KeyStoreTest.java revision 3a084af2e90849aaa8beb3a610189e3399c63ea0
1/* 2 * Copyright (C) 2009 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.security; 18 19import android.app.Activity; 20import android.security.KeyStore; 21import android.test.ActivityUnitTestCase; 22import android.test.suitebuilder.annotation.MediumTest; 23import java.nio.charset.Charsets; 24import java.util.Arrays; 25import java.util.HashSet; 26 27/** 28 * Junit / Instrumentation test case for KeyStore class 29 * 30 * Running the test suite: 31 * 32 * runtest keystore-unit 33 * 34 * Or this individual test case: 35 * 36 * runtest --path frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java 37 */ 38@MediumTest 39public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 40 private static final String TEST_PASSWD = "12345678"; 41 private static final String TEST_PASSWD2 = "87654321"; 42 private static final String TEST_KEYNAME = "test-key"; 43 private static final String TEST_KEYNAME1 = "test-key.1"; 44 private static final String TEST_KEYNAME2 = "test-key\02"; 45 private static final byte[] TEST_KEYVALUE = "test value".getBytes(Charsets.UTF_8); 46 47 // "Hello, World" in Chinese 48 private static final String TEST_I18N_KEY = "\u4F60\u597D, \u4E16\u754C"; 49 private static final byte[] TEST_I18N_VALUE = TEST_I18N_KEY.getBytes(Charsets.UTF_8); 50 51 // Test vector data for signatures 52 private static final byte[] TEST_DATA = new byte[256]; 53 static { 54 for (int i = 0; i < TEST_DATA.length; i++) { 55 TEST_DATA[i] = (byte) i; 56 } 57 } 58 59 private KeyStore mKeyStore = null; 60 61 public KeyStoreTest() { 62 super(Activity.class); 63 } 64 65 private static final byte[] PRIVKEY_BYTES = hexToBytes( 66 "308204BE020100300D06092A864886F70D0101010500048204A8308204A4020100028201" + 67 "0100E0473E8AB8F2284FEB9E742FF9748FA118ED98633C92F52AEB7A2EBE0D3BE60329BE" + 68 "766AD10EB6A515D0D2CFD9BEA7930F0C306537899F7958CD3E85B01F8818524D312584A9" + 69 "4B251E3625B54141EDBFEE198808E1BB97FC7CB49B9EAAAF68E9C98D7D0EDC53BBC0FA00" + 70 "34356D6305FBBCC3C7001405386ABBC873CB0F3EF7425F3D33DF7B315AE036D2A0B66AFD" + 71 "47503B169BF36E3B5162515B715FDA83DEAF2C58AEB9ABFB3097C3CC9DD9DBE5EF296C17" + 72 "6139028E8A671E63056D45F40188D2C4133490845DE52C2534E9C6B2478C07BDAE928823" + 73 "B62D066C7770F9F63F3DBA247F530844747BE7AAA85D853B8BD244ACEC3DE3C89AB46453" + 74 "AB4D24C3AC6902030100010282010037784776A5F17698F5AC960DFB83A1B67564E648BD" + 75 "0597CF8AB8087186F2669C27A9ECBDD480F0197A80D07309E6C6A96F925331E57F8B4AC6" + 76 "F4D45EDA45A23269C09FC428C07A4E6EDF738A15DEC97FABD2F2BB47A14F20EA72FCFE4C" + 77 "36E01ADA77BD137CD8D4DA10BB162E94A4662971F175F985FA188F056CB97EE2816F43AB" + 78 "9D3747612486CDA8C16196C30818A995EC85D38467791267B3BF21F273710A6925862576" + 79 "841C5B6712C12D4BD20A2F3299ADB7C135DA5E9515ABDA76E7CAF2A3BE80551D073B78BF" + 80 "1162C48AD2B7F4743A0238EE4D252F7D5E7E6533CCAE64CCB39360075A2FD1E034EC3AE5" + 81 "CE9C408CCBF0E25E4114021687B3DD4754AE8102818100F541884BC3737B2922D4119EF4" + 82 "5E2DEE2CD4CBB75F45505A157AA5009F99C73A2DF0724AC46024306332EA898177634546" + 83 "5DC6DF1E0A6F140AFF3B7396E6A8994AC5DAA96873472FE37749D14EB3E075E629DBEB35" + 84 "83338A6F3649D0A2654A7A42FD9AB6BFA4AC4D481D390BB229B064BDC311CC1BE1B63189" + 85 "DA7C40CDECF2B102818100EA1A742DDB881CEDB7288C87E38D868DD7A409D15A43F445D5" + 86 "377A0B5731DDBFCA2DAF28A8E13CD5C0AFCEC3347D74A39E235A3CD9633F274DE2B94F92" + 87 "DF43833911D9E9F1CF58F27DE2E08FF45964C720D3EC2139DC7CAFC912953CDECB2F355A" + 88 "2E2C35A50FAD754CB3B23166424BA3B6E3112A2B898C38C5C15EDB238693390281805182" + 89 "8F1EC6FD996029901BAF1D7E337BA5F0AF27E984EAD895ACE62BD7DF4EE45A224089F2CC" + 90 "151AF3CD173FCE0474BCB04F386A2CDCC0E0036BA2419F54579262D47100BE931984A3EF" + 91 "A05BECF141574DC079B3A95C4A83E6C43F3214D6DF32D512DE198085E531E616B83FD7DD" + 