1db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root/* 2db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * Copyright (C) 2012 The Android Open Source Project 3db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * 4db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * Licensed under the Apache License, Version 2.0 (the "License"); 5db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * you may not use this file except in compliance with the License. 6db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * You may obtain a copy of the License at 7db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * 8db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * http://www.apache.org/licenses/LICENSE-2.0 9db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * 10db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * Unless required by applicable law or agreed to in writing, software 11db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * distributed under the License is distributed on an "AS IS" BASIS, 12db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * See the License for the specific language governing permissions and 14db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * limitations under the License. 15db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root */ 16db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 17dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinpackage android.security.keystore; 18db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 19dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinimport android.security.Credentials; 20dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinimport android.security.KeyPairGeneratorSpec; 214350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubinimport android.security.KeyStore; 224350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubinimport android.security.keymaster.ExportResult; 234350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubinimport android.security.keymaster.KeymasterDefs; 24db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport android.test.AndroidTestCase; 25db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 26db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.io.ByteArrayInputStream; 27db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.math.BigInteger; 28db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.KeyPair; 294a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubinimport java.security.KeyPairGenerator; 30db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.PrivateKey; 31db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.PublicKey; 32db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.SecureRandom; 33db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.cert.Certificate; 34db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.cert.CertificateFactory; 35db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.cert.X509Certificate; 364a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubinimport java.security.interfaces.ECKey; 37f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Rootimport java.security.interfaces.ECPublicKey; 384a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubinimport java.security.interfaces.RSAKey; 39f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Rootimport java.security.interfaces.RSAPublicKey; 40f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Rootimport java.security.spec.AlgorithmParameterSpec; 41f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Rootimport java.security.spec.RSAKeyGenParameterSpec; 422eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Rootimport java.text.SimpleDateFormat; 434a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubinimport java.util.Arrays; 44db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.util.Date; 45db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 46db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport javax.security.auth.x500.X500Principal; 47db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 48db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootpublic class AndroidKeyPairGeneratorTest extends AndroidTestCase { 49db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private android.security.KeyStore mAndroidKeyStore; 50db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 51db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private java.security.KeyPairGenerator mGenerator; 52db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 53db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final String TEST_ALIAS_1 = "test1"; 54db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 55db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final String TEST_ALIAS_2 = "test2"; 56db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 57db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final X500Principal TEST_DN_1 = new X500Principal("CN=test1"); 58db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 59db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final X500Principal TEST_DN_2 = new X500Principal("CN=test2"); 60db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 61db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final BigInteger TEST_SERIAL_1 = BigInteger.ONE; 62db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 63db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final BigInteger TEST_SERIAL_2 = BigInteger.valueOf(2L); 64db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 65db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final long NOW_MILLIS = System.currentTimeMillis(); 66db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 67db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root /* We have to round this off because X509v3 doesn't store milliseconds. */ 68db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final Date NOW = new Date(NOW_MILLIS - (NOW_MILLIS % 1000L)); 69db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 70db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root @SuppressWarnings("deprecation") 71db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final Date NOW_PLUS_10_YEARS = new Date(NOW.getYear() + 10, 0, 1); 72db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 73db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root @Override 74db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root protected void setUp() throws Exception { 75db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root mAndroidKeyStore = android.security.KeyStore.getInstance(); 76db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 77db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertTrue(mAndroidKeyStore.reset()); 78db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 79b9594ce9ebb3f5f303a280f04312ae5754ce3560Kenny Root assertFalse(mAndroidKeyStore.isUnlocked()); 80db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 811c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator = java.security.KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); 822eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 832eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 842eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root private void setupPassword() { 85a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); 86b9594ce9ebb3f5f303a280f04312ae5754ce3560Kenny Root assertTrue(mAndroidKeyStore.isUnlocked()); 87db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 884350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin String[] aliases = mAndroidKeyStore.list(""); 8978ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertNotNull(aliases); 9078ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertEquals(0, aliases.length); 91db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 92db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 932eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_Initialize_Params_Encrypted_Success() throws Exception { 942eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 952eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 961c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 972eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 982eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 992eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 1002eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 1012eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 1022eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 1032eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 104db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 105db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 1062eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_Initialize_KeySize_Encrypted_Failure() throws Exception { 1072eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1082eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 