Examples with PrivateKeyEntry - java.security.KeyStore.PrivateKeyEntry

Example 1 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by ParanoidAndroid.

the class AndroidKeyStore method engineSetEntry.

@Override
public void engineSetEntry(String alias, Entry entry, ProtectionParameter param) throws KeyStoreException {
    if (entry == null) {
        throw new KeyStoreException("entry == null");
    }
    if (engineContainsAlias(alias)) {
        engineDeleteEntry(alias);
    }
    if (entry instanceof KeyStore.TrustedCertificateEntry) {
        KeyStore.TrustedCertificateEntry trE = (KeyStore.TrustedCertificateEntry) entry;
        engineSetCertificateEntry(alias, trE.getTrustedCertificate());
        return;
    }
    if (param != null && !(param instanceof KeyStoreParameter)) {
        throw new KeyStoreException("protParam should be android.security.KeyStoreParameter; was: " + param.getClass().getName());
    }
    if (entry instanceof PrivateKeyEntry) {
        PrivateKeyEntry prE = (PrivateKeyEntry) entry;
        setPrivateKeyEntry(alias, prE.getPrivateKey(), prE.getCertificateChain(), (KeyStoreParameter) param);
        return;
    }
    throw new KeyStoreException("Entry must be a PrivateKeyEntry or TrustedCertificateEntry; was " + entry);
}

Also used : KeyStoreException(java.security.KeyStoreException) KeyStore(java.security.KeyStore) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)

Example 2 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by ParanoidAndroid.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Encrypted_Success.

public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    final KeyFactory keyFact = KeyFactory.getInstance("RSA");
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    // Start with PrivateKeyEntry
    {
        PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
        final Certificate[] expectedChain = new Certificate[2];
        expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
        expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
        PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain);
        mKeyStore.setEntry(TEST_ALIAS_1, expected, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
    }
    // TODO make entirely new test vector for the overwrite
    // Replace with PrivateKeyEntry
    {
        PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
        final Certificate[] expectedChain = new Certificate[2];
        expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
        expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
        PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain);
        mKeyStore.setEntry(TEST_ALIAS_1, expected, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
    }
}

Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory)

Example 3 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by ParanoidAndroid.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Encrypted_Success.

public void testKeyStore_SetEntry_PrivateKeyEntry_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    KeyFactory keyFact = KeyFactory.getInstance("RSA");
    PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate[] expectedChain = new Certificate[2];
    expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
    expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
    PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain);
    mKeyStore.setEntry(TEST_ALIAS_1, expected, null);
    Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
    assertNotNull("Retrieved entry should exist", actualEntry);
    assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
    PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
    assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
}

Example 4 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by ParanoidAndroid.

the class AndroidKeyStoreTest method testKeyStore_SetKeyEntry_Replaced_Encrypted_Success.

public void testKeyStore_SetKeyEntry_Replaced_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
    // Insert initial key
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
        final Certificate[] chain = new Certificate[2];
        chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
        chain[1] = caCert;
        mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
    }
    // TODO make a separate key
    // Replace key
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
        final Certificate[] chain = new Certificate[2];
        chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
        chain[1] = caCert;
        mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
    }
}

Example 5 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by ParanoidAndroid.

the class AndroidKeyStoreTest method testKeyStore_KeyOperations_Wrap_Encrypted_Success.

public void testKeyStore_KeyOperations_Wrap_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    setupKey();
    // Test key usage
    Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null);
    assertNotNull(e);
    assertTrue(e instanceof PrivateKeyEntry);
    PrivateKeyEntry privEntry = (PrivateKeyEntry) e;
    PrivateKey privKey = privEntry.getPrivateKey();
    assertNotNull(privKey);
    PublicKey pubKey = privEntry.getCertificate().getPublicKey();
    Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    c.init(Cipher.WRAP_MODE, pubKey);
    byte[] expectedKey = new byte[] { 0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A };
    SecretKey expectedSecret = new SecretKeySpec(expectedKey, "AES");
    byte[] wrappedExpected = c.wrap(expectedSecret);
    c.init(Cipher.UNWRAP_MODE, privKey);
    SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY);
    assertEquals(Arrays.toString(expectedSecret.getEncoded()), Arrays.toString(actualSecret.getEncoded()));
}

Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) SecretKey(javax.crypto.SecretKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec) Cipher(javax.crypto.Cipher) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)

Aggregations

PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)123 Entry (java.security.KeyStore.Entry)79 PrivateKey (java.security.PrivateKey)78 TrustedCertificateEntry (java.security.KeyStore.TrustedCertificateEntry)77 ByteArrayInputStream (java.io.ByteArrayInputStream)68 X509Certificate (java.security.cert.X509Certificate)67 Certificate (java.security.cert.Certificate)62 CertificateFactory (java.security.cert.CertificateFactory)61 KeyFactory (java.security.KeyFactory)59 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)59 KeyStoreException (java.security.KeyStoreException)30 IOException (java.io.IOException)18 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)18 KeyStore (java.security.KeyStore)17 CertificateException (java.security.cert.CertificateException)13 KeyStore (android.security.KeyStore)12 PasswordProtection (java.security.KeyStore.PasswordProtection)11 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)10 UnrecoverableEntryException (java.security.UnrecoverableEntryException)9 DEROctetString (com.android.org.bouncycastle.asn1.DEROctetString)8