PRIVATE_KEY == null) { 91 PRIVATE_KEY = TestKeyStore.getServer().getPrivateKey("RSA", "RSA"); 92 } 93 return PRIVATE_KEY; 94 } 95 96 private static PrivateKeyEntry getPrivateKey2() { 97 if (PRIVATE_KEY_2 == null) { 98 PRIVATE_KEY_2 = TestKeyStore.getClientCertificate().getPrivateKey("RSA", "RSA"); 99 } 100 return PRIVATE_KEY_2; 101 } 102 103 private static SecretKey getSecretKey() { 104 if (SECRET_KEY == null) { 105 SECRET_KEY = generateSecretKey(); 106 } 107 return SECRET_KEY; 108 } 109 110 private static SecretKey getSecretKey2() { 111 if (SECRET_KEY_2 == null) { 112 SECRET_KEY_2 = generateSecretKey(); 113 } 114 return SECRET_KEY_2; 115 } 116 117 private static SecretKey generateSecretKey() { 118 try { 119 KeyGenerator kg = KeyGenerator.getInstance("DES"); 120 return kg.generateKey(); 121 } catch (NoSuchAlgorithmException e) { 122 throw new RuntimeException(e); 123 } 124 } 125 126 public static List<KeyStore> keyStores() throws Exception { 127 List<KeyStore> keyStores = new ArrayList<KeyStore>(); 128 Provider[] providers = Security.getProviders(); 129 for (Provider provider : providers) { 130 Set<Provider.Service> services = provider.getServices(); 131 for (Provider.Service service : services) { 132 String type = service.getType(); 133 if (!type.equals("KeyStore")) { 134 continue; 135 } 136 String algorithm = service.getAlgorithm(); 137 KeyStore ks = KeyStore.getInstance(algorithm, provider); 138 assertEquals(provider, ks.getProvider()); 139 assertEquals(algorithm, ks.getType()); 140 if (!isUnsupported(ks)) { 141 keyStores.add(ks); 142 } 143 } 144 } 145 return keyStores; 146 } 147 148 private static boolean isSecretKeyEnabled(KeyStore ks) { 149 // JKS key stores cannot store secret keys, neither can the RI's PKCS12 150 return (!(ks.getType().equals("JKS") 151 || ks.getType().equals("CaseExactJKS") 152 || (ks.getType().equals("PKCS12")) 153 || (ks.getType().equals("AndroidKeyStore")))); 154 } 155 156 private static boolean isCertificateEnabled(KeyStore ks) { 157 // RI can't handle certificate in PKCS12, but BC can 158 return (!(ks.getType().equals("PKCS12") && ks.getProvider().getName().equals("SunJSSE"))); 159 } 160 161 private static boolean isCaseSensitive(KeyStore ks) { 162 return (ks.getType().equals("CaseExactJKS") 163 || ks.getType().equals("BKS") 164 || ks.getType().equals("BouncyCastle") 165 || ks.getType().equals("AndroidKeyStore")); 166 167 } 168 169 private static boolean isUnsupported(KeyStore ks) { 170 // Don't bother testing BC on RI 171 // TODO enable AndroidKeyStore when CTS can set up the keystore 172 return (StandardNames.IS_RI && ks.getProvider().getName().equals("BC")) 173 || "AndroidKeyStore".equalsIgnoreCase(ks.getType()); 174 } 175 176 private static boolean isNullPasswordAllowed(KeyStore ks) { 177 return (!(ks.getType().equals("JKS") 178 || ks.getType().equals("CaseExactJKS") 179 || ks.getType().equals("JCEKS") 180 || ks.getType().equals("PKCS12"))); 181 } 182 private static boolean isKeyPasswordSupported(KeyStore ks) { 183 return !ks.getType().equals("AndroidKeyStore"); 184 } 185 private static boolean isKeyPasswordIgnored(KeyStore ks) { 186 // BouncyCastle's PKCS12 ignores the key password unlike the RI which requires it 187 return (ks.getType().equals("PKCS12") && ks.getProvider().getName().equals("BC")); 188 } 189 190 private static boolean isLoadStoreParameterSupported(KeyStore ks) { 191 // BouncyCastle's PKCS12 allows a JDKPKCS12StoreParameter 192 return (ks.getType().equals("PKCS12") && ks.getProvider().getName().equals("BC")); 193 } 194 195 private static boolean isPersistentStorage(KeyStore ks) { 196 return ks.getType().equalsIgnoreCase("AndroidKeyStore"); 197 } 198 199 private static boolean isLoadStoreUnsupported(KeyStore ks) { 200 return ks.getType().equalsIgnoreCase("AndroidKeyStore"); 201 } 202 203 private static boolean isSetKeyByteArrayUnimplemented(KeyStore ks) { 204 // All of BouncyCastle's 205 // KeyStore.setKeyEntry(String,byte[],char[]) implementations 206 // throw RuntimeException 207 return (ks.getProvider().getName().equals("BC")); 208 } 209 210 private static boolean hasDefaultContents(KeyStore ks) { 211 // AndroidCAStore exposes CA cert files via the KeyStore 212 // interface, so it does start out empty like other KeyStores 213 return (ks.getType().equals("AndroidCAStore")); 214 } 215 216 private static boolean isReadOnly(KeyStore ks) { 217 // AndroidCAStore is read only, throwing 218 // UnsupportedOperationException on write operations 219 return (ks.getType().equals("AndroidCAStore")); 220 } 221 222 public static void populate(KeyStore ks) throws Exception { 223 boolean readOnly = clearKeyStore(ks); 224 if (readOnly) { 225 return; 226 } 227 if (isKeyPasswordSupported(ks)) { 228 setPrivateKey(ks); 229 } 230 if (isNullPasswordAllowed(ks)) { 231 ks.setKeyEntry(ALIAS_NO_PASSWORD_PRIVATE, 232 getPrivateKey().getPrivateKey(), 233 null, 234 getPrivateKey().getCertificateChain()); 235 } 236 if (isCertificateEnabled(ks)) { 237 ks.setCertificateEntry(ALIAS_CERTIFICATE, 238 getPrivateKey().getCertificate()); 239 } 240 if (isSecretKeyEnabled(ks)) { 241 setSecretKey(ks); 242 if (isNullPasswordAllowed(ks)) { 243 ks.setKeyEntry(ALIAS_NO_PASSWORD_SECRET, 244 getSecretKey(), 245 null, 246 null); 247 } 248 } 249 } 250 251 private static boolean clearKeyStore(KeyStore ks) throws Exception { 252 ks.load(null, null); 253 if (isReadOnly(ks)) { 254 try { 255 setPrivateKey(ks); 256 fail(ks.toString()); 257 } catch (UnsupportedOperationException e) { 258 } 259 return true; 260 } 261 if (isPersistentStorage(ks)) { 262 Enumeration<String> aliases = ks.aliases(); 263 while (aliases.hasMoreElements()) { 264 String alias = aliases.nextElement(); 265 ks.deleteEntry(alias); 266 } 267 } 268 return false; 269 } 270 271 public static void setPrivateKeyNoPassword(KeyStore ks, String alias, PrivateKeyEntry privateKey) 272 throws Exception { 273 ks.setKeyEntry(alias, privateKey.getPrivateKey(), null, privateKey.getCertificateChain()); 274 } 275 public static void setPrivateKey(KeyStore ks) throws Exception { 276 setPrivateKey(ks, ALIAS_PRIVATE); 277 } 278 public static void setPrivateKey(KeyStore ks, String alias) throws Exception { 279 setPrivateKey(ks, alias, getPrivateKey()); 280 } 281 public static void setPrivateKey(KeyStore ks, 282 String alias, 283 PrivateKeyEntry privateKey) 284 throws Exception { 285 ks.setKeyEntry(alias, 286 privateKey.getPrivateKey(), 287 PASSWORD_KEY, 288 privateKey.getCertificateChain()); 289 } 290 291 public static void setPrivateKeyBytes(KeyStore ks) throws Exception { 292 setPrivateKeyBytes(ks, ALIAS_PRIVATE); 293 } 294 public static void setPrivateKeyBytes(KeyStore ks, String alias) throws Exception { 295 setPrivateKeyBytes(ks, alias, getPrivateKey()); 296 } 297 public static void setPrivateKeyBytes(KeyStore ks, 298 String alias, 299 PrivateKeyEntry privateKey) 300 throws Exception { 301 ks.setKeyEntry(alias, 302 privateKey.getPrivateKey().getEncoded(), 303 privateKey.getCertificateChain()); 304 } 305 306 public static void setSecretKey(KeyStore ks) throws Exception { 307 setSecretKey(ks, ALIAS_SECRET); 308 } 309 public static void setSecretKey(KeyStore ks, String alias) throws Exception { 310 setSecretKey(ks, alias, getSecretKey()); 311 } 312 public static void setSecretKey(KeyStore ks, String alias, SecretKey key) throws Exception { 313 ks.setKeyEntry(alias, 314 key, 315 PASSWORD_KEY, 316 null); 317 } 318 319 public static void setSecretKeyBytes(KeyStore ks) throws Exception { 320 setSecretKeyBytes(ks, ALIAS_SECRET); 321 } 322 public static void setSecretKeyBytes(KeyStore ks, String alias) throws Exception { 323 setSecretKeyBytes(ks, alias, getSecretKey()); 324 } 325 public static void setSecretKeyBytes(KeyStore ks, String alias, SecretKey key) 326 throws Exception { 327 ks.setKeyEntry(alias, 328 key.getEncoded(), 329 null); 330 } 331 332 public static void setCertificate(KeyStore ks) throws Exception { 333 setCertificate(ks, ALIAS_CERTIFICATE); 334 } 335 public static void setCertificate(KeyStore ks, String alias) throws Exception { 336 setCertificate(ks, alias, getPrivateKey().getCertificate()); 337 } 338 public static void setCertificate(KeyStore ks, String alias, Certificate certificate) 339 throws Exception { 340 ks.setCertificateEntry(alias, certificate); 341 } 342 343 public static void assertPrivateKey(Key actual) 344 throws Exception { 345 assertEquals(getPrivateKey().getPrivateKey(), actual); 346 } 347 public static void assertPrivateKey2(Key actual) 348 throws Exception { 349 assertEquals(getPrivateKey2().getPrivateKey(), actual); 350 } 351 public static void assertPrivateKey(Entry actual) 352 throws Exception { 353 assertNotNull(actual); 354 assertSame(PrivateKeyEntry.class, actual.getClass()); 355 PrivateKeyEntry privateKey = (PrivateKeyEntry) actual; 356 assertEquals(getPrivateKey().getPrivateKey(), privateKey.getPrivateKey()); 357 assertEquals(getPrivateKey().getCertificate(), privateKey.getCertificate()); 358 assertEquals(Arrays.asList(getPrivateKey().getCertificateChain()), 359 Arrays.asList(privateKey.getCertificateChain())); 360 } 361 362 public static void assertSecretKey(Key actual) 363 throws Exception { 364 assertEquals(getSecretKey(), actual); 365 } 366 public static void assertSecretKey2(Key actual) 367 throws Exception { 368 assertEquals(getSecretKey2(), actual); 369 } 370 public static void assertSecretKey(Entry actual) 371 throws Exception { 372 assertSame(SecretKeyEntry.class, actual.getClass()); 373 assertEquals(getSecretKey(), ((SecretKeyEntry) actual).getSecretKey()); 374 } 375 376 public static void assertCertificate(Certificate actual) 377 throws Exception { 378 assertEquals(getPrivateKey().getCertificate(), actual); 379 } 380 public static void assertCertificate2(Certificate actual) 381 throws Exception { 382 assertEquals(getPrivateKey2().getCertificate(), actual); 383 } 384 public static void assertCertificate(Entry actual) 385 throws Exception { 386 assertSame(TrustedCertificateEntry.class, actual.getClass()); 387 assertEquals(getPrivateKey().getCertificate(), 388 ((TrustedCertificateEntry) actual).getTrustedCertificate()); 389 } 390 391 public static void assertCertificateChain(Certificate[] actual) 392 throws Exception { 393 assertEquals(Arrays.asList(getPrivateKey().getCertificateChain()), 394 Arrays.asList(actual)); 395 } 396 397 public void test_KeyStore_create() throws Exception { 398 Provider[] providers = Security.getProviders(); 399 for (Provider provider : providers) { 400 Set<Provider.Service> services = provider.getServices(); 401 for (Provider.Service service : services) { 402 String type = service.getType(); 403 if (!type.equals("KeyStore")) { 404 continue; 405 } 406 String algorithm = service.getAlgorithm(); 407 KeyStore ks = KeyStore.getInstance(algorithm, provider); 408 assertEquals(provider, ks.getProvider()); 409 assertEquals(algorithm, ks.getType()); 410 } 411 } 412 } 413 414 public void test_KeyStore_getInstance() throws Exception { 415 String type = KeyStore.getDefaultType(); 416 try { 417 KeyStore.getInstance(null); 418 fail(type); 419 } catch (NullPointerException expected) { 420 } 421 422 assertNotNull(KeyStore.getInstance(type)); 423 424 String providerName = StandardNames.SECURITY_PROVIDER_NAME; 425 try { 426 KeyStore.getInstance(null, (String)null); 427 fail(type); 428 } catch (IllegalArgumentException expected) { 429 } 430 try { 431 KeyStore.getInstance(null, providerName); 432 fail(type); 433 } catch (Exception e) { 434 if (e.getClass() != NullPointerException.class 435 && e.getClass() != KeyStoreException.class) { 436 throw e; 437 } 438 } 439 try { 440 KeyStore.getInstance(type, (String)null); 441 fail(type); 442 } catch (IllegalArgumentException expected) { 443 } 444 assertNotNull(KeyStore.getInstance(type, providerName)); 445 446 Provider provider = Security.getProvider(providerName); 447 try { 448 KeyStore.getInstance(null, (Provider)null); 449 fail(type); 450 } catch (IllegalArgumentException expected) { 451 } 452 try { 453 KeyStore.getInstance(null, provider); 454 fail(type); 455 } catch (NullPointerException expected) { 456 } 457 try { 458 KeyStore.getInstance(type, (Provider)null); 459 fail(type); 460 } catch (IllegalArgumentException expected) { 461 } 462 assertNotNull(KeyStore.getInstance(type, provider)); 463 } 464 465 public void test_KeyStore_getDefaultType() throws Exception { 466 String type = KeyStore.getDefaultType(); 467 assertNotNull(type); 468 KeyStore ks = KeyStore.getInstance(type); 469 assertNotNull(ks); 470 assertEquals(type, ks.getType()); 471 } 472 473 public void test_KeyStore_getProvider() throws Exception { 474 KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 475 assertNotNull(ks.getProvider()); 476 assertNotNull(StandardNames.SECURITY_PROVIDER_NAME, ks.getProvider().getName()); 477 478 for (KeyStore keyStore : keyStores()) { 479 assertNotNull(keyStore.getProvider()); 480 } 481 } 482 483 public void test_KeyStore_getType() throws Exception { 484 String type = KeyStore.getDefaultType(); 485 KeyStore ks = KeyStore.getInstance(type); 486 assertNotNull(ks.getType()); 487 assertNotNull(type, ks.getType()); 488 489 for (KeyStore keyStore : keyStores()) { 490 assertNotNull(keyStore.getType()); 491 } 492 } 493 494 public void test_KeyStore_getKey() throws Exception { 495 for (KeyStore keyStore : keyStores()) { 496 try { 497 keyStore.getKey(null, null); 498 fail(keyStore.getType()); 499 } catch (KeyStoreException expected) { 500 } 501 } 502 503 for (KeyStore keyStore : keyStores()) { 504 populate(keyStore); 505 506 // test odd inputs 507 try { 508 keyStore.getKey(null, null); 509 fail(keyStore.getType()); 510 } catch (Exception e) { 511 if (e.getClass() != NullPointerException.class 512 && e.getClass() != IllegalArgumentException.class) { 513 throw e; 514 } 515 } 516 try { 517 keyStore.getKey(null, PASSWORD_KEY); 518 fail(keyStore.getType()); 519 } catch (Exception e) { 520 if (e.getClass() != NullPointerException.class 521 && e.getClass() != IllegalArgumentException.class 522 && e.getClass() != KeyStoreException.class) { 523 throw e; 524 } 525 } 526 assertNull(keyStore.getKey("", null)); 527 assertNull(keyStore.getKey("", PASSWORD_KEY)); 528 529 // test case sensitive 530 if (isReadOnly(keyStore)) { 531 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 532 } else { 533 if (isKeyPasswordSupported(keyStore)) { 534 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 535 } 536 if (isNullPasswordAllowed(keyStore)) { 537 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 538 } 539 if (isSecretKeyEnabled(keyStore)) { 540 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 541 } else { 542 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 543 } 544 } 545 546 // test case insensitive 547 if (isCaseSensitive(keyStore) || isReadOnly(keyStore)) { 548 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 549 assertNull(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, PASSWORD_KEY)); 550 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 551 } else { 552 if (isKeyPasswordSupported(keyStore)) { 553 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 554 } 555 if (isNullPasswordAllowed(keyStore)) { 556 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 557 } 558 if (isSecretKeyEnabled(keyStore)) { 559 assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 560 } 561 } 562 563 // test with null passwords 564 if (isKeyPasswordSupported(keyStore) && isKeyPasswordIgnored(keyStore)) { 565 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null)); 566 } else { 567 if (isReadOnly(keyStore)) { 568 assertNull(keyStore.getKey(ALIAS_PRIVATE, null)); 569 } else if (isKeyPasswordSupported(keyStore)) { 570 try { 571 keyStore.getKey(ALIAS_PRIVATE, null); 572 fail(keyStore.getType()); 573 } catch (Exception e) { 574 if (e.getClass() != UnrecoverableKeyException.class 575 && e.getClass() != IllegalArgumentException.class) { 576 throw e; 577 } 578 } 579 } 580 } 581 if (isReadOnly(keyStore)) { 582 assertNull(keyStore.getKey(ALIAS_SECRET, null)); 583 } else if (isSecretKeyEnabled(keyStore)) { 584 try { 585 keyStore.getKey(ALIAS_SECRET, null); 586 fail(keyStore.getType()); 587 } catch (Exception e) { 588 if (e.getClass() != UnrecoverableKeyException.class 589 && e.getClass() != IllegalArgumentException.class) { 590 throw e; 591 } 592 } 593 } 594 595 // test with bad passwords 596 if (isReadOnly(keyStore)) { 597 assertNull(keyStore.getKey(ALIAS_PRIVATE, null)); 598 } else if (isKeyPasswordSupported(keyStore) && isKeyPasswordIgnored(keyStore)) { 599 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null)); 600 } else if (isKeyPasswordSupported(keyStore)) { 601 try { 602 keyStore.getKey(ALIAS_PRIVATE, PASSWORD_BAD); 603 fail(keyStore.getType()); 604 } catch (UnrecoverableKeyException expected) { 605 } 606 } 607 if (isReadOnly(keyStore)) { 608 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_BAD)); 609 } else if (isSecretKeyEnabled(keyStore)) { 610 try { 611 keyStore.getKey(ALIAS_SECRET, PASSWORD_BAD); 612 fail(keyStore.getType()); 613 } catch (UnrecoverableKeyException expected) { 614 } 615 } 616 } 617 } 618 619 public void test_KeyStore_getCertificateChain() throws Exception { 620 for (KeyStore keyStore : keyStores()) { 621 try { 622 keyStore.getCertificateChain(null); 623 fail(keyStore.getType()); 624 } catch (KeyStoreException expected) { 625 } 626 } 627 for (KeyStore keyStore : keyStores()) { 628 populate(keyStore); 629 630 // test odd inputs 631 try { 632 keyStore.getCertificateChain(null); 633 fail(keyStore.getType()); 634 } catch (Exception e) { 635 if (e.getClass() != NullPointerException.class 636 && e.getClass() != IllegalArgumentException.class) { 637 throw e; 638 } 639 } 640 assertNull(keyStore.getCertificateChain("")); 641 642 // test case sensitive 643 if (isReadOnly(keyStore)) { 644 assertNull(keyStore.getCertificateChain(ALIAS_PRIVATE)); 645 } else if (isKeyPasswordSupported(keyStore)) { 646 assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE)); 647 } else if (isNullPasswordAllowed(keyStore)) { 648 assertCertificateChain(keyStore.getCertificateChain(ALIAS_NO_PASSWORD_PRIVATE)); 649 } 650 651 // test case insensitive 652 if (isReadOnly(keyStore) || isCaseSensitive(keyStore)) { 653 assertNull(keyStore.getCertificateChain(ALIAS_ALT_CASE_PRIVATE)); 654 } else { 655 assertCertificateChain(keyStore.getCertificateChain(ALIAS_ALT_CASE_PRIVATE)); 656 } 657 } 658 } 659 660 public void test_KeyStore_getCertificate() throws Exception { 661 for (KeyStore keyStore : keyStores()) { 662 try { 663 keyStore.getCertificate(null); 664 fail(keyStore.getType()); 665 } catch (KeyStoreException expected) { 666 } 667 } 668 for (KeyStore keyStore : keyStores()) { 669 populate(keyStore); 670 671 // test odd inputs 672 try { 673 keyStore.getCertificate(null); 674 fail(keyStore.getType()); 675 } catch (Exception e) { 676 if (e.getClass() != NullPointerException.class 677 && e.getClass() != IllegalArgumentException.class) { 678 throw e; 679 } 680 } 681 assertNull(keyStore.getCertificate("")); 682 683 // test case sensitive 684 if (!isReadOnly(keyStore) && isCertificateEnabled(keyStore)) { 685 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 686 } else { 687 assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE)); 688 } 689 690 // test case insensitive 691 if (isReadOnly(keyStore) || isCaseSensitive(keyStore)) { 692 assertNull(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 693 } else { 694 if (isCertificateEnabled(keyStore)) { 695 assertCertificate(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 696 } 697 } 698 } 699 } 700 701 public void test_KeyStore_getCreationDate() throws Exception { 702 for (KeyStore keyStore : keyStores()) { 703 try { 704 keyStore.getCreationDate(null); 705 fail(keyStore.getType()); 706 } catch (KeyStoreException expected) { 707 } 708 } 709 long before = System.currentTimeMillis(); 710 for (KeyStore keyStore : keyStores()) { 711 populate(keyStore); 712 713 // add 1000 since some key stores round of time to nearest second 714 long after = System.currentTimeMillis() + 1000; 715 716 // test odd inputs 717 try { 718 keyStore.getCreationDate(null); 719 fail(keyStore.getType()); 720 } catch (NullPointerException expected) { 721 } 722 