1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.security.keystore; 18 19import com.android.org.bouncycastle.x509.X509V3CertificateGenerator; 20 21import com.android.org.conscrypt.NativeConstants; 22 23import android.security.Credentials; 24import android.security.KeyStore; 25import android.security.KeyStoreParameter; 26import android.test.AndroidTestCase; 27 28import java.io.ByteArrayInputStream; 29import java.io.ByteArrayOutputStream; 30import java.io.OutputStream; 31import java.math.BigInteger; 32import java.security.Key; 33import java.security.KeyFactory; 34import java.security.KeyPair; 35import java.security.KeyStore.Entry; 36import java.security.KeyStore.PrivateKeyEntry; 37import java.security.KeyStore.TrustedCertificateEntry; 38import java.security.KeyStoreException; 39import java.security.PrivateKey; 40import java.security.PublicKey; 41import java.security.cert.Certificate; 42import java.security.cert.CertificateFactory; 43import java.security.cert.X509Certificate; 44import java.security.interfaces.ECKey; 45import java.security.interfaces.RSAKey; 46import java.security.spec.PKCS8EncodedKeySpec; 47import java.util.Arrays; 48import java.util.Collection; 49import java.util.Date; 50import java.util.Enumeration; 51import java.util.HashSet; 52import java.util.Iterator; 53import java.util.Set; 54 55import javax.crypto.Cipher; 56import javax.crypto.SecretKey; 57import javax.crypto.spec.SecretKeySpec; 58import javax.security.auth.x500.X500Principal; 59 60public class AndroidKeyStoreTest extends AndroidTestCase { 61 private android.security.KeyStore mAndroidKeyStore; 62 63 private java.security.KeyStore mKeyStore; 64 65 private static final String TEST_ALIAS_1 = "test1"; 66 67 private static final String TEST_ALIAS_2 = "test2"; 68 69 private static final String TEST_ALIAS_3 = "test3"; 70 71 private static final X500Principal TEST_DN_1 = new X500Principal("CN=test1"); 72 73 private static final X500Principal TEST_DN_2 = new X500Principal("CN=test2"); 74 75 private static final BigInteger TEST_SERIAL_1 = BigInteger.ONE; 76 77 private static final BigInteger TEST_SERIAL_2 = BigInteger.valueOf(2L); 78 79 private static final long NOW_MILLIS = System.currentTimeMillis(); 80 81 /* We have to round this off because X509v3 doesn't store milliseconds. */ 82 private static final Date NOW = new Date(NOW_MILLIS - (NOW_MILLIS % 1000L)); 83 84 @SuppressWarnings("deprecation") 85 private static final Date NOW_PLUS_10_YEARS = new Date(NOW.getYear() + 10, 0, 1); 86 87 /* 88 * The keys and certificates below are generated with: 89 * 90 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 91 * openssl req -newkey rsa:1024 -keyout userkey.pem -nodes -days 3650 -out userkey.req 92 * mkdir -p demoCA/newcerts 93 * touch demoCA/index.txt 94 * echo "01" > demoCA/serial 95 * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 96 */ 97 98 /** 99 * Generated from above and converted with: 100 * 101 * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 102 */ 103 private static final byte[] FAKE_RSA_CA_1 = { 104 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0xce, (byte) 0x30, (byte) 0x82, 105 (byte) 0x02, (byte) 0x37, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 106 (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0x6a, 107 (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, (byte) 0x55, (byte) 0x48, (byte) 0x0a, 108 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 109 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 110 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, 111 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 112 (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, 113 (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, 114 (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, 115 (byte) 0x41, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, 116 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, 117 (byte) 0x4d, (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, 118 (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, 119 (byte) 0x77, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, 120 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, 121 (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, 122 (byte) 0x64, (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, 123 (byte) 0x20, (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, 124 (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, 125 (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x34, (byte) 0x31, (byte) 0x36, 126 (byte) 0x35, (byte) 0x35, (byte) 0x34, (byte) 0x34, (byte) 0x5a, (byte) 0x17, 127 (byte) 0x0d, (byte) 0x32, (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, 128 (byte) 0x32, (byte) 0x31, (byte) 0x36, (byte) 0x35, (byte) 0x35, (byte) 0x34, 129 (byte) 0x34, (byte) 0x5a, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, 130 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 131 (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, 132 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 133 (byte) 0x04, (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, 134 (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, 135 (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, 136 (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, 137 (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, 138 (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, 139 (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, 140 (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, 141 (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, 142 (byte) 0x43, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, 143 (byte) 0x81, (byte) 0x9f, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, 144 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, 145 (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, 146 (byte) 0x81, (byte) 0x8d, (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, 147 (byte) 0x02, (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0xa3, (byte) 0x72, 148 (byte) 0xab, (byte) 0xd0, (byte) 0xe4, (byte) 0xad, (byte) 0x2f, (byte) 0xe7, 149 (byte) 0xe2, (byte) 0x79, (byte) 0x07, (byte) 0x36, (byte) 0x3d, (byte) 0x0c, 150 (byte) 0x8d, (byte) 0x42, (byte) 0x9a, (byte) 0x0a, (byte) 0x33, (byte) 0x64, 151 (byte) 0xb3, (byte) 0xcd, (byte) 0xb2, (byte) 0xd7, (byte) 0x3a, (byte) 0x42, 152 (byte) 0x06, (byte) 0x77, (byte) 0x45, (byte) 0x29, (byte) 0xe9, (byte) 0xcb, 153 (byte) 0xb7, (byte) 0x4a, (byte) 0xd6, (byte) 0xee, (byte) 0xad, (byte) 0x01, 154 (byte) 0x91, (byte) 0x9b, (byte) 0x0c, (byte) 0x59, (byte) 0xa1, (byte) 0x03, 155 (byte) 0xfa, (byte) 0xf0, (byte) 0x5a, (byte) 0x7c, (byte) 0x4f, (byte) 0xf7, 156 (byte) 0x8d, (byte) 0x36, (byte) 0x0f, (byte) 0x1f, (byte) 0x45, (byte) 0x7d, 157 (byte) 0x1b, (byte) 0x31, (byte) 0xa1, (byte) 0x35, (byte) 0x0b, (byte) 0x00, 158 (byte) 0xed, (byte) 0x7a, (byte) 0xb6, (byte) 0xc8, (byte) 0x4e, (byte) 0xa9, 159 (byte) 0x86, (byte) 0x4c, (byte) 0x7b, (byte) 0x99, (byte) 0x57, (byte) 0x41, 160 (byte) 0x12, (byte) 0xef, (byte) 0x6b, (byte) 0xbc, (byte) 0x3d, (byte) 0x60, 161 (byte) 0xf2, (byte) 0x99, (byte) 0x1a, (byte) 0xcd, (byte) 0xed, (byte) 0x56, 162 (byte) 0xa4, (byte) 0xe5, (byte) 0x36, (byte) 0x9f, (byte) 0x24, (byte) 0x1f, 163 (byte) 0xdc, (byte) 0x89, (byte) 0x40, (byte) 0xc8, (byte) 0x99, (byte) 0x92, 164 (byte) 0xab, (byte) 0x4a, (byte) 0xb5, (byte) 0x61, (byte) 0x45, (byte) 0x62, 165 (byte) 0xff, (byte) 0xa3, (byte) 0x45, (byte) 0x65, (byte) 0xaf, (byte) 0xf6, 166 (byte) 0x27, (byte) 0x30, (byte) 0x51, (byte) 0x0e, (byte) 0x0e, (byte) 0xeb, 167 (byte) 0x79, (byte) 0x0c, (byte) 0xbe, (byte) 0xb3, (byte) 0x0a, (byte) 0x6f, 168 (byte) 0x29, (byte) 0x06, (byte) 0xdc, (byte) 0x2f, (byte) 0x6b, (byte) 0x51, 169 (byte) 0x02, (byte) 0x03, (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, 170 (byte) 0x81, (byte) 0xb1, (byte) 0x30, (byte) 0x81, (byte) 0xae, (byte) 0x30, 171 (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, 172 (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x33, (byte) 0x05, 173 (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, (byte) 0xc7, (byte) 0xf9, 174 (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, 175 (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, (byte) 0x5d, (byte) 0x51, 176 (byte) 0x30, (byte) 0x7f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, 177 (byte) 0x23, (byte) 0x04, (byte) 0x78, (byte) 0x30, (byte) 0x76, (byte) 0x80, 178 (byte) 0x14, (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, 179 (byte) 0x60, (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, 180 (byte) 0x5c, (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, 181 (byte) 0x8e, (byte) 0x5d, (byte) 0x51, (byte) 0xa1, (byte) 0x53, (byte) 0xa4, 182 (byte) 0x51, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 183 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 184 (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, 185 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 186 (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, 187 (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, 188 (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, 189 (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, 190 (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, 191 (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, 192 (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, 193 (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, 194 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, 195 (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x82, (byte) 0x09, 196 (byte) 0x00, (byte) 0xe1, (byte) 0x6a, (byte) 0xa2, (byte) 0xf4, (byte) 0x2e, 197 (byte) 0x55, (byte) 0x48, (byte) 0x0a, (byte) 0x30, (byte) 0x0c, (byte) 0x06, 198 (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x05, 199 (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, 200 (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, 201 (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, 202 (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, (byte) 0x00, 203 (byte) 0x8c, (byte) 0x30, (byte) 0x42, (byte) 0xfa, (byte) 0xeb, (byte) 0x1a, 204 (byte) 0x26, (byte) 0xeb, (byte) 0xda, (byte) 0x56, (byte) 0x32, (byte) 0xf2, 205 (byte) 0x9d, (byte) 0xa5, (byte) 0x24, (byte) 0xd8, (byte) 0x3a, (byte) 0xda, 206 (byte) 0x30, (byte) 0xa6, (byte) 0x8b, (byte) 0x46, (byte) 0xfe, (byte) 0xfe, 207 (byte) 0xdb, (byte) 0xf1, (byte) 0xe6, (byte) 0xe1, (byte) 0x7c, (byte) 0x1b, 208 (byte) 0xe7, (byte) 0x77, (byte) 0x00, (byte) 0xa1, (byte) 0x1c, (byte) 0x19, 209 (byte) 0x17, (byte) 0x73, (byte) 0xb0, (byte) 0xf0, (byte) 0x9d, (byte) 0xf3, 210 (byte) 0x4f, (byte) 0xb6, (byte) 0xbc, (byte) 0xc7, (byte) 0x47, (byte) 0x85, 211 (byte) 0x2a, (byte) 0x4a, (byte) 0xa1, (byte) 0xa5, (byte) 0x58, (byte) 0xf5, 212 (byte) 0xc5, (byte) 0x1a, (byte) 0x51, (byte) 0xb1, (byte) 0x04, (byte) 0x80, 213 (byte) 0xee, (byte) 0x3a, (byte) 0xec, (byte) 0x2f, (byte) 0xe1, (byte) 0xfd, 214 (byte) 0x58, (byte) 0xeb, (byte) 0xed, (byte) 0x82, (byte) 0x9e, (byte) 0x38, 215 (byte) 0xa3, (byte) 0x24, (byte) 0x75, (byte) 0xf7, (byte) 0x3e, (byte) 0xc2, 216 (byte) 0xc5, (byte) 0x27, (byte) 0xeb, (byte) 0x6f, (byte) 0x7b, (byte) 0x50, 217 (byte) 0xda, (byte) 0x43, (byte) 0xdc, (byte) 0x3b, (byte) 0x0b, (byte) 0x6f, 218 (byte) 0x78, (byte) 0x8f, (byte) 0xb0, (byte) 0x66, (byte) 0xe1, (byte) 0x12, 219 (byte) 0x87, (byte) 0x5f, (byte) 0x97, (byte) 0x7b, (byte) 0xca, (byte) 0x14, 220 (byte) 0x79, (byte) 0xf7, (byte) 0xe8, (byte) 0x6c, (byte) 0x72, (byte) 0xdb, 221 (byte) 0x91, (byte) 0x65, (byte) 0x17, (byte) 0x54, (byte) 0xe0, (byte) 0x74, 222 (byte) 0x1d, (byte) 0xac, (byte) 0x47, (byte) 0x04, (byte) 0x12, (byte) 0xe0, 223 (byte) 0xc3, (byte) 0x66, (byte) 0x19, (byte) 0x05, (byte) 0x2e, (byte) 0x7e, 224 (byte) 0xf1, (byte) 0x61 225 }; 226 227 /** 228 * Generated from above and converted with: 229 * 230 * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' 231 */ 232 private static final byte[] FAKE_RSA_KEY_1 = new byte[] { 233 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x02, (byte) 0x01, 234 (byte) 0x00, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, 235 (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, 236 (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x82, 237 (byte) 0x02, (byte) 0x62, (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x5e, 238 (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x02, (byte) 0x81, (byte) 0x81, 239 (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, (byte) 0x5b, 240 (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, (byte) 0x66, 241 (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, (byte) 0x8a, 242 (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, (byte) 0x02, 243 (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, (byte) 