1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.keystore.cts; 18 19 import java.io.ByteArrayInputStream; 20 import java.io.ByteArrayOutputStream; 21 import java.io.File; 22 import java.io.FileInputStream; 23 import java.io.FileOutputStream; 24 import java.io.IOException; 25 import java.io.InputStream; 26 import java.io.OutputStream; 27 import java.security.Key; 28 import java.security.KeyStore; 29 import java.security.KeyStore.Builder; 30 import java.security.KeyStore.Entry; 31 import java.security.KeyStore.LoadStoreParameter; 32 import java.security.KeyStore.PasswordProtection; 33 import java.security.KeyStore.PrivateKeyEntry; 34 import java.security.KeyStore.ProtectionParameter; 35 import java.security.KeyStore.SecretKeyEntry; 36 import java.security.KeyStore.TrustedCertificateEntry; 37 import java.security.KeyStoreException; 38 import java.security.NoSuchAlgorithmException; 39 import java.security.Provider; 40 import java.security.Security; 41 import java.security.UnrecoverableKeyException; 42 import java.security.cert.Certificate; 43 import java.security.cert.X509Certificate; 44 import java.util.ArrayList; 45 import java.util.Arrays; 46 import java.util.Collections; 47 import java.util.Date; 48 import java.util.Enumeration; 49 import java.util.HashMap; 50 import java.util.HashSet; 51 import java.util.List; 52 import java.util.Set; 53 import javax.crypto.KeyGenerator; 54 import javax.crypto.SecretKey; 55 import junit.framework.TestCase; 56 57 import libcore.java.security.StandardNames; 58 import libcore.java.security.TestKeyStore; 59 60 public class KeyStoreTest extends TestCase { 61 62 private static final HashMap<String, PrivateKeyEntry> sPrivateKeys 63 = new HashMap<String, PrivateKeyEntry>(); 64 65 private static TestKeyStore sTestKeyStore; 66 67 private static final String[] KEY_TYPES = new String[] { "DH", "DSA", "RSA", "EC" }; 68 69 private static PrivateKeyEntry sPrivateKey2; 70 71 private static SecretKey sSecretKey; 72 private static SecretKey sSecretKey2; 73 74 private static final String ALIAS_PRIVATE = "private"; 75 private static final String ALIAS_CERTIFICATE = "certificate"; 76 private static final String ALIAS_SECRET = "secret"; 77 78 private static final String ALIAS_ALT_CASE_PRIVATE = "pRiVaTe"; 79 private static final String ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE = "PrIvAtE-no-password"; 80 private static final String ALIAS_ALT_CASE_CERTIFICATE = "cErTiFiCaTe"; 81 private static final String ALIAS_ALT_CASE_SECRET = "sEcRet"; 82 83 private static final String ALIAS_UNICODE_PRIVATE = "\u6400\u7902\u3101\u8c02\u5002\u8702\udd01"; 84 private static final String ALIAS_UNICODE_NO_PASSWORD_PRIVATE = "\u926c\u0967\uc65b\ubc78"; 85 private static final String ALIAS_UNICODE_CERTIFICATE = "\u5402\udd01\u7902\u8702\u3101\u5f02\u3101\u5402\u5002\u8702\udd01"; 86 private static final String ALIAS_UNICODE_SECRET = "\ue224\ud424\ud224\ue124\ud424\ue324"; 87 88 private static final String ALIAS_NO_PASSWORD_PRIVATE = "private-no-password"; 89 private static final String ALIAS_NO_PASSWORD_SECRET = "secret-no-password"; 90 91 private static final char[] PASSWORD_STORE = "store password".toCharArray(); 92 private static final char[] PASSWORD_KEY = "key password".toCharArray(); 93 private static final char[] PASSWORD_BAD = "dummy".toCharArray(); 94 95 private static final ProtectionParameter PARAM_STORE = new PasswordProtection(PASSWORD_STORE); 96 private static final ProtectionParameter PARAM_KEY = new PasswordProtection(PASSWORD_KEY); 97 private static final ProtectionParameter PARAM_BAD = new PasswordProtection(PASSWORD_BAD); 98 99 private static PrivateKeyEntry getPrivateKey() { 100 return getPrivateKey("RSA"); 101 } 102 103 private static PrivateKeyEntry getPrivateKey(String keyType) { 104 // Avoiding initialization of TestKeyStore in the static initializer: it breaks CTS tests 105 // by causing a NetworkOnMainThreadException. 106 if (sTestKeyStore == null) { 107 sTestKeyStore = new TestKeyStore.Builder() 108 .keyAlgorithms("RSA", "DH_RSA", "DSA", "EC") 109 .aliasPrefix("rsa-dsa-ec-dh") 110 .build(); 111 } 112 113 PrivateKeyEntry entry = sPrivateKeys.get(keyType); 114 if (entry == null) { 115 if ("RSA".equals(keyType)) { 116 entry = sTestKeyStore.getPrivateKey("RSA", "RSA"); 117 } else if ("DH".equals(keyType)) { 118 entry = sTestKeyStore.getPrivateKey("DH", "RSA"); 119 } else if ("DSA".equals(keyType)) { 120 entry = sTestKeyStore.getPrivateKey("DSA", "DSA"); 121 } else if ("EC".equals(keyType)) { 122 entry = sTestKeyStore.getPrivateKey("EC", "EC"); 123 } else { 124 throw new IllegalArgumentException("Unexpected key type " + keyType); 125 } 126 sPrivateKeys.put(keyType, entry); 127 } 128 return entry; 129 } 130 131 private static PrivateKeyEntry getPrivateKey2() { 132 if (sPrivateKey2 == null) { 133 sPrivateKey2 = TestKeyStore.getClientCertificate().getPrivateKey("RSA", "RSA"); 134 } 135 return sPrivateKey2; 136 } 137 138 private static SecretKey getSecretKey() { 139 if (sSecretKey == null) { 140 sSecretKey = generateSecretKey(); 141 } 142 return sSecretKey; 143 } 144 145 private static SecretKey getSecretKey2() { 146 if (sSecretKey2 == null) { 147 sSecretKey2 = generateSecretKey(); 148 } 149 return sSecretKey2; 150 } 151 152 private static SecretKey generateSecretKey() { 153 try { 154 KeyGenerator kg = KeyGenerator.getInstance("DES"); 155 return kg.generateKey(); 156 } catch (NoSuchAlgorithmException e) { 157 throw new RuntimeException(e); 158 } 159 } 160 161 public static List<KeyStore> keyStores() throws Exception { 162 List<KeyStore> keyStores = new ArrayList<KeyStore>(); 163 Provider[] providers = Security.getProviders(); 164 for (Provider provider : providers) { 165 Set<Provider.Service> services = provider.getServices(); 166 for (Provider.Service service : services) { 167 String type = service.getType(); 168 if (!type.equals("KeyStore")) { 169 continue; 170 } 171 String algorithm = service.getAlgorithm(); 172 KeyStore ks = KeyStore.getInstance(algorithm, provider); 173 assertEquals(provider, ks.getProvider()); 174 assertEquals(algorithm, ks.getType()); 175 if (!isUnsupported(ks)) { 176 keyStores.add(ks); 177 } 178 } 179 } 180 return keyStores; 181 } 182 183 private static boolean isSecretKeyEnabled(KeyStore ks) { 184 // JKS key stores cannot store secret keys, neither can the RI's PKCS12 185 return (!(ks.getType().equals("JKS") 186 || ks.getType().equals("CaseExactJKS") 187 || (ks.getType().equals("PKCS12")) 188 || (ks.getType().equals("AndroidKeyStore")))); 189 } 190 191 private static boolean isCertificateEnabled(KeyStore ks) { 192 // RI can't handle certificate in PKCS12, but BC can 193 return (!(ks.getType().equals("PKCS12") && ks.getProvider().getName().equals("SunJSSE"))); 194 } 195 196 private static boolean isCaseSensitive(KeyStore ks) { 197 return (ks.getType().equals("CaseExactJKS") 198 || ks.getType().equals("BKS") 199 || ks.getType().equals("BouncyCastle") 200 || ks.getType().equals("AndroidKeyStore")); 201 202 } 203 204 private static boolean isUnsupported(KeyStore ks) { 205 // Don't bother testing BC on RI 206 // TODO enable AndroidKeyStore when CTS can set up the keystore 207 return (StandardNames.IS_RI && ks.getProvider().getName().equals("BC")) 208 || "AndroidKeyStore".equalsIgnoreCase(ks.getType()) 209 || "TimaKeyStore".equalsIgnoreCase(ks.getType()); 210 } 211 212 private static boolean isNullPasswordAllowed(KeyStore ks) { 213 return (!(ks.getType().equals("JKS") 214 || ks.getType().equals("CaseExactJKS") 215 || ks.getType().equals("JCEKS") 216 || ks.getType().equals("PKCS12"))); 217 } 218 private static boolean isKeyPasswordSupported(KeyStore ks) { 219 return !ks.getType().equals("AndroidKeyStore"); 220 } 221 private static boolean isKeyPasswordIgnored(KeyStore ks) { 222 // BouncyCastle's PKCS12 ignores the key password unlike the RI which requires it 223 return (ks.getType().equals("PKCS12") && ks.getProvider().getName().equals("BC")); 224 } 225 226 private static boolean isLoadStoreParameterSupported(KeyStore ks) { 227 // BouncyCastle's PKCS12 allows a JDKPKCS12StoreParameter 228 return (ks.getType().equals("PKCS12") && ks.getProvider().getName().equals("BC")); 229 } 230 231 private static boolean isPersistentStorage(KeyStore ks) { 232 return ks.getType().equalsIgnoreCase("AndroidKeyStore"); 233 } 234 235 private static boolean isLoadStoreUnsupported(KeyStore ks) { 236 return ks.getType().equalsIgnoreCase("AndroidKeyStore"); 237 } 238 239 private static boolean isSetKeyByteArrayUnimplemented(KeyStore ks) { 240 // All of BouncyCastle's 241 // KeyStore.setKeyEntry(String,byte[],char[]) implementations 242 // throw RuntimeException 243 return (ks.getProvider().getName().equals("BC")); 244 } 245 246 private static boolean hasDefaultContents(KeyStore ks) { 247 // AndroidCAStore exposes CA cert files via the KeyStore 248 // interface, so it does start out empty like other KeyStores 249 return (ks.getType().equals("AndroidCAStore")); 250 } 251 252 private static boolean isReadOnly(KeyStore ks) { 253 // AndroidCAStore is read only, throwing 254 // UnsupportedOperationException on write operations 255 return (ks.getType().equals("AndroidCAStore")); 256 } 257 258 public static void populate(KeyStore ks) throws Exception { 259 boolean readOnly = clearKeyStore(ks); 260 if (readOnly) { 261 return; 262 } 263 if (isKeyPasswordSupported(ks)) { 264 setPrivateKey(ks); 265 } 266 if (isNullPasswordAllowed(ks)) { 267 ks.setKeyEntry(ALIAS_NO_PASSWORD_PRIVATE, 268 getPrivateKey().getPrivateKey(), 269 null, 270 getPrivateKey().getCertificateChain()); 271 } 272 if (isCertificateEnabled(ks)) { 273 ks.setCertificateEntry(ALIAS_CERTIFICATE, 274 getPrivateKey().getCertificate()); 275 } 276 if (isSecretKeyEnabled(ks)) { 277 setSecretKey(ks); 278 if (isNullPasswordAllowed(ks)) { 279 ks.setKeyEntry(ALIAS_NO_PASSWORD_SECRET, 280 getSecretKey(), 281 null, 282 null); 283 } 284 } 285 } 286 287 private static boolean clearKeyStore(KeyStore ks) throws Exception { 288 ks.load(null, null); 289 if (isReadOnly(ks)) { 290 try { 291 setPrivateKey(ks); 292 fail(ks.toString()); 293 } catch (UnsupportedOperationException e) { 294 } 295 return true; 296 } 297 if (isPersistentStorage(ks)) { 298 Enumeration<String> aliases = ks.aliases(); 299 while (aliases.hasMoreElements()) { 300 String alias = aliases.nextElement(); 301 ks.deleteEntry(alias); 302 } 303 } 304 return false; 305 } 306 307 public static void setPrivateKeyNoPassword(KeyStore ks, String alias, PrivateKeyEntry privateKey) 308 throws Exception { 309 ks.setKeyEntry(alias, privateKey.getPrivateKey(), null, privateKey.getCertificateChain()); 310 } 311 public static void setPrivateKey(KeyStore ks) throws Exception { 312 setPrivateKey(ks, ALIAS_PRIVATE); 313 } 314 public static