AndroidKeyStoreTest.java revision 2eeda7286f3c7cb79f7eb71ae6464cad213d12a3
1e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root/* 2e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * Copyright (C) 2012 The Android Open Source Project 3e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * 4e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * Licensed under the Apache License, Version 2.0 (the "License"); 5e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * you may not use this file except in compliance with the License. 6e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * You may obtain a copy of the License at 7e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * 8e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * http://www.apache.org/licenses/LICENSE-2.0 9e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * 10e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * Unless required by applicable law or agreed to in writing, software 11e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * distributed under the License is distributed on an "AS IS" BASIS, 12e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * See the License for the specific language governing permissions and 14e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * limitations under the License. 15e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root */ 16e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 17e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootpackage android.security; 18e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 19802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Rootimport com.android.org.bouncycastle.x509.X509V3CertificateGenerator; 20802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 21802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Rootimport org.apache.harmony.xnet.provider.jsse.OpenSSLEngine; 22802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 23e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport android.test.AndroidTestCase; 24e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 25e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.io.ByteArrayInputStream; 26e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.io.ByteArrayOutputStream; 27e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.io.OutputStream; 28802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Rootimport java.math.BigInteger; 29802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Rootimport java.security.InvalidKeyException; 30e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.Key; 31e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.KeyFactory; 32e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.KeyStore.Entry; 33e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.KeyStore.PrivateKeyEntry; 34e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.KeyStore.TrustedCertificateEntry; 35e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.KeyStoreException; 36e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.NoSuchAlgorithmException; 37e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.PrivateKey; 38802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Rootimport java.security.PublicKey; 39e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.cert.Certificate; 40e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.cert.CertificateFactory; 41802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Rootimport java.security.cert.X509Certificate; 42e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.interfaces.RSAPrivateKey; 43e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.spec.InvalidKeySpecException; 44e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.security.spec.PKCS8EncodedKeySpec; 45802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Rootimport java.security.spec.X509EncodedKeySpec; 46e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.util.Arrays; 47e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.util.Collection; 48e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.util.Date; 49e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.util.Enumeration; 50e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.util.HashSet; 51e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.util.Iterator; 52e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootimport java.util.Set; 53e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 54656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Rootimport javax.crypto.Cipher; 55656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Rootimport javax.crypto.SecretKey; 56656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Rootimport javax.crypto.spec.SecretKeySpec; 57802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Rootimport javax.security.auth.x500.X500Principal; 58802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 59e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Rootpublic class AndroidKeyStoreTest extends AndroidTestCase { 60e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root private android.security.KeyStore mAndroidKeyStore; 61e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 62e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root private java.security.KeyStore mKeyStore; 63e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 64e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root private static final String TEST_ALIAS_1 = "test1"; 65e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 66e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root private static final String TEST_ALIAS_2 = "test2"; 67e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 68e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root private static final String TEST_ALIAS_3 = "test3"; 69e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 70802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root private static final X500Principal TEST_DN_1 = new X500Principal("CN=test1"); 71802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 72802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root private static final X500Principal TEST_DN_2 = new X500Principal("CN=test2"); 73802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 74802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root private static final BigInteger TEST_SERIAL_1 = BigInteger.ONE; 75802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 76802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root private static final BigInteger TEST_SERIAL_2 = BigInteger.valueOf(2L); 77802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 78802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root private static final long NOW_MILLIS = System.currentTimeMillis(); 79802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 80802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root /* We have to round this off because X509v3 doesn't store milliseconds. */ 81802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root private static final Date NOW = new Date(NOW_MILLIS - (NOW_MILLIS % 1000L)); 82802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 83802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root @SuppressWarnings("deprecation") 84802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root private static final Date NOW_PLUS_10_YEARS = new Date(NOW.getYear() + 10, 0, 1); 85802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 86e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root /* 87e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * The keys and certificates below are generated with: 88e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * 89e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 90e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * openssl req -newkey rsa:1024 -keyout userkey.pem -nodes -days 3650 -out userkey.req 91e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * mkdir -p demoCA/newcerts 92e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * touch demoCA/index.txt 93e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * echo "01" > demoCA/serial 94e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 95e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root */ 96e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 97e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root /** 98e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * Generated from above and converted with: 99e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * 100e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 101e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root */ 102e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root private static final byte[] FAKE_CA_1 = { 103e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0xce, (byte) 0x30, (byte) 0x82, 104e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x02, (byte) 0x37, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 105e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0x6a, 106e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, (byte) 0x55, (byte) 0x48, (byte) 0x0a, 107e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 108e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 109e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, 110e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 111e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, 112e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, 113e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, 114e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x41, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, 115e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, 116e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x4d, (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, 117e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, 118e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x77, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, 119e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, 120e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, 121e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x64, (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, 122e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x20, (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, 123e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, 124e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x34, (byte) 0x31, (byte) 0x36, 125e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x35, (byte) 0x35, (byte) 0x34, (byte) 0x34, (byte) 0x5a, (byte) 0x17, 126e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x0d, (byte) 0x32, (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, 127e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x32, (byte) 0x31, (byte) 0x36, (byte) 0x35, (byte) 0x35, (byte) 0x34, 128e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x34, (byte) 0x5a, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, 129e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 130e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, 131e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 132e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, 133e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, 134e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, 135e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, 136e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, 137e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, 138e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, 139e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, 140e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, 141e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, 142e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x81, (byte) 0x9f, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, 143e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, 144e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, 145e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x81, (byte) 0x8d, (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, 146e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x02, (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0xa3, (byte) 0x72, 147e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xab, (byte) 0xd0, (byte) 0xe4, (byte) 0xad, (byte) 0x2f, (byte) 0xe7, 148e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xe2, (byte) 0x79, (byte) 0x07, (byte) 0x36, (byte) 0x3d, (byte) 0x0c, 149e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x8d, (byte) 0x42, (byte) 0x9a, (byte) 0x0a, (byte) 0x33, (byte) 0x64, 150e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xb3, (byte) 0xcd, (byte) 0xb2, (byte) 0xd7, (byte) 0x3a, (byte) 0x42, 151e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x06, (byte) 0x77, (byte) 0x45, (byte) 0x29, (byte) 0xe9, (byte) 0xcb, 152e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xb7, (byte) 0x4a, (byte) 0xd6, (byte) 0xee, (byte) 0xad, (byte) 0x01, 153e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x91, (byte) 0x9b, (byte) 0x0c, (byte) 0x59, (byte) 0xa1, (byte) 0x03, 154e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xfa, (byte) 0xf0, (byte) 0x5a, (byte) 0x7c, (byte) 0x4f, (byte) 0xf7, 155e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x8d, (byte) 0x36, (byte) 0x0f, (byte) 0x1f, (byte) 0x45, (byte) 0x7d, 156e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x1b, (byte) 0x31, (byte) 0xa1, (byte) 0x35, (byte) 0x0b, (byte) 0x00, 157e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xed, (byte) 0x7a, (byte) 0xb6, (byte) 0xc8, (byte) 0x4e, (byte) 0xa9, 158e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x86, (byte) 0x4c, (byte) 0x7b, (byte) 0x99, (byte) 0x57, (byte) 0x41, 159e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x12, (byte) 0xef, (byte) 0x6b, (byte) 0xbc, (byte) 0x3d, (byte) 0x60, 160e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xf2, (byte) 0x99, (byte) 0x1a, (byte) 0xcd, (byte) 0xed, (byte) 0x56, 161e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xa4, (byte) 0xe5, (byte) 0x36, (byte) 0x9f, (byte) 0x24, (byte) 0x1f, 162e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xdc, (byte) 0x89, (byte) 0x40, (byte) 0xc8, (byte) 0x99, (byte) 0x92, 163e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xab, (byte) 0x4a, (byte) 0xb5, (byte) 0x61, (byte) 0x45, (byte) 0x62, 164e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xff, (byte) 0xa3, (byte) 0x45, (byte) 0x65, (byte) 0xaf, (byte) 0xf6, 165e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x27, (byte) 0x30, (byte) 0x51, (byte) 0x0e, (byte) 0x0e, (byte) 0xeb, 166e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x79, (byte) 0x0c, (byte) 0xbe, (byte) 0xb3, (byte) 0x0a, (byte) 0x6f, 167e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x29, (byte) 0x06, (byte) 0xdc, (byte) 0x2f, (byte) 0x6b, (byte) 0x51, 168e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x02, (byte) 0x03, (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, 169e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x81, (byte) 0xb1, (byte) 0x30, (byte) 0x81, (byte) 0xae, (byte) 0x30, 170e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, 171e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x33, (byte) 0x05, 172e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, (byte) 0xc7, (byte) 0xf9, 173e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, 174e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, (byte) 0x5d, (byte) 0x51, 175e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x7f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, 176e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x23, (byte) 0x04, (byte) 0x78, (byte) 0x30, (byte) 0x76, (byte) 0x80, 177e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x14, (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, 178e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x60, (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, 179e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, 180e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x8e, (byte) 0x5d, (byte) 0x51, (byte) 0xa1, (byte) 0x53, (byte) 0xa4, 181e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x51, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 182e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 183e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, 184e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 185e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, 186e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, 187e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, 188e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, 189e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, 190e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, 191e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, 192e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, 193e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, 194e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x82, (byte) 0x09, 195e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x00, (byte) 0xe1, (byte) 0x6a, (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, 196e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x55, (byte) 0x48, (byte) 0x0a, (byte) 0x30, (byte) 0x0c, (byte) 0x06, 197e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x05, 198e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, 199e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, 200e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, 201e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, (byte) 0x00, 202e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x8c, (byte) 0x30, (byte) 0x42, (byte) 0xfa, (byte) 0xeb, (byte) 0x1a, 203e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x26, (byte) 0xeb, (byte) 0xda, (byte) 0x56, (byte) 0x32, (byte) 0xf2, 204e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x9d, (byte) 0xa5, (byte) 0x24, (byte) 0xd8, (byte) 0x3a, (byte) 0xda, 205e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0xa6, (byte) 0x8b, (byte) 0x46, (byte) 0xfe, (byte) 0xfe, 206e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xdb, (byte) 0xf1, (byte) 0xe6, (byte) 0xe1, (byte) 0x7c, (byte) 0x1b, 207e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xe7, (byte) 