0xf3, 244 (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, (byte) 0x6d, 245 (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, (byte) 0x67, 246 (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, (byte) 0xcb, 247 (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, (byte) 0xe2, 248 (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, (byte) 0x79, 249 (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, (byte) 0xce, 250 (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, (byte) 0x08, 251 (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, (byte) 0x3b, 252 (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, (byte) 0xc4, 253 (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, (byte) 0x0d, 254 (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, (byte) 0x23, 255 (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, (byte) 0x08, 256 (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, (byte) 0xf1, 257 (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, (byte) 0xb4, 258 (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, (byte) 0x16, 259 (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, (byte) 0x9e, 260 (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, (byte) 0x01, 261 (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x81, (byte) 0x80, (byte) 0x16, 262 (byte) 0x59, (byte) 0xc3, (byte) 0x24, (byte) 0x1d, (byte) 0x33, (byte) 0x98, 263 (byte) 0x9c, (byte) 0xc9, (byte) 0xc8, (byte) 0x2c, (byte) 0x88, (byte) 0xbf, 264 (byte) 0x0a, (byte) 0x01, (byte) 0xce, (byte) 0xfb, (byte) 0x34, (byte) 0x7a, 265 (byte) 0x58, (byte) 0x7a, (byte) 0xb0, (byte) 0xbf, (byte) 0xa6, (byte) 0xb2, 266 (byte) 0x60, (byte) 0xbe, (byte) 0x70, (byte) 0x21, (byte) 0xf5, (byte) 0xfc, 267 (byte) 0x85, (byte) 0x0d, (byte) 0x33, (byte) 0x58, (byte) 0xa1, (byte) 0xe5, 268 (byte) 0x09, (byte) 0x36, (byte) 0x84, (byte) 0xb2, (byte) 0x04, (byte) 0x0a, 269 (byte) 0x02, (byte) 0xd3, (byte) 0x88, (byte) 0x1f, (byte) 0x0c, (byte) 0x2b, 270 (byte) 0x1d, (byte) 0xe9, (byte) 0x3d, (byte) 0xe7, (byte) 0x79, (byte) 0xf9, 271 (byte) 0x32, (byte) 0x5c, (byte) 0x8a, (byte) 0x75, (byte) 0x49, (byte) 0x12, 272 (byte) 0xe4, (byte) 0x05, (byte) 0x26, (byte) 0xd4, (byte) 0x2e, (byte) 0x9e, 273 (byte) 0x1f, (byte) 0xcc, (byte) 0x54, (byte) 0xad, (byte) 0x33, (byte) 0x8d, 274 (byte) 0x99, (byte) 0x00, (byte) 0xdc, (byte) 0xf5, (byte) 0xb4, (byte) 0xa2, 275 (byte) 0x2f, (byte) 0xba, (byte) 0xe5, (byte) 0x62, (byte) 0x30, (byte) 0x6d, 276 (byte) 0xe6, (byte) 0x3d, (byte) 0xeb, (byte) 0x24, (byte) 0xc2, (byte) 0xdc, 277 (byte) 0x5f, (byte) 0xb7, (byte) 0x16, (byte) 0x35, (byte) 0xa3, (byte) 0x98, 278 (byte) 0x98, (byte) 0xa8, (byte) 0xef, (byte) 0xe8, (byte) 0xc4, (byte) 0x96, 279 (byte) 0x6d, (byte) 0x38, (byte) 0xab, (byte) 0x26, (byte) 0x6d, (byte) 0x30, 280 (byte) 0xc2, (byte) 0xa0, (byte) 0x44, (byte) 0xe4, (byte) 0xff, (byte) 0x7e, 281 (byte) 0xbe, (byte) 0x7c, (byte) 0x33, (byte) 0xa5, (byte) 0x10, (byte) 0xad, 282 (byte) 0xd7, (byte) 0x1e, (byte) 0x13, (byte) 0x20, (byte) 0xb3, (byte) 0x1f, 283 (byte) 0x41, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xf1, (byte) 0x89, 284 (byte) 0x07, (byte) 0x0f, (byte) 0xe8, (byte) 0xcf, (byte) 0xab, (byte) 0x13, 285 (byte) 0x2a, (byte) 0x8f, (byte) 0x88, (byte) 0x80, (byte) 0x11, (byte) 0x9a, 286 (byte) 0x79, (byte) 0xb6, (byte) 0x59, (byte) 0x3a, (byte) 0x50, (byte) 0x6e, 287 (byte) 0x57, (byte) 0x37, (byte) 0xab, (byte) 0x2a, (byte) 0xd2, (byte) 0xaa, 288 (byte) 0xd9, (byte) 0x72, (byte) 0x73, (byte) 0xff, (byte) 0x8b, (byte) 0x47, 289 (byte) 0x76, (byte) 0xdd, (byte) 0xdc, (byte) 0xf5, (byte) 0x97, (byte) 0x44, 290 (byte) 0x3a, (byte) 0x78, (byte) 0xbe, (byte) 0x17, (byte) 0xb4, (byte) 0x22, 291 (byte) 0x6f, (byte) 0xe5, (byte) 0x23, (byte) 0x70, (byte) 0x1d, (byte) 0x10, 292 (byte) 0x5d, (byte) 0xba, (byte) 0x16, (byte) 0x81, (byte) 0xf1, (byte) 0x45, 293 (byte) 0xce, (byte) 0x30, (byte) 0xb4, (byte) 0xab, (byte) 0x80, (byte) 0xe4, 294 (byte) 0x98, (byte) 0x31, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xda, 295 (byte) 0x82, (byte) 0x9d, (byte) 0x3f, (byte) 0xca, (byte) 0x2f, (byte) 0xe1, 296 (byte) 0xd4, (byte) 0x86, (byte) 0x77, (byte) 0x48, (byte) 0xa6, (byte) 0xab, 297 (byte) 0xab, (byte) 0x1c, (byte) 0x42, (byte) 0x5c, (byte) 0xd5, (byte) 0xc7, 298 (byte) 0x46, (byte) 0x59, (byte) 0x91, (byte) 0x3f, (byte) 0xfc, (byte) 0xcc, 299 (byte) 0xec, (byte) 0xc2, (byte) 0x40, (byte) 0x12, (byte) 0x2c, (byte) 0x8d, 300 (byte) 0x1f, (byte) 0xa2, (byte) 0x18, (byte) 0x88, (byte) 0xee, (byte) 0x82, 301 (byte) 0x4a, (byte) 0x5a, (byte) 0x5e, (byte) 0x88, (byte) 0x20, (byte) 0xe3, 302 (byte) 0x7b, (byte) 0xe0, (byte) 0xd8, (byte) 0x3a, (byte) 0x52, (byte) 0x9a, 303 (byte) 0x26, (byte) 0x6a, (byte) 0x04, (byte) 0xec, (byte) 0xe8, (byte) 0xb9, 304 (byte) 0x48, (byte) 0x40, (byte) 0xe1, (byte) 0xe1, (byte) 0x83, (byte) 0xa6, 305 (byte) 0x67, (byte) 0xa6, (byte) 0xfd, (byte) 0x02, (byte) 0x41, (byte) 0x00, 306 (byte) 0x89, (byte) 0x72, (byte) 0x3e, (byte) 0xb0, (byte) 0x90, (byte) 0xfd, 307 (byte) 0x4c, (byte) 0x0e, (byte) 0xd6, (byte) 0x13, (byte) 0x63, (byte) 0xcb, 308 (byte) 0xed, (byte) 0x38, (byte) 0x88, (byte) 0xb6, (byte) 0x79, (byte) 0xc4, 309 (byte) 0x33, (byte) 0x6c, (byte) 0xf6, (byte) 0xf8, (byte) 0xd8, (byte) 0xd0, 310 (byte) 0xbf, (byte) 0x9d, (byte) 0x35, (byte) 0xac, (byte) 0x69, (byte) 0xd2, 311 (byte) 0x2b, (byte) 0xc1, (byte) 0xf9, (byte) 0x24, (byte) 0x7b, (byte) 0xce, 312 (byte) 0xcd, (byte) 0xcb, (byte) 0xa7, (byte) 0xb2, (byte) 0x7a, (byte) 0x0a, 313 (byte) 0x27, (byte) 0x19, (byte) 0xc9, (byte) 0xaf, (byte) 0x0d, (byte) 0x21, 314 (byte) 0x89, (byte) 0x88, (byte) 0x7c, (byte) 0xad, (byte) 0x9e, (byte) 0x8d, 315 (byte) 0x47, (byte) 0x6d, (byte) 0x3f, (byte) 0xce, (byte) 0x7b, (byte) 0xa1, 316 (byte) 0x74, (byte) 0xf1, (byte) 0xa0, (byte) 0xa1, (byte) 0x02, (byte) 0x41, 317 (byte) 0x00, (byte) 0xd9, (byte) 0xa8, (byte) 0xf5, (byte) 0xfe, (byte) 0xce, 318 (byte) 0xe6, (byte) 0x77, (byte) 0x6b, (byte) 0xfe, (byte) 0x2d, (byte) 0xe0, 319 (byte) 0x1e, (byte) 0xb6, (byte) 0x2e, (byte) 0x12, (byte) 0x4e, (byte) 0x40, 320 (byte) 0xaf, (byte) 0x6a, (byte) 0x7b, (byte) 0x37, (byte) 0x49, (byte) 0x2a, 321 (byte) 0x96, (byte) 0x25, (byte) 0x83, (byte) 0x49, (byte) 0xd4, (byte) 0x0c, 322 (byte) 0xc6, (byte) 0x78, (byte) 0x25, (byte) 0x24, (byte) 0x90, (byte) 0x90, 323 (byte) 0x06, (byte) 0x15, (byte) 0x9e, (byte) 0xfe, (byte) 0xf9, (byte) 0xdf, 324 (byte) 0x5b, (byte) 0xf3, (byte) 0x7e, (byte) 0x38, (byte) 0x70, (byte) 0xeb, 325 (byte) 0x57, (byte) 0xd0, (byte) 0xd9, (byte) 0xa7, (byte) 0x0e, (byte) 0x14, 326 (byte) 0xf7, (byte) 0x95, (byte) 0x68, (byte) 0xd5, (byte) 0xc8, (byte) 0xab, 327 (byte) 0x9d, (byte) 0x3a, (byte) 0x2b, (byte) 0x51, (byte) 0xf9, (byte) 0x02, 328 (byte) 0x41, (byte) 0x00, (byte) 0x96, (byte) 0xdf, (byte) 0xe9, (byte) 0x67, 329 (byte) 0x6c, (byte) 0xdc, (byte) 0x90, (byte) 0x14, (byte) 0xb4, (byte) 0x1d, 330 (byte) 0x22, (byte) 0x33, (byte) 0x4a, (byte) 0x31, (byte) 0xc1, (byte) 0x9d, 331 (byte) 0x2e, (byte) 0xff, (byte) 0x9a, (byte) 0x2a, (byte) 0x95, (byte) 0x4b, 332 (byte) 0x27, (byte) 0x74, (byte) 0xcb, (byte) 0x21, (byte) 0xc3, (byte) 0xd2, 333 (byte) 0x0b, (byte) 0xb2, (byte) 0x46, (byte) 0x87, (byte) 0xf8, (byte) 0x28, 334 (byte) 0x01, (byte) 0x8b, (byte) 0xd8, (byte) 0xb9, (byte) 0x4b, (byte) 0xcd, 335 (byte) 0x9a, (byte) 0x96, (byte) 0x41, (byte) 0x0e, (byte) 0x36, (byte) 0x6d, 336 (byte) 0x40, (byte) 0x42, (byte) 0xbc, (byte) 0xd9, (byte) 0xd3, (byte) 0x7b, 337 (byte) 0xbc, (byte) 0xa7, (byte) 0x92, (byte) 0x90, (byte) 0xdd, (byte) 0xa1, 338 (byte) 0x9c, (byte) 0xce, (byte) 0xa1, (byte) 0x87, (byte) 0x11, (byte) 0x51 339 }; 340 341 /** 342 * Generated from above and converted with: 343 * 344 * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 345 */ 346 private static final byte[] FAKE_RSA_USER_1 = new byte[] { 347 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x95, (byte) 0x30, (byte) 0x82, 348 (byte) 0x01, (byte) 0xfe, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 349 (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, 350 (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, 351 (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, 352 (byte) 0x00, (byte) 0x30, (byte) 0x4f, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 353 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 354 (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, 355 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 356 (byte) 0x08, (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, 357 (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, 358 (byte) 0x04, (byte) 0x07, (byte) 0x13, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, 359 (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, 360 (byte) 0x20, (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, 361 (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, 362 (byte) 0x04, (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, 363 (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, 364 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, 365 (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x30, (byte) 0x1e, 366 (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, (byte) 0x30, (byte) 0x38, 367 (byte) 0x31, (byte) 0x34, (byte) 0x32, (byte) 0x33, (byte) 0x32, (byte) 0x35, 368 (byte) 0x34, (byte) 0x38, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, 369 (byte) 0x32, (byte) 0x30, (byte) 0x38, (byte) 0x31, (byte) 0x32, (byte) 0x32, 370 (byte) 0x33, (byte) 0x32, (byte) 0x35, (byte) 0x34, (byte) 0x38, (byte) 0x5a, 371 (byte) 0x30, (byte) 0x55, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, 372 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, 373 (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 374 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, 375 (byte) 0x13, (byte) 0x02, (byte) 0x43, (byte) 0x41, (byte) 0x31, (byte) 0x1b, 376 (byte) 0x30, (byte) 0x19, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 377 (byte) 0x0a, (byte) 0x13, (byte) 0x12, (byte) 0x41, (byte) 0x6e, (byte) 0x64, 378 (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x54, 379 (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x43, (byte) 0x61, 380 (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x31, (byte) 0x1c, (byte) 0x30, 381 (byte) 0x1a, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, 382 (byte) 0x13, (byte) 0x13, (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, 383 (byte) 0x65, (byte) 0x72, (byte) 0x31, (byte) 0x2e, (byte) 0x65, (byte) 0x78, 384 (byte) 0x61, (byte) 0x6d, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x2e, 385 (byte) 0x63, (byte) 0x6f, (byte) 0x6d, (byte) 0x30, (byte) 0x81, (byte) 0x9f, 386 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 387 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 388 (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, 389 (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, 390 (byte) 0x81, (byte) 0x00, (byte) 0xce, (byte) 0x29, (byte) 0xeb, (byte) 0xf6, 391 (byte) 0x5b, (byte) 0x25, (byte) 0xdc, (byte) 0xa1, (byte) 0xa6, (byte) 0x2c, 392 (byte) 0x66, (byte) 0xcb, (byte) 0x20, (byte) 0x90, (byte) 0x27, (byte) 0x86, 393 (byte) 0x8a, (byte) 0x44, (byte) 0x71, (byte) 0x50, (byte) 0xda, (byte) 0xd3, 394 (byte) 0x02, (byte) 0x77, (byte) 0x55, (byte) 0xe9, (byte) 0xe8, (byte) 0x08, 395 (byte) 0xf3, (byte) 0x36, (byte) 0x9a, (byte) 0xae, (byte) 0xab, (byte) 0x04, 396 (byte) 0x6d, (byte) 0x00, (byte) 0x99, (byte) 0xbf, (byte) 0x7d, (byte) 0x0f, 397 (byte) 0x67, (byte) 0x8b, (byte) 0x1d, (byte) 0xd4, (byte) 0x2b, (byte) 0x7c, 398 (byte) 0xcb, (byte) 0xcd, (byte) 0x33, (byte) 0xc7, (byte) 0x84, (byte) 0x30, 399 (byte) 0xe2, (byte) 0x45, (byte) 0x21, (byte) 0xb3, (byte) 0x75, (byte) 0xf5, 400 (byte) 0x79, (byte) 0x02, (byte) 0xda, (byte) 0x50, (byte) 0xa3, (byte) 0x8b, 401 (byte) 0xce, (byte) 0xc3, (byte) 0x8e, (byte) 0x0f, (byte) 0x25, (byte) 0xeb, 402 (byte) 0x08, (byte) 0x2c, (byte) 0xdd, (byte) 0x1c, (byte) 0xcf, (byte) 0xff, 403 (byte) 0x3b, (byte) 0xde, (byte) 0xb6, (byte) 0xaa, (byte) 0x2a, (byte) 0xa9, 404 (byte) 0xc4, (byte) 0x8a, (byte) 0x24, (byte) 0x24, (byte) 0xe6, (byte) 0x29, 405 (byte) 0x0d, (byte) 0x98, (byte) 0x4c, (byte) 0x32, (byte) 0xa1, (byte) 0x7b, 406 (byte) 0x23, (byte) 0x2b, (byte) 0x42, (byte) 0x30, (byte) 0xee, (byte) 0x78, 407 (byte) 0x08, (byte) 0x47, (byte) 0xad, (byte) 0xf2, (byte) 0x96, (byte) 0xd5, 408 (byte) 0xf1, (byte) 0x62, (byte) 0x42, (byte) 0x2d, (byte) 0x35, (byte) 0x19, 409 (byte) 0xb4, (byte) 0x3c, (byte) 0xc9, (byte) 0xc3, (byte) 0x5f, (byte) 0x03, 410 (byte) 0x16, (byte) 0x3a, (byte) 0x23, (byte) 0xac, (byte) 0xcb, (byte) 0xce, 411 (byte) 0x9e, (byte) 0x51, (byte) 0x2e, (byte) 0x6d, (byte) 0x02, (byte) 0x03, 412 (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, 