Example 76 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project android_frameworks_base by AOSPA.
the class LockSettingsService method resetKeyStore.
@Override
public void resetKeyStore(int userId) throws RemoteException {
checkWritePermission(userId);
if (DEBUG)
Slog.v(TAG, "Reset keystore for user: " + userId);
int managedUserId = -1;
String managedUserDecryptedPassword = null;
final List<UserInfo> profiles = mUserManager.getProfiles(userId);
for (UserInfo pi : profiles) {
// Unlock managed profile with unified lock
if (pi.isManagedProfile() && !mLockPatternUtils.isSeparateProfileChallengeEnabled(pi.id) && mStorage.hasChildProfileLock(pi.id)) {
try {
if (managedUserId == -1) {
managedUserDecryptedPassword = getDecryptedPasswordForTiedProfile(pi.id);
managedUserId = pi.id;
} else {
// Should not happen
Slog.e(TAG, "More than one managed profile, uid1:" + managedUserId + ", uid2:" + pi.id);
}
} catch (UnrecoverableKeyException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException | CertificateException | IOException e) {
Slog.e(TAG, "Failed to decrypt child profile key", e);
}
}
}
try {
// Clear all the users credentials could have been installed in for this user.
for (int profileId : mUserManager.getProfileIdsWithDisabled(userId)) {
for (int uid : SYSTEM_CREDENTIAL_UIDS) {
mKeyStore.clearUid(UserHandle.getUid(profileId, uid));
}
}
} finally {
if (managedUserId != -1 && managedUserDecryptedPassword != null) {
if (DEBUG)
Slog.v(TAG, "Restore tied profile lock");
tieProfileLockToParent(managedUserId, managedUserDecryptedPassword);
}
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
UserInfo(android.content.pm.UserInfo)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
Example 77 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project android_frameworks_base by AOSPA.
the class LockSettingsService method setLockPatternInternal.
private void setLockPatternInternal(String pattern, String savedCredential, int userId) throws RemoteException {
byte[] currentHandle = getCurrentHandle(userId);
if (pattern == null) {
clearUserKeyProtection(userId);
getGateKeeperService().clearSecureUserId(userId);
mStorage.writePatternHash(null, userId);
setKeystorePassword(null, userId);
fixateNewestUserKeyAuth(userId);
onUserLockChanged(userId);
notifyActivePasswordMetricsAvailable(null, userId);
return;
}
if (isManagedProfileWithUnifiedLock(userId)) {
// get credential from keystore when managed profile has unified lock
try {
savedCredential = getDecryptedPasswordForTiedProfile(userId);
} catch (UnrecoverableKeyException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException | CertificateException | IOException e) {
if (e instanceof FileNotFoundException) {
Slog.i(TAG, "Child profile key not found");
} else {
Slog.e(TAG, "Failed to decrypt child profile key", e);
}
}
} else {
if (currentHandle == null) {
if (savedCredential != null) {
Slog.w(TAG, "Saved credential provided, but none stored");
}
savedCredential = null;
}
}
byte[] enrolledHandle = enrollCredential(currentHandle, savedCredential, pattern, userId);
if (enrolledHandle != null) {
CredentialHash willStore = new CredentialHash(enrolledHandle, CredentialHash.VERSION_GATEKEEPER);
setUserKeyProtection(userId, pattern, doVerifyPattern(pattern, willStore, true, 0, userId, null));
mStorage.writePatternHash(enrolledHandle, userId);
fixateNewestUserKeyAuth(userId);
onUserLockChanged(userId);
} else {
throw new RemoteException("Failed to enroll pattern");
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
CredentialHash(com.android.server.LockSettingsStorage.CredentialHash)
FileNotFoundException(java.io.FileNotFoundException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
RemoteException(android.os.RemoteException)
Example 78 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project GNS by MobilityFirst.
the class GNSHttpsServer method tryPort.
/**
* Try to start the http server at the port.