0x77, (byte) 0x00, (byte) 0xa1, (byte) 0x1c, (byte) 0x19, 208e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x17, (byte) 0x73, (byte) 0xb0, (byte) 0xf0, (byte) 0x9d, (byte) 0xf3, 209e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x4f, (byte) 0xb6, (byte) 0xbc, (byte) 0xc7, (byte) 0x47, (byte) 0x85, 210e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x2a, (byte) 0x4a, (byte) 0xa1, (byte) 0xa5, (byte) 0x58, (byte) 0xf5, 211e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xc5, (byte) 0x1a, (byte) 0x51, (byte) 0xb1, (byte) 0x04, (byte) 0x80, 212e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xee, (byte) 0x3a, (byte) 0xec, (byte) 0x2f, (byte) 0xe1, (byte) 0xfd, 213e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x58, (byte) 0xeb, (byte) 0xed, (byte) 0x82, (byte) 0x9e, (byte) 0x38, 214e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xa3, (byte) 0x24, (byte) 0x75, (byte) 0xf7, (byte) 0x3e, (byte) 0xc2, 215e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xc5, (byte) 0x27, (byte) 0xeb, (byte) 0x6f, (byte) 0x7b, (byte) 0x50, 216e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xda, (byte) 0x43, (byte) 0xdc, (byte) 0x3b, (byte) 0x0b, (byte) 0x6f, 217e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x78, (byte) 0x8f, (byte) 0xb0, (byte) 0x66, (byte) 0xe1, (byte) 0x12, 218e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x87, (byte) 0x5f, (byte) 0x97, (byte) 0x7b, (byte) 0xca, (byte) 0x14, 219e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x79, (byte) 0xf7, (byte) 0xe8, (byte) 0x6c, (byte) 0x72, (byte) 0xdb, 220e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x91, (byte) 0x65, (byte) 0x17, (byte) 0x54, (byte) 0xe0, (byte) 0x74, 221e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x1d, (byte) 0xac, (byte) 0x47, (byte) 0x04, (byte) 0x12, (byte) 0xe0, 222e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xc3, (byte) 0x66, (byte) 0x19, (byte) 0x05, (byte) 0x2e, (byte) 0x7e, 223e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xf1, (byte) 0x61 224e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root }; 225e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 226e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root /** 227e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * Generated from above and converted with: 228e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * 229e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' 230e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root */ 231e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root private static final byte[] FAKE_KEY_1 = new byte[] { 232e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x02, (byte) 0x01, 233e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x00, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, 234e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, 235e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x82, 236e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x02, (byte) 0x62, (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x5e, 237e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x02, (byte) 0x81, (byte) 0x81, 238e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, (byte) 0x5b, 239e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, (byte) 0x66, 240e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, (byte) 0x8a, 241e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, (byte) 0x02, 242e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, (byte) 0xf3, 243e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, (byte) 0x6d, 244e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, (byte) 0x67, 245e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, (byte) 0xcb, 246e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, (byte) 0xe2, 247e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, (byte) 0x79, 248e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, (byte) 0xce, 249e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, (byte) 0x08, 250e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, (byte) 0x3b, 251e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, (byte) 0xc4, 252e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, (byte) 0x0d, 253e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, (byte) 0x23, 254e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, (byte) 0x08, 255e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, (byte) 0xf1, 256e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, (byte) 0xb4, 257e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, (byte) 0x16, 258e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, (byte) 0x9e, 259e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, (byte) 0x01, 260e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x81, (byte) 0x80, (byte) 0x16, 261e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x59, (byte) 0xc3, (byte) 0x24, (byte) 0x1d, (byte) 0x33, (byte) 0x98, 262e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x9c, (byte) 0xc9, (byte) 0xc8, (byte) 0x2c, (byte) 0x88, (byte) 0xbf, 263e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x0a, (byte) 0x01, (byte) 0xce, (byte) 0xfb, (byte) 0x34, (byte) 0x7a, 264e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x58, (byte) 0x7a, (byte) 0xb0, (byte) 0xbf, (byte) 0xa6, (byte) 0xb2, 265e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x60, (byte) 0xbe, (byte) 0x70, (byte) 0x21, (byte) 0xf5, (byte) 0xfc, 266e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x85, (byte) 0x0d, (byte) 0x33, (byte) 0x58, (byte) 0xa1, (byte) 0xe5, 267e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x09, (byte) 0x36, (byte) 0x84, (byte) 0xb2, (byte) 0x04, (byte) 0x0a, 268e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x02, (byte) 0xd3, (byte) 0x88, (byte) 0x1f, (byte) 0x0c, (byte) 0x2b, 269e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x1d, (byte) 0xe9, (byte) 0x3d, (byte) 0xe7, (byte) 0x79, (byte) 0xf9, 270e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x32, (byte) 0x5c, (byte) 0x8a, (byte) 0x75, (byte) 0x49, (byte) 0x12, 271e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xe4, (byte) 0x05, (byte) 0x26, (byte) 0xd4, (byte) 0x2e, (byte) 0x9e, 272e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x1f, (byte) 0xcc, (byte) 0x54, (byte) 0xad, (byte) 0x33, (byte) 0x8d, 273e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x99, (byte) 0x00, (byte) 0xdc, (byte) 0xf5, (byte) 0xb4, (byte) 0xa2, 274e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x2f, (byte) 0xba, (byte) 0xe5, (byte) 0x62, (byte) 0x30, (byte) 0x6d, 275e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xe6, (byte) 0x3d, (byte) 0xeb, (byte) 0x24, (byte) 0xc2, (byte) 0xdc, 276e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x5f, (byte) 0xb7, (byte) 0x16, (byte) 0x35, (byte) 0xa3, (byte) 0x98, 277e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x98, (byte) 0xa8, (byte) 0xef, (byte) 0xe8, (byte) 0xc4, (byte) 0x96, 278e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x6d, (byte) 0x38, (byte) 0xab, (byte) 0x26, (byte) 0x6d, (byte) 0x30, 279e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xc2, (byte) 0xa0, (byte) 0x44, (byte) 0xe4, (byte) 0xff, (byte) 0x7e, 280e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xbe, (byte) 0x7c, (byte) 0x33, (byte) 0xa5, (byte) 0x10, (byte) 0xad, 281e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xd7, (byte) 0x1e, (byte) 0x13, (byte) 0x20, (byte) 0xb3, (byte) 0x1f, 282e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x41, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xf1, (byte) 0x89, 283e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x07, (byte) 0x0f, (byte) 0xe8, (byte) 0xcf, (byte) 0xab, (byte) 0x13, 284e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x2a, (byte) 0x8f, (byte) 0x88, (byte) 0x80, (byte) 0x11, (byte) 0x9a, 285e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x79, (byte) 0xb6, (byte) 0x59, (byte) 0x3a, (byte) 0x50, (byte) 0x6e, 286e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x57, (byte) 0x37, (byte) 0xab, (byte) 0x2a, (byte) 0xd2, (byte) 0xaa, 287e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xd9, (byte) 0x72, (byte) 0x73, (byte) 0xff, (byte) 0x8b, (byte) 0x47, 288e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x76, (byte) 0xdd, (byte) 0xdc, (byte) 0xf5, (byte) 0x97, (byte) 0x44, 289e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x3a, (byte) 0x78, (byte) 0xbe, (byte) 0x17, (byte) 0xb4, (byte) 0x22, 290e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x6f, (byte) 0xe5, (byte) 0x23, (byte) 0x70, (byte) 0x1d, (byte) 0x10, 291e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x5d, (byte) 0xba, (byte) 0x16, (byte) 0x81, (byte) 0xf1, (byte) 0x45, 292e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xce, (byte) 0x30, (byte) 0xb4, (byte) 0xab, (byte) 0x80, (byte) 0xe4, 293e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x98, (byte) 0x31, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xda, 294e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x82, (byte) 0x9d, (byte) 0x3f, (byte) 0xca, (byte) 0x2f, (byte) 0xe1, 295e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xd4, (byte) 0x86, (byte) 0x77, (byte) 0x48, (byte) 0xa6, (byte) 0xab, 296e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xab, (byte) 0x1c, (byte) 0x42, (byte) 0x5c, (byte) 0xd5, (byte) 0xc7, 297e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x46, (byte) 0x59, (byte) 0x91, (byte) 0x3f, (byte) 0xfc, (byte) 0xcc, 298e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xec, (byte) 0xc2, (byte) 0x40, (byte) 0x12, (byte) 0x2c, (byte) 0x8d, 299e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x1f, (byte) 0xa2, (byte) 0x18, (byte) 0x88, (byte) 0xee, (byte) 0x82, 300e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x4a, (byte) 0x5a, (byte) 0x5e, (byte) 0x88, (byte) 0x20, (byte) 0xe3, 301e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x7b, (byte) 0xe0, (byte) 0xd8, (byte) 0x3a, (byte) 0x52, (byte) 0x9a, 302e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x26, (byte) 0x6a, (byte) 0x04, (byte) 0xec, (byte) 0xe8, (byte) 0xb9, 303e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x48, (byte) 0x40, (byte) 0xe1, (byte) 0xe1, (byte) 0x83, (byte) 0xa6, 304e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x67, (byte) 0xa6, (byte) 0xfd, (byte) 0x02, (byte) 0x41, (byte) 0x00, 305e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x89, (byte) 0x72, (byte) 0x3e, (byte) 0xb0, (byte) 0x90, (byte) 0xfd, 306e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x4c, (byte) 0x0e, (byte) 0xd6, (byte) 0x13, (byte) 0x63, (byte) 0xcb, 307e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xed, (byte) 0x38, (byte) 0x88, (byte) 0xb6, (byte) 0x79, (byte) 0xc4, 308e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x33, (byte) 0x6c, (byte) 0xf6, (byte) 0xf8, (byte) 0xd8, (byte) 0xd0, 309e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xbf, (byte) 0x9d, (byte) 0x35, (byte) 0xac, (byte) 0x69, (byte) 0xd2, 310e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x2b, (byte) 0xc1, (byte) 0xf9, (byte) 0x24, (byte) 0x7b, (byte) 0xce, 311e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xcd, (byte) 0xcb, (byte) 0xa7, (byte) 0xb2, (byte) 0x7a, (byte) 0x0a, 312e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x27, (byte) 0x19, (byte) 0xc9, (byte) 0xaf, (byte) 0x0d, (byte) 0x21, 313e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x89, (byte) 0x88, (byte) 0x7c, (byte) 0xad, (byte) 0x9e, (byte) 0x8d, 314e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x47, (byte) 0x6d, (byte) 0x3f, (byte) 0xce, (byte) 0x7b, (byte) 0xa1, 315e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x74, (byte) 0xf1, (byte) 0xa0, (byte) 0xa1, (byte) 0x02, (byte) 0x41, 316e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x00, (byte) 0xd9, (byte) 0xa8, (byte) 0xf5, (byte) 0xfe, (byte) 0xce, 317e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xe6, (byte) 0x77, (byte) 0x6b, (byte) 0xfe, (byte) 0x2d, (byte) 0xe0, 318e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x1e, (byte) 0xb6, (byte) 0x2e, (byte) 0x12, (byte) 0x4e, (byte) 0x40, 319e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xaf, (byte) 0x6a, (byte) 0x7b, (byte) 0x37, (byte) 0x49, (byte) 0x2a, 320e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x96, (byte) 0x25, (byte) 0x83, (byte) 0x49, (byte) 0xd4, (byte) 0x0c, 321e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xc6, (byte) 0x78, (byte) 0x25, (byte) 0x24, (byte) 0x90, (byte) 0x90, 322e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x06, (byte) 0x15, (byte) 0x9e, (byte) 0xfe, (byte) 0xf9, (byte) 0xdf, 323e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x5b, (byte) 0xf3, (byte) 0x7e, (byte) 0x38, (byte) 0x70, (byte) 0xeb, 324e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x57, (byte) 0xd0, (byte) 0xd9, (byte) 0xa7, (byte) 0x0e, (byte) 0x14, 325e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xf7, (byte) 0x95, (byte) 0x68, (byte) 0xd5, (byte) 0xc8, (byte) 0xab, 326e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x9d, (byte) 0x3a, (byte) 0x2b, (byte) 0x51, (byte) 0xf9, (byte) 0x02, 327e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x41, (byte) 0x00, (byte) 0x96, (byte) 0xdf, (byte) 0xe9, (byte) 0x67, 328e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x6c, (byte) 0xdc, (byte) 0x90, (byte) 0x14, (byte) 0xb4, (byte) 0x1d, 329e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x22, (byte) 0x33, (byte) 0x4a, (byte) 0x31, (byte) 0xc1, (byte) 0x9d, 330e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x2e, (byte) 0xff, (byte) 0x9a, (byte) 0x2a, (byte) 0x95, (byte) 0x4b, 331e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x27, (byte) 0x74, (byte) 0xcb, (byte) 0x21, (byte) 0xc3, (byte) 0xd2, 332e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x0b, (byte) 0xb2, (byte) 0x46, (byte) 0x87, (byte) 0xf8, (byte) 0x28, 333e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x01, (byte) 0x8b, (byte) 0xd8, (byte) 0xb9, (byte) 0x4b, (byte) 0xcd, 334e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x9a, (byte) 0x96, (byte) 0x41, (byte) 0x0e, (byte) 0x36, (byte) 0x6d, 335e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x40, (byte) 0x42, (byte) 0xbc, (byte) 0xd9, (byte) 0xd3, (byte) 0x7b, 336e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xbc, (byte) 0xa7, (byte) 0x92, (byte) 0x90, (byte) 0xdd, (byte) 0xa1, 337e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x9c, (byte) 0xce, (byte) 0xa1, (byte) 0x87, (byte) 0x11, (byte) 0x51 338e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root }; 339e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 340e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root /** 341e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * Generated from above and converted with: 342e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * 343e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 344e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root */ 345e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root private static final byte[] FAKE_USER_1 = new byte[] { 346e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x95, (byte) 0x30, (byte) 0x82, 347e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x01, (byte) 0xfe, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 348e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, 349e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, 350e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, 351e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 352e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 353e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, 354e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 355e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, 356e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, 357e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, 358e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, 359e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, 360e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, 361e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, 362e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, 363e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, 364e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, (byte) 0x1e, 365e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, (byte) 0x30, (byte) 0x38, 366e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x31, (byte) 0x34, (byte) 0x32, (byte) 0x33, (byte) 0x32, (byte) 0x35, 367e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x34, (byte) 0x38, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, 368e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x32, (byte) 0x32, 369e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x33, (byte) 0x32, (byte) 0x35, (byte) 0x34, (byte) 0x38, (byte) 0x5a, 370e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x55, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, 371e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, 372e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 373e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, 374e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, (byte) 0x1b, 375e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 376e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, (byte) 0x64, 377e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x54, 378e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, (byte) 0x61, 379e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x31, (byte) 0x1c, (byte) 0x30, 380e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x1a, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, 381e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x13, (byte) 0x13, (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, 382e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x65, (byte) 0x72, (byte) 0x31, (byte) 0x2e, (byte) 0x65, (byte) 0x78, 383e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x61, (byte) 0x6d, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x2e, 384e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x63, (byte) 0x6f, (byte) 0x6d, (byte) 0x30, (byte) 0x81, (byte) 0x9f, 385e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 386e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 