AndroidKeyStoreTest.java revision dcdaf87ed0aa99073638bcfe645949f130f0c7ad
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.security.keystore; 18 19import com.android.org.bouncycastle.x509.X509V3CertificateGenerator; 20 21import com.android.org.conscrypt.NativeConstants; 22import com.android.org.conscrypt.OpenSSLEngine; 23 24import android.security.Credentials; 25import android.security.KeyStore; 26import android.security.KeyStoreParameter; 27import android.test.AndroidTestCase; 28 29import java.io.ByteArrayInputStream; 30import java.io.ByteArrayOutputStream; 31import java.io.OutputStream; 32import java.math.BigInteger; 33import java.security.InvalidKeyException; 34import java.security.Key; 35import java.security.KeyFactory; 36import java.security.KeyStore.Entry; 37import java.security.KeyStore.PrivateKeyEntry; 38import java.security.KeyStore.TrustedCertificateEntry; 39import java.security.KeyStoreException; 40import java.security.NoSuchAlgorithmException; 41import java.security.PrivateKey; 42import java.security.PublicKey; 43import java.security.cert.Certificate; 44import java.security.cert.CertificateFactory; 45import java.security.cert.X509Certificate; 46import java.security.interfaces.ECPrivateKey; 47import java.security.interfaces.ECPublicKey; 48import java.security.interfaces.RSAPrivateKey; 49import java.security.spec.InvalidKeySpecException; 50import java.security.spec.PKCS8EncodedKeySpec; 51import java.security.spec.X509EncodedKeySpec; 52import java.util.Arrays; 53import java.util.Collection; 54import java.util.Date; 55import java.util.Enumeration; 56import java.util.HashSet; 57import java.util.Iterator; 58import java.util.Set; 59 60import javax.crypto.Cipher; 61import javax.crypto.SecretKey; 62import javax.crypto.spec.SecretKeySpec; 63import javax.security.auth.x500.X500Principal; 64 65public class AndroidKeyStoreTest extends AndroidTestCase { 66 private android.security.KeyStore mAndroidKeyStore; 67 68 private java.security.KeyStore mKeyStore; 69 70 private static final String TEST_ALIAS_1 = "test1"; 71 72 private static final String TEST_ALIAS_2 = "test2"; 73 74 private static final String TEST_ALIAS_3 = "test3"; 75 76 private static final X500Principal TEST_DN_1 = new X500Principal("CN=test1"); 77 78 private static final X500Principal TEST_DN_2 = new X500Principal("CN=test2"); 79 80 private static final BigInteger TEST_SERIAL_1 = BigInteger.ONE; 81 82 private static final BigInteger TEST_SERIAL_2 = BigInteger.valueOf(2L); 83 84 private static final long NOW_MILLIS = System.currentTimeMillis(); 85 86 /* We have to round this off because X509v3 doesn't store milliseconds. */ 87 private static final Date NOW = new Date(NOW_MILLIS - (NOW_MILLIS % 1000L)); 88 89 @SuppressWarnings("deprecation") 90 private static final Date NOW_PLUS_10_YEARS = new Date(NOW.getYear() + 10, 0, 1); 91 92 /* 93 * The keys and certificates below are generated with: 94 * 95 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 96 * openssl req -newkey rsa:1024 -keyout userkey.pem -nodes -days 3650 -out userkey.req 97 * mkdir -p demoCA/newcerts 98 * touch demoCA/index.txt 99 * echo "01" > demoCA/serial 100 * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 101 */ 102 103 /** 104 * Generated from above and converted with: 105 * 106 * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 107 */ 108 private static final byte[] FAKE_RSA_CA_1 = { 109 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0xce, (byte) 0x30, (byte) 0x82, 110 (byte) 0x02, (byte) 0x37, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 111 (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0x6a, 112 (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, (byte) 0x55, (byte) 0x48, (byte) 0x0a, 113 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 114 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 115 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, 116 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 117 (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, 118 (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, 119 (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, 120 (byte) 0x41, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, 121 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, 122 (byte) 0x4d, (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, 123 (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, 124 (byte) 0x77, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, 125 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, 126 (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, 127 (byte) 0x64, (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, 128 (byte) 0x20, (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, 129 (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, 130 (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x34, (byte) 0x31, (byte) 0x36, 131 (byte) 0x35, (byte) 0x35, (byte) 0x34, (byte) 0x34, (byte) 0x5a, (byte) 0x17, 132 (byte) 0x0d, (byte) 0x32, (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, 133 (byte) 0x32, (byte) 0x31, (byte) 0x36, (byte) 0x35, (byte) 0x35, (byte) 0x34, 134 (byte) 0x34, (byte) 0x5a, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, 135 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 136 (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, 137 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 138 (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, 139 (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, 140 (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, 141 (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, 142 (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, 143 (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, 144 (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, 145 (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, 146 (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, 147 (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, 148 (byte) 0x81, (byte) 0x9f, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, 149 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, 150 (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, 151 (byte) 0x81, (byte) 0x8d, (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, 152 (byte) 0x02, (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0xa3, (byte) 0x72, 153 (byte) 0xab, (byte) 0xd0, (byte) 0xe4, (byte) 0xad, (byte) 0x2f, (byte) 0xe7, 154 (byte) 0xe2, (byte) 0x79, (byte) 0x07, (byte) 0x36, (byte) 0x3d, (byte) 0x0c, 155 (byte) 0x8d, (byte) 0x42, (byte) 0x9a, (byte) 0x0a, (byte) 0x33, (byte) 0x64, 156 (byte) 0xb3, (byte) 0xcd, (byte) 0xb2, (byte) 0xd7, (byte) 0x3a, (byte) 0x42, 157 (byte) 0x06, (byte) 0x77, (byte) 0x45, (byte) 0x29, (byte) 0xe9, (byte) 0xcb, 158 (byte) 0xb7, (byte) 0x4a, (byte) 0xd6, (byte) 0xee, (byte) 0xad, (byte) 0x01, 159 (byte) 0x91, (byte) 0x9b, (byte) 0x0c, (byte) 0x59, (byte) 0xa1, (byte) 0x03, 160 (byte) 0xfa, (byte) 0xf0, (byte) 0x5a, (byte) 0x7c, (byte) 0x4f, (byte) 0xf7, 161 (byte) 0x8d, (byte) 0x36, (byte) 0x0f, (byte) 0x1f, (byte) 0x45, (byte) 0x7d, 162 (byte) 0x1b, (byte) 0x31, (byte) 0xa1, (byte) 0x35, (byte) 0x0b, (byte) 0x00, 163 (byte) 0xed, (byte) 0x7a, (byte) 0xb6, (byte) 0xc8, (byte) 0x4e, (byte) 0xa9, 164 (byte) 0x86, (byte) 0x4c, (byte) 0x7b, (byte) 0x99, (byte) 0x57, (byte) 0x41, 165 (byte) 0x12, (byte) 0xef, (byte) 0x6b, (byte) 0xbc, (byte) 0x3d, (byte) 0x60, 166 (byte) 0xf2, (byte) 0x99, (byte) 0x1a, (byte) 0xcd, (byte) 0xed, (byte) 0x56, 167 (byte) 0xa4, (byte) 0xe5, (byte) 0x36, (byte) 0x9f, (byte) 0x24, (byte) 0x1f, 168 (byte) 0xdc, (byte) 0x89, (byte) 0x40, (byte) 0xc8, (byte) 0x99, (byte) 0x92, 169 (byte) 0xab, (byte) 0x4a, (byte) 0xb5, (byte) 0x61, (byte) 0x45, (byte) 0x62, 170 (byte) 0xff, (byte) 0xa3, (byte) 0x45, (byte) 0x65, (byte) 0xaf, (byte) 0xf6, 171 (byte) 0x27, (byte) 0x30, (byte) 0x51, (byte) 0x0e, (byte) 0x0e, (byte) 0xeb, 172 (byte) 0x79, (byte) 0x0c, (byte) 0xbe, (byte) 0xb3, (byte) 0x0a, (byte) 0x6f, 173 (byte) 0x29, (byte) 0x06, (byte) 0xdc, (byte) 0x2f, (byte) 0x6b, (byte) 0x51, 174 (byte) 0x02, (byte) 0x03, (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, 175 (byte) 0x81, (byte) 0xb1, (byte) 0x30, (byte) 0x81, (byte) 0xae, (byte) 0x30, 176 (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, 177 (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x33, (byte) 0x05, 178 (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, (byte) 0xc7, (byte) 0xf9, 179 (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, 180 (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, (byte) 0x5d, (byte) 0x51, 181 (byte) 0x30, (byte) 0x7f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, 182 (byte) 0x23, (byte) 0x04, (byte) 0x78, (byte) 0x30, (byte) 0x76, (byte) 0x80, 183 (byte) 0x14, (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, 184 (byte) 0x60, (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, 185 (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, 186 (byte) 0x8e, (byte) 0x5d, (byte) 0x51, (byte) 0xa1, (byte) 0x53, (byte) 0xa4, 187 (byte) 0x51, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 188 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 189 (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, 190 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 191 (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, 192 (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, 193 (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, 194 (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, 195 (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, 196 (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, 197 (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, 198 (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, 199 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, 200 (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x82, (byte) 0x09, 201 (byte) 0x00, (byte) 0xe1, (byte) 0x6a, (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, 202 (byte) 0x55, (byte) 0x48, (byte) 0x0a, (byte) 0x30, (byte) 0x0c, (byte) 0x06, 203 (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x05, 204 (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, 205 (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, 206 (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, 207 (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, (byte) 0x00, 208 (byte) 0x8c, (byte) 0x30, (byte) 0x42, (byte) 0xfa, (byte) 0xeb, (byte) 0x1a, 209 (byte) 0x26, (byte) 0xeb, (byte) 0xda, (byte) 0x56, (byte) 0x32, (byte) 0xf2, 210 (byte) 0x9d, (byte) 0xa5, (byte) 0x24, (byte) 0xd8, (byte) 0x3a, (byte) 0xda, 211 (byte) 0x30, (byte) 0xa6, (byte) 0x8b, (byte) 0x46, (byte) 0xfe, (byte) 0xfe, 212 (byte) 0xdb, (byte) 0xf1, (byte) 0xe6, (byte) 0xe1, (byte) 0x7c, (byte) 0x1b, 213 (byte) 0xe7, (byte) 0x77, (byte) 0x00, (byte) 0xa1, (byte) 0x1c, (byte) 0x19, 214 (byte) 0x17, (byte) 0x73, (byte) 0xb0, (byte) 0xf0, (byte) 0x9d, (byte) 0xf3, 215 (byte) 0x4f, (byte) 0xb6, (byte) 0xbc, (byte) 0xc7, (byte) 0x47, (byte) 0x85, 216 (byte) 0x2a, (byte) 0x4a, (byte) 0xa1, (byte) 0xa5, (byte) 0x58, (byte) 0xf5, 217 (byte) 0xc5, (byte) 0x1a, (byte) 0x51, (byte) 0xb1, (byte) 0x04, (byte) 0x80, 218 (byte) 0xee, (byte) 0x3a, (byte) 0xec, (byte) 0x2f, (byte) 0xe1, (byte) 0xfd, 219 (byte) 0x58, (byte) 0xeb, (byte) 0xed, (byte) 0x82, (byte) 0x9e, (byte) 0x38, 220 (byte) 0xa3, (byte) 0x24, (byte) 0x75, (byte) 0xf7, (byte) 0x3e, (byte) 0xc2, 221 (byte) 0xc5, (byte) 0x27, (byte) 0xeb, (byte) 0x6f, (byte) 0x7b, (byte) 0x50, 222 (byte) 0xda, (byte) 0x43, (byte) 0xdc, (byte) 0x3b, (byte) 0x0b, (byte) 0x6f, 223 (byte) 0x78, (byte) 0x8f, (byte) 0xb0, (byte) 0x66, (byte) 0xe1, (byte) 0x12, 224 (byte) 0x87, (byte) 0x5f, (byte) 0x97, (byte) 0x7b, (byte) 0xca, (byte) 0x14, 225 (byte) 0x79, (byte) 0xf7, (byte) 0xe8, (byte) 0x6c, (byte) 0x72, (byte) 0xdb, 226 (byte) 0x91, (byte) 0x65, (byte) 0x17, (byte) 0x54, (byte) 0xe0, (byte) 0x74, 227 (byte) 0x1d, (byte) 0xac, (byte) 0x47, (byte) 0x04, (byte) 0x12, (byte) 0xe0, 228 (byte) 0xc3, (byte) 0x66, (byte) 0x19, (byte) 0x05, (byte) 0x2e, (byte) 0x7e, 229 (byte) 0xf1, (byte) 0x61 230 }; 231 232 /** 233 * Generated from above and converted with: 234 * 235 * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' 236 */ 237 private static final byte[] FAKE_RSA_KEY_1 = new byte[] { 238 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x02, (byte) 0x01, 239 (byte) 0x00, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, 240 (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, 241 (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x82, 242 (byte) 0x02, (byte) 0x62, (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x5e, 243 (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x02, (byte) 0x81, (byte) 0x81, 244 (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, (byte) 0x5b, 245 (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, (byte) 0x66, 246 (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, (byte) 0x8a, 247 (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, (byte) 0x02, 248 (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, (byte) 0xf3, 249 (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, (byte) 0x6d, 250 (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, (byte) 0x67, 251 (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, (byte) 0xcb, 252 (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, (byte) 0xe2, 253 (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, (byte) 0x79, 254 (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, (byte) 0xce, 255 (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, (byte) 0x08, 256 (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, (byte) 0x3b, 257 (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, (byte) 0xc4, 258 (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, (byte) 0x0d, 259 (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, (byte) 0x23, 260 (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, (byte) 0x08, 261 (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, (byte) 0xf1, 262 (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, (byte) 0xb4, 263 (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, (byte) 0x16, 264 (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, (byte) 0x9e, 265 (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, (byte) 0x01, 266 (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x81, (byte) 0x80, (byte) 0x16, 267 (byte) 0x59, (byte) 0xc3, (byte) 0x24, (byte) 0x1d, (byte) 0x33, (byte) 0x98, 268 (byte) 0x9c, (byte) 0xc9, (byte) 0xc8, (byte) 0x2c, (byte) 0x88, (byte) 0xbf, 269 (byte) 0x0a, (byte) 0x01, (byte) 0xce, (byte) 0xfb, (byte) 0x34, (byte) 0x7a, 270 (byte) 0x58, (byte) 0x7a, (byte) 0xb0, (byte) 0xbf, (byte) 0xa6, (byte) 0xb2, 271 (byte) 0x60, (byte) 0xbe, (byte) 0x70, (byte) 0x21, (byte) 0xf5, (byte) 0xfc, 272 (byte) 0x85, (byte) 0x0d, (byte) 0x33, (byte) 0x58, (byte) 0xa1, (byte) 0xe5, 273 (byte) 0x09, (byte) 0x36, (byte) 0x84, (byte) 0xb2, (byte) 0x04, (byte) 0x0a, 274 (byte) 0x02, (byte) 0xd3, (byte) 0x88, (byte) 0x1f, (byte) 0x0c, (byte) 0x2b, 275 (byte) 0x1d, (byte) 0xe9, (byte) 0x3d, (byte) 0xe7, (byte) 0x79, (byte) 0xf9, 276 (byte) 0x32, (byte) 0x5c, (byte) 0x8a, (byte) 0x75, (byte) 0x49, (byte) 0x12, 277 (byte) 0xe4, (byte) 0x05, (byte) 0x26, (byte) 0xd4, (byte) 0x2e, (byte) 0x9e, 278 (byte) 0x1f, (byte) 0xcc, (byte) 0x54, (byte) 0xad, (byte) 0x33, (byte) 0x8d, 279 (byte) 0x99, (byte) 0x00, (byte) 0xdc, (byte) 0xf5, (byte) 0xb4, (byte) 0xa2, 280 (byte) 0x2f, (byte) 0xba, (byte) 0xe5, (byte) 0x62, (byte) 0x30, (byte) 0x6d, 281 (byte) 0xe6, (byte) 0x3d, (byte) 0xeb, (byte) 0x24, (byte) 0xc2, (byte) 0xdc, 282 (byte) 0x5f, (byte) 0xb7, (byte) 0x16, (byte) 0x35, (byte) 0xa3, (byte) 0x98, 283 (byte) 0x98, (byte) 0xa8, (byte) 0xef, (byte) 0xe8, (byte) 0xc4, (byte) 0x96, 284 (byte) 0x6d, (byte) 0x38, (byte) 0xab, (byte) 0x26, (byte) 0x6d, (byte) 0x30, 285 (byte) 0xc2, (byte) 0xa0, (byte) 0x44, (byte) 0xe4, (byte) 0xff, (byte) 0x7e, 286 (byte) 0xbe, (byte) 0x7c, (byte) 0x33, (byte) 0xa5, (byte) 0x10, (byte) 0xad, 287 (byte) 0xd7, (byte) 0x1e, (byte) 0x13, (byte) 0x20, (byte) 0xb3, (byte) 0x1f, 288 (byte) 0x41, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xf1, (byte) 0x89, 289 (byte) 0x07, (byte) 0x0f, (byte) 0xe8, (byte) 0xcf, (byte) 0xab, (byte) 0x13, 290 (byte) 0x2a, (byte) 0x8f, (byte) 0x88, (byte) 0x80, (byte) 0x11, (byte) 0x9a, 291 (byte) 0x79, (byte) 0xb6, (byte) 0x59, (byte) 0x3a, (byte) 0x50, (byte) 0x6e, 292 (byte) 0x57, (byte) 0x37, (byte) 0xab, (byte) 0x2a, (byte) 0xd2, (byte) 0xaa, 293 (byte) 0xd9, (byte) 0x72, (byte) 0x73, (byte) 0xff, (byte) 0x8b, (byte) 0x47, 294 (byte) 0x76, (byte) 0xdd, (byte) 0xdc, (byte) 0xf5, (byte) 0x97, (byte) 0x44, 295 (byte) 0x3a, (byte) 0x78, (byte) 0xbe, (byte) 0x17, (byte) 0xb4, (byte) 0x22, 296 (byte) 0x6f, (byte) 0xe5, (byte) 0x23, (byte) 0x70, (byte) 0x1d, (byte) 0x10, 297 (byte) 0x5d, (byte) 0xba, (byte) 0x16, (byte) 0x81, (byte) 0xf1, (byte) 0x45, 298 (byte) 0xce, (byte) 0x30, (byte) 0xb4, (byte) 0xab, (byte) 0x80, (byte) 0xe4, 299 (byte) 0x98, (byte) 0x31, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xda, 300 (byte) 0x82, (byte) 0x9d, (byte) 0x3f, (byte) 0xca, (byte) 0x2f, (byte) 0xe1, 301 (byte) 0xd4, (byte) 0x86, (byte) 0x77, (byte) 0x48, (byte) 0xa6, (byte) 0xab, 302 (byte) 0xab, (byte) 0x1c, (byte) 0x42, (byte) 0x5c, (byte) 0xd5, (byte) 0xc7, 303 (byte) 0x46, (byte) 0x59, (byte) 0x91, (byte) 0x3f, (byte) 0xfc, (byte) 0xcc, 304 (byte) 0xec, (byte) 0xc2, (byte) 0x40, (byte) 0x12, (byte) 0x2c, (byte) 0x8d, 305 (byte) 0x1f, (byte) 0xa2, (byte) 0x18, (byte) 0x88, (byte) 0xee, (byte) 0x82, 306 (byte) 0x4a, (byte) 0x5a, (byte) 0x5e, (byte) 0x88, (byte) 0x20, (byte) 0xe3, 307 (byte) 0x7b, (byte) 0xe0, (byte) 0xd8, (byte) 0x3a, (byte) 0x52, (byte) 0x9a, 308 (byte) 0x26, (byte) 0x6a, (byte) 0x04, (byte) 0xec, (byte) 0xe8, (byte) 0xb9, 309 (byte) 0x48, (byte) 0x40, (byte) 0xe1, (byte) 0xe1, (byte) 0x83, (byte) 0xa6, 310 (byte) 0x67, (byte) 0xa6, (byte) 0xfd, (byte) 0x02, (byte) 0x41, (byte) 0x00, 311 (byte) 0x89, (byte) 0x72, (byte) 0x3e, (byte) 0xb0, (byte) 0x90, (byte) 0xfd, 312 (byte) 0x4c, (byte) 0x0e, (byte) 0xd6, (byte) 0x13, (byte) 0x63, (byte) 0xcb, 313 (byte) 0xed, (byte) 0x38, (byte) 0x88, (byte) 0xb6, (byte) 0x79, (byte) 0xc4, 314 (byte) 0x33, (byte) 0x6c, (byte) 0xf6, (byte) 0xf8, (byte) 0xd8, (byte) 0xd0, 315 (byte) 0xbf, (byte) 0x9d, (byte) 0x35, (byte) 0xac, (byte) 0x69, (byte) 0xd2, 316 (byte) 0x2b, (byte) 0xc1, (byte) 0xf9, (byte) 0x24, (byte) 0x7b, (byte) 0xce, 317 (byte) 0xcd, (byte) 0xcb, (byte) 0xa7, (byte) 0xb2, (byte) 0x7a, (byte) 0x0a, 318 (byte) 0x27, (byte) 0x19, (byte) 0xc9, (byte) 0xaf, (byte) 0x0d, (byte) 0x21, 319 (byte) 0x89, (byte) 0x88, (byte) 0x7c, (byte) 0xad, (byte) 0x9e, (byte) 0x8d, 320 (byte) 0x47, (byte) 0x6d, (byte) 0x3f, (byte) 0xce, (byte) 0x7b, (byte) 0xa1, 321 (byte) 0x74, (byte) 0xf1, (byte) 0xa0, (byte) 0xa1, (byte) 0x02, (byte) 0x41, 322 (byte) 0x00, (byte) 0xd9, (byte) 0xa8, (byte) 0xf5, (byte) 0xfe, (byte) 0xce, 323 (byte) 0xe6, (byte) 0x77, (byte) 0x6b, (byte) 0xfe, (byte) 0x2d, (byte) 0xe0, 324 (byte) 0x1e, (byte) 0xb6, (byte) 0x2e, (byte) 0x12, (byte) 0x4e, (byte) 0x40, 325 (byte) 0xaf, (byte) 0x6a, (byte) 0x7b, (byte) 0x37, (byte) 0x49, (byte) 0x2a, 326 (byte) 0x96, (byte) 0x25, (byte) 0x83, (byte) 0x49, (byte) 0xd4, (byte) 0x0c, 327 (byte) 0xc6, (byte) 0x78, (byte) 0x25, (byte) 0x24, (byte) 0x90, (byte) 0x90, 328 (byte) 0x06, (byte) 0x15, (byte) 0x9e, (byte) 0xfe, (byte) 0xf9, (byte) 0xdf, 329 (byte) 0x5b, (byte) 0xf3, (byte) 0x7e, (byte) 0x38, (byte) 0x70, (byte) 0xeb, 330 (byte) 0x57, (byte) 0xd0, (byte) 0xd9, (byte) 0xa7, (byte) 0x0e, (byte) 0x14, 331 (byte) 0xf7, (byte) 0x95, (byte) 0x68, (byte) 0xd5, (byte) 0xc8, (byte) 0xab, 332 (byte) 0x9d, (byte) 0x3a, (byte) 0x2b, (byte) 0x51, (byte) 0xf9, (byte) 0x02, 333 (byte) 0x41, (byte) 0x00, (byte) 0x96, (byte) 0xdf, (byte) 0xe9, (byte) 0x67, 334 (byte) 0x6c, (byte) 0xdc, (byte) 0x90, (byte) 0x14, (byte) 0xb4, (byte) 0x1d, 335 (byte) 0x22, (byte) 0x33, (byte) 0x4a, (byte) 0x31, (byte) 0xc1, (byte) 0x9d, 336 (byte) 0x2e, (byte) 0xff, (byte) 0x9a, (byte) 0x2a, (byte) 0x95, (byte) 0x4b, 337 (byte) 0x27, (byte) 0x74, (byte) 0xcb, (byte) 0x21, (byte) 0xc3, (byte) 0xd2, 338 (byte) 0x0b, (byte) 0xb2, (byte) 0x46, (byte) 0x87, (byte) 0xf8, (byte) 0x28, 339 (byte) 0x01, (byte) 0x8b, (byte) 0xd8, (byte) 0xb9, (byte) 0x4b, (byte) 0xcd, 340 (byte) 0x9a, (byte) 0x96, (byte) 0x41, (byte) 0x0e, (byte) 0x36, (byte) 0x6d, 341 (byte) 0x40, (byte) 0x42, (byte) 0xbc, (byte) 0xd9, (byte) 0xd3, (byte) 0x7b, 342 (byte) 0xbc, (byte) 0xa7, (byte) 0x92, (byte) 0x90, (byte) 0xdd, (byte) 0xa1, 343 (byte) 0x9c, (byte) 0xce, (byte) 0xa1, (byte) 0x87, (byte) 0x11, (byte) 0x51 344 }; 345 346 /** 347 * Generated from above and converted with: 348 * 349 * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 350 */ 351 private static final byte[] FAKE_RSA_USER_1 = new byte[] { 352 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x95, (byte) 0x30, (byte) 0x82, 353 (byte) 0x01, (byte) 0xfe, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 354 (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, 355 (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, 356 (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, 357 (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 358 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 359 (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, 360 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 361 (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, 362 (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, 363 (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, 364 (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, 365 (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, 366 (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, 367 (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, 368 (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, 369 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, 370 (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, (byte) 0x1e, 371 (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, (byte) 0x30, (byte) 0x38, 372 (byte) 0x31, (byte) 0x34, (byte) 0x32, (byte) 0x33, (byte) 0x32, (byte) 0x35, 373 (byte) 0x34, (byte) 0x38, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, 374 (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x32, (byte) 0x32, 375 (byte) 0x33, (byte) 0x32, (byte) 0x35, (byte) 0x34, (byte) 0x38, (byte) 0x5a, 376 (byte) 0x30, (byte) 0x55, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, 377 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, 378 (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 379 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, 380 (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, (byte) 0x1b, 381 (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 382 (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, (byte) 0x64, 383 (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x54, 384 (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, (byte) 0x61, 385 (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x31, (byte) 0x1c, (byte) 0x30, 386 (byte) 0x1a, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, 387 (byte) 0x13, (byte) 0x13, (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, 388 (byte) 0x65, (byte) 0x72, (byte) 0x31, (byte) 0x2e, (byte) 0x65, (byte) 0x78, 389 (byte) 0x61, (byte) 0x6d, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x2e, 390 (byte) 0x63, (byte) 0x6f, (byte) 0x6d, (byte) 0x30, (byte) 0x81, (byte) 0x9f, 391 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 392 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 393 (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, 394 (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, 395 (byte) 0x81, (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, 396 (byte) 0x5b, (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, 397 (byte) 0x66, (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, 398 (byte) 0x8a, (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, 399 (byte) 0x02, (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, 400 (byte) 0xf3, (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, 401 (byte) 0x6d, (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, 402 (byte) 0x67, (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, 403 (byte) 0xcb, (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, 404 (byte) 0xe2, (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, 405 (byte) 0x79, (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, 406 (byte) 0xce, (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, 407 (byte) 0x08, (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, 408 (byte) 0x3b, (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, 409 (byte) 0xc4, (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, 410 (byte) 0x0d, (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, 411 (byte) 0x23, (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, 412 (byte) 0x08, (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, 413 (byte) 0xf1, (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, 414 (byte) 0xb4, (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, 415 (byte) 0x16, (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, 416 (byte) 0x9e, (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, 417 (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, 418 (byte) 