1/* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package libcore.javax.net.ssl; 18 19import junit.framework.Assert; 20import java.security.GeneralSecurityException; 21import java.security.KeyFactory; 22import java.security.KeyPairGenerator; 23import java.security.PrivateKey; 24import java.security.interfaces.ECPrivateKey; 25import java.security.spec.DSAParameterSpec; 26import java.security.spec.DSAPrivateKeySpec; 27import java.security.spec.RSAPrivateKeySpec; 28import java.util.HashMap; 29import java.util.Map; 30import javax.net.ssl.X509ExtendedKeyManager; 31 32/** 33 * {@link X509ExtendedKeyManager} which forwards all calls to a delegate while substituting 34 * the returned private key with its own randomly generated keys of the same type (and parameters). 35 */ 36public class RandomPrivateKeyX509ExtendedKeyManager extends ForwardingX509ExtendedKeyManager { 37 38 private final Map<String, PrivateKey> cachedKeys = new HashMap<String, PrivateKey>(); 39 40 public RandomPrivateKeyX509ExtendedKeyManager(X509ExtendedKeyManager delegate) { 41 super(delegate); 42 } 43 44 @Override 45 public PrivateKey getPrivateKey(String alias) { 46 PrivateKey originalPrivateKey = super.getPrivateKey(alias); 47 if (originalPrivateKey == null) { 48 return null; 49 } 50 51 PrivateKey result; 52 String keyAlgorithm = originalPrivateKey.getAlgorithm(); 53 try { 54 KeyFactory keyFactory = KeyFactory.getInstance(keyAlgorithm); 55 if ("RSA".equals(keyAlgorithm)) { 56 RSAPrivateKeySpec originalKeySpec = 57 keyFactory.getKeySpec(originalPrivateKey, RSAPrivateKeySpec.class); 58 int keyLengthBits = originalKeySpec.getModulus().bitLength(); 59 // Use a cache because RSA key generation is slow. 60 String cacheKey = keyAlgorithm + "-" + keyLengthBits; 61 result = cachedKeys.get(cacheKey); 62 if (result == null) { 63 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlgorithm); 64 keyPairGenerator.initialize(keyLengthBits); 65 result = keyPairGenerator.generateKeyPair().getPrivate(); 66 cachedKeys.put(cacheKey, result); 67 } 68 } else if ("DSA".equals(keyAlgorithm)) { 69 DSAPrivateKeySpec originalKeySpec = 70 keyFactory.getKeySpec(originalPrivateKey, DSAPrivateKeySpec.class); 71 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlgorithm); 72 keyPairGenerator.initialize(new DSAParameterSpec( 73 originalKeySpec.getP(), originalKeySpec.getQ(), originalKeySpec.getG())); 74 result = keyPairGenerator.generateKeyPair().getPrivate(); 75 } else if ("EC".equals(keyAlgorithm)) { 76 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlgorithm); 77 keyPairGenerator.initialize(((ECPrivateKey) originalPrivateKey).getParams()); 78 result = keyPairGenerator.generateKeyPair().getPrivate(); 79 } else { 80 Assert.fail("Unsupported key algorithm: " + originalPrivateKey.getAlgorithm()); 81 result = null; 82 } 83 } catch (GeneralSecurityException e) { 84 Assert.fail("Failed to generate private key: " + e); 85 result = null; 86 } 87 88 return result; 89 } 90} 91