void setPrivateKey(KeyStore ks, String alias) throws Exception { 315 setPrivateKey(ks, alias, getPrivateKey()); 316 } 317 public static void setPrivateKey(KeyStore ks, 318 String alias, 319 PrivateKeyEntry privateKey) 320 throws Exception { 321 ks.setKeyEntry(alias, 322 privateKey.getPrivateKey(), 323 PASSWORD_KEY, 324 privateKey.getCertificateChain()); 325 } 326 327 public static void setPrivateKeyBytes(KeyStore ks) throws Exception { 328 setPrivateKeyBytes(ks, ALIAS_PRIVATE); 329 } 330 public static void setPrivateKeyBytes(KeyStore ks, String alias) throws Exception { 331 setPrivateKeyBytes(ks, alias, getPrivateKey()); 332 } 333 public static void setPrivateKeyBytes(KeyStore ks, 334 String alias, 335 PrivateKeyEntry privateKey) 336 throws Exception { 337 ks.setKeyEntry(alias, 338 privateKey.getPrivateKey().getEncoded(), 339 privateKey.getCertificateChain()); 340 } 341 342 public static void setSecretKey(KeyStore ks) throws Exception { 343 setSecretKey(ks, ALIAS_SECRET); 344 } 345 public static void setSecretKey(KeyStore ks, String alias) throws Exception { 346 setSecretKey(ks, alias, getSecretKey()); 347 } 348 public static void setSecretKey(KeyStore ks, String alias, SecretKey key) throws Exception { 349 ks.setKeyEntry(alias, 350 key, 351 PASSWORD_KEY, 352 null); 353 } 354 355 public static void setSecretKeyBytes(KeyStore ks) throws Exception { 356 setSecretKeyBytes(ks, ALIAS_SECRET); 357 } 358 public static void setSecretKeyBytes(KeyStore ks, String alias) throws Exception { 359 setSecretKeyBytes(ks, alias, getSecretKey()); 360 } 361 public static void setSecretKeyBytes(KeyStore ks, String alias, SecretKey key) 362 throws Exception { 363 ks.setKeyEntry(alias, 364 key.getEncoded(), 365 null); 366 } 367 368 public static void setCertificate(KeyStore ks) throws Exception { 369 setCertificate(ks, ALIAS_CERTIFICATE); 370 } 371 public static void setCertificate(KeyStore ks, String alias) throws Exception { 372 setCertificate(ks, alias, getPrivateKey().getCertificate()); 373 } 374 public static void setCertificate(KeyStore ks, String alias, Certificate certificate) 375 throws Exception { 376 ks.setCertificateEntry(alias, certificate); 377 } 378 379 380 public static void assertPrivateKey(Key actual) 381 throws Exception { 382 assertEquals(getPrivateKey().getPrivateKey(), actual); 383 } 384 public static void assertPrivateKey(String keyType, Key actual) 385 throws Exception { 386 assertEquals(getPrivateKey(keyType).getPrivateKey(), actual); 387 } 388 public static void assertPrivateKey2(Key actual) 389 throws Exception { 390 assertEquals(getPrivateKey2().getPrivateKey(), actual); 391 } 392 public static void assertPrivateKey(Entry actual) 393 throws Exception { 394 assertNotNull(actual); 395 assertSame(PrivateKeyEntry.class, actual.getClass()); 396 PrivateKeyEntry privateKey = (PrivateKeyEntry) actual; 397 assertEquals(getPrivateKey().getPrivateKey(), privateKey.getPrivateKey()); 398 assertEquals(getPrivateKey().getCertificate(), privateKey.getCertificate()); 399 assertEquals(Arrays.asList(getPrivateKey().getCertificateChain()), 400 Arrays.asList(privateKey.getCertificateChain())); 401 } 402 403 public static void assertSecretKey(Key actual) 404 throws Exception { 405 assertEquals(getSecretKey(), actual); 406 } 407 public static void assertSecretKey2(Key actual) 408 throws Exception { 409 assertEquals(getSecretKey2(), actual); 410 } 411 public static void assertSecretKey(Entry actual) 412 throws Exception { 413 assertSame(SecretKeyEntry.class, actual.getClass()); 414 assertEquals(getSecretKey(), ((SecretKeyEntry) actual).getSecretKey()); 415 } 416 417 public static void assertCertificate(Certificate actual) 418 throws Exception { 419 assertEquals(getPrivateKey().getCertificate(), actual); 420 } 421 public static void assertCertificate2(Certificate actual) 422 throws Exception { 423 assertEquals(getPrivateKey2().getCertificate(), actual); 424 } 425 public static void assertCertificate(Entry actual) 426 throws Exception { 427 assertSame(TrustedCertificateEntry.class, actual.getClass()); 428 assertEquals(getPrivateKey().getCertificate(), 429 ((TrustedCertificateEntry) actual).getTrustedCertificate()); 430 } 431 432 public static void assertCertificateChain(Certificate[] actual) 433 throws Exception { 434 assertEquals(Arrays.asList(getPrivateKey().getCertificateChain()), 435 Arrays.asList(actual)); 436 } 437 438 public void test_KeyStore_create() throws Exception { 439 Provider[] providers = Security.getProviders(); 440 for (Provider provider : providers) { 441 Set<Provider.Service> services = provider.getServices(); 442 for (Provider.Service service : services) { 443 String type = service.getType(); 444 if (!type.equals("KeyStore")) { 445 continue; 446 } 447 String algorithm = service.getAlgorithm(); 448 KeyStore ks = KeyStore.getInstance(algorithm, provider); 449 assertEquals(provider, ks.getProvider()); 450 assertEquals(algorithm, ks.getType()); 451 } 452 } 453 } 454 455 public void test_KeyStore_getInstance() throws Exception { 456 String type = KeyStore.getDefaultType(); 457 try { 458 KeyStore.getInstance(null); 459 fail(type); 460 } catch (NullPointerException expected) { 461 } 462 463 assertNotNull(KeyStore.getInstance(type)); 464 465 String providerName = StandardNames.SECURITY_PROVIDER_NAME; 466 try { 467 KeyStore.getInstance(null, (String)null); 468 fail(type); 469 } catch (IllegalArgumentException expected) { 470 } 471 try { 472 KeyStore.getInstance(null, providerName); 473 fail(type); 474 } catch (Exception e) { 475 if (e.getClass() != NullPointerException.class 476 && e.getClass() != KeyStoreException.class) { 477 throw e; 478 } 479 } 480 try { 481 KeyStore.getInstance(type, (String)null); 482 fail(type); 483 } catch (IllegalArgumentException expected) { 484 } 485 assertNotNull(KeyStore.getInstance(type, providerName)); 486 487 Provider provider = Security.getProvider(providerName); 488 try { 489 KeyStore.getInstance(null, (Provider)null); 490 fail(type); 491 } catch (IllegalArgumentException expected) { 492 } 493 try { 494 KeyStore.getInstance(null, provider); 495 fail(type); 496 } catch (NullPointerException expected) { 497 } 498 try { 499 KeyStore.getInstance(type, (Provider)null); 500 fail(type); 501 } catch (IllegalArgumentException expected) { 502 } 503 assertNotNull(KeyStore.getInstance(type, provider)); 504 } 505 506 public void test_KeyStore_getDefaultType() throws Exception { 507 String type = KeyStore.getDefaultType(); 508 assertNotNull(type); 509 KeyStore ks = KeyStore.getInstance(type); 510 assertNotNull(ks); 511 assertEquals(type, ks.getType()); 512 } 513 514 public void test_KeyStore_getProvider() throws Exception { 515 KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 516 assertNotNull(ks.getProvider()); 517 assertNotNull(StandardNames.SECURITY_PROVIDER_NAME, ks.getProvider().getName()); 518 519 for (KeyStore keyStore : keyStores()) { 520 assertNotNull(keyStore.getProvider()); 521 } 522 } 523 524 public void test_KeyStore_getType() throws Exception { 525 String type = KeyStore.getDefaultType(); 526 KeyStore ks = KeyStore.getInstance(type); 527 assertNotNull(ks.getType()); 528 assertNotNull(type, ks.getType()); 529 530 for (KeyStore keyStore : keyStores()) { 531 assertNotNull(keyStore.getType()); 532 } 533 } 534 535 public void test_KeyStore_getKey() throws Exception { 536 for (KeyStore keyStore : keyStores()) { 537 try { 538 keyStore.getKey(null, null); 539 fail(keyStore.getType()); 540 } catch (KeyStoreException expected) { 541 } 542 } 543 544 for (KeyStore keyStore : keyStores()) { 545 populate(keyStore); 546 547 // test odd inputs 548 try { 549 keyStore.getKey(null, null); 550 fail(keyStore.getType()); 551 } catch (Exception e) { 552 if (e.getClass() != NullPointerException.class 553 && e.getClass() != IllegalArgumentException.class) { 554 throw e; 555 } 556 } 557 try { 558 keyStore.getKey(null, PASSWORD_KEY); 559 fail(keyStore.getType()); 560 } catch (Exception e) { 561 if (e.getClass() != NullPointerException.class 562 && e.getClass() != IllegalArgumentException.class 563 && e.getClass() != KeyStoreException.class) { 564 throw e; 565 } 566 } 567 assertNull(keyStore.getKey("", null)); 568 assertNull(keyStore.getKey("", PASSWORD_KEY)); 569 570 // test case sensitive 571 if (isReadOnly(keyStore)) { 572 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 573 } else { 574 if (isKeyPasswordSupported(keyStore)) { 575 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 576 } 577 if (isNullPasswordAllowed(keyStore)) { 578 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 579 } 580 if (isSecretKeyEnabled(keyStore)) { 581 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 582 } else { 583 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 584 } 585 } 586 587 // test case insensitive 588 if (isCaseSensitive(keyStore) || isReadOnly(keyStore)) { 589 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 590 assertNull(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, PASSWORD_KEY)); 591 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 592 } else { 593 if (isKeyPasswordSupported(keyStore)) { 594 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 595 } 596 if (isNullPasswordAllowed(keyStore)) { 597 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 598 } 599 if (isSecretKeyEnabled(keyStore)) { 600 assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 601 } 602 } 603 604 // test with null passwords 605 if (isKeyPasswordSupported(keyStore) && isKeyPasswordIgnored(keyStore)) { 606 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null)); 607 } else { 608 if (isReadOnly(keyStore)) { 609 assertNull(keyStore.getKey(ALIAS_PRIVATE, null)); 610 } else if (isKeyPasswordSupported(keyStore)) { 611 try { 612 keyStore.getKey(ALIAS_PRIVATE, null); 613 fail(keyStore.getType()); 614 } catch (Exception e) { 615 if (e.getClass() != UnrecoverableKeyException.class 616 && e.getClass() != IllegalArgumentException.class) { 617 throw e; 618 } 619 } 620 } 621 } 622 if (isReadOnly(keyStore)) { 623 assertNull(keyStore.getKey(ALIAS_SECRET, null)); 624 } else if (isSecretKeyEnabled(keyStore)) { 625 try { 626 keyStore.getKey(ALIAS_SECRET, null); 627 fail(keyStore.getType()); 628 } catch (Exception e) { 629 if (e.getClass() != UnrecoverableKeyException.class 630 && e.getClass() != IllegalArgumentException.class) { 631 throw e; 632 } 633 } 634 } 635 636 // test with bad passwords 637 if (isReadOnly(keyStore)) { 638 assertNull(keyStore.getKey(ALIAS_PRIVATE, null)); 639 } else if (isKeyPasswordSupported(keyStore) && isKeyPasswordIgnored(keyStore)) { 640 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null)); 641 } else if (isKeyPasswordSupported(keyStore)) { 642 try { 643 keyStore.getKey(ALIAS_PRIVATE, PASSWORD_BAD); 