*
* @param port
* @return true if it was started
*/
@Override
public boolean tryPort(int port) {
try {
InetSocketAddress addr = new InetSocketAddress(port);
httpsServer = HttpsServer.create(addr, 0);
SSLContext sslContext = createSSLContext();
httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
@Override
public void configure(HttpsParameters parameters) {
// initialise the SSL context
SSLContext context = getSSLContext();
SSLEngine engine = context.createSSLEngine();
//parameters.setNeedClientAuth(false);
parameters.setCipherSuites(engine.getEnabledCipherSuites());
parameters.setProtocols(engine.getEnabledProtocols());
// get the default parameters
SSLParameters sslParameters = context.getDefaultSSLParameters();
sslParameters.setNeedClientAuth(true);
parameters.setNeedClientAuth(true);
parameters.setSSLParameters(sslParameters);
}
});
httpsServer.createContext("/", new EchoHttpHandler());
httpsServer.createContext("/" + GNS_PATH, new DefaultHttpHandler());
httpsServer.setExecutor(Executors.newCachedThreadPool());
httpsServer.start();
// Need to do this for the places where we expose the secure http service to the user
requestHandler.setHttpsServerPort(port);
LOG.log(Level.INFO, "HTTPS server is listening on port {0}", port);
return true;
} catch (BindException e) {
LOG.log(Level.FINE, "HTTPS server failed to start on port {0} due to {1}", new Object[] { port, e.getMessage() });
return false;
} catch (IOException | NoSuchAlgorithmException | KeyStoreException | CertificateException | UnrecoverableKeyException | KeyManagementException e) {
LOG.log(Level.FINE, "HTTPS server failed to start on port {0} due to {1}", new Object[] { port, e.getMessage() });
e.printStackTrace();
return false;
}
}
Also used :
HttpsConfigurator(com.sun.net.httpserver.HttpsConfigurator)
InetSocketAddress(java.net.InetSocketAddress)
SSLEngine(javax.net.ssl.SSLEngine)
HttpsParameters(com.sun.net.httpserver.HttpsParameters)
BindException(java.net.BindException)
CertificateException(java.security.cert.CertificateException)
SSLContext(javax.net.ssl.SSLContext)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
KeyManagementException(java.security.KeyManagementException)
SSLParameters(javax.net.ssl.SSLParameters)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
Example 79 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project robovm by robovm.
the class KeyStoreTest method test_KeyStore_getKey.
public void test_KeyStore_getKey() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.getKey(null, null);
fail(keyStore.getType());
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
// test odd inputs
try {
keyStore.getKey(null, null);
fail(keyStore.getType());
} catch (Exception e) {
if (e.getClass() != NullPointerException.class && e.getClass() != IllegalArgumentException.class) {
throw e;
}
}
try {
keyStore.getKey(null, PASSWORD_KEY);
fail(keyStore.getType());
} catch (Exception e) {
if (e.getClass() != NullPointerException.class && e.getClass() != IllegalArgumentException.class && e.getClass() != KeyStoreException.class) {
throw e;
}
}
assertNull(keyStore.getKey("", null));
assertNull(keyStore.getKey("", PASSWORD_KEY));
// test case sensitive
if (isReadOnly(keyStore)) {
assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
} else {
if (isKeyPasswordSupported(keyStore)) {
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
}
if (isNullPasswordAllowed(keyStore)) {
assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null));
}
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
} else {
assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
}
}
// test case insensitive
if (isCaseSensitive(keyStore) || isReadOnly(keyStore)) {
assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
assertNull(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, PASSWORD_KEY));
assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
} else {
if (isKeyPasswordSupported(keyStore)) {
assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
}
if (isNullPasswordAllowed(keyStore)) {
assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null));
}
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
}
}
// test with null passwords