0x79, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 419 (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, 420 (byte) 0x30, (byte) 0x2c, (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, 421 (byte) 0x48, (byte) 0x01, (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, 422 (byte) 0x0d, (byte) 0x04, (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, 423 (byte) 0x70, (byte) 0x65, (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, 424 (byte) 0x20, (byte) 0x47, (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, 425 (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, 426 (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, 427 (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, 428 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, 429 (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x32, (byte) 0xa1, (byte) 0x1e, 430 (byte) 0x6b, (byte) 0x69, (byte) 0x04, (byte) 0xfe, (byte) 0xb3, (byte) 0xcd, 431 (byte) 0xf8, (byte) 0xbb, (byte) 0x14, (byte) 0xcd, (byte) 0xff, (byte) 0xd4, 432 (byte) 0x16, (byte) 0xc3, (byte) 0xab, (byte) 0x44, (byte) 0x2f, (byte) 0x30, 433 (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, 434 (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, 435 (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, 436 (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, 437 (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, 438 (byte) 0x5d, (byte) 0x51, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, 439 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, 440 (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, 441 (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0x46, (byte) 0x42, (byte) 0xef, 442 (byte) 0x56, (byte) 0x89, (byte) 0x78, (byte) 0x90, (byte) 0x38, (byte) 0x24, 443 (byte) 0x9f, (byte) 0x8c, (byte) 0x7a, (byte) 0xce, (byte) 0x7a, (byte) 0xa5, 444 (byte) 0xb5, (byte) 0x1e, (byte) 0x74, (byte) 0x96, (byte) 0x34, (byte) 0x49, 445 (byte) 0x8b, (byte) 0xed, (byte) 0x44, (byte) 0xb3, (byte) 0xc9, (byte) 0x05, 446 (byte) 0xd7, (byte) 0x48, (byte) 0x55, (byte) 0x52, (byte) 0x59, (byte) 0x15, 447 (byte) 0x0b, (byte) 0xaa, (byte) 0x16, (byte) 0x86, (byte) 0xd2, (byte) 0x8e, 448 (byte) 0x16, (byte) 0x99, (byte) 0xe8, (byte) 0x5f, (byte) 0x11, (byte) 0x71, 449 (byte) 0x42, (byte) 0x55, (byte) 0xd1, (byte) 0xc4, (byte) 0x6f, (byte) 0x2e, 450 (byte) 0xa9, (byte) 0x64, (byte) 0x6f, (byte) 0xd8, (byte) 0xfd, (byte) 0x43, 451 (byte) 0x13, (byte) 0x24, (byte) 0xaa, (byte) 0x67, (byte) 0xe6, (byte) 0xf5, 452 (byte) 0xca, (byte) 0x80, (byte) 0x5e, (byte) 0x3a, (byte) 0x3e, (byte) 0xcc, 453 (byte) 0x4f, (byte) 0xba, (byte) 0x87, (byte) 0xe6, (byte) 0xae, (byte) 0xbf, 454 (byte) 0x8f, (byte) 0xd5, (byte) 0x28, (byte) 0x38, (byte) 0x58, (byte) 0x30, 455 (byte) 0x24, (byte) 0xf6, (byte) 0x53, (byte) 0x5b, (byte) 0x41, (byte) 0x53, 456 (byte) 0xe6, (byte) 0x45, (byte) 0xbc, (byte) 0xbe, (byte) 0xe6, (byte) 0xbb, 457 (byte) 0x5d, (byte) 0xd8, (byte) 0xa7, (byte) 0xf9, (byte) 0x64, (byte) 0x99, 458 (byte) 0x04, (byte) 0x43, (byte) 0x75, (byte) 0xd7, (byte) 0x2d, (byte) 0x32, 459 (byte) 0x0a, (byte) 0x94, (byte) 0xaf, (byte) 0x06, (byte) 0x34, (byte) 0xae, 460 (byte) 0x46, (byte) 0xbd, (byte) 0xda, (byte) 0x00, (byte) 0x0e, (byte) 0x25, 461 (byte) 0xc2, (byte) 0xf7, (byte) 0xc9, (byte) 0xc3, (byte) 0x65, (byte) 0xd2, 462 (byte) 0x08, (byte) 0x41, (byte) 0x0a, (byte) 0xf3, (byte) 0x72 463 }; 464 465 /* 466 * The keys and certificates below are generated with: 467 * 468 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 469 * openssl ecparam -name prime256v1 -out ecparam.pem 470 * openssl req -newkey ec:ecparam.pem -keyout userkey.pem -nodes -days 3650 -out userkey.req 471 * mkdir -p demoCA/newcerts 472 * touch demoCA/index.txt 473 * echo "01" > demoCA/serial 474 * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 475 */ 476 477 /** 478 * Generated from above and converted with: 479 * 480 * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 481 */ 482 private static final byte[] FAKE_EC_CA_1 = { 483 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x58, (byte) 0x30, (byte) 0x82, 484 (byte) 0x01, (byte) 0xc1, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 485 (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0xb2, 486 (byte) 0x8c, (byte) 0x04, (byte) 0x95, (byte) 0xeb, (byte) 0x10, (byte) 0xcb, 487 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 488 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 489 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x45, (byte) 0x31, 490 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 491 (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, 492 (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, 493 (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, 494 (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, 495 (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, 496 (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, 497 (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, 498 (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, 499 (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, 500 (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, 501 (byte) 0x74, (byte) 0x64, (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, 502 (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, 503 (byte) 0x31, (byte) 0x36, (byte) 0x32, (byte) 0x38, (byte) 0x32, (byte) 0x38, 504 (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, 505 (byte) 0x38, (byte) 0x32, (byte) 0x35, (byte) 0x31, (byte) 0x36, (byte) 0x32, 506 (byte) 0x38, (byte) 0x32, (byte) 0x38, (byte) 0x5a, (byte) 0x30, (byte) 0x45, 507 (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, 508 (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, 509 (byte) 0x55, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, 510 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, 511 (byte) 0x53, (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, 512 (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, 513 (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 514 (byte) 0x0a, (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, 515 (byte) 0x65, (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, 516 (byte) 0x57, (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, 517 (byte) 0x73, (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, 518 (byte) 0x4c, (byte) 0x74, (byte) 0x64, (byte) 0x30, (byte) 0x81, (byte) 0x9f, 519 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 520 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 521 (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, 522 (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, 523 (byte) 0x81, (byte) 0x00, (byte) 0xb5, (byte) 0xf6, (byte) 0x08, (byte) 0x0f, 524 (byte) 0xc4, (byte) 0x4d, (byte) 0xe4, (byte) 0x0d, (byte) 0x34, (byte) 0x1d, 525 (byte) 0xe2, (byte) 0x23, (byte) 0x18, (byte) 0x63, (byte) 0x03, (byte) 0xf7, 526 (byte) 0x14, (byte) 0x0e, (byte) 0x98, (byte) 0xcd, (byte) 0x45, (byte) 0x1f, 527 (byte) 0xfe, (byte) 0xfb, (byte) 0x09, (byte) 0x3f, (byte) 0x5d, (byte) 0x36, 528 (byte) 0x3b, (byte) 0x0f, (byte) 0xf9, (byte) 0x5e, (byte) 0x86, (byte) 0x56, 529 (byte) 0x64, (byte) 0xd7, (byte) 0x3f, (byte) 0xae, (byte) 0x33, (byte) 0x09, 530 (byte) 0xd3, (byte) 0xdd, (byte) 0x06, (byte) 0x17, (byte) 0x26, (byte) 0xdc, 531 (byte) 0xa2, (byte) 0x8c, (byte) 0x3c, (byte) 0x65, (byte) 0xed, (byte) 0x03, 532 (byte) 0x82, (byte) 0x78, (byte) 0x9b, (byte) 0xee, (byte) 0xe3, (byte) 0x98, 533 (byte) 0x58, (byte) 0xe1, (byte) 0xf1, (byte) 0xa0, (byte) 0x85, (byte) 0xae, 534 (byte) 0x63, (byte) 0x84, (byte) 0x41, (byte) 0x46, (byte) 0xa7, (byte) 0x4f, 535 (byte) 0xdc, (byte) 0xbb, (byte) 0x1c, (byte) 0x6e, (byte) 0xec, (byte) 0x7b, 536 (byte) 0xd5, (byte) 0xab, (byte) 0x3d, (byte) 0x6a, (byte) 0x05, (byte) 0x58, 537 (byte) 0x0f, (byte) 0x9b, (byte) 0x6a, (byte) 0x67, (byte) 0x4b, (byte) 0xe9, 538 (byte) 0x2a, (byte) 0x6d, (byte) 0x96, (byte) 0x11, (byte) 0x53, (byte) 0x95, 539 (byte) 0x78, (byte) 0xaa, (byte) 0xd1, (byte) 0x91, (byte) 0x4a, (byte) 0xf8, 540 (byte) 0x54, (byte) 0x52, (byte) 0x6d, (byte) 0xb9, (byte) 0xca, (byte) 0x74, 541 (byte) 0x81, (byte) 0xf8, (byte) 0x99, (byte) 0x64, (byte) 0xd1, (byte) 0x4f, 542 (byte) 0x01, (byte) 0x38, (byte) 0x4f, (byte) 0x08, (byte) 0x5c, (byte) 0x31, 543 (byte) 0xcb, (byte) 0x7c, (byte) 0x5c, (byte) 0x78, (byte) 0x5d, (byte) 0x47, 544 (byte) 0xd9, (byte) 0xf0, (byte) 0x1a, (byte) 0xeb, (byte) 0x02, (byte) 0x03, 545 (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x50, (byte) 0x30, 546 (byte) 0x4e, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, 547 (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, 548 (byte) 0x5f, (byte) 0x5b, (byte) 0x5e, (byte) 0xac, (byte) 0x29, (byte) 0xfa, 549 (byte) 0xa1, (byte) 0x9f, (byte) 0x9e, (byte) 0xad, (byte) 0x46, (byte) 0xe1, 550 (byte) 0xbc, (byte) 0x20, (byte) 0x72, (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, 551 (byte) 0xfa, (byte) 0xe3, (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, 552 (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, (byte) 0x30, 553 (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x5f, (byte) 0x5b, (byte) 0x5e, 554 (byte) 0xac, (byte) 0x29, (byte) 0xfa, (byte) 0xa1, (byte) 0x9f, (byte) 0x9e, 555 (byte) 0xad, (byte) 0x46, (byte) 0xe1, (byte) 0xbc, (byte) 0x20, (byte) 0x72, 556 (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, (byte) 0xfa, (byte) 0xe3, (byte) 0x30, 557 (byte) 0x0c, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 558 (byte) 0x04, (byte) 0x05, (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, 559 (byte) 0xff, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, 560 (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, 561 (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, 562 (byte) 0x81, (byte) 0x00, (byte) 0xa1, (byte) 0x4a, (byte) 0xe6, (byte) 0xfc, 563 (byte) 0x7f, (byte) 0x17, (byte) 0xaa, (byte) 0x65, (byte) 0x4a, (byte) 0x34, 564 (byte) 0xde, (byte) 0x69, (byte) 0x67, (byte) 0x54, (byte) 0x4d, (byte) 0xa2, 565 (byte) 0xc2, (byte) 0x98, (byte) 0x02, (byte) 0x43, (byte) 0x6a, (byte) 0x0e, 566 (byte) 0x0b, (byte) 0x7f, (byte) 0xa4, (byte) 0x46, (byte) 0xaf, (byte) 0xa4, 567 (byte) 0x65, (byte) 0xa0, (byte) 0xdb, (byte) 0xf1, (byte) 0x5b, (byte) 0xd5, 568 (byte) 0x09, (byte) 0xbc, (byte) 0xee, (byte) 0x37, (byte) 0x51, (byte) 0x19, 569 (byte) 0x36, (byte) 0xc0, (byte) 0x90, (byte) 0xd3, (byte) 0x5f, (byte) 0xf3, 570 (byte) 0x4f, (byte) 0xb9, (byte) 0x08, (byte) 0x45, (byte) 0x0e, (byte) 0x01, 571 (byte) 0x8a, (byte) 0x95, (byte) 0xef, (byte) 0x92, (byte) 0x95, (byte) 0x33, 572 (byte) 0x78, (byte) 0xdd, (byte) 0x90, (byte) 0xbb, (byte) 0xf3, (byte) 0x06, 573 (byte) 0x75, (byte) 0xd0, (byte) 0x66, (byte) 0xe6, (byte) 0xd0, (byte) 0x18, 574 (byte) 0x6e, (byte) 0xeb, (byte) 0x1c, (byte) 0x52, (byte) 0xc3, (byte) 0x2e, 575 (byte) 0x57, (byte) 0x7d, (byte) 0xa9, (byte) 0x03, (byte) 0xdb, (byte) 0xf4, 576 (byte) 0x57, (byte) 0x5f, (byte) 0x6c, (byte) 0x7e, (byte) 0x00, (byte) 0x0d, 577 (byte) 0x8f, (byte) 0xe8, (byte) 0x91, (byte) 0xf7, (byte) 0xae, (byte) 0x24, 578 (byte) 0x35, (byte) 0x07, (byte) 0xb5, (byte) 0x48, (byte) 0x2d, (byte) 0x36, 579 (byte) 0x30, (byte) 0x5d, (byte) 0xe9, (byte) 0x49, (byte) 0x2d, (byte) 0xd1, 580 (byte) 0x5d, (byte) 0xc5, (byte) 0xf4, (byte) 0x33, (byte) 0x77, (byte) 0x3c, 581 (byte) 0x71, (byte) 0xad, (byte) 0x90, (byte) 0x65, (byte) 0xa9, (byte) 0xc1, 582 (byte) 0x0b, (byte) 0x5c, (byte) 0x62, (byte) 0x55, (byte) 0x50, (byte) 0x6f, 583 (byte) 0x9b, (byte) 0xc9, (byte) 0x0d, (byte) 0xee 584 }; 585 586 /** 587 * Generated from above and converted with: 588 * 589 * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' 590 */ 591 private static final byte[] FAKE_EC_KEY_1 = new byte[] { 592 (byte) 0x30, (byte) 0x81, (byte) 0x87, (byte) 0x02, (byte) 0x01, (byte) 0x00, 593 (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, 594 (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, (byte) 0x06, 595 (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, 596 (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x04, (byte) 0x6d, (byte) 0x30, 597 (byte) 0x6b, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x04, (byte) 0x20, 598 (byte) 0x3a, (byte) 0x8a, (byte) 0x02, (byte) 0xdc, (byte) 0xde, (byte) 0x70, 599 (byte) 0x84, (byte) 0x45, (byte) 0x34, (byte) 0xaf, (byte) 0xbd, (byte) 0xd5, 600 (byte) 0x02, (byte) 0x17, (byte) 0x69, (byte) 0x90, (byte) 0x65, (byte) 0x1e, 601 (byte) 0x87, (byte) 0xf1, (byte) 0x3d, (byte) 0x17, (byte) 0xb6, (byte) 0xf4, 602 (byte) 0x31, (byte) 0x94, (byte) 0x86, (byte) 0x76, (byte) 0x55, (byte) 0xf7, 603 (byte) 0xcc, (byte) 0xba, (byte) 0xa1, (byte) 0x44, (byte) 0x03, (byte) 0x42, 604 (byte) 0x00, (byte) 0x04, (byte) 0xd9, (byte) 0xcf, (byte) 0xe7, (byte) 0x9b, 605 (byte) 0x23, (byte) 