644 fail(keyStore.getType()); 645 } catch (UnrecoverableKeyException expected) { 646 } 647 } 648 if (isReadOnly(keyStore)) { 649 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_BAD)); 650 } else if (isSecretKeyEnabled(keyStore)) { 651 try { 652 keyStore.getKey(ALIAS_SECRET, PASSWORD_BAD); 653 fail(keyStore.getType()); 654 } catch (UnrecoverableKeyException expected) { 655 } 656 } 657 } 658 } 659 660 public void test_KeyStore_getCertificateChain() throws Exception { 661 for (KeyStore keyStore : keyStores()) { 662 try { 663 keyStore.getCertificateChain(null); 664 fail(keyStore.getType()); 665 } catch (KeyStoreException expected) { 666 } 667 } 668 for (KeyStore keyStore : keyStores()) { 669 populate(keyStore); 670 671 // test odd inputs 672 try { 673 keyStore.getCertificateChain(null); 674 fail(keyStore.getType()); 675 } catch (Exception e) { 676 if (e.getClass() != NullPointerException.class 677 && e.getClass() != IllegalArgumentException.class) { 678 throw e; 679 } 680 } 681 assertNull(keyStore.getCertificateChain("")); 682 683 // test case sensitive 684 if (isReadOnly(keyStore)) { 685 assertNull(keyStore.getCertificateChain(ALIAS_PRIVATE)); 686 } else if (isKeyPasswordSupported(keyStore)) { 687 assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE)); 688 } else if (isNullPasswordAllowed(keyStore)) { 689 assertCertificateChain(keyStore.getCertificateChain(ALIAS_NO_PASSWORD_PRIVATE)); 690 } 691 692 // test case insensitive 693 if (isReadOnly(keyStore) || isCaseSensitive(keyStore)) { 694 assertNull(keyStore.getCertificateChain(ALIAS_ALT_CASE_PRIVATE)); 695 } else { 696 assertCertificateChain(keyStore.getCertificateChain(ALIAS_ALT_CASE_PRIVATE)); 697 } 698 } 699 } 700 701 public void test_KeyStore_getCertificate() throws Exception { 702 for (KeyStore keyStore : keyStores()) { 703 try { 704 keyStore.getCertificate(null); 705 fail(keyStore.getType()); 706 } catch (KeyStoreException expected) { 707 } 708 } 709 for (KeyStore keyStore : keyStores()) { 710 populate(keyStore); 711 712 // test odd inputs 713 try { 714 keyStore.getCertificate(null); 715 fail(keyStore.getType()); 716 } catch (Exception e) { 717 if (e.getClass() != NullPointerException.class 718 && e.getClass() != IllegalArgumentException.class) { 719 throw e; 720 } 721 } 722 assertNull(keyStore.getCertificate("")); 723 724 // test case sensitive 725 if (!isReadOnly(keyStore) && isCertificateEnabled(keyStore)) { 726 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 727 } else { 728 assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE)); 729 } 730 731 // test case insensitive 732 if (isReadOnly(keyStore) || isCaseSensitive(keyStore)) { 733 assertNull(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 734 } else { 735 if (isCertificateEnabled(keyStore)) { 736 assertCertificate(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 737 } 738 } 739 } 740 } 741 742 public void test_KeyStore_getCreationDate() throws Exception { 743 for (KeyStore keyStore : keyStores()) { 744 try { 745 keyStore.getCreationDate(null); 746 fail(keyStore.getType()); 747 } catch (KeyStoreException expected) { 748 } 749 } 750 long before = System.currentTimeMillis(); 751 for (KeyStore keyStore : keyStores()) { 752 populate(keyStore); 753 754 // add 1000 since some key stores round of time to nearest second 755 long after = System.currentTimeMillis() + 1000; 756 757 // test odd inputs 758 try { 759 keyStore.getCreationDate(null); 760 fail(keyStore.getType()); 761 } catch (NullPointerException expected) { 762 } 763 assertNull(keyStore.getCreationDate("")); 764 765 // test case sensitive 766 if (!isReadOnly(keyStore) && isCertificateEnabled(keyStore)) { 767 Date date = keyStore.getCreationDate(ALIAS_CERTIFICATE); 768 assertNotNull(date); 769 assertTrue("date should be after start time: " + date.getTime() + " >= " + before, 770 before <= date.getTime()); 771 assertTrue("date should be before expiry time: " + date.getTime() + " <= " + after, 772 date.getTime() <= after); 773 } else { 774 assertNull(keyStore.getCreationDate(ALIAS_CERTIFICATE)); 775 } 776 777 // test case insensitive 778 if (isReadOnly(keyStore) || isCaseSensitive(keyStore)) { 779 assertNull(keyStore.getCreationDate(ALIAS_ALT_CASE_CERTIFICATE)); 780 } else { 781 if (isCertificateEnabled(keyStore)) { 782 Date date = keyStore.getCreationDate(ALIAS_ALT_CASE_CERTIFICATE); 783 assertTrue(before <= date.getTime()); 784 assertTrue(date.getTime() <= after); 785 } 786 } 787 } 788 } 789 790 public void test_KeyStore_setKeyEntry_Key() throws Exception { 791 for (KeyStore keyStore : keyStores()) { 792 try { 793 keyStore.setKeyEntry(null, null, null, null); 794 fail(keyStore.getType()); 795 } catch (KeyStoreException expected) { 796 } 797 } 798 799 for (KeyStore keyStore : keyStores()) { 800 keyStore.load(null, null); 801 if (isReadOnly(keyStore)) { 802 try { 803 keyStore.setKeyEntry(null, null, null, null); 804 fail(keyStore.getType()); 805 } catch (UnsupportedOperationException expected) { 806 } 807 continue; 808 } 809 810 // test odd inputs 811 try { 812 keyStore.setKeyEntry(null, null, null, null); 813 fail(keyStore.getType()); 814 } catch (Exception e) { 815 if (e.getClass() != NullPointerException.class 816 && e.getClass() != KeyStoreException.class) { 817 throw e; 818 } 819 } 820 try { 821 keyStore.setKeyEntry(null, null, PASSWORD_KEY, null); 822 fail(keyStore.getType()); 823 } catch (Exception e) { 824 if (e.getClass() != NullPointerException.class 825 && e.getClass() != KeyStoreException.class) { 826 throw e; 827 } 828 } 829 try { 830 keyStore.setKeyEntry(ALIAS_PRIVATE, 831 getPrivateKey().getPrivateKey(), 832 PASSWORD_KEY, 833 null); 834 fail(keyStore.getType()); 835 } catch (Exception e) { 836 if (e.getClass() != IllegalArgumentException.class 837 && e.getClass() != KeyStoreException.class) { 838 throw e; 839 } 840 } 841 } 842 843 for (KeyStore keyStore : keyStores()) { 844 clearKeyStore(keyStore); 845 846 // test case sensitive 847 if (isKeyPasswordSupported(keyStore)) { 848 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 849 } 850 if (isNullPasswordAllowed(keyStore)) { 851 assertNull(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 852 } 853 if (isReadOnly(keyStore)) { 854 try { 855 keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), PASSWORD_KEY, null); 856 fail(keyStore.getType()); 857 } catch (UnsupportedOperationException expected) { 858 } 859 continue; 860 } 861 if (isKeyPasswordSupported(keyStore)) { 862 setPrivateKey(keyStore); 863 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 864 assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE)); 865 } 866 if (isNullPasswordAllowed(keyStore)) { 867 setPrivateKeyNoPassword(keyStore, ALIAS_NO_PASSWORD_PRIVATE, getPrivateKey()); 868 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 869 assertCertificateChain(keyStore.getCertificateChain(ALIAS_NO_PASSWORD_PRIVATE)); 870 } 871 if (isSecretKeyEnabled(keyStore)) { 872 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 873 setSecretKey(keyStore); 874 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 875 } else { 876 try { 877 keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), PASSWORD_KEY, null); 878 fail(keyStore.getType()); 879 } catch (Exception e) { 880 if (e.getClass() != KeyStoreException.class 881 && e.getClass() != NullPointerException.class) { 882 throw e; 883 } 884 } 885 } 886 } 887 888 for (KeyStore keyStore : keyStores()) { 889 populate(keyStore); 890 891 if (isReadOnly(keyStore)) { 892 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 893 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 894 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 895 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 896 } else if (isCaseSensitive(keyStore)) { 897 if (isKeyPasswordSupported(keyStore)) { 898 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 899 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 900 setPrivateKey(keyStore, ALIAS_ALT_CASE_PRIVATE, getPrivateKey2()); 901 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 902 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 903 } 904 905 if (isNullPasswordAllowed(keyStore)) { 906 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 907 assertNull(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 908 setPrivateKeyNoPassword(keyStore, ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, 909 getPrivateKey2()); 910 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 911 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 912 } 913 914 if (isSecretKeyEnabled(keyStore)) { 915 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 916 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 917 setSecretKey(keyStore, ALIAS_ALT_CASE_SECRET, getSecretKey2()); 918 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 919 assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 920 } 921 } else { 922 if (isKeyPasswordSupported(keyStore)) { 923 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 924 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 925 setPrivateKey(keyStore, ALIAS_ALT_CASE_PRIVATE, getPrivateKey2()); 926 assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 927 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 928 } 929 930 if (isNullPasswordAllowed(keyStore)) { 931 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null)); 932 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 933 setPrivateKey(keyStore, ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, getPrivateKey2()); 934 assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, null)); 935 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 936 } 937 938 if (isSecretKeyEnabled(keyStore)) { 939 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 940 assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 941 setSecretKey(keyStore, ALIAS_ALT_CASE_PRIVATE, getSecretKey2()); 942 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 943 assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 944 } 945 } 946 } 947 948 for (KeyStore keyStore : keyStores()) { 949 keyStore.load(null, null); 950 if (isReadOnly(keyStore)) { 951 try { 952 keyStore.setKeyEntry(ALIAS_PRIVATE, 953 getPrivateKey().getPrivateKey(), 954 null, 955 getPrivateKey().getCertificateChain()); 956 fail(keyStore.getType()); 957 } catch (UnsupportedOperationException expected) { 958 } 959 continue; 960 } 961 962 // test with null passwords 963 if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) { 964 keyStore.setKeyEntry(ALIAS_PRIVATE, 965 getPrivateKey().getPrivateKey(), 966 null, 967 getPrivateKey().getCertificateChain()); 968 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null)); 969 } else { 970 try { 971 keyStore.setKeyEntry(ALIAS_PRIVATE, 972 