Example 11 with RSAKeyGenParameterSpec
use of java.security.spec.RSAKeyGenParameterSpec in project platform_frameworks_base by android.
the class AndroidKeyPairGeneratorTest method assertKeyPairCorrect.
private void assertKeyPairCorrect(KeyPair pair, String alias, String keyType, int keySize, AlgorithmParameterSpec spec, X500Principal dn, BigInteger serial, Date start, Date end) throws Exception {
final PublicKey pubKey = pair.getPublic();
assertNotNull("The PublicKey for the KeyPair should be not null", pubKey);
assertEquals(keyType, pubKey.getAlgorithm());
if ("EC".equalsIgnoreCase(keyType)) {
assertEquals("Curve should be what was specified during initialization", keySize, ((ECPublicKey) pubKey).getParams().getCurve().getField().getFieldSize());
} else if ("RSA".equalsIgnoreCase(keyType)) {
RSAPublicKey rsaPubKey = (RSAPublicKey) pubKey;
assertEquals("Modulus size should be what is specified during initialization", (keySize + 7) & ~7, (rsaPubKey.getModulus().bitLength() + 7) & ~7);
if (spec != null) {
RSAKeyGenParameterSpec params = (RSAKeyGenParameterSpec) spec;
assertEquals((keySize + 7) & ~7, (params.getKeysize() + 7) & ~7);
assertEquals(params.getPublicExponent(), rsaPubKey.getPublicExponent());
}
}
final PrivateKey privKey = pair.getPrivate();
assertNotNull("The PrivateKey for the KeyPair should be not null", privKey);
assertEquals(keyType, privKey.getAlgorithm());
if ("EC".equalsIgnoreCase(keyType)) {
assertTrue("EC private key must be instanceof ECKey: " + privKey.getClass().getName(), privKey instanceof ECKey);
assertEquals("Private and public key must have the same EC parameters", ((ECKey) pubKey).getParams(), ((ECKey) privKey).getParams());
} else if ("RSA".equalsIgnoreCase(keyType)) {
assertTrue("RSA private key must be instance of RSAKey: " + privKey.getClass().getName(), privKey instanceof RSAKey);
assertEquals("Private and public key must have the same RSA modulus", ((RSAKey) pubKey).getModulus(), ((RSAKey) privKey).getModulus());
}
final byte[] userCertBytes = mAndroidKeyStore.get(Credentials.USER_CERTIFICATE + alias);
assertNotNull("The user certificate should exist for the generated entry", userCertBytes);
final CertificateFactory cf = CertificateFactory.getInstance("X.509");
final Certificate userCert = cf.generateCertificate(new ByteArrayInputStream(userCertBytes));
assertTrue("Certificate should be in X.509 format", userCert instanceof X509Certificate);
final X509Certificate x509userCert = (X509Certificate) userCert;
assertEquals("Public key used to sign certificate should have the same algorithm as in KeyPair", pubKey.getAlgorithm(), x509userCert.getPublicKey().getAlgorithm());
assertEquals("PublicKey used to sign certificate should match one returned in KeyPair", pubKey, AndroidKeyStoreProvider.getAndroidKeyStorePublicKey(Credentials.USER_PRIVATE_KEY + alias, KeyStore.UID_SELF, x509userCert.getPublicKey().getAlgorithm(), x509userCert.getPublicKey().getEncoded()));
assertEquals("The Subject DN should be the one passed into the params", dn, x509userCert.getSubjectDN());
assertEquals("The Issuer DN should be the same as the Subject DN", dn, x509userCert.getIssuerDN());
assertEquals("The Serial should be the one passed into the params", serial, x509userCert.getSerialNumber());
assertDateEquals("The notBefore date should be the one passed into the params", start, x509userCert.getNotBefore());
assertDateEquals("The notAfter date should be the one passed into the params", end, x509userCert.getNotAfter());
// Assert that the cert's signature verifies using the public key from generated KeyPair
x509userCert.verify(pubKey);
// Assert that the cert's signature verifies using the public key from the cert itself.