0xc8, (byte) 0xa3, (byte) 0xb8, (byte) 0x33, (byte) 0x14, 606 (byte) 0xa4, (byte) 0x4d, (byte) 0x75, (byte) 0x90, (byte) 0xf3, (byte) 0xcd, 607 (byte) 0x43, (byte) 0xe5, (byte) 0x1b, (byte) 0x05, (byte) 0x1d, (byte) 0xf3, 608 (byte) 0xd0, (byte) 0xa3, (byte) 0xb7, (byte) 0x32, (byte) 0x5f, (byte) 0x79, 609 (byte) 0xdc, (byte) 0x88, (byte) 0xb8, (byte) 0x4d, (byte) 0xb3, (byte) 0xd1, 610 (byte) 0x6d, (byte) 0xf7, (byte) 0x75, (byte) 0xf3, (byte) 0xbf, (byte) 0x50, 611 (byte) 0xa1, (byte) 0xbc, (byte) 0x03, (byte) 0x64, (byte) 0x22, (byte) 0xe6, 612 (byte) 0x1a, (byte) 0xa1, (byte) 0xe1, (byte) 0x06, (byte) 0x68, (byte) 0x3b, 613 (byte) 0xbc, (byte) 0x9f, (byte) 0xd3, (byte) 0xae, (byte) 0x77, (byte) 0x5e, 614 (byte) 0x88, (byte) 0x0c, (byte) 0x5e, (byte) 0x0c, (byte) 0xb2, (byte) 0x38 615 }; 616 617 /** 618 * Generated from above and converted with: 619 * 620 * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 621 */ 622 private static final byte[] FAKE_EC_USER_1 = new byte[] { 623 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x51, (byte) 0x30, (byte) 0x82, 624 (byte) 0x01, (byte) 0xba, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 625 (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, 626 (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, 627 (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, 628 (byte) 0x00, (byte) 0x30, (byte) 0x45, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 629 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 630 (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, (byte) 0x13, 631 (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 632 (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, (byte) 0x6d, 633 (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, (byte) 0x74, 634 (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, (byte) 0x06, 635 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x18, 636 (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x6e, 637 (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, (byte) 0x64, 638 (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, (byte) 0x50, 639 (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, (byte) 0x64, 640 (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x33, 641 (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, (byte) 0x31, (byte) 0x36, 642 (byte) 0x33, (byte) 0x30, (byte) 0x30, (byte) 0x38, (byte) 0x5a, (byte) 0x17, 643 (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, 644 (byte) 0x35, (byte) 0x31, (byte) 0x36, (byte) 0x33, (byte) 0x30, (byte) 0x30, 645 (byte) 0x38, (byte) 0x5a, (byte) 0x30, (byte) 0x62, (byte) 0x31, (byte) 0x0b, 646 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 647 (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, 648 (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, 649 (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, 650 (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, 651 (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, 652 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, 653 (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, 654 (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, 655 (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, 656 (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, 657 (byte) 0x64, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, 658 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x12, 659 (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, (byte) 0x65, (byte) 0x72, 660 (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x61, (byte) 0x6d, (byte) 0x70, 661 (byte) 0x6c, (byte) 0x65, (byte) 0x2e, (byte) 0x63, (byte) 0x6f, (byte) 0x6d, 662 (byte) 0x30, (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, 663 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, 664 (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, 665 (byte) 0xce, (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, 666 (byte) 0x42, (byte) 0x00, (byte) 0x04, (byte) 0xd9, (byte) 0xcf, (byte) 0xe7, 667 (byte) 0x9b, (byte) 0x23, (byte) 0xc8, (byte) 0xa3, (byte) 0xb8, (byte) 0x33, 668 (byte) 0x14, (byte) 0xa4, (byte) 0x4d, (byte) 0x75, (byte) 0x90, (byte) 0xf3, 669 (byte) 0xcd, (byte) 0x43, (byte) 0xe5, (byte) 0x1b, (byte) 0x05, (byte) 0x1d, 670 (byte) 0xf3, (byte) 0xd0, (byte) 0xa3, (byte) 0xb7, (byte) 0x32, (byte) 0x5f, 671 (byte) 0x79, (byte) 0xdc, (byte) 0x88, (byte) 0xb8, (byte) 0x4d, (byte) 0xb3, 672 (byte) 0xd1, (byte) 0x6d, (byte) 0xf7, (byte) 0x75, (byte) 0xf3, (byte) 0xbf, 673 (byte) 0x50, (byte) 0xa1, (byte) 0xbc, (byte) 0x03, (byte) 0x64, (byte) 0x22, 674 (byte) 0xe6, (byte) 0x1a, (byte) 0xa1, (byte) 0xe1, (byte) 0x06, (byte) 0x68, 675 (byte) 0x3b, (byte) 0xbc, (byte) 0x9f, (byte) 0xd3, (byte) 0xae, (byte) 0x77, 676 (byte) 0x5e, (byte) 0x88, (byte) 0x0c, (byte) 0x5e, (byte) 0x0c, (byte) 0xb2, 677 (byte) 0x38, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, (byte) 0x79, (byte) 0x30, 678 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 679 (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, (byte) 0x30, (byte) 0x2c, 680 (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, (byte) 0x48, (byte) 0x01, 681 (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, (byte) 0x0d, (byte) 0x04, 682 (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, (byte) 0x70, (byte) 0x65, 683 (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, (byte) 0x20, (byte) 0x47, 684 (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, (byte) 0x61, (byte) 0x74, 685 (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, (byte) 0x65, (byte) 0x72, 686 (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61, 687 (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, 688 (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, 689 (byte) 0x14, (byte) 0xd5, (byte) 0xc4, (byte) 0x72, (byte) 0xbd, (byte) 0xd2, 690 (byte) 0x4e, (byte) 0x90, (byte) 0x1b, (byte) 0x14, (byte) 0x32, (byte) 0xdb, 691 (byte) 0x03, (byte) 0xae, (byte) 0xfa, (byte) 0x27, (byte) 0x7d, (byte) 0x8d, 692 (byte) 0xe4, (byte) 0x80, (byte) 0x58, (byte) 0x30, (byte) 0x1f, (byte) 0x06, 693 (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, 694 (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x5f, (byte) 0x5b, 695 (byte) 0x5e, (byte) 0xac, (byte) 0x29, (byte) 0xfa, (byte) 0xa1, (byte) 0x9f, 696 (byte) 0x9e, (byte) 0xad, (byte) 0x46, (byte) 0xe1, (byte) 0xbc, (byte) 0x20, 697 (byte) 0x72, (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, (byte) 0xfa, (byte) 0xe3, 698 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 699 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 700 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, 701 (byte) 0x00, (byte) 0x43, (byte) 0x99, (byte) 0x9f, (byte) 0x67, (byte) 0x08, 702 (byte) 0x43, (byte) 0xd5, (byte) 0x6b, (byte) 0x6f, (byte) 0xd7, (byte) 0x05, 703 (byte) 0xd6, (byte) 0x75, (byte) 0x34, (byte) 0x30, (byte) 0xca, (byte) 0x20, 704 (byte) 0x47, (byte) 0x61, (byte) 0xa1, (byte) 0x89, (byte) 0xb6, (byte) 0xf1, 705 (byte) 0x49, (byte) 0x7b, (byte) 0xd9, (byte) 0xb9, (byte) 0xe8, (byte) 0x1e, 706 (byte) 0x29, (byte) 0x74, (byte) 0x0a, (byte) 0x67, (byte) 0xc0, (byte) 0x7d, 707 (byte) 0xb8, (byte) 0xe6, (byte) 0x39, (byte) 0xa8, (byte) 0x5e, (byte) 0xc3, 708 (byte) 0xb0, (byte) 0xa1, (byte) 0x30, (byte) 0x6a, (byte) 0x1f, (byte) 0x1d, 709 (byte) 0xfc, (byte) 0x11, (byte) 0x59, (byte) 0x0b, (byte) 0xb9, (byte) 0xad, 710 (byte) 0x3a, (byte) 0x4e, (byte) 0x50, (byte) 0x0a, (byte) 0x61, (byte) 0xdb, 711 (byte) 0x75, (byte) 0x6b, (byte) 0xe5, (byte) 0x3f, (byte) 0x8d, (byte) 0xde, 712 (byte) 0x28, (byte) 0x68, (byte) 0xb1, (byte) 0x29, (byte) 0x9a, (byte) 0x18, 713 (byte) 0x8a, (byte) 0xfc, (byte) 0x3f, (byte) 0x13, (byte) 0x93, (byte) 0x29, 714 (byte) 0xed, (byte) 0x22, (byte) 0x7c, (byte) 0xb4, (byte) 0x50, (byte) 0xd5, 715 (byte) 0x4d, (byte) 0x32, (byte) 0x4d, (byte) 0x42, (byte) 0x2b, (byte) 0x29, 716 (byte) 0x97, (byte) 0x86, (byte) 0xc0, (byte) 0x01, (byte) 0x00, (byte) 0x25, 717 (byte) 0xf6, (byte) 0xd3, (byte) 0x2a, (byte) 0xd8, (byte) 0xda, (byte) 0x13, 718 (byte) 0x94, (byte) 0x12, (byte) 0x78, (byte) 0x14, (byte) 0x0b, (byte) 0x51, 719 (byte) 0xc0, (byte) 0x45, (byte) 0xb4, (byte) 0x02, (byte) 0x37, (byte) 0x98, 720 (byte) 0x42, (byte) 0x3c, (byte) 0xcb, (byte) 0x2e, (byte) 0xe4, (byte) 0x38, 721 (byte) 0x69, (byte) 0x1b, (byte) 0x72, (byte) 0xf0, (byte) 0xaa, (byte) 0x89, 722 (byte) 0x7e, (byte) 0xde, (byte) 0xb2 723 }; 724 725 /** 726 * The amount of time to allow before and after expected time for variance 727 * in timing tests. 728 */ 729 private static final long SLOP_TIME_MILLIS = 15000L; 730 731 @Override 732 protected void setUp() throws Exception { 733 mAndroidKeyStore = android.security.KeyStore.getInstance(); 734 735 assertTrue(mAndroidKeyStore.reset()); 736 assertFalse(mAndroidKeyStore.isUnlocked()); 737 738 mKeyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); 739 } 740 741 private void setupPassword() { 742 assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); 743 assertTrue(mAndroidKeyStore.isUnlocked()); 744 745 assertEquals(0, mAndroidKeyStore.saw("").length); 746 } 747 748 private void assertAliases(final String[] expectedAliases) throws KeyStoreException { 749 final Enumeration<String> aliases = mKeyStore.aliases(); 750 int count = 0; 751 752 final Set<String> expectedSet = new HashSet<String>(); 753 expectedSet.addAll(Arrays.asList(expectedAliases)); 754 755 while (aliases.hasMoreElements()) { 756 count++; 757 final String alias = aliases.nextElement(); 758 assertTrue("The alias should be in the expected set", expectedSet.contains(alias)); 759 expectedSet.remove(alias); 760 } 761 assertTrue("The expected set and actual set should be exactly equal", expectedSet.isEmpty()); 762 assertEquals("There should be the correct number of keystore entries", 763 expectedAliases.length, count); 764 } 765 766 public void testKeyStore_Aliases_Encrypted_Success() throws Exception { 767 setupPassword(); 768 769 mKeyStore.load(null, null); 770 771 assertAliases(new String[] {}); 772 773 assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 774 KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, 775 null)); 776 777 assertAliases(new String[] { TEST_ALIAS_1 }); 778 779 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, 780 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 781 782 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); 783 } 784 785 public void testKeyStore_Aliases_NotInitialized_Encrypted_Failure() throws Exception { 786 setupPassword(); 787 788 try { 789 mKeyStore.aliases(); 790 fail("KeyStore should throw exception when not initialized"); 791 } catch (KeyStoreException success) { 792 } 793 } 794 795 public void testKeyStore_ContainsAliases_PrivateAndCA_Encrypted_Success() throws Exception { 796 setupPassword(); 797 798 mKeyStore.load(null, null); 799 800 assertAliases(new String[] {}); 801 802 assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 803 KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, 804 null)); 805 806 assertTrue("Should contain generated private key", mKeyStore.containsAlias(TEST_ALIAS_1)); 807 808 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, 809 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 810 811 assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); 812 813 assertFalse("Should not contain unadded certificate alias", 814 mKeyStore.containsAlias(TEST_ALIAS_3)); 815 } 816 817 public void testKeyStore_ContainsAliases_CAOnly_Encrypted_Success() throws Exception { 818 setupPassword(); 819 820 mKeyStore.load(null, null); 821 822 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, 823 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 824 825 assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); 826 } 827 828 public void testKeyStore_ContainsAliases_NonExistent_Encrypted_Failure() throws Exception { 829 setupPassword(); 830 831 mKeyStore.load(null, null); 832 833 assertFalse("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_1)); 834 } 835 836 public void testKeyStore_DeleteEntry_Encrypted_Success() throws Exception { 837 setupPassword(); 838 839 mKeyStore.load(null, null); 840 841 // TEST_ALIAS_1 842 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 843 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 844 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 845 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 846 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 847 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 848 849 // TEST_ALIAS_2 850 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, 851 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 852 853 // TEST_ALIAS_3 854 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_3, FAKE_RSA_CA_1, 855 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 856 857 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); 858 859 mKeyStore.deleteEntry(TEST_ALIAS_1); 860 861 assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); 862 863 mKeyStore.deleteEntry(TEST_ALIAS_3); 864 865 assertAliases(new String[] { TEST_ALIAS_2 }); 866 867 mKeyStore.deleteEntry(TEST_ALIAS_2); 868 869 assertAliases(new String[] { }); 870 } 871 872 public void testKeyStore_DeleteEntry_EmptyStore_Encrypted_Success() throws Exception { 873 setupPassword(); 874 875 mKeyStore.load(null, null); 876 877 // Should not throw when a non-existent entry is requested for delete. 