413 (byte) 0x79, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 414 (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, 415 (byte) 0x30, (byte) 0x2c, (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, 416 (byte) 0x48, (byte) 0x01, (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, 417 (byte) 0x0d, (byte) 0x04, (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, 418 (byte) 0x70, (byte) 0x65, (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, 419 (byte) 0x20, (byte) 0x47, (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, 420 (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, 421 (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, 422 (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, 423 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, 424 (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x32, (byte) 0xa1, (byte) 0x1e, 425 (byte) 0x6b, (byte) 0x69, (byte) 0x04, (byte) 0xfe, (byte) 0xb3, (byte) 0xcd, 426 (byte) 0xf8, (byte) 0xbb, (byte) 0x14, (byte) 0xcd, (byte) 0xff, (byte) 0xd4, 427 (byte) 0x16, (byte) 0xc3, (byte) 0xab, (byte) 0x44, (byte) 0x2f, (byte) 0x30, 428 (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, 429 (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, 430 (byte) 0x33, (byte) 0x05, (byte) 0xee, (byte) 0xfe, (byte) 0x6f, (byte) 0x60, 431 (byte) 0xc7, (byte) 0xf9, (byte) 0xa9, (byte) 0xd2, (byte) 0x73, (byte) 0x5c, 432 (byte) 0x8f, (byte) 0x6d, (byte) 0xa2, (byte) 0x2f, (byte) 0x97, (byte) 0x8e, 433 (byte) 0x5d, (byte) 0x51, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, 434 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, 435 (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, 436 (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0x46, (byte) 0x42, (byte) 0xef, 437 (byte) 0x56, (byte) 0x89, (byte) 0x78, (byte) 0x90, (byte) 0x38, (byte) 0x24, 438 (byte) 0x9f, (byte) 0x8c, (byte) 0x7a, (byte) 0xce, (byte) 0x7a, (byte) 0xa5, 439 (byte) 0xb5, (byte) 0x1e, (byte) 0x74, (byte) 0x96, (byte) 0x34, (byte) 0x49, 440 (byte) 0x8b, (byte) 0xed, (byte) 0x44, (byte) 0xb3, (byte) 0xc9, (byte) 0x05, 441 (byte) 0xd7, (byte) 0x48, (byte) 0x55, (byte) 0x52, (byte) 0x59, (byte) 0x15, 442 (byte) 0x0b, (byte) 0xaa, (byte) 0x16, (byte) 0x86, (byte) 0xd2, (byte) 0x8e, 443 (byte) 0x16, (byte) 0x99, (byte) 0xe8, (byte) 0x5f, (byte) 0x11, (byte) 0x71, 444 (byte) 0x42, (byte) 0x55, (byte) 0xd1, (byte) 0xc4, (byte) 0x6f, (byte) 0x2e, 445 (byte) 0xa9, (byte) 0x64, (byte) 0x6f, (byte) 0xd8, (byte) 0xfd, (byte) 0x43, 446 (byte) 0x13, (byte) 0x24, (byte) 0xaa, (byte) 0x67, (byte) 0xe6, (byte) 0xf5, 447 (byte) 0xca, (byte) 0x80, (byte) 0x5e, (byte) 0x3a, (byte) 0x3e, (byte) 0xcc, 448 (byte) 0x4f, (byte) 0xba, (byte) 0x87, (byte) 0xe6, (byte) 0xae, (byte) 0xbf, 449 (byte) 0x8f, (byte) 0xd5, (byte) 0x28, (byte) 0x38, (byte) 0x58, (byte) 0x30, 450 (byte) 0x24, (byte) 0xf6, (byte) 0x53, (byte) 0x5b, (byte) 0x41, (byte) 0x53, 451 (byte) 0xe6, (byte) 0x45, (byte) 0xbc, (byte) 0xbe, (byte) 0xe6, (byte) 0xbb, 452 (byte) 0x5d, (byte) 0xd8, (byte) 0xa7, (byte) 0xf9, (byte) 0x64, (byte) 0x99, 453 (byte) 0x04, (byte) 0x43, (byte) 0x75, (byte) 0xd7, (byte) 0x2d, (byte) 0x32, 454 (byte) 0x0a, (byte) 0x94, (byte) 0xaf, (byte) 0x06, (byte) 0x34, (byte) 0xae, 455 (byte) 0x46, (byte) 0xbd, (byte) 0xda, (byte) 0x00, (byte) 0x0e, (byte) 0x25, 456 (byte) 0xc2, (byte) 0xf7, (byte) 0xc9, (byte) 0xc3, (byte) 0x65, (byte) 0xd2, 457 (byte) 0x08, (byte) 0x41, (byte) 0x0a, (byte) 0xf3, (byte) 0x72 458 }; 459 460 /* 461 * The keys and certificates below are generated with: 462 * 463 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 464 * openssl ecparam -name prime256v1 -out ecparam.pem 465 * openssl req -newkey ec:ecparam.pem -keyout userkey.pem -nodes -days 3650 -out userkey.req 466 * mkdir -p demoCA/newcerts 467 * touch demoCA/index.txt 468 * echo "01" > demoCA/serial 469 * openssl ca -out usercert.pem -in userkey.req -cert cacert.pem -keyfile cakey.pem -days 3650 470 */ 471 472 /** 473 * Generated from above and converted with: 474 * 475 * openssl x509 -outform d -in cacert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 476 */ 477 private static final byte[] FAKE_EC_CA_1 = { 478 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x58, (byte) 0x30, (byte) 0x82, 479 (byte) 0x01, (byte) 0xc1, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 480 (byte) 0x02, (byte) 0x02, (byte) 0x09, (byte) 0x00, (byte) 0xe1, (byte) 0xb2, 481 (byte) 0x8c, (byte) 0x04, (byte) 0x95, (byte) 0xeb, (byte) 0x10, (byte) 0xcb, 482 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 483 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 484 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x30, (byte) 0x45, (byte) 0x31, 485 (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, 486 (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, 487 (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, 488 (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, 489 (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, 490 (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, 491 (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, 492 (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, 493 (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, 494 (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, 495 (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, 496 (byte) 0x74, (byte) 0x64, (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, 497 (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, 498 (byte) 0x31, (byte) 0x36, (byte) 0x32, (byte) 0x38, (byte) 0x32, (byte) 0x38, 499 (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, 500 (byte) 0x38, (byte) 0x32, (byte) 0x35, (byte) 0x31, (byte) 0x36, (byte) 0x32, 501 (byte) 0x38, (byte) 0x32, (byte) 0x38, (byte) 0x5a, (byte) 0x30, (byte) 0x45, 502 (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, 503 (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, 504 (byte) 0x55, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, 505 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, 506 (byte) 0x53, (byte) 0x6f, (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, 507 (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, 508 (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 509 (byte) 0x0a, (byte) 0x0c, (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, 510 (byte) 0x65, (byte) 0x72, (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, 511 (byte) 0x57, (byte) 0x69, (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, 512 (byte) 0x73, (byte) 0x20, (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, 513 (byte) 0x4c, (byte) 0x74, (byte) 0x64, (byte) 0x30, (byte) 0x81, (byte) 0x9f, 514 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 515 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 516 (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, 517 (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, 518 (byte) 0x81, (byte) 0x00, (byte) 0xb5, (byte) 0xf6, (byte) 0x08, (byte) 0x0f, 519 (byte) 0xc4, (byte) 0x4d, (byte) 0xe4, (byte) 0x0d, (byte) 0x34, (byte) 0x1d, 520 (byte) 0xe2, (byte) 0x23, (byte) 0x18, (byte) 0x63, (byte) 0x03, (byte) 0xf7, 521 (byte) 0x14, (byte) 0x0e, (byte) 0x98, (byte) 0xcd, (byte) 0x45, (byte) 0x1f, 522 (byte) 0xfe, (byte) 0xfb, (byte) 0x09, (byte) 0x3f, (byte) 0x5d, (byte) 0x36, 523 (byte) 0x3b, (byte) 0x0f, (byte) 0xf9, (byte) 0x5e, (byte) 0x86, (byte) 0x56, 524 (byte) 0x64, (byte) 0xd7, (byte) 0x3f, (byte) 0xae, (byte) 0x33, (byte) 0x09, 525 (byte) 0xd3, (byte) 0xdd, (byte) 0x06, (byte) 0x17, (byte) 0x26, (byte) 0xdc, 526 (byte) 0xa2, (byte) 0x8c, (byte) 0x3c, (byte) 0x65, (byte) 0xed, (byte) 0x03, 527 (byte) 0x82, (byte) 0x78, (byte) 0x9b, (byte) 0xee, (byte) 0xe3, (byte) 0x98, 528 (byte) 0x58, (byte) 0xe1, (byte) 0xf1, (byte) 0xa0, (byte) 0x85, (byte) 0xae, 529 (byte) 0x63, (byte) 0x84, (byte) 0x41, (byte) 0x46, (byte) 0xa7, (byte) 0x4f, 530 (byte) 0xdc, (byte) 0xbb, (byte) 0x1c, (byte) 0x6e, (byte) 0xec, (byte) 0x7b, 531 (byte) 0xd5, (byte) 0xab, (byte) 0x3d, (byte) 0x6a, (byte) 0x05, (byte) 0x58, 532 (byte) 0x0f, (byte) 0x9b, (byte) 0x6a, (byte) 0x67, (byte) 0x4b, (byte) 0xe9, 533 (byte) 0x2a, (byte) 0x6d, (byte) 0x96, (byte) 0x11, (byte) 0x53, (byte) 0x95, 534 (byte) 0x78, (byte) 0xaa, (byte) 0xd1, (byte) 0x91, (byte) 0x4a, (byte) 0xf8, 535 (byte) 0x54, (byte) 0x52, (byte) 0x6d, (byte) 0xb9, (byte) 0xca, (byte) 0x74, 536 (byte) 0x81, (byte) 0xf8, (byte) 0x99, (byte) 0x64, (byte) 0xd1, (byte) 0x4f, 537 (byte) 0x01, (byte) 0x38, (byte) 0x4f, (byte) 0x08, (byte) 0x5c, (byte) 0x31, 538 (byte) 0xcb, (byte) 0x7c, (byte) 0x5c, (byte) 0x78, (byte) 0x5d, (byte) 0x47, 539 (byte) 0xd9, (byte) 0xf0, (byte) 0x1a, (byte) 0xeb, (byte) 0x02, (byte) 0x03, 540 (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0xa3, (byte) 0x50, (byte) 0x30, 541 (byte) 0x4e, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, (byte) 0x55, 542 (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, 543 (byte) 0x5f, (byte) 0x5b, (byte) 0x5e, (byte) 0xac, (byte) 0x29, (byte) 0xfa, 544 (byte) 0xa1, (byte) 0x9f, (byte) 0x9e, (byte) 0xad, (byte) 0x46, (byte) 0xe1, 545 (byte) 0xbc, (byte) 0x20, (byte) 0x72, (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, 546 (byte) 0xfa, (byte) 0xe3, (byte) 0x30, (byte) 0x1f, (byte) 0x06, (byte) 0x03, 547 (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, (byte) 0x30, 548 (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x5f, (byte) 0x5b, (byte) 0x5e, 549 (byte) 0xac, (byte) 0x29, (byte) 0xfa, (byte) 0xa1, (byte) 0x9f, (byte) 0x9e, 550 (byte) 0xad, (byte) 0x46, (byte) 0xe1, (byte) 0xbc, (byte) 0x20, (byte) 0x72, 551 (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, (byte) 0xfa, (byte) 0xe3, (byte) 0x30, 552 (byte) 0x0c, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 553 (byte) 0x04, (byte) 0x05, (byte) 0x30, (byte) 0x03, (byte) 0x01, (byte) 0x01, 554 (byte) 0xff, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, 555 (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, 556 (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, 557 (byte) 0x81, (byte) 0x00, (byte) 0xa1, (byte) 0x4a, (byte) 0xe6, (byte) 0xfc, 558 (byte) 0x7f, (byte) 0x17, (byte) 0xaa, (byte) 0x65, (byte) 0x4a, (byte) 0x34, 559 (byte) 0xde, (byte) 0x69, (byte) 0x67, (byte) 0x54, (byte) 0x4d, (byte) 0xa2, 560 (byte) 0xc2, (byte) 0x98, (byte) 0x02, (byte) 0x43, (byte) 0x6a, (byte) 0x0e, 561 (byte) 0x0b, (byte) 0x7f, (byte) 0xa4, (byte) 0x46, (byte) 0xaf, (byte) 0xa4, 562 (byte) 0x65, (byte) 0xa0, (byte) 0xdb, (byte) 0xf1, (byte) 0x5b, (byte) 0xd5, 563 (byte) 0x09, (byte) 0xbc, (byte) 0xee, (byte) 0x37, (byte) 0x51, (byte) 0x19, 564 (byte) 0x36, (byte) 0xc0, (byte) 0x90, (byte) 0xd3, (byte) 0x5f, (byte) 0xf3, 565 (byte) 0x4f, (byte) 0xb9, (byte) 0x08, (byte) 0x45, (byte) 0x0e, (byte) 0x01, 566 (byte) 0x8a, (byte) 0x95, (byte) 0xef, (byte) 0x92, (byte) 0x95, (byte) 0x33, 567 (byte) 0x78, (byte) 0xdd, (byte) 0x90, (byte) 0xbb, (byte) 0xf3, (byte) 0x06, 568 (byte) 0x75, (byte) 0xd0, (byte) 0x66, (byte) 0xe6, (byte) 0xd0, (byte) 0x18, 569 (byte) 0x6e, (byte) 0xeb, (byte) 0x1c, (byte) 0x52, (byte) 0xc3, (byte) 0x2e, 570 (byte) 0x57, (byte) 0x7d, (byte) 0xa9, (byte) 0x03, (byte) 0xdb, (byte) 0xf4, 571 (byte) 0x57, (byte) 0x5f, (byte) 0x6c, (byte) 0x7e, (byte) 0x00, (byte) 0x0d, 572 (byte) 0x8f, (byte) 0xe8, (byte) 0x91, (byte) 0xf7, (byte) 0xae, (byte) 0x24, 573 (byte) 0x35, (byte) 0x07, (byte) 0xb5, (byte) 0x48, (byte) 0x2d, (byte) 0x36, 574 (byte) 0x30, (byte) 0x5d, (byte) 0xe9, (byte) 0x49, (byte) 0x2d, (byte) 0xd1, 575 (byte) 0x5d, (byte) 0xc5, (byte) 0xf4, (byte) 0x33, (byte) 0x77, (byte) 0x3c, 576 (byte) 0x71, (byte) 0xad, (byte) 0x90, (byte) 0x65, (byte) 0xa9, (byte) 0xc1, 577 (byte) 0x0b, (byte) 0x5c, (byte) 0x62, (byte) 0x55, (byte) 0x50, (byte) 0x6f, 578 (byte) 0x9b, (byte) 0xc9, (byte) 0x0d, (byte) 0xee 579 }; 580 581 /** 582 * Generated from above and converted with: 583 * 584 * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g' 585 */ 586 private static final byte[] FAKE_EC_KEY_1 = new byte[] { 587 (byte) 0x30, (byte) 0x81, (byte) 0x87, (byte) 0x02, (byte) 0x01, (byte) 0x00, 588 (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, 589 (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, (byte) 0x06, 590 (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, 591 (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x04, (byte) 0x6d, (byte) 0x30, 592 (byte) 0x6b, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x04, (byte) 0x20, 593 (byte) 0x3a, (byte) 0x8a, (byte) 0x02, (byte) 0xdc, (byte) 0xde, (byte) 0x70, 594 (byte) 0x84, (byte) 0x45, (byte) 0x34, (byte) 0xaf, (byte) 0xbd, (byte) 0xd5, 595 (byte) 0x02, (byte) 0x17, (byte) 0x69, (byte) 0x90, (byte) 0x65, (byte) 0x1e, 596 (byte) 0x87, (byte) 0xf1, (byte) 