Search in sources :

Example 76 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project platform_frameworks_base by android.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_EC_Unencrypted_Success.

public void testKeyStore_SetEntry_PrivateKeyEntry_EC_Unencrypted_Success() throws Exception {
    mKeyStore.load(null, null);
    KeyFactory keyFact = KeyFactory.getInstance("EC");
    PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_EC_KEY_1));
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate[] expectedChain = new Certificate[2];
    expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_EC_USER_1));
    expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_EC_CA_1));
    PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain);
    mKeyStore.setEntry(TEST_ALIAS_1, expected, null);
    Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
    assertNotNull("Retrieved entry should exist", actualEntry);
    assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
    PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
    assertPrivateKeyEntryEquals(actual, "EC", FAKE_EC_KEY_1, FAKE_EC_USER_1, FAKE_EC_CA_1);
}
Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 77 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project robovm by robovm.

the class TestKeyStore method privateKey.

/**
     * Return the only private key in a keystore for the given
     * algorithms. Throws IllegalStateException if there are are more
     * or less than one.
     */
public static PrivateKeyEntry privateKey(KeyStore keyStore, char[] keyPassword, String keyAlgorithm, String signatureAlgorithm) {
    try {
        PrivateKeyEntry found = null;
        PasswordProtection password = new PasswordProtection(keyPassword);
        for (String alias : Collections.list(keyStore.aliases())) {
            if (!keyStore.entryInstanceOf(alias, PrivateKeyEntry.class)) {
                continue;
            }
            PrivateKeyEntry privateKey = (PrivateKeyEntry) keyStore.getEntry(alias, password);
            if (!privateKey.getPrivateKey().getAlgorithm().equals(keyAlgorithm)) {
                continue;
            }
            X509Certificate certificate = (X509Certificate) privateKey.getCertificate();
            if (!certificate.getSigAlgName().contains(signatureAlgorithm)) {
                continue;
            }
            if (found != null) {
                throw new IllegalStateException("KeyStore has more than one private key for " + " keyAlgorithm: " + keyAlgorithm + " signatureAlgorithm: " + signatureAlgorithm + "\nfirst: " + found.getPrivateKey() + "\nsecond: " + privateKey.getPrivateKey());
            }
            found = privateKey;
        }
        if (found == null) {
            throw new IllegalStateException("KeyStore contained no private key for " + " keyAlgorithm: " + keyAlgorithm + " signatureAlgorithm: " + signatureAlgorithm);
        }
        return found;
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : DEROctetString(com.android.org.bouncycastle.asn1.DEROctetString) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) PasswordProtection(java.security.KeyStore.PasswordProtection) X509Certificate(java.security.cert.X509Certificate) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) UnknownHostException(java.net.UnknownHostException)

Example 78 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project robovm by robovm.

the class KeyStoreTest method testKeyStoreCreate.

public void testKeyStoreCreate() {
    KeyStore keyStore = null;
    try {
        keyStore = KeyStore.getInstance(algorithmName);
    } catch (KeyStoreException e) {
        fail(e.getMessage());
    }
    try {
        keyStore.load(null, "the secret password".toCharArray());
    } catch (NoSuchAlgorithmException e) {
        fail(e.getMessage());
    } catch (CertificateException e) {
        fail(e.getMessage());
    } catch (IOException e) {
        fail(e.getMessage());
    }
    CertificateFactory certificateFactory = null;
    try {
        certificateFactory = CertificateFactory.getInstance("X.509");
    } catch (CertificateException e) {
        fail(e.getMessage());
    }
    Certificate certificate = null;
    try {
        certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(encodedCertificate.getBytes()));
    } catch (CertificateException e) {
        fail(e.getMessage());
    }
    KeyPairGenerator generator = null;
    try {
        generator = KeyPairGenerator.getInstance(certificate.getPublicKey().getAlgorithm());
    } catch (NoSuchAlgorithmException e) {
        fail(e.getMessage());
    }
    KeyPair keyPair = generator.generateKeyPair();
    PrivateKeyEntry privateKeyEntry = new PrivateKeyEntry(keyPair.getPrivate(), new Certificate[] { certificate });
    try {
        keyStore.setEntry("aPrivateKey", privateKeyEntry, new PasswordProtection("the key password".toCharArray()));
    } catch (KeyStoreException e) {
        fail(e.getMessage());
    }
    try {
        assertTrue(keyStore.containsAlias("aPrivateKey"));
    } catch (KeyStoreException e) {
        fail(e.getMessage());
    }
    try {
        PrivateKeyEntry entry = (PrivateKeyEntry) keyStore.getEntry("aPrivateKey", new PasswordProtection("the key password".toCharArray()));
        PrivateKey privateKey = entry.getPrivateKey();
        assertEquals(keyPair.getPrivate(), privateKey);
    } catch (NoSuchAlgorithmException e) {
        fail(e.getMessage());
    } catch (UnrecoverableEntryException e) {
        fail(e.getMessage());
    } catch (KeyStoreException e) {
        fail(e.getMessage());
    }
    try {
        ByteArrayOutputStream stream = new ByteArrayOutputStream();
        keyStore.store(stream, "the keystore password".toCharArray());
        assertTrue("keystore not written", stream.size() > 0);
    } catch (KeyStoreException e) {
        fail(e.getMessage());
    } catch (NoSuchAlgorithmException e) {
        fail(e.getMessage());
    } catch (CertificateException e) {
        fail(e.getMessage());
    } catch (IOException e) {
        fail(e.getMessage());
    }
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) CertificateException(java.security.cert.CertificateException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyPairGenerator(java.security.KeyPairGenerator) ByteArrayOutputStream(java.io.ByteArrayOutputStream) KeyStore(java.security.KeyStore) CertificateFactory(java.security.cert.CertificateFactory) ByteArrayInputStream(java.io.ByteArrayInputStream) UnrecoverableEntryException(java.security.UnrecoverableEntryException) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) PasswordProtection(java.security.KeyStore.PasswordProtection) Certificate(java.security.cert.Certificate)