878 mKeyStore.deleteEntry(TEST_ALIAS_1); 879 } 880 881 public void testKeyStore_DeleteEntry_NonExistent_Encrypted_Success() throws Exception { 882 setupPassword(); 883 884 mKeyStore.load(null, null); 885 886 // TEST_ALIAS_1 887 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 888 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 889 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 890 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 891 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 892 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 893 894 // Should not throw when a non-existent entry is requested for delete. 895 mKeyStore.deleteEntry(TEST_ALIAS_2); 896 } 897 898 public void testKeyStore_GetCertificate_Single_Encrypted_Success() throws Exception { 899 setupPassword(); 900 901 mKeyStore.load(null, null); 902 903 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 904 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 905 906 assertAliases(new String[] { TEST_ALIAS_1 }); 907 908 assertNull("Certificate should not exist in keystore", 909 mKeyStore.getCertificate(TEST_ALIAS_2)); 910 911 Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); 912 913 assertNotNull("Retrieved certificate should not be null", retrieved); 914 915 CertificateFactory f = CertificateFactory.getInstance("X.509"); 916 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 917 918 assertEquals("Actual and retrieved certificates should be the same", actual, retrieved); 919 } 920 921 public void testKeyStore_GetCertificate_NonExist_Encrypted_Failure() throws Exception { 922 setupPassword(); 923 924 mKeyStore.load(null, null); 925 926 assertNull("Certificate should not exist in keystore", 927 mKeyStore.getCertificate(TEST_ALIAS_1)); 928 } 929 930 public void testKeyStore_GetCertificateAlias_CAEntry_Encrypted_Success() throws Exception { 931 setupPassword(); 932 933 mKeyStore.load(null, null); 934 935 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 936 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 937 938 CertificateFactory f = CertificateFactory.getInstance("X.509"); 939 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 940 941 assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, 942 mKeyStore.getCertificateAlias(actual)); 943 } 944 945 public void testKeyStore_GetCertificateAlias_PrivateKeyEntry_Encrypted_Success() 946 throws Exception { 947 setupPassword(); 948 949 mKeyStore.load(null, null); 950 951 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 952 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 953 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 954 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 955 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 956 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 957 958 CertificateFactory f = CertificateFactory.getInstance("X.509"); 959 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 960 961 assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, 962 mKeyStore.getCertificateAlias(actual)); 963 } 964 965 public void testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Encrypted_Success() 966 throws Exception { 967 setupPassword(); 968 969 mKeyStore.load(null, null); 970 971 // Insert TrustedCertificateEntry with CA name 972 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, 973 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 974 975 // Insert PrivateKeyEntry that uses the same CA 976 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 977 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 978 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 979 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 980 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 981 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 982 983 CertificateFactory f = CertificateFactory.getInstance("X.509"); 984 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 985 986 assertEquals("Stored certificate alias should be found", TEST_ALIAS_2, 987 mKeyStore.getCertificateAlias(actual)); 988 } 989 990 public void testKeyStore_GetCertificateAlias_NonExist_Empty_Encrypted_Failure() 991 throws Exception { 992 setupPassword(); 993 994 mKeyStore.load(null, null); 995 996 CertificateFactory f = CertificateFactory.getInstance("X.509"); 997 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 998 999 assertNull("Stored certificate alias should not be found", 1000 mKeyStore.getCertificateAlias(actual)); 1001 } 1002 1003 public void testKeyStore_GetCertificateAlias_NonExist_Encrypted_Failure() throws Exception { 1004 setupPassword(); 1005 1006 mKeyStore.load(null, null); 1007 1008 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1009 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1010 1011 CertificateFactory f = CertificateFactory.getInstance("X.509"); 1012 Certificate userCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1013 1014 assertNull("Stored certificate alias should be found", 1015 mKeyStore.getCertificateAlias(userCert)); 1016 } 1017 1018 public void testKeyStore_GetCertificateChain_SingleLength_Encrypted_Success() throws Exception { 1019 setupPassword(); 1020 1021 mKeyStore.load(null, null); 1022 1023 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1024 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1025 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1026 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1027 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1028 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1029 1030 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 1031 Certificate[] expected = new Certificate[2]; 1032 expected[0] = cf.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1033 expected[1] = cf.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1034 1035 Certificate[] actual = mKeyStore.getCertificateChain(TEST_ALIAS_1); 1036 1037 assertNotNull("Returned certificate chain should not be null", actual); 1038 assertEquals("Returned certificate chain should be correct size", expected.length, 1039 actual.length); 1040 assertEquals("First certificate should be user certificate", expected[0], actual[0]); 1041 assertEquals("Second certificate should be CA certificate", expected[1], actual[1]); 1042 1043 // Negative test when keystore is populated. 1044 assertNull("Stored certificate alias should not be found", 1045 mKeyStore.getCertificateChain(TEST_ALIAS_2)); 1046 } 1047 1048 public void testKeyStore_GetCertificateChain_NonExist_Encrypted_Failure() throws Exception { 1049 setupPassword(); 1050 1051 mKeyStore.load(null, null); 1052 1053 assertNull("Stored certificate alias should not be found", 1054 mKeyStore.getCertificateChain(TEST_ALIAS_1)); 1055 } 1056 1057 public void testKeyStore_GetCreationDate_PrivateKeyEntry_Encrypted_Success() throws Exception { 1058 setupPassword(); 1059 1060 mKeyStore.load(null, null); 1061 1062 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1063 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1064 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1065 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1066 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1067 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1068 1069 Date now = new Date(); 1070 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 1071 1072 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 1073 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 1074 1075 assertTrue("Time should be close to current time", actual.before(expectedBefore)); 1076 assertTrue("Time should be close to current time", actual.after(expectedAfter)); 1077 } 1078 1079 public void testKeyStore_GetCreationDate_PrivateKeyEntry_Unencrypted_Success() throws Exception { 1080 mKeyStore.load(null, null); 1081 1082 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1083 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1084 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1085 KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1086 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1087 KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1088 1089 Date now = new Date(); 1090 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 1091 1092 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 1093 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 1094 1095 assertTrue("Time should be close to current time", actual.before(expectedBefore)); 1096 assertTrue("Time should be close to current time", actual.after(expectedAfter)); 1097 } 1098 1099 public void testKeyStore_GetCreationDate_CAEntry_Encrypted_Success() throws Exception { 1100 setupPassword(); 1101 1102 mKeyStore.load(null, null); 1103 1104 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1105 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1106 1107 Date now = new Date(); 1108 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 1109 assertNotNull("Certificate should be found", actual); 1110 1111 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 1112 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 1113 1114 assertTrue("Time should be close to current time", actual.before(expectedBefore)); 1115 assertTrue("Time should be close to current time", actual.after(expectedAfter)); 1116 } 1117 1118 public void testKeyStore_GetEntry_NullParams_Encrypted_Success() throws Exception { 1119 setupPassword(); 1120 1121 mKeyStore.load(null, null); 1122 1123 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1124 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1125 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1126 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1127 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1128 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1129 1130 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1131 assertNotNull("Entry should exist", entry); 1132 1133 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1134 1135 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1136 1137 assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1138 FAKE_RSA_CA_1); 1139 } 1140 1141 public void testKeyStore_GetEntry_EC_NullParams_Unencrypted_Success() throws Exception { 1142 mKeyStore.load(null, null); 1143 1144 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1145 FAKE_EC_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1146 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 1147 FAKE_EC_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1148 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_EC_CA_1, 1149 KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1150 1151 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1152 assertNotNull("Entry should exist", entry); 1153 1154 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1155 1156 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1157 1158 assertPrivateKeyEntryEquals(keyEntry, "EC", FAKE_EC_KEY_1, FAKE_EC_USER_1, FAKE_EC_CA_1); 1159 } 1160 1161 public void testKeyStore_GetEntry_RSA_NullParams_Unencrypted_Success() throws Exception { 1162 mKeyStore.load(null, null); 1163 1164 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1165 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1166 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 1167 FAKE_RSA_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1168 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1169 KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1170 1171 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1172 assertNotNull("Entry should exist", entry); 1173 1174 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1175 1176 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1177 1178 assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1179 FAKE_RSA_CA_1); 1180 } 1181 1182 @SuppressWarnings("unchecked") 1183 private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, String keyType, byte[] key, 1184 byte[] cert, byte[] ca) throws Exception { 1185 KeyFactory keyFact = KeyFactory.getInstance(keyType); 1186 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(key)); 1187 1188 CertificateFactory certFact = CertificateFactory.getInstance("X.509"); 1189 Certificate