0x3d, (byte) 0x17, (byte) 0xb6, (byte) 0xf4, 597 (byte) 0x31, (byte) 0x94, (byte) 0x86, (byte) 0x76, (byte) 0x55, (byte) 0xf7, 598 (byte) 0xcc, (byte) 0xba, (byte) 0xa1, (byte) 0x44, (byte) 0x03, (byte) 0x42, 599 (byte) 0x00, (byte) 0x04, (byte) 0xd9, (byte) 0xcf, (byte) 0xe7, (byte) 0x9b, 600 (byte) 0x23, (byte) 0xc8, (byte) 0xa3, (byte) 0xb8, (byte) 0x33, (byte) 0x14, 601 (byte) 0xa4, (byte) 0x4d, (byte) 0x75, (byte) 0x90, (byte) 0xf3, (byte) 0xcd, 602 (byte) 0x43, (byte) 0xe5, (byte) 0x1b, (byte) 0x05, (byte) 0x1d, (byte) 0xf3, 603 (byte) 0xd0, (byte) 0xa3, (byte) 0xb7, (byte) 0x32, (byte) 0x5f, (byte) 0x79, 604 (byte) 0xdc, (byte) 0x88, (byte) 0xb8, (byte) 0x4d, (byte) 0xb3, (byte) 0xd1, 605 (byte) 0x6d, (byte) 0xf7, (byte) 0x75, (byte) 0xf3, (byte) 0xbf, (byte) 0x50, 606 (byte) 0xa1, (byte) 0xbc, (byte) 0x03, (byte) 0x64, (byte) 0x22, (byte) 0xe6, 607 (byte) 0x1a, (byte) 0xa1, (byte) 0xe1, (byte) 0x06, (byte) 0x68, (byte) 0x3b, 608 (byte) 0xbc, (byte) 0x9f, (byte) 0xd3, (byte) 0xae, (byte) 0x77, (byte) 0x5e, 609 (byte) 0x88, (byte) 0x0c, (byte) 0x5e, (byte) 0x0c, (byte) 0xb2, (byte) 0x38 610 }; 611 612 /** 613 * Generated from above and converted with: 614 * 615 * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g' 616 */ 617 private static final byte[] FAKE_EC_USER_1 = new byte[] { 618 (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x51, (byte) 0x30, (byte) 0x82, 619 (byte) 0x01, (byte) 0xba, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, 620 (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d, 621 (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, 622 (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, 623 (byte) 0x00, (byte) 0x30, (byte) 0x45, (byte) 0x31, (byte) 0x0b, (byte) 0x30, 624 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, 625 (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, (byte) 0x13, 626 (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 627 (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, (byte) 0x6d, 628 (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, (byte) 0x74, 629 (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, (byte) 0x06, 630 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x18, 631 (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x6e, 632 (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, (byte) 0x64, 633 (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, (byte) 0x50, 634 (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, (byte) 0x64, 635 (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x33, 636 (byte) 0x30, (byte) 0x38, (byte) 0x32, (byte) 0x37, (byte) 0x31, (byte) 0x36, 637 (byte) 0x33, (byte) 0x30, (byte) 0x30, (byte) 0x38, (byte) 0x5a, (byte) 0x17, 638 (byte) 0x0d, (byte) 0x32, (byte) 0x33, (byte) 0x30, (byte) 0x38, (byte) 0x32, 639 (byte) 0x35, (byte) 0x31, (byte) 0x36, (byte) 0x33, (byte) 0x30, (byte) 0x30, 640 (byte) 0x38, (byte) 0x5a, (byte) 0x30, (byte) 0x62, (byte) 0x31, (byte) 0x0b, 641 (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 642 (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, 643 (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, 644 (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, 645 (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, 646 (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x21, (byte) 0x30, (byte) 0x1f, 647 (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, 648 (byte) 0x18, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, (byte) 0x72, 649 (byte) 0x6e, (byte) 0x65, (byte) 0x74, (byte) 0x20, (byte) 0x57, (byte) 0x69, 650 (byte) 0x64, (byte) 0x67, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x20, 651 (byte) 0x50, (byte) 0x74, (byte) 0x79, (byte) 0x20, (byte) 0x4c, (byte) 0x74, 652 (byte) 0x64, (byte) 0x31, (byte) 0x1b, (byte) 0x30, (byte) 0x19, (byte) 0x06, 653 (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x12, 654 (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x76, (byte) 0x65, (byte) 0x72, 655 (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x61, (byte) 0x6d, (byte) 0x70, 656 (byte) 0x6c, (byte) 0x65, (byte) 0x2e, (byte) 0x63, (byte) 0x6f, (byte) 0x6d, 657 (byte) 0x30, (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, 658 (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, 659 (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, 660 (byte) 0xce, (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, 661 (byte) 0x42, (byte) 0x00, (byte) 0x04, (byte) 0xd9, (byte) 0xcf, (byte) 0xe7, 662 (byte) 0x9b, (byte) 0x23, (byte) 0xc8, (byte) 0xa3, (byte) 0xb8, (byte) 0x33, 663 (byte) 0x14, (byte) 0xa4, (byte) 0x4d, (byte) 0x75, (byte) 0x90, (byte) 0xf3, 664 (byte) 0xcd, (byte) 0x43, (byte) 0xe5, (byte) 0x1b, (byte) 0x05, (byte) 0x1d, 665 (byte) 0xf3, (byte) 0xd0, (byte) 0xa3, (byte) 0xb7, (byte) 0x32, (byte) 0x5f, 666 (byte) 0x79, (byte) 0xdc, (byte) 0x88, (byte) 0xb8, (byte) 0x4d, (byte) 0xb3, 667 (byte) 0xd1, (byte) 0x6d, (byte) 0xf7, (byte) 0x75, (byte) 0xf3, (byte) 0xbf, 668 (byte) 0x50, (byte) 0xa1, (byte) 0xbc, (byte) 0x03, (byte) 0x64, (byte) 0x22, 669 (byte) 0xe6, (byte) 0x1a, (byte) 0xa1, (byte) 0xe1, (byte) 0x06, (byte) 0x68, 670 (byte) 0x3b, (byte) 0xbc, (byte) 0x9f, (byte) 0xd3, (byte) 0xae, (byte) 0x77, 671 (byte) 0x5e, (byte) 0x88, (byte) 0x0c, (byte) 0x5e, (byte) 0x0c, (byte) 0xb2, 672 (byte) 0x38, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, (byte) 0x79, (byte) 0x30, 673 (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 674 (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, (byte) 0x30, (byte) 0x2c, 675 (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, (byte) 0x48, (byte) 0x01, 676 (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, (byte) 0x0d, (byte) 0x04, 677 (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, (byte) 0x70, (byte) 0x65, 678 (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, (byte) 0x20, (byte) 0x47, 679 (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, (byte) 0x61, (byte) 0x74, 680 (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, (byte) 0x65, (byte) 0x72, 681 (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61, 682 (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03, 683 (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04, 684 (byte) 0x14, (byte) 0xd5, (byte) 0xc4, (byte) 0x72, (byte) 0xbd, (byte) 0xd2, 685 (byte) 0x4e, (byte) 0x90, (byte) 0x1b, (byte) 0x14, (byte) 0x32, (byte) 0xdb, 686 (byte) 0x03, (byte) 0xae, (byte) 0xfa, (byte) 0x27, (byte) 0x7d, (byte) 0x8d, 687 (byte) 0xe4, (byte) 0x80, (byte) 0x58, (byte) 0x30, (byte) 0x1f, (byte) 0x06, 688 (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18, 689 (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x5f, (byte) 0x5b, 690 (byte) 0x5e, (byte) 0xac, (byte) 0x29, (byte) 0xfa, (byte) 0xa1, (byte) 0x9f, 691 (byte) 0x9e, (byte) 0xad, (byte) 0x46, (byte) 0xe1, (byte) 0xbc, (byte) 0x20, 692 (byte) 0x72, (byte) 0xcf, (byte) 0x4a, (byte) 0xd4, (byte) 0xfa, (byte) 0xe3, 693 (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, 694 (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, 695 (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x81, 696 (byte) 0x00, (byte) 0x43, (byte) 0x99, (byte) 0x9f, (byte) 0x67, (byte) 0x08, 697 (byte) 0x43, (byte) 0xd5, (byte) 0x6b, (byte) 0x6f, (byte) 0xd7, (byte) 0x05, 698 (byte) 0xd6, (byte) 0x75, (byte) 0x34, (byte) 0x30, (byte) 0xca, (byte) 0x20, 699 (byte) 0x47, (byte) 0x61, (byte) 0xa1, (byte) 0x89, (byte) 0xb6, (byte) 0xf1, 700 (byte) 0x49, (byte) 0x7b, (byte) 0xd9, (byte) 0xb9, (byte) 0xe8, (byte) 0x1e, 701 (byte) 0x29, (byte) 0x74, (byte) 0x0a, (byte) 0x67, (byte) 0xc0, (byte) 0x7d, 702 (byte) 0xb8, (byte) 0xe6, (byte) 0x39, (byte) 0xa8, (byte) 0x5e, (byte) 0xc3, 703 (byte) 0xb0, (byte) 0xa1, (byte) 0x30, (byte) 0x6a, (byte) 0x1f, (byte) 0x1d, 704 (byte) 0xfc, (byte) 0x11, (byte) 0x59, (byte) 0x0b, (byte) 0xb9, (byte) 0xad, 705 (byte) 0x3a, (byte) 0x4e, (byte) 0x50, (byte) 0x0a, (byte) 0x61, (byte) 0xdb, 706 (byte) 0x75, (byte) 0x6b, (byte) 0xe5, (byte) 0x3f, (byte) 0x8d, (byte) 0xde, 707 (byte) 0x28, (byte) 0x68, (byte) 0xb1, (byte) 0x29, (byte) 0x9a, (byte) 0x18, 708 (byte) 0x8a, (byte) 0xfc, (byte) 0x3f, (byte) 0x13, (byte) 0x93, (byte) 0x29, 709 (byte) 0xed, (byte) 0x22, (byte) 0x7c, (byte) 0xb4, (byte) 0x50, (byte) 0xd5, 710 (byte) 0x4d, (byte) 0x32, (byte) 0x4d, (byte) 0x42, (byte) 0x2b, (byte) 0x29, 711 (byte) 0x97, (byte) 0x86, (byte) 0xc0, (byte) 0x01, (byte) 0x00, (byte) 0x25, 712 (byte) 0xf6, (byte) 0xd3, (byte) 0x2a, (byte) 0xd8, (byte) 0xda, (byte) 0x13, 713 (byte) 0x94, (byte) 0x12, (byte) 0x78, (byte) 0x14, (byte) 0x0b, (byte) 0x51, 714 (byte) 0xc0, (byte) 0x45, (byte) 0xb4, (byte) 0x02, (byte) 0x37, (byte) 0x98, 715 (byte) 0x42, (byte) 0x3c, (byte) 0xcb, (byte) 0x2e, (byte) 0xe4, (byte) 0x38, 716 (byte) 0x69, (byte) 0x1b, (byte) 0x72, (byte) 0xf0, (byte) 0xaa, (byte) 0x89, 717 (byte) 0x7e, (byte) 0xde, (byte) 0xb2 718 }; 719 720 /** 721 * The amount of time to allow before and after expected time for variance 722 * in timing tests. 723 */ 724 private static final long SLOP_TIME_MILLIS = 15000L; 725 726 @Override 727 protected void setUp() throws Exception { 728 mAndroidKeyStore = android.security.KeyStore.getInstance(); 729 730 assertTrue(mAndroidKeyStore.reset()); 731 assertFalse(mAndroidKeyStore.isUnlocked()); 732 733 mKeyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); 734 } 735 736 private void setupPassword() { 737 assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); 738 assertTrue(mAndroidKeyStore.isUnlocked()); 739 740 assertEquals(0, mAndroidKeyStore.list("").length); 741 } 742 743 private void assertAliases(final String[] expectedAliases) throws KeyStoreException { 744 final Enumeration<String> aliases = mKeyStore.aliases(); 745 int count = 0; 746 747 final Set<String> expectedSet = new HashSet<String>(); 748 expectedSet.addAll(Arrays.asList(expectedAliases)); 749 750 while (aliases.hasMoreElements()) { 751 count++; 752 final String alias = aliases.nextElement(); 753 assertTrue("The alias should be in the expected set", expectedSet.contains(alias)); 754 expectedSet.remove(alias); 755 } 756 assertTrue("The expected set and actual set should be exactly equal", expectedSet.isEmpty()); 757 assertEquals("There should be the correct number of keystore entries", 758 expectedAliases.length, count); 759 } 760 761 public void testKeyStore_Aliases_Encrypted_Success() throws Exception { 762 setupPassword(); 763 764 mKeyStore.load(null, null); 765 766 assertAliases(new String[] {}); 767 768 assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 769 KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, 770 null)); 771 772 assertAliases(new String[] { TEST_ALIAS_1 }); 773 774 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, 775 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 776 777 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); 778 } 779 780 public void testKeyStore_Aliases_NotInitialized_Encrypted_Failure() throws Exception { 781 setupPassword(); 782 783 try { 784 mKeyStore.aliases(); 785 fail("KeyStore should throw exception when not initialized"); 786 } catch (KeyStoreException success) { 787 } 788 } 789 790 public void testKeyStore_ContainsAliases_PrivateAndCA_Encrypted_Success() throws Exception { 791 setupPassword(); 792 793 mKeyStore.load(null, null); 794 795 assertAliases(new String[] {}); 796 797 assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 798 KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, 799 null)); 800 801 assertTrue("Should contain generated private key", mKeyStore.containsAlias(TEST_ALIAS_1)); 802 803 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, 804 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 805 806 assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); 807 808 assertFalse("Should not contain unadded certificate alias", 809 mKeyStore.containsAlias(TEST_ALIAS_3)); 810 } 811 812 public void testKeyStore_ContainsAliases_CAOnly_Encrypted_Success() throws Exception { 813 setupPassword(); 814 815 mKeyStore.load(null, null); 816 817 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, 818 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 819 820 assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); 821 } 822 823 public void testKeyStore_ContainsAliases_NonExistent_Encrypted_Failure() throws Exception { 824 setupPassword(); 825 826 mKeyStore.load(null, null); 827 828 assertFalse("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_1)); 829 } 830 831 public void testKeyStore_DeleteEntry_Encrypted_Success() throws Exception { 832 setupPassword(); 833 834 mKeyStore.load(null, null); 835 836 // TEST_ALIAS_1 837 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 838 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 839 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 840 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 841 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 842 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 843 844 // TEST_ALIAS_2 845 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, 846 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 847 848 // TEST_ALIAS_3 849 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_3, FAKE_RSA_CA_1, 850 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 851 852 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); 853 854 mKeyStore.deleteEntry(TEST_ALIAS_1); 855 856 assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); 857 858 mKeyStore.deleteEntry(TEST_ALIAS_3); 859 860 assertAliases(new String[] { TEST_ALIAS_2 }); 861 862 mKeyStore.deleteEntry(TEST_ALIAS_2); 863 864 assertAliases(new String[] { }); 865 } 866 867 public void testKeyStore_DeleteEntry_EmptyStore_Encrypted_Success() throws Exception { 868 setupPassword(); 869 870 mKeyStore.load(null, null); 871 872 // Should not throw when a non-existent entry is requested for delete. 