Example 81 with PrivateKey
use of java.security.PrivateKey in project platform_frameworks_base by android.
the class AndroidKeyStoreTest method testKeyStore_SetKeyEntry_Replaced_Encrypted_Success.
public void testKeyStore_SetKeyEntry_Replaced_Encrypted_Success() throws Exception {
setupPassword();
mKeyStore.load(null, null);
final CertificateFactory f = CertificateFactory.getInstance("X.509");
final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
// Insert initial key
{
KeyFactory keyFact = KeyFactory.getInstance("RSA");
PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
final Certificate[] chain = new Certificate[2];
chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
chain[1] = caCert;
mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain);
Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
assertNotNull("Retrieved entry should exist", actualEntry);
assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
}
// TODO make a separate key
// Replace key
{
KeyFactory keyFact = KeyFactory.getInstance("RSA");
PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
final Certificate[] chain = new Certificate[2];
chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
chain[1] = caCert;
mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain);
Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
assertNotNull("Retrieved entry should exist", actualEntry);
assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
}
}
Also used :
TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry)
PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)
Entry(java.security.KeyStore.Entry)
PrivateKey(java.security.PrivateKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
CertificateFactory(java.security.cert.CertificateFactory)
PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)
KeyFactory(java.security.KeyFactory)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 82 with PrivateKey
use of java.security.PrivateKey in project platform_frameworks_base by android.
the class AndroidKeyStoreTest method testKeyStore_SetKeyEntry_Encrypted_Success.
public void testKeyStore_SetKeyEntry_Encrypted_Success() throws Exception {
setupPassword();
mKeyStore.load(null, null);
final CertificateFactory f = CertificateFactory.getInstance("X.509");
final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
KeyFactory keyFact = KeyFactory.getInstance("RSA");
PrivateKey privKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
final Certificate[] chain = new Certificate[2];
chain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
chain[1] = caCert;
mKeyStore.setKeyEntry(TEST_ALIAS_1, privKey, null, chain);
Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
assertNotNull("Retrieved entry should exist", actualEntry);
assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
}
Also used :
TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry)
PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)
Entry(java.security.KeyStore.Entry)
PrivateKey(java.security.PrivateKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
CertificateFactory(java.security.cert.CertificateFactory)
PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)
KeyFactory(java.security.KeyFactory)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 83 with PrivateKey
use of java.security.PrivateKey in project platform_frameworks_base by android.
the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Encrypted_Success.
public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Encrypted_Success() throws Exception {
setupPassword();
mKeyStore.load(null, null);
final CertificateFactory f = CertificateFactory.getInstance("X.509");
final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
// Start with PrivateKeyEntry
{
KeyFactory keyFact = KeyFactory.getInstance("RSA");
PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
final Certificate[] expectedChain = new Certificate[2];
expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
expectedChain[1] = caCert;
PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
assertNotNull("Retrieved entry should exist", actualEntry);
assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
}
// Replace with PrivateKeyEntry that has no chain
{
KeyFactory keyFact = KeyFactory.getInstance("RSA");
PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
final Certificate[] expectedChain = new Certificate[1];
expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
assertNotNull("Retrieved entry should exist", actualEntry);
assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, null);
}
}
Also used :
TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry)
PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)
Entry(java.security.KeyStore.Entry)
PrivateKey(java.security.PrivateKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
CertificateFactory(java.security.cert.CertificateFactory)
PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)
KeyFactory(java.security.KeyFactory)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 84 with PrivateKey
use of java.security.PrivateKey in project platform_frameworks_base by android.
the class OSUClient method provision.