92 "9D1F4E2607C3333D07C55D107D1D3893587102818100DB4FB50F50DE8EDB53FF34C80931" + 93 "88A0512867DA2CCA04897759E587C244010DAF8664D59E8083D16C164789301F67A9F078" + 94 "060D834A2ADBD367575B68A8A842C2B02A89B3F31FCCEC8A22FE395795C5C6C7422B4E5D" + 95 "74A1E9A8F30E7759B9FC2D639C1F15673E84E93A5EF1506F4315383C38D45CBD1B14048F" + 96 "4721DC82326102818100D8114593AF415FB612DBF1923710D54D07486205A76A3B431949" + 97 "68C0DFF1F11EF0F61A4A337D5FD3741BBC9640E447B8B6B6C47C3AC1204357D3B0C55BA9" + 98 "286BDA73F629296F5FA9146D8976357D3C751E75148696A40B74685C82CE30902D639D72" + 99 "4FF24D5E2E9407EE34EDED2E3B4DF65AA9BCFEB6DF28D07BA6903F165768"); 100 101 102 private static byte[] hexToBytes(String s) { 103 int len = s.length(); 104 byte[] data = new byte[len / 2]; 105 for (int i = 0; i < len; i += 2) { 106 data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit( 107 s.charAt(i + 1), 16)); 108 } 109 return data; 110 } 111 112 @Override 113 protected void setUp() throws Exception { 114 mKeyStore = KeyStore.getInstance(); 115 if (mKeyStore.state() != KeyStore.State.UNINITIALIZED) { 116 mKeyStore.reset(); 117 } 118 assertEquals("KeyStore should be in an uninitialized state", 119 KeyStore.State.UNINITIALIZED, mKeyStore.state()); 120 super.setUp(); 121 } 122 123 @Override 124 protected void tearDown() throws Exception { 125 mKeyStore.reset(); 126 super.tearDown(); 127 } 128 129 public void teststate() throws Exception { 130 assertEquals(KeyStore.State.UNINITIALIZED, mKeyStore.state()); 131 } 132 133 public void testPassword() throws Exception { 134 assertTrue(mKeyStore.password(TEST_PASSWD)); 135 assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); 136 } 137 138 public void testGet() throws Exception { 139 assertNull(mKeyStore.get(TEST_KEYNAME)); 140 mKeyStore.password(TEST_PASSWD); 141 assertNull(mKeyStore.get(TEST_KEYNAME)); 142 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE)); 143 assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); 144 } 145 146 public void testPut() throws Exception { 147 assertNull(mKeyStore.get(TEST_KEYNAME)); 148 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE)); 149 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 150 mKeyStore.password(TEST_PASSWD); 151 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE)); 152 assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); 153 } 154 155 public void testI18n() throws Exception { 156 assertFalse(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE)); 157 assertFalse(mKeyStore.contains(TEST_I18N_KEY)); 158 mKeyStore.password(TEST_I18N_KEY); 159 assertTrue(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE)); 160 assertTrue(mKeyStore.contains(TEST_I18N_KEY)); 161 } 162 163 public void testDelete() throws Exception { 164 assertFalse(mKeyStore.delete(TEST_KEYNAME)); 165 mKeyStore.password(TEST_PASSWD); 166 assertFalse(mKeyStore.delete(TEST_KEYNAME)); 167 168 mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE); 169 assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); 170 assertTrue(mKeyStore.delete(TEST_KEYNAME)); 171 assertNull(mKeyStore.get(TEST_KEYNAME)); 172 } 173 174 public void testContains() throws Exception { 175 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 176 177 mKeyStore.password(TEST_PASSWD); 178 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 179 180 mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE); 181 assertTrue(mKeyStore.contains(TEST_KEYNAME)); 182 } 183 184 public void testSaw() throws Exception { 185 String[] emptyResult = mKeyStore.saw(TEST_KEYNAME); 186 assertNotNull(emptyResult); 187 assertEquals(0, emptyResult.length); 188 189 mKeyStore.password(TEST_PASSWD); 190 mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE); 191 mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE); 