getPrivateKey().getPrivateKey(), 973 null, 974 getPrivateKey().getCertificateChain()); 975 fail(keyStore.getType()); 976 } catch (Exception e) { 977 if (e.getClass() != UnrecoverableKeyException.class 978 && e.getClass() != IllegalArgumentException.class 979 && e.getClass() != KeyStoreException.class) { 980 throw e; 981 } 982 } 983 } 984 if (isSecretKeyEnabled(keyStore)) { 985 if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) { 986 keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), null, null); 987 assertSecretKey(keyStore.getKey(ALIAS_SECRET, null)); 988 } else { 989 try { 990 keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), null, null); 991 fail(keyStore.getType()); 992 } catch (Exception e) { 993 if (e.getClass() != UnrecoverableKeyException.class 994 && e.getClass() != IllegalArgumentException.class 995 && e.getClass() != KeyStoreException.class) { 996 throw e; 997 } 998 } 999 } 1000 } 1001 } 1002 } 1003 1004 public void test_KeyStore_setKeyEntry_array() throws Exception { 1005 for (KeyStore keyStore : keyStores()) { 1006 try { 1007 keyStore.setKeyEntry(null, null, null); 1008 fail(keyStore.getType()); 1009 } catch (KeyStoreException expected) { 1010 } 1011 } 1012 1013 for (KeyStore keyStore : keyStores()) { 1014 keyStore.load(null, null); 1015 1016 if (isReadOnly(keyStore)) { 1017 try { 1018 keyStore.setKeyEntry(null, null, null); 1019 fail(keyStore.getType()); 1020 } catch (UnsupportedOperationException expected) { 1021 } 1022 continue; 1023 } 1024 1025 // test odd inputs 1026 try { 1027 keyStore.setKeyEntry(null, null, null); 1028 fail(keyStore.getType()); 1029 } catch (Exception e) { 1030 if (e.getClass() != NullPointerException.class 1031 && e.getClass() != IllegalArgumentException.class 1032 && e.getClass() != KeyStoreException.class 1033 && e.getClass() != RuntimeException.class) { 1034 throw e; 1035 } 1036 } 1037 } 1038 1039 for (KeyStore keyStore : keyStores()) { 1040 if (!isNullPasswordAllowed(keyStore)) { 1041 // TODO Use EncryptedPrivateKeyInfo to protect keys if 1042 // password is required. 1043 continue; 1044 } 1045 if (isSetKeyByteArrayUnimplemented(keyStore)) { 1046 continue; 1047 } 1048 1049 clearKeyStore(keyStore); 1050 1051 // test case sensitive 1052 if (isKeyPasswordSupported(keyStore)) { 1053 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1054 } 1055 if (isNullPasswordAllowed(keyStore)) { 1056 assertNull(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1057 } 1058 if (isReadOnly(keyStore)) { 1059 try { 1060 setPrivateKeyBytes(keyStore); 1061 fail(keyStore.getType()); 1062 } catch (UnsupportedOperationException expected) { 1063 } 1064 continue; 1065 } 1066 if (isKeyPasswordSupported(keyStore)) { 1067 setPrivateKeyBytes(keyStore); 1068 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1069 assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE)); 1070 } 1071 if (isNullPasswordAllowed(keyStore)) { 1072 setPrivateKeyNoPassword(keyStore, ALIAS_NO_PASSWORD_PRIVATE, getPrivateKey()); 1073 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1074 assertCertificateChain(keyStore.getCertificateChain(ALIAS_NO_PASSWORD_PRIVATE)); 1075 } 1076 if (isSecretKeyEnabled(keyStore)) { 1077 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1078 setSecretKeyBytes(keyStore); 1079 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1080 } else { 1081 try { 1082 keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey().getEncoded(), null); 1083 fail(keyStore.getType()); 1084 } catch (KeyStoreException expected) { 1085 } 1086 } 1087 } 1088 1089 for (KeyStore keyStore : keyStores()) { 1090 if (!isNullPasswordAllowed(keyStore)) { 1091 // TODO Use EncryptedPrivateKeyInfo to protect keys if 1092 // password is required. 1093 continue; 1094 } 1095 if (isSetKeyByteArrayUnimplemented(keyStore)) { 1096 continue; 1097 } 1098 1099 populate(keyStore); 1100 1101 if (isReadOnly(keyStore)) { 1102 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1103 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 1104 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1105 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 1106 } else if (isCaseSensitive(keyStore)) { 1107 if (isKeyPasswordSupported(keyStore)) { 1108 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1109 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 1110 setPrivateKeyBytes(keyStore, ALIAS_ALT_CASE_PRIVATE, getPrivateKey2()); 1111 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1112 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 1113 } 1114 if (isNullPasswordAllowed(keyStore)) { 1115 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1116 assertNull(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 1117 setPrivateKeyNoPassword(keyStore, ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, 1118 getPrivateKey2()); 1119 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1120 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 1121 } 1122 1123 if (isSecretKeyEnabled(keyStore)) { 1124 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1125 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 1126 setSecretKeyBytes(keyStore, ALIAS_ALT_CASE_PRIVATE, getSecretKey2()); 1127 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1128 assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 1129 } 1130 } else { 1131 if (isKeyPasswordSupported(keyStore)) { 1132 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1133 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 1134 setPrivateKeyBytes(keyStore, ALIAS_ALT_CASE_PRIVATE, getPrivateKey2()); 1135 assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1136 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 1137 } 1138 if (isNullPasswordAllowed(keyStore)) { 1139 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1140 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 1141 setPrivateKeyNoPassword(keyStore, ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, 1142 getPrivateKey2()); 1143 assertPrivateKey2(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1144 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 1145 } 1146 1147 if (isSecretKeyEnabled(keyStore)) { 1148 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1149 assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 1150 setSecretKeyBytes(keyStore, ALIAS_ALT_CASE_PRIVATE, getSecretKey2()); 1151 assertSecretKey2(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1152 assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 1153 } 1154 } 1155 } 1156 } 1157 1158 public void test_KeyStore_setCertificateEntry() throws Exception { 1159 for (KeyStore keyStore : keyStores()) { 1160 try { 1161 keyStore.setCertificateEntry(null, null); 1162 fail(keyStore.getType()); 1163 } catch (KeyStoreException expected) { 1164 } 1165 } 1166 1167 for (KeyStore keyStore : keyStores()) { 1168 populate(keyStore); 1169 1170 // test odd inputs 1171 try { 1172 keyStore.setCertificateEntry(null, null); 1173 fail(keyStore.getType()); 1174 } catch (Exception e) { 1175 if (e.getClass() != NullPointerException.class 1176 && e.getClass() != KeyStoreException.class) { 1177 throw e; 1178 } 1179 } 1180 1181 if (isReadOnly(keyStore)) { 1182 try { 1183 assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1184 keyStore.setCertificateEntry(ALIAS_CERTIFICATE, null); 1185 fail(keyStore.getType()); 1186 } catch (UnsupportedOperationException expected) { 1187 } 1188 continue; 1189 } 1190 1191 // Sort of delete by setting null. Note that even though 1192 // certificate is null, size doesn't change, 1193 // isCertificateEntry returns true, and it is still listed in aliases. 1194 if (isCertificateEnabled(keyStore)) { 1195 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1196 try { 1197 int size = keyStore.size(); 1198 keyStore.setCertificateEntry(ALIAS_CERTIFICATE, null); 1199 assertNull(keyStore.getType(), keyStore.getCertificate(ALIAS_CERTIFICATE)); 1200 assertEquals(keyStore.getType(), size, keyStore.size()); 1201 assertTrue(keyStore.getType(), keyStore.isCertificateEntry(ALIAS_CERTIFICATE)); 1202 assertTrue(keyStore.getType(), 1203 Collections.list(keyStore.aliases()).contains(ALIAS_CERTIFICATE)); 1204 } catch (NullPointerException expectedSometimes) { 1205 if (!("PKCS12".equalsIgnoreCase(keyStore.getType()) && 1206 "BC".equalsIgnoreCase(keyStore.getProvider().getName())) 1207 && !"AndroidKeyStore".equalsIgnoreCase(keyStore.getType())) { 1208 throw expectedSometimes; 1209 } 1210 } 1211 } else { 1212 try { 1213 keyStore.setCertificateEntry(ALIAS_CERTIFICATE, null); 1214 fail(keyStore.getType()); 1215 } catch (KeyStoreException expected) { 1216 } 1217 } 1218 } 1219 1220 for (KeyStore keyStore : keyStores()) { 1221 if (!isCertificateEnabled(keyStore)) { 1222 continue; 1223 } 1224 1225 clearKeyStore(keyStore); 1226 1227 assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1228 if (isReadOnly(keyStore)) { 1229 try { 1230 setCertificate(keyStore); 1231 fail(keyStore.getType()); 1232 } catch (UnsupportedOperationException expected) { 1233 } 1234 continue; 1235 } 1236 setCertificate(keyStore); 1237 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1238 } 1239 1240 for (KeyStore keyStore : keyStores()) { 1241 if (!isCertificateEnabled(keyStore)) { 1242 continue; 1243 } 1244 1245 populate(keyStore); 1246 1247 if (isReadOnly(keyStore)) { 1248 assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1249 assertNull(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 1250 } else if (isCaseSensitive(keyStore)) { 1251 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1252 assertNull(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 1253 setCertificate(keyStore, 1254 ALIAS_ALT_CASE_CERTIFICATE, 1255 getPrivateKey2().getCertificate()); 1256 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1257 assertCertificate2(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 1258 } else { 1259 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1260 assertCertificate(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 1261 setCertificate(keyStore, 1262 ALIAS_ALT_CASE_CERTIFICATE, 1263 getPrivateKey2().getCertificate()); 1264 assertCertificate2(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1265 assertCertificate2(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 1266 } 1267 } 1268 } 1269 public void test_KeyStore_deleteEntry() throws Exception { 1270 for (KeyStore keyStore : keyStores()) { 1271 try { 1272 keyStore.deleteEntry(null); 1273 fail(keyStore.getType()); 1274 } catch (KeyStoreException expected) { 1275 } 1276 } 1277 1278 for (KeyStore keyStore : keyStores()) { 1279 keyStore.load(null, null); 1280 1281 if (isReadOnly(keyStore)) { 1282 try { 1283 keyStore.deleteEntry(null); 1284 fail(keyStore.getType()); 1285 } catch (UnsupportedOperationException expected) { 1286 } 1287 continue; 1288 } 1289 1290 // test odd inputs 1291 try { 1292 keyStore.deleteEntry(null); 1293 fail(keyStore.getType()); 1294 } catch (Exception e) { 1295 if (e.getClass() != NullPointerException.class 1296 && e.getClass() != KeyStoreException.class) { 1297 throw e; 1298 } 1299 } 1300 keyStore.deleteEntry(""); 1301 } 1302 1303 for (KeyStore keyStore : keyStores()) { 1304 populate(keyStore); 1305 1306 if (isReadOnly(keyStore)) { 1307 try { 1308 keyStore.deleteEntry(ALIAS_PRIVATE); 1309 } catch (UnsupportedOperationException e) { 1310 } 1311 continue; 1312 } 1313 1314 // test case sensitive 1315 if (isKeyPasswordSupported(keyStore)) { 1316 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1317 assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE)); 1318 keyStore.deleteEntry(ALIAS_PRIVATE); 1319 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1320 } 1321 if (isNullPasswordAllowed(keyStore)) { 1322 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1323 assertCertificateChain(keyStore.getCertificateChain(ALIAS_NO_PASSWORD_PRIVATE)); 1324 keyStore.deleteEntry(ALIAS_NO_PASSWORD_PRIVATE); 1325 assertNull(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1326 } 1327 1328 if (isSecretKeyEnabled(keyStore)) { 1329 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1330 keyStore.deleteEntry(ALIAS_SECRET); 1331 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1332 } else { 1333 keyStore.deleteEntry(ALIAS_SECRET); 1334 } 1335 1336 if (isCertificateEnabled(keyStore)) { 1337 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1338 keyStore.deleteEntry(ALIAS_CERTIFICATE); 1339 assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1340 } else { 1341 keyStore.deleteEntry(ALIAS_CERTIFICATE); 1342 } 1343 } 1344 1345 for (KeyStore keyStore : keyStores()) { 1346 populate(keyStore); 1347 1348 // test case insensitive 1349 1350 if (isCaseSensitive(keyStore)) { 1351 if (isKeyPasswordSupported(keyStore)) { 1352 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1353 keyStore.deleteEntry(ALIAS_ALT_CASE_PRIVATE); 1354 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 1355 } 1356 if (isNullPasswordAllowed(keyStore)) { 1357 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1358 keyStore.deleteEntry(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE); 1359 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 1360 } 1361 1362 if (isSecretKeyEnabled(keyStore)) { 1363 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1364 keyStore.deleteEntry(ALIAS_ALT_CASE_SECRET); 1365 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 1366 } else { 1367 keyStore.deleteEntry(ALIAS_SECRET); 1368 } 1369 1370 if (isCertificateEnabled(keyStore)) { 1371 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1372 keyStore.deleteEntry(ALIAS_ALT_CASE_CERTIFICATE); 1373 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 1374 } else { 1375 keyStore.deleteEntry(ALIAS_CERTIFICATE); 1376 } 1377 } 1378 } 1379 } 1380 1381 public void test_KeyStore_aliases() throws Exception { 1382 for (KeyStore keyStore : keyStores()) { 1383 try { 1384 keyStore.aliases(); 1385 fail(keyStore.getType()); 1386 } catch (KeyStoreException expected) { 1387 } 1388 } 1389 1390 for (KeyStore keyStore : keyStores()) { 1391 keyStore.load(null, null); 1392 if (isPersistentStorage(keyStore)) { 1393 assertNotNull("Should be able to query size: " + keyStore.getType(), 1394 keyStore.aliases()); 1395 } else if (hasDefaultContents(keyStore)) { 1396 assertTrue("Should have more than one alias already: " + keyStore.getType(), 1397 keyStore.aliases().hasMoreElements()); 1398 } else { 1399 assertEquals("Should have no aliases:" + keyStore.getType(), Collections.EMPTY_SET, 1400 new HashSet(Collections.list(keyStore.aliases()))); 1401 } 1402 } 1403 1404 for (KeyStore keyStore : keyStores()) { 1405 populate(keyStore); 1406 1407 Set<String> expected = new HashSet<String>(); 1408 if (isKeyPasswordSupported(keyStore)) { 1409 expected.add(ALIAS_PRIVATE); 1410 } 1411 if (isNullPasswordAllowed(keyStore)) { 1412 expected.add(ALIAS_NO_PASSWORD_PRIVATE); 1413 } 1414 if (isSecretKeyEnabled(keyStore)) { 1415 expected.add(ALIAS_SECRET); 1416 if (isNullPasswordAllowed(keyStore)) { 1417 expected.add(ALIAS_NO_PASSWORD_SECRET); 1418 } 1419 } 1420 if (isCertificateEnabled(keyStore)) { 1421 expected.add(ALIAS_CERTIFICATE); 1422 } 1423 if (isPersistentStorage(keyStore)) { 1424 assertNotNull("Should be able to query size: " + keyStore.getType(), 1425 keyStore.aliases()); 1426 } else if (hasDefaultContents(keyStore)) { 1427 assertTrue(keyStore.aliases().hasMoreElements()); 1428 } else { 1429 assertEquals(expected, new HashSet<String>(Collections.list(keyStore.aliases()))); 1430 } 1431 } 1432 } 1433 1434 public void test_KeyStore_containsAlias() throws Exception { 1435 for (KeyStore keyStore : keyStores()) { 1436 try { 1437 keyStore.containsAlias(null); 1438 fail(keyStore.getType()); 1439 } catch (KeyStoreException expected) { 1440 } 1441 } 1442 1443 for (KeyStore keyStore : keyStores()) { 1444 keyStore.load(null, null); 1445 1446 try { 1447 keyStore.containsAlias(null); 1448 fail(keyStore.getType()); 1449 } catch (NullPointerException expected) { 1450 } 1451 1452 assertFalse(keyStore.containsAlias("")); 1453 } 1454 1455 for (KeyStore keyStore : keyStores()) { 1456 populate(keyStore); 1457 1458 assertFalse(keyStore.containsAlias("")); 1459 1460 if (isReadOnly(keyStore)) { 1461 assertFalse(keyStore.containsAlias(ALIAS_PRIVATE)); 1462 continue; 1463 } 1464 if (isKeyPasswordSupported(keyStore)) { 1465 assertTrue(keyStore.containsAlias(ALIAS_PRIVATE)); 1466 } else if (isNullPasswordAllowed(keyStore)) { 1467 assertTrue(keyStore.containsAlias(ALIAS_NO_PASSWORD_PRIVATE)); 1468 } 1469 assertEquals(isSecretKeyEnabled(keyStore), keyStore.containsAlias(ALIAS_SECRET)); 1470 assertEquals(isCertificateEnabled(keyStore), keyStore.containsAlias(ALIAS_CERTIFICATE)); 1471 1472 assertEquals(!isCaseSensitive(keyStore), 1473 keyStore.containsAlias(ALIAS_ALT_CASE_PRIVATE)); 1474 assertEquals(!isCaseSensitive(keyStore) && isSecretKeyEnabled(keyStore), 1475 keyStore.containsAlias(ALIAS_ALT_CASE_SECRET)); 1476 assertEquals(!isCaseSensitive(keyStore) && isCertificateEnabled(keyStore), 1477 keyStore.containsAlias(ALIAS_ALT_CASE_CERTIFICATE)); 1478 } 1479 } 1480 1481 public void test_KeyStore_size() throws Exception { 1482 for (KeyStore keyStore : keyStores()) { 1483 try { 1484 keyStore.aliases(); 1485 fail(keyStore.getType()); 1486 } catch (KeyStoreException expected) { 1487 } 1488 } 1489 1490 for (KeyStore keyStore : keyStores()) { 1491 keyStore.load(null, null); 1492 if (isPersistentStorage(keyStore)) { 1493 assertTrue("Should successfully query size: " + keyStore.getType(), 1494 keyStore.size() >= 0); 1495 } else if (hasDefaultContents(keyStore)) { 1496 assertTrue("Should have non-empty store: " + keyStore.getType(), 1497 keyStore.size() > 0); 1498 } else { 1499 assertEquals("Should have empty store: " + keyStore.getType(), 0, keyStore.size()); 1500 } 1501 } 1502 1503 for (KeyStore keyStore : keyStores()) { 1504 populate(keyStore); 1505 if (hasDefaultContents(keyStore)) { 1506 assertTrue("Should have non-empty store: " + keyStore.getType(), 1507 keyStore.size() > 0); 1508 continue; 1509 } 1510 1511 int expected = 0; 1512 if (isKeyPasswordSupported(keyStore)) { 1513 expected++; 1514 } 1515 if (isNullPasswordAllowed(keyStore)) { 1516 expected++; 1517 } 1518 if (isSecretKeyEnabled(keyStore)) { 1519 expected++; 1520 if (isNullPasswordAllowed(keyStore)) { 1521 expected++; 1522 } 1523 } 1524 if (isCertificateEnabled(keyStore)) { 1525 expected++; 1526 } 1527 assertEquals(expected, keyStore.size()); 1528 } 1529 } 1530 1531 public void test_KeyStore_isKeyEntry() throws Exception { 1532 for (KeyStore keyStore : keyStores()) { 1533 try { 1534 keyStore.isKeyEntry(null); 1535 fail(keyStore.getType()); 1536 } catch (KeyStoreException expected) { 1537 } 1538 } 1539 1540 for (KeyStore keyStore : keyStores()) { 1541 keyStore.load(null, null); 1542 1543 try { 1544 keyStore.isKeyEntry(null); 1545 fail(keyStore.getType()); 1546 } catch (NullPointerException expected) { 1547 } 1548 1549 assertFalse(keyStore.isKeyEntry("")); 1550 } 1551 1552 for (KeyStore keyStore : keyStores()) { 1553 populate(keyStore); 1554 1555 assertFalse(keyStore.isKeyEntry("")); 1556 if (isReadOnly(keyStore)) { 1557 assertFalse(keyStore.isKeyEntry(ALIAS_PRIVATE)); 1558 continue; 1559 } 1560 if (isKeyPasswordSupported(keyStore)) { 1561 assertTrue(keyStore.isKeyEntry(ALIAS_PRIVATE)); 1562 } 1563 if (isNullPasswordAllowed(keyStore)) { 1564 assertTrue(keyStore.isKeyEntry(ALIAS_NO_PASSWORD_PRIVATE)); 1565 } 1566 assertEquals(isSecretKeyEnabled(keyStore), keyStore.isKeyEntry(ALIAS_SECRET)); 1567 assertFalse(keyStore.isKeyEntry(ALIAS_CERTIFICATE)); 1568 1569 assertEquals(!isCaseSensitive(keyStore), 1570 keyStore.isKeyEntry(ALIAS_ALT_CASE_PRIVATE)); 1571 assertEquals(!isCaseSensitive(keyStore) && isSecretKeyEnabled(keyStore), 1572 keyStore.isKeyEntry(ALIAS_ALT_CASE_SECRET)); 1573 assertFalse(keyStore.isKeyEntry(ALIAS_ALT_CASE_CERTIFICATE)); 1574 } 1575 } 1576 1577 public void test_KeyStore_isCertificateEntry() throws Exception { 1578 for (KeyStore keyStore : keyStores()) { 1579 try { 1580 keyStore.isCertificateEntry(null); 1581 fail(keyStore.getType()); 1582 } catch (KeyStoreException expected) { 1583 } 1584 } 1585 1586 for (KeyStore keyStore : keyStores()) { 1587 keyStore.load(null, null); 1588 1589 if (isCertificateEnabled(keyStore)) { 1590 try { 1591 keyStore.isCertificateEntry(null); 1592 fail(keyStore.getType()); 1593 } catch (NullPointerException expected) { 1594 } 1595 } else { 1596 assertFalse(keyStore.isCertificateEntry(null)); 1597 } 1598 1599 assertFalse(keyStore.isCertificateEntry("")); 1600 } 1601 1602 for (KeyStore keyStore : keyStores()) { 1603 populate(keyStore); 1604 1605 assertFalse(keyStore.isCertificateEntry("")); 1606 1607 if (isKeyPasswordSupported(keyStore)) { 1608 assertFalse(keyStore.isCertificateEntry(ALIAS_PRIVATE)); 1609 } 1610 if (isNullPasswordAllowed(keyStore)) { 1611 assertFalse(keyStore.isCertificateEntry(ALIAS_NO_PASSWORD_PRIVATE)); 1612 } 1613 assertFalse(keyStore.isCertificateEntry(ALIAS_SECRET)); 1614 assertEquals(isCertificateEnabled(keyStore) && !isReadOnly(keyStore), 1615 keyStore.isCertificateEntry(ALIAS_CERTIFICATE)); 1616 1617 assertFalse(keyStore.isCertificateEntry(ALIAS_ALT_CASE_PRIVATE)); 1618 assertFalse(keyStore.isCertificateEntry(ALIAS_ALT_CASE_SECRET)); 1619 assertEquals(!isCaseSensitive(keyStore) 1620 && isCertificateEnabled(keyStore) 1621 && !isReadOnly(keyStore), 1622 keyStore.isCertificateEntry(ALIAS_ALT_CASE_CERTIFICATE)); 1623 } 1624 } 1625 1626 public void test_KeyStore_getCertificateAlias() throws