387e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, 388e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, 389e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x81, (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, 390e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x5b, (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, 391e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x66, (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, 392e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x8a, (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, 393e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x02, (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, 394e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xf3, (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, 395e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x6d, (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, 396e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x67, (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, 397e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xcb, (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, 398e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xe2, (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, 399e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x79, (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, 400e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xce, (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, 401e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x08, (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, 402e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x3b, (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, 403e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xc4, (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, 404e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x0d, (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, 405e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x23, (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, 406e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x08, (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, 407e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xf1, (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, 408e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xb4, (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, 409e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x16, (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, 410e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x9e, (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, 411e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, 412e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x79, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 413e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, 414e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x30, (byte) 0x2c, (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, 415e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x48, (byte) 0x01, (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, 416e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x0d, (byte) 0x04, (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, 417e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x70, (byte) 0x65, (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, 418e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x20, (byte) 0x47, (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, 419e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, 420e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, 421e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, 422e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, 423e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x32, (byte) 0xa1, (byte) 0x1e, 424e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x6b, (byte) 0x69, (byte) 0x04, (byte) 0xfe, (byte) 0xb3, (byte) 0xcd, 425e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xf8, (byte) 0xbb, (byte) 0x14, (byte) 0xcd, (byte) 0xff, (byte) 0xd4, 426e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x16, (byte) 0xc3, (byte) 0xab, (byte) 0x44, (byte) 0x2f, (byte) 0x30, 427e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, 428e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, 429e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, 430e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, 431e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, 432e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x5d, (byte) 0x51, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, 433e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, 434e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, 435e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0x46, (byte) 0x42, (byte) 0xef, 436e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x56, (byte) 0x89, (byte) 0x78, (byte) 0x90, (byte) 0x38, (byte) 0x24, 437e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x9f, (byte) 0x8c, (byte) 0x7a, (byte) 0xce, (byte) 0x7a, (byte) 0xa5, 438e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xb5, (byte) 0x1e, (byte) 0x74, (byte) 0x96, (byte) 0x34, (byte) 0x49, 439e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x8b, (byte) 0xed, (byte) 0x44, (byte) 0xb3, (byte) 0xc9, (byte) 0x05, 440e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xd7, (byte) 0x48, (byte) 0x55, (byte) 0x52, (byte) 0x59, (byte) 0x15, 441e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x0b, (byte) 0xaa, (byte) 0x16, (byte) 0x86, (byte) 0xd2, (byte) 0x8e, 442e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x16, (byte) 0x99, (byte) 0xe8, (byte) 0x5f, (byte) 0x11, (byte) 0x71, 443e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x42, (byte) 0x55, (byte) 0xd1, (byte) 0xc4, (byte) 0x6f, (byte) 0x2e, 444e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xa9, (byte) 0x64, (byte) 0x6f, (byte) 0xd8, (byte) 0xfd, (byte) 0x43, 445e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x13, (byte) 0x24, (byte) 0xaa, (byte) 0x67, (byte) 0xe6, (byte) 0xf5, 446e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xca, (byte) 0x80, (byte) 0x5e, (byte) 0x3a, (byte) 0x3e, (byte) 0xcc, 447e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x4f, (byte) 0xba, (byte) 0x87, (byte) 0xe6, (byte) 0xae, (byte) 0xbf, 448e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x8f, (byte) 0xd5, (byte) 0x28, (byte) 0x38, (byte) 0x58, (byte) 0x30, 449e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x24, (byte) 0xf6, (byte) 0x53, (byte) 0x5b, (byte) 0x41, (byte) 0x53, 450e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xe6, (byte) 0x45, (byte) 0xbc, (byte) 0xbe, (byte) 0xe6, (byte) 0xbb, 451e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x5d, (byte) 0xd8, (byte) 0xa7, (byte) 0xf9, (byte) 0x64, (byte) 0x99, 452e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x04, (byte) 0x43, (byte) 0x75, (byte) 0xd7, (byte) 0x2d, (byte) 0x32, 453e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x0a, (byte) 0x94, (byte) 0xaf, (byte) 0x06, (byte) 0x34, (byte) 0xae, 454e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x46, (byte) 0xbd, (byte) 0xda, (byte) 0x00, (byte) 0x0e, (byte) 0x25, 455e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0xc2, (byte) 0xf7, (byte) 0xc9, (byte) 0xc3, (byte) 0x65, (byte) 0xd2, 456e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root (byte) 0x08, (byte) 0x41, (byte) 0x0a, (byte) 0xf3, (byte) 0x72 457e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root }; 458e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 459e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root /** 460e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * The amount of time to allow before and after expected time for variance 461e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root * in timing tests. 462e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root */ 463e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root private static final long SLOP_TIME_MILLIS = 15000L; 464e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 465e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root @Override 466e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root protected void setUp() throws Exception { 467e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mAndroidKeyStore = android.security.KeyStore.getInstance(); 468e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 469e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.reset()); 470b9594ce9ebb3f5f303a280f04312ae5754ce3560Kenny Root assertFalse(mAndroidKeyStore.isUnlocked()); 471e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 4722eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); 4732eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 4742eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 4752eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root private void setupPassword() { 476e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.password("1111")); 477b9594ce9ebb3f5f303a280f04312ae5754ce3560Kenny Root assertTrue(mAndroidKeyStore.isUnlocked()); 478e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 479e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals(0, mAndroidKeyStore.saw("").length); 480e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 481e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 482e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root private void assertAliases(final String[] expectedAliases) throws KeyStoreException { 483e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Enumeration<String> aliases = mKeyStore.aliases(); 484e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root int count = 0; 485e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 486e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Set<String> expectedSet = new HashSet<String>(); 487e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedSet.addAll(Arrays.asList(expectedAliases)); 488e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 489e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root while (aliases.hasMoreElements()) { 490e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root count++; 491e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final String alias = aliases.nextElement(); 492e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("The alias should be in the expected set", expectedSet.contains(alias)); 493e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedSet.remove(alias); 494e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 495e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("The expected set and actual set should be exactly equal", expectedSet.isEmpty()); 496e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("There should be the correct number of keystore entries", 497e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedAliases.length, count); 498e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 499e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 5002eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_Aliases_Encrypted_Success() throws Exception { 5012eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 5022eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 503e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 504e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 505e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] {}); 506e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 507e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1)); 508e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 509e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_1 }); 510e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 511e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); 512e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 513e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); 514e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 515e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 5162eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_Aliases_NotInitialized_Encrypted_Failure() throws Exception { 5172eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 5182eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 519e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root try { 520e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.aliases(); 521e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root fail("KeyStore should throw exception when not initialized"); 522e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } catch (KeyStoreException success) { 523e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 524e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 525e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 5262eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_ContainsAliases_PrivateAndCA_Encrypted_Success() throws Exception { 5272eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 5282eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 529e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 530e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 531e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] {}); 532e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 533e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1)); 534e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 535e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Should contain generated private key", mKeyStore.containsAlias(TEST_ALIAS_1)); 536e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 537e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); 538e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 539e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); 540e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 541e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertFalse("Should not contain unadded certificate alias", 542e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.containsAlias(TEST_ALIAS_3)); 543e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 544e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 5452eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_ContainsAliases_CAOnly_Encrypted_Success() throws Exception { 5462eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 5472eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 548e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 549e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 550e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); 551e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 552e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); 553e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 554e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 5552eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_ContainsAliases_NonExistent_Encrypted_Failure() throws Exception { 5562eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 5572eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 558e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 559e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 560e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertFalse("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_1)); 561e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 562e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 5632eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_DeleteEntry_Encrypted_Success() throws Exception { 5642eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 5652eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 566e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 567e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 568e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // TEST_ALIAS_1 569e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 570e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root FAKE_KEY_1)); 571e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); 572e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 573e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 574e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // TEST_ALIAS_2 575e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); 576e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 577e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // TEST_ALIAS_3 578e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_3, FAKE_CA_1)); 579e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 580e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); 581e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 582e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.deleteEntry(TEST_ALIAS_1); 583e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 584e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); 585e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 586e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.deleteEntry(TEST_ALIAS_3); 587e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 588e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_2 }); 589e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 590e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.deleteEntry(TEST_ALIAS_2); 591e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 592e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { }); 593e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 594e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 5952eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_DeleteEntry_EmptyStore_Encrypted_Success() throws Exception { 5962eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 5972eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 598e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 599e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 6008b58c52bf4cc276165b1857eb4087eabde7b6477Kenny Root // Should not throw when a non-existent entry is requested for delete. 