expectedCert = certFact.generateCertificate(new ByteArrayInputStream(cert)); 1190 1191 final Collection<Certificate> expectedChain; 1192 if (ca != null) { 1193 expectedChain = (Collection<Certificate>) certFact 1194 .generateCertificates(new ByteArrayInputStream(ca)); 1195 } else { 1196 expectedChain = null; 1197 } 1198 1199 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, expectedChain); 1200 } 1201 1202 private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey, 1203 Certificate expectedCert, Collection<Certificate> expectedChain) throws Exception { 1204 if (expectedKey instanceof ECPrivateKey) { 1205 assertEquals("Returned PrivateKey should be what we inserted", 1206 ((ECPrivateKey) expectedKey).getParams().getCurve(), 1207 ((ECPublicKey) keyEntry.getCertificate().getPublicKey()).getParams().getCurve()); 1208 } else if (expectedKey instanceof RSAPrivateKey) { 1209 assertEquals("Returned PrivateKey should be what we inserted", 1210 ((RSAPrivateKey) expectedKey).getModulus(), 1211 ((RSAPrivateKey) keyEntry.getPrivateKey()).getModulus()); 1212 } 1213 1214 assertEquals("Returned Certificate should be what we inserted", expectedCert, 1215 keyEntry.getCertificate()); 1216 1217 Certificate[] actualChain = keyEntry.getCertificateChain(); 1218 1219 assertEquals("First certificate in chain should be user cert", expectedCert, actualChain[0]); 1220 1221 if (expectedChain == null) { 1222 assertEquals("Certificate chain should not include CAs", 1, actualChain.length); 1223 } else { 1224 int i = 1; 1225 final Iterator<Certificate> it = expectedChain.iterator(); 1226 while (it.hasNext()) { 1227 assertEquals("CA chain certificate should equal what we put in", it.next(), 1228 actualChain[i++]); 1229 } 1230 } 1231 } 1232 1233 public void testKeyStore_GetEntry_Nonexistent_NullParams_Encrypted_Failure() throws Exception { 1234 setupPassword(); 1235 1236 mKeyStore.load(null, null); 1237 1238 assertNull("A non-existent entry should return null", 1239 mKeyStore.getEntry(TEST_ALIAS_1, null)); 1240 } 1241 1242 public void testKeyStore_GetEntry_Nonexistent_NullParams_Unencrypted_Failure() throws Exception { 1243 mKeyStore.load(null, null); 1244 1245 assertNull("A non-existent entry should return null", 1246 mKeyStore.getEntry(TEST_ALIAS_1, null)); 1247 } 1248 1249 public void testKeyStore_GetKey_NoPassword_Encrypted_Success() throws Exception { 1250 setupPassword(); 1251 1252 mKeyStore.load(null, null); 1253 1254 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1255 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1256 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1257 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1258 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1259 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1260 1261 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1262 assertNotNull("Key should exist", key); 1263 1264 assertTrue("Should be a RSAPrivateKey", key instanceof RSAPrivateKey); 1265 1266 RSAPrivateKey actualKey = (RSAPrivateKey) key; 1267 1268 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1269 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1270 1271 assertEquals("Inserted key should be same as retrieved key", 1272 ((RSAPrivateKey) expectedKey).getModulus(), actualKey.getModulus()); 1273 } 1274 1275 public void testKeyStore_GetKey_NoPassword_Unencrypted_Success() throws Exception { 1276 mKeyStore.load(null, null); 1277 1278 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1279 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1280 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1281 KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1282 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1283 KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1284 1285 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1286 assertNotNull("Key should exist", key); 1287 1288 assertTrue("Should be a RSAPrivateKey", key instanceof RSAPrivateKey); 1289 1290 RSAPrivateKey actualKey = (RSAPrivateKey) key; 1291 1292 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1293 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1294 1295 assertEquals("Inserted key should be same as retrieved key", 1296 ((RSAPrivateKey) expectedKey).getModulus(), actualKey.getModulus()); 1297 } 1298 1299 public void testKeyStore_GetKey_Certificate_Encrypted_Failure() throws Exception { 1300 setupPassword(); 1301 1302 mKeyStore.load(null, null); 1303 1304 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1305 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1306 1307 assertNull("Certificate entries should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); 1308 } 1309 1310 public void testKeyStore_GetKey_NonExistent_Encrypted_Failure() throws Exception { 1311 setupPassword(); 1312 1313 mKeyStore.load(null, null); 1314 1315 assertNull("A non-existent entry should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); 1316 } 1317 1318 public void testKeyStore_GetProvider_Encrypted_Success() throws Exception { 1319 assertEquals(AndroidKeyStoreProvider.PROVIDER_NAME, mKeyStore.getProvider().getName()); 1320 setupPassword(); 1321 assertEquals(AndroidKeyStoreProvider.PROVIDER_NAME, mKeyStore.getProvider().getName()); 1322 } 1323 1324 public void testKeyStore_GetType_Encrypted_Success() throws Exception { 1325 assertEquals(AndroidKeyStoreSpi.NAME, mKeyStore.getType()); 1326 setupPassword(); 1327 assertEquals(AndroidKeyStoreSpi.NAME, mKeyStore.getType()); 1328 } 1329 1330 public void testKeyStore_IsCertificateEntry_CA_Encrypted_Success() throws Exception { 1331 setupPassword(); 1332 mKeyStore.load(null, null); 1333 1334 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1335 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1336 1337 assertTrue("Should return true for CA certificate", 1338 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1339 } 1340 1341 public void testKeyStore_IsCertificateEntry_PrivateKey_Encrypted_Failure() throws Exception { 1342 setupPassword(); 1343 mKeyStore.load(null, null); 1344 1345 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1346 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1347 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1348 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1349 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1350 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1351 1352 assertFalse("Should return false for PrivateKeyEntry", 1353 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1354 } 1355 1356 public void testKeyStore_IsCertificateEntry_NonExist_Encrypted_Failure() throws Exception { 1357 setupPassword(); 1358 mKeyStore.load(null, null); 1359 1360 assertFalse("Should return false for non-existent entry", 1361 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1362 } 1363 1364 public void testKeyStore_IsCertificateEntry_NonExist_Unencrypted_Failure() throws Exception { 1365 mKeyStore.load(null, null); 1366 1367 assertFalse("Should return false for non-existent entry", 1368 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1369 } 1370 1371 public void testKeyStore_IsKeyEntry_PrivateKey_Encrypted_Success() throws Exception { 1372 setupPassword(); 1373 mKeyStore.load(null, null); 1374 1375 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1376 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1377 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1378 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1379 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1380 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1381 1382 assertTrue("Should return true for PrivateKeyEntry", mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1383 } 1384 1385 public void testKeyStore_IsKeyEntry_CA_Encrypted_Failure() throws Exception { 1386 setupPassword(); 1387 mKeyStore.load(null, null); 1388 1389 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1390 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1391 1392 assertFalse("Should return false for CA certificate", mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1393 } 1394 1395 public void testKeyStore_IsKeyEntry_NonExist_Encrypted_Failure() throws Exception { 1396 setupPassword(); 1397 mKeyStore.load(null, null); 1398 1399 assertFalse("Should return false for non-existent entry", 1400 mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1401 } 1402 1403 public void testKeyStore_SetCertificate_CA_Encrypted_Success() throws Exception { 1404 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1405 final Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1406 1407 setupPassword(); 1408 mKeyStore.load(null, null); 1409 1410 mKeyStore.setCertificateEntry(TEST_ALIAS_1, actual); 1411 assertAliases(new String[] { TEST_ALIAS_1 }); 1412 1413 Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); 1414 1415 assertEquals("Retrieved certificate should be the same as the one inserted", actual, 1416 retrieved); 1417 } 1418 1419 public void testKeyStore_SetCertificate_CAExists_Overwrite_Encrypted_Success() throws Exception { 1420 setupPassword(); 1421 mKeyStore.load(null, null); 1422 1423 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1424 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1425 1426 assertAliases(new String[] { TEST_ALIAS_1 }); 1427 1428 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1429 final Certificate cert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1430 1431 // TODO have separate FAKE_CA for second test 1432 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 1433 1434 assertAliases(new String[] { TEST_ALIAS_1 }); 1435 } 1436 1437 public void testKeyStore_SetCertificate_PrivateKeyExists_Encrypted_Failure() throws Exception { 1438 setupPassword(); 1439 mKeyStore.load(null, null); 1440 1441 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1442 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1443 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1444 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1445 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1446 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1447 1448 assertAliases(new String[] { TEST_ALIAS_1 }); 1449 1450 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1451 final Certificate cert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1452 1453 try { 1454 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 1455 fail("Should throw when trying to overwrite a PrivateKey entry with a Certificate"); 1456 } catch (KeyStoreException success) { 1457 } 1458 } 1459 1460 public void testKeyStore_SetEntry_PrivateKeyEntry_Encrypted_Success() throws Exception { 1461 setupPassword(); 1462 mKeyStore.load(null, null); 1463 1464 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1465 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1466 1467 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1468 1469 final Certificate[] expectedChain = new Certificate[2]; 1470 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1471 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1472 1473 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1474 1475 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1476 1477 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1478 assertNotNull("Retrieved entry should exist", actualEntry); 1479 1480 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1481 actualEntry instanceof PrivateKeyEntry); 1482 1483 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1484 1485 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1486 } 1487 1488 public void testKeyStore_SetEntry_PrivateKeyEntry_EC_Unencrypted_Success() throws Exception { 1489 mKeyStore.load(null, null); 1490 1491 KeyFactory keyFact = KeyFactory.getInstance("EC"); 1492 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_EC_KEY_1)); 1493 1494 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1495 1496 final Certificate[] expectedChain = new Certificate[2]; 1497 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_EC_USER_1)); 1498 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_EC_CA_1)); 1499 1500 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1501 1502 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1503 1504 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1505 assertNotNull("Retrieved entry should exist", actualEntry); 1506 1507 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1508 actualEntry instanceof PrivateKeyEntry); 1509 1510 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1511 1512 assertPrivateKeyEntryEquals(actual, "EC", FAKE_EC_KEY_1, FAKE_EC_USER_1, FAKE_EC_CA_1); 1513 } 1514 1515 public void testKeyStore_SetEntry_PrivateKeyEntry_RSA_Unencrypted_Success() throws Exception { 1516 mKeyStore.load(null, null); 1517 1518 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1519 