109db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root try { 110db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root mGenerator.initialize(1024); 111db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root fail("KeyPairGenerator should not support setting the key size"); 112db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } catch (IllegalArgumentException success) { 113db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 114db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 115db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 1162eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_Initialize_KeySizeAndSecureRandom_Encrypted_Failure() 1172eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 1182eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1192eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 120db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root try { 121db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root mGenerator.initialize(1024, new SecureRandom()); 122db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root fail("KeyPairGenerator should not support setting the key size"); 123db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } catch (IllegalArgumentException success) { 124db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 125db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 126db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 1272eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_Initialize_ParamsAndSecureRandom_Encrypted_Failure() 1282eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 1292eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1302eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 1312eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mGenerator.initialize( 1321c219f619291ba818bc2542390a2988539d94ed0Kenny Root new KeyPairGeneratorSpec.Builder(getContext()) 1332eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 134f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeyType("RSA") 135f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeySize(1024) 1362eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 1372eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 1382eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 1392eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 1402eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 1412eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build(), 1422eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root new SecureRandom()); 143db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 144db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 1452eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_GenerateKeyPair_Encrypted_Success() throws Exception { 1462eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1472eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 1481c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 1492eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 1502eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 1512eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 1522eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 1532eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 1542eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 1552eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 1562eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 1572eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 1582eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 1592eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 160f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, NOW, 161f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 1622eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 1632eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 164f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root public void testKeyPairGenerator_GenerateKeyPair_EC_Unencrypted_Success() throws Exception { 1654a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore"); 1664a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin generator.initialize(new KeyGenParameterSpec.Builder( 1674a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin TEST_ALIAS_1, 1684a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY) 1694a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin .setCertificateSubject(TEST_DN_1) 1704a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin .setCertificateSerialNumber(TEST_SERIAL_1) 1714a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin .setCertificateNotBefore(NOW) 1724a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin .setCertificateNotAfter(NOW_PLUS_10_YEARS) 1734a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin .setDigests(KeyProperties.DIGEST_SHA256) 1744a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin .build()); 1754a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin 1764a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin final KeyPair pair = generator.generateKeyPair(); 1774a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin assertNotNull("The KeyPair returned should not be null", pair); 1784a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin 1794a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin assertKeyPairCorrect(pair, TEST_ALIAS_1, "EC", 256, null, TEST_DN_1, TEST_SERIAL_1, NOW, 1804a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin NOW_PLUS_10_YEARS); 1814a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin } 1824a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin 1834a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin public void testKeyPairGenerator_Legacy_GenerateKeyPair_EC_Unencrypted_Success() 1844a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin throws Exception { 185f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 186f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlias(TEST_ALIAS_1) 187f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeyType("EC") 188f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSubject(TEST_DN_1) 189f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSerialNumber(TEST_SERIAL_1) 190f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setStartDate(NOW) 191f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 192f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .build()); 193f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 194f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 195f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 196f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 197f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "EC", 256, null, TEST_DN_1, TEST_SERIAL_1, NOW, 198f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 199f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 200f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 201f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root public void testKeyPairGenerator_GenerateKeyPair_EC_P521_Unencrypted_Success() throws Exception { 202f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 203f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlias(TEST_ALIAS_1) 204f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeyType("EC") 205f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeySize(521) 206f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSubject(TEST_DN_1) 207f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSerialNumber(TEST_SERIAL_1) 208f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setStartDate(NOW) 209f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 210f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .build()); 211f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 212f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 213f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 214f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 215f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "EC", 521, null, TEST_DN_1, TEST_SERIAL_1, NOW, 216f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 217f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 218f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 219f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root public void testKeyPairGenerator_GenerateKeyPair_RSA_Unencrypted_Success() throws Exception { 220f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 221f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlias(TEST_ALIAS_1) 222f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSubject(TEST_DN_1) 223f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSerialNumber(TEST_SERIAL_1) 224f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setStartDate(NOW) 225f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 226f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .build()); 227f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 228f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 