6018b58c52bf4cc276165b1857eb4087eabde7b6477Kenny Root mKeyStore.deleteEntry(TEST_ALIAS_1); 602e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 603e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 6042eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_DeleteEntry_NonExistent_Encrypted_Success() throws Exception { 6052eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 6062eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 607e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 608e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 609e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // TEST_ALIAS_1 610e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 611e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root FAKE_KEY_1)); 612e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); 613e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 614e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 6158b58c52bf4cc276165b1857eb4087eabde7b6477Kenny Root // Should not throw when a non-existent entry is requested for delete. 6168b58c52bf4cc276165b1857eb4087eabde7b6477Kenny Root mKeyStore.deleteEntry(TEST_ALIAS_2); 617e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 618e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 6192eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetCertificate_Single_Encrypted_Success() throws Exception { 6202eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 6212eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 622e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 623e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 624e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 625e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 626e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_1 }); 627e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 628e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNull("Certificate should not exist in keystore", 629e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.getCertificate(TEST_ALIAS_2)); 630e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 631e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); 632e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 633e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved certificate should not be null", retrieved); 634e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 635e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root CertificateFactory f = CertificateFactory.getInstance("X.509"); 636e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 637e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 638e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Actual and retrieved certificates should be the same", actual, retrieved); 639e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 640e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 6412eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetCertificate_NonExist_Encrypted_Failure() throws Exception { 6422eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 6432eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 644e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 645e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 646e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNull("Certificate should not exist in keystore", 647e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.getCertificate(TEST_ALIAS_1)); 648e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 649e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 6502eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetCertificateAlias_CAEntry_Encrypted_Success() throws Exception { 6512eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 6522eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 653e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 654e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 655e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 656e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 657e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root CertificateFactory f = CertificateFactory.getInstance("X.509"); 658e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 659e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 660e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, 661e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.getCertificateAlias(actual)); 662e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 663e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 6642eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetCertificateAlias_PrivateKeyEntry_Encrypted_Success() 6652eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 6662eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 6672eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 668e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 669e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 670e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 671e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root FAKE_KEY_1)); 672e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); 673e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 674e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 675e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root CertificateFactory f = CertificateFactory.getInstance("X.509"); 676e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 677e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 678e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, 679e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.getCertificateAlias(actual)); 680e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 681e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 6822eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Encrypted_Success() 683e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root throws Exception { 6842eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 6852eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 686e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 687e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 688e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Insert TrustedCertificateEntry with CA name 689e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); 690e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 691e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Insert PrivateKeyEntry that uses the same CA 692e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 693e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root FAKE_KEY_1)); 694e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); 695e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 696e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 697e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root CertificateFactory f = CertificateFactory.getInstance("X.509"); 698e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 699e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 700e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Stored certificate alias should be found", TEST_ALIAS_2, 701e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.getCertificateAlias(actual)); 702e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 703e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 7042eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetCertificateAlias_NonExist_Empty_Encrypted_Failure() 7052eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 7062eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 7072eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 708e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 709e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 710e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root CertificateFactory f = CertificateFactory.getInstance("X.509"); 711e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 712e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 713e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNull("Stored certificate alias should not be found", 714e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.getCertificateAlias(actual)); 715e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 716e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 7172eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetCertificateAlias_NonExist_Encrypted_Failure() throws Exception { 7182eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 7192eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 720e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 721e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 722e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 723e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 724e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root CertificateFactory f = CertificateFactory.getInstance("X.509"); 725e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Certificate userCert = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 726e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 727e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNull("Stored certificate alias should be found", 728e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.getCertificateAlias(userCert)); 729e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 730e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 7312eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetCertificateChain_SingleLength_Encrypted_Success() throws Exception { 7322eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 7332eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 734e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 735e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 736e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 737e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root FAKE_KEY_1)); 738e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); 739e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 740e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 741e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root CertificateFactory cf = CertificateFactory.getInstance("X.509"); 742e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Certificate[] expected = new Certificate[2]; 743e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expected[0] = cf.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 744e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expected[1] = cf.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 745e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 746e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Certificate[] actual = mKeyStore.getCertificateChain(TEST_ALIAS_1); 747e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 748e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Returned certificate chain should not be null", actual); 749e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Returned certificate chain should be correct size", expected.length, 750e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actual.length); 751e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("First certificate should be user certificate", expected[0], actual[0]); 752e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Second certificate should be CA certificate", expected[1], actual[1]); 753e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 754e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Negative test when keystore is populated. 755e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNull("Stored certificate alias should not be found", 756e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.getCertificateChain(TEST_ALIAS_2)); 757e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 758e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 7592eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetCertificateChain_NonExist_Encrypted_Failure() throws Exception { 7602eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 7612eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 762e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 763e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 764e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNull("Stored certificate alias should not be found", 765e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.getCertificateChain(TEST_ALIAS_1)); 766e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 767e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 7682eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetCreationDate_PrivateKeyEntry_Encrypted_Success() throws Exception { 7692eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 7702eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 771e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 772e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 773e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 774e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root FAKE_KEY_1)); 775e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); 776e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 777e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 778e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Date now = new Date(); 779e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 780e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 781e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 782e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 783e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 784e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Time should be close to current time", actual.before(expectedBefore)); 785e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Time should be close to current time", actual.after(expectedAfter)); 786e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 787e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 7882eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetCreationDate_PrivateKeyEntry_Unencrypted_Success() throws Exception { 7892eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.load(null, null); 7902eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 7912eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 7922eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 7932eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, 7942eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 7952eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, 7962eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 7972eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 7982eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root Date now = new Date(); 7992eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 8002eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 8012eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 8022eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 8032eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 8042eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue("Time should be close to current time", actual.before(expectedBefore)); 8052eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue("Time should be close to current time", actual.after(expectedAfter)); 8062eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 8072eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 8082eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetCreationDate_CAEntry_Encrypted_Success() throws Exception { 8092eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 8102eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 811e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 812e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 813e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 814e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 815e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Date now = new Date(); 816e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 817e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Certificate should be found", actual); 818e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 819e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 820e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 821e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 822e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Time should be close to current time", actual.before(expectedBefore)); 823e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Time should be close to current time", actual.after(expectedAfter)); 824e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 825e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 8262eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetEntry_NullParams_Encrypted_Success() throws Exception { 8272eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 8282eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 829e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 830e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 831e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 832e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root FAKE_KEY_1)); 833e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); 834e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 835e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 836e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 837e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Entry should exist", entry); 838e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 839e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 840e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 841e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 842e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 843e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertPrivateKeyEntryEquals(keyEntry, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); 844e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 845e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 8462eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetEntry_NullParams_Unencrypted_Success() throws Exception { 8472eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.load(null, null); 8482eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 8492eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 8502eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 8512eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, 8522eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 8532eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, 8542eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 8552eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 