Example 41 with KeyStoreException
use of java.security.KeyStoreException in project android_frameworks_base by AOSPA.
the class AndroidKeyStoreSpi method engineSetEntry.
@Override
public void engineSetEntry(String alias, Entry entry, ProtectionParameter param) throws KeyStoreException {
if (entry == null) {
throw new KeyStoreException("entry == null");
}
Credentials.deleteAllTypesForAlias(mKeyStore, alias, mUid);
if (entry instanceof java.security.KeyStore.TrustedCertificateEntry) {
java.security.KeyStore.TrustedCertificateEntry trE = (java.security.KeyStore.TrustedCertificateEntry) entry;
engineSetCertificateEntry(alias, trE.getTrustedCertificate());
return;
}
if (entry instanceof PrivateKeyEntry) {
PrivateKeyEntry prE = (PrivateKeyEntry) entry;
setPrivateKeyEntry(alias, prE.getPrivateKey(), prE.getCertificateChain(), param);
} else if (entry instanceof SecretKeyEntry) {
SecretKeyEntry secE = (SecretKeyEntry) entry;
setSecretKeyEntry(alias, secE.getSecretKey(), param);
} else {
throw new KeyStoreException("Entry must be a PrivateKeyEntry, SecretKeyEntry or TrustedCertificateEntry" + "; was " + entry);
}
}
Also used :
KeyStoreException(java.security.KeyStoreException)
SecretKeyEntry(java.security.KeyStore.SecretKeyEntry)
KeyStore(android.security.KeyStore)
PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)
Example 42 with KeyStoreException
use of java.security.KeyStoreException in project android_frameworks_base by AOSPA.
the class AndroidKeyStoreSpi method setSecretKeyEntry.
private void setSecretKeyEntry(String entryAlias, SecretKey key, java.security.KeyStore.ProtectionParameter param) throws KeyStoreException {
if ((param != null) && (!(param instanceof KeyProtection))) {
throw new KeyStoreException("Unsupported protection parameter class: " + param.getClass().getName() + ". Supported: " + KeyProtection.class.getName());
}
KeyProtection params = (KeyProtection) param;
if (key instanceof AndroidKeyStoreSecretKey) {
// KeyStore-backed secret key. It cannot be duplicated into another entry and cannot
// overwrite its own entry.
String keyAliasInKeystore = ((AndroidKeyStoreSecretKey) key).getAlias();
if (keyAliasInKeystore == null) {
throw new KeyStoreException("KeyStore-backed secret key does not have an alias");
}
if (!keyAliasInKeystore.startsWith(Credentials.USER_SECRET_KEY)) {
throw new KeyStoreException("KeyStore-backed secret key has invalid alias: " + keyAliasInKeystore);
}
String keyEntryAlias = keyAliasInKeystore.substring(Credentials.USER_SECRET_KEY.length());
if (!entryAlias.equals(keyEntryAlias)) {
throw new KeyStoreException("Can only replace KeyStore-backed keys with same" + " alias: " + entryAlias + " != " + keyEntryAlias);
}
// This is the entry where this key is already stored. No need to do anything.
if (params != null) {
throw new KeyStoreException("Modifying KeyStore-backed key using protection" + " parameters not supported");
}
return;
}
if (params == null) {
throw new KeyStoreException("Protection parameters must be specified when importing a symmetric key");
}
// Not a KeyStore-backed secret key -- import its key material into keystore.
String keyExportFormat = key.getFormat();
if (keyExportFormat == null) {
throw new KeyStoreException("Only secret keys that export their key material are supported");
} else if (!"RAW".equals(keyExportFormat)) {
throw new KeyStoreException("Unsupported secret key material export format: " + keyExportFormat);
}
byte[] keyMaterial = key.getEncoded();
if (keyMaterial == null) {
throw new KeyStoreException("Key did not export its key material despite supporting" + " RAW format export");
}
KeymasterArguments args = new KeymasterArguments();
try {
int keymasterAlgorithm = KeyProperties.KeyAlgorithm.toKeymasterSecretKeyAlgorithm(key.getAlgorithm());
args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, keymasterAlgorithm);
int[] keymasterDigests;
if (keymasterAlgorithm == KeymasterDefs.KM_ALGORITHM_HMAC) {
// JCA HMAC key algorithm implies a digest (e.g., HmacSHA256 key algorithm
// implies SHA-256 digest). Because keymaster HMAC key is authorized only for one
// digest, we don't let import parameters override the digest implied by the key.