Example 79 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by DirtyUnicorns.

the class AndroidKeyStoreTest method testKeyStore_KeyOperations_Wrap_Encrypted_Success.

public void testKeyStore_KeyOperations_Wrap_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    setupKey();
    // Test key usage
    Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null);
    assertNotNull(e);
    assertTrue(e instanceof PrivateKeyEntry);
    PrivateKeyEntry privEntry = (PrivateKeyEntry) e;
    PrivateKey privKey = privEntry.getPrivateKey();
    assertNotNull(privKey);
    PublicKey pubKey = privEntry.getCertificate().getPublicKey();
    Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    c.init(Cipher.WRAP_MODE, pubKey);
    byte[] expectedKey = new byte[] { 0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A };
    SecretKey expectedSecret = new SecretKeySpec(expectedKey, "AES");
    byte[] wrappedExpected = c.wrap(expectedSecret);
    c.init(Cipher.UNWRAP_MODE, privKey);
    SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY);
    assertEquals(Arrays.toString(expectedSecret.getEncoded()), Arrays.toString(actualSecret.getEncoded()));
}
Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) SecretKey(javax.crypto.SecretKey) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec) Cipher(javax.crypto.Cipher) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)

Example 80 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by DirtyUnicorns.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure.

public void testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure() throws Exception {
    mKeyStore.load(null, null);
    KeyFactory keyFact = KeyFactory.getInstance("RSA");
    PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate[] expectedChain = new Certificate[2];
    expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
    expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
    PrivateKeyEntry entry = new PrivateKeyEntry(expectedKey, expectedChain);
    try {
        mKeyStore.setEntry(TEST_ALIAS_1, entry, new KeyStoreParameter.Builder(getContext()).setEncryptionRequired(true).build());
        fail("Shouldn't be able to insert encrypted entry when KeyStore uninitialized");
    } catch (KeyStoreException expected) {
    }
    assertNull(mKeyStore.getEntry(TEST_ALIAS_1, null));
}
Also used : KeyStoreParameter(android.security.KeyStoreParameter) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) KeyStoreException(java.security.KeyStoreException) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)111 Entry (java.security.KeyStore.Entry)79 TrustedCertificateEntry (java.security.KeyStore.TrustedCertificateEntry)77 PrivateKey (java.security.PrivateKey)74 X509Certificate (java.security.cert.X509Certificate)64 ByteArrayInputStream (java.io.ByteArrayInputStream)62 CertificateFactory (java.security.cert.CertificateFactory)61 KeyFactory (java.security.KeyFactory)59 Certificate (java.security.cert.Certificate)59 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)59 KeyStoreException (java.security.KeyStoreException)20 KeyStore (java.security.KeyStore)13 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)10 IOException (java.io.IOException)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 CertificateException (java.security.cert.CertificateException)7 KeyStore (android.security.KeyStore)6 PublicKey (java.security.PublicKey)6 Cipher (javax.crypto.Cipher)6 SecretKey (javax.crypto.SecretKey)6