Exception { 1627 for (KeyStore keyStore : keyStores()) { 1628 try { 1629 keyStore.getCertificateAlias(null); 1630 fail(keyStore.getType()); 1631 } catch (KeyStoreException expected) { 1632 } 1633 } 1634 1635 for (KeyStore keyStore : keyStores()) { 1636 keyStore.load(null, null); 1637 assertNull(keyStore.getCertificateAlias(null)); 1638 } 1639 1640 for (KeyStore keyStore : keyStores()) { 1641 populate(keyStore); 1642 1643 Set<String> expected = new HashSet<String>(); 1644 if (isKeyPasswordSupported(keyStore)) { 1645 expected.add(ALIAS_PRIVATE); 1646 } 1647 if (isNullPasswordAllowed(keyStore)) { 1648 expected.add(ALIAS_NO_PASSWORD_PRIVATE); 1649 } 1650 if (isCertificateEnabled(keyStore)) { 1651 expected.add(ALIAS_CERTIFICATE); 1652 } 1653 String actual = keyStore.getCertificateAlias(getPrivateKey().getCertificate()); 1654 assertEquals(!isReadOnly(keyStore), expected.contains(actual)); 1655 assertNull(keyStore.getCertificateAlias(getPrivateKey2().getCertificate())); 1656 } 1657 } 1658 1659 public void assertEqualsKeyStores(File expected, char[] storePassword, KeyStore actual) 1660 throws Exception{ 1661 KeyStore ks = KeyStore.getInstance(actual.getType(), actual.getProvider()); 1662 InputStream is = new FileInputStream(expected); 1663 ks.load(is, storePassword); 1664 is.close(); 1665 assertEqualsKeyStores(ks, actual); 1666 } 1667 1668 public void assertEqualsKeyStores(KeyStore expected, 1669 ByteArrayOutputStream actual, char[] storePassword) 1670 throws Exception{ 1671 KeyStore ks = KeyStore.getInstance(expected.getType(), expected.getProvider()); 1672 ks.load(new ByteArrayInputStream(actual.toByteArray()), storePassword); 1673 assertEqualsKeyStores(expected, ks); 1674 } 1675 1676 public void assertEqualsKeyStores(KeyStore expected, KeyStore actual) 1677 throws Exception{ 1678 assertEquals(expected.size(), actual.size()); 1679 for (String alias : Collections.list(actual.aliases())) { 1680 if (alias.equals(ALIAS_NO_PASSWORD_PRIVATE) 1681 || alias.equals(ALIAS_NO_PASSWORD_SECRET)) { 1682 assertEquals(expected.getKey(alias, null), 1683 actual.getKey(alias, null)); 1684 } else { 1685 assertEquals(expected.getKey(alias, PASSWORD_KEY), 1686 actual.getKey(alias, PASSWORD_KEY)); 1687 } 1688 assertEquals(expected.getCertificate(alias), actual.getCertificate(alias)); 1689 } 1690 } 1691 1692 public void test_KeyStore_store_OutputStream() throws Exception { 1693 for (KeyStore keyStore : keyStores()) { 1694 try { 1695 keyStore.store(null, null); 1696 fail(keyStore.getType()); 1697 } catch (KeyStoreException expected) { 1698 } 1699 } 1700 1701 for (KeyStore keyStore : keyStores()) { 1702 keyStore.load(null, null); 1703 ByteArrayOutputStream out = new ByteArrayOutputStream(); 1704 if (isLoadStoreUnsupported(keyStore) || isReadOnly(keyStore)) { 1705 try { 1706 keyStore.store(out, null); 1707 fail(keyStore.getType()); 1708 } catch (UnsupportedOperationException expected) { 1709 } 1710 continue; 1711 } 1712 1713 if (isNullPasswordAllowed(keyStore)) { 1714 keyStore.store(out, null); 1715 assertEqualsKeyStores(keyStore, out, null); 1716 continue; 1717 } 1718 1719 try { 1720 keyStore.store(out, null); 1721 fail(keyStore.getType()); 1722 } catch (Exception e) { 1723 if (e.getClass() != IllegalArgumentException.class 1724 && e.getClass() != NullPointerException.class) { 1725 throw e; 1726 } 1727 } 1728 } 1729 1730 for (KeyStore keyStore : keyStores()) { 1731 populate(keyStore); 1732 1733 ByteArrayOutputStream out = new ByteArrayOutputStream(); 1734 if (isLoadStoreUnsupported(keyStore) || isReadOnly(keyStore)) { 1735 try { 1736 keyStore.store(out, null); 1737 fail(keyStore.getType()); 1738 } catch (UnsupportedOperationException expected) { 1739 } 1740 } else if (isNullPasswordAllowed(keyStore)) { 1741 keyStore.store(out, null); 1742 assertEqualsKeyStores(keyStore, out, null); 1743 } else { 1744 try { 1745 keyStore.store(out, null); 1746 fail(keyStore.getType()); 1747 } catch (Exception e) { 1748 if (e.getClass() != IllegalArgumentException.class 1749 && e.getClass() != NullPointerException.class) { 1750 throw e; 1751 } 1752 } 1753 } 1754 } 1755 1756 for (KeyStore keyStore : keyStores()) { 1757 keyStore.load(null, null); 1758 ByteArrayOutputStream out = new ByteArrayOutputStream(); 1759 if (isLoadStoreUnsupported(keyStore) || isReadOnly(keyStore)) { 1760 try { 1761 keyStore.store(out, PASSWORD_STORE); 1762 fail(keyStore.getType()); 1763 } catch (UnsupportedOperationException e) { 1764 } 1765 continue; 1766 } 1767 keyStore.store(out, PASSWORD_STORE); 1768 assertEqualsKeyStores(keyStore, out, PASSWORD_STORE); 1769 } 1770 1771 for (KeyStore keyStore : keyStores()) { 1772 populate(keyStore); 1773 ByteArrayOutputStream out = new ByteArrayOutputStream(); 1774 if (isLoadStoreUnsupported(keyStore) || isReadOnly(keyStore)) { 1775 try { 1776 keyStore.store(out, PASSWORD_STORE); 1777 fail(keyStore.getType()); 1778 } catch (UnsupportedOperationException e) { 1779 } 1780 continue; 1781 } 1782 keyStore.store(out, PASSWORD_STORE); 1783 assertEqualsKeyStores(keyStore, out, PASSWORD_STORE); 1784 } 1785 } 1786 1787 public void test_KeyStore_store_LoadStoreParameter() throws Exception { 1788 for (KeyStore keyStore : keyStores()) { 1789 try { 1790 keyStore.store(null); 1791 fail(keyStore.getType()); 1792 } catch (KeyStoreException expected) { 1793 } 1794 } 1795 1796 for (KeyStore keyStore : keyStores()) { 1797 keyStore.load(null, null); 1798 try { 1799 keyStore.store(null); 1800 fail(keyStore.getType()); 1801 } catch (UnsupportedOperationException expected) { 1802 assertFalse(isLoadStoreParameterSupported(keyStore)); 1803 } catch (IllegalArgumentException expected) { 1804 // its supported, but null causes an exception 1805 assertTrue(isLoadStoreParameterSupported(keyStore)); 1806 } 1807 } 1808 } 1809 1810 public void test_KeyStore_load_InputStream() throws Exception { 1811 for (KeyStore keyStore : keyStores()) { 1812 keyStore.load(null, null); 1813 if (isPersistentStorage(keyStore)) { 1814 assertTrue("Should be able to query size: " + keyStore.getType(), 1815 keyStore.size() >= 0); 1816 } else if (hasDefaultContents(keyStore)) { 1817 assertTrue("Should have non-empty store: " + keyStore.getType(), 1818 keyStore.size() > 0); 1819 } else { 1820 assertEquals("Should have empty store: " + keyStore.getType(), 0, keyStore.size()); 1821 } 1822 } 1823 1824 for (KeyStore keyStore : keyStores()) { 1825 if (isLoadStoreUnsupported(keyStore)) { 1826 continue; 1827 } 1828 keyStore.load(null, PASSWORD_STORE); 1829 if (isPersistentStorage(keyStore)) { 1830 assertTrue("Should be able to query size: " + keyStore.getType(), 1831 keyStore.size() >= 0); 1832 } else if (hasDefaultContents(keyStore)) { 1833 assertTrue("Should have non-empty store: " + keyStore.getType(), 1834 keyStore.size() > 0); 1835 } else { 1836 assertEquals("Should have empty store: " + keyStore.getType(), 0, keyStore.size()); 1837 } 1838 } 1839 1840 // test_KeyStore_store_OutputStream effectively tests load as well as store 1841 } 1842 1843 public void test_KeyStore_load_LoadStoreParameter() throws Exception { 1844 for (KeyStore keyStore : keyStores()) { 1845 keyStore.load(null); 1846 if (isPersistentStorage(keyStore)) { 1847 assertTrue("Should be able to query size: " + keyStore.getType(), 1848 keyStore.size() >= 0); 1849 } else if (hasDefaultContents(keyStore)) { 1850 assertTrue("Should have non-empty store: " + keyStore.getType(), 1851 keyStore.size() > 0); 1852 } else { 1853 assertEquals("Should have empty store: " + keyStore.getType(), 0, keyStore.size()); 1854 } 1855 } 1856 1857 for (KeyStore keyStore : keyStores()) { 1858 try { 1859 keyStore.load(new LoadStoreParameter() { 1860 public ProtectionParameter getProtectionParameter() { 1861 return null; 1862 } 1863 }); 1864 fail(keyStore.getType()); 1865 } catch (UnsupportedOperationException expected) { 1866 } 1867 } 1868 } 1869 1870 public void test_KeyStore_getEntry() throws Exception { 1871 for (KeyStore keyStore : keyStores()) { 1872 try { 1873 keyStore.getEntry(null, null); 1874 fail(keyStore.getType()); 1875 } catch (NullPointerException expected) { 1876 } 1877 } 1878 1879 for (KeyStore keyStore : keyStores()) { 1880 populate(keyStore); 1881 1882 // test odd inputs 1883 try { 1884 keyStore.getEntry(null, null); 1885 fail(keyStore.getType()); 1886 } catch (NullPointerException expected) { 1887 } 1888 try { 1889 keyStore.getEntry(null, PARAM_KEY); 1890 fail(keyStore.getType()); 1891 } catch (NullPointerException expected) { 1892 } 1893 assertNull(keyStore.getEntry("", null)); 1894 assertNull(keyStore.getEntry("", PARAM_KEY)); 1895 1896 // test case sensitive 1897 if (isReadOnly(keyStore)) { 1898 assertNull(keyStore.getEntry(ALIAS_PRIVATE, PARAM_KEY)); 1899 } else { 1900 if (isKeyPasswordSupported(keyStore)) { 1901 assertPrivateKey(keyStore.getEntry(ALIAS_PRIVATE, PARAM_KEY)); 1902 } else if (isNullPasswordAllowed(keyStore)) { 1903 assertPrivateKey(keyStore.getEntry(ALIAS_NO_PASSWORD_PRIVATE, null)); 1904 } 1905 if (isSecretKeyEnabled(keyStore)) { 1906 assertSecretKey(keyStore.getEntry(ALIAS_SECRET, PARAM_KEY)); 1907 } else { 1908 assertNull(keyStore.getEntry(ALIAS_SECRET, PARAM_KEY)); 1909 } 1910 if (isCertificateEnabled(keyStore)) { 1911 assertCertificate(keyStore.getEntry(ALIAS_CERTIFICATE, null)); 1912 } else { 1913 assertNull(keyStore.getEntry(ALIAS_CERTIFICATE, null)); 1914 } 1915 } 1916 1917 // test case insensitive 1918 if (isCaseSensitive(keyStore) || isReadOnly(keyStore)) { 1919 assertNull(keyStore.getEntry(ALIAS_ALT_CASE_PRIVATE, PARAM_KEY)); 1920 assertNull(keyStore.getEntry(ALIAS_ALT_CASE_SECRET, PARAM_KEY)); 1921 } else { 1922 assertPrivateKey(keyStore.getEntry(ALIAS_ALT_CASE_PRIVATE, PARAM_KEY)); 1923 if (isSecretKeyEnabled(keyStore)) { 1924 assertSecretKey(keyStore.getEntry(ALIAS_ALT_CASE_SECRET, PARAM_KEY)); 1925 } 1926 } 1927 if (isCaseSensitive(keyStore) || isReadOnly(keyStore)) { 1928 assertNull(keyStore.getEntry(ALIAS_ALT_CASE_CERTIFICATE, null)); 1929 } else { 1930 if (isCertificateEnabled(keyStore)) { 1931 assertCertificate(keyStore.getEntry(ALIAS_ALT_CASE_CERTIFICATE, null)); 1932 } 1933 } 1934 1935 // test with null passwords 1936 if (isReadOnly(keyStore)) { 1937 assertNull(keyStore.getEntry(ALIAS_NO_PASSWORD_PRIVATE, null)); 1938 } else if (isNullPasswordAllowed(keyStore)) { 1939 assertPrivateKey(keyStore.getEntry(ALIAS_NO_PASSWORD_PRIVATE, null)); 1940 } else if (isKeyPasswordSupported(keyStore) && isKeyPasswordIgnored(keyStore)) { 1941 assertPrivateKey(keyStore.getEntry(ALIAS_PRIVATE, null)); 1942 } else if (isKeyPasswordIgnored(keyStore)) { 1943 try { 1944 keyStore.getEntry(ALIAS_PRIVATE, null); 1945 fail(keyStore.getType()); 1946 } catch (Exception e) { 1947 if (e.getClass() != UnrecoverableKeyException.class 1948 && e.getClass() != IllegalArgumentException.class) { 