if (isKeyPasswordSupported(keyStore) && isKeyPasswordIgnored(keyStore)) {
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null));
} else {
if (isReadOnly(keyStore)) {
assertNull(keyStore.getKey(ALIAS_PRIVATE, null));
} else if (isKeyPasswordSupported(keyStore)) {
try {
keyStore.getKey(ALIAS_PRIVATE, null);
fail(keyStore.getType());
} catch (Exception e) {
if (e.getClass() != UnrecoverableKeyException.class && e.getClass() != IllegalArgumentException.class) {
throw e;
}
}
}
}
if (isReadOnly(keyStore)) {
assertNull(keyStore.getKey(ALIAS_SECRET, null));
} else if (isSecretKeyEnabled(keyStore)) {
try {
keyStore.getKey(ALIAS_SECRET, null);
fail(keyStore.getType());
} catch (Exception e) {
if (e.getClass() != UnrecoverableKeyException.class && e.getClass() != IllegalArgumentException.class) {
throw e;
}
}
}
// test with bad passwords
if (isReadOnly(keyStore)) {
assertNull(keyStore.getKey(ALIAS_PRIVATE, null));
} else if (isKeyPasswordSupported(keyStore) && isKeyPasswordIgnored(keyStore)) {
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null));
} else if (isKeyPasswordSupported(keyStore)) {
try {
keyStore.getKey(ALIAS_PRIVATE, PASSWORD_BAD);
fail(keyStore.getType());
} catch (UnrecoverableKeyException expected) {
}
}
if (isReadOnly(keyStore)) {
assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_BAD));
} else if (isSecretKeyEnabled(keyStore)) {
try {
keyStore.getKey(ALIAS_SECRET, PASSWORD_BAD);
fail(keyStore.getType());
} catch (UnrecoverableKeyException expected) {
}
}
}
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 80 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project robovm by robovm.
the class KeyStore2Test method test_getKeyLjava_lang_String$C.
/**
* java.security.KeyStore#getKey(java.lang.String, char[])
*/
public void test_getKeyLjava_lang_String$C() throws Exception {
// Test for method java.security.Key
// java.security.KeyStore.getKey(java.lang.String, char[])
// creatCertificate();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate[] cert = new X509Certificate[2];
cert[0] = (X509Certificate) cf.generateCertificate(certArray);
cert[1] = (X509Certificate) cf.generateCertificate(certArray2);
KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());
keyTest.load(null, null);
keyTest.setKeyEntry("alias2", getPrivateKey(), pssWord, cert);
PrivateKey returnedKey = (PrivateKey) keyTest.getKey("alias2", pssWord);
byte[] retB = returnedKey.getEncoded();
byte[] priB = getPrivateKey().getEncoded();
assertTrue(Arrays.equals(retB, priB));
assertEquals(getPrivateKey().getAlgorithm(), returnedKey.getAlgorithm());
assertEquals(getPrivateKey().getFormat(), returnedKey.getFormat());
try {
keyTest.getKey("alias2", "wrong".toCharArray());
fail();
} catch (UnrecoverableKeyException expected) {
}
keyTest.setCertificateEntry("alias1", cert[1]);
assertNull("the private key returned from getKey for a certificate entry is not null", keyTest.getKey("alias1", pssWord));
}
Also used :
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
PrivateKey(java.security.PrivateKey)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateFactory(java.security.cert.CertificateFactory)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
UnrecoverableKeyException (java.security.UnrecoverableKeyException)109
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)87
KeyStoreException (java.security.KeyStoreException)86
IOException (java.io.IOException)69
CertificateException (java.security.cert.CertificateException)58
KeyStore (java.security.KeyStore)30
InvalidKeyException (java.security.InvalidKeyException)29
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)29
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)27
BadPaddingException (javax.crypto.BadPaddingException)26
IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)26
KeyManagementException (java.security.KeyManagementException)25
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)20
SSLContext (javax.net.ssl.SSLContext)20
SecretKey (javax.crypto.SecretKey)17
RemoteException (android.os.RemoteException)15
FileNotFoundException (java.io.FileNotFoundException)13
InputStream (java.io.InputStream)13
Key (java.security.Key)13
PrivateKey (java.security.PrivateKey)12
