Search in sources :

Example 6 with KeyFactory

use of java.security.KeyFactory in project android_frameworks_base by ParanoidAndroid.

the class AndroidKeyStoreTest method testKeyStore_SetKeyEntry_Replaced_Encrypted_Success.

public void testKeyStore_SetKeyEntry_Replaced_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
    // Insert initial key
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
        final Certificate[] chain = new Certificate[2];
        chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
        chain[1] = caCert;
        mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
    }
    // TODO make a separate key
    // Replace key
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
        final Certificate[] chain = new Certificate[2];
        chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
        chain[1] = caCert;
        mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1);
    }
}
Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 7 with KeyFactory

use of java.security.KeyFactory in project android_frameworks_base by ParanoidAndroid.

the class AndroidKeyStoreTest method testKeyStore_SetKeyEntry_ProtectedKey_Encrypted_Failure.

public void testKeyStore_SetKeyEntry_ProtectedKey_Encrypted_Failure() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
    KeyFactory keyFact = KeyFactory.getInstance("RSA");
    PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
    final Certificate[] chain = new Certificate[2];
    chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
    chain[1] = caCert;
    try {
        mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, "foo".toCharArray(), chain);
        fail("Should fail when a password is specified");
    } catch (KeyStoreException success) {
    }
}
Also used : RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) KeyStoreException(java.security.KeyStoreException) CertificateFactory(java.security.cert.CertificateFactory) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 8 with KeyFactory

use of java.security.KeyFactory in project android_frameworks_base by ParanoidAndroid.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure.

public void testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure() throws Exception {
    mKeyStore.load(null, null);
    KeyFactory keyFact = KeyFactory.getInstance("RSA");
    PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate[] expectedChain = new Certificate[2];
    expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
    expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
    PrivateKeyEntry entry = new PrivateKeyEntry(expectedKey, expectedChain);
    try {
        mKeyStore.setEntry(TEST_ALIAS_1, entry, new KeyStoreParameter.Builder(getContext()).setEncryptionRequired(true).build());
        fail("Shouldn't be able to insert encrypted entry when KeyStore uninitialized");
    } catch (KeyStoreException expected) {
    }
    assertNull(mKeyStore.getEntry(TEST_ALIAS_1, null));
}
Also used : RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) KeyStoreException(java.security.KeyStoreException) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 9 with KeyFactory

use of java.security.KeyFactory in project android_frameworks_base by ParanoidAndroid.

the class AndroidKeyStoreTest method assertPrivateKeyEntryEquals.

@SuppressWarnings("unchecked")
private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, byte[] key, byte[] cert, byte[] ca) throws Exception {
    KeyFactory keyFact = KeyFactory.getInstance("RSA");
    PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(key));
    CertificateFactory certFact = CertificateFactory.getInstance("X.509");
    Certificate expectedCert = certFact.generateCertificate(new ByteArrayInputStream(cert));
    final Collection<Certificate> expectedChain;
    if (ca != null) {
        expectedChain = (Collection<Certificate>) certFact.generateCertificates(new ByteArrayInputStream(ca));
    } else {
        expectedChain = null;
    }
    assertPrivateKeyEntryEquals(keyEntry, expectedKey, expectedCert, expectedChain);
}
Also used : RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) CertificateFactory(java.security.cert.CertificateFactory) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 10 with KeyFactory

use of java.security.KeyFactory in project android_frameworks_base by ParanoidAndroid.

the class AndroidKeyStoreTest method testKeyStore_GetKey_NoPassword_Unencrypted_Success.

public void testKeyStore_GetKey_NoPassword_Unencrypted_Success() throws Exception {
    mKeyStore.load(null, null);
    assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE));
    assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE));
    assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE));
    Key key = mKeyStore.getKey(TEST_ALIAS_1, null);
    assertNotNull("Key should exist", key);
    assertTrue("Should be a RSAPrivateKey", key instanceof RSAPrivateKey);
    RSAPrivateKey actualKey = (RSAPrivateKey) key;
    KeyFactory keyFact = KeyFactory.getInstance("RSA");
    PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1));
    assertEquals("Inserted key should be same as retrieved key", ((RSAPrivateKey) expectedKey).getModulus(), actualKey.getModulus());
}
Also used : RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PublicKey(java.security.PublicKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) KeyFactory(java.security.KeyFactory)

Aggregations

KeyFactory (java.security.KeyFactory)407 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)180 PrivateKey (java.security.PrivateKey)177 PublicKey (java.security.PublicKey)120 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)114 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)113 CertificateFactory (java.security.cert.CertificateFactory)103 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)99 ByteArrayInputStream (java.io.ByteArrayInputStream)93 Certificate (java.security.cert.Certificate)89 X509Certificate (java.security.cert.X509Certificate)87 RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)60 PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)59 Entry (java.security.KeyStore.Entry)53 TrustedCertificateEntry (java.security.KeyStore.TrustedCertificateEntry)53 IOException (java.io.IOException)47 BigInteger (java.math.BigInteger)45 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)43 RSAPublicKey (java.security.interfaces.RSAPublicKey)43 Signature (java.security.Signature)40