x509userCert.verify(x509userCert.getPublicKey());
final byte[] caCerts = mAndroidKeyStore.get(Credentials.CA_CERTIFICATE + alias);
assertNull("A list of CA certificates should not exist for the generated entry", caCerts);
ExportResult exportResult = mAndroidKeyStore.exportKey(Credentials.USER_PRIVATE_KEY + alias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null);
assertEquals(KeyStore.NO_ERROR, exportResult.resultCode);
final byte[] pubKeyBytes = exportResult.exportData;
assertNotNull("The keystore should return the public key for the generated key", pubKeyBytes);
assertTrue("Public key X.509 format should be as expected", Arrays.equals(pubKey.getEncoded(), pubKeyBytes));
}
Also used :
RSAKey(java.security.interfaces.RSAKey)
PrivateKey(java.security.PrivateKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
ECPublicKey(java.security.interfaces.ECPublicKey)
RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec)
ECKey(java.security.interfaces.ECKey)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
ECPublicKey(java.security.interfaces.ECPublicKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
ExportResult(android.security.keymaster.ExportResult)
Example 12 with RSAKeyGenParameterSpec
use of java.security.spec.RSAKeyGenParameterSpec in project j2objc by google.
the class RSAKeyGenParameterSpecTest method testRSAKeyGenParameterSpec.
/**
* Test for <code>RSAKeyGenParameterSpec(int,BigInteger)</code> ctor
* Assertion: constructs <code>RSAKeyGenParameterSpec</code>
* object using valid parameters
*/
public final void testRSAKeyGenParameterSpec() {
AlgorithmParameterSpec aps = new RSAKeyGenParameterSpec(512, BigInteger.valueOf(0L));
assertTrue(aps instanceof RSAKeyGenParameterSpec);
}
Also used :
RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Example 13 with RSAKeyGenParameterSpec
use of java.security.spec.RSAKeyGenParameterSpec in project j2objc by google.
the class RSAKeyGenParameterSpecTest method testGetPublicExponent.
/**
* Test for <code>getPublicExponent()</code> method<br>
* Assertion: returns public exponent value
*/
public final void testGetPublicExponent() {
RSAKeyGenParameterSpec rkgps = new RSAKeyGenParameterSpec(512, BigInteger.valueOf(0L));
assertEquals(0, rkgps.getPublicExponent().intValue());
}
Also used :
RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec)
Example 14 with RSAKeyGenParameterSpec
use of java.security.spec.RSAKeyGenParameterSpec in project j2objc by google.
the class RSAKeyGenParameterSpecTest method testGetKeysize.
/**
* Test for <code>getKeySize()</code> method<br>
* Assertion: returns key size value
*/
public final void testGetKeysize() {
RSAKeyGenParameterSpec rkgps = new RSAKeyGenParameterSpec(512, BigInteger.valueOf(0L));
assertEquals(512, rkgps.getKeysize());
}
Also used :
RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec)
Example 15 with RSAKeyGenParameterSpec
use of java.security.spec.RSAKeyGenParameterSpec in project android_frameworks_base by DirtyUnicorns.
the class AndroidKeyStoreKeyPairGeneratorSpi method initAlgorithmSpecificParameters.