8562eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 8572eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNotNull("Entry should exist", entry); 8582eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 8592eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 8602eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 8612eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 8622eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 8632eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertPrivateKeyEntryEquals(keyEntry, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); 8642eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 8652eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 866802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root @SuppressWarnings("unchecked") 867e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, byte[] key, byte[] cert, 868e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root byte[] ca) throws Exception { 869e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 870e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(key)); 871e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 872e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root CertificateFactory certFact = CertificateFactory.getInstance("X.509"); 873e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Certificate expectedCert = certFact.generateCertificate(new ByteArrayInputStream(cert)); 874e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 875802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root final Collection<Certificate> expectedChain; 876802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root if (ca != null) { 877802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root expectedChain = (Collection<Certificate>) certFact 878802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root .generateCertificates(new ByteArrayInputStream(ca)); 879802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } else { 880802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root expectedChain = null; 881802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 882802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 883802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, expectedChain); 884802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 885802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 886802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey, 887802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root Certificate expectedCert, Collection<Certificate> expectedChain) throws Exception { 8882eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertEquals("Returned PrivateKey should be what we inserted", 8892eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root ((RSAPrivateKey) expectedKey).getModulus(), 8902eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root ((RSAPrivateKey) keyEntry.getPrivateKey()).getModulus()); 891802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 892e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Returned Certificate should be what we inserted", expectedCert, 893e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root keyEntry.getCertificate()); 894e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 895e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Certificate[] actualChain = keyEntry.getCertificateChain(); 896e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 897e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("First certificate in chain should be user cert", expectedCert, actualChain[0]); 898e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 899802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root if (expectedChain == null) { 900e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Certificate chain should not include CAs", 1, actualChain.length); 901e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } else { 902e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root int i = 1; 903e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Iterator<Certificate> it = expectedChain.iterator(); 904e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root while (it.hasNext()) { 905e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("CA chain certificate should equal what we put in", it.next(), 906e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualChain[i++]); 907e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 908e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 909e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 910e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 9112eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetEntry_Nonexistent_NullParams_Encrypted_Failure() throws Exception { 9122eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 9132eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 914e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 915e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 916e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNull("A non-existent entry should return null", 917e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.getEntry(TEST_ALIAS_1, null)); 918e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 919e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 9202eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetEntry_Nonexistent_NullParams_Unencrypted_Failure() throws Exception { 9212eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.load(null, null); 9222eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 9232eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNull("A non-existent entry should return null", 9242eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.getEntry(TEST_ALIAS_1, null)); 9252eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 9262eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 9272eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetKey_NoPassword_Encrypted_Success() throws Exception { 9282eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 9292eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 930e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 931e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 932e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 933e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root FAKE_KEY_1)); 934e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); 935e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 936e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 937e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 938e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Key should exist", key); 939e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 940e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Should be a RSAPrivateKey", key instanceof RSAPrivateKey); 941e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 942e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root RSAPrivateKey actualKey = (RSAPrivateKey) key; 943e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 944e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 945e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 946e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 9472eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertEquals("Inserted key should be same as retrieved key", 9482eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root ((RSAPrivateKey) expectedKey).getModulus(), actualKey.getModulus()); 949e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 950e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 9512eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetKey_NoPassword_Unencrypted_Success() throws Exception { 9522eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.load(null, null); 9532eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 9542eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 9552eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 9562eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, 9572eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 9582eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, 9592eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 9602eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 9612eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 9622eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNotNull("Key should exist", key); 9632eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 9642eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue("Should be a RSAPrivateKey", key instanceof RSAPrivateKey); 9652eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 9662eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root RSAPrivateKey actualKey = (RSAPrivateKey) key; 9672eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 9682eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 9692eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 9702eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 9712eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertEquals("Inserted key should be same as retrieved key", 9722eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root ((RSAPrivateKey) expectedKey).getModulus(), actualKey.getModulus()); 9732eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 9742eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 9752eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetKey_Certificate_Encrypted_Failure() throws Exception { 9762eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 9772eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 978e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 979e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 980e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 981e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 982e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNull("Certificate entries should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); 983e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 984e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 9852eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetKey_NonExistent_Encrypted_Failure() throws Exception { 9862eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 9872eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 988e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 989e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 990e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNull("A non-existent entry should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); 991e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 992e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 9932eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetProvider_Encrypted_Success() throws Exception { 9942eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertEquals(AndroidKeyStoreProvider.PROVIDER_NAME, mKeyStore.getProvider().getName()); 9952eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 996e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals(AndroidKeyStoreProvider.PROVIDER_NAME, mKeyStore.getProvider().getName()); 997e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 998e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 9992eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_GetType_Encrypted_Success() throws Exception { 10002eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertEquals(AndroidKeyStore.NAME, mKeyStore.getType()); 10012eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1002e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals(AndroidKeyStore.NAME, mKeyStore.getType()); 1003e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1004e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 10052eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_IsCertificateEntry_CA_Encrypted_Success() throws Exception { 10062eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1007e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1008e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1009e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 1010e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1011e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Should return true for CA certificate", 1012e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1013e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1014e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 10152eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_IsCertificateEntry_PrivateKey_Encrypted_Failure() throws Exception { 10162eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1017e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1018e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1019e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1020e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root FAKE_KEY_1)); 1021e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); 1022e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 1023e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1024e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertFalse("Should return false for PrivateKeyEntry", 1025e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1026e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1027e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 10282eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_IsCertificateEntry_NonExist_Encrypted_Failure() throws Exception { 10292eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 10302eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.load(null, null); 10312eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 10322eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertFalse("Should return false for non-existent entry", 10332eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 10342eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 10352eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 10362eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_IsCertificateEntry_NonExist_Unencrypted_Failure() throws Exception { 1037e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1038e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1039e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertFalse("Should return false for non-existent entry", 1040e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1041e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1042e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 10432eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_IsKeyEntry_PrivateKey_Encrypted_Success() throws Exception { 10442eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1045e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1046e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1047e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1048e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root FAKE_KEY_1)); 1049e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); 1050e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 1051e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1052e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Should return true for PrivateKeyEntry", mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1053e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1054e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 10552eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_IsKeyEntry_CA_Encrypted_Failure() throws Exception { 10562eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1057e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1058e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1059e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 1060e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1061e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertFalse("Should return false for CA certificate", mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1062e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1063e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 10642eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_IsKeyEntry_NonExist_Encrypted_Failure() throws Exception { 10652eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1066e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1067e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1068e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertFalse("Should return false for non-existent entry", 1069e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1070e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1071e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 10722eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetCertificate_CA_Encrypted_Success() throws Exception { 1073e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1074e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1075e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 10762eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1077e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1078e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1079e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setCertificateEntry(TEST_ALIAS_1, actual); 1080e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_1 }); 1081e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1082e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); 1083e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1084e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Retrieved certificate should be the same as the one inserted", actual, 1085e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root retrieved); 1086e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1087e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 10882eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetCertificate_CAExists_Overwrite_Encrypted_Success() throws Exception { 10892eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1090e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1091e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1092e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 1093e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1094e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_1 }); 1095e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1096e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1097e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate