Search in sources :

Example 61 with KeyStore

use of java.security.KeyStore in project robovm by robovm.

the class NativeCryptoTest method initCerts.

/**
     * Lazily create shared test certificates.
     */
private static synchronized void initCerts() {
    if (SERVER_PRIVATE_KEY != null) {
        return;
    }
    try {
        PrivateKeyEntry serverPrivateKeyEntry = TestKeyStore.getServer().getPrivateKey("RSA", "RSA");
        SERVER_PRIVATE_KEY = OpenSSLKey.fromPrivateKey(serverPrivateKeyEntry.getPrivateKey());
        SERVER_CERTIFICATES = NativeCrypto.encodeCertificates(serverPrivateKeyEntry.getCertificateChain());
        PrivateKeyEntry clientPrivateKeyEntry = TestKeyStore.getClientCertificate().getPrivateKey("RSA", "RSA");
        CLIENT_PRIVATE_KEY = OpenSSLKey.fromPrivateKey(clientPrivateKeyEntry.getPrivateKey());
        CLIENT_CERTIFICATES = NativeCrypto.encodeCertificates(clientPrivateKeyEntry.getCertificateChain());
        KeyStore ks = TestKeyStore.getClient().keyStore;
        String caCertAlias = ks.aliases().nextElement();
        X509Certificate certificate = (X509Certificate) ks.getCertificate(caCertAlias);
        X500Principal principal = certificate.getIssuerX500Principal();
        CA_PRINCIPALS = new byte[][] { principal.getEncoded() };
        initChannelIdKey();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : X500Principal(javax.security.auth.x500.X500Principal) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) TestKeyStore(libcore.java.security.TestKeyStore) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) SocketTimeoutException(java.net.SocketTimeoutException) SSLProtocolException(javax.net.ssl.SSLProtocolException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) ExecutionException(java.util.concurrent.ExecutionException) SSLException(javax.net.ssl.SSLException)

Example 62 with KeyStore

use of java.security.KeyStore in project robovm by robovm.

the class TrustManagerImplTest method trustManager.

private TrustManagerImpl trustManager(X509Certificate ca, String hostname, X509Certificate pin) throws Exception {
    // build the cert pin manager
    CertPinManager cm = certManager(hostname, pin);
    // insert it into the trust manager
    KeyStore keyStore = TestKeyStore.createKeyStore();
    keyStore.setCertificateEntry("alias", ca);
    return new TrustManagerImpl(keyStore, cm);
}
Also used : TestKeyStore(libcore.java.security.TestKeyStore) KeyStore(java.security.KeyStore)

Example 63 with KeyStore

use of java.security.KeyStore in project robovm by robovm.

the class TrustManagerImplTest method trustManager.

private X509TrustManager trustManager(X509Certificate ca) throws Exception {
    KeyStore keyStore = TestKeyStore.createKeyStore();
    keyStore.setCertificateEntry("alias", ca);
    String algorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
    tmf.init(keyStore);
    return (X509TrustManager) tmf.getTrustManagers()[0];
}
Also used : X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) TestKeyStore(libcore.java.security.TestKeyStore) KeyStore(java.security.KeyStore)

Example 64 with KeyStore

use of java.security.KeyStore in project robovm by robovm.

the class KeyStoreTest method test_KeyStore_setKeyEntry_Key.

