AndroidKeyPairGeneratorTest.java revision dcdaf87ed0aa99073638bcfe645949f130f0c7ad
1db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root/* 2db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * Copyright (C) 2012 The Android Open Source Project 3db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * 4db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * Licensed under the Apache License, Version 2.0 (the "License"); 5db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * you may not use this file except in compliance with the License. 6db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * You may obtain a copy of the License at 7db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * 8db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * http://www.apache.org/licenses/LICENSE-2.0 9db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * 10db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * Unless required by applicable law or agreed to in writing, software 11db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * distributed under the License is distributed on an "AS IS" BASIS, 12db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * See the License for the specific language governing permissions and 14db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root * limitations under the License. 15db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root */ 16db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 17dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinpackage android.security.keystore; 18db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 19dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinimport android.security.Credentials; 20dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinimport android.security.KeyPairGeneratorSpec; 21db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport android.test.AndroidTestCase; 22db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 23db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.io.ByteArrayInputStream; 24db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.math.BigInteger; 25db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.KeyPair; 26db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.PrivateKey; 27db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.PublicKey; 28db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.SecureRandom; 29db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.cert.Certificate; 30db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.cert.CertificateFactory; 31db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.security.cert.X509Certificate; 32f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Rootimport java.security.interfaces.ECPublicKey; 33f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Rootimport java.security.interfaces.RSAPublicKey; 34f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Rootimport java.security.spec.AlgorithmParameterSpec; 35f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Rootimport java.security.spec.RSAKeyGenParameterSpec; 362eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Rootimport java.text.SimpleDateFormat; 37db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport java.util.Date; 38db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 39db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootimport javax.security.auth.x500.X500Principal; 40db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 41db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Rootpublic class AndroidKeyPairGeneratorTest extends AndroidTestCase { 42db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private android.security.KeyStore mAndroidKeyStore; 43db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 44db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private java.security.KeyPairGenerator mGenerator; 45db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 46db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final String TEST_ALIAS_1 = "test1"; 47db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 48db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final String TEST_ALIAS_2 = "test2"; 49db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 50db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final X500Principal TEST_DN_1 = new X500Principal("CN=test1"); 51db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 52db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final X500Principal TEST_DN_2 = new X500Principal("CN=test2"); 53db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 54db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final BigInteger TEST_SERIAL_1 = BigInteger.ONE; 55db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 56db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final BigInteger TEST_SERIAL_2 = BigInteger.valueOf(2L); 57db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 58db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final long NOW_MILLIS = System.currentTimeMillis(); 59db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 60db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root /* We have to round this off because X509v3 doesn't store milliseconds. */ 61db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final Date NOW = new Date(NOW_MILLIS - (NOW_MILLIS % 1000L)); 62db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 63db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root @SuppressWarnings("deprecation") 64db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root private static final Date NOW_PLUS_10_YEARS = new Date(NOW.getYear() + 10, 0, 1); 65db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 66db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root @Override 67db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root protected void setUp() throws Exception { 68db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root mAndroidKeyStore = android.security.KeyStore.getInstance(); 69db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 70db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertTrue(mAndroidKeyStore.reset()); 71db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 72b9594ce9ebb3f5f303a280f04312ae5754ce3560Kenny Root assertFalse(mAndroidKeyStore.isUnlocked()); 73db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 741c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator = java.security.KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); 752eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 762eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 772eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root private void setupPassword() { 78a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); 79b9594ce9ebb3f5f303a280f04312ae5754ce3560Kenny Root assertTrue(mAndroidKeyStore.isUnlocked()); 80db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 8178ad849163a7b01073b46fbd7d818392720005d1Kenny Root String[] aliases = mAndroidKeyStore.saw(""); 8278ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertNotNull(aliases); 8378ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertEquals(0, aliases.length); 84db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 85db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 862eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_Initialize_Params_Encrypted_Success() throws Exception { 872eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 882eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 891c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 902eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 912eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 922eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 932eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 942eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 952eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 962eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 97db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 98db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 992eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_Initialize_KeySize_Encrypted_Failure() throws Exception { 1002eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1012eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 102db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root try { 103db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root mGenerator.initialize(1024); 104db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root fail("KeyPairGenerator should not support setting the key size"); 105db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } catch (IllegalArgumentException success) { 106db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 107db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 108db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 1092eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_Initialize_KeySizeAndSecureRandom_Encrypted_Failure() 1102eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 1112eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1122eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 113db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root try { 114db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root mGenerator.initialize(1024, new SecureRandom()); 115db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root fail("KeyPairGenerator should not support setting the key size"); 116db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } catch (IllegalArgumentException success) { 117db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 118db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 119db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 1202eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_Initialize_ParamsAndSecureRandom_Encrypted_Failure() 1212eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 1222eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1232eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 1242eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mGenerator.initialize( 1251c219f619291ba818bc2542390a2988539d94ed0Kenny Root new KeyPairGeneratorSpec.Builder(getContext()) 