1949 throw e; 1950 } 1951 } 1952 } 1953 if (isReadOnly(keyStore)) { 1954 assertNull(keyStore.getEntry(ALIAS_SECRET, null)); 1955 } else if (isSecretKeyEnabled(keyStore)) { 1956 try { 1957 keyStore.getEntry(ALIAS_SECRET, null); 1958 fail(keyStore.getType()); 1959 } catch (Exception e) { 1960 if (e.getClass() != UnrecoverableKeyException.class 1961 && e.getClass() != IllegalArgumentException.class) { 1962 throw e; 1963 } 1964 } 1965 } 1966 1967 // test with bad passwords 1968 if (isReadOnly(keyStore)) { 1969 assertNull(keyStore.getEntry(ALIAS_PRIVATE, PARAM_BAD)); 1970 } else if (isKeyPasswordSupported(keyStore) && isKeyPasswordIgnored(keyStore)) { 1971 assertPrivateKey(keyStore.getEntry(ALIAS_PRIVATE, PARAM_BAD)); 1972 } else if (isKeyPasswordSupported(keyStore)) { 1973 try { 1974 keyStore.getEntry(ALIAS_PRIVATE, PARAM_BAD); 1975 fail(keyStore.getType()); 1976 } catch (UnrecoverableKeyException expected) { 1977 } 1978 } 1979 if (isReadOnly(keyStore)) { 1980 assertNull(keyStore.getEntry(ALIAS_SECRET, PARAM_BAD)); 1981 } else if (isSecretKeyEnabled(keyStore)) { 1982 try { 1983 keyStore.getEntry(ALIAS_SECRET, PARAM_BAD); 1984 fail(keyStore.getType()); 1985 } catch (UnrecoverableKeyException expected) { 1986 } 1987 } 1988 } 1989 } 1990 1991 public static class FakeProtectionParameter implements ProtectionParameter { 1992 } 1993 1994 public void test_KeyStore_setEntry() throws Exception { 1995 for (KeyStore keyStore : keyStores()) { 1996 keyStore.load(null, null); 1997 try { 1998 keyStore.setEntry(null, null, null); 1999 fail(keyStore.getType()); 2000 } catch (NullPointerException expected) { 2001 } 2002 } 2003 2004 for (KeyStore keyStore : keyStores()) { 2005 keyStore.load(null, null); 2006 2007 try { 2008 keyStore.setEntry(ALIAS_PRIVATE, getPrivateKey(), new FakeProtectionParameter()); 2009 fail("Should not accept unknown ProtectionParameter: " + keyStore.getProvider()); 2010 } catch (KeyStoreException expected) { 2011 } 2012 } 2013 2014 for (KeyStore keyStore : keyStores()) { 2015 keyStore.load(null, null); 2016 2017 // test odd inputs 2018 try { 2019 keyStore.setEntry(null, null, null); 2020 fail(keyStore.getType()); 2021 } catch (Exception e) { 2022 if (e.getClass() != NullPointerException.class 2023 && e.getClass() != KeyStoreException.class) { 2024 throw e; 2025 } 2026 } 2027 try { 2028 keyStore.setEntry(null, null, PARAM_KEY); 2029 fail(keyStore.getType()); 2030 } catch (Exception e) { 2031 if (e.getClass() != NullPointerException.class 2032 && e.getClass() != KeyStoreException.class) { 2033 throw e; 2034 } 2035 } 2036 try { 2037 keyStore.setEntry("", null, PARAM_KEY); 2038 fail(keyStore.getType()); 2039 } catch (NullPointerException expected) { 2040 } 2041 } 2042 2043 for (KeyStore keyStore : keyStores()) { 2044 clearKeyStore(keyStore); 2045 2046 // test case sensitive 2047 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2048 if (isReadOnly(keyStore)) { 2049 try { 2050 keyStore.setEntry(ALIAS_PRIVATE, getPrivateKey(), PARAM_KEY); 2051 fail(keyStore.getType()); 2052 } catch (UnsupportedOperationException expected) { 2053 } 2054 continue; 2055 } 2056 if (isKeyPasswordSupported(keyStore)) { 2057 keyStore.setEntry(ALIAS_PRIVATE, getPrivateKey(), PARAM_KEY); 2058 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2059 assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE)); 2060 } 2061 if (isNullPasswordAllowed(keyStore)) { 2062 keyStore.setEntry(ALIAS_NO_PASSWORD_PRIVATE, getPrivateKey(), null); 2063 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 2064 assertCertificateChain(keyStore.getCertificateChain(ALIAS_NO_PASSWORD_PRIVATE)); 2065 } 2066 if (isSecretKeyEnabled(keyStore)) { 2067 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2068 keyStore.setEntry(ALIAS_SECRET, new SecretKeyEntry(getSecretKey()), PARAM_KEY); 2069 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2070 } else { 2071 try { 2072 keyStore.setKeyEntry(ALIAS_SECRET, getSecretKey(), PASSWORD_KEY, null); 2073 fail(keyStore.getType()); 2074 } catch (KeyStoreException expected) { 2075 } 2076 } 2077 if (isCertificateEnabled(keyStore)) { 2078 assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2079 keyStore.setEntry(ALIAS_CERTIFICATE, 2080 new TrustedCertificateEntry(getPrivateKey().getCertificate()), 2081 null); 2082 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2083 } else { 2084 try { 2085 keyStore.setEntry(ALIAS_CERTIFICATE, 2086 new TrustedCertificateEntry(getPrivateKey().getCertificate()), 2087 null); 2088 fail(keyStore.getType()); 2089 } catch (KeyStoreException expected) { 2090 } 2091 } 2092 if (isKeyPasswordSupported(keyStore)) { 2093 keyStore.setEntry(ALIAS_UNICODE_PRIVATE, getPrivateKey(), PARAM_KEY); 2094 assertPrivateKey(keyStore.getKey(ALIAS_UNICODE_PRIVATE, PASSWORD_KEY)); 2095 assertCertificateChain(keyStore.getCertificateChain(ALIAS_UNICODE_PRIVATE)); 2096 } 2097 if (isNullPasswordAllowed(keyStore)) { 2098 keyStore.setEntry(ALIAS_UNICODE_NO_PASSWORD_PRIVATE, getPrivateKey(), null); 2099 assertPrivateKey(keyStore.getKey(ALIAS_UNICODE_NO_PASSWORD_PRIVATE, null)); 2100 assertCertificateChain(keyStore 2101 .getCertificateChain(ALIAS_UNICODE_NO_PASSWORD_PRIVATE)); 2102 } 2103 if (isSecretKeyEnabled(keyStore)) { 2104 assertNull(keyStore.getKey(ALIAS_UNICODE_SECRET, PASSWORD_KEY)); 2105 keyStore.setEntry(ALIAS_UNICODE_SECRET, new SecretKeyEntry(getSecretKey()), PARAM_KEY); 2106 assertSecretKey(keyStore.getKey(ALIAS_UNICODE_SECRET, PASSWORD_KEY)); 2107 } else { 2108 try { 2109 keyStore.setKeyEntry(ALIAS_UNICODE_SECRET, getSecretKey(), PASSWORD_KEY, null); 2110 fail(keyStore.getType()); 2111 } catch (KeyStoreException expected) { 2112 } 2113 } 2114 } 2115 2116 for (KeyStore keyStore : keyStores()) { 2117 populate(keyStore); 2118 2119 if (isReadOnly(keyStore)) { 2120 assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2121 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 2122 assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2123 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 2124 } else if (isCaseSensitive(keyStore)) { 2125 if (isKeyPasswordSupported(keyStore)) { 2126 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2127 assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 2128 keyStore.setEntry(ALIAS_ALT_CASE_PRIVATE, getPrivateKey2(), PARAM_KEY); 2129 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2130 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 2131 } 2132 2133 if (isNullPasswordAllowed(keyStore)) { 2134 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 2135 assertNull(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 2136 keyStore.setEntry(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, getPrivateKey2(), null); 2137 assertPrivateKey(keyStore.getKey(ALIAS_NO_PASSWORD_PRIVATE, null)); 2138 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_NO_PASSWORD_PRIVATE, null)); 2139 } 2140 2141 if (isSecretKeyEnabled(keyStore)) { 2142 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2143 assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 2144 keyStore.setEntry(ALIAS_ALT_CASE_SECRET, 2145 new SecretKeyEntry(getSecretKey2()), 2146 PARAM_KEY); 2147 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2148 assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 2149 } 2150 2151 if (isCertificateEnabled(keyStore)) { 2152 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2153 assertNull(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 2154 keyStore.setEntry(ALIAS_ALT_CASE_CERTIFICATE, 2155 new TrustedCertificateEntry( 2156 getPrivateKey2().getCertificate()), 2157 null); 2158 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2159 assertCertificate2(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 2160 keyStore.setEntry(ALIAS_UNICODE_CERTIFICATE, 2161 new TrustedCertificateEntry( 2162 getPrivateKey().getCertificate()), 2163 null); 2164 assertCertificate(keyStore.getCertificate(ALIAS_UNICODE_CERTIFICATE)); 2165 } 2166 } else { 2167 assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2168 assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 2169 keyStore.setEntry(ALIAS_ALT_CASE_PRIVATE, getPrivateKey2(), PARAM_KEY); 2170 assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY)); 2171 assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY)); 2172 2173 if (isSecretKeyEnabled(keyStore)) { 2174 assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2175 assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 2176 keyStore.setEntry(ALIAS_ALT_CASE_SECRET, 2177 new SecretKeyEntry(getSecretKey2()), 2178 PARAM_KEY); 2179 assertSecretKey2(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY)); 2180 assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY)); 2181 } 2182 2183 if (isCertificateEnabled(keyStore)) { 2184 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2185 assertCertificate(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 2186 keyStore.setEntry(ALIAS_ALT_CASE_CERTIFICATE, 2187 new TrustedCertificateEntry( 2188 getPrivateKey2().getCertificate()), 2189 null); 2190 assertCertificate2(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2191 assertCertificate2(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE)); 2192 keyStore.setEntry(ALIAS_UNICODE_CERTIFICATE, 2193 new TrustedCertificateEntry( 2194 getPrivateKey().getCertificate()), 2195 null); 2196 assertCertificate(keyStore.getCertificate(ALIAS_UNICODE_CERTIFICATE)); 2197 } 2198 } 2199 } 2200 2201 for (KeyStore keyStore : keyStores()) { 2202 keyStore.load(null, null); 2203 2204 // test with null/non-null passwords 2205 if (isReadOnly(keyStore)) { 2206 try { 2207 keyStore.setEntry(ALIAS_PRIVATE, getPrivateKey(), null); 2208 fail(keyStore.getType()); 2209 } catch (UnsupportedOperationException expected) { 2210 } 2211 try { 2212 keyStore.setEntry(ALIAS_SECRET, new SecretKeyEntry(getSecretKey()), null); 2213 fail(keyStore.getType()); 2214 } catch (UnsupportedOperationException expected) { 2215 } 2216 try { 2217 keyStore.setEntry(ALIAS_CERTIFICATE, 2218 new TrustedCertificateEntry(getPrivateKey().getCertificate()), 2219 null); 2220 fail(keyStore.getType()); 2221 } catch (UnsupportedOperationException expected) { 2222 } 2223 continue; 2224 } 2225 if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) { 2226 for (String keyType : KEY_TYPES) { 2227 keyStore.setEntry(ALIAS_PRIVATE, getPrivateKey(keyType), null); 2228 assertPrivateKey(keyType, keyStore.getKey(ALIAS_PRIVATE, null)); 2229 } 2230 } else { 2231 try { 2232 keyStore.setEntry(ALIAS_PRIVATE, getPrivateKey(), null); 2233 fail(keyStore.getType()); 2234 } catch (Exception e) { 2235 if (e.getClass() != UnrecoverableKeyException.class 2236 && e.getClass() != IllegalArgumentException.class 2237 && e.getClass() != KeyStoreException.class) { 