private void initAlgorithmSpecificParameters() throws InvalidAlgorithmParameterException {
AlgorithmParameterSpec algSpecificSpec = mSpec.getAlgorithmParameterSpec();
switch(mKeymasterAlgorithm) {
case KeymasterDefs.KM_ALGORITHM_RSA:
{
BigInteger publicExponent = null;
if (algSpecificSpec instanceof RSAKeyGenParameterSpec) {
RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) algSpecificSpec;
if (mKeySizeBits == -1) {
mKeySizeBits = rsaSpec.getKeysize();
} else if (mKeySizeBits != rsaSpec.getKeysize()) {
throw new InvalidAlgorithmParameterException("RSA key size must match " + " between " + mSpec + " and " + algSpecificSpec + ": " + mKeySizeBits + " vs " + rsaSpec.getKeysize());
}
publicExponent = rsaSpec.getPublicExponent();
} else if (algSpecificSpec != null) {
throw new InvalidAlgorithmParameterException("RSA may only use RSAKeyGenParameterSpec");
}
if (publicExponent == null) {
publicExponent = RSAKeyGenParameterSpec.F4;
}
if (publicExponent.compareTo(BigInteger.ZERO) < 1) {
throw new InvalidAlgorithmParameterException("RSA public exponent must be positive: " + publicExponent);
}
if (publicExponent.compareTo(KeymasterArguments.UINT64_MAX_VALUE) > 0) {
throw new InvalidAlgorithmParameterException("Unsupported RSA public exponent: " + publicExponent + ". Maximum supported value: " + KeymasterArguments.UINT64_MAX_VALUE);
}
mRSAPublicExponent = publicExponent;
break;
}
case KeymasterDefs.KM_ALGORITHM_EC:
if (algSpecificSpec instanceof ECGenParameterSpec) {
ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec;
String curveName = ecSpec.getName();
Integer ecSpecKeySizeBits = SUPPORTED_EC_NIST_CURVE_NAME_TO_SIZE.get(curveName.toLowerCase(Locale.US));
if (ecSpecKeySizeBits == null) {
throw new InvalidAlgorithmParameterException("Unsupported EC curve name: " + curveName + ". Supported: " + SUPPORTED_EC_NIST_CURVE_NAMES);
}
if (mKeySizeBits == -1) {
mKeySizeBits = ecSpecKeySizeBits;
} else if (mKeySizeBits != ecSpecKeySizeBits) {
throw new InvalidAlgorithmParameterException("EC key size must match " + " between " + mSpec + " and " + algSpecificSpec + ": " + mKeySizeBits + " vs " + ecSpecKeySizeBits);
}
} else if (algSpecificSpec != null) {
throw new InvalidAlgorithmParameterException("EC may only use ECGenParameterSpec");
}
break;
default:
throw new ProviderException("Unsupported algorithm: " + mKeymasterAlgorithm);
}
}
Also used :
BigInteger(java.math.BigInteger)
ASN1Integer(com.android.org.bouncycastle.asn1.ASN1Integer)
DERInteger(com.android.org.bouncycastle.asn1.DERInteger)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
ProviderException(java.security.ProviderException)
ECGenParameterSpec(java.security.spec.ECGenParameterSpec)
BigInteger(java.math.BigInteger)
RSAKeyGenParameterSpec(java.security.spec.RSAKeyGenParameterSpec)
DERBitString(com.android.org.bouncycastle.asn1.DERBitString)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Aggregations
RSAKeyGenParameterSpec (java.security.spec.RSAKeyGenParameterSpec)32
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)16
BigInteger (java.math.BigInteger)12
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)12
KeyPair (java.security.KeyPair)7
KeyPairGeneratorSpec (android.security.KeyPairGeneratorSpec)5
ExportResult (android.security.keymaster.ExportResult)5
ASN1Integer (com.android.org.bouncycastle.asn1.ASN1Integer)5
DERBitString (com.android.org.bouncycastle.asn1.DERBitString)5
DERInteger (com.android.org.bouncycastle.asn1.DERInteger)5
ByteArrayInputStream (java.io.ByteArrayInputStream)5
InvalidKeyException (java.security.InvalidKeyException)5
PrivateKey (java.security.PrivateKey)5
ProviderException (java.security.ProviderException)5
PublicKey (java.security.PublicKey)5
Certificate (java.security.cert.Certificate)5
CertificateFactory (java.security.cert.CertificateFactory)5
X509Certificate (java.security.cert.X509Certificate)5
ECKey (java.security.interfaces.ECKey)5
ECPublicKey (java.security.interfaces.ECPublicKey)5