192 193 String[] results = mKeyStore.saw(TEST_KEYNAME); 194 assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), 195 TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), 196 new HashSet(Arrays.asList(results))); 197 } 198 199 public void testLock() throws Exception { 200 assertFalse(mKeyStore.lock()); 201 202 mKeyStore.password(TEST_PASSWD); 203 assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); 204 205 assertTrue(mKeyStore.lock()); 206 assertEquals(KeyStore.State.LOCKED, mKeyStore.state()); 207 } 208 209 public void testUnlock() throws Exception { 210 mKeyStore.password(TEST_PASSWD); 211 assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); 212 mKeyStore.lock(); 213 214 assertFalse(mKeyStore.unlock(TEST_PASSWD2)); 215 assertTrue(mKeyStore.unlock(TEST_PASSWD)); 216 } 217 218 public void testIsEmpty() throws Exception { 219 assertTrue(mKeyStore.isEmpty()); 220 mKeyStore.password(TEST_PASSWD); 221 assertTrue(mKeyStore.isEmpty()); 222 mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE); 223 assertFalse(mKeyStore.isEmpty()); 224 mKeyStore.reset(); 225 assertTrue(mKeyStore.isEmpty()); 226 } 227 228 public void testGenerate_NotInitialized_Fail() throws Exception { 229 assertFalse("Should fail when keystore is not initialized", 230 mKeyStore.generate(TEST_KEYNAME)); 231 } 232 233 public void testGenerate_Locked_Fail() throws Exception { 234 mKeyStore.password(TEST_PASSWD); 235 mKeyStore.lock(); 236 assertFalse("Should fail when keystore is locked", mKeyStore.generate(TEST_KEYNAME)); 237 } 238 239 public void testGenerate_Success() throws Exception { 240 mKeyStore.password(TEST_PASSWD); 241 242 assertTrue("Should be able to generate key when unlocked", 243 mKeyStore.generate(TEST_KEYNAME)); 244 } 245 246 public void testImport_Success() throws Exception { 247 mKeyStore.password(TEST_PASSWD); 248 249 assertTrue("Should be able to import key when unlocked", 250 mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES)); 251 } 252 253 public void testImport_Failure_BadEncoding() throws Exception { 254 mKeyStore.password(TEST_PASSWD); 255 256 assertFalse("Invalid DER-encoded key should not be imported", 257 mKeyStore.importKey(TEST_KEYNAME, TEST_DATA)); 258 } 259 260 public void testSign_Success() throws Exception { 261 mKeyStore.password(TEST_PASSWD); 262 263 assertTrue(mKeyStore.generate(TEST_KEYNAME)); 264 final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA); 265 266 assertNotNull("Signature should not be null", signature); 267 } 268 269 public void testVerify_Success() throws Exception { 270 mKeyStore.password(TEST_PASSWD); 271 272 assertTrue(mKeyStore.generate(TEST_KEYNAME)); 273 final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA); 274 275 assertNotNull("Signature should not be null", signature); 276 277 assertTrue("Signature should verify with same data", 278 mKeyStore.verify(TEST_KEYNAME, TEST_DATA, signature)); 279 } 280 281 public void testSign_NotInitialized_Failure() throws Exception { 282 assertNull("Should not be able to sign without first initializing the keystore", 283 mKeyStore.sign(TEST_KEYNAME, TEST_DATA)); 284 } 285 286 public void testSign_NotGenerated_Failure() throws Exception { 287 mKeyStore.password(TEST_PASSWD); 288 289 assertNull("Should not be able to sign without first generating keys", 290 mKeyStore.sign(TEST_KEYNAME, TEST_DATA)); 291 } 292 293 public void testGrant_Generated_Success() throws Exception { 294 assertTrue("Password should work for keystore", 295 mKeyStore.password(TEST_PASSWD)); 296 297 assertTrue("Should be able to generate key for testcase", 298 mKeyStore.generate(TEST_KEYNAME)); 299 300 assertTrue("Should be able to grant key to other user", 301 mKeyStore.grant(TEST_KEYNAME, 0)); 302 } 303 304 public void