2238 throw e; 2239 } 2240 } 2241 } 2242 if (isSecretKeyEnabled(keyStore)) { 2243 if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) { 2244 keyStore.setEntry(ALIAS_SECRET, new SecretKeyEntry(getSecretKey()), null); 2245 assertSecretKey(keyStore.getKey(ALIAS_SECRET, null)); 2246 } else { 2247 try { 2248 keyStore.setEntry(ALIAS_SECRET, new SecretKeyEntry(getSecretKey()), null); 2249 fail(keyStore.getType()); 2250 } catch (Exception e) { 2251 if (e.getClass() != UnrecoverableKeyException.class 2252 && e.getClass() != IllegalArgumentException.class 2253 && e.getClass() != KeyStoreException.class) { 2254 throw e; 2255 } 2256 } 2257 } 2258 } 2259 if (isCertificateEnabled(keyStore)) { 2260 if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) { 2261 keyStore.setEntry(ALIAS_CERTIFICATE, 2262 new TrustedCertificateEntry(getPrivateKey().getCertificate()), 2263 PARAM_KEY); 2264 assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE)); 2265 } else { 2266 try { 2267 keyStore.setEntry(ALIAS_CERTIFICATE, 2268 new TrustedCertificateEntry( 2269 getPrivateKey().getCertificate()), 2270 PARAM_KEY); 2271 fail(keyStore.getType()); 2272 } catch (KeyStoreException expected) { 2273 } 2274 } 2275 } 2276 } 2277 } 2278 2279 public void test_KeyStore_entryInstanceOf() throws Exception { 2280 for (KeyStore keyStore : keyStores()) { 2281 try { 2282 keyStore.entryInstanceOf(null, null); 2283 fail(keyStore.getType()); 2284 } catch (NullPointerException expected) { 2285 } 2286 } 2287 2288 for (KeyStore keyStore : keyStores()) { 2289 keyStore.load(null, null); 2290 2291 try { 2292 keyStore.entryInstanceOf(null, null); 2293 fail(keyStore.getType()); 2294 } catch (NullPointerException expected) { 2295 } 2296 try { 2297 keyStore.entryInstanceOf(null, Entry.class); 2298 fail(keyStore.getType()); 2299 } catch (NullPointerException expected) { 2300 } 2301 try { 2302 keyStore.entryInstanceOf("", null); 2303 fail(keyStore.getType()); 2304 } catch (NullPointerException expected) { 2305 } 2306 2307 assertFalse(keyStore.entryInstanceOf("", Entry.class)); 2308 } 2309 2310 for (KeyStore keyStore : keyStores()) { 2311 populate(keyStore); 2312 2313 // test odd inputs 2314 assertFalse(keyStore.entryInstanceOf("", Entry.class)); 2315 assertFalse(keyStore.entryInstanceOf("", PrivateKeyEntry.class)); 2316 assertFalse(keyStore.entryInstanceOf("", SecretKeyEntry.class)); 2317 assertFalse(keyStore.entryInstanceOf("", TrustedCertificateEntry.class)); 2318 2319 if (isReadOnly(keyStore)) { 2320 assertFalse(keyStore.entryInstanceOf(ALIAS_PRIVATE, PrivateKeyEntry.class)); 2321 assertFalse(keyStore.entryInstanceOf(ALIAS_PRIVATE, SecretKeyEntry.class)); 2322 assertFalse(keyStore.entryInstanceOf(ALIAS_PRIVATE, TrustedCertificateEntry.class)); 2323 2324 assertFalse(keyStore.entryInstanceOf(ALIAS_SECRET, SecretKeyEntry.class)); 2325 assertFalse(keyStore.entryInstanceOf(ALIAS_SECRET, PrivateKeyEntry.class)); 2326 assertFalse(keyStore.entryInstanceOf(ALIAS_SECRET, TrustedCertificateEntry.class)); 2327 2328 assertFalse(keyStore.entryInstanceOf(ALIAS_CERTIFICATE, 2329 TrustedCertificateEntry.class)); 2330 assertFalse(keyStore.entryInstanceOf(ALIAS_CERTIFICATE, PrivateKeyEntry.class)); 2331 assertFalse(keyStore.entryInstanceOf(ALIAS_CERTIFICATE, SecretKeyEntry.class)); 2332 continue; 2333 } 2334 2335 // test case sensitive 2336 assertEquals(isKeyPasswordSupported(keyStore), 2337 keyStore.entryInstanceOf(ALIAS_PRIVATE, PrivateKeyEntry.class)); 2338 assertFalse(keyStore.entryInstanceOf(ALIAS_PRIVATE, SecretKeyEntry.class)); 2339 assertFalse(keyStore.entryInstanceOf(ALIAS_PRIVATE, TrustedCertificateEntry.class)); 2340 2341 assertEquals(isNullPasswordAllowed(keyStore), 2342 keyStore.entryInstanceOf(ALIAS_NO_PASSWORD_PRIVATE, PrivateKeyEntry.class)); 2343 assertFalse(keyStore.entryInstanceOf(ALIAS_NO_PASSWORD_PRIVATE, SecretKeyEntry.class)); 2344 assertFalse(keyStore.entryInstanceOf(ALIAS_NO_PASSWORD_PRIVATE, 2345 TrustedCertificateEntry.class)); 2346 2347 assertEquals(isSecretKeyEnabled(keyStore), 2348 keyStore.entryInstanceOf(ALIAS_SECRET, SecretKeyEntry.class)); 2349 assertFalse(keyStore.entryInstanceOf(ALIAS_SECRET, PrivateKeyEntry.class)); 2350 assertFalse(keyStore.entryInstanceOf(ALIAS_SECRET, TrustedCertificateEntry.class)); 2351 2352 assertEquals(isCertificateEnabled(keyStore), 2353 keyStore.entryInstanceOf(ALIAS_CERTIFICATE, 2354 TrustedCertificateEntry.class)); 2355 assertFalse(keyStore.entryInstanceOf(ALIAS_CERTIFICATE, PrivateKeyEntry.class)); 2356 assertFalse(keyStore.entryInstanceOf(ALIAS_CERTIFICATE, SecretKeyEntry.class)); 2357 2358 // test case insensitive 2359 assertEquals(!isCaseSensitive(keyStore), 2360 keyStore.entryInstanceOf(ALIAS_ALT_CASE_PRIVATE, PrivateKeyEntry.class)); 2361 assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_PRIVATE, SecretKeyEntry.class)); 2362 assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_PRIVATE, 2363 TrustedCertificateEntry.class)); 2364 2365 assertEquals(!isCaseSensitive(keyStore) && isSecretKeyEnabled(keyStore), 2366 keyStore.entryInstanceOf(ALIAS_ALT_CASE_SECRET, SecretKeyEntry.class)); 2367 assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_SECRET, PrivateKeyEntry.class)); 2368 assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_SECRET, 2369 TrustedCertificateEntry.class)); 2370 2371 assertEquals(!isCaseSensitive(keyStore) && isCertificateEnabled(keyStore), 2372 keyStore.entryInstanceOf(ALIAS_ALT_CASE_CERTIFICATE, 2373 TrustedCertificateEntry.class)); 2374 assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_CERTIFICATE, 2375 PrivateKeyEntry.class)); 2376 assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_CERTIFICATE, SecretKeyEntry.class)); 2377 } 2378 } 2379 2380 // TODO(27810271): investigate why this is taking too long for armeabi-v7a 2381 public void test_KeyStore_Builder() throws Exception { 2382 for (KeyStore keyStore : keyStores()) { 2383 keyStore.load(null, null); 2384 try { 2385 Builder.newInstance(keyStore, null); 2386 fail(keyStore.getType()); 2387 } catch (NullPointerException expected) { 2388 } 2389 } 2390 2391 for (KeyStore keyStore : keyStores()) { 2392 try { 2393 Builder.newInstance(keyStore.getType(), 2394 keyStore.getProvider(), 2395 null); 2396 fail(keyStore.getType()); 2397 } catch (NullPointerException expected) { 2398 } 2399 } 2400 2401 for (KeyStore keyStore : keyStores()) { 2402 try { 2403 Builder.newInstance(null, 2404 null, 2405 null, 2406 null); 2407 fail(keyStore.getType()); 2408 } catch (NullPointerException expected) { 2409 } 2410 try { 2411 Builder.newInstance(keyStore.getType(), 2412 keyStore.getProvider(), 2413 null, 2414 null); 2415 fail(keyStore.getType()); 2416 } catch (NullPointerException expected) { 2417 } 2418 } 2419 2420 for (KeyStore keyStore : keyStores()) { 2421 keyStore.load(null, null); 2422 Builder builder = Builder.newInstance(keyStore, PARAM_STORE); 2423 try { 2424 builder.getProtectionParameter(null); 2425 fail(keyStore.getType()); 2426 } catch (NullPointerException expected) { 2427 } 2428 assertEquals(keyStore, builder.getKeyStore()); 2429 try { 2430 builder.getProtectionParameter(null); 2431 fail(keyStore.getType()); 2432 } catch (NullPointerException expected) { 2433 } 2434 assertEquals(PARAM_STORE, builder.getProtectionParameter("")); 2435 } 2436 2437 for (KeyStore keyStore : keyStores()) { 2438 populate(keyStore); 2439 2440 File file = File.createTempFile("keystore", keyStore.getProvider().getName()); 2441 OutputStream os = null; 2442 try { 2443 os = new FileOutputStream(file); 2444 if (isLoadStoreUnsupported(keyStore) || isReadOnly(keyStore)) { 2445 try { 2446 keyStore.store(os, PASSWORD_STORE); 2447 fail(keyStore.getType()); 2448 } catch (UnsupportedOperationException expected) { 2449 } 2450 continue; 2451 } 2452 2453 keyStore.store(os, PASSWORD_STORE); 2454 os.close(); 2455 Builder builder = Builder.newInstance(keyStore.getType(), 2456 keyStore.getProvider(), 2457 file, 2458 PARAM_STORE); 2459 assertEquals(keyStore.getType(), builder.getKeyStore().getType()); 2460 assertEquals(keyStore.getProvider(), builder.getKeyStore().getProvider()); 2461 assertEquals(PARAM_STORE, builder.getProtectionParameter("")); 2462 assertEqualsKeyStores(file, PASSWORD_STORE, keyStore); 2463 } finally { 2464 try { 2465 if (os != null) { 2466 os.close(); 2467 } 2468 } catch (IOException ignored) { 2469 } 2470 file.delete(); 2471 } 2472 } 2473 2474 for (KeyStore keyStore : keyStores()) { 2475 if (isLoadStoreUnsupported(keyStore)) { 2476 continue; 2477 } 2478 Builder builder = Builder.newInstance(keyStore.getType(), 2479 keyStore.getProvider(), 2480 PARAM_STORE); 2481 assertEquals(keyStore.getType(), builder.getKeyStore().getType()); 2482 assertEquals(keyStore.getProvider(), builder.getKeyStore().getProvider()); 2483 assertEquals(PARAM_STORE, builder.getProtectionParameter("")); 2484 } 2485 } 2486 2487 public void test_KeyStore_cacerts() throws Exception { 2488 if (StandardNames.IS_RI) { 2489 return; 2490 } 2491 KeyStore ks = KeyStore.getInstance("AndroidCAStore"); 2492 assertEquals("AndroidCAStore", ks.getType()); 2493 assertEquals("HarmonyJSSE", ks.getProvider().getName()); 2494 2495 ks.load(null, null); 2496 for (String alias : Collections.list(ks.aliases())) { 2497 Certificate c = null; 2498 try { 2499 c = ks.getCertificate(alias); 2500 assertNotNull(c); 2501 assertTrue(ks.isCertificateEntry(alias)); 2502 assertTrue(ks.entryInstanceOf(alias, TrustedCertificateEntry.class)); 2503 assertEquals(alias, ks.getCertificateAlias(c)); 2504 2505 assertTrue(c instanceof X509Certificate); 2506 X509Certificate cert = (X509Certificate) c; 2507 assertEquals(cert.getSubjectUniqueID(), cert.getIssuerUniqueID()); 2508 assertNotNull(cert.getPublicKey()); 2509 2510 assertTrue(ks.containsAlias(alias)); 2511 assertNotNull(ks.getCreationDate(alias)); 2512 assertNotNull(ks.getEntry(alias, null)); 2513 2514 assertFalse(ks.isKeyEntry(alias)); 2515 assertNull(ks.getKey(alias, null)); 2516 assertNull(ks.getCertificateChain(alias)); 2517 2518 } catch (Throwable t) { 2519 throw new Exception("alias=" + alias + " cert=" + c, t); 2520 } 2521 } 2522 } 2523 2524 // http://b/857840: want JKS key store 2525 public void testDefaultKeystore() { 2526 String type = KeyStore.getDefaultType(); 2527 assertEquals(StandardNames.KEY_STORE_ALGORITHM, type); 2528 2529 try { 2530 KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType()); 2531 assertNotNull("Keystore must not be null", store); 2532 } catch (Exception ex) { 2533 throw new RuntimeException(ex); 2534 } 2535 2536 try { 2537 KeyStore store = KeyStore.getInstance(StandardNames.KEY_STORE_ALGORITHM); 2538 assertNotNull("Keystore must not be null", store); 2539 } catch (Exception ex) { 2540 throw new RuntimeException(ex); 2541 } 2542 } 2543 } 2544