1/* 2 * Copyright 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package libcore.javax.net.ssl; 18 19import javax.net.ssl.KeyManager; 20import javax.net.ssl.KeyManagerFactory; 21import javax.net.ssl.X509KeyManager; 22 23import junit.framework.TestCase; 24import libcore.java.security.TestKeyStore; 25 26public class X509KeyManagerTest extends TestCase { 27 /** 28 * Tests whether the key manager will select the right key when the CA is of 29 * one key type and the client is of a possibly different key type. 30 * 31 * <p>There was a bug where EC was being interpreted as EC_EC and only 32 * accepting EC signatures when it should accept any signature type. 33 */ 34 public void testChooseClientAlias_Combinations() throws Exception { 35 test_ChooseClientAlias_KeyType("RSA", "RSA", "RSA", true); 36 test_ChooseClientAlias_KeyType("RSA", "EC", "RSA", true); 37 test_ChooseClientAlias_KeyType("RSA", "EC", "EC", false); 38 39 test_ChooseClientAlias_KeyType("EC", "RSA", "EC_RSA", true); 40 test_ChooseClientAlias_KeyType("EC", "EC", "EC_RSA", false); 41 42 test_ChooseClientAlias_KeyType("EC", "EC", "EC_EC", true); 43 test_ChooseClientAlias_KeyType("EC", "RSA", "EC_EC", false); 44 45 test_ChooseClientAlias_KeyType("EC", "RSA", "RSA", false); 46 } 47 48 private void test_ChooseClientAlias_KeyType(String clientKeyType, String caKeyType, 49 String selectedKeyType, boolean succeeds) throws Exception { 50 TestKeyStore ca = new TestKeyStore.Builder() 51 .keyAlgorithms(caKeyType) 52 .build(); 53 TestKeyStore client = new TestKeyStore.Builder().keyAlgorithms(clientKeyType) 54 .signer(ca.getPrivateKey(caKeyType, caKeyType)) 55 .build(); 56 57 KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory 58 .getDefaultAlgorithm()); 59 kmf.init(client.keyStore, client.keyPassword); 60 61 String[] keyTypes = new String[] { selectedKeyType }; 62 KeyManager[] managers = kmf.getKeyManagers(); 63 for (KeyManager manager : managers) { 64 if (manager instanceof X509KeyManager) { 65 String alias = ((X509KeyManager) manager).chooseClientAlias(keyTypes, null, null); 66 if (succeeds) { 67 assertNotNull(alias); 68 } else { 69 assertNull(alias); 70 } 71 } 72 } 73 } 74} 75