1 /* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package org.conscrypt.javax.net.ssl; 17 18 import static org.junit.Assert.fail; 19 20 import java.security.GeneralSecurityException; 21 import java.security.KeyFactory; 22 import java.security.KeyPairGenerator; 23 import java.security.PrivateKey; 24 import java.security.interfaces.ECPrivateKey; 25 import java.security.spec.DSAParameterSpec; 26 import java.security.spec.DSAPrivateKeySpec; 27 import java.security.spec.RSAPrivateKeySpec; 28 import java.util.HashMap; 29 import java.util.Map; 30 import javax.net.ssl.X509ExtendedKeyManager; 31 32 /** 33 * {@link X509ExtendedKeyManager} which forwards all calls to a delegate while substituting 34 * the returned private key with its own randomly generated keys of the same type (and parameters). 35 */ 36 public class RandomPrivateKeyX509ExtendedKeyManager extends ForwardingX509ExtendedKeyManager { 37 private final Map<String, PrivateKey> cachedKeys = new HashMap<String, PrivateKey>(); 38 public RandomPrivateKeyX509ExtendedKeyManager(X509ExtendedKeyManager delegate) { 39 super(delegate); 40 } 41 @Override 42 public PrivateKey getPrivateKey(String alias) { 43 PrivateKey originalPrivateKey = super.getPrivateKey(alias); 44 if (originalPrivateKey == null) { 45 return null; 46 } 47 PrivateKey result; 48 String keyAlgorithm = originalPrivateKey.getAlgorithm(); 49 try { 50 KeyFactory keyFactory = KeyFactory.getInstance(keyAlgorithm); 51 if ("RSA".equals(keyAlgorithm)) { 52 RSAPrivateKeySpec originalKeySpec = 53 keyFactory.getKeySpec(originalPrivateKey, RSAPrivateKeySpec.class); 54 int keyLengthBits = originalKeySpec.getModulus().bitLength(); 55 // Use a cache because RSA key generation is slow. 56 String cacheKey = keyAlgorithm + "-" + keyLengthBits; 57 result = cachedKeys.get(cacheKey); 58 if (result == null) { 59 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlgorithm); 60 keyPairGenerator.initialize(keyLengthBits); 61 result = keyPairGenerator.generateKeyPair().getPrivate(); 62 cachedKeys.put(cacheKey, result); 63 } 64 } else if ("DSA".equals(keyAlgorithm)) { 65 DSAPrivateKeySpec originalKeySpec = 66 keyFactory.getKeySpec(originalPrivateKey, DSAPrivateKeySpec.class); 67 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlgorithm); 68 keyPairGenerator.initialize(new DSAParameterSpec( 69 originalKeySpec.getP(), originalKeySpec.getQ(), originalKeySpec.getG())); 70 result = keyPairGenerator.generateKeyPair().getPrivate(); 71 } else if ("EC".equals(keyAlgorithm)) { 72 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlgorithm); 73 keyPairGenerator.initialize(((ECPrivateKey) originalPrivateKey).getParams()); 74 result = keyPairGenerator.generateKeyPair().getPrivate(); 75 } else { 76 fail("Unsupported key algorithm: " + originalPrivateKey.getAlgorithm()); 77 result = null; 78 } 79 } catch (GeneralSecurityException e) { 80 fail("Failed to generate private key: " + e); 81 result = null; 82 } 83 return result; 84 } 85 } 86