Google Git
Sign in
nest-open-source / nest-cam / 4320010 / android-platform-libcore / d509ea701be68df7cda4e77e80f3e82d00f1367d / . / android-platform-libcore / luni / src / test / java / libcore / java / security / KeyStoreTest.java
blob: 072bd6df5465c4ef0dc42ffd203db041f171e8b3 [file] [log] [blame]
/*
* Copyright (C) 2010 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package libcore.java.security;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStore.Builder;
import java.security.KeyStore.Entry;
import java.security.KeyStore.LoadStoreParameter;
import java.security.KeyStore.PasswordProtection;
import java.security.KeyStore.PrivateKeyEntry;
import java.security.KeyStore.ProtectionParameter;
import java.security.KeyStore.SecretKeyEntry;
import java.security.KeyStore.TrustedCertificateEntry;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import junit.framework.TestCase;
public class KeyStoreTest extends TestCase {
private static final PrivateKeyEntry PRIVATE_KEY
= TestKeyStore.privateKey(TestKeyStore.getServer().keyStore,
TestKeyStore.getServer().keyPassword,
"RSA");
private static final PrivateKeyEntry PRIVATE_KEY_2
= TestKeyStore.privateKey(TestKeyStore.getClientCertificate().keyStore,
TestKeyStore.getClientCertificate().keyPassword,
"RSA");
private static final SecretKey SECRET_KEY = generateSecretKey();
private static final SecretKey SECRET_KEY_2 = generateSecretKey();
private static SecretKey generateSecretKey() {
try {
KeyGenerator kg = KeyGenerator.getInstance("DES");
return kg.generateKey();
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
private static final String ALIAS_PRIVATE = "private";
private static final String ALIAS_CERTIFICATE = "certificate";
private static final String ALIAS_SECRET = "secret";
private static final String ALIAS_ALT_CASE_PRIVATE = "pRiVaTe";
private static final String ALIAS_ALT_CASE_CERTIFICATE = "cErTiFiCaTe";
private static final String ALIAS_ALT_CASE_SECRET = "sEcRet";
private static final String ALIAS_NO_PASSWORD_PRIVATE = "private-no-password";
private static final String ALIAS_NO_PASSWORD_SECRET = "secret-no-password";
private static final char[] PASSWORD_STORE = "store password".toCharArray();
private static final char[] PASSWORD_KEY = "key password".toCharArray();
private static final char[] PASSWORD_BAD = "dummy".toCharArray();
private static final ProtectionParameter PARAM_STORE = new PasswordProtection(PASSWORD_STORE);
private static final ProtectionParameter PARAM_KEY = new PasswordProtection(PASSWORD_KEY);
private static final ProtectionParameter PARAM_BAD = new PasswordProtection(PASSWORD_BAD);
public static List<KeyStore> keyStores () throws Exception {
List<KeyStore> keyStores = new ArrayList<KeyStore>();
Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
Set<Provider.Service> services = provider.getServices();
for (Provider.Service service : services) {
String type = service.getType();
if (!type.equals("KeyStore")) {
continue;
}
String algorithm = service.getAlgorithm();
KeyStore ks = KeyStore.getInstance(algorithm, provider);
assertEquals(provider, ks.getProvider());
assertEquals(algorithm, ks.getType());
if (!isUnsupported(ks)) {
keyStores.add(ks);
}
}
}
return keyStores;
}
private static boolean isSecretKeyEnabled(KeyStore ks) {
// JKS key stores cannot store secret keys, neither can the RI's PKCS12
return (!(ks.getType().equals("JKS")
|| ks.getType().equals("CaseExactJKS")
|| (ks.getType().equals("PKCS12"))));
}
private static boolean isCertificateEnabled(KeyStore ks) {
// RI can't handle certificate in PKCS12, but BC can
return (!(ks.getType().equals("PKCS12") && ks.getProvider().getName().equals("SunJSSE")));
}
private static boolean isCaseSensitive(KeyStore ks) {
return (ks.getType().equals("CaseExactJKS")
|| ks.getType().equals("BKS")
|| ks.getType().equals("BouncyCastle"));
}
private static boolean isUnsupported(KeyStore ks) {
// Don't bother testing BC on RI
return (StandardNames.IS_RI && ks.getProvider().getName().equals("BC"));
}
private static boolean isNullPasswordAllowed(KeyStore ks) {
return (!(ks.getType().equals("JKS")
|| ks.getType().equals("CaseExactJKS")
|| ks.getType().equals("JCEKS")
|| ks.getType().equals("PKCS12")));
}
private static boolean isKeyPasswordIgnored(KeyStore ks) {
// BouncyCastle's PKCS12 ignores the key password unlike the RI which requires it
return (ks.getType().equals("PKCS12") && ks.getProvider().getName().equals("BC"));
}
private static boolean isSetKeyByteArrayUnimplemented(KeyStore ks) {
// All of BouncyCastle's
// KeyStore.setKeyEntry(String,byte[],char[]) implementations
