Example 86 with KeyStoreException
use of java.security.KeyStoreException in project android_frameworks_base by AOSPA.
the class AndroidKeyStoreSpi method setSecretKeyEntry.
private void setSecretKeyEntry(String entryAlias, SecretKey key, java.security.KeyStore.ProtectionParameter param) throws KeyStoreException {
if ((param != null) && (!(param instanceof KeyProtection))) {
throw new KeyStoreException("Unsupported protection parameter class: " + param.getClass().getName() + ". Supported: " + KeyProtection.class.getName());
}
KeyProtection params = (KeyProtection) param;
if (key instanceof AndroidKeyStoreSecretKey) {
// KeyStore-backed secret key. It cannot be duplicated into another entry and cannot
// overwrite its own entry.
String keyAliasInKeystore = ((AndroidKeyStoreSecretKey) key).getAlias();
if (keyAliasInKeystore == null) {
throw new KeyStoreException("KeyStore-backed secret key does not have an alias");
}
if (!keyAliasInKeystore.startsWith(Credentials.USER_SECRET_KEY)) {
throw new KeyStoreException("KeyStore-backed secret key has invalid alias: " + keyAliasInKeystore);
}
String keyEntryAlias = keyAliasInKeystore.substring(Credentials.USER_SECRET_KEY.length());
if (!entryAlias.equals(keyEntryAlias)) {
throw new KeyStoreException("Can only replace KeyStore-backed keys with same" + " alias: " + entryAlias + " != " + keyEntryAlias);
}
// This is the entry where this key is already stored. No need to do anything.
if (params != null) {
throw new KeyStoreException("Modifying KeyStore-backed key using protection" + " parameters not supported");
}
return;
}
if (params == null) {
throw new KeyStoreException("Protection parameters must be specified when importing a symmetric key");
}
// Not a KeyStore-backed secret key -- import its key material into keystore.
String keyExportFormat = key.getFormat();
if (keyExportFormat == null) {
throw new KeyStoreException("Only secret keys that export their key material are supported");
} else if (!"RAW".equals(keyExportFormat)) {
throw new KeyStoreException("Unsupported secret key material export format: " + keyExportFormat);
}
byte[] keyMaterial = key.getEncoded();
if (keyMaterial == null) {
throw new KeyStoreException("Key did not export its key material despite supporting" + " RAW format export");
}
KeymasterArguments args = new KeymasterArguments();
try {
int keymasterAlgorithm = KeyProperties.KeyAlgorithm.toKeymasterSecretKeyAlgorithm(key.getAlgorithm());
args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, keymasterAlgorithm);
int[] keymasterDigests;
if (keymasterAlgorithm == KeymasterDefs.KM_ALGORITHM_HMAC) {
// JCA HMAC key algorithm implies a digest (e.g., HmacSHA256 key algorithm
// implies SHA-256 digest). Because keymaster HMAC key is authorized only for one
// digest, we don't let import parameters override the digest implied by the key.
// If the parameters specify digests at all, they must specify only one digest, the
// only implied by key algorithm.
int keymasterImpliedDigest = KeyProperties.KeyAlgorithm.toKeymasterDigest(key.getAlgorithm());
if (keymasterImpliedDigest == -1) {
throw new ProviderException("HMAC key algorithm digest unknown for key algorithm " + key.getAlgorithm());
}
keymasterDigests = new int[] { keymasterImpliedDigest };
if (params.isDigestsSpecified()) {
// Digest(s) explicitly specified in params -- check that the list consists of
// exactly one digest, the one implied by key algorithm.
int[] keymasterDigestsFromParams = KeyProperties.Digest.allToKeymaster(params.getDigests());
if ((keymasterDigestsFromParams.length != 1) || (keymasterDigestsFromParams[0] != keymasterImpliedDigest)) {
throw new KeyStoreException("Unsupported digests specification: " + Arrays.asList(params.getDigests()) + ". Only " + KeyProperties.Digest.fromKeymaster(keymasterImpliedDigest) + " supported for HMAC key algorithm " + key.getAlgorithm());
}
}
} else {
// Key algorithm does not imply a digest.
