AndroidKeyPairGeneratorTest.java revision 4350babc028822e8905190d88a9f5b8c6ffce8ec
1db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root/* 2db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * Copyright (C) 2012 The Android Open Source Project 3db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * 4db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * Licensed under the Apache License, Version 2.0 (the "License"); 5db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * you may not use this file except in compliance with the License. 6db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * You may obtain a copy of the License at 7db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * 8db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * http://www.apache.org/licenses/LICENSE-2.0 9db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * 10db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * Unless required by applicable law or agreed to in writing, software 11db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * distributed under the License is distributed on an "AS IS" BASIS, 12db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * See the License for the specific language governing permissions and 14db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * limitations under the License. 15db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root */ 16db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 17dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinpackage android.security.keystore; 18db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 19dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinimport android.security.Credentials; 20dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinimport android.security.KeyPairGeneratorSpec; 214350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubinimport android.security.KeyStore; 224350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubinimport android.security.keymaster.ExportResult; 234350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubinimport android.security.keymaster.KeymasterDefs; 24db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport android.test.AndroidTestCase; 25db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 26db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.io.ByteArrayInputStream; 27db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.math.BigInteger; 28db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.KeyPair; 29db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.PrivateKey; 30db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.PublicKey; 31db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.SecureRandom; 32db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.cert.Certificate; 33db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.cert.CertificateFactory; 34db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.cert.X509Certificate; 35f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Rootimport java.security.interfaces.ECPublicKey; 36f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Rootimport java.security.interfaces.RSAPublicKey; 37f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Rootimport java.security.spec.AlgorithmParameterSpec; 38f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Rootimport java.security.spec.RSAKeyGenParameterSpec; 392eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Rootimport java.text.SimpleDateFormat; 40db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.util.Date; 41db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 42db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport javax.security.auth.x500.X500Principal; 43db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 44db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootpublic class AndroidKeyPairGeneratorTest extends AndroidTestCase { 45db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private android.security.KeyStore mAndroidKeyStore; 46db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 47db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private java.security.KeyPairGenerator mGenerator; 48db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 49db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final String TEST_ALIAS_1 = "test1"; 50db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 51db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final String TEST_ALIAS_2 = "test2"; 52db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 53db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final X500Principal TEST_DN_1 = new X500Principal("CN=test1"); 54db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 55db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final X500Principal TEST_DN_2 = new X500Principal("CN=test2"); 56db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 57db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final BigInteger TEST_SERIAL_1 = BigInteger.ONE; 58db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 59db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final BigInteger TEST_SERIAL_2 = BigInteger.valueOf(2L); 60db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 61db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final long NOW_MILLIS = System.currentTimeMillis(); 62db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 63db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root /* We have to round this off because X509v3 doesn't store milliseconds. */ 64db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final Date NOW = new Date(NOW_MILLIS - (NOW_MILLIS % 1000L)); 65db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 66db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root @SuppressWarnings("deprecation") 67db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final Date NOW_PLUS_10_YEARS = new Date(NOW.getYear() + 10, 0, 1); 68db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 69db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root @Override 70db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root protected void setUp() throws Exception { 71db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root mAndroidKeyStore = android.security.KeyStore.getInstance(); 72db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 73db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertTrue(mAndroidKeyStore.reset()); 74db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 75b9594ce9ebb3f5f303a280f04312ae5754ce3560Kenny Root assertFalse(mAndroidKeyStore.isUnlocked()); 76db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 771c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator = java.security.KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); 782eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 792eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 802eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root private void setupPassword() { 81a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); 82b9594ce9ebb3f5f303a280f04312ae5754ce3560Kenny Root assertTrue(mAndroidKeyStore.isUnlocked()); 83db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 844350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin String[] aliases = mAndroidKeyStore.list(""); 8578ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertNotNull(aliases); 8678ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertEquals(0, aliases.length); 87db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 88db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 892eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_Initialize_Params_Encrypted_Success() throws Exception { 902eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 912eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 921c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 932eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 942eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 952eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 962eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 972eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 982eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 992eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 100db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 101db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 1022eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_Initialize_KeySize_Encrypted_Failure() throws Exception { 1032eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1042eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 105db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root try { 106db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root mGenerator.initialize(1024); 107db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root fail("KeyPairGenerator should not support setting the key size"); 108db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } catch (IllegalArgumentException success) { 109db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 110db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 111db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 1122eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_Initialize_KeySizeAndSecureRandom_Encrypted_Failure() 1132eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 1142eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1152eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 116db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root try { 117db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root mGenerator.initialize(1024, new SecureRandom()); 118db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root fail("KeyPairGenerator should not support setting the key size"); 119db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } catch (IllegalArgumentException success) { 120db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 121db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 122db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 1232eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_Initialize_ParamsAndSecureRandom_Encrypted_Failure() 1242eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 