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1520 1521 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1522 1523 final Certificate[] expectedChain = new Certificate[2]; 1524 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1525 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1526 1527 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1528 1529 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1530 1531 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1532 assertNotNull("Retrieved entry should exist", actualEntry); 1533 1534 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1535 actualEntry instanceof PrivateKeyEntry); 1536 1537 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1538 1539 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1540 } 1541 1542 public void testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure() throws Exception { 1543 mKeyStore.load(null, null); 1544 1545 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1546 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1547 1548 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1549 1550 final Certificate[] expectedChain = new Certificate[2]; 1551 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1552 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1553 1554 PrivateKeyEntry entry = new PrivateKeyEntry(expectedKey, expectedChain); 1555 1556 try { 1557 mKeyStore.setEntry(TEST_ALIAS_1, entry, 1558 new KeyStoreParameter.Builder(getContext()) 1559 .setEncryptionRequired(true) 1560 .build()); 1561 fail("Shouldn't be able to insert encrypted entry when KeyStore uninitialized"); 1562 } catch (KeyStoreException expected) { 1563 } 1564 1565 assertNull(mKeyStore.getEntry(TEST_ALIAS_1, null)); 1566 } 1567 1568 public void 1569 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Encrypted_Success() 1570 throws Exception { 1571 setupPassword(); 1572 mKeyStore.load(null, null); 1573 1574 final KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1575 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1576 1577 // Start with PrivateKeyEntry 1578 { 1579 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1580 1581 final Certificate[] expectedChain = new Certificate[2]; 1582 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1583 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1584 1585 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1586 1587 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1588 1589 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1590 assertNotNull("Retrieved entry should exist", actualEntry); 1591 1592 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1593 actualEntry instanceof PrivateKeyEntry); 1594 1595 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1596 1597 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1598 FAKE_RSA_CA_1); 1599 } 1600 1601 // TODO make entirely new test vector for the overwrite 1602 // Replace with PrivateKeyEntry 1603 { 1604 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1605 1606 final Certificate[] expectedChain = new Certificate[2]; 1607 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1608 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1609 1610 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1611 1612 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1613 1614 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1615 assertNotNull("Retrieved entry should exist", actualEntry); 1616 1617 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1618 actualEntry instanceof PrivateKeyEntry); 1619 1620 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1621 1622 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1623 FAKE_RSA_CA_1); 1624 } 1625 } 1626 1627 public void testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Encrypted_Success() 1628 throws Exception { 1629 setupPassword(); 1630 mKeyStore.load(null, null); 1631 1632 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1633 1634 // Start with TrustedCertificateEntry 1635 { 1636 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1637 1638 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1639 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1640 1641 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1642 assertNotNull("Retrieved entry should exist", actualEntry); 1643 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1644 actualEntry instanceof TrustedCertificateEntry); 1645 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1646 assertEquals("Stored and retrieved certificates should be the same", 1647 expectedCertEntry.getTrustedCertificate(), 1648 actualCertEntry.getTrustedCertificate()); 1649 } 1650 1651 // Replace with PrivateKeyEntry 1652 { 1653 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1654 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1655 final Certificate[] expectedChain = new Certificate[2]; 1656 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1657 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1658 1659 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1660 1661 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1662 1663 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1664 assertNotNull("Retrieved entry should exist", actualEntry); 1665 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1666 actualEntry instanceof PrivateKeyEntry); 1667 1668 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1669 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1670 FAKE_RSA_CA_1); 1671 } 1672 } 1673 1674 public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success() 1675 throws Exception { 1676 setupPassword(); 1677 mKeyStore.load(null, null); 1678 1679 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1680 1681 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1682 1683 // Start with PrivateKeyEntry 1684 { 1685 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1686 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1687 final Certificate[] expectedChain = new Certificate[2]; 1688 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1689 expectedChain[1] = caCert; 1690 1691 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1692 1693 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1694 1695 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1696 assertNotNull("Retrieved entry should exist", actualEntry); 1697 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1698 actualEntry instanceof PrivateKeyEntry); 1699 1700 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1701 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1702 FAKE_RSA_CA_1); 1703 } 1704 1705 // Replace with TrustedCertificateEntry 1706 { 1707 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1708 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1709 1710 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1711 assertNotNull("Retrieved entry should exist", actualEntry); 1712 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1713 actualEntry instanceof TrustedCertificateEntry); 1714 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1715 assertEquals("Stored and retrieved certificates should be the same", 1716 expectedCertEntry.getTrustedCertificate(), 1717 actualCertEntry.getTrustedCertificate()); 1718 } 1719 } 1720 1721 public 1722 void 1723 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Encrypted_Success() 1724 throws Exception { 1725 setupPassword(); 1726 mKeyStore.load(null, null); 1727 1728 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1729 1730 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1731 1732 // Start with PrivateKeyEntry 1733 { 1734 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1735 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1736 final Certificate[] expectedChain = new Certificate[2]; 1737 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1738 expectedChain[1] = caCert; 1739 1740 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1741 1742 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1743 1744 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1745 assertNotNull("Retrieved entry should exist", actualEntry); 1746 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1747 actualEntry instanceof PrivateKeyEntry); 1748 1749 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1750 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1751 FAKE_RSA_CA_1); 1752 } 1753 1754 // Replace with PrivateKeyEntry that has no chain 1755 { 1756 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1757 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1758 final Certificate[] expectedChain = new Certificate[1]; 1759 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1760 1761 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1762 1763 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1764 1765 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1766 assertNotNull("Retrieved entry should exist", actualEntry); 1767 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1768 actualEntry instanceof PrivateKeyEntry); 1769 1770 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1771 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1772 null); 1773 } 1774 } 1775 1776 public void testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Encrypted_Success() 1777 throws Exception { 1778 setupPassword(); 1779 mKeyStore.load(null, null); 1780 1781 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1782 1783 // Insert TrustedCertificateEntry 1784 { 1785 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1786 1787 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1788 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1789 1790 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1791 assertNotNull("Retrieved entry should exist", actualEntry); 1792 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1793 actualEntry instanceof TrustedCertificateEntry); 1794 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1795 assertEquals("Stored and retrieved certificates should be the same", 1796 expectedCertEntry.getTrustedCertificate(), 1797 actualCertEntry.getTrustedCertificate()); 1798 } 1799 1800 // Replace with TrustedCertificateEntry of USER 1801 { 1802 final Certificate userCert = f 1803 .generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1804 1805 TrustedCertificateEntry expectedUserEntry = new TrustedCertificateEntry(userCert); 1806 mKeyStore.setEntry(TEST_ALIAS_1, expectedUserEntry, null); 1807 1808 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1809 assertNotNull("Retrieved entry should exist", actualEntry); 1810 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1811 actualEntry instanceof TrustedCertificateEntry); 1812 TrustedCertificateEntry actualUserEntry = (TrustedCertificateEntry) actualEntry; 1813 assertEquals("Stored and retrieved certificates should be the same", 1814 expectedUserEntry.getTrustedCertificate(), 1815 actualUserEntry.getTrustedCertificate()); 1816 } 1817 } 1818 1819 public void testKeyStore_SetKeyEntry_ProtectedKey_Encrypted_Failure() throws Exception { 1820 setupPassword(); 1821 mKeyStore.load(null, null); 1822 1823 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1824 1825 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1826 1827 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1828 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1829 final Certificate[] chain = new Certificate[2]; 1830 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1831 chain[1] = caCert; 1832 1833 try { 1834 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, "foo".toCharArray(), chain); 1835 fail("Should fail when a password is specified"); 1836 } catch (KeyStoreException success) { 1837 } 1838 } 1839 1840 public void testKeyStore_SetKeyEntry_Encrypted_Success() throws Exception { 1841 setupPassword(); 1842 mKeyStore.load(null, null); 1843 1844 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1845 1846 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1847 1848 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1849 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1850 final Certificate[] chain = new Certificate[2]; 1851 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1852 chain[1] = caCert; 1853 1854 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1855 1856 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1857 assertNotNull("Retrieved entry should exist", actualEntry); 1858 1859 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1860 actualEntry instanceof PrivateKeyEntry); 1861 1862 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1863 1864 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1865 } 1866 1867 public void testKeyStore_SetKeyEntry_Replaced_Encrypted_Success() throws Exception { 1868 setupPassword(); 1869 mKeyStore.load(null, null); 