if (params.isDigestsSpecified()) {
keymasterDigests = KeyProperties.Digest.allToKeymaster(params.getDigests());
} else {
keymasterDigests = EmptyArray.INT;
}
}
args.addEnums(KeymasterDefs.KM_TAG_DIGEST, keymasterDigests);
@KeyProperties.PurposeEnum int purposes = params.getPurposes();
int[] keymasterBlockModes = KeyProperties.BlockMode.allToKeymaster(params.getBlockModes());
if (((purposes & KeyProperties.PURPOSE_ENCRYPT) != 0) && (params.isRandomizedEncryptionRequired())) {
for (int keymasterBlockMode : keymasterBlockModes) {
if (!KeymasterUtils.isKeymasterBlockModeIndCpaCompatibleWithSymmetricCrypto(keymasterBlockMode)) {
throw new KeyStoreException("Randomized encryption (IND-CPA) required but may be violated by" + " block mode: " + KeyProperties.BlockMode.fromKeymaster(keymasterBlockMode) + ". See KeyProtection documentation.");
}
}
}
args.addEnums(KeymasterDefs.KM_TAG_PURPOSE, KeyProperties.Purpose.allToKeymaster(purposes));
args.addEnums(KeymasterDefs.KM_TAG_BLOCK_MODE, keymasterBlockModes);
if (params.getSignaturePaddings().length > 0) {
throw new KeyStoreException("Signature paddings not supported for symmetric keys");
}
int[] keymasterPaddings = KeyProperties.EncryptionPadding.allToKeymaster(params.getEncryptionPaddings());
args.addEnums(KeymasterDefs.KM_TAG_PADDING, keymasterPaddings);
KeymasterUtils.addUserAuthArgs(args, params.isUserAuthenticationRequired(), params.getUserAuthenticationValidityDurationSeconds(), params.isUserAuthenticationValidWhileOnBody(), params.isInvalidatedByBiometricEnrollment());
KeymasterUtils.addMinMacLengthAuthorizationIfNecessary(args, keymasterAlgorithm, keymasterBlockModes, keymasterDigests);
args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, params.getKeyValidityStart());
args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, params.getKeyValidityForOriginationEnd());
args.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, params.getKeyValidityForConsumptionEnd());
if (((purposes & KeyProperties.PURPOSE_ENCRYPT) != 0) && (!params.isRandomizedEncryptionRequired())) {
// Permit caller-provided IV when encrypting with this key
args.addBoolean(KeymasterDefs.KM_TAG_CALLER_NONCE);
}
} catch (IllegalArgumentException | IllegalStateException e) {
throw new KeyStoreException(e);
}
Credentials.deleteAllTypesForAlias(mKeyStore, entryAlias, mUid);
String keyAliasInKeystore = Credentials.USER_SECRET_KEY + entryAlias;
int errorCode = mKeyStore.importKey(keyAliasInKeystore, args, KeymasterDefs.KM_KEY_FORMAT_RAW, keyMaterial, mUid, // flags
0, new KeyCharacteristics());
if (errorCode != KeyStore.NO_ERROR) {
throw new KeyStoreException("Failed to import secret key. Keystore error code: " + errorCode);
}
}
Also used :
KeymasterArguments(android.security.keymaster.KeymasterArguments)
ProviderException(java.security.ProviderException)
KeyStoreException(java.security.KeyStoreException)
KeyProtection(android.security.keystore.KeyProtection)
KeyCharacteristics(android.security.keymaster.KeyCharacteristics)
Example 87 with KeyStoreException
use of java.security.KeyStoreException in project mobile-center-sdk-android by Microsoft.
the class CryptoTest method keyStoreNotFound.
@Test
public void keyStoreNotFound() throws Exception {
when(KeyStore.getInstance(ANDROID_KEY_STORE)).thenThrow(new KeyStoreException());
verifyNoCrypto(Build.VERSION_CODES.KITKAT);
verifyStatic();
KeyStore.getInstance(anyString());
}
Also used :
KeyStoreException(java.security.KeyStoreException)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 88 with KeyStoreException
use of java.security.KeyStoreException in project intellij-community by JetBrains.
the class CertificateManager method getDefaultKeyManagers.
/**
* Workaround for IDEA-124057. Manually find key store specified via VM options.
