Search in sources :

Example 96 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Encrypted_Success.

public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
    // Start with PrivateKeyEntry
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
        final Certificate[] expectedChain = new Certificate[2];
        expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
        expectedChain[1] = caCert;
        PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
    }
    // Replace with PrivateKeyEntry that has no chain
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
        final Certificate[] expectedChain = new Certificate[1];
        expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
        PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, null);
    }
}
Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 97 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success.

public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
    // Start with PrivateKeyEntry
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
        final Certificate[] expectedChain = new Certificate[2];
        expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
        expectedChain[1] = caCert;
        PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
    }
    // Replace with TrustedCertificateEntry
    {
        TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type TrustedCertificateEntry", actualEntry instanceof TrustedCertificateEntry);
        TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry;
        assertEquals("Stored and retrieved certificates should be the same", expectedCertEntry.getTrustedCertificate(), actualCertEntry.getTrustedCertificate());
    }
}
Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry)

Example 98 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by crdroidandroid.

the class AndroidKeyStoreTest method testKeyStore_SetKeyEntry_Replaced_Encrypted_Success.

public void testKeyStore_SetKeyEntry_Replaced_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
    // Insert initial key
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
        final Certificate[] chain = new Certificate[2];
        chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
        chain[1] = caCert;
        mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
    }
    // TODO make a separate key
    // Replace key
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
        final Certificate[] chain = new Certificate[2];
        chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
        chain[1] = caCert;
        mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
    }
}
Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 99 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by crdroidandroid.

the class AndroidKeyStoreTest method testKeyStore_KeyOperations_Wrap_Encrypted_Success.

public void testKeyStore_KeyOperations_Wrap_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    setupKey();
    // Test key usage
    Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null);
    assertNotNull(e);
    assertTrue(e instanceof PrivateKeyEntry);
    PrivateKeyEntry privEntry = (PrivateKeyEntry) e;
    PrivateKey privKey = privEntry.getPrivateKey();
    assertNotNull(privKey);
    PublicKey pubKey = privEntry.getCertificate().getPublicKey();
    Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    c.init(Cipher.WRAP_MODE, pubKey);
    byte[] expectedKey = new byte[] { 0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A };
    SecretKey expectedSecret = new SecretKeySpec(expectedKey, "AES");
    byte[] wrappedExpected = c.wrap(expectedSecret);
    c.init(Cipher.UNWRAP_MODE, privKey);
    SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY);
    assertEquals(Arrays.toString(expectedSecret.getEncoded()), Arrays.toString(actualSecret.getEncoded()));
}
Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) SecretKey(javax.crypto.SecretKey) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec) Cipher(javax.crypto.Cipher) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)

Example 100 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by crdroidandroid.

the class AndroidKeyStoreTest method testKeyStore_GetEntry_RSA_NullParams_Unencrypted_Success.

public void testKeyStore_GetEntry_RSA_NullParams_Unencrypted_Success() throws Exception {
    mKeyStore.load(null, null);
    assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE));
    assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE));
    assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE));
    Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null);
    assertNotNull("Entry should exist", entry);
    assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry);
    PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry;
    assertPrivateKeyEntryEquals(keyEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
}
Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)

Aggregations

PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)103 Entry (java.security.KeyStore.Entry)79 TrustedCertificateEntry (java.security.KeyStore.TrustedCertificateEntry)77 PrivateKey (java.security.PrivateKey)70 ByteArrayInputStream (java.io.ByteArrayInputStream)62 CertificateFactory (java.security.cert.CertificateFactory)61 X509Certificate (java.security.cert.X509Certificate)61 KeyFactory (java.security.KeyFactory)59 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)59 Certificate (java.security.cert.Certificate)55 KeyStoreException (java.security.KeyStoreException)16 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)10 KeyStore (java.security.KeyStore)7 KeyStore (android.security.KeyStore)6 PublicKey (java.security.PublicKey)6 CertificateException (java.security.cert.CertificateException)6 Cipher (javax.crypto.Cipher)6 SecretKey (javax.crypto.SecretKey)6 SecretKeySpec (javax.crypto.spec.SecretKeySpec)6 KeyStoreParameter (android.security.KeyStoreParameter)5