cert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1098e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1099e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // TODO have separate FAKE_CA for second test 1100e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 1101e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1102e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_1 }); 1103e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1104e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 11052eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetCertificate_PrivateKeyExists_Encrypted_Failure() throws Exception { 11062eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1107e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1108e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1109e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1110e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root FAKE_KEY_1)); 1111e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); 1112e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 1113e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1114e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_1 }); 1115e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1116e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1117e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate cert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1118e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1119e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root try { 1120e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 1121e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root fail("Should throw when trying to overwrite a PrivateKey entry with a Certificate"); 1122e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } catch (KeyStoreException success) { 1123e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1124e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1125e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 11262eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetEntry_PrivateKeyEntry_Encrypted_Success() throws Exception { 11272eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1128e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1129e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1130e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1131e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 1132e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1133e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1134e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1135e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate[] expectedChain = new Certificate[2]; 1136e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 1137e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1138e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1139e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1140e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1141e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1142e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1143e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1144e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1145e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1146e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1147e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof PrivateKeyEntry); 1148e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1149e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1150e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1151e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); 1152e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1153e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 11542eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetEntry_PrivateKeyEntry_Unencrypted_Success() throws Exception { 11552eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.load(null, null); 11562eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11572eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 11582eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 11592eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11602eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 11612eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11622eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final Certificate[] expectedChain = new Certificate[2]; 11632eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 11642eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 11652eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11662eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 11672eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11682eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 11692eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11702eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 11712eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNotNull("Retrieved entry should exist", actualEntry); 11722eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11732eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue("Retrieved entry should be of type PrivateKeyEntry", 11742eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root actualEntry instanceof PrivateKeyEntry); 11752eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11762eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 11772eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11782eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); 11792eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 11802eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11812eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure() throws Exception { 11822eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.load(null, null); 11832eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11842eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 11852eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 11862eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11872eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 11882eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11892eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final Certificate[] expectedChain = new Certificate[2]; 11902eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 11912eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 11922eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11932eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root PrivateKeyEntry entry = new PrivateKeyEntry(expectedKey, expectedChain); 11942eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 11952eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root try { 11962eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.setEntry(TEST_ALIAS_1, entry, 11972eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root new AndroidKeyStoreParameter.Builder(getContext()) 11982eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 11992eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 12002eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root fail("Shouldn't be able to insert encrypted entry when KeyStore uninitialized"); 12012eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } catch (KeyStoreException expected) { 12022eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 12032eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 12042eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNull(mKeyStore.getEntry(TEST_ALIAS_1, null)); 12052eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 12062eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 12072eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void 12082eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Encrypted_Success() 1209e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root throws Exception { 12102eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1211e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1212e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1213e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1214e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1215e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1216e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Start with PrivateKeyEntry 1217e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root { 1218e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 1219e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1220e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate[] expectedChain = new Certificate[2]; 1221e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 1222e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1223e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1224e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1225e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1226e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1227e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1228e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1229e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1230e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1231e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1232e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof PrivateKeyEntry); 1233e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1234e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1235e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1236e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); 1237e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1238e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1239e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // TODO make entirely new test vector for the overwrite 1240e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Replace with PrivateKeyEntry 1241e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root { 1242e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 1243e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1244e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate[] expectedChain = new Certificate[2]; 1245e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 1246e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1247e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1248e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1249e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1250e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1251e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1252e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1253e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1254e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1255e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1256e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof PrivateKeyEntry); 1257e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1258e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1259e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1260e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); 1261e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1262e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1263e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 12642eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Encrypted_Success() 12652eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 12662eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1267e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1268e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1269e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1270e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1271e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Start with TrustedCertificateEntry 1272e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root { 1273e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1274e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1275e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1276e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1277e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1278e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1279e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1280e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1281e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof TrustedCertificateEntry); 1282e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1283e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Stored and retrieved certificates should be the same", 1284e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedCertEntry.getTrustedCertificate(), 1285e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualCertEntry.getTrustedCertificate()); 1286e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1287e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1288e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Replace with PrivateKeyEntry 1289e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root { 1290e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1291e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 1292e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate[] expectedChain = new Certificate[2]; 1293e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 1294e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1295e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1296e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1297e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1298e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1299e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1300e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1301e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1302e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1303e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof PrivateKeyEntry); 1304e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1305e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1306e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertPrivateKeyEntryEquals(actualPrivEntry, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); 1307e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1308e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1309e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 13102eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success() 13112eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 13122eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1313e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1314e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1315e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1316e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1317e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1318e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1319e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Start with PrivateKeyEntry 1320e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root { 1321e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1322e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 1323e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate[] expectedChain = new Certificate[2]; 1324e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 1325e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[1] = caCert; 1326e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1327e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1328e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1329e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1330e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1331e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1332e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1333e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1334e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof PrivateKeyEntry); 1335e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1336e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1337e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertPrivateKeyEntryEquals(actualPrivEntry, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); 1338e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1339e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1340e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Replace with TrustedCertificateEntry 1341e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root { 1342e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1343e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1344e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1345e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1346e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1347e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1348e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof TrustedCertificateEntry); 1349e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1350e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Stored and retrieved certificates should be the same", 1351e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedCertEntry.getTrustedCertificate(), 1352e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualCertEntry.getTrustedCertificate()); 1353e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1354e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1355e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 13562eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public 13572eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root void 13582eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Encrypted_Success() 1359e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root throws Exception { 13602eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1361e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1362e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1363e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1364e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1365e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1366e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1367e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Start with PrivateKeyEntry 1368e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root { 