assertNull(keyStore.getCreationDate("")); 723 724 // test case sensitive 725 if (!isReadOnly(keyStore) && isCertificateEnabled(keyStore)) { 726 Date date = keyStore.getCreationDate(ALIAS_CERTIFICATE); 727 assertNotNull(date); 728 assertTrue("date should be after start time: " + date.getTime() + " >= " + before, 729 before <= date.getTime()); 730 assertTrue("date should be before expiry time: " + date.getTime() + " <= " + after, 731 date.getTime() <= after); 732 } else { 733 assertNull(keyStore.getCreationDate(ALIAS_CERTIFICATE)); 734 } 735 736 // test case insensitive 737 if (isReadOnly(keyStore) || isCaseSensitive(keyStore)) { 738 assertNull(keyStore.getCreationDate(ALIAS_ALT_CASE_CERTIFICATE)); 739 } else { 740 if (isCertificateEnabled(keyStore)) { 741 Date date = keyStore.getCreationDate(ALIAS_ALT_CASE_CERTIFICATE); 742 assertTrue(before <= date.getTime()); 743 assertTrue(date.getTime() <= after); 744 } 745 } 746 } 747 } 748 749 public void test_KeyStore_setKeyEntry_Key() throws Exception { 750 for (KeyStore keyStore : keyStores()) { 751 try { 752 keyStore.setKeyEntry(null, null, null, null); 753 fail(keyStore.getType()); 754 } catch (KeyStoreException expected) { 755 } 756 } 757 758 for (KeyStore keyStore : keyStores()) { 759 keyStore.load(null, null); 760 if (isReadOnly(keyStore)) { 761 try { 762 keyStore.setKeyEntry(null, null, null, null); 763 fail(keyStore.getType()); 764 } catch (UnsupportedOperationException expected) { 765 } 766 continue; 767 } 768 769 // test odd inputs 770 try { 771 keyStore.setKeyEntry(null, null, null, null); 772 fail(keyStore.getType()); 773 } catch (Exception e) { 774 if (e.getClass() != NullPointerException.class 775 && e.getClass() != KeyStoreException.class) { 776 throw e; 777 } 778 } 779 try { 780 keyStore.setKeyEntry(null, null, PASSWORD_KEY, null); 781 fail(keyStore.getType()); 782 } catch (Exception e) { 783 if (e.getClass() != NullPointerException.class 784 && e.getClass() != KeyStoreException.class) { 785 throw e; 786 } 787 } 788 try { 789 keyStore.setKeyEntry(ALIAS_PRIVATE, 790 getPrivateKey().getPrivateKey(), 791 PASSWORD_KEY, 792 null); 793 fail(keyStore.getType()); 794 } catch (Exception e) { 795 if (e.getClass() != IllegalArgumentException.class 796 && e.getClass() != KeyStoreException.class) { 797 throw e; 798 } 799 } 800 } 801 802 for (KeyStore keyStore : keyStores()) { 803 clearKeyStore(keyStore); 804 805 // test case sensitive 806 if (isKeyPasswordSupported(keyStore)) { 807 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 808 } 809 if (isNullPasswordAllowed(keyStore)) { 810 assertNull(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 811 } 812 if (isReadOnly(keyStore)) { 813 try { 814 keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), PASSWORD_KEY, null); 815 fail(keyStore.getType()); 816 } catch (UnsupportedOperationException expected) { 817 } 818 continue; 819 } 820 if (isKeyPasswordSupported(keyStore)) { 821 setPrivateKey(keyStore); 822 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 823 assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE)); 824 } 825 if (isNullPasswordAllowed(keyStore)) { 826 setPrivateKeyNoPassword(keyStore, ALIAS_NO_PASSWORD_PRIVATE, getPrivateKey()); 827 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 828 assertCertificateChain(keyStore.getCertificateChain(ALIAS_NO_PASSWORD_PRIVATE)); 829 } 830 if (isSecretKeyEnabled(keyStore)) { 831 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 832 setSecretKey(keyStore); 833 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 834 } else { 835 try { 836 keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), PASSWORD_KEY, null); 837 fail(keyStore.getType()); 838 } catch (Exception e) { 839 if (e.getClass() != KeyStoreException.class 840 && e.getClass() != NullPointerException.class) { 841 throw e; 842 } 843 } 844 } 845 } 846 847 for (KeyStore keyStore : keyStores()) { 848 populate(keyStore); 849 850 if (isReadOnly(keyStore)) { 851 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 852 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 853 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 854 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 855 } else if (isCaseSensitive(keyStore)) { 856 if (isKeyPasswordSupported(keyStore)) { 857 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 858 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 859 setPrivateKey(keyStore, ALIAS_ALT_CASE_PRIVATE, getPrivateKey2()); 860 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 861 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 862 } 863 864 if (isNullPasswordAllowed(keyStore)) { 865 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 866 assertNull(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 867 setPrivateKeyNoPassword(keyStore, ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, 868 getPrivateKey2()); 869 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 870 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 871 } 872 873 if (isSecretKeyEnabled(keyStore)) { 874 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 875 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 876 setSecretKey(keyStore, ALIAS_ALT_CASE_SECRET, getSecretKey2()); 877 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 878 assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 879 } 880 } else { 881 if (isKeyPasswordSupported(keyStore)) { 882 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 883 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 884 setPrivateKey(keyStore, ALIAS_ALT_CASE_PRIVATE, getPrivateKey2()); 885 assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 886 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 887 } 888 889 if (isNullPasswordAllowed(keyStore)) { 890 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null)); 891 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 892 setPrivateKey(keyStore, ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, getPrivateKey2()); 893 assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, null)); 894 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 895 } 896 897 if (isSecretKeyEnabled(keyStore)) { 898 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 899 assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 900 setSecretKey(keyStore, ALIAS_ALT_CASE_PRIVATE, getSecretKey2()); 901 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 902 assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 903 } 904 } 905 } 906 907 for (KeyStore keyStore : keyStores()) { 908 keyStore.load(null, null); 909 if (isReadOnly(keyStore)) { 910 try { 911 keyStore.setKeyEntry(ALIAS_PRIVATE, 912 getPrivateKey().getPrivateKey(), 913 null, 914 getPrivateKey().getCertificateChain()); 915 fail(keyStore.getType()); 916 } catch (UnsupportedOperationException expected) { 917 } 918 continue; 919 } 920 921 // test with null passwords 922 if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) { 923 keyStore.setKeyEntry(ALIAS_PRIVATE, 924 getPrivateKey().getPrivateKey(), 925 null, 926 getPrivateKey().getCertificateChain()); 927 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null)); 928 } else { 929 try { 930 keyStore.setKeyEntry(ALIAS_PRIVATE, 931 getPrivateKey().getPrivateKey(), 932 null, 933 getPrivateKey().getCertificateChain()); 934 fail(keyStore.getType()); 935 } catch (Exception e) { 936 if (e.getClass() != UnrecoverableKeyException.class 937 && e.getClass() != IllegalArgumentException.class 938 && e.getClass() != KeyStoreException.class) { 939 throw e; 940 } 941 } 942 } 943 if (isSecretKeyEnabled(keyStore)) { 944 if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) { 945 keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), null, null); 946 assertSecretKey(keyStore.getKey(ALIAS_SECRET, null)); 947 } else { 948 try { 949 keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), null, null); 950 fail(keyStore.getType()); 951 } catch (Exception e) { 952 if (e.getClass() != UnrecoverableKeyException.class 953 && e.getClass() != IllegalArgumentException.class 954 && e.getClass() != KeyStoreException.class) { 955 throw e; 956 } 957 } 958 } 959 } 960 } 961 } 962 963 public void test_KeyStore_setKeyEntry_array() throws Exception { 964 for (KeyStore keyStore : keyStores()) { 965 try { 966 keyStore.setKeyEntry(null, null, null); 967 fail(keyStore.getType()); 968 } catch (KeyStoreException expected) { 969 } 970 } 971 972 for (KeyStore keyStore : keyStores()) { 973 keyStore.load(null, null); 974 975 if (isReadOnly(keyStore)) { 976 try { 977 keyStore.setKeyEntry(null, null, null); 978 fail(keyStore.getType()); 979 } catch (UnsupportedOperationException expected) { 980 } 981 continue; 982 } 983 984 // test odd inputs 985 try { 986 keyStore.setKeyEntry(null, null, null); 987 fail(keyStore.getType()); 988 } catch (Exception e) { 989 if (e.getClass() != NullPointerException.class 990 && e.getClass() != IllegalArgumentException.class 991 && e.getClass() != KeyStoreException.class 992 && e.getClass() != RuntimeException.class) { 993 throw e; 994 } 995 } 996 } 997 998 for (KeyStore keyStore : keyStores()) { 999 if (!isNullPasswordAllowed(keyStore)) { 1000 // TODO Use EncryptedPrivateKeyInfo to protect keys if 1001 // password is required. 1002 continue; 1003 } 1004 if (isSetKeyByteArrayUnimplemented(keyStore)) { 1005 continue; 1006 } 1007 1008 clearKeyStore(keyStore); 1009 1010 // test case sensitive 1011 if (isKeyPasswordSupported(keyStore)) { 1012 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1013 } 1014 if (isNullPasswordAllowed(keyStore)) { 1015 assertNull(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1016 } 1017 if (isReadOnly(keyStore)) { 1018 try { 1019 setPrivateKeyBytes(keyStore); 1020 fail(keyStore.getType()); 1021 } catch (UnsupportedOperationException expected) { 1022 } 1023 continue; 1024 } 1025 if (isKeyPasswordSupported(keyStore)) { 1026 setPrivateKeyBytes(keyStore); 1027 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1028 assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE)); 1029 } 1030 if (isNullPasswordAllowed(keyStore)) { 1031 setPrivateKeyNoPassword(keyStore, ALIAS_NO_PASSWORD_PRIVATE, getPrivateKey()); 1032 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1033 assertCertificateChain(keyStore.getCertificateChain(ALIAS_NO_PASSWORD_PRIVATE)); 1034 } 1035 if (isSecretKeyEnabled(keyStore)) { 1036 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1037 setSecretKeyBytes(keyStore); 1038 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1039 } else { 1040 try { 1041 keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey().getEncoded(), null); 1042 fail(keyStore.getType()); 1043 } catch (KeyStoreException expected) { 1044 } 1045 } 1046 } 1047 1048 for (KeyStore keyStore : keyStores()) { 1049 if (!isNullPasswordAllowed(keyStore)) { 1050 // TODO Use EncryptedPrivateKeyInfo to protect keys if 1051 // password is required. 