// throw RuntimeException
return (ks.getProvider().getName().equals("BC"));
}
public static void populate(KeyStore ks) throws Exception {
ks.load(null, null);
setPrivateKey(ks);
if (isNullPasswordAllowed(ks)) {
ks.setKeyEntry(ALIAS_NO_PASSWORD_PRIVATE,
PRIVATE_KEY.getPrivateKey(),
null,
PRIVATE_KEY.getCertificateChain());
}
if (isCertificateEnabled(ks)) {
ks.setCertificateEntry(ALIAS_CERTIFICATE,
PRIVATE_KEY.getCertificate());
}
if (isSecretKeyEnabled(ks)) {
setSecretKey(ks);
if (isNullPasswordAllowed(ks)) {
ks.setKeyEntry(ALIAS_NO_PASSWORD_SECRET,
SECRET_KEY,
null,
null);
}
}
}
public static void setPrivateKey(KeyStore ks) throws Exception {
setPrivateKey(ks, ALIAS_PRIVATE);
}
public static void setPrivateKey(KeyStore ks, String alias) throws Exception {
setPrivateKey(ks, alias, PRIVATE_KEY);
}
public static void setPrivateKey(KeyStore ks,
String alias,
PrivateKeyEntry privateKey)
throws Exception {
ks.setKeyEntry(alias,
privateKey.getPrivateKey(),
PASSWORD_KEY,
privateKey.getCertificateChain());
}
public static void setPrivateKeyBytes(KeyStore ks) throws Exception {
setPrivateKeyBytes(ks, ALIAS_PRIVATE);
}
public static void setPrivateKeyBytes(KeyStore ks, String alias) throws Exception {
setPrivateKeyBytes(ks, alias, PRIVATE_KEY);
}
public static void setPrivateKeyBytes(KeyStore ks,
String alias,
PrivateKeyEntry privateKey)
throws Exception {
ks.setKeyEntry(alias,
privateKey.getPrivateKey().getEncoded(),
privateKey.getCertificateChain());
}
public static void setSecretKey(KeyStore ks) throws Exception {
setSecretKey(ks, ALIAS_SECRET);
}
public static void setSecretKey(KeyStore ks, String alias) throws Exception {
setSecretKey(ks, alias, SECRET_KEY);
}
public static void setSecretKey(KeyStore ks, String alias, SecretKey key) throws Exception {
ks.setKeyEntry(alias,
key,
PASSWORD_KEY,
null);
}
public static void setSecretKeyBytes(KeyStore ks) throws Exception {
setSecretKeyBytes(ks, ALIAS_SECRET);
}
public static void setSecretKeyBytes(KeyStore ks, String alias) throws Exception {
setSecretKeyBytes(ks, alias, SECRET_KEY);
}
public static void setSecretKeyBytes(KeyStore ks, String alias, SecretKey key)
throws Exception {
ks.setKeyEntry(alias,
key.getEncoded(),
null);
}
public static void setCertificate(KeyStore ks) throws Exception {
setCertificate(ks, ALIAS_CERTIFICATE);
}
public static void setCertificate(KeyStore ks, String alias) throws Exception {
setCertificate(ks, alias, PRIVATE_KEY.getCertificate());
}
public static void setCertificate(KeyStore ks, String alias, Certificate certificate)
throws Exception {
ks.setCertificateEntry(alias, certificate);
}
public static void assertPrivateKey(Key actual)
throws Exception {
assertEquals(PRIVATE_KEY.getPrivateKey(), actual);
}
public static void assertPrivateKey2(Key actual)
throws Exception {
assertEquals(PRIVATE_KEY_2.getPrivateKey(), actual);
}
public static void assertPrivateKey(Entry actual)
throws Exception {
assertSame(PrivateKeyEntry.class, actual.getClass());
PrivateKeyEntry privateKey = (PrivateKeyEntry) actual;
assertEquals(PRIVATE_KEY.getPrivateKey(), privateKey.getPrivateKey());
assertEquals(PRIVATE_KEY.getCertificate(), privateKey.getCertificate());
assertEquals(Arrays.asList(PRIVATE_KEY.getCertificateChain()),
Arrays.asList(privateKey.getCertificateChain()));
}
public static void assertSecretKey(Key actual)
throws Exception {
assertEquals(SECRET_KEY, actual);
}
public static void assertSecretKey2(Key actual)
throws Exception {
assertEquals(SECRET_KEY_2, actual);
}
public static void assertSecretKey(Entry actual)
throws Exception {
assertSame(SecretKeyEntry.class, actual.getClass());
assertEquals(SECRET_KEY, ((SecretKeyEntry) actual).getSecretKey());
}
public static void assertCertificate(Certificate actual)
throws Exception {
assertEquals(PRIVATE_KEY.getCertificate(), actual);
}
public static void assertCertificate2(Certificate actual)
throws Exception {
assertEquals(PRIVATE_KEY_2.getCertificate(), actual);
}
public static void assertCertificate(Entry actual)
throws Exception {
assertSame(TrustedCertificateEntry.class, actual.getClass());
assertEquals(PRIVATE_KEY.getCertificate(),
((TrustedCertificateEntry) actual).getTrustedCertificate());
}
public static void assertCertificateChain(Certificate[] actual)
throws Exception {
assertEquals(Arrays.asList(PRIVATE_KEY.getCertificateChain()),
Arrays.asList(actual));
}
public void test_KeyStore_create() throws Exception {
Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
Set<Provider.Service> services = provider.getServices();