public void provision(OSUManager osuManager, Network network, KeyManager km) throws IOException, GeneralSecurityException {
try (HTTPHandler httpHandler = new HTTPHandler(StandardCharsets.UTF_8, OSUSocketFactory.getSocketFactory(mKeyStore, null, OSUManager.FLOW_PROVISIONING, network, mURL, km, true))) {
SPVerifier spVerifier = new SPVerifier(mOSUInfo);
spVerifier.verify(httpHandler.getOSUCertificate(mURL));
URL redirectURL = osuManager.prepareUserInput(mOSUInfo.getName(Locale.getDefault()));
OMADMAdapter omadmAdapter = osuManager.getOMADMAdapter();
String regRequest = SOAPBuilder.buildPostDevDataResponse(RequestReason.SubRegistration, null, redirectURL.toString(), omadmAdapter.getMO(OMAConstants.DevInfoURN), omadmAdapter.getMO(OMAConstants.DevDetailURN));
Log.d(TAG, "Registration request: " + regRequest);
OSUResponse osuResponse = httpHandler.exchangeSOAP(mURL, regRequest);
Log.d(TAG, "Response: " + osuResponse);
if (osuResponse.getMessageType() != OSUMessageType.PostDevData) {
throw new IOException("Expected a PostDevDataResponse");
}
PostDevDataResponse regResponse = (PostDevDataResponse) osuResponse;
String sessionID = regResponse.getSessionID();
if (regResponse.getExecCommand() == ExecCommand.UseClientCertTLS) {
ClientCertInfo ccInfo = (ClientCertInfo) regResponse.getCommandData();
if (ccInfo.doesAcceptMfgCerts()) {
throw new IOException("Mfg certs are not supported in Android");
} else if (ccInfo.doesAcceptProviderCerts()) {
((WiFiKeyManager) km).enableClientAuth(ccInfo.getIssuerNames());
httpHandler.renegotiate(null, null);
} else {
throw new IOException("Neither manufacturer nor provider cert specified");
}
regRequest = SOAPBuilder.buildPostDevDataResponse(RequestReason.SubRegistration, sessionID, redirectURL.toString(), omadmAdapter.getMO(OMAConstants.DevInfoURN), omadmAdapter.getMO(OMAConstants.DevDetailURN));
osuResponse = httpHandler.exchangeSOAP(mURL, regRequest);
if (osuResponse.getMessageType() != OSUMessageType.PostDevData) {
throw new IOException("Expected a PostDevDataResponse");
}
regResponse = (PostDevDataResponse) osuResponse;
}
if (regResponse.getExecCommand() != ExecCommand.Browser) {
throw new IOException("Expected a launchBrowser command");
}
Log.d(TAG, "Exec: " + regResponse.getExecCommand() + ", for '" + regResponse.getCommandData() + "'");
if (!osuResponse.getSessionID().equals(sessionID)) {
throw new IOException("Mismatching session IDs");
}
String webURL = ((BrowserURI) regResponse.getCommandData()).getURI();
if (webURL == null) {
throw new IOException("No web-url");
} else if (!webURL.contains(sessionID)) {
throw new IOException("Bad or missing session ID in webURL");
}
if (!osuManager.startUserInput(new URL(webURL), network)) {
throw new IOException("User session failed");
}
Log.d(TAG, " -- Sending user input complete:");
String userComplete = SOAPBuilder.buildPostDevDataResponse(RequestReason.InputComplete, sessionID, null, omadmAdapter.getMO(OMAConstants.DevInfoURN), omadmAdapter.getMO(OMAConstants.DevDetailURN));
OSUResponse moResponse1 = httpHandler.exchangeSOAP(mURL, userComplete);
if (moResponse1.getMessageType() != OSUMessageType.PostDevData) {
throw new IOException("Bad user input complete response: " + moResponse1);
}
PostDevDataResponse provResponse = (PostDevDataResponse) moResponse1;
GetCertData estData = checkResponse(provResponse);
Map<OSUCertType, List<X509Certificate>> certs = new HashMap<>();
PrivateKey clientKey = null;
MOData moData;
if (estData == null) {
moData = (MOData) provResponse.getCommandData();
} else {
try (ESTHandler estHandler = new ESTHandler((GetCertData) provResponse.getCommandData(), network, osuManager.getOMADMAdapter(), km, mKeyStore, null, OSUManager.FLOW_PROVISIONING)) {
estHandler.execute(false);
certs.put(OSUCertType.CA, estHandler.getCACerts());
certs.put(OSUCertType.Client, estHandler.getClientCerts());
clientKey = estHandler.getClientKey();
}
Log.d(TAG, " -- Sending provisioning cert enrollment complete:");
String certComplete = SOAPBuilder.buildPostDevDataResponse(RequestReason.CertEnrollmentComplete, sessionID, null, omadmAdapter.getMO(OMAConstants.DevInfoURN), omadmAdapter.getMO(OMAConstants.DevDetailURN));
OSUResponse moResponse2 = httpHandler.exchangeSOAP(mURL, certComplete);
if (moResponse2.getMessageType() != OSUMessageType.PostDevData) {
throw new IOException("Bad cert enrollment complete response: " + moResponse2);
}
PostDevDataResponse provComplete = (PostDevDataResponse) moResponse2;
if (provComplete.getStatus() != OSUStatus.ProvComplete || provComplete.getOSUCommand() != OSUCommandID.AddMO) {
throw new IOException("Expected addMO: " + provComplete);
}
moData = (MOData) provComplete.getCommandData();
}
// !!! How can an ExchangeComplete be sent w/o knowing the fate of the certs???