229f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 230f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 231f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, NOW, 232f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 233f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 234f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 235f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root public void testKeyPairGenerator_GenerateKeyPair_RSA_WithParams_Unencrypted_Success() 236f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root throws Exception { 237f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root AlgorithmParameterSpec spec = new RSAKeyGenParameterSpec(1024, BigInteger.valueOf(3L)); 238f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 239f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlias(TEST_ALIAS_1) 240f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeySize(1024) 241f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlgorithmParameterSpec(spec) 242f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSubject(TEST_DN_1) 243f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSerialNumber(TEST_SERIAL_1) 244f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setStartDate(NOW) 245f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 246f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .build()); 247f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 248f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 249f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 250f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 251f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 1024, spec, TEST_DN_1, TEST_SERIAL_1, NOW, 252f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 253db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 254db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 255db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root public void testKeyPairGenerator_GenerateKeyPair_Replaced_Success() throws Exception { 256db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root // Generate the first key 257db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root { 2581c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 2592eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 2602eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 2612eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 2622eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 2632eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 2642eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 265db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final KeyPair pair1 = mGenerator.generateKeyPair(); 266db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The KeyPair returned should not be null", pair1); 267f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair1, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, 268f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW, NOW_PLUS_10_YEARS); 269db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 270db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 271db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root // Replace the original key 272db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root { 2731c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 2742eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_2) 2752eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_2) 2762eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_2) 2772eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 2782eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 2792eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 280db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final KeyPair pair2 = mGenerator.generateKeyPair(); 281db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The KeyPair returned should not be null", pair2); 282f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair2, TEST_ALIAS_2, "RSA", 2048, null, TEST_DN_2, TEST_SERIAL_2, 283f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW, NOW_PLUS_10_YEARS); 284db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 285db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 286db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 2872eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_GenerateKeyPair_Replaced_UnencryptedToEncrypted_Success() 2882eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 2892eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root // Generate the first key 2902eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root { 2911c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 2922eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 2932eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 2942eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 2952eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 2962eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 2972eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 2982eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final KeyPair pair1 = mGenerator.generateKeyPair(); 2992eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNotNull("The KeyPair returned should not be null", pair1); 300f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair1, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, 301f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW, NOW_PLUS_10_YEARS); 3022eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 3032eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 3042eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root // Attempt to replace previous key 3052eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root { 3061c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 3072eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 3082eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_2) 3092eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_2) 3102eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 3112eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 3122eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 3132eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 3142eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root try { 3152eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mGenerator.generateKeyPair(); 3162eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root fail("Should not be able to generate encrypted key while not initialized"); 3172eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } catch (IllegalStateException expected) { 3182eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 3192eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 320a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); 3212eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.isUnlocked()); 3222eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 3232eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final KeyPair pair2 = mGenerator.generateKeyPair(); 3242eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNotNull("The KeyPair returned should not be null", pair2); 325f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair2, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_2, TEST_SERIAL_2, 326f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW, NOW_PLUS_10_YEARS); 3272eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 3282eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 3292eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 330f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root private void assertKeyPairCorrect(KeyPair pair, String alias, String keyType, int keySize, 331f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root AlgorithmParameterSpec spec, X500Principal dn, BigInteger serial, Date start, Date end) 332f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root throws Exception { 333db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final PublicKey pubKey = pair.getPublic(); 334db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The PublicKey for the KeyPair should be not null", pubKey); 335f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals(keyType, pubKey.getAlgorithm()); 336f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 337cd2329dbfa5aef82c38ffa36a478bbaf5088af92Alex Klyubin if ("EC".equalsIgnoreCase(keyType)) { 338f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals("Curve should be what was specified during initialization", keySize, 339f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root ((ECPublicKey) pubKey).getParams().getCurve().getField().getFieldSize()); 340f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } else if ("RSA".equalsIgnoreCase(keyType)) { 341f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root RSAPublicKey rsaPubKey = (RSAPublicKey) pubKey; 342f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals("Modulus