1052 continue; 1053 } 1054 if (isSetKeyByteArrayUnimplemented(keyStore)) { 1055 continue; 1056 } 1057 1058 populate(keyStore); 1059 1060 if (isReadOnly(keyStore)) { 1061 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1062 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 1063 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1064 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 1065 } else if (isCaseSensitive(keyStore)) { 1066 if (isKeyPasswordSupported(keyStore)) { 1067 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1068 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 1069 setPrivateKeyBytes(keyStore, ALIAS_ALT_CASE_PRIVATE, getPrivateKey2()); 1070 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1071 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 1072 } 1073 if (isNullPasswordAllowed(keyStore)) { 1074 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1075 assertNull(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 1076 setPrivateKeyNoPassword(keyStore, ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, 1077 getPrivateKey2()); 1078 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1079 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 1080 } 1081 1082 if (isSecretKeyEnabled(keyStore)) { 1083 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1084 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 1085 setSecretKeyBytes(keyStore, ALIAS_ALT_CASE_PRIVATE, getSecretKey2()); 1086 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1087 assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 1088 } 1089 } else { 1090 if (isKeyPasswordSupported(keyStore)) { 1091 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1092 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 1093 setPrivateKeyBytes(keyStore, ALIAS_ALT_CASE_PRIVATE, getPrivateKey2()); 1094 assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1095 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 1096 } 1097 if (isNullPasswordAllowed(keyStore)) { 1098 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1099 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 1100 setPrivateKeyNoPassword(keyStore, ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, 1101 getPrivateKey2()); 1102 assertPrivateKey2(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1103 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 1104 } 1105 1106 if (isSecretKeyEnabled(keyStore)) { 1107 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1108 assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 1109 setSecretKeyBytes(keyStore, ALIAS_ALT_CASE_PRIVATE, getSecretKey2()); 1110 assertSecretKey2(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1111 assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 1112 } 1113 } 1114 } 1115 } 1116 1117 public void test_KeyStore_setCertificateEntry() throws Exception { 1118 for (KeyStore keyStore : keyStores()) { 1119 try { 1120 keyStore.setCertificateEntry(null, null); 1121 fail(keyStore.getType()); 1122 } catch (KeyStoreException expected) { 1123 } 1124 } 1125 1126 for (KeyStore keyStore : keyStores()) { 1127 populate(keyStore); 1128 1129 // test odd inputs 1130 try { 1131 keyStore.setCertificateEntry(null, null); 1132 fail(keyStore.getType()); 1133 } catch (Exception e) { 1134 if (e.getClass() != NullPointerException.class 1135 && e.getClass() != KeyStoreException.class) { 1136 throw e; 1137 } 1138 } 1139 1140 if (isReadOnly(keyStore)) { 1141 try { 1142 assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1143 keyStore.setCertificateEntry(ALIAS_CERTIFICATE, null); 1144 fail(keyStore.getType()); 1145 } catch (UnsupportedOperationException expected) { 1146 } 1147 continue; 1148 } 1149 1150 // Sort of delete by setting null. Note that even though 1151 // certificate is null, size doesn't change, 1152 // isCertificateEntry returns true, and it is still listed in aliases. 1153 if (isCertificateEnabled(keyStore)) { 1154 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1155 try { 1156 int size = keyStore.size(); 1157 keyStore.setCertificateEntry(ALIAS_CERTIFICATE, null); 1158 assertNull(keyStore.getType(), keyStore.getCertificate(ALIAS_CERTIFICATE)); 1159 assertEquals(keyStore.getType(), size, keyStore.size()); 1160 assertTrue(keyStore.getType(), keyStore.isCertificateEntry(ALIAS_CERTIFICATE)); 1161 assertTrue(keyStore.getType(), 1162 Collections.list(keyStore.aliases()).contains(ALIAS_CERTIFICATE)); 1163 } catch (NullPointerException expectedSometimes) { 1164 if (!("PKCS12".equalsIgnoreCase(keyStore.getType()) && 1165 "BC".equalsIgnoreCase(keyStore.getProvider().getName())) 1166 && !"AndroidKeyStore".equalsIgnoreCase(keyStore.getType())) { 1167 throw expectedSometimes; 1168 } 1169 } 1170 } else { 1171 try { 1172 keyStore.setCertificateEntry(ALIAS_CERTIFICATE, null); 1173 fail(keyStore.getType()); 1174 } catch (KeyStoreException expected) { 1175 } 1176 } 1177 } 1178 1179 for (KeyStore keyStore : keyStores()) { 1180 if (!isCertificateEnabled(keyStore)) { 1181 continue; 1182 } 1183 1184 clearKeyStore(keyStore); 1185 1186 assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1187 if (isReadOnly(keyStore)) { 1188 try { 1189 setCertificate(keyStore); 1190 fail(keyStore.getType()); 1191 } catch (UnsupportedOperationException expected) { 1192 } 1193 continue; 1194 } 1195 setCertificate(keyStore); 1196 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1197 } 1198 1199 for (KeyStore keyStore : keyStores()) { 1200 if (!isCertificateEnabled(keyStore)) { 1201 continue; 1202 } 1203 1204 populate(keyStore); 1205 1206 if (isReadOnly(keyStore)) { 1207 assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1208 assertNull(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 1209 } else if (isCaseSensitive(keyStore)) { 1210 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1211 assertNull(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 1212 setCertificate(keyStore, 1213 ALIAS_ALT_CASE_CERTIFICATE, 1214 getPrivateKey2().getCertificate()); 1215 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1216 assertCertificate2(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 1217 } else { 1218 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1219 assertCertificate(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 1220 setCertificate(keyStore, 1221 ALIAS_ALT_CASE_CERTIFICATE, 1222 getPrivateKey2().getCertificate()); 1223 assertCertificate2(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1224 assertCertificate2(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 1225 } 1226 } 1227 } 1228 public void test_KeyStore_deleteEntry() throws Exception { 1229 for (KeyStore keyStore : keyStores()) { 1230 try { 1231 keyStore.deleteEntry(null); 1232 fail(keyStore.getType()); 1233 } catch (KeyStoreException expected) { 1234 } 1235 } 1236 1237 for (KeyStore keyStore : keyStores()) { 1238 keyStore.load(null, null); 1239 1240 if (isReadOnly(keyStore)) { 1241 try { 1242 keyStore.deleteEntry(null); 1243 fail(keyStore.getType()); 1244 } catch (UnsupportedOperationException expected) { 1245 } 1246 continue; 1247 } 1248 1249 // test odd inputs 1250 try { 1251 keyStore.deleteEntry(null); 1252 fail(keyStore.getType()); 1253 } catch (Exception e) { 1254 if (e.getClass() != NullPointerException.class 1255 && e.getClass() != KeyStoreException.class) { 1256 throw e; 1257 } 1258 } 1259 keyStore.deleteEntry(""); 1260 } 1261 1262 for (KeyStore keyStore : keyStores()) { 1263 populate(keyStore); 1264 1265 if (isReadOnly(keyStore)) { 1266 try { 1267 keyStore.deleteEntry(ALIAS_PRIVATE); 1268 } catch (UnsupportedOperationException e) { 1269 } 1270 continue; 1271 } 1272 1273 // test case sensitive 1274 if (isKeyPasswordSupported(keyStore)) { 1275 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1276 assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE)); 1277 keyStore.deleteEntry(ALIAS_PRIVATE); 1278 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1279 } 1280 if (isNullPasswordAllowed(keyStore)) { 1281 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1282 assertCertificateChain(keyStore.getCertificateChain(ALIAS_NO_PASSWORD_PRIVATE)); 1283 keyStore.deleteEntry(ALIAS_NO_PASSWORD_PRIVATE); 1284 assertNull(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1285 } 1286 1287 if (isSecretKeyEnabled(keyStore)) { 1288 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1289 keyStore.deleteEntry(ALIAS_SECRET); 1290 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1291 } else { 1292 keyStore.deleteEntry(ALIAS_SECRET); 1293 } 1294 1295 if (isCertificateEnabled(keyStore)) { 1296 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1297 keyStore.deleteEntry(ALIAS_CERTIFICATE); 1298 assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1299 } else { 1300 keyStore.deleteEntry(ALIAS_CERTIFICATE); 1301 } 1302 } 1303 1304 for (KeyStore keyStore : keyStores()) { 1305 populate(keyStore); 1306 1307 // test case insensitive 1308 1309 if (isCaseSensitive(keyStore)) { 1310 if (isKeyPasswordSupported(keyStore)) { 1311 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1312 keyStore.deleteEntry(ALIAS_ALT_CASE_PRIVATE); 1313 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1314 } 1315 if (isNullPasswordAllowed(keyStore)) { 1316 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1317 keyStore.deleteEntry(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE); 