1/*
2 * Copyright 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package libcore.javax.net.ssl;
18
19import javax.net.ssl.KeyManager;
20import javax.net.ssl.KeyManagerFactory;
21import javax.net.ssl.X509KeyManager;
22
23import junit.framework.TestCase;
24import libcore.java.security.TestKeyStore;
25
26public class X509KeyManagerTest extends TestCase {
27    /**
28     * Tests whether the key manager will select the right key when the CA is of
29     * one key type and the client is of a possibly different key type.
30     *
31     * <p>There was a bug where EC was being interpreted as EC_EC and only
32     * accepting EC signatures when it should accept any signature type.
33     */
34    public void testChooseClientAlias_Combinations() throws Exception {
35        test_ChooseClientAlias_KeyType("RSA", "RSA", "RSA", true);
36        test_ChooseClientAlias_KeyType("RSA", "EC", "RSA", true);
37        test_ChooseClientAlias_KeyType("RSA", "EC", "EC", false);
38
39        test_ChooseClientAlias_KeyType("EC", "RSA", "EC_RSA", true);
40        test_ChooseClientAlias_KeyType("EC", "EC", "EC_RSA", false);
41
42        test_ChooseClientAlias_KeyType("EC", "EC", "EC_EC", true);
43        test_ChooseClientAlias_KeyType("EC", "RSA", "EC_EC", false);
44
45        test_ChooseClientAlias_KeyType("EC", "RSA", "RSA", false);
46    }
47
48    private void test_ChooseClientAlias_KeyType(String clientKeyType, String caKeyType,
49            String selectedKeyType, boolean succeeds) throws Exception {
50        TestKeyStore ca = new TestKeyStore.Builder()
51                .keyAlgorithms(caKeyType)
52                .build();
53        TestKeyStore client = new TestKeyStore.Builder().keyAlgorithms(clientKeyType)
54                .signer(ca.getPrivateKey(caKeyType, caKeyType))
55                .build();
56
57        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
58                .getDefaultAlgorithm());
59        kmf.init(client.keyStore, client.keyPassword);
60
61        String[] keyTypes = new String[] { selectedKeyType };
62        KeyManager[] managers = kmf.getKeyManagers();
63        for (KeyManager manager : managers) {
64            if (manager instanceof X509KeyManager) {
65                String alias = ((X509KeyManager) manager).chooseClientAlias(keyTypes, null, null);
66                if (succeeds) {
67                    assertNotNull(alias);
68                } else {
69                    assertNull(alias);
70                }
71            }
72        }
73    }
74}
75