public void test_KeyStore_setKeyEntry_Key() throws Exception {
    for (KeyStore keyStore : keyStores()) {
        try {
            keyStore.setKeyEntry(null, null, null, null);
            fail(keyStore.getType());
        } catch (KeyStoreException expected) {
        }
    }
    for (KeyStore keyStore : keyStores()) {
        keyStore.load(null, null);
        if (isReadOnly(keyStore)) {
            try {
                keyStore.setKeyEntry(null, null, null, null);
                fail(keyStore.getType());
            } catch (UnsupportedOperationException expected) {
            }
            continue;
        }
        // test odd inputs
        try {
            keyStore.setKeyEntry(null, null, null, null);
            fail(keyStore.getType());
        } catch (Exception e) {
            if (e.getClass() != NullPointerException.class && e.getClass() != KeyStoreException.class) {
                throw e;
            }
        }
        try {
            keyStore.setKeyEntry(null, null, PASSWORD_KEY, null);
            fail(keyStore.getType());
        } catch (Exception e) {
            if (e.getClass() != NullPointerException.class && e.getClass() != KeyStoreException.class) {
                throw e;
            }
        }
        try {
            keyStore.setKeyEntry(ALIAS_PRIVATE, getPrivateKey().getPrivateKey(), PASSWORD_KEY, null);
            fail(keyStore.getType());
        } catch (Exception e) {
            if (e.getClass() != IllegalArgumentException.class && e.getClass() != KeyStoreException.class) {
                throw e;
            }
        }
    }
    for (KeyStore keyStore : keyStores()) {
        clearKeyStore(keyStore);
        // test case sensitive
        if (isKeyPasswordSupported(keyStore)) {
            assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
        }
        if (isNullPasswordAllowed(keyStore)) {
            assertNull(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null));
        }
        if (isReadOnly(keyStore)) {
            try {
                keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), PASSWORD_KEY, null);
                fail(keyStore.getType());
            } catch (UnsupportedOperationException expected) {
            }
            continue;
        }
        if (isKeyPasswordSupported(keyStore)) {
            setPrivateKey(keyStore);
            assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
            assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE));
        }
        if (isNullPasswordAllowed(keyStore)) {
            setPrivateKeyNoPassword(keyStore, ALIAS_NO_PASSWORD_PRIVATE, getPrivateKey());
            assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null));
            assertCertificateChain(keyStore.getCertificateChain(ALIAS_NO_PASSWORD_PRIVATE));
        }
        if (isSecretKeyEnabled(keyStore)) {
            assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
            setSecretKey(keyStore);
            assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
        } else {
            try {
                keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), PASSWORD_KEY, null);
                fail(keyStore.getType());
            } catch (Exception e) {
                if (e.getClass() != KeyStoreException.class && e.getClass() != NullPointerException.class) {
                    throw e;
                }
            }
        }
    }
    for (KeyStore keyStore : keyStores()) {
        populate(keyStore);
        if (isReadOnly(keyStore)) {
            assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
            assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
            assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
            assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
        } else if (isCaseSensitive(keyStore)) {
            if (isKeyPasswordSupported(keyStore)) {
                assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
                assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
                setPrivateKey(keyStore, ALIAS_ALT_CASE_PRIVATE, getPrivateKey2());
                assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
                assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
            }
            if (isNullPasswordAllowed(keyStore)) {
                assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null));
                assertNull(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null));
                setPrivateKeyNoPassword(keyStore, ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, getPrivateKey2());
                assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null));
                assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null));
            }
            if (isSecretKeyEnabled(keyStore)) {
                assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
                assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
                setSecretKey(keyStore, ALIAS_ALT_CASE_SECRET, getSecretKey2());
                assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
                assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
            }
        } else {
            if (isKeyPasswordSupported(keyStore)) {
                assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
                assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
                setPrivateKey(keyStore, ALIAS_ALT_CASE_PRIVATE, getPrivateKey2());
                assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
                assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
            }
            if (isNullPasswordAllowed(keyStore)) {
                assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null));
                assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null));
                setPrivateKey(keyStore, ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, getPrivateKey2());
                assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, null));
                assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null));
            }
            if (isSecretKeyEnabled(keyStore)) {
                assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
                assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
                setSecretKey(keyStore, ALIAS_ALT_CASE_PRIVATE, getSecretKey2());
                assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
                assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
            }
        }
    }
    for (KeyStore keyStore : keyStores()) {
        keyStore.load(null, null);
        if (isReadOnly(keyStore)) {
            try {
                keyStore.setKeyEntry(ALIAS_PRIVATE, getPrivateKey().getPrivateKey(), null, getPrivateKey().getCertificateChain());
                fail(keyStore.getType());
            } catch (UnsupportedOperationException expected) {
            }
            continue;
        }
        // test with null passwords
        if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) {
            keyStore.setKeyEntry(ALIAS_PRIVATE, getPrivateKey().getPrivateKey(), null, getPrivateKey().getCertificateChain());
            assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null));
        } else {
            try {
                keyStore.setKeyEntry(ALIAS_PRIVATE, getPrivateKey().getPrivateKey(), null, getPrivateKey().getCertificateChain());
                fail(keyStore.getType());
            } catch (Exception e) {
                if (e.getClass() != UnrecoverableKeyException.class && e.getClass() != IllegalArgumentException.class && e.getClass() != KeyStoreException.class) {
                    throw e;
                }
            }
        }
        if (isSecretKeyEnabled(keyStore)) {
            if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) {
                keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), null, null);
                assertSecretKey(keyStore.getKey(ALIAS_SECRET, null));
            } else {
                try {
                    keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), null, null);
                    fail(keyStore.getType());
                } catch (Exception e) {
                    if (e.getClass() != UnrecoverableKeyException.class && e.getClass() != IllegalArgumentException.class && e.getClass() != KeyStoreException.class) {
                        throw e;
                    }
                }
            }
        }
    }
}
Also used : UnrecoverableKeyException(java.security.UnrecoverableKeyException) KeyStoreException(java.security.KeyStoreException) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 65 with KeyStore