1318 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1319 } 1320 1321 if (isSecretKeyEnabled(keyStore)) { 1322 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1323 keyStore.deleteEntry(ALIAS_ALT_CASE_SECRET); 1324 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1325 } else { 1326 keyStore.deleteEntry(ALIAS_SECRET); 1327 } 1328 1329 if (isCertificateEnabled(keyStore)) { 1330 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1331 keyStore.deleteEntry(ALIAS_ALT_CASE_CERTIFICATE); 1332 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1333 } else { 1334 keyStore.deleteEntry(ALIAS_CERTIFICATE); 1335 } 1336 } 1337 } 1338 } 1339 1340 public void test_KeyStore_aliases() throws Exception { 1341 for (KeyStore keyStore : keyStores()) { 1342 try { 1343 keyStore.aliases(); 1344 fail(keyStore.getType()); 1345 } catch (KeyStoreException expected) { 1346 } 1347 } 1348 1349 for (KeyStore keyStore : keyStores()) { 1350 keyStore.load(null, null); 1351 if (isPersistentStorage(keyStore)) { 1352 assertNotNull("Should be able to query size: " + keyStore.getType(), 1353 keyStore.aliases()); 1354 } else if (hasDefaultContents(keyStore)) { 1355 assertTrue("Should have more than one alias already: " + keyStore.getType(), 1356 keyStore.aliases().hasMoreElements()); 1357 } else { 1358 assertEquals("Should have no aliases:" + keyStore.getType(), Collections.EMPTY_SET, 1359 new HashSet(Collections.list(keyStore.aliases()))); 1360 } 1361 } 1362 1363 for (KeyStore keyStore : keyStores()) { 1364 populate(keyStore); 1365 1366 Set<String> expected = new HashSet<String>(); 1367 if (isKeyPasswordSupported(keyStore)) { 1368 expected.add(ALIAS_PRIVATE); 1369 } 1370 if (isNullPasswordAllowed(keyStore)) { 1371 expected.add(ALIAS_NO_PASSWORD_PRIVATE); 1372 } 1373 if (isSecretKeyEnabled(keyStore)) { 1374 expected.add(ALIAS_SECRET); 1375 if (isNullPasswordAllowed(keyStore)) { 1376 expected.add(ALIAS_NO_PASSWORD_SECRET); 1377 } 1378 } 1379 if (isCertificateEnabled(keyStore)) { 1380 expected.add(ALIAS_CERTIFICATE); 1381 } 1382 if (isPersistentStorage(keyStore)) { 1383 assertNotNull("Should be able to query size: " + keyStore.getType(), 1384 keyStore.aliases()); 1385 } else if (hasDefaultContents(keyStore)) { 1386 assertTrue(keyStore.aliases().hasMoreElements()); 1387 } else { 1388 assertEquals(expected, new HashSet<String>(Collections.list(keyStore.aliases()))); 1389 } 1390 } 1391 } 1392 1393 public void test_KeyStore_containsAlias() throws Exception { 1394 for (KeyStore keyStore : keyStores()) { 1395 try { 1396 keyStore.containsAlias(null); 1397 fail(keyStore.getType()); 1398 } catch (KeyStoreException expected) { 1399 } 1400 } 1401 1402 for (KeyStore keyStore : keyStores()) { 1403 keyStore.load(null, null); 1404 1405 try { 1406 keyStore.containsAlias(null); 1407 fail(keyStore.getType()); 1408 } catch (NullPointerException expected) { 1409 } 1410 1411 assertFalse(keyStore.containsAlias("")); 1412 } 1413 1414 for (KeyStore keyStore : keyStores()) { 1415 populate(keyStore); 1416 1417 assertFalse(keyStore.containsAlias("")); 1418 1419 if (isReadOnly(keyStore)) { 1420 assertFalse(keyStore.containsAlias(ALIAS_PRIVATE)); 1421 continue; 1422 } 1423 if (isKeyPasswordSupported(keyStore)) { 1424 assertTrue(keyStore.containsAlias(ALIAS_PRIVATE)); 1425 } else if (isNullPasswordAllowed(keyStore)) { 1426 assertTrue(keyStore.containsAlias(ALIAS_NO_PASSWORD_PRIVATE)); 1427 } 1428 assertEquals(isSecretKeyEnabled(keyStore), keyStore.containsAlias(ALIAS_SECRET)); 1429 assertEquals(isCertificateEnabled(keyStore), keyStore.containsAlias(ALIAS_CERTIFICATE)); 1430 1431 assertEquals(!isCaseSensitive(keyStore), 1432 keyStore.containsAlias(ALIAS_ALT_CASE_PRIVATE)); 1433 assertEquals(!isCaseSensitive(keyStore) && isSecretKeyEnabled(keyStore), 1434 keyStore.containsAlias(ALIAS_ALT_CASE_SECRET)); 1435 assertEquals(!isCaseSensitive(keyStore) && isCertificateEnabled(keyStore), 1436 keyStore.containsAlias(ALIAS_ALT_CASE_CERTIFICATE)); 1437 } 1438 } 1439 1440 public void test_KeyStore_size() throws Exception { 1441 for (KeyStore keyStore : keyStores()) { 1442 try { 1443 keyStore.aliases(); 1444 fail(keyStore.getType()); 1445 } catch (KeyStoreException expected) { 1446 } 1447 } 1448 1449 for (KeyStore keyStore : keyStores()) { 1450 keyStore.load(null, null); 1451 if (isPersistentStorage(keyStore)) { 1452 assertTrue("Should successfully query size: " + keyStore.getType(), 1453 keyStore.size() >= 0); 1454 } else if (hasDefaultContents(keyStore)) { 1455 assertTrue("Should have non-empty store: " + keyStore.getType(), 1456 keyStore.size() > 0); 1457 } else { 1458 assertEquals("Should have empty store: " + keyStore.getType(), 0, keyStore.size()); 1459 } 1460 } 1461 1462 for (KeyStore keyStore : keyStores()) { 1463 populate(keyStore); 1464 if (hasDefaultContents(keyStore)) { 1465 assertTrue("Should have non-empty store: " + keyStore.getType(), 1466 keyStore.size() > 0); 1467 continue; 1468 } 1469 1470 int expected = 0; 1471 if (isKeyPasswordSupported(keyStore)) { 1472 expected++; 1473 } 1474 if (isNullPasswordAllowed(keyStore)) { 1475 expected++; 1476 } 1477 if (isSecretKeyEnabled(keyStore)) { 1478 expected++; 1479 if (isNullPasswordAllowed(keyStore)) { 1480 expected++; 1481 } 1482 } 1483 if (isCertificateEnabled(keyStore)) { 1484 expected++; 1485 } 1486 assertEquals(expected, keyStore.size()); 1487 } 1488 } 1489 1490 public void test_KeyStore_isKeyEntry() throws Exception { 1491 for (KeyStore keyStore : keyStores()) { 1492 try { 1493 keyStore.isKeyEntry(null); 1494 fail(keyStore.getType()); 1495 } catch (KeyStoreException expected) { 1496 } 1497 } 1498 1499 for (KeyStore keyStore : keyStores()) { 1500 keyStore.load(null, null); 1501 1502 try { 1503 keyStore.isKeyEntry(null); 1504 fail(keyStore.getType()); 1505 } catch (NullPointerException expected) { 1506 } 1507 1508 assertFalse(keyStore.isKeyEntry("")); 1509 } 1510 1511 for (KeyStore keyStore : keyStores()) { 1512 populate(keyStore); 1513 1514 assertFalse(keyStore.isKeyEntry("")); 1515 if (isReadOnly(keyStore)) { 1516 assertFalse(keyStore.isKeyEntry(ALIAS_PRIVATE)); 1517 continue; 1518 } 1519 if (isKeyPasswordSupported(keyStore)) { 1520 assertTrue(keyStore.isKeyEntry(ALIAS_PRIVATE)); 1521 } 1522 if (isNullPasswordAllowed(keyStore)) { 1523 assertTrue(keyStore.isKeyEntry(ALIAS_NO_PASSWORD_PRIVATE)); 1524 } 1525 assertEquals(isSecretKeyEnabled(keyStore), keyStore.isKeyEntry(ALIAS_SECRET)); 1526 assertFalse(keyStore.isKeyEntry(ALIAS_CERTIFICATE)); 1527 1528 assertEquals(!isCaseSensitive(keyStore), 1529 keyStore.isKeyEntry(ALIAS_ALT_CASE_PRIVATE)); 1530 assertEquals(!isCaseSensitive(keyStore) && isSecretKeyEnabled(keyStore), 1531 keyStore.isKeyEntry(ALIAS_ALT_CASE_SECRET)); 1532 assertFalse(keyStore.isKeyEntry(ALIAS_ALT_CASE_CERTIFICATE)); 1533 } 1534 } 1535 1536 public void test_KeyStore_isCertificateEntry() throws Exception { 1537 for (KeyStore keyStore : keyStores()) { 1538 try { 1539 keyStore.isCertificateEntry(null); 1540 fail(keyStore.getType()); 1541 } catch (KeyStoreException expected) { 1542 } 1543 } 1544 1545 for (KeyStore keyStore : keyStores()) { 1546 keyStore.load(null, null); 1547 1548 if (isCertificateEnabled(keyStore)) { 1549 try { 1550 keyStore.isCertificateEntry(null); 1551 fail(keyStore.getType()); 1552 } catch (NullPointerException expected) { 1553 } 1554 } else { 1555 assertFalse(keyStore.isCertificateEntry(null)); 1556 } 1557 1558 assertFalse(keyStore.isCertificateEntry("")); 1559 } 1560 1561 for (KeyStore keyStore : keyStores()) { 1562 populate(keyStore); 1563 1564 assertFalse(keyStore.isCertificateEntry("")); 1565 1566 if (isKeyPasswordSupported(keyStore)) { 1567 assertFalse(keyStore.isCertificateEntry(ALIAS_PRIVATE)); 1568 } 1569 if (isNullPasswordAllowed(keyStore)) { 1570 assertFalse(keyStore.isCertificateEntry(ALIAS_NO_PASSWORD_PRIVATE)); 1571 } 1572 assertFalse(keyStore.isCertificateEntry(ALIAS_SECRET)); 1573 assertEquals(isCertificateEnabled(keyStore) && !isReadOnly(keyStore), 1574 keyStore.isCertificateEntry(ALIAS_CERTIFICATE)); 1575 1576 assertFalse(keyStore.isCertificateEntry(ALIAS_ALT_CASE_PRIVATE)); 1577 assertFalse(keyStore.isCertificateEntry(ALIAS_ALT_CASE_SECRET)); 1578 assertEquals(!isCaseSensitive(keyStore) 1579 && isCertificateEnabled(keyStore) 1580 && !isReadOnly(keyStore), 1581 keyStore.isCertificateEntry(ALIAS_ALT_CASE_CERTIFICATE)); 1582 } 1583 } 1584 1585 public void test_KeyStore_getCertificateAlias() throws Exception { 1586 for (KeyStore keyStore : keyStores()) { 1587 try { 1588 keyStore.getCertificateAlias(null); 1589 fail(keyStore.getType()); 1590 } catch (KeyStoreException expected) { 1591 } 1592 } 1593 1594 for (KeyStore keyStore : keyStores()) { 1595 keyStore.load(null, null); 1596 assertNull(keyStore.getCertificateAlias(null)); 1597 } 1598 1599 for (KeyStore keyStore : keyStores()) { 1600 populate(keyStore); 1601 1602 Set<String> expected = new HashSet<String>(); 1603 if (isKeyPasswordSupported(keyStore)) { 1604 expected.add(ALIAS_PRIVATE); 1605 } 1606 if (isNullPasswordAllowed(keyStore)) { 1607 expected.add(ALIAS_NO_PASSWORD_PRIVATE); 1608 } 1609 if (isCertificateEnabled(keyStore)) { 1610 expected.add(ALIAS_CERTIFICATE); 1611 } 1612 String actual = keyStore.getCertificateAlias(getPrivateKey().getCertificate()); 1613 assertEquals(!isReadOnly(keyStore), expected.contains(actual)); 1614 assertNull(keyStore.getCertificateAlias(getPrivateKey2().getCertificate())); 1615 } 1616 } 1617 1618 public void assertEqualsKeyStores(File expected, char[] storePassword, KeyStore actual) 1619 throws Exception{ 1620 KeyStore ks = KeyStore.getInstance(actual.getType(), actual.getProvider()); 1621 InputStream is = new FileInputStream(expected); 1622 ks.load(is, storePassword); 1623 is.close(); 1624 assertEqualsKeyStores(ks, actual); 1625 } 1626 1627 public void assertEqualsKeyStores(KeyStore expected, 1628 ByteArrayOutputStream actual, char[] storePassword) 1629 throws Exception{ 1630 KeyStore ks = KeyStore.getInstance(expected.getType(), expected.getProvider()); 1631 ks.load(new ByteArrayInputStream(actual.toByteArray()), storePassword); 1632 assertEqualsKeyStores(expected, ks); 