*
* @return key managers or {@code null} in case of any error
*/
@Nullable
public static KeyManager[] getDefaultKeyManagers() {
String keyStorePath = System.getProperty("javax.net.ssl.keyStore");
if (keyStorePath != null) {
LOG.info("Loading custom key store specified with VM options: " + keyStorePath);
try {
KeyManagerFactory factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore;
String keyStoreType = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
try {
keyStore = KeyStore.getInstance(keyStoreType);
} catch (KeyStoreException e) {
if (e.getCause() instanceof NoSuchAlgorithmException) {
LOG.error("Wrong key store type: " + keyStoreType, e);
return null;
}
throw e;
}
String password = System.getProperty("javax.net.ssl.keyStorePassword", "");
InputStream inputStream = null;
try {
inputStream = new FileInputStream(keyStorePath);
keyStore.load(inputStream, password.toCharArray());
factory.init(keyStore, password.toCharArray());
} catch (FileNotFoundException e) {
LOG.error("Key store file not found: " + keyStorePath);
return null;
} catch (Exception e) {
if (e.getCause() instanceof BadPaddingException) {
LOG.error("Wrong key store password: " + password, e);
return null;
}
throw e;
} finally {
StreamUtil.closeStream(inputStream);
}
return factory.getKeyManagers();
} catch (Exception e) {
LOG.error(e);
}
}
return null;
}
Also used :
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
FileNotFoundException(java.io.FileNotFoundException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
KeyStoreException(java.security.KeyStoreException)
KeyManagementException(java.security.KeyManagementException)
FileNotFoundException(java.io.FileNotFoundException)
BadPaddingException(javax.crypto.BadPaddingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Nullable(org.jetbrains.annotations.Nullable)
Example 89 with KeyStoreException
use of java.security.KeyStoreException in project undertow by undertow-io.
the class DefaultServer method loadKeyStore.
private static KeyStore loadKeyStore(final String name) throws IOException {
final InputStream stream = DefaultServer.class.getClassLoader().getResourceAsStream(name);
if (stream == null) {
throw new RuntimeException("Could not load keystore");
}
try {
KeyStore loadedKeystore = KeyStore.getInstance("JKS");
loadedKeystore.load(stream, STORE_PASSWORD);
return loadedKeystore;
} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
throw new IOException(String.format("Unable to load KeyStore %s", name), e);
} finally {
IoUtils.safeClose(stream);
}
}
Also used :
InputStream(java.io.InputStream)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
Example 90 with KeyStoreException
use of java.security.KeyStoreException in project undertow by undertow-io.
the class DefaultServer method createSSLContext.
private static SSLContext createSSLContext(final KeyStore keyStore, final KeyStore trustStore, boolean client) throws IOException {
KeyManager[] keyManagers;
try {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, STORE_PASSWORD);
keyManagers = keyManagerFactory.getKeyManagers();
} catch (NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException e) {
throw new IOException("Unable to initialise KeyManager[]", e);
}
TrustManager[] trustManagers = null;
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
trustManagers = trustManagerFactory.getTrustManagers();
} catch (NoSuchAlgorithmException | KeyStoreException e) {
throw new IOException("Unable to initialise TrustManager[]", e);
}
SSLContext sslContext;
try {
if (openssl && !client) {
sslContext = SSLContext.getInstance("openssl.TLS");
} else {
sslContext = SSLContext.getInstance("TLS");
}
sslContext.init(keyManagers, trustManagers, null);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
throw new IOException("Unable to create and initialise the SSLContext", e);
}
return sslContext;
}
Also used :
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
SSLContext(javax.net.ssl.SSLContext)
KeyManagementException(java.security.KeyManagementException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
TrustManager(javax.net.ssl.TrustManager)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
KeyManager(javax.net.ssl.KeyManager)
Aggregations
KeyStoreException (java.security.KeyStoreException)381
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)211
IOException (java.io.IOException)179
CertificateException (java.security.cert.CertificateException)148
KeyStore (java.security.KeyStore)141
X509Certificate (java.security.cert.X509Certificate)112
UnrecoverableKeyException (java.security.UnrecoverableKeyException)95
Certificate (java.security.cert.Certificate)73
KeyManagementException (java.security.KeyManagementException)69
CertificateFactory (java.security.cert.CertificateFactory)39
SSLContext (javax.net.ssl.SSLContext)38
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)38
InputStream (java.io.InputStream)37
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)37
PrivateKey (java.security.PrivateKey)35
ByteArrayInputStream (java.io.ByteArrayInputStream)33
InvalidKeyException (java.security.InvalidKeyException)33
FileNotFoundException (java.io.FileNotFoundException)32
TrustManager (javax.net.ssl.TrustManager)30
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)28