size should be what is specified during initialization", 343f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root (keySize + 7) & ~7, (rsaPubKey.getModulus().bitLength() + 7) & ~7); 344f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root if (spec != null) { 345f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root RSAKeyGenParameterSpec params = (RSAKeyGenParameterSpec) spec; 346f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals((keySize + 7) & ~7, (params.getKeysize() + 7) & ~7); 347f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals(params.getPublicExponent(), rsaPubKey.getPublicExponent()); 348f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 349f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 350db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 351db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final PrivateKey privKey = pair.getPrivate(); 352db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The PrivateKey for the KeyPair should be not null", privKey); 353f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals(keyType, privKey.getAlgorithm()); 354db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 3554a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin if ("EC".equalsIgnoreCase(keyType)) { 3564a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin assertTrue("EC private key must be instanceof ECKey: " + privKey.getClass().getName(), 3574a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin privKey instanceof ECKey); 3584a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin assertEquals("Private and public key must have the same EC parameters", 3594a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin ((ECKey) pubKey).getParams(), ((ECKey) privKey).getParams()); 3604a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin } else if ("RSA".equalsIgnoreCase(keyType)) { 3614a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin assertTrue("RSA private key must be instance of RSAKey: " 3624a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin + privKey.getClass().getName(), 3634a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin privKey instanceof RSAKey); 3644a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin assertEquals("Private and public key must have the same RSA modulus", 3654a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin ((RSAKey) pubKey).getModulus(), ((RSAKey) privKey).getModulus()); 3664a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin } 3674a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin 368db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final byte[] userCertBytes = mAndroidKeyStore.get(Credentials.USER_CERTIFICATE + alias); 369db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The user certificate should exist for the generated entry", userCertBytes); 370db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 371db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final CertificateFactory cf = CertificateFactory.getInstance("X.509"); 3724a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin final Certificate userCert = 3734a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin cf.generateCertificate(new ByteArrayInputStream(userCertBytes)); 374db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 375db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertTrue("Certificate should be in X.509 format", userCert instanceof X509Certificate); 376db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 377db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final X509Certificate x509userCert = (X509Certificate) userCert; 378db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 3794a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin assertEquals( 3804a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin "Public key used to sign certificate should have the same algorithm as in KeyPair", 3814a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin pubKey.getAlgorithm(), x509userCert.getPublicKey().getAlgorithm()); 3824a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin 383db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertEquals("PublicKey used to sign certificate should match one returned in KeyPair", 3844a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin pubKey, 3854a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin AndroidKeyStoreProvider.getAndroidKeyStorePublicKey( 3864a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin Credentials.USER_PRIVATE_KEY + alias, 3874a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin x509userCert.getPublicKey().getAlgorithm(), 3884a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin x509userCert.getPublicKey().getEncoded())); 389db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 390db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertEquals("The Subject DN should be the one passed into the params", dn, 391db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getSubjectDN()); 392db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 393db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertEquals("The Issuer DN should be the same as the Subject DN", dn, 394db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getIssuerDN()); 395db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 396db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertEquals("The Serial should be the one passed into the params", serial, 397db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getSerialNumber()); 398db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 3992eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertDateEquals("The notBefore date should be the one passed into the params", start, 400db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getNotBefore()); 401db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 4022eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertDateEquals("The notAfter date should be the one passed into the params", end, 403db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getNotAfter()); 404db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 4054a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin // Assert that the cert's signature verifies using the public key from generated KeyPair 406db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.verify(pubKey); 4074a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin // Assert that the cert's signature verifies using the public key from the cert itself. 4084a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin x509userCert.verify(x509userCert.getPublicKey()); 409db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 410db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final byte[] caCerts = mAndroidKeyStore.get(Credentials.CA_CERTIFICATE + alias); 411db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNull("A list of CA certificates should not exist for the generated entry", caCerts); 412db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 4134350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin ExportResult exportResult = mAndroidKeyStore.exportKey( 4144350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin Credentials.USER_PRIVATE_KEY + alias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null); 4154350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin assertEquals(KeyStore.NO_ERROR, exportResult.resultCode); 4164350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin final byte[] pubKeyBytes = exportResult.exportData; 417db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The keystore should return the public key for the generated key", 418db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root pubKeyBytes); 4194a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin assertTrue("Public key X.509 format should be as expected", 4204a0ff7ca984d29bd34b02e54441957cad65e8b53Alex Klyubin Arrays.equals(pubKey.getEncoded(), pubKeyBytes)); 421db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 4222eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 4232eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root private static void assertDateEquals(String message, Date date1, Date date2) throws Exception { 4242eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root SimpleDateFormat formatter = new SimpleDateFormat("dd MMM yyyy HH:mm:ss"); 4252eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 4262eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root String result1 = formatter.format(date1); 4272eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root String result2 = formatter.format(date2); 4282eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 4292eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertEquals(message, result1, result2); 4302eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 431db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root} 432