Examples with PrivateKeyEntry - java.security.KeyStore.PrivateKeyEntry

Example 91 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by AOSPA.

the class AndroidKeyStoreTest method testKeyStore_GetEntry_NullParams_Encrypted_Success.

public void testKeyStore_GetEntry_NullParams_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
    assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
    assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
    Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null);
    assertNotNull("Entry should exist", entry);
    assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry);
    PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
    assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
}

Example 92 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project robovm by robovm.

the class TrustManagerFactoryTest method test_TrustManagerFactory_intermediate.

public void test_TrustManagerFactory_intermediate() throws Exception {
    // chain should be server/intermediate/root
    PrivateKeyEntry pke = TestKeyStore.getServer().getPrivateKey("RSA", "RSA");
    X509Certificate[] chain = (X509Certificate[]) pke.getCertificateChain();
    assertEquals(3, chain.length);
    // keyStore should contain only the intermediate CA so we can
    // test proper validation even if there are extra certs after
    // the trusted one (in this case the original root is "extra")
    KeyStore keyStore = TestKeyStore.createKeyStore();
    keyStore.setCertificateEntry("alias", chain[1]);
    Provider[] providers = Security.getProviders();
    for (Provider provider : providers) {
        Set<Provider.Service> services = provider.getServices();
        for (Provider.Service service : services) {
            String type = service.getType();
            if (!type.equals("TrustManagerFactory")) {
                continue;
            }
            String algorithm = service.getAlgorithm();
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
            tmf.init(keyStore);
            TrustManager[] trustManagers = tmf.getTrustManagers();
            for (TrustManager trustManager : trustManagers) {
                if (!(trustManager instanceof X509TrustManager)) {
                    continue;
                }
                X509TrustManager tm = (X509TrustManager) trustManager;
                tm.checkClientTrusted(chain, "RSA");
                tm.checkServerTrusted(chain, "RSA");
            }
        }
    }
}

Also used : TestKeyStore(libcore.java.security.TestKeyStore) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) Provider(java.security.Provider) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)

Example 93 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project robovm by robovm.

the class TrustManagerFactoryTest method test_TrustManagerFactory_extendedKeyUsage.

private void test_TrustManagerFactory_extendedKeyUsage(KeyPurposeId keyPurposeId, boolean critical, boolean client, boolean server) throws Exception {
    String algorithm = "RSA";
    TestKeyStore intermediateCa = TestKeyStore.getIntermediateCa();
    TestKeyStore leaf = new TestKeyStore.Builder().keyAlgorithms(new String[] { algorithm }).aliasPrefix("criticalCodeSigning").signer(intermediateCa.getPrivateKey("RSA", "RSA")).rootCa(intermediateCa.getRootCertificate("RSA")).addExtendedKeyUsage(keyPurposeId, critical).build();
    // leaf.dump("test_TrustManagerFactory_criticalCodeSigning");
    PrivateKeyEntry privateKeyEntry = leaf.getPrivateKey(algorithm, algorithm);
    X509Certificate[] chain = (X509Certificate[]) privateKeyEntry.getCertificateChain();
    TestKeyStore rootCa = TestKeyStore.getRootCa();
    X509TrustManager trustManager = (X509TrustManager) rootCa.trustManagers[0];
    try {
        trustManager.checkClientTrusted(chain, algorithm);
        assertTrue(client);
    } catch (Exception e) {
        assertFalse(client);
    }
    try {
        trustManager.checkServerTrusted(chain, algorithm);
        assertTrue(server);
    } catch (Exception e) {
        assertFalse(server);
    }
}

Also used : TestKeyStore(libcore.java.security.TestKeyStore) X509TrustManager(javax.net.ssl.X509TrustManager) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) X509Certificate(java.security.cert.X509Certificate) CertificateException(java.security.cert.CertificateException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)

Example 94 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyStoreTest method testKeyStore_KeyOperations_Wrap_Encrypted_Success.

public void testKeyStore_KeyOperations_Wrap_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    setupKey();
    // Test key usage
    Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null);
    assertNotNull(e);
    assertTrue(e instanceof PrivateKeyEntry);
    PrivateKeyEntry privEntry = (PrivateKeyEntry) e;
    PrivateKey privKey = privEntry.getPrivateKey();
    assertNotNull(privKey);
    PublicKey pubKey = privEntry.getCertificate().getPublicKey();
    Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    c.init(Cipher.WRAP_MODE, pubKey);
    byte[] expectedKey = new byte[] { 0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A };
    SecretKey expectedSecret = new SecretKeySpec(expectedKey, "AES");
    byte[] wrappedExpected = c.wrap(expectedSecret);
    c.init(Cipher.UNWRAP_MODE, privKey);
    SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY);
    assertEquals(Arrays.toString(expectedSecret.getEncoded()), Arrays.toString(actualSecret.getEncoded()));
}

Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) SecretKey(javax.crypto.SecretKey) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec) Cipher(javax.crypto.Cipher) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)

Example 95 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure.

public void testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure() throws Exception {
    mKeyStore.load(null, null);
    KeyFactory keyFact = KeyFactory.getInstance("RSA");
    PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate[] expectedChain = new Certificate[2];
    expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
    expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
    PrivateKeyEntry entry = new PrivateKeyEntry(expectedKey, expectedChain);
    try {
        mKeyStore.setEntry(TEST_ALIAS_1, entry, new KeyStoreParameter.Builder(getContext()).setEncryptionRequired(true).build());
        fail("Shouldn't be able to insert encrypted entry when KeyStore uninitialized");
    } catch (KeyStoreException expected) {
    }
    assertNull(mKeyStore.getEntry(TEST_ALIAS_1, null));
}

Also used : KeyStoreParameter(android.security.KeyStoreParameter) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) KeyStoreException(java.security.KeyStoreException) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)111 Entry (java.security.KeyStore.Entry)79 TrustedCertificateEntry (java.security.KeyStore.TrustedCertificateEntry)77 PrivateKey (java.security.PrivateKey)74 X509Certificate (java.security.cert.X509Certificate)64 ByteArrayInputStream (java.io.ByteArrayInputStream)62 CertificateFactory (java.security.cert.CertificateFactory)61 KeyFactory (java.security.KeyFactory)59 Certificate (java.security.cert.Certificate)59 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)59 KeyStoreException (java.security.KeyStoreException)20 KeyStore (java.security.KeyStore)13 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)10 IOException (java.io.IOException)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 CertificateException (java.security.cert.CertificateException)7 KeyStore (android.security.KeyStore)6 PublicKey (java.security.PublicKey)6 Cipher (javax.crypto.Cipher)6 SecretKey (javax.crypto.SecretKey)6