1262eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 127f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeyType("RSA") 128f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeySize(1024) 1292eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 1302eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 1312eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 1322eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 1332eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 1342eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build(), 1352eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root new SecureRandom()); 136db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 137db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 1382eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_GenerateKeyPair_Encrypted_Success() throws Exception { 1392eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root setupPassword(); 1402eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 1411c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 1422eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 1432eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 1442eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 1452eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 1462eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 1472eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 1482eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 1492eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 1502eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 1512eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 1522eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 153f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, NOW, 154f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 1552eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 1562eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 157f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root public void testKeyPairGenerator_GenerateKeyPair_EC_Unencrypted_Success() throws Exception { 158f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 159f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlias(TEST_ALIAS_1) 160f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeyType("EC") 161f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSubject(TEST_DN_1) 162f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSerialNumber(TEST_SERIAL_1) 163f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setStartDate(NOW) 164f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 165f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .build()); 166f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 167f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 168f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 169f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 170f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "EC", 256, null, TEST_DN_1, TEST_SERIAL_1, NOW, 171f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 172f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 173f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 174f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root public void testKeyPairGenerator_GenerateKeyPair_EC_P521_Unencrypted_Success() throws Exception { 175f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 176f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlias(TEST_ALIAS_1) 177f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeyType("EC") 178f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeySize(521) 179f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSubject(TEST_DN_1) 180f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSerialNumber(TEST_SERIAL_1) 181f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setStartDate(NOW) 182f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 183f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .build()); 184f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 185f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 186f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 187f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 188f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "EC", 521, null, TEST_DN_1, TEST_SERIAL_1, NOW, 189f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 190f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 191f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 192f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root public void testKeyPairGenerator_GenerateKeyPair_RSA_Unencrypted_Success() throws Exception { 193f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 194f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlias(TEST_ALIAS_1) 195f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSubject(TEST_DN_1) 196f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSerialNumber(TEST_SERIAL_1) 197f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setStartDate(NOW) 198f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 199f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .build()); 200f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 201f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 202f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 203f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 204f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, NOW, 205f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 206f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 207f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 208f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root public void testKeyPairGenerator_GenerateKeyPair_RSA_WithParams_Unencrypted_Success() 209f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root throws Exception { 210f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root AlgorithmParameterSpec spec = new RSAKeyGenParameterSpec(1024, BigInteger.valueOf(3L)); 211f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 212f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlias(TEST_ALIAS_1) 213f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setKeySize(1024) 214f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setAlgorithmParameterSpec(spec) 215f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSubject(TEST_DN_1) 216f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setSerialNumber(TEST_SERIAL_1) 217f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setStartDate(NOW) 218f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 219f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root .build()); 220f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 221f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root final KeyPair pair = mGenerator.generateKeyPair(); 222f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertNotNull("The KeyPair returned should not be null", pair); 223f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 224f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair, TEST_ALIAS_1, "RSA", 1024, spec, TEST_DN_1, TEST_SERIAL_1, NOW, 225f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW_PLUS_10_YEARS); 226db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 227db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 228db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root public void testKeyPairGenerator_GenerateKeyPair_Replaced_Success() throws Exception { 229db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root // Generate the first key 230db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root { 2311c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 2322eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 2332eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 2342eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 2352eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 2362eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 2372eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 238db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final KeyPair pair1 = mGenerator.generateKeyPair(); 239db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The KeyPair returned should not be null", pair1); 240f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair1, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, 241f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW, NOW_PLUS_10_YEARS); 242db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 243db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 244db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root // Replace the original key 245db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root { 2461c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 2472eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_2) 2482eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_2) 2492eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_2) 2502eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 2512eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 2522eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 253db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final KeyPair pair2 = mGenerator.generateKeyPair(); 254db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The KeyPair returned should not be null", pair2); 255f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair2, TEST_ALIAS_2, "RSA", 2048, null, TEST_DN_2, TEST_SERIAL_2, 256f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW, NOW_PLUS_10_YEARS); 257db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 258db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 259db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 2602eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root public void testKeyPairGenerator_GenerateKeyPair_Replaced_UnencryptedToEncrypted_Success() 2612eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root throws Exception { 2622eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root // Generate the first key 2632eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root { 2641c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 2652eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 