1252eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1262eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 1272eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mGenerator.initialize( 1281c219f619291ba818bc2542390a2988539d94ed0Kenny Root new KeyPairGeneratorSpec.Builder(getContext()) 1292eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 130f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeyType("RSA") 131f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeySize(1024) 1322eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 1332eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 1342eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 1352eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 1362eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 1372eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build(), 1382eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root new SecureRandom()); 139db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 140db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 1412eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_GenerateKeyPair_Encrypted_Success() throws Exception { 1422eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1432eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 1441c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 1452eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 1462eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 1472eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 1482eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 1492eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 1502eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 1512eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 1522eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 1532eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 1542eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 1552eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 156f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, NOW, 157f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 1582eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 1592eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 160f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root public void testKeyPairGenerator_GenerateKeyPair_EC_Unencrypted_Success() throws Exception { 161f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 162f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlias(TEST_ALIAS_1) 163f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeyType("EC") 164f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSubject(TEST_DN_1) 165f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSerialNumber(TEST_SERIAL_1) 166f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setStartDate(NOW) 167f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 168f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .build()); 169f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 170f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 171f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 172f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 173f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "EC", 256, null, TEST_DN_1, TEST_SERIAL_1, NOW, 174f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 175f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 176f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 177f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root public void testKeyPairGenerator_GenerateKeyPair_EC_P521_Unencrypted_Success() throws Exception { 178f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 179f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlias(TEST_ALIAS_1) 180f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeyType("EC") 181f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeySize(521) 182f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSubject(TEST_DN_1) 183f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSerialNumber(TEST_SERIAL_1) 184f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setStartDate(NOW) 185f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 186f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .build()); 187f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 188f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 189f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 190f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 191f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "EC", 521, null, TEST_DN_1, TEST_SERIAL_1, NOW, 192f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 193f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 194f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 195f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root public void testKeyPairGenerator_GenerateKeyPair_RSA_Unencrypted_Success() throws Exception { 196f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 197f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlias(TEST_ALIAS_1) 198f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSubject(TEST_DN_1) 199f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSerialNumber(TEST_SERIAL_1) 200f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setStartDate(NOW) 201f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 202f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .build()); 203f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 204f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 205f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 206f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 207f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, NOW, 208f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 209f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 210f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 211f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root public void testKeyPairGenerator_GenerateKeyPair_RSA_WithParams_Unencrypted_Success() 212f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root throws Exception { 213f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root AlgorithmParameterSpec spec = new RSAKeyGenParameterSpec(1024, BigInteger.valueOf(3L)); 214f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 215f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlias(TEST_ALIAS_1) 216f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeySize(1024) 217f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlgorithmParameterSpec(spec) 218f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSubject(TEST_DN_1) 219f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSerialNumber(TEST_SERIAL_1) 220f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setStartDate(NOW) 221f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 222f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .build()); 223f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 224f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 225f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 226f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 227f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 1024, spec, TEST_DN_1, TEST_SERIAL_1, NOW, 228f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 229db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 230db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 231db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root public void testKeyPairGenerator_GenerateKeyPair_Replaced_Success() throws Exception { 232db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root // Generate the first key 233db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root { 2341c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 2352eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 2362eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 2372eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 2382eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 2392eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 2402eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 241db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final KeyPair pair1 = mGenerator.generateKeyPair(); 242db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The KeyPair returned should not be null", pair1); 243f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair1, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, 244f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW, NOW_PLUS_10_YEARS); 245db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 246db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 247db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root // Replace the original key 248db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root { 2491c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 2502eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_2) 2512eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_2) 2522eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_2) 2532eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 2542eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 2552eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 256db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final KeyPair pair2 = mGenerator.generateKeyPair(); 257db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The KeyPair returned should not be null", pair2); 258f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair2, TEST_ALIAS_2, "RSA", 2048, null, TEST_DN_2, TEST_SERIAL_2, 259f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW, NOW_PLUS_10_YEARS); 260db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 261db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 262db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 2632eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_GenerateKeyPair_Replaced_UnencryptedToEncrypted_Success() 2642eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 2652eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root // Generate the first key 2662eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root { 2671c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 2682eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 