1369e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1370e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 1371e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate[] expectedChain = new Certificate[2]; 1372e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 1373e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[1] = caCert; 1374e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1375e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1376e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1377e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1378e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1379e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1380e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1381e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1382e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof PrivateKeyEntry); 1383e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1384e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1385e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertPrivateKeyEntryEquals(actualPrivEntry, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); 1386e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1387e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1388e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Replace with PrivateKeyEntry that has no chain 1389e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root { 1390e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1391e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 1392e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate[] expectedChain = new Certificate[1]; 1393e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 1394e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1395e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1396e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1397e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1398e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1399e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1400e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1401e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1402e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof PrivateKeyEntry); 1403e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1404e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1405e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertPrivateKeyEntryEquals(actualPrivEntry, FAKE_KEY_1, FAKE_USER_1, null); 1406e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1407e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1408e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 14092eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Encrypted_Success() 14102eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 14112eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1412e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1413e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1414e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1415e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1416e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Insert TrustedCertificateEntry 1417e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root { 1418e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1419e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1420e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1421e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1422e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1423e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1424e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1425e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1426e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof TrustedCertificateEntry); 1427e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1428e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Stored and retrieved certificates should be the same", 1429e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedCertEntry.getTrustedCertificate(), 1430e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualCertEntry.getTrustedCertificate()); 1431e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1432e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1433e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Replace with TrustedCertificateEntry of USER 1434e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root { 1435e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate userCert = f 1436e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root .generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 1437e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1438e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root TrustedCertificateEntry expectedUserEntry = new TrustedCertificateEntry(userCert); 1439e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setEntry(TEST_ALIAS_1, expectedUserEntry, null); 1440e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1441e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1442e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1443e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1444e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof TrustedCertificateEntry); 1445e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root TrustedCertificateEntry actualUserEntry = (TrustedCertificateEntry) actualEntry; 1446e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("Stored and retrieved certificates should be the same", 1447e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root expectedUserEntry.getTrustedCertificate(), 1448e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualUserEntry.getTrustedCertificate()); 1449e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1450e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1451e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 14522eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetKeyEntry_ProtectedKey_Encrypted_Failure() throws Exception { 14532eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1454e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1455e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1456e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1457e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1458e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1459e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1460e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1461e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 1462e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate[] chain = new Certificate[2]; 1463e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 1464e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root chain[1] = caCert; 1465e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1466e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root try { 1467e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, "foo".toCharArray(), chain); 1468e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root fail("Should fail when a password is specified"); 1469e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } catch (KeyStoreException success) { 1470e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1471e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1472e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 14732eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetKeyEntry_Encrypted_Success() throws Exception { 14742eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1475e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1476e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1477e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1478e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1479e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1480e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1481e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1482e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 1483e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate[] chain = new Certificate[2]; 1484e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 1485e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root chain[1] = caCert; 1486e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1487e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1488e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1489e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1490e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1491e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1492e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1493e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof PrivateKeyEntry); 1494e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1495e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1496e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1497e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); 1498e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1499e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 15002eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetKeyEntry_Replaced_Encrypted_Success() throws Exception { 15012eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1502e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1503e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1504e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1505e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1506e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); 1507e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1508e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Insert initial key 1509e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root { 1510e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1511e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 1512e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate[] chain = new Certificate[2]; 1513e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 1514e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root chain[1] = caCert; 1515e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1516e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1517e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1518e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1519e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1520e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1521e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1522e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof PrivateKeyEntry); 1523e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1524e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1525e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1526e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); 1527e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1528e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1529e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // TODO make a separate key 1530e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root // Replace key 1531e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root { 1532e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1533e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); 1534e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root final Certificate[] chain = new Certificate[2]; 1535e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); 1536e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root chain[1] = caCert; 1537e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1538e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1539e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1540e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1541e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertNotNull("Retrieved entry should exist", actualEntry); 1542e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1543e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1544e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root actualEntry instanceof PrivateKeyEntry); 1545e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1546e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1547e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1548e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); 1549e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1550e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1551e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1552802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root @SuppressWarnings("deprecation") 1553802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root private static X509Certificate generateCertificate(android.security.KeyStore keyStore, 1554802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root String alias, BigInteger serialNumber, X500Principal subjectDN, Date notBefore, 1555802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root Date notAfter) throws Exception { 1556802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias; 1557802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1558802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root final PrivateKey privKey; 1559802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore"); 1560802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root try { 1561802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root privKey = engine.getPrivateKeyById(privateKeyAlias); 1562802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } catch (InvalidKeyException e) { 1563802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root throw new RuntimeException("Can't get key", e); 1564802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 1565802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1566802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root final byte[] pubKeyBytes = keyStore.getPubkey(privateKeyAlias); 1567802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1568802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root final PublicKey pubKey; 1569802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root try { 1570802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root final KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1571802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root pubKey = keyFact.generatePublic(new X509EncodedKeySpec(pubKeyBytes)); 1572802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } catch (NoSuchAlgorithmException e) { 1573802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root throw new IllegalStateException("Can't instantiate RSA key generator", e); 1574802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } catch (InvalidKeySpecException e) { 1575802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root throw new IllegalStateException("keystore returned invalid key encoding", e); 1576802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 1577802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1578802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); 1579802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root certGen.setPublicKey(pubKey); 1580802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root certGen.setSerialNumber(serialNumber); 1581802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root certGen.setSubjectDN(subjectDN); 1582802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root certGen.setIssuerDN(subjectDN); 1583802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root certGen.setNotBefore(notBefore); 1584802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root certGen.setNotAfter(notAfter); 1585802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root certGen.setSignatureAlgorithm("sha1WithRSA"); 1586802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1587802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root final X509Certificate cert = certGen.generate(privKey); 1588802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1589802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root return cert; 1590802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 1591802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 15922eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetKeyEntry_ReplacedChain_Encrypted_Success() throws Exception { 15932eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1594802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root mKeyStore.load(null, null); 1595802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1596802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root // Create key #1 1597802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root { 1598802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; 1599802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertTrue(mAndroidKeyStore.generate(privateKeyAlias)); 1600802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1601802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1602802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1603802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertTrue(key instanceof PrivateKey); 1604802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1605802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root PrivateKey expectedKey = (PrivateKey) key; 1606802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1607802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root X509Certificate expectedCert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, 1608802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS); 1609802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1610802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 1611802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root expectedCert.getEncoded())); 1612802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1613802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1614802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1615802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertTrue(entry instanceof PrivateKeyEntry); 1616802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1617802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1618802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1619802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null); 1620802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 