873 mKeyStore.deleteEntry(TEST_ALIAS_1); 874 } 875 876 public void testKeyStore_DeleteEntry_NonExistent_Encrypted_Success() throws Exception { 877 setupPassword(); 878 879 mKeyStore.load(null, null); 880 881 // TEST_ALIAS_1 882 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 883 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 884 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 885 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 886 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 887 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 888 889 // Should not throw when a non-existent entry is requested for delete. 890 mKeyStore.deleteEntry(TEST_ALIAS_2); 891 } 892 893 public void testKeyStore_GetCertificate_Single_Encrypted_Success() throws Exception { 894 setupPassword(); 895 896 mKeyStore.load(null, null); 897 898 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 899 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 900 901 assertAliases(new String[] { TEST_ALIAS_1 }); 902 903 assertNull("Certificate should not exist in keystore", 904 mKeyStore.getCertificate(TEST_ALIAS_2)); 905 906 Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); 907 908 assertNotNull("Retrieved certificate should not be null", retrieved); 909 910 CertificateFactory f = CertificateFactory.getInstance("X.509"); 911 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 912 913 assertEquals("Actual and retrieved certificates should be the same", actual, retrieved); 914 } 915 916 public void testKeyStore_GetCertificate_NonExist_Encrypted_Failure() throws Exception { 917 setupPassword(); 918 919 mKeyStore.load(null, null); 920 921 assertNull("Certificate should not exist in keystore", 922 mKeyStore.getCertificate(TEST_ALIAS_1)); 923 } 924 925 public void testKeyStore_GetCertificateAlias_CAEntry_Encrypted_Success() throws Exception { 926 setupPassword(); 927 928 mKeyStore.load(null, null); 929 930 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 931 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 932 933 CertificateFactory f = CertificateFactory.getInstance("X.509"); 934 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 935 936 assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, 937 mKeyStore.getCertificateAlias(actual)); 938 } 939 940 public void testKeyStore_GetCertificateAlias_PrivateKeyEntry_Encrypted_Success() 941 throws Exception { 942 setupPassword(); 943 944 mKeyStore.load(null, null); 945 946 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 947 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 948 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 949 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 950 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 951 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 952 953 CertificateFactory f = CertificateFactory.getInstance("X.509"); 954 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 955 956 assertEquals("Stored certificate alias should be found", TEST_ALIAS_1, 957 mKeyStore.getCertificateAlias(actual)); 958 } 959 960 public void testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Encrypted_Success() 961 throws Exception { 962 setupPassword(); 963 964 mKeyStore.load(null, null); 965 966 // Insert TrustedCertificateEntry with CA name 967 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, 968 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 969 970 // Insert PrivateKeyEntry that uses the same CA 971 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 972 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 973 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 974 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 975 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 976 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 977 978 CertificateFactory f = CertificateFactory.getInstance("X.509"); 979 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 980 981 assertEquals("Stored certificate alias should be found", TEST_ALIAS_2, 982 mKeyStore.getCertificateAlias(actual)); 983 } 984 985 public void testKeyStore_GetCertificateAlias_NonExist_Empty_Encrypted_Failure() 986 throws Exception { 987 setupPassword(); 988 989 mKeyStore.load(null, null); 990 991 CertificateFactory f = CertificateFactory.getInstance("X.509"); 992 Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 993 994 assertNull("Stored certificate alias should not be found", 995 mKeyStore.getCertificateAlias(actual)); 996 } 997 998 public void testKeyStore_GetCertificateAlias_NonExist_Encrypted_Failure() throws Exception { 999 setupPassword(); 1000 1001 mKeyStore.load(null, null); 1002 1003 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1004 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1005 1006 CertificateFactory f = CertificateFactory.getInstance("X.509"); 1007 Certificate userCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1008 1009 assertNull("Stored certificate alias should be found", 1010 mKeyStore.getCertificateAlias(userCert)); 1011 } 1012 1013 public void testKeyStore_GetCertificateChain_SingleLength_Encrypted_Success() throws Exception { 1014 setupPassword(); 1015 1016 mKeyStore.load(null, null); 1017 1018 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1019 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1020 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1021 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1022 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1023 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1024 1025 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 1026 Certificate[] expected = new Certificate[2]; 1027 expected[0] = cf.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1028 expected[1] = cf.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1029 1030 Certificate[] actual = mKeyStore.getCertificateChain(TEST_ALIAS_1); 1031 1032 assertNotNull("Returned certificate chain should not be null", actual); 1033 assertEquals("Returned certificate chain should be correct size", expected.length, 1034 actual.length); 1035 assertEquals("First certificate should be user certificate", expected[0], actual[0]); 1036 assertEquals("Second certificate should be CA certificate", expected[1], actual[1]); 1037 1038 // Negative test when keystore is populated. 1039 assertNull("Stored certificate alias should not be found", 1040 mKeyStore.getCertificateChain(TEST_ALIAS_2)); 1041 } 1042 1043 public void testKeyStore_GetCertificateChain_NonExist_Encrypted_Failure() throws Exception { 1044 setupPassword(); 1045 1046 mKeyStore.load(null, null); 1047 1048 assertNull("Stored certificate alias should not be found", 1049 mKeyStore.getCertificateChain(TEST_ALIAS_1)); 1050 } 1051 1052 public void testKeyStore_GetCreationDate_PrivateKeyEntry_Encrypted_Success() throws Exception { 1053 setupPassword(); 1054 1055 mKeyStore.load(null, null); 1056 1057 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1058 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1059 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1060 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1061 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1062 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1063 1064 Date now = new Date(); 1065 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 1066 1067 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 1068 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 1069 1070 assertTrue("Time should be close to current time", actual.before(expectedBefore)); 1071 assertTrue("Time should be close to current time", actual.after(expectedAfter)); 1072 } 1073 1074 public void testKeyStore_GetCreationDate_PrivateKeyEntry_Unencrypted_Success() throws Exception { 1075 mKeyStore.load(null, null); 1076 1077 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1078 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1079 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1080 KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1081 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1082 KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1083 1084 Date now = new Date(); 1085 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 1086 1087 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 1088 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 1089 1090 assertTrue("Time should be close to current time", actual.before(expectedBefore)); 1091 assertTrue("Time should be close to current time", actual.after(expectedAfter)); 1092 } 1093 1094 public void testKeyStore_GetCreationDate_CAEntry_Encrypted_Success() throws Exception { 1095 setupPassword(); 1096 1097 mKeyStore.load(null, null); 1098 1099 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1100 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1101 1102 Date now = new Date(); 1103 Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); 1104 assertNotNull("Certificate should be found", actual); 1105 1106 Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); 1107 Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); 1108 1109 assertTrue("Time should be close to current time", actual.before(expectedBefore)); 1110 assertTrue("Time should be close to current time", actual.after(expectedAfter)); 1111 } 1112 1113 public void testKeyStore_GetEntry_NullParams_Encrypted_Success() throws Exception { 1114 setupPassword(); 1115 1116 mKeyStore.load(null, null); 1117 1118 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1119 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1120 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1121 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1122 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1123 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1124 1125 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1126 assertNotNull("Entry should exist", entry); 1127 1128 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1129 1130 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1131 1132 assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1133 FAKE_RSA_CA_1); 1134 } 1135 1136 public void testKeyStore_GetEntry_EC_NullParams_Unencrypted_Success() throws Exception { 1137 mKeyStore.load(null, null); 1138 1139 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1140 FAKE_EC_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1141 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 1142 FAKE_EC_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1143 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_EC_CA_1, 1144 KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1145 1146 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1147 assertNotNull("Entry should exist", entry); 1148 1149 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1150 1151 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1152 1153 assertPrivateKeyEntryEquals(keyEntry, "EC", FAKE_EC_KEY_1, FAKE_EC_USER_1, FAKE_EC_CA_1); 1154 } 1155 1156 public void testKeyStore_GetEntry_RSA_NullParams_Unencrypted_Success() throws Exception { 1157 mKeyStore.load(null, null); 1158 1159 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1160 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1161 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 1162 FAKE_RSA_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1163 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1164 KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1165 1166 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1167 assertNotNull("Entry should exist", entry); 1168 1169 assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); 1170 1171 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1172 1173 assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1174 FAKE_RSA_CA_1); 1175 } 1176 1177 @SuppressWarnings("unchecked") 1178 private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, String keyType, byte[] key, 1179 byte[] cert, byte[] ca) throws Exception { 1180 KeyFactory keyFact = KeyFactory.getInstance(keyType); 1181 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(key)); 1182 1183 CertificateFactory certFact = CertificateFactory.getInstance("X.509"); 1184 Certificate expectedCert = certFact.generateCertificate(new ByteArrayInputStream(cert)); 1185 1186 final Collection<Certificate> expectedChain; 1187 if (ca != null) { 1188 expectedChain = (Collection<Certificate>) certFact 1189 .generateCertificates(new ByteArrayInputStream(ca)); 1190 } else { 1191 expectedChain = null; 1192 } 1193 1194 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, expectedChain); 1195 } 1196 1197 private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey, 1198 Certificate expectedCert, Collection<Certificate> expectedChain) throws Exception { 1199 if (expectedKey instanceof ECKey) { 1200 assertEquals("Returned PrivateKey should be what we inserted", 1201 ((ECKey) expectedKey).getParams().getCurve(), 1202 ((ECKey) keyEntry.getCertificate().getPublicKey()).getParams().getCurve()); 1203 } else if (expectedKey instanceof RSAKey) { 1204 assertEquals("Returned PrivateKey should be what we inserted", 1205 ((RSAKey) expectedKey).getModulus(), 1206 ((RSAKey) keyEntry.getPrivateKey()).getModulus()); 1207 } 1208 1209 assertEquals("Returned Certificate should be what we inserted", expectedCert, 1210 keyEntry.getCertificate()); 1211 1212 Certificate[] actualChain = keyEntry.getCertificateChain(); 1213 1214 assertEquals("First certificate in chain should be user cert", expectedCert, actualChain[0]); 1215 1216 if (expectedChain == null) { 1217 assertEquals("Certificate chain should not include CAs", 1, actualChain.length); 1218 } else { 1219 int i = 1; 1220 final Iterator<Certificate> it = expectedChain.iterator(); 1221 while (it.hasNext()) { 1222 assertEquals("CA chain certificate should equal what we put in", it.next(), 1223 actualChain[i++]); 1224 } 1225 } 1226 } 1227 1228 public void testKeyStore_GetEntry_Nonexistent_NullParams_Encrypted_Failure() throws Exception { 1229 setupPassword(); 1230 1231 mKeyStore.load(null, null); 1232 1233 assertNull("A non-existent entry should return null", 1234 mKeyStore.getEntry(TEST_ALIAS_1, null)); 1235 } 1236 1237 public void testKeyStore_GetEntry_Nonexistent_NullParams_Unencrypted_Failure() throws Exception { 1238 mKeyStore.load(null, null); 1239 1240 assertNull("A non-existent entry should return null", 1241 mKeyStore.getEntry(TEST_ALIAS_1, null)); 1242 } 1243 1244 public void testKeyStore_GetKey_NoPassword_Encrypted_Success() throws Exception { 1245 setupPassword(); 1246 1247 mKeyStore.load(null, null); 1248 1249 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1250 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1251 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1252 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1253 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1254 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1255 1256 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1257 assertNotNull("Key should exist", key); 1258 1259 assertTrue("Should be a PrivateKey", key instanceof PrivateKey); 1260 assertTrue("Should be a RSAKey", key instanceof RSAKey); 1261 1262 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1263 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1264 1265 assertEquals("Inserted key should be same as retrieved key", 1266 ((RSAKey) expectedKey).getModulus(), ((RSAKey) key).getModulus()); 1267 } 1268 1269 public void testKeyStore_GetKey_NoPassword_Unencrypted_Success() throws Exception { 1270 mKeyStore.load(null, null); 1271 1272 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1273 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1274 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1275 KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1276 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1277 KeyStore.UID_SELF, KeyStore.FLAG_NONE)); 1278 1279 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1280 assertNotNull("Key should exist", key); 1281 1282 assertTrue("Should be a PrivateKey", key instanceof PrivateKey); 1283 assertTrue("Should be a RSAKey", key instanceof RSAKey); 1284 1285 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1286 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1287 1288 assertEquals("Inserted key should be same as retrieved key", 1289 ((RSAKey) expectedKey).getModulus(), ((RSAKey) key).getModulus()); 1290 } 1291 1292 public void testKeyStore_GetKey_Certificate_Encrypted_Failure() throws Exception { 1293 setupPassword(); 1294 1295 mKeyStore.load(null, null); 1296 1297 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1298 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1299 1300 assertNull("Certificate entries should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); 1301 } 1302 1303 public void testKeyStore_GetKey_NonExistent_Encrypted_Failure() throws Exception { 1304 setupPassword(); 1305 1306 mKeyStore.load(null, null); 1307 1308 assertNull("A non-existent entry should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); 1309 } 1310 1311 public void testKeyStore_GetProvider_Encrypted_Success() throws Exception { 1312 assertEquals(AndroidKeyStoreProvider.PROVIDER_NAME, mKeyStore.getProvider().getName()); 1313 setupPassword(); 1314 assertEquals(AndroidKeyStoreProvider.PROVIDER_NAME, mKeyStore.getProvider().getName()); 1315 } 1316 1317 public void testKeyStore_GetType_Encrypted_Success() throws Exception { 1318 assertEquals(AndroidKeyStoreSpi.NAME, mKeyStore.getType()); 1319 setupPassword(); 1320 assertEquals(AndroidKeyStoreSpi.NAME, mKeyStore.getType()); 1321 } 1322 1323 public void testKeyStore_IsCertificateEntry_CA_Encrypted_Success() throws Exception { 1324 setupPassword(); 1325 mKeyStore.load(null, null); 1326 1327 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1328 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1329 1330 assertTrue("Should return true for CA certificate", 1331 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1332 } 1333 1334 public void testKeyStore_IsCertificateEntry_PrivateKey_Encrypted_Failure() throws Exception { 1335 setupPassword(); 1336 mKeyStore.load(null, null); 1337 1338 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1339 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1340 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1341 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1342 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1343 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1344 1345 assertFalse("Should return false for PrivateKeyEntry", 1346 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1347 } 1348 1349 public void testKeyStore_IsCertificateEntry_NonExist_Encrypted_Failure() throws Exception { 1350 setupPassword(); 1351 mKeyStore.load(null, null); 1352 1353 assertFalse("Should return false for non-existent entry", 1354 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1355 } 1356 1357 public void testKeyStore_IsCertificateEntry_NonExist_Unencrypted_Failure() throws Exception { 1358 mKeyStore.load(null, null); 1359 1360 assertFalse("Should return false for non-existent entry", 1361 mKeyStore.isCertificateEntry(TEST_ALIAS_1)); 1362 } 1363 1364 public void testKeyStore_IsKeyEntry_PrivateKey_Encrypted_Success() throws Exception { 1365 setupPassword(); 1366 mKeyStore.load(null, null); 1367 1368 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1369 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1370 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1371 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1372 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1373 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1374 1375 assertTrue("Should return true for PrivateKeyEntry", mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1376 } 1377 1378 public void testKeyStore_IsKeyEntry_CA_Encrypted_Failure() throws Exception { 1379 setupPassword(); 1380 mKeyStore.load(null, null); 1381 1382 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1383 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1384 1385 assertFalse("Should return false for CA certificate", mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1386 } 1387 1388 public void testKeyStore_IsKeyEntry_NonExist_Encrypted_Failure() throws Exception { 1389 setupPassword(); 1390 mKeyStore.load(null, null); 1391 1392 assertFalse("Should return false for non-existent entry", 1393 mKeyStore.isKeyEntry(TEST_ALIAS_1)); 1394 } 1395 1396 public void testKeyStore_SetCertificate_CA_Encrypted_Success() throws Exception { 1397 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1398 final Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1399 1400 setupPassword(); 1401 mKeyStore.load(null, null); 1402 1403 mKeyStore.setCertificateEntry(TEST_ALIAS_1, actual); 1404 assertAliases(new String[] { TEST_ALIAS_1 }); 1405 1406 Certificate retrieved = mKeyStore.getCertificate(TEST_ALIAS_1); 1407 1408 assertEquals("Retrieved certificate should be the same as the one inserted", actual, 1409 retrieved); 1410 } 1411 1412 public void testKeyStore_SetCertificate_CAExists_Overwrite_Encrypted_Success() throws Exception { 1413 setupPassword(); 1414 mKeyStore.load(null, null); 1415 1416 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1417 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1418 1419 assertAliases(new String[] { TEST_ALIAS_1 }); 1420 1421 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1422 final Certificate cert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1423 1424 // TODO have separate FAKE_CA for second test 1425 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 1426 1427 assertAliases(new String[] { TEST_ALIAS_1 }); 1428 } 1429 1430 public void testKeyStore_SetCertificate_PrivateKeyExists_Encrypted_Failure() throws Exception { 1431 setupPassword(); 1432 mKeyStore.load(null, null); 1433 1434 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, 1435 FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1436 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, 1437 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1438 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 1439 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1440 1441 assertAliases(new String[] { TEST_ALIAS_1 }); 1442 1443 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1444 final Certificate cert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1445 1446 try { 1447 mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert); 1448 fail("Should throw when trying to overwrite a PrivateKey entry with a Certificate"); 1449 } catch (KeyStoreException success) { 1450 } 1451 } 1452 1453 public void testKeyStore_SetEntry_PrivateKeyEntry_Encrypted_Success() throws Exception { 1454 setupPassword(); 1455 mKeyStore.load(null, null); 1456 1457 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1458 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1459 1460 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1461 1462 final Certificate[] expectedChain = new Certificate[2]; 1463 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1464 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1465 1466 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1467 1468 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1469 1470 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1471 assertNotNull("Retrieved entry should exist", actualEntry); 1472 1473 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1474 actualEntry instanceof PrivateKeyEntry); 1475 1476 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1477 1478 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1479 } 1480 1481 public void testKeyStore_SetEntry_PrivateKeyEntry_EC_Unencrypted_Success() throws Exception { 1482 mKeyStore.load(null, null); 1483 1484 KeyFactory keyFact = KeyFactory.getInstance("EC"); 1485 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_EC_KEY_1)); 1486 1487 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1488 1489 final Certificate[] expectedChain = new Certificate[2]; 1490 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_EC_USER_1)); 1491 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_EC_CA_1)); 1492 1493 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1494 1495 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1496 1497 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1498 assertNotNull("Retrieved entry should exist", actualEntry); 1499 1500 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1501 