2692eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 2702eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 2712eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 2722eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 2732eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 2742eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final KeyPair pair1 = mGenerator.generateKeyPair(); 2752eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNotNull("The KeyPair returned should not be null", pair1); 276f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair1, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, 277f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW, NOW_PLUS_10_YEARS); 2782eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 2792eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 2802eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root // Attempt to replace previous key 2812eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root { 2821c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 2832eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 2842eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_2) 2852eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_2) 2862eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 2872eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 2882eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 2892eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 2902eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root try { 2912eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mGenerator.generateKeyPair(); 2922eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root fail("Should not be able to generate encrypted key while not initialized"); 2932eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } catch (IllegalStateException expected) { 2942eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 2952eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 296a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); 2972eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.isUnlocked()); 2982eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 2992eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final KeyPair pair2 = mGenerator.generateKeyPair(); 3002eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNotNull("The KeyPair returned should not be null", pair2); 301f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair2, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_2, TEST_SERIAL_2, 302f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW, NOW_PLUS_10_YEARS); 3032eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 3042eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 3052eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 306f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root private void assertKeyPairCorrect(KeyPair pair, String alias, String keyType, int keySize, 307f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root AlgorithmParameterSpec spec, X500Principal dn, BigInteger serial, Date start, Date end) 308f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root throws Exception { 309db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final PublicKey pubKey = pair.getPublic(); 310db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The PublicKey for the KeyPair should be not null", pubKey); 311f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals(keyType, pubKey.getAlgorithm()); 312f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 313cd2329dbfa5aef82c38ffa36a478bbaf5088af92Alex Klyubin if ("EC".equalsIgnoreCase(keyType)) { 314f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals("Curve should be what was specified during initialization", keySize, 315f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root ((ECPublicKey) pubKey).getParams().getCurve().getField().getFieldSize()); 316f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } else if ("RSA".equalsIgnoreCase(keyType)) { 317f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root RSAPublicKey rsaPubKey = (RSAPublicKey) pubKey; 318f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals("Modulus size should be what is specified during initialization", 319f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root (keySize + 7) & ~7, (rsaPubKey.getModulus().bitLength() + 7) & ~7); 320f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root if (spec != null) { 321f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root RSAKeyGenParameterSpec params = (RSAKeyGenParameterSpec) spec; 322f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals((keySize + 7) & ~7, (params.getKeysize() + 7) & ~7); 323f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals(params.getPublicExponent(), rsaPubKey.getPublicExponent()); 324f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 325f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 326db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 327db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final PrivateKey privKey = pair.getPrivate(); 328db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The PrivateKey for the KeyPair should be not null", privKey); 329f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals(keyType, privKey.getAlgorithm()); 330db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 331db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final byte[] userCertBytes = mAndroidKeyStore.get(Credentials.USER_CERTIFICATE + alias); 332db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The user certificate should exist for the generated entry", userCertBytes); 333db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 334db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final CertificateFactory cf = CertificateFactory.getInstance("X.509"); 335db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final Certificate userCert = cf 336db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root .generateCertificate(new ByteArrayInputStream(userCertBytes)); 337db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 338db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertTrue("Certificate should be in X.509 format", userCert instanceof X509Certificate); 339db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 340db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final X509Certificate x509userCert = (X509Certificate) userCert; 341db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 342db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertEquals("PublicKey used to sign certificate should match one returned in KeyPair", 343db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root pubKey, x509userCert.getPublicKey()); 344db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 345db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertEquals("The Subject DN should be the one passed into the params", dn, 346db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getSubjectDN()); 347db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 348db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertEquals("The Issuer DN should be the same as the Subject DN", dn, 349db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getIssuerDN()); 350db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 351db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertEquals("The Serial should be the one passed into the params", serial, 352db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getSerialNumber()); 353db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 3542eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertDateEquals("The notBefore date should be the one passed into the params", start, 355db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getNotBefore()); 356db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 3572eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertDateEquals("The notAfter date should be the one passed into the params", end, 358db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getNotAfter()); 359db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 360db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.verify(pubKey); 361db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 362db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final byte[] caCerts = mAndroidKeyStore.get(Credentials.CA_CERTIFICATE + alias); 363db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNull("A list of CA certificates should not exist for the generated entry", caCerts); 364db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 3654350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin ExportResult exportResult = mAndroidKeyStore.exportKey( 3664350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin Credentials.USER_PRIVATE_KEY + alias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null); 3674350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin assertEquals(KeyStore.NO_ERROR, exportResult.resultCode); 3684350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin final byte[] pubKeyBytes = exportResult.exportData; 369db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The keystore should return the public key for the generated key", 370db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root pubKeyBytes); 371db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 3722eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 3732eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root private static void assertDateEquals(String message, Date date1, Date date2) throws Exception { 3742eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root SimpleDateFormat formatter = new SimpleDateFormat("dd MMM yyyy HH:mm:ss"); 3752eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 3762eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root String result1 = formatter.format(date1); 3772eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root String result2 = formatter.format(date2); 3782eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 3792eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertEquals(message, result1, result2); 3802eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 381db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root} 382