use of java.security.KeyStore in project robovm by robovm.

the class KeyStoreTest method test_KeyStore_size.

public void test_KeyStore_size() throws Exception {
    for (KeyStore keyStore : keyStores()) {
        try {
            keyStore.aliases();
            fail(keyStore.getType());
        } catch (KeyStoreException expected) {
        }
    }
    for (KeyStore keyStore : keyStores()) {
        keyStore.load(null, null);
        if (isPersistentStorage(keyStore)) {
            assertTrue("Should successfully query size: " + keyStore.getType(), keyStore.size() >= 0);
        } else if (hasDefaultContents(keyStore)) {
            assertTrue("Should have non-empty store: " + keyStore.getType(), keyStore.size() > 0);
        } else {
            assertEquals("Should have empty store: " + keyStore.getType(), 0, keyStore.size());
        }
    }
    for (KeyStore keyStore : keyStores()) {
        populate(keyStore);
        if (hasDefaultContents(keyStore)) {
            assertTrue("Should have non-empty store: " + keyStore.getType(), keyStore.size() > 0);
            continue;
        }
        int expected = 0;
        if (isKeyPasswordSupported(keyStore)) {
            expected++;
        }
        if (isNullPasswordAllowed(keyStore)) {
            expected++;
        }
        if (isSecretKeyEnabled(keyStore)) {
            expected++;
            if (isNullPasswordAllowed(keyStore)) {
                expected++;
            }
        }
        if (isCertificateEnabled(keyStore)) {
            expected++;
        }
        assertEquals(expected, keyStore.size());
    }
}
Also used : KeyStoreException(java.security.KeyStoreException) KeyStore(java.security.KeyStore)

Aggregations

KeyStore (java.security.KeyStore)899 IOException (java.io.IOException)226 X509Certificate (java.security.cert.X509Certificate)216 FileInputStream (java.io.FileInputStream)186 InputStream (java.io.InputStream)177 KeyStoreException (java.security.KeyStoreException)174 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)165 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)146 Certificate (java.security.cert.Certificate)144 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)136 SSLContext (javax.net.ssl.SSLContext)130 CertificateException (java.security.cert.CertificateException)115 PrivateKey (java.security.PrivateKey)104 File (java.io.File)95 CertificateFactory (java.security.cert.CertificateFactory)80 ByteArrayInputStream (java.io.ByteArrayInputStream)78 UnrecoverableKeyException (java.security.UnrecoverableKeyException)64 Key (java.security.Key)63 TrustManager (javax.net.ssl.TrustManager)60 Test (org.junit.Test)54