String updateResponse = SOAPBuilder.buildUpdateResponse(sessionID, null);
Log.d(TAG, " -- Sending updateResponse:");
OSUResponse exComplete = httpHandler.exchangeSOAP(mURL, updateResponse);
Log.d(TAG, "exComplete response: " + exComplete);
if (exComplete.getMessageType() != OSUMessageType.ExchangeComplete) {
throw new IOException("Expected ExchangeComplete: " + exComplete);
} else if (exComplete.getStatus() != OSUStatus.ExchangeComplete) {
throw new IOException("Bad ExchangeComplete status: " + exComplete);
}
retrieveCerts(moData.getMOTree().getRoot(), certs, network, km, mKeyStore);
osuManager.provisioningComplete(mOSUInfo, moData, certs, clientKey, network);
}
}
Also used :
PrivateKey(java.security.PrivateKey)
HashMap(java.util.HashMap)
ESTHandler(com.android.hotspot2.est.ESTHandler)
IOException(java.io.IOException)
OMADMAdapter(com.android.hotspot2.OMADMAdapter)
URL(java.net.URL)
ClientCertInfo(com.android.hotspot2.osu.commands.ClientCertInfo)
MOData(com.android.hotspot2.osu.commands.MOData)
BrowserURI(com.android.hotspot2.osu.commands.BrowserURI)
ArrayList(java.util.ArrayList)
List(java.util.List)
GetCertData(com.android.hotspot2.osu.commands.GetCertData)
Example 85 with PrivateKey
use of java.security.PrivateKey in project platform_frameworks_base by android.
the class ConfigParser method parsePkcs12.
private static Pair<PrivateKey, List<X509Certificate>> parsePkcs12(byte[] octets) throws GeneralSecurityException, IOException {
KeyStore ks = KeyStore.getInstance("PKCS12");
ByteArrayInputStream in = new ByteArrayInputStream(octets);
ks.load(in, new char[0]);
in.close();
// Only expects one set of key and certificate chain.
if (ks.size() != 1) {
throw new IOException("Unexpected key size: " + ks.size());
}
String alias = ks.aliases().nextElement();
if (alias == null) {
throw new IOException("No alias found");
}
PrivateKey clientKey = (PrivateKey) ks.getKey(alias, null);
List<X509Certificate> clientCertificateChain = null;
Certificate[] chain = ks.getCertificateChain(alias);
if (chain != null) {
clientCertificateChain = new ArrayList<>();
for (Certificate certificate : chain) {
if (!(certificate instanceof X509Certificate)) {
throw new IOException("Unexpceted certificate type: " + certificate.getClass());
}
clientCertificateChain.add((X509Certificate) certificate);
}
}
return new Pair<PrivateKey, List<X509Certificate>>(clientKey, clientCertificateChain);
}
Also used :
PrivateKey(java.security.PrivateKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Pair(android.util.Pair)
Aggregations
PrivateKey (java.security.PrivateKey)517
X509Certificate (java.security.cert.X509Certificate)217
KeyFactory (java.security.KeyFactory)169
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)144
Certificate (java.security.cert.Certificate)127
PublicKey (java.security.PublicKey)120
ByteArrayInputStream (java.io.ByteArrayInputStream)118
KeyStore (java.security.KeyStore)93
CertificateFactory (java.security.cert.CertificateFactory)92
IOException (java.io.IOException)81
Key (java.security.Key)74
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)73
PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)70
Entry (java.security.KeyStore.Entry)60
TrustedCertificateEntry (java.security.KeyStore.TrustedCertificateEntry)60
KeyPair (java.security.KeyPair)59
SecretKey (javax.crypto.SecretKey)48
InvalidKeyException (java.security.InvalidKeyException)47
KeyStoreException (java.security.KeyStoreException)46
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)46