1870 1871 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1872 1873 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1874 1875 // Insert initial key 1876 { 1877 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1878 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1879 final Certificate[] chain = new Certificate[2]; 1880 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1881 chain[1] = caCert; 1882 1883 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1884 1885 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1886 assertNotNull("Retrieved entry should exist", actualEntry); 1887 1888 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1889 actualEntry instanceof PrivateKeyEntry); 1890 1891 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1892 1893 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1894 FAKE_RSA_CA_1); 1895 } 1896 1897 // TODO make a separate key 1898 // Replace key 1899 { 1900 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1901 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1902 final Certificate[] chain = new Certificate[2]; 1903 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1904 chain[1] = caCert; 1905 1906 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1907 1908 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1909 assertNotNull("Retrieved entry should exist", actualEntry); 1910 1911 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1912 actualEntry instanceof PrivateKeyEntry); 1913 1914 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1915 1916 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1917 FAKE_RSA_CA_1); 1918 } 1919 } 1920 1921 @SuppressWarnings("deprecation") 1922 private static X509Certificate generateCertificate(android.security.KeyStore keyStore, 1923 String alias, BigInteger serialNumber, X500Principal subjectDN, Date notBefore, 1924 Date notAfter) throws Exception { 1925 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias; 1926 1927 final PrivateKey privKey; 1928 final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore"); 1929 try { 1930 privKey = engine.getPrivateKeyById(privateKeyAlias); 1931 } catch (InvalidKeyException e) { 1932 throw new RuntimeException("Can't get key", e); 1933 } 1934 1935 final byte[] pubKeyBytes = keyStore.getPubkey(privateKeyAlias); 1936 1937 final PublicKey pubKey; 1938 try { 1939 final KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1940 pubKey = keyFact.generatePublic(new X509EncodedKeySpec(pubKeyBytes)); 1941 } catch (NoSuchAlgorithmException e) { 1942 throw new IllegalStateException("Can't instantiate RSA key generator", e); 1943 } catch (InvalidKeySpecException e) { 1944 throw new IllegalStateException("keystore returned invalid key encoding", e); 1945 } 1946 1947 final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); 1948 certGen.setPublicKey(pubKey); 1949 certGen.setSerialNumber(serialNumber); 1950 certGen.setSubjectDN(subjectDN); 1951 certGen.setIssuerDN(subjectDN); 1952 certGen.setNotBefore(notBefore); 1953 certGen.setNotAfter(notAfter); 1954 certGen.setSignatureAlgorithm("sha1WithRSA"); 1955 1956 final X509Certificate cert = certGen.generate(privKey); 1957 1958 return cert; 1959 } 1960 1961 public void testKeyStore_SetKeyEntry_ReplacedChain_Encrypted_Success() throws Exception { 1962 setupPassword(); 1963 mKeyStore.load(null, null); 1964 1965 // Create key #1 1966 { 1967 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; 1968 assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, 1969 NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null)); 1970 1971 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1972 1973 assertTrue(key instanceof PrivateKey); 1974 1975 PrivateKey expectedKey = (PrivateKey) key; 1976 1977 X509Certificate expectedCert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, 1978 TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS); 1979 1980 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 1981 expectedCert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1982 1983 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1984 1985 assertTrue(entry instanceof PrivateKeyEntry); 1986 1987 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1988 1989 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null); 1990 } 1991 1992 // Replace key #1 with new chain 1993 { 1994 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1995 1996 assertTrue(key instanceof PrivateKey); 1997 1998 PrivateKey expectedKey = (PrivateKey) key; 1999 2000 X509Certificate expectedCert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, 2001 TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); 2002 2003 mKeyStore.setKeyEntry(TEST_ALIAS_1, expectedKey, null, 2004 new Certificate[] { expectedCert }); 2005 2006 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 2007 2008 assertTrue(entry instanceof PrivateKeyEntry); 2009 2010 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 2011 2012 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null); 2013 } 2014 } 2015 2016 public void testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Encrypted_Failure() 2017 throws Exception { 2018 setupPassword(); 2019 mKeyStore.load(null, null); 2020 2021 // Create key #1 2022 { 2023 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; 2024 assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, 2025 NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null)); 2026 2027 X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, 2028 TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS); 2029 2030 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 2031 cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 2032 } 2033 2034 // Create key #2 2035 { 2036 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_2; 2037 assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, 2038 NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null)); 2039 2040 X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2, 2041 TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); 2042 2043 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_2, 2044 cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 2045 } 2046 2047 // Replace key #1 with key #2 2048 { 2049 Key key1 = mKeyStore.getKey(TEST_ALIAS_2, null); 2050 2051 X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2, 2052 TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); 2053 2054 try { 2055 mKeyStore.setKeyEntry(TEST_ALIAS_1, key1, null, new Certificate[] { cert }); 2056 fail("Should not allow setting of KeyEntry with wrong PrivaetKey"); 2057 } catch (KeyStoreException success) { 2058 } 2059 } 2060 } 2061 2062 public void testKeyStore_SetKeyEntry_ReplacedChain_UnencryptedToEncrypted_Failure() 2063 throws Exception { 2064 mKeyStore.load(null, null); 2065 2066 // Create key #1 2067 { 2068 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; 2069 assertTrue(mAndroidKeyStore.generate(privateKeyAlias, 2070 android.security.KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, 2071 android.security.KeyStore.FLAG_NONE, null)); 2072 2073 X509Certificate cert = 2074 generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1, TEST_DN_1, 2075 NOW, NOW_PLUS_10_YEARS); 2076 2077 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 2078 cert.getEncoded(), android.security.KeyStore.UID_SELF, 2079 android.security.KeyStore.FLAG_NONE)); 2080 } 2081 2082 // Replace with one that requires encryption 2083 { 2084 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 2085 2086 try { 2087 mKeyStore.setEntry(TEST_ALIAS_1, entry, 2088 new KeyStoreParameter.Builder(getContext()) 2089 .setEncryptionRequired(true) 2090 .build()); 2091 fail("Should not allow setting of Entry without unlocked keystore"); 2092 } catch (KeyStoreException success) { 2093 } 2094 2095 assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); 2096 assertTrue(mAndroidKeyStore.isUnlocked()); 2097 2098 mKeyStore.setEntry(TEST_ALIAS_1, entry, 2099 new KeyStoreParameter.Builder(getContext()) 2100 .setEncryptionRequired(true) 2101 .build()); 2102 } 2103 } 2104 2105 public void testKeyStore_Size_Encrypted_Success() throws Exception { 2106 setupPassword(); 2107 mKeyStore.load(null, null); 2108 2109 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 2110 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 2111 2112 assertEquals("The keystore size should match expected", 1, mKeyStore.size()); 2113 assertAliases(new String[] { TEST_ALIAS_1 }); 2114 2115 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, 2116 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 2117 2118 assertEquals("The keystore size should match expected", 2, mKeyStore.size()); 2119 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); 2120 2121 assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3, 2122 KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, 2123 null)); 2124 2125 assertEquals("The keystore size should match expected", 3, mKeyStore.size()); 2126 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); 2127 2128 assertTrue(mAndroidKeyStore.delete(Credentials.CA_CERTIFICATE + TEST_ALIAS_1)); 2129 2130 assertEquals("The keystore size should match expected", 2, mKeyStore.size()); 2131 assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); 2132 2133 assertTrue(mAndroidKeyStore.delete(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3)); 2134 2135 assertEquals("The keystore size should match expected", 1, mKeyStore.size()); 2136 assertAliases(new String[] { TEST_ALIAS_2 }); 2137 } 2138 2139 public void testKeyStore_Store_LoadStoreParam_Encrypted_Failure() throws Exception { 2140 setupPassword(); 2141 mKeyStore.load(null, null); 2142 2143 try { 2144 mKeyStore.store(null); 2145 fail("Should throw UnsupportedOperationException when trying to store"); 2146 } catch (UnsupportedOperationException success) { 2147 } 2148 } 2149 2150 public void testKeyStore_Load_InputStreamSupplied_Encrypted_Failure() throws Exception { 2151 byte[] buf = "FAKE KEYSTORE".getBytes(); 2152 ByteArrayInputStream is = new ByteArrayInputStream(buf); 2153 2154 try { 2155 mKeyStore.load(is, null); 2156 fail("Should throw IllegalArgumentException when InputStream is supplied"); 2157 } catch (IllegalArgumentException success) { 2158 } 2159 } 2160 2161 public void testKeyStore_Load_PasswordSupplied_Encrypted_Failure() throws Exception { 2162 try { 2163 mKeyStore.load(null, "password".toCharArray()); 2164 fail("Should throw IllegalArgumentException when password is supplied"); 2165 } catch (IllegalArgumentException success) { 2166 } 2167 } 2168 2169 public void testKeyStore_Store_OutputStream_Encrypted_Failure() throws Exception { 2170 setupPassword(); 2171 mKeyStore.load(null, null); 2172 2173 OutputStream sink = new ByteArrayOutputStream(); 2174 try { 2175 mKeyStore.store(sink, null); 2176 fail("Should throw UnsupportedOperationException when trying to store"); 2177 } catch (UnsupportedOperationException success) { 2178 } 2179 2180 try { 2181 mKeyStore.store(sink, "blah".toCharArray()); 2182 fail("Should throw UnsupportedOperationException when trying to store"); 2183 } catch (UnsupportedOperationException success) { 2184 } 2185 } 2186 2187 private void setupKey() throws Exception { 2188 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; 2189 assertTrue(mAndroidKeyStore 2190 .generate(privateKeyAlias, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, 2191 KeyStore.FLAG_ENCRYPTED, null)); 2192 2193 X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1, 2194 TEST_DN_1, NOW, NOW_PLUS_10_YEARS); 2195 2196 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 2197 cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 2198 } 2199 2200 public void testKeyStore_KeyOperations_Wrap_Encrypted_Success() throws Exception { 2201 setupPassword(); 2202 mKeyStore.load(null, null); 2203 2204 setupKey(); 2205 2206 // Test key usage 2207 Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null); 2208 assertNotNull(e); 2209 assertTrue(e instanceof PrivateKeyEntry); 2210 2211 PrivateKeyEntry privEntry = (PrivateKeyEntry) e; 2212 PrivateKey privKey = privEntry.getPrivateKey(); 2213 assertNotNull(privKey); 2214 2215 PublicKey pubKey = privEntry.getCertificate().getPublicKey(); 2216 2217 Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding"); 2218 c.init(Cipher.WRAP_MODE, pubKey); 2219 2220 byte[] expectedKey = new byte[] { 2221 0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A 2222 }; 2223 2224 SecretKey expectedSecret = new SecretKeySpec(expectedKey, "AES"); 2225 2226 byte[] wrappedExpected = c.wrap(expectedSecret); 2227 2228 c.init(Cipher.UNWRAP_MODE, privKey); 2229 SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY); 2230 2231 assertEquals(Arrays.toString(expectedSecret.getEncoded()), 2232 Arrays.toString(actualSecret.getEncoded())); 2233 } 2234} 2235