actualEntry instanceof PrivateKeyEntry); 1502 1503 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1504 1505 assertPrivateKeyEntryEquals(actual, "EC", FAKE_EC_KEY_1, FAKE_EC_USER_1, FAKE_EC_CA_1); 1506 } 1507 1508 public void testKeyStore_SetEntry_PrivateKeyEntry_RSA_Unencrypted_Success() throws Exception { 1509 mKeyStore.load(null, null); 1510 1511 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1512 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1513 1514 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1515 1516 final Certificate[] expectedChain = new Certificate[2]; 1517 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1518 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1519 1520 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1521 1522 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1523 1524 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1525 assertNotNull("Retrieved entry should exist", actualEntry); 1526 1527 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1528 actualEntry instanceof PrivateKeyEntry); 1529 1530 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1531 1532 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1533 } 1534 1535 public void testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure() throws Exception { 1536 mKeyStore.load(null, null); 1537 1538 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1539 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1540 1541 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1542 1543 final Certificate[] expectedChain = new Certificate[2]; 1544 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1545 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1546 1547 PrivateKeyEntry entry = new PrivateKeyEntry(expectedKey, expectedChain); 1548 1549 try { 1550 mKeyStore.setEntry(TEST_ALIAS_1, entry, 1551 new KeyStoreParameter.Builder(getContext()) 1552 .setEncryptionRequired(true) 1553 .build()); 1554 fail("Shouldn't be able to insert encrypted entry when KeyStore uninitialized"); 1555 } catch (KeyStoreException expected) { 1556 } 1557 1558 assertNull(mKeyStore.getEntry(TEST_ALIAS_1, null)); 1559 } 1560 1561 public void 1562 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Encrypted_Success() 1563 throws Exception { 1564 setupPassword(); 1565 mKeyStore.load(null, null); 1566 1567 final KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1568 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1569 1570 // Start with PrivateKeyEntry 1571 { 1572 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1573 1574 final Certificate[] expectedChain = new Certificate[2]; 1575 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1576 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1577 1578 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1579 1580 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1581 1582 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1583 assertNotNull("Retrieved entry should exist", actualEntry); 1584 1585 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1586 actualEntry instanceof PrivateKeyEntry); 1587 1588 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1589 1590 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1591 FAKE_RSA_CA_1); 1592 } 1593 1594 // TODO make entirely new test vector for the overwrite 1595 // Replace with PrivateKeyEntry 1596 { 1597 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1598 1599 final Certificate[] expectedChain = new Certificate[2]; 1600 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1601 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1602 1603 PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); 1604 1605 mKeyStore.setEntry(TEST_ALIAS_1, expected, null); 1606 1607 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1608 assertNotNull("Retrieved entry should exist", actualEntry); 1609 1610 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1611 actualEntry instanceof PrivateKeyEntry); 1612 1613 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1614 1615 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1616 FAKE_RSA_CA_1); 1617 } 1618 } 1619 1620 public void testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Encrypted_Success() 1621 throws Exception { 1622 setupPassword(); 1623 mKeyStore.load(null, null); 1624 1625 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1626 1627 // Start with TrustedCertificateEntry 1628 { 1629 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1630 1631 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1632 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1633 1634 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1635 assertNotNull("Retrieved entry should exist", actualEntry); 1636 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1637 actualEntry instanceof TrustedCertificateEntry); 1638 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1639 assertEquals("Stored and retrieved certificates should be the same", 1640 expectedCertEntry.getTrustedCertificate(), 1641 actualCertEntry.getTrustedCertificate()); 1642 } 1643 1644 // Replace with PrivateKeyEntry 1645 { 1646 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1647 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1648 final Certificate[] expectedChain = new Certificate[2]; 1649 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1650 expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1651 1652 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1653 1654 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1655 1656 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1657 assertNotNull("Retrieved entry should exist", actualEntry); 1658 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1659 actualEntry instanceof PrivateKeyEntry); 1660 1661 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1662 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1663 FAKE_RSA_CA_1); 1664 } 1665 } 1666 1667 public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success() 1668 throws Exception { 1669 setupPassword(); 1670 mKeyStore.load(null, null); 1671 1672 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1673 1674 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1675 1676 // Start with PrivateKeyEntry 1677 { 1678 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1679 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1680 final Certificate[] expectedChain = new Certificate[2]; 1681 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1682 expectedChain[1] = caCert; 1683 1684 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1685 1686 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1687 1688 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1689 assertNotNull("Retrieved entry should exist", actualEntry); 1690 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1691 actualEntry instanceof PrivateKeyEntry); 1692 1693 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1694 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1695 FAKE_RSA_CA_1); 1696 } 1697 1698 // Replace with TrustedCertificateEntry 1699 { 1700 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1701 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1702 1703 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1704 assertNotNull("Retrieved entry should exist", actualEntry); 1705 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1706 actualEntry instanceof TrustedCertificateEntry); 1707 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1708 assertEquals("Stored and retrieved certificates should be the same", 1709 expectedCertEntry.getTrustedCertificate(), 1710 actualCertEntry.getTrustedCertificate()); 1711 } 1712 } 1713 1714 public 1715 void 1716 testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Encrypted_Success() 1717 throws Exception { 1718 setupPassword(); 1719 mKeyStore.load(null, null); 1720 1721 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1722 1723 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1724 1725 // Start with PrivateKeyEntry 1726 { 1727 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1728 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1729 final Certificate[] expectedChain = new Certificate[2]; 1730 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1731 expectedChain[1] = caCert; 1732 1733 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1734 1735 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1736 1737 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1738 assertNotNull("Retrieved entry should exist", actualEntry); 1739 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1740 actualEntry instanceof PrivateKeyEntry); 1741 1742 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1743 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1744 FAKE_RSA_CA_1); 1745 } 1746 1747 // Replace with PrivateKeyEntry that has no chain 1748 { 1749 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1750 PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1751 final Certificate[] expectedChain = new Certificate[1]; 1752 expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1753 1754 PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain); 1755 1756 mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null); 1757 1758 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1759 assertNotNull("Retrieved entry should exist", actualEntry); 1760 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1761 actualEntry instanceof PrivateKeyEntry); 1762 1763 PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry; 1764 assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1765 null); 1766 } 1767 } 1768 1769 public void testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Encrypted_Success() 1770 throws Exception { 1771 setupPassword(); 1772 mKeyStore.load(null, null); 1773 1774 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1775 1776 // Insert TrustedCertificateEntry 1777 { 1778 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1779 1780 TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert); 1781 mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null); 1782 1783 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1784 assertNotNull("Retrieved entry should exist", actualEntry); 1785 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1786 actualEntry instanceof TrustedCertificateEntry); 1787 TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry; 1788 assertEquals("Stored and retrieved certificates should be the same", 1789 expectedCertEntry.getTrustedCertificate(), 1790 actualCertEntry.getTrustedCertificate()); 1791 } 1792 1793 // Replace with TrustedCertificateEntry of USER 1794 { 1795 final Certificate userCert = f 1796 .generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1797 1798 TrustedCertificateEntry expectedUserEntry = new TrustedCertificateEntry(userCert); 1799 mKeyStore.setEntry(TEST_ALIAS_1, expectedUserEntry, null); 1800 1801 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1802 assertNotNull("Retrieved entry should exist", actualEntry); 1803 assertTrue("Retrieved entry should be of type TrustedCertificateEntry", 1804 actualEntry instanceof TrustedCertificateEntry); 1805 TrustedCertificateEntry actualUserEntry = (TrustedCertificateEntry) actualEntry; 1806 assertEquals("Stored and retrieved certificates should be the same", 1807 expectedUserEntry.getTrustedCertificate(), 1808 actualUserEntry.getTrustedCertificate()); 1809 } 1810 } 1811 1812 public void testKeyStore_SetKeyEntry_ProtectedKey_Encrypted_Failure() throws Exception { 1813 setupPassword(); 1814 mKeyStore.load(null, null); 1815 1816 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1817 1818 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1819 1820 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1821 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1822 final Certificate[] chain = new Certificate[2]; 1823 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1824 chain[1] = caCert; 1825 1826 try { 1827 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, "foo".toCharArray(), chain); 1828 fail("Should fail when a password is specified"); 1829 } catch (KeyStoreException success) { 1830 } 1831 } 1832 1833 public void testKeyStore_SetKeyEntry_Encrypted_Success() throws Exception { 1834 setupPassword(); 1835 mKeyStore.load(null, null); 1836 1837 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1838 1839 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1840 1841 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1842 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1843 final Certificate[] chain = new Certificate[2]; 1844 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1845 chain[1] = caCert; 1846 1847 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1848 