1621802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1622802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root // Replace key #1 with new chain 1623802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root { 1624802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1625802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1626802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertTrue(key instanceof PrivateKey); 1627802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1628802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root PrivateKey expectedKey = (PrivateKey) key; 1629802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1630802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root X509Certificate expectedCert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, 1631802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); 1632802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1633802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root mKeyStore.setKeyEntry(TEST_ALIAS_1, expectedKey, null, 1634802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root new Certificate[] { expectedCert }); 1635802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1636802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1637802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1638802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertTrue(entry instanceof PrivateKeyEntry); 1639802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1640802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1641802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1642802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null); 1643802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 1644802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 1645802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 16462eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Encrypted_Failure() 1647802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root throws Exception { 16482eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1649802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root mKeyStore.load(null, null); 1650802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1651802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root // Create key #1 1652802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root { 1653802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; 1654802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertTrue(mAndroidKeyStore.generate(privateKeyAlias)); 1655802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1656802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, 1657802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS); 1658802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1659802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 1660802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root cert.getEncoded())); 1661802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 1662802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1663802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root // Create key #2 1664802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root { 1665802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_2; 1666802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertTrue(mAndroidKeyStore.generate(privateKeyAlias)); 1667802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1668802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2, 1669802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); 1670802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1671802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_2, 1672802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root cert.getEncoded())); 1673802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 1674802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1675802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root // Replace key #1 with key #2 1676802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root { 1677802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root Key key1 = mKeyStore.getKey(TEST_ALIAS_2, null); 1678802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1679802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2, 1680802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); 1681802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 1682802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root try { 1683802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root mKeyStore.setKeyEntry(TEST_ALIAS_1, key1, null, new Certificate[] { cert }); 1684802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root fail("Should not allow setting of KeyEntry with wrong PrivaetKey"); 1685802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } catch (KeyStoreException success) { 1686802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 1687802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 1688802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root } 1689802768dd86c4e8a933dbfbac2e9f1a1daa5f93faKenny Root 16902eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_SetKeyEntry_ReplacedChain_UnencryptedToEncrypted_Failure() 16912eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 16922eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.load(null, null); 16932eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 16942eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root // Create key #1 16952eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root { 16962eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; 16972eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.generate(privateKeyAlias, 16982eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root android.security.KeyStore.UID_SELF, android.security.KeyStore.FLAG_NONE)); 16992eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 17002eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root X509Certificate cert = 17012eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1, TEST_DN_1, 17022eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root NOW, NOW_PLUS_10_YEARS); 17032eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 17042eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 17052eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root cert.getEncoded(), android.security.KeyStore.UID_SELF, 17062eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root android.security.KeyStore.FLAG_NONE)); 17072eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 17082eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 17092eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root // Replace with one that requires encryption 17102eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root { 17112eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 17122eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 17132eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root try { 17142eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.setEntry(TEST_ALIAS_1, entry, new AndroidKeyStoreParameter.Builder( 17152eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root getContext()).setEncryptionRequired().build()); 17162eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root fail("Should not allow setting of Entry without unlocked keystore"); 17172eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } catch (KeyStoreException success) { 17182eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 17192eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 17202eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.password("1111")); 17212eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.isUnlocked()); 17222eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 17232eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mKeyStore.setEntry(TEST_ALIAS_1, entry, 17242eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root new AndroidKeyStoreParameter.Builder(getContext()) 17252eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 17262eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 17272eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 17282eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 17292eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 17302eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_Size_Encrypted_Success() throws Exception { 17312eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1732e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1733e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1734e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); 1735e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1736e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("The keystore size should match expected", 1, mKeyStore.size()); 1737e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_1 }); 1738e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1739e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); 1740e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1741e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("The keystore size should match expected", 2, mKeyStore.size()); 1742e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); 1743e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1744e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3)); 1745e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1746e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("The keystore size should match expected", 3, mKeyStore.size()); 1747e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); 1748e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1749e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.delete(Credentials.CA_CERTIFICATE + TEST_ALIAS_1)); 1750e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1751e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("The keystore size should match expected", 2, mKeyStore.size()); 1752e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); 1753e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1754e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertTrue(mAndroidKeyStore.delKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3)); 1755e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1756e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertEquals("The keystore size should match expected", 1, mKeyStore.size()); 1757e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root assertAliases(new String[] { TEST_ALIAS_2 }); 1758e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1759e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 17602eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_Store_LoadStoreParam_Encrypted_Failure() throws Exception { 17612eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1762e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1763e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1764e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root try { 1765e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.store(null); 1766e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root fail("Should throw UnsupportedOperationException when trying to store"); 1767e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } catch (UnsupportedOperationException success) { 1768e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1769e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1770e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 17712eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_Load_InputStreamSupplied_Encrypted_Failure() throws Exception { 1772e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root byte[] buf = "FAKE KEYSTORE".getBytes(); 1773e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root ByteArrayInputStream is = new ByteArrayInputStream(buf); 1774e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1775e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root try { 1776e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(is, null); 1777e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root fail("Should throw IllegalArgumentException when InputStream is supplied"); 1778e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } catch (IllegalArgumentException success) { 1779e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1780e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1781e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 17822eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_Load_PasswordSupplied_Encrypted_Failure() throws Exception { 1783e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root try { 1784e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, "password".toCharArray()); 1785e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root fail("Should throw IllegalArgumentException when password is supplied"); 1786e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } catch (IllegalArgumentException success) { 1787e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1788e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1789e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 17902eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_Store_OutputStream_Encrypted_Failure() throws Exception { 17912eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1792e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.load(null, null); 1793e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1794e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root OutputStream sink = new ByteArrayOutputStream(); 1795e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root try { 1796e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.store(sink, null); 1797e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root fail("Should throw UnsupportedOperationException when trying to store"); 1798e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } catch (UnsupportedOperationException success) { 1799e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1800e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root 1801e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root try { 1802e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root mKeyStore.store(sink, "blah".toCharArray()); 1803e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root fail("Should throw UnsupportedOperationException when trying to store"); 1804e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } catch (UnsupportedOperationException success) { 1805e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1806e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root } 1807656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1808656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root private void setupKey() throws Exception { 1809656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; 1810656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root assertTrue(mAndroidKeyStore.generate(privateKeyAlias)); 1811656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1812656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1, 1813656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root TEST_DN_1, NOW, NOW_PLUS_10_YEARS); 1814656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1815656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 1816656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root cert.getEncoded())); 1817656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root } 1818656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 18192eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyStore_KeyOperations_Wrap_Encrypted_Success() throws Exception { 18202eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1821656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root mKeyStore.load(null, null); 1822656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1823656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root setupKey(); 1824656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1825656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root // Test key usage 1826656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null); 1827656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root assertNotNull(e); 1828656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root assertTrue(e instanceof PrivateKeyEntry); 1829656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1830656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root PrivateKeyEntry privEntry = (PrivateKeyEntry) e; 1831656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root PrivateKey privKey = privEntry.getPrivateKey(); 1832656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root assertNotNull(privKey); 1833656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1834656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root PublicKey pubKey = privEntry.getCertificate().getPublicKey(); 1835656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1836656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding"); 1837656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root c.init(Cipher.WRAP_MODE, pubKey); 1838656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1839656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root byte[] expectedKey = new byte[] { 1840656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A 1841656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root }; 1842656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1843656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root SecretKey expectedSecret = new SecretKeySpec(expectedKey, "AES"); 1844656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1845656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root byte[] wrappedExpected = c.wrap(expectedSecret); 1846656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1847656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root c.init(Cipher.UNWRAP_MODE, privKey); 1848656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY); 1849656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root 1850656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root assertEquals(Arrays.toString(expectedSecret.getEncoded()), 1851656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root Arrays.toString(actualSecret.getEncoded())); 1852656f92f2c6fec008dd3131f6ec30a121b5b2a92eKenny Root } 1853e29df16cb57b69995df597e8a6d95d986c1c43fcKenny Root} 1854