2662eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_1) 2672eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_1) 2682eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 2692eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 2702eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 2712eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final KeyPair pair1 = mGenerator.generateKeyPair(); 2722eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNotNull("The KeyPair returned should not be null", pair1); 273f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair1, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_1, TEST_SERIAL_1, 274f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW, NOW_PLUS_10_YEARS); 2752eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 2762eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 2772eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root // Attempt to replace previous key 2782eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root { 2791c219f619291ba818bc2542390a2988539d94ed0Kenny Root mGenerator.initialize(new KeyPairGeneratorSpec.Builder(getContext()) 2802eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setAlias(TEST_ALIAS_1) 2812eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSubject(TEST_DN_2) 2822eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setSerialNumber(TEST_SERIAL_2) 2832eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setStartDate(NOW) 2842eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEndDate(NOW_PLUS_10_YEARS) 2852eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .setEncryptionRequired() 2862eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root .build()); 2872eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root try { 2882eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root mGenerator.generateKeyPair(); 2892eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root fail("Should not be able to generate encrypted key while not initialized"); 2902eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } catch (IllegalStateException expected) { 2912eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 2922eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 293a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); 2942eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertTrue(mAndroidKeyStore.isUnlocked()); 2952eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 2962eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root final KeyPair pair2 = mGenerator.generateKeyPair(); 2972eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertNotNull("The KeyPair returned should not be null", pair2); 298f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertKeyPairCorrect(pair2, TEST_ALIAS_1, "RSA", 2048, null, TEST_DN_2, TEST_SERIAL_2, 299f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root NOW, NOW_PLUS_10_YEARS); 3002eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 3012eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 3022eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 303f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root private void assertKeyPairCorrect(KeyPair pair, String alias, String keyType, int keySize, 304f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root AlgorithmParameterSpec spec, X500Principal dn, BigInteger serial, Date start, Date end) 305f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root throws Exception { 306db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final PublicKey pubKey = pair.getPublic(); 307db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The PublicKey for the KeyPair should be not null", pubKey); 308f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals(keyType, pubKey.getAlgorithm()); 309f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root 310cd2329dbfa5aef82c38ffa36a478bbaf5088af92Alex Klyubin if ("EC".equalsIgnoreCase(keyType)) { 311f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals("Curve should be what was specified during initialization", keySize, 312f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root ((ECPublicKey) pubKey).getParams().getCurve().getField().getFieldSize()); 313f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } else if ("RSA".equalsIgnoreCase(keyType)) { 314f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root RSAPublicKey rsaPubKey = (RSAPublicKey) pubKey; 315f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals("Modulus size should be what is specified during initialization", 316f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root (keySize + 7) & ~7, (rsaPubKey.getModulus().bitLength() + 7) & ~7); 317f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root if (spec != null) { 318f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root RSAKeyGenParameterSpec params = (RSAKeyGenParameterSpec) spec; 319f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals((keySize + 7) & ~7, (params.getKeysize() + 7) & ~7); 320f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals(params.getPublicExponent(), rsaPubKey.getPublicExponent()); 321f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 322f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root } 323db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 324db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final PrivateKey privKey = pair.getPrivate(); 325db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The PrivateKey for the KeyPair should be not null", privKey); 326f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertEquals(keyType, privKey.getAlgorithm()); 327db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 328db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final byte[] userCertBytes = mAndroidKeyStore.get(Credentials.USER_CERTIFICATE + alias); 329db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The user certificate should exist for the generated entry", userCertBytes); 330db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 331db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final CertificateFactory cf = CertificateFactory.getInstance("X.509"); 332db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final Certificate userCert = cf 333db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root .generateCertificate(new ByteArrayInputStream(userCertBytes)); 334db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 335db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertTrue("Certificate should be in X.509 format", userCert instanceof X509Certificate); 336db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 337db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final X509Certificate x509userCert = (X509Certificate) userCert; 338db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 339db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertEquals("PublicKey used to sign certificate should match one returned in KeyPair", 340db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root pubKey, x509userCert.getPublicKey()); 341db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 342db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertEquals("The Subject DN should be the one passed into the params", dn, 343db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getSubjectDN()); 344db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 345db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertEquals("The Issuer DN should be the same as the Subject DN", dn, 346db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getIssuerDN()); 347db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 348db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertEquals("The Serial should be the one passed into the params", serial, 349db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getSerialNumber()); 350db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 3512eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertDateEquals("The notBefore date should be the one passed into the params", start, 352db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getNotBefore()); 353db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 3542eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertDateEquals("The notAfter date should be the one passed into the params", end, 355db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.getNotAfter()); 356db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 357db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root x509userCert.verify(pubKey); 358db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 359db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final byte[] caCerts = mAndroidKeyStore.get(Credentials.CA_CERTIFICATE + alias); 360db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNull("A list of CA certificates should not exist for the generated entry", caCerts); 361db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root 362db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root final byte[] pubKeyBytes = mAndroidKeyStore.getPubkey(Credentials.USER_PRIVATE_KEY + alias); 363db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root assertNotNull("The keystore should return the public key for the generated key", 364db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root pubKeyBytes); 365db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root } 3662eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 3672eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root private static void assertDateEquals(String message, Date date1, Date date2) throws Exception { 3682eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root SimpleDateFormat formatter = new SimpleDateFormat("dd MMM yyyy HH:mm:ss"); 3692eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 3702eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root String result1 = formatter.format(date1); 3712eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root String result2 = formatter.format(date2); 3722eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root 3732eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root assertEquals(message, result1, result2); 3742eeda7286f3c7cb79f7eb71ae6464cad213d12a3Kenny Root } 375db026710ec0adcf7f72dfb24c65d38a882ee26d8Kenny Root} 376