1633 } 1634 1635 public void assertEqualsKeyStores(KeyStore expected, KeyStore actual) 1636 throws Exception{ 1637 assertEquals(expected.size(), actual.size()); 1638 for (String alias : Collections.list(actual.aliases())) { 1639 if (alias.equals(ALIAS_NO_PASSWORD_PRIVATE) 1640 || alias.equals(ALIAS_NO_PASSWORD_SECRET)) { 1641 assertEquals(expected.getKey(alias, null), 1642 actual.getKey(alias, null)); 1643 } else { 1644 assertEquals(expected.getKey(alias, PASSWORD_KEY), 1645 actual.getKey(alias, PASSWORD_KEY)); 1646 } 1647 assertEquals(expected.getCertificate(alias), actual.getCertificate(alias)); 1648 } 1649 } 1650 1651 public void test_KeyStore_store_OutputStream() throws Exception { 1652 for (KeyStore keyStore : keyStores()) { 1653 try { 1654 keyStore.store(null, null); 1655 fail(keyStore.getType()); 1656 } catch (KeyStoreException expected) { 1657 } 1658 } 1659 1660 for (KeyStore keyStore : keyStores()) { 1661 keyStore.load(null, null); 1662 ByteArrayOutputStream out = new ByteArrayOutputStream(); 1663 if (isLoadStoreUnsupported(keyStore) || isReadOnly(keyStore)) { 1664 try { 1665 keyStore.store(out, null); 1666 fail(keyStore.getType()); 1667 } catch (UnsupportedOperationException expected) { 1668 } 1669 continue; 1670 } 1671 1672 if (isNullPasswordAllowed(keyStore)) { 1673 keyStore.store(out, null); 1674 assertEqualsKeyStores(keyStore, out, null); 1675 continue; 1676 } 1677 1678 try { 1679 keyStore.store(out, null); 1680 fail(keyStore.getType()); 1681 } catch (Exception e) { 1682 if (e.getClass() != IllegalArgumentException.class 1683 && e.getClass() != NullPointerException.class) { 1684 throw e; 1685 } 1686 } 1687 } 1688 1689 for (KeyStore keyStore : keyStores()) { 1690 populate(keyStore); 1691 1692 ByteArrayOutputStream out = new ByteArrayOutputStream(); 1693 if (isLoadStoreUnsupported(keyStore) || isReadOnly(keyStore)) { 1694 try { 1695 keyStore.store(out, null); 1696 fail(keyStore.getType()); 1697 } catch (UnsupportedOperationException expected) { 1698 } 1699 } else if (isNullPasswordAllowed(keyStore)) { 1700 keyStore.store(out, null); 1701 assertEqualsKeyStores(keyStore, out, null); 1702 } else { 1703 try { 1704 keyStore.store(out, null); 1705 fail(keyStore.getType()); 1706 } catch (Exception e) { 1707 if (e.getClass() != IllegalArgumentException.class 1708 && e.getClass() != NullPointerException.class) { 1709 throw e; 1710 } 1711 } 1712 } 1713 } 1714 1715 for (KeyStore keyStore : keyStores()) { 1716 keyStore.load(null, null); 1717 ByteArrayOutputStream out = new ByteArrayOutputStream(); 1718 if (isLoadStoreUnsupported(keyStore) || isReadOnly(keyStore)) { 1719 try { 1720 keyStore.store(out, PASSWORD_STORE); 1721 fail(keyStore.getType()); 1722 } catch (UnsupportedOperationException e) { 1723 } 1724 continue; 1725 } 1726 keyStore.store(out, PASSWORD_STORE); 1727 assertEqualsKeyStores(keyStore, out, PASSWORD_STORE); 1728 } 1729 1730 for (KeyStore keyStore : keyStores()) { 1731 populate(keyStore); 1732 ByteArrayOutputStream out = new ByteArrayOutputStream(); 1733 if (isLoadStoreUnsupported(keyStore) || isReadOnly(keyStore)) { 1734 try { 1735 keyStore.store(out, PASSWORD_STORE); 1736 fail(keyStore.getType()); 1737 } catch (UnsupportedOperationException e) { 1738 } 1739 continue; 1740 } 1741 keyStore.store(out, PASSWORD_STORE); 1742 assertEqualsKeyStores(keyStore, out, PASSWORD_STORE); 1743 } 1744 } 1745 1746 public void test_KeyStore_store_LoadStoreParameter() throws Exception { 1747 for (KeyStore keyStore : keyStores()) { 1748 try { 1749 keyStore.store(null); 1750 fail(keyStore.getType()); 1751 } catch (KeyStoreException expected) { 1752 } 1753 } 1754 1755 for (KeyStore keyStore : keyStores()) { 1756 keyStore.load(null, null); 1757 try { 1758 keyStore.store(null); 1759 fail(keyStore.getType()); 1760 } catch (UnsupportedOperationException expected) { 1761 assertFalse(isLoadStoreParameterSupported(keyStore)); 1762 } catch (IllegalArgumentException expected) { 1763 // its supported, but null causes an exception 1764 assertTrue(isLoadStoreParameterSupported(keyStore)); 1765 } 1766 } 1767 } 1768 1769 public void test_KeyStore_load_InputStream() throws Exception { 1770 for (KeyStore keyStore : keyStores()) { 1771 keyStore.load(null, null); 1772 if (isPersistentStorage(keyStore)) { 1773 assertTrue("Should be able to query size: " + keyStore.getType(), 1774 keyStore.size() >= 0); 1775 } else if (hasDefaultContents(keyStore)) { 1776 assertTrue("Should have non-empty store: " + keyStore.getType(), 1777 keyStore.size() > 0); 1778 } else { 1779 assertEquals("Should have empty store: " + keyStore.getType(), 0, keyStore.size()); 1780 } 1781 } 1782 1783 for (KeyStore keyStore : keyStores()) { 1784 if (isLoadStoreUnsupported(keyStore)) { 1785 continue; 1786 } 1787 keyStore.load(null, PASSWORD_STORE); 1788 if (isPersistentStorage(keyStore)) { 1789 assertTrue("Should be able to query size: " + keyStore.getType(), 1790 keyStore.size() >= 0); 1791 } else if (hasDefaultContents(keyStore)) { 1792 assertTrue("Should have non-empty store: " + keyStore.getType(), 1793 keyStore.size() > 0); 1794 } else { 1795 assertEquals("Should have empty store: " + keyStore.getType(), 0, keyStore.size()); 1796 } 1797 } 1798 1799 // test_KeyStore_store_OutputStream effectively tests load as well as store 1800 } 1801 1802 public void test_KeyStore_load_LoadStoreParameter() throws Exception { 1803 for (KeyStore keyStore : keyStores()) { 1804 keyStore.load(null); 1805 if (isPersistentStorage(keyStore)) { 1806 assertTrue("Should be able to query size: " + keyStore.getType(), 1807 keyStore.size() >= 0); 1808 } else if (hasDefaultContents(keyStore)) { 1809 assertTrue("Should have non-empty store: " + keyStore.getType(), 1810 keyStore.size() > 0); 1811 } else { 1812 assertEquals("Should have empty store: " + keyStore.getType(), 0, keyStore.size()); 1813 } 1814 } 1815 1816 for (KeyStore keyStore : keyStores()) { 1817 try { 1818 keyStore.load(new LoadStoreParameter() { 1819 public ProtectionParameter getProtectionParameter() { 1820 return null; 1821 } 1822 }); 1823 fail(keyStore.getType()); 1824 } catch (UnsupportedOperationException expected) { 1825 } 1826 } 1827 } 1828 1829 public void test_KeyStore_getEntry() throws Exception { 1830 for (KeyStore keyStore : keyStores()) { 1831 try { 1832 keyStore.getEntry(null, null); 1833 fail(keyStore.getType()); 1834 } catch (NullPointerException expected) { 1835 } 1836 } 1837 1838 for (KeyStore keyStore : keyStores()) { 1839 populate(keyStore); 1840 1841 // test odd inputs 1842 try { 1843 keyStore.getEntry(null, null); 1844 fail(keyStore.getType()); 1845 } catch (NullPointerException expected) { 1846 } 1847 try { 1848 keyStore.getEntry(null, PARAM_KEY); 1849 fail(keyStore.getType()); 1850 } catch (NullPointerException expected) { 1851 } 1852 assertNull(keyStore.getEntry("", null)); 1853 assertNull(keyStore.getEntry("", PARAM_KEY)); 1854 1855 // test case sensitive 1856 if (isReadOnly(keyStore)) { 1857 assertNull(keyStore.getEntry(ALIAS_PRIVATE, PARAM_KEY)); 1858 } else { 1859 if (isKeyPasswordSupported(keyStore)) { 1860 assertPrivateKey(keyStore.getEntry(ALIAS_PRIVATE, PARAM_KEY)); 1861 } else if (isNullPasswordAllowed(keyStore)) { 1862 assertPrivateKey(keyStore.getEntry(ALIAS_NO_PASSWORD_PRIVATE, null)); 1863 } 1864 if (isSecretKeyEnabled(keyStore)) { 1865 assertSecretKey(keyStore.getEntry(ALIAS_SECRET, PARAM_KEY)); 1866 } else { 1867 assertNull(keyStore.getEntry(ALIAS_SECRET, PARAM_KEY)); 1868 } 1869 if (isCertificateEnabled(keyStore)) { 1870 assertCertificate(keyStore.getEntry(ALIAS_CERTIFICATE, null)); 1871 } else { 1872 assertNull(keyStore.getEntry(ALIAS_CERTIFICATE, null)); 1873 } 1874 } 1875 1876 // test case insensitive 1877 if (isCaseSensitive(keyStore) || isReadOnly(keyStore)) { 1878 assertNull(keyStore.getEntry(ALIAS_ALT_CASE_PRIVATE, PARAM_KEY)); 1879 assertNull(keyStore.getEntry(ALIAS_ALT_CASE_SECRET, PARAM_KEY)); 1880 } else { 1881 assertPrivateKey(keyStore.getEntry(ALIAS_ALT_CASE_PRIVATE, PARAM_KEY)); 1882 if (isSecretKeyEnabled(keyStore)) { 1883 assertSecretKey(keyStore.getEntry(ALIAS_ALT_CASE_SECRET, PARAM_KEY)); 1884 } 1885 } 1886 if (isCaseSensitive(keyStore) || isReadOnly(keyStore)) { 1887 assertNull(keyStore.getEntry(ALIAS_ALT_CASE_CERTIFICATE, null)); 1888 } else { 1889 if (isCertificateEnabled(keyStore)) { 1890 assertCertificate(keyStore.getEntry(ALIAS_ALT_CASE_CERTIFICATE, null)); 1891 } 1892 } 1893 1894 // test with null passwords 1895 if (isReadOnly(keyStore)) { 1896 assertNull(keyStore.getEntry(ALIAS_NO_PASSWORD_PRIVATE, null)); 1897 } else if (isNullPasswordAllowed(keyStore)) { 1898 assertPrivateKey(keyStore.getEntry(ALIAS_NO_PASSWORD_PRIVATE, null)); 1899 } else if (isKeyPasswordSupported(keyStore) && isKeyPasswordIgnored(keyStore)) { 1900 assertPrivateKey(keyStore.getEntry(ALIAS_PRIVATE, null)); 1901 } else if (isKeyPasswordIgnored(keyStore)) { 1902 try { 1903 keyStore.getEntry(ALIAS_PRIVATE, null); 1904 fail(keyStore.getType()); 1905 } catch (Exception e) { 1906 if (e.getClass() != UnrecoverableKeyException.class 1907 && e.getClass() != IllegalArgumentException.class) { 1908 throw e; 1909 } 1910 } 1911 } 1912 if (isReadOnly(keyStore)) { 1913 assertNull(keyStore.getEntry(ALIAS_SECRET, null)); 1914 } else if (isSecretKeyEnabled(keyStore)) { 1915 try { 1916 keyStore.getEntry(ALIAS_SECRET, null); 1917 fail(keyStore.getType()); 1918 } catch (Exception e) { 1919 if (e.getClass() != UnrecoverableKeyException.class 1920 && e.getClass() != IllegalArgumentException.class) { 1921 throw e; 1922 } 1923 } 1924 } 1925 1926 // test with bad passwords 1927 if (isReadOnly(keyStore)) { 1928 assertNull(keyStore.getEntry(ALIAS_PRIVATE, PARAM_BAD)); 1929 } else if (isKeyPasswordSupported(keyStore) && isKeyPasswordIgnored(keyStore)) { 1930 assertPrivateKey(keyStore.getEntry(ALIAS_PRIVATE, PARAM_BAD)); 1931 } else if (isKeyPasswordSupported(keyStore)) { 1932 try { 1933 keyStore.getEntry(ALIAS_PRIVATE, PARAM_BAD); 1934 fail(keyStore.getType()); 1935 } catch (UnrecoverableKeyException expected) { 1936 } 1937 } 1938 if (isReadOnly(keyStore)) { 1939 assertNull(keyStore.getEntry(ALIAS_SECRET, PARAM_BAD)); 