// If the parameters specify digests at all, they must specify only one digest, the
// only implied by key algorithm.
int keymasterImpliedDigest = KeyProperties.KeyAlgorithm.toKeymasterDigest(key.getAlgorithm());
if (keymasterImpliedDigest == -1) {
throw new ProviderException("HMAC key algorithm digest unknown for key algorithm " + key.getAlgorithm());
}
keymasterDigests = new int[] { keymasterImpliedDigest };
if (params.isDigestsSpecified()) {
// Digest(s) explicitly specified in params -- check that the list consists of
// exactly one digest, the one implied by key algorithm.
int[] keymasterDigestsFromParams = KeyProperties.Digest.allToKeymaster(params.getDigests());
if ((keymasterDigestsFromParams.length != 1) || (keymasterDigestsFromParams[0] != keymasterImpliedDigest)) {
throw new KeyStoreException("Unsupported digests specification: " + Arrays.asList(params.getDigests()) + ". Only " + KeyProperties.Digest.fromKeymaster(keymasterImpliedDigest) + " supported for HMAC key algorithm " + key.getAlgorithm());
}
}
} else {
// Key algorithm does not imply a digest.
if (params.isDigestsSpecified()) {
keymasterDigests = KeyProperties.Digest.allToKeymaster(params.getDigests());
} else {
keymasterDigests = EmptyArray.INT;
}
}
args.addEnums(KeymasterDefs.KM_TAG_DIGEST, keymasterDigests);
@KeyProperties.PurposeEnum int purposes = params.getPurposes();
int[] keymasterBlockModes = KeyProperties.BlockMode.allToKeymaster(params.getBlockModes());
if (((purposes & KeyProperties.PURPOSE_ENCRYPT) != 0) && (params.isRandomizedEncryptionRequired())) {
for (int keymasterBlockMode : keymasterBlockModes) {
if (!KeymasterUtils.isKeymasterBlockModeIndCpaCompatibleWithSymmetricCrypto(keymasterBlockMode)) {
throw new KeyStoreException("Randomized encryption (IND-CPA) required but may be violated by" + " block mode: " + KeyProperties.BlockMode.fromKeymaster(keymasterBlockMode) + ". See KeyProtection documentation.");
}
}
}
args.addEnums(KeymasterDefs.KM_TAG_PURPOSE, KeyProperties.Purpose.allToKeymaster(purposes));
args.addEnums(KeymasterDefs.KM_TAG_BLOCK_MODE, keymasterBlockModes);
if (params.getSignaturePaddings().length > 0) {
throw new KeyStoreException("Signature paddings not supported for symmetric keys");
}
int[] keymasterPaddings = KeyProperties.EncryptionPadding.allToKeymaster(params.getEncryptionPaddings());
args.addEnums(KeymasterDefs.KM_TAG_PADDING, keymasterPaddings);
KeymasterUtils.addUserAuthArgs(args, params.isUserAuthenticationRequired(), params.getUserAuthenticationValidityDurationSeconds(), params.isUserAuthenticationValidWhileOnBody(), params.isInvalidatedByBiometricEnrollment());
KeymasterUtils.addMinMacLengthAuthorizationIfNecessary(args, keymasterAlgorithm, keymasterBlockModes, keymasterDigests);
args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, params.getKeyValidityStart());
args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, params.getKeyValidityForOriginationEnd());
args.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, params.getKeyValidityForConsumptionEnd());
if (((purposes & KeyProperties.PURPOSE_ENCRYPT) != 0) && (!params.isRandomizedEncryptionRequired())) {
// Permit caller-provided IV when encrypting with this key
args.addBoolean(KeymasterDefs.KM_TAG_CALLER_NONCE);
}
} catch (IllegalArgumentException | IllegalStateException e) {
throw new KeyStoreException(e);
}
Credentials.deleteAllTypesForAlias(mKeyStore, entryAlias, mUid);
String keyAliasInKeystore = Credentials.USER_SECRET_KEY + entryAlias;
int errorCode = mKeyStore.importKey(keyAliasInKeystore, args, KeymasterDefs.KM_KEY_FORMAT_RAW, keyMaterial, mUid, // flags
0, new KeyCharacteristics());
if (errorCode != KeyStore.NO_ERROR) {
throw new KeyStoreException("Failed to import secret key. Keystore error code: " + errorCode);
}
}
Also used :
KeymasterArguments(android.security.keymaster.KeymasterArguments)
ProviderException(java.security.ProviderException)
KeyStoreException(java.security.KeyStoreException)
KeyProtection(android.security.keystore.KeyProtection)
KeyCharacteristics(android.security.keymaster.KeyCharacteristics)
Example 43 with KeyStoreException
use of java.security.KeyStoreException in project mobile-center-sdk-android by Microsoft.
the class CryptoTest method keyStoreNotFound.