1849 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1850 assertNotNull("Retrieved entry should exist", actualEntry); 1851 1852 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1853 actualEntry instanceof PrivateKeyEntry); 1854 1855 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1856 1857 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1); 1858 } 1859 1860 public void testKeyStore_SetKeyEntry_Replaced_Encrypted_Success() throws Exception { 1861 setupPassword(); 1862 mKeyStore.load(null, null); 1863 1864 final CertificateFactory f = CertificateFactory.getInstance("X.509"); 1865 1866 final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1)); 1867 1868 // Insert initial key 1869 { 1870 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1871 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1872 final Certificate[] chain = new Certificate[2]; 1873 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1874 chain[1] = caCert; 1875 1876 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1877 1878 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1879 assertNotNull("Retrieved entry should exist", actualEntry); 1880 1881 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1882 actualEntry instanceof PrivateKeyEntry); 1883 1884 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1885 1886 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1887 FAKE_RSA_CA_1); 1888 } 1889 1890 // TODO make a separate key 1891 // Replace key 1892 { 1893 KeyFactory keyFact = KeyFactory.getInstance("RSA"); 1894 PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1)); 1895 final Certificate[] chain = new Certificate[2]; 1896 chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1)); 1897 chain[1] = caCert; 1898 1899 mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain); 1900 1901 Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1902 assertNotNull("Retrieved entry should exist", actualEntry); 1903 1904 assertTrue("Retrieved entry should be of type PrivateKeyEntry", 1905 actualEntry instanceof PrivateKeyEntry); 1906 1907 PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; 1908 1909 assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, 1910 FAKE_RSA_CA_1); 1911 } 1912 } 1913 1914 @SuppressWarnings("deprecation") 1915 private static X509Certificate generateCertificate(android.security.KeyStore keyStore, 1916 String alias, BigInteger serialNumber, X500Principal subjectDN, Date notBefore, 1917 Date notAfter) throws Exception { 1918 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias; 1919 1920 KeyPair keyPair = AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore( 1921 keyStore, privateKeyAlias, KeyStore.UID_SELF); 1922 1923 final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); 1924 certGen.setPublicKey(keyPair.getPublic()); 1925 certGen.setSerialNumber(serialNumber); 1926 certGen.setSubjectDN(subjectDN); 1927 certGen.setIssuerDN(subjectDN); 1928 certGen.setNotBefore(notBefore); 1929 certGen.setNotAfter(notAfter); 1930 certGen.setSignatureAlgorithm("sha1WithRSA"); 1931 1932 final X509Certificate cert = certGen.generate(keyPair.getPrivate()); 1933 1934 return cert; 1935 } 1936 1937 public void testKeyStore_SetKeyEntry_ReplacedChain_Encrypted_Success() throws Exception { 1938 setupPassword(); 1939 mKeyStore.load(null, null); 1940 1941 // Create key #1 1942 { 1943 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; 1944 assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, 1945 NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null)); 1946 1947 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1948 1949 assertTrue(key instanceof PrivateKey); 1950 1951 PrivateKey expectedKey = (PrivateKey) key; 1952 1953 X509Certificate expectedCert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, 1954 TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS); 1955 1956 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 1957 expectedCert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 1958 1959 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1960 1961 assertTrue(entry instanceof PrivateKeyEntry); 1962 1963 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1964 1965 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null); 1966 } 1967 1968 // Replace key #1 with new chain 1969 { 1970 Key key = mKeyStore.getKey(TEST_ALIAS_1, null); 1971 1972 assertTrue(key instanceof PrivateKey); 1973 1974 PrivateKey expectedKey = (PrivateKey) key; 1975 1976 X509Certificate expectedCert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, 1977 TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); 1978 1979 mKeyStore.setKeyEntry(TEST_ALIAS_1, expectedKey, null, 1980 new Certificate[] { expectedCert }); 1981 1982 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 1983 1984 assertTrue(entry instanceof PrivateKeyEntry); 1985 1986 PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; 1987 1988 assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, null); 1989 } 1990 } 1991 1992 public void testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Encrypted_Failure() 1993 throws Exception { 1994 setupPassword(); 1995 mKeyStore.load(null, null); 1996 1997 // Create key #1 1998 { 1999 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; 2000 assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, 2001 NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null)); 2002 2003 X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, 2004 TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS); 2005 2006 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 2007 cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 2008 } 2009 2010 // Create key #2 2011 { 2012 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_2; 2013 assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, 2014 NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null)); 2015 2016 X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2, 2017 TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); 2018 2019 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_2, 2020 cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 2021 } 2022 2023 // Replace key #1 with key #2 2024 { 2025 Key key1 = mKeyStore.getKey(TEST_ALIAS_2, null); 2026 2027 X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2, 2028 TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); 2029 2030 try { 2031 mKeyStore.setKeyEntry(TEST_ALIAS_1, key1, null, new Certificate[] { cert }); 2032 fail("Should not allow setting of KeyEntry with wrong PrivaetKey"); 2033 } catch (KeyStoreException success) { 2034 } 2035 } 2036 } 2037 2038 public void testKeyStore_SetKeyEntry_ReplacedChain_UnencryptedToEncrypted_Failure() 2039 throws Exception { 2040 mKeyStore.load(null, null); 2041 2042 // Create key #1 2043 { 2044 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; 2045 assertTrue(mAndroidKeyStore.generate(privateKeyAlias, 2046 android.security.KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, 2047 android.security.KeyStore.FLAG_NONE, null)); 2048 2049 X509Certificate cert = 2050 generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1, TEST_DN_1, 2051 NOW, NOW_PLUS_10_YEARS); 2052 2053 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 2054 cert.getEncoded(), android.security.KeyStore.UID_SELF, 2055 android.security.KeyStore.FLAG_NONE)); 2056 } 2057 2058 // Replace with one that requires encryption 2059 { 2060 Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); 2061 2062 try { 2063 mKeyStore.setEntry(TEST_ALIAS_1, entry, 2064 new KeyStoreParameter.Builder(getContext()) 2065 .setEncryptionRequired(true) 2066 .build()); 2067 fail("Should not allow setting of Entry without unlocked keystore"); 2068 } catch (KeyStoreException success) { 2069 } 2070 2071 assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); 2072 assertTrue(mAndroidKeyStore.isUnlocked()); 2073 2074 mKeyStore.setEntry(TEST_ALIAS_1, entry, 2075 new KeyStoreParameter.Builder(getContext()) 2076 .setEncryptionRequired(true) 2077 .build()); 2078 } 2079 } 2080 2081 public void testKeyStore_Size_Encrypted_Success() throws Exception { 2082 setupPassword(); 2083 mKeyStore.load(null, null); 2084 2085 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, 2086 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 2087 2088 assertEquals("The keystore size should match expected", 1, mKeyStore.size()); 2089 assertAliases(new String[] { TEST_ALIAS_1 }); 2090 2091 assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_RSA_CA_1, 2092 KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 2093 2094 assertEquals("The keystore size should match expected", 2, mKeyStore.size()); 2095 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); 2096 2097 assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3, 2098 KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, 2099 null)); 2100 2101 assertEquals("The keystore size should match expected", 3, mKeyStore.size()); 2102 assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); 2103 2104 assertTrue(mAndroidKeyStore.delete(Credentials.CA_CERTIFICATE + TEST_ALIAS_1)); 2105 2106 assertEquals("The keystore size should match expected", 2, mKeyStore.size()); 2107 assertAliases(new String[] { TEST_ALIAS_2, TEST_ALIAS_3 }); 2108 2109 assertTrue(mAndroidKeyStore.delete(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3)); 2110 2111 assertEquals("The keystore size should match expected", 1, mKeyStore.size()); 2112 assertAliases(new String[] { TEST_ALIAS_2 }); 2113 } 2114 2115 public void testKeyStore_Store_LoadStoreParam_Encrypted_Failure() throws Exception { 2116 setupPassword(); 2117 mKeyStore.load(null, null); 2118 2119 try { 2120 mKeyStore.store(null); 2121 fail("Should throw UnsupportedOperationException when trying to store"); 2122 } catch (UnsupportedOperationException success) { 2123 } 2124 } 2125 2126 public void testKeyStore_Load_InputStreamSupplied_Encrypted_Failure() throws Exception { 2127 byte[] buf = "FAKE KEYSTORE".getBytes(); 2128 ByteArrayInputStream is = new ByteArrayInputStream(buf); 2129 2130 try { 2131 mKeyStore.load(is, null); 2132 fail("Should throw IllegalArgumentException when InputStream is supplied"); 2133 } catch (IllegalArgumentException success) { 2134 } 2135 } 2136 2137 public void testKeyStore_Load_PasswordSupplied_Encrypted_Failure() throws Exception { 2138 try { 2139 mKeyStore.load(null, "password".toCharArray()); 2140 fail("Should throw IllegalArgumentException when password is supplied"); 2141 } catch (IllegalArgumentException success) { 2142 } 2143 } 2144 2145 public void testKeyStore_Store_OutputStream_Encrypted_Failure() throws Exception { 2146 setupPassword(); 2147 mKeyStore.load(null, null); 2148 2149 OutputStream sink = new ByteArrayOutputStream(); 2150 try { 2151 mKeyStore.store(sink, null); 2152 fail("Should throw UnsupportedOperationException when trying to store"); 2153 } catch (UnsupportedOperationException success) { 2154 } 2155 2156 try { 2157 mKeyStore.store(sink, "blah".toCharArray()); 2158 fail("Should throw UnsupportedOperationException when trying to store"); 2159 } catch (UnsupportedOperationException success) { 2160 } 2161 } 2162 2163 private void setupKey() throws Exception { 2164 final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; 2165 assertTrue(mAndroidKeyStore 2166 .generate(privateKeyAlias, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, 2167 KeyStore.FLAG_ENCRYPTED, null)); 2168 2169 X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1, 2170 TEST_DN_1, NOW, NOW_PLUS_10_YEARS); 2171 2172 assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, 2173 cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 2174 } 2175 2176 public void testKeyStore_KeyOperations_Wrap_Encrypted_Success() throws Exception { 2177 setupPassword(); 2178 mKeyStore.load(null, null); 2179 2180 setupKey(); 2181 2182 // Test key usage 2183 Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null); 2184 assertNotNull(e); 2185 assertTrue(e instanceof PrivateKeyEntry); 2186 2187 PrivateKeyEntry privEntry = (PrivateKeyEntry) e; 2188 PrivateKey privKey = privEntry.getPrivateKey(); 2189 assertNotNull(privKey); 2190 2191 PublicKey pubKey = privEntry.getCertificate().getPublicKey(); 2192 2193 Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding"); 2194 c.init(Cipher.WRAP_MODE, pubKey); 2195 2196 byte[] expectedKey = new byte[] { 2197 0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A 2198 }; 2199 2200 SecretKey expectedSecret = new SecretKeySpec(expectedKey, "AES"); 2201 2202 byte[] wrappedExpected = c.wrap(expectedSecret); 2203 2204 c.init(Cipher.UNWRAP_MODE, privKey); 2205 SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY); 2206 2207 assertEquals(Arrays.toString(expectedSecret.getEncoded()), 2208 Arrays.toString(actualSecret.getEncoded())); 2209 } 2210} 2211