testGrant_Imported_Success() throws Exception { 305 assertTrue("Password should work for keystore", mKeyStore.password(TEST_PASSWD)); 306 307 assertTrue("Should be able to import key for testcase", 308 mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES)); 309 310 assertTrue("Should be able to grant key to other user", mKeyStore.grant(TEST_KEYNAME, 0)); 311 } 312 313 public void testGrant_NoKey_Failure() throws Exception { 314 assertTrue("Should be able to unlock keystore for test", 315 mKeyStore.password(TEST_PASSWD)); 316 317 assertFalse("Should not be able to grant without first initializing the keystore", 318 mKeyStore.grant(TEST_KEYNAME, 0)); 319 } 320 321 public void testGrant_NotInitialized_Failure() throws Exception { 322 assertFalse("Should not be able to grant without first initializing the keystore", 323 mKeyStore.grant(TEST_KEYNAME, 0)); 324 } 325 326 public void testUngrant_Generated_Success() throws Exception { 327 assertTrue("Password should work for keystore", 328 mKeyStore.password(TEST_PASSWD)); 329 330 assertTrue("Should be able to generate key for testcase", 331 mKeyStore.generate(TEST_KEYNAME)); 332 333 assertTrue("Should be able to grant key to other user", 334 mKeyStore.grant(TEST_KEYNAME, 0)); 335 336 assertTrue("Should be able to ungrant key to other user", 337 mKeyStore.ungrant(TEST_KEYNAME, 0)); 338 } 339 340 public void testUngrant_Imported_Success() throws Exception { 341 assertTrue("Password should work for keystore", 342 mKeyStore.password(TEST_PASSWD)); 343 344 assertTrue("Should be able to import key for testcase", 345 mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES)); 346 347 assertTrue("Should be able to grant key to other user", 348 mKeyStore.grant(TEST_KEYNAME, 0)); 349 350 assertTrue("Should be able to ungrant key to other user", 351 mKeyStore.ungrant(TEST_KEYNAME, 0)); 352 } 353 354 public void testUngrant_NotInitialized_Failure() throws Exception { 355 assertFalse("Should fail to ungrant key when keystore not initialized", 356 mKeyStore.ungrant(TEST_KEYNAME, 0)); 357 } 358 359 public void testUngrant_NoGrant_Failure() throws Exception { 360 assertTrue("Password should work for keystore", 361 mKeyStore.password(TEST_PASSWD)); 362 363 assertTrue("Should be able to generate key for testcase", 364 mKeyStore.generate(TEST_KEYNAME)); 365 366 assertFalse("Should not be able to revoke not existent grant", 367 mKeyStore.ungrant(TEST_KEYNAME, 0)); 368 } 369 370 public void testUngrant_DoubleUngrant_Failure() throws Exception { 371 assertTrue("Password should work for keystore", 372 mKeyStore.password(TEST_PASSWD)); 373 374 assertTrue("Should be able to generate key for testcase", 375 mKeyStore.generate(TEST_KEYNAME)); 376 377 assertTrue("Should be able to grant key to other user", 378 mKeyStore.grant(TEST_KEYNAME, 0)); 379 380 assertTrue("Should be able to ungrant key to other user", 381 mKeyStore.ungrant(TEST_KEYNAME, 0)); 382 383 assertFalse("Should fail to ungrant key to other user second time", 384 mKeyStore.ungrant(TEST_KEYNAME, 0)); 385 } 386 387 public void testUngrant_DoubleGrantUngrant_Failure() throws Exception { 388 assertTrue("Password should work for keystore", 389 mKeyStore.password(TEST_PASSWD)); 390 391 assertTrue("Should be able to generate key for testcase", 392 mKeyStore.generate(TEST_KEYNAME)); 393 394 assertTrue("Should be able to grant key to other user", 395 mKeyStore.grant(TEST_KEYNAME, 0)); 396 397 assertTrue("Should be able to grant key to other user a second time", 398 mKeyStore.grant(TEST_KEYNAME, 0)); 399 400 assertTrue("Should be able to ungrant key to other user", 401 mKeyStore.ungrant(TEST_KEYNAME, 0)); 402 403 assertFalse("Should fail to ungrant key to other user second time", 404 mKeyStore.ungrant(TEST_KEYNAME, 0)); 405 } 406} 407