1940 } else if (isSecretKeyEnabled(keyStore)) { 1941 try { 1942 keyStore.getEntry(ALIAS_SECRET, PARAM_BAD); 1943 fail(keyStore.getType()); 1944 } catch (UnrecoverableKeyException expected) { 1945 } 1946 } 1947 } 1948 } 1949 1950 public static class FakeProtectionParameter implements ProtectionParameter { 1951 } 1952 1953 public void test_KeyStore_setEntry() throws Exception { 1954 for (KeyStore keyStore : keyStores()) { 1955 keyStore.load(null, null); 1956 try { 1957 keyStore.setEntry(null, null, null); 1958 fail(keyStore.getType()); 1959 } catch (NullPointerException expected) { 1960 } 1961 } 1962 1963 for (KeyStore keyStore : keyStores()) { 1964 keyStore.load(null, null); 1965 1966 try { 1967 keyStore.setEntry(ALIAS_PRIVATE, getPrivateKey(), new FakeProtectionParameter()); 1968 fail("Should not accept unknown ProtectionParameter: " + keyStore.getProvider()); 1969 } catch (KeyStoreException expected) { 1970 } 1971 } 1972 1973 for (KeyStore keyStore : keyStores()) { 1974 keyStore.load(null, null); 1975 1976 // test odd inputs 1977 try { 1978 keyStore.setEntry(null, null, null); 1979 fail(keyStore.getType()); 1980 } catch (Exception e) { 1981 if (e.getClass() != NullPointerException.class 1982 && e.getClass() != KeyStoreException.class) { 1983 throw e; 1984 } 1985 } 1986 try { 1987 keyStore.setEntry(null, null, PARAM_KEY); 1988 fail(keyStore.getType()); 1989 } catch (Exception e) { 1990 if (e.getClass() != NullPointerException.class 1991 && e.getClass() != KeyStoreException.class) { 1992 throw e; 1993 } 1994 } 1995 try { 1996 keyStore.setEntry("", null, PARAM_KEY); 1997 fail(keyStore.getType()); 1998 } catch (NullPointerException expected) { 1999 } 2000 } 2001 2002 for (KeyStore keyStore : keyStores()) { 2003 clearKeyStore(keyStore); 2004 2005 // test case sensitive 2006 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2007 if (isReadOnly(keyStore)) { 2008 try { 2009 keyStore.setEntry(ALIAS_PRIVATE, getPrivateKey(), PARAM_KEY); 2010 fail(keyStore.getType()); 2011 } catch (UnsupportedOperationException expected) { 2012 } 2013 continue; 2014 } 2015 if (isKeyPasswordSupported(keyStore)) { 2016 keyStore.setEntry(ALIAS_PRIVATE, getPrivateKey(), PARAM_KEY); 2017 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2018 assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE)); 2019 } 2020 if (isNullPasswordAllowed(keyStore)) { 2021 keyStore.setEntry(ALIAS_NO_PASSWORD_PRIVATE, getPrivateKey(), null); 2022 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 2023 assertCertificateChain(keyStore.getCertificateChain(ALIAS_NO_PASSWORD_PRIVATE)); 2024 } 2025 if (isSecretKeyEnabled(keyStore)) { 2026 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2027 keyStore.setEntry(ALIAS_SECRET, new SecretKeyEntry(getSecretKey()), PARAM_KEY); 2028 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2029 } else { 2030 try { 2031 keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), PASSWORD_KEY, null); 2032 fail(keyStore.getType()); 2033 } catch (KeyStoreException expected) { 2034 } 2035 } 2036 if (isCertificateEnabled(keyStore)) { 2037 assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2038 keyStore.setEntry(ALIAS_CERTIFICATE, 2039 new TrustedCertificateEntry(getPrivateKey().getCertificate()), 2040 null); 2041 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2042 } else { 2043 try { 2044 keyStore.setEntry(ALIAS_CERTIFICATE, 2045 new TrustedCertificateEntry(getPrivateKey().getCertificate()), 2046 null); 2047 fail(keyStore.getType()); 2048 } catch (KeyStoreException expected) { 2049 } 2050 } 2051 if (isKeyPasswordSupported(keyStore)) { 2052 keyStore.setEntry(ALIAS_UNICODE_PRIVATE, getPrivateKey(), PARAM_KEY); 2053 assertPrivateKey(keyStore.getKey(ALIAS_UNICODE_PRIVATE, PASSWORD_KEY)); 2054 assertCertificateChain(keyStore.getCertificateChain(ALIAS_UNICODE_PRIVATE)); 2055 } 2056 if (isNullPasswordAllowed(keyStore)) { 2057 keyStore.setEntry(ALIAS_UNICODE_NO_PASSWORD_PRIVATE, getPrivateKey(), null); 2058 assertPrivateKey(keyStore.getKey(ALIAS_UNICODE_NO_PASSWORD_PRIVATE, null)); 2059 assertCertificateChain(keyStore 2060 .getCertificateChain(ALIAS_UNICODE_NO_PASSWORD_PRIVATE)); 2061 } 2062 if (isSecretKeyEnabled(keyStore)) { 2063 assertNull(keyStore.getKey(ALIAS_UNICODE_SECRET, PASSWORD_KEY)); 2064 keyStore.setEntry(ALIAS_UNICODE_SECRET, new SecretKeyEntry(getSecretKey()), PARAM_KEY); 2065 assertSecretKey(keyStore.getKey(ALIAS_UNICODE_SECRET, PASSWORD_KEY)); 2066 } else { 2067 try { 2068 keyStore.setKeyEntry(ALIAS_UNICODE_SECRET, getSecretKey(), PASSWORD_KEY, null); 2069 fail(keyStore.getType()); 2070 } catch (KeyStoreException expected) { 2071 } 2072 } 2073 } 2074 2075 for (KeyStore keyStore : keyStores()) { 2076 populate(keyStore); 2077 2078 if (isReadOnly(keyStore)) { 2079 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2080 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 2081 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2082 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 2083 } else if (isCaseSensitive(keyStore)) { 2084 if (isKeyPasswordSupported(keyStore)) { 2085 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2086 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 2087 keyStore.setEntry(ALIAS_ALT_CASE_PRIVATE, getPrivateKey2(), PARAM_KEY); 2088 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2089 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 2090 } 2091 2092 if (isNullPasswordAllowed(keyStore)) { 2093 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 2094 assertNull(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 2095 keyStore.setEntry(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, getPrivateKey2(), null); 2096 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 2097 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 2098 } 2099 2100 if (isSecretKeyEnabled(keyStore)) { 2101 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2102 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 2103 keyStore.setEntry(ALIAS_ALT_CASE_SECRET, 2104 new SecretKeyEntry(getSecretKey2()), 2105 PARAM_KEY); 2106 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2107 assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 2108 } 2109 2110 if (isCertificateEnabled(keyStore)) { 2111 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2112 assertNull(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 2113 keyStore.setEntry(ALIAS_ALT_CASE_CERTIFICATE, 2114 new TrustedCertificateEntry( 2115 getPrivateKey2().getCertificate()), 2116 null); 2117 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2118 assertCertificate2(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 2119 keyStore.setEntry(ALIAS_UNICODE_CERTIFICATE, 2120 new TrustedCertificateEntry( 2121 getPrivateKey().getCertificate()), 2122 null); 2123 assertCertificate(keyStore.getCertificate(ALIAS_UNICODE_CERTIFICATE)); 2124 } 2125 } else { 2126 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2127 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 2128 keyStore.setEntry(ALIAS_ALT_CASE_PRIVATE, getPrivateKey2(), PARAM_KEY); 2129 assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2130 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 2131 2132 if (isSecretKeyEnabled(keyStore)) { 2133 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2134 assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 2135 keyStore.setEntry(ALIAS_ALT_CASE_SECRET, 2136 new SecretKeyEntry(getSecretKey2()), 2137 PARAM_KEY); 2138 assertSecretKey2(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2139 assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 2140 } 2141 2142 if (isCertificateEnabled(keyStore)) { 2143 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2144 assertCertificate(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 2145 keyStore.setEntry(ALIAS_ALT_CASE_CERTIFICATE, 2146 new TrustedCertificateEntry( 2147 getPrivateKey2().getCertificate()), 2148 null); 2149 assertCertificate2(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2150 assertCertificate2(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 2151 keyStore.setEntry(ALIAS_UNICODE_CERTIFICATE, 2152 new TrustedCertificateEntry( 2153 getPrivateKey().getCertificate()), 2154 null); 2155 assertCertificate(keyStore.getCertificate(ALIAS_UNICODE_CERTIFICATE)); 2156 } 2157 } 2158 } 2159 2160 for (KeyStore keyStore : keyStores()) { 2161 keyStore.load(null, null); 2162 2163 // test with null/non-null passwords 2164 if (isReadOnly(keyStore)) { 2165 try { 2166 keyStore.setEntry(ALIAS_PRIVATE, getPrivateKey(), null); 2167 fail(keyStore.getType()); 2168 } catch (UnsupportedOperationException expected) { 2169 } 2170 try { 2171 keyStore.setEntry(ALIAS_SECRET, new SecretKeyEntry(getSecretKey()), null); 2172 fail(keyStore.getType()); 2173 } catch (UnsupportedOperationException expected) { 2174 } 2175 try { 2176 keyStore.setEntry(ALIAS_CERTIFICATE, 2177 new TrustedCertificateEntry(getPrivateKey().getCertificate()), 2178 null); 2179 fail(keyStore.getType()); 2180 } catch (UnsupportedOperationException expected) { 2181 } 2182 continue; 2183 } 2184 if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) { 2185 keyStore.setEntry(ALIAS_PRIVATE, getPrivateKey(), null); 2186 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null)); 2187 } else { 2188 try { 2189 keyStore.setEntry(ALIAS_PRIVATE, getPrivateKey(), null); 2190 fail(keyStore.getType()); 2191 } catch (Exception e) { 2192 if (e.getClass() != UnrecoverableKeyException.class 2193 && e.getClass() != IllegalArgumentException.class 2194 && e.getClass() != KeyStoreException.class) { 2195 throw e; 2196 } 2197 } 2198 } 2199 if (isSecretKeyEnabled(keyStore)) { 2200 if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) { 2201 keyStore.setEntry(ALIAS_SECRET, new SecretKeyEntry(getSecretKey()), null); 2202 assertSecretKey(keyStore.getKey(ALIAS_SECRET, null)); 2203 } else { 2204 try { 2205 keyStore.setEntry(ALIAS_SECRET, new SecretKeyEntry(getSecretKey()), null); 2206 fail(keyStore.getType()); 2207 } catch (Exception e) { 2208 if (e.getClass() != UnrecoverableKeyException.class 2209 && e.getClass() != IllegalArgumentException.class 2210 && e.getClass() != KeyStoreException.class) { 2211 throw e; 2212 } 2213 } 2214 } 2215 } 2216 if (isCertificateEnabled(keyStore)) { 2217 if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) { 2218 keyStore.setEntry(ALIAS_CERTIFICATE, 2219 new TrustedCertificateEntry(getPrivateKey().getCertificate()), 2220 PARAM_KEY); 2221 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2222 } else { 2223 try { 2224 keyStore.setEntry(ALIAS_CERTIFICATE, 2225 new TrustedCertificateEntry( 2226 getPrivateKey().getCertificate()), 2227 PARAM_KEY); 2228 fail(keyStore.getType()); 2229 } catch (KeyStoreException expected) { 2230 } 2231 } 2232 } 2233 } 2234 } 2235 2236 public void test_KeyStore_entryInstanceOf() throws Exception { 2237 for (KeyStore keyStore : keyStores()) { 2238 try { 2239 keyStore.entryInstanceOf(null, null); 2240 fail(keyStore.getType()); 2241 } catch (NullPointerException expected) { 2242 } 2243 } 2244 2245 for (KeyStore keyStore : keyStores()) { 2246 keyStore.load(null, null); 2247 2248 try { 2249 keyStore.entryInstanceOf(null, null); 2250 fail(keyStore.getType()); 2251 } catch (NullPointerException expected) { 2252 } 2253 try { 2254 keyStore.entryInstanceOf(null, Entry.class); 2255 fail(keyStore.getType()); 2256 } catch (NullPointerException expected) { 2257 } 2258 try { 2259 keyStore.entryInstanceOf("", null); 2260 fail(keyStore.getType()); 2261 } catch (NullPointerException expected) { 2262 } 2263 2264 assertFalse(keyStore.entryInstanceOf("", Entry.class)); 2265 } 2266 2267 for (KeyStore keyStore : keyStores()) { 2268 populate(keyStore); 2269 2270 // test odd inputs 2271 assertFalse(keyStore.entryInstanceOf("", Entry.class)); 2272 assertFalse(keyStore.entryInstanceOf("", PrivateKeyEntry.class)); 2273 assertFalse(keyStore.entryInstanceOf("", SecretKeyEntry.class)); 2274 assertFalse(keyStore.entryInstanceOf("", TrustedCertificateEntry.class)); 2275 2276 if (isReadOnly(keyStore)) { 2277 assertFalse(keyStore.entryInstanceOf(ALIAS_PRIVATE, PrivateKeyEntry.class)); 2278 assertFalse(keyStore.entryInstanceOf(ALIAS_PRIVATE, SecretKeyEntry.class)); 2279 assertFalse(keyStore.entryInstanceOf(ALIAS_PRIVATE, TrustedCertificateEntry.class)); 2280 2281 assertFalse(keyStore.entryInstanceOf(ALIAS_SECRET, SecretKeyEntry.class)); 2282 assertFalse(keyStore.entryInstanceOf(ALIAS_SECRET, PrivateKeyEntry.class)); 2283 assertFalse(keyStore.entryInstanceOf(ALIAS_SECRET, TrustedCertificateEntry.class)); 2284 2285 assertFalse(keyStore.entryInstanceOf(ALIAS_CERTIFICATE, 2286 TrustedCertificateEntry.class)); 2287 assertFalse(keyStore.entryInstanceOf(ALIAS_CERTIFICATE, PrivateKeyEntry.class)); 2288 assertFalse(keyStore.entryInstanceOf(ALIAS_CERTIFICATE, SecretKeyEntry.class)); 2289 continue; 2290 } 2291 2292 // test case sensitive 2293 assertEquals(isKeyPasswordSupported(keyStore), 2294 keyStore.entryInstanceOf(ALIAS_PRIVATE, PrivateKeyEntry.class)); 2295 assertFalse(keyStore.entryInstanceOf(ALIAS_PRIVATE, SecretKeyEntry.class)); 2296 assertFalse(keyStore.entryInstanceOf(ALIAS_PRIVATE, TrustedCertificateEntry.class)); 2297 2298 assertEquals(isNullPasswordAllowed(keyStore), 2299 keyStore.entryInstanceOf(ALIAS_NO_PASSWORD_PRIVATE, PrivateKeyEntry.class)); 2300 assertFalse(keyStore.entryInstanceOf(ALIAS_NO_PASSWORD_PRIVATE, SecretKeyEntry.class)); 2301 assertFalse(keyStore.entryInstanceOf(ALIAS_NO_PASSWORD_PRIVATE, 2302 TrustedCertificateEntry.class)); 2303 2304 assertEquals(isSecretKeyEnabled(keyStore), 2305 keyStore.entryInstanceOf(ALIAS_SECRET, SecretKeyEntry.class)); 2306 assertFalse(keyStore.entryInstanceOf(ALIAS_SECRET, PrivateKeyEntry.class)); 2307 assertFalse(keyStore.entryInstanceOf(ALIAS_SECRET, TrustedCertificateEntry.class)); 2308 2309 assertEquals(isCertificateEnabled(keyStore), 2310 keyStore.entryInstanceOf(ALIAS_CERTIFICATE, 2311 TrustedCertificateEntry.class)); 2312 assertFalse(keyStore.entryInstanceOf(ALIAS_CERTIFICATE, PrivateKeyEntry.class)); 2313 assertFalse(keyStore.entryInstanceOf(ALIAS_CERTIFICATE, SecretKeyEntry.class)); 2314 2315 // test case insensitive 2316 assertEquals(!isCaseSensitive(keyStore), 2317 keyStore.entryInstanceOf(ALIAS_ALT_CASE_PRIVATE, PrivateKeyEntry.class)); 2318 assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_PRIVATE, SecretKeyEntry.class)); 2319 assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_PRIVATE, 2320 TrustedCertificateEntry.class)); 2321 2322 assertEquals(!isCaseSensitive(keyStore) && isSecretKeyEnabled(keyStore), 2323 keyStore.entryInstanceOf(ALIAS_ALT_CASE_SECRET, SecretKeyEntry.class)); 2324 assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_SECRET, PrivateKeyEntry.class)); 2325 assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_SECRET, 2326 TrustedCertificateEntry.class)); 2327 2328 assertEquals(!isCaseSensitive(keyStore) && isCertificateEnabled(keyStore), 2329 keyStore.entryInstanceOf(ALIAS_ALT_CASE_CERTIFICATE, 2330 TrustedCertificateEntry.class)); 2331 assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_CERTIFICATE, 2332 PrivateKeyEntry.class)); 2333 assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_CERTIFICATE, SecretKeyEntry.class)); 2334 } 2335 } 2336 2337 public void test_KeyStore_Builder() throws Exception { 2338 for (KeyStore keyStore : keyStores()) { 2339 keyStore.load(null, null); 2340 try { 2341 Builder.newInstance(keyStore, null); 2342 fail(keyStore.getType()); 2343 } catch (NullPointerException expected) { 2344 } 2345 } 2346 2347 for (KeyStore keyStore : keyStores()) { 2348 try { 2349 Builder.newInstance(keyStore.getType(), 2350 keyStore.getProvider(), 2351 null); 2352 fail(keyStore.getType()); 2353 } catch (NullPointerException expected) { 2354 } 2355 } 2356 2357 for (KeyStore keyStore : keyStores()) { 2358 try { 2359 Builder.newInstance(null, 2360 null, 2361 null, 2362 null); 2363 fail(keyStore.getType()); 2364 } catch (NullPointerException expected) { 2365 } 2366 try { 2367 Builder.newInstance(keyStore.getType(), 2368 keyStore.getProvider(), 2369 null, 2370 null); 2371 fail(keyStore.getType()); 2372 } catch (NullPointerException expected) { 2373 } 2374 } 2375 2376 for (KeyStore keyStore : keyStores()) { 2377 keyStore.load(null, null); 2378 Builder builder = Builder.newInstance(keyStore, PARAM_STORE); 2379 try { 2380 builder.getProtectionParameter(null); 2381 fail(keyStore.getType()); 2382 } catch (NullPointerException expected) { 2383 } 2384 assertEquals(keyStore, builder.getKeyStore()); 2385 try { 2386 builder.getProtectionParameter(null); 2387 fail(keyStore.getType()); 2388 } catch (NullPointerException expected) { 2389 } 2390 assertEquals(PARAM_STORE, builder.getProtectionParameter("")); 2391 } 2392 2393 for (KeyStore keyStore : keyStores()) { 2394 populate(keyStore); 2395 2396 File file = File.createTempFile("keystore", keyStore.getProvider().getName()); 2397 OutputStream os = null; 2398 try { 2399 os = new FileOutputStream(file); 2400 if (isLoadStoreUnsupported(keyStore) || isReadOnly(keyStore)) { 2401 try { 2402 keyStore.store(os, PASSWORD_STORE); 2403 fail(keyStore.getType()); 2404 } catch (UnsupportedOperationException expected) { 2405 } 2406 continue; 2407 } 2408 2409 keyStore.store(os, PASSWORD_STORE); 2410 os.close(); 2411 Builder builder = Builder.newInstance(keyStore.getType(), 2412 keyStore.getProvider(), 2413 file, 2414 PARAM_STORE); 2415 assertEquals(keyStore.getType(), builder.getKeyStore().getType()); 2416 assertEquals(keyStore.getProvider(), builder.getKeyStore().getProvider()); 2417 assertEquals(PARAM_STORE, builder.getProtectionParameter("")); 2418 assertEqualsKeyStores(file, PASSWORD_STORE, keyStore); 2419 } finally { 2420 try { 2421 if (os != null) { 2422 os.close(); 2423 } 2424 } catch (IOException ignored) { 2425 } 2426 file.delete(); 2427 } 2428 } 2429 2430 for (KeyStore keyStore : keyStores()) { 2431 if (isLoadStoreUnsupported(keyStore)) { 2432 continue; 2433 } 2434 Builder builder = Builder.newInstance(keyStore.getType(), 2435 keyStore.getProvider(), 2436 PARAM_STORE); 2437 assertEquals(keyStore.getType(), builder.getKeyStore().getType()); 2438 assertEquals(keyStore.getProvider(), builder.getKeyStore().getProvider()); 2439 assertEquals(PARAM_STORE, builder.getProtectionParameter("")); 2440 } 2441 } 2442 2443 public void test_KeyStore_cacerts() throws Exception { 2444 if (StandardNames.IS_RI) { 2445 return; 2446 } 2447 KeyStore ks = KeyStore.getInstance("AndroidCAStore"); 2448 assertEquals("AndroidCAStore", ks.getType()); 2449 assertEquals("HarmonyJSSE", ks.getProvider().getName()); 2450 2451 ks.load(null, null); 2452 for (String alias : Collections.list(ks.aliases())) { 2453 Certificate c = null; 2454 try { 2455 c = ks.getCertificate(alias); 2456 assertNotNull(c); 2457 assertTrue(ks.isCertificateEntry(alias)); 2458 assertTrue(ks.entryInstanceOf(alias, TrustedCertificateEntry.class)); 2459 assertEquals(alias, ks.getCertificateAlias(c)); 2460 2461 assertTrue(c instanceof X509Certificate); 2462 X509Certificate cert = (X509Certificate) c; 2463 assertEquals(cert.getSubjectUniqueID(), cert.getIssuerUniqueID()); 2464 assertNotNull(cert.getPublicKey()); 2465 2466 assertTrue(ks.containsAlias(alias)); 2467 assertNotNull(ks.getCreationDate(alias)); 2468 assertNotNull(ks.getEntry(alias, null)); 2469 2470 assertFalse(ks.isKeyEntry(alias)); 2471 assertNull(ks.getKey(alias, null)); 2472 assertNull(ks.getCertificateChain(alias)); 2473 2474 } catch (Throwable t) { 2475 throw new Exception("alias=" + alias + " cert=" + c, t); 2476 } 2477 } 2478 } 2479 2480 // http://b/857840: want JKS key store 2481 public void testDefaultKeystore() { 2482 String type = KeyStore.getDefaultType(); 2483 assertEquals(StandardNames.KEY_STORE_ALGORITHM, type); 2484 2485 try { 2486 KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType()); 2487 assertNotNull("Keystore must not be null", store); 2488 } catch (Exception ex) { 2489 throw new RuntimeException(ex); 2490 } 2491 2492 try { 2493 KeyStore store = KeyStore.getInstance(StandardNames.KEY_STORE_ALGORITHM); 2494 assertNotNull("Keystore must not be null", store); 2495 } catch (Exception ex) { 2496 throw new RuntimeException(ex); 2497 } 2498 } 2499} 2500