@Test
public void keyStoreNotFound() throws Exception {
when(KeyStore.getInstance(ANDROID_KEY_STORE)).thenThrow(new KeyStoreException());
verifyNoCrypto(Build.VERSION_CODES.KITKAT);
verifyStatic();
KeyStore.getInstance(anyString());
}
Also used :
KeyStoreException(java.security.KeyStoreException)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 44 with KeyStoreException
use of java.security.KeyStoreException in project intellij-community by JetBrains.
the class CertificateManager method getDefaultKeyManagers.
/**
* Workaround for IDEA-124057. Manually find key store specified via VM options.
*
* @return key managers or {@code null} in case of any error
*/
@Nullable
public static KeyManager[] getDefaultKeyManagers() {
String keyStorePath = System.getProperty("javax.net.ssl.keyStore");
if (keyStorePath != null) {
LOG.info("Loading custom key store specified with VM options: " + keyStorePath);
try {
KeyManagerFactory factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore;
String keyStoreType = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
try {
keyStore = KeyStore.getInstance(keyStoreType);
} catch (KeyStoreException e) {
if (e.getCause() instanceof NoSuchAlgorithmException) {
LOG.error("Wrong key store type: " + keyStoreType, e);
return null;
}
throw e;
}
String password = System.getProperty("javax.net.ssl.keyStorePassword", "");
InputStream inputStream = null;
try {
inputStream = new FileInputStream(keyStorePath);
keyStore.load(inputStream, password.toCharArray());
factory.init(keyStore, password.toCharArray());
} catch (FileNotFoundException e) {
LOG.error("Key store file not found: " + keyStorePath);
return null;
} catch (Exception e) {
if (e.getCause() instanceof BadPaddingException) {
LOG.error("Wrong key store password: " + password, e);
return null;
}
throw e;
} finally {
StreamUtil.closeStream(inputStream);
}
return factory.getKeyManagers();
} catch (Exception e) {
LOG.error(e);
}
}
return null;
}
Also used :
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
FileNotFoundException(java.io.FileNotFoundException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
KeyStoreException(java.security.KeyStoreException)
KeyManagementException(java.security.KeyManagementException)
FileNotFoundException(java.io.FileNotFoundException)
BadPaddingException(javax.crypto.BadPaddingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Nullable(org.jetbrains.annotations.Nullable)
Example 45 with KeyStoreException
use of java.security.KeyStoreException in project undertow by undertow-io.
the class DefaultServer method createSSLContext.
private static SSLContext createSSLContext(final KeyStore keyStore, final KeyStore trustStore, boolean client) throws IOException {
KeyManager[] keyManagers;
try {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, STORE_PASSWORD);
keyManagers = keyManagerFactory.getKeyManagers();
} catch (NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException e) {
throw new IOException("Unable to initialise KeyManager[]", e);
}
TrustManager[] trustManagers = null;
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
trustManagers = trustManagerFactory.getTrustManagers();
} catch (NoSuchAlgorithmException | KeyStoreException e) {
throw new IOException("Unable to initialise TrustManager[]", e);
}
SSLContext sslContext;
try {
if (openssl && !client) {
sslContext = SSLContext.getInstance("openssl.TLS");
} else {
sslContext = SSLContext.getInstance("TLS");
}
sslContext.init(keyManagers, trustManagers, null);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
throw new IOException("Unable to create and initialise the SSLContext", e);
}
return sslContext;
}
Also used :
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
SSLContext(javax.net.ssl.SSLContext)
KeyManagementException(java.security.KeyManagementException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
TrustManager(javax.net.ssl.TrustManager)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
KeyManager(javax.net.ssl.KeyManager)
Aggregations
KeyStoreException (java.security.KeyStoreException)797
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)506
IOException (java.io.IOException)409
KeyStore (java.security.KeyStore)359
CertificateException (java.security.cert.CertificateException)353
UnrecoverableKeyException (java.security.UnrecoverableKeyException)194
X509Certificate (java.security.cert.X509Certificate)189
KeyManagementException (java.security.KeyManagementException)172
Certificate (java.security.cert.Certificate)132
InputStream (java.io.InputStream)103
SSLContext (javax.net.ssl.SSLContext)103
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)95
FileInputStream (java.io.FileInputStream)94
File (java.io.File)80
PrivateKey (java.security.PrivateKey)71
TrustManager (javax.net.ssl.TrustManager)70
FileNotFoundException (java.io.FileNotFoundException)61
ByteArrayInputStream (java.io.ByteArrayInputStream)58
CertificateFactory (java.security.cert.CertificateFactory)58
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)53