for (Provider.Service service : services) {
String type = service.getType();
if (!type.equals("KeyStore")) {
continue;
}
String algorithm = service.getAlgorithm();
KeyStore ks = KeyStore.getInstance(algorithm, provider);
assertEquals(provider, ks.getProvider());
assertEquals(algorithm, ks.getType());
}
}
}
public void test_KeyStore_getInstance() throws Exception {
String type = KeyStore.getDefaultType();
try {
KeyStore.getInstance(null);
fail();
} catch (NullPointerException expected) {
}
assertNotNull(KeyStore.getInstance(type));
String providerName = StandardNames.SECURITY_PROVIDER_NAME;
try {
KeyStore.getInstance(null, (String)null);
fail();
} catch (IllegalArgumentException expected) {
}
try {
KeyStore.getInstance(null, providerName);
fail();
} catch (Exception e) {
if (e.getClass() != NullPointerException.class
&& e.getClass() != KeyStoreException.class) {
throw e;
}
}
try {
KeyStore.getInstance(type, (String)null);
fail();
} catch (IllegalArgumentException expected) {
}
assertNotNull(KeyStore.getInstance(type, providerName));
Provider provider = Security.getProvider(providerName);
try {
KeyStore.getInstance(null, (Provider)null);
fail();
} catch (IllegalArgumentException expected) {
}
try {
KeyStore.getInstance(null, provider);
fail();
} catch (NullPointerException expected) {
}
try {
KeyStore.getInstance(type, (Provider)null);
fail();
} catch (IllegalArgumentException expected) {
}
assertNotNull(KeyStore.getInstance(type, provider));
}
public void test_KeyStore_getDefaultType() throws Exception {
String type = KeyStore.getDefaultType();
assertNotNull(type);
KeyStore ks = KeyStore.getInstance(type);
assertNotNull(ks);
assertEquals(type, ks.getType());
}
public void test_KeyStore_getProvider() throws Exception {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
assertNotNull(ks.getProvider());
assertNotNull(StandardNames.SECURITY_PROVIDER_NAME, ks.getProvider().getName());
for (KeyStore keyStore : keyStores()) {
assertNotNull(keyStore.getProvider());
}
}
public void test_KeyStore_getType() throws Exception {
String type = KeyStore.getDefaultType();
KeyStore ks = KeyStore.getInstance(type);
assertNotNull(ks.getType());
assertNotNull(type, ks.getType());
for (KeyStore keyStore : keyStores()) {
assertNotNull(keyStore.getType());
}
}
public void test_KeyStore_getKey() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.getKey(null, null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
// test odd inputs
try {
keyStore.getKey(null, null);
fail();
} catch (Exception e) {
if (e.getClass() != NullPointerException.class
&& e.getClass() != IllegalArgumentException.class) {
throw e;
}
}
try {
keyStore.getKey(null, PASSWORD_KEY);
fail();
} catch (Exception e) {
if (e.getClass() != NullPointerException.class
&& e.getClass() != IllegalArgumentException.class
&& e.getClass() != KeyStoreException.class) {
throw e;
}
}
assertNull(keyStore.getKey("", null));
assertNull(keyStore.getKey("", PASSWORD_KEY));
// test case sensitive
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
} else {
assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
}
// test case insensitive
if (isCaseSensitive(keyStore)) {
assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
} else {
assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
}
}
// test with null passwords
if (isKeyPasswordIgnored(keyStore)) {
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null));
} else {
try {
keyStore.getKey(ALIAS_PRIVATE, null);
fail();
} catch (Exception e) {
if (e.getClass() != UnrecoverableKeyException.class
&& e.getClass() != IllegalArgumentException.class) {
throw e;
}
}
}
if (isSecretKeyEnabled(keyStore)) {
try {
keyStore.getKey(ALIAS_SECRET, null);
fail();
} catch (Exception e) {
if (e.getClass() != UnrecoverableKeyException.class
&& e.getClass() != IllegalArgumentException.class) {
throw e;
}
}
}
// test with bad passwords
if (isKeyPasswordIgnored(keyStore)) {
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null));
} else {
try {
keyStore.getKey(ALIAS_PRIVATE, PASSWORD_BAD);
fail();
} catch (UnrecoverableKeyException expected) {
}
}
if (isSecretKeyEnabled(keyStore)) {
try {
keyStore.getKey(ALIAS_SECRET, PASSWORD_BAD);
fail();
} catch (UnrecoverableKeyException expected) {
}
}
}
}
public void test_KeyStore_getCertificateChain() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.getCertificateChain(null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
// test odd inputs
try {
keyStore.getCertificateChain(null);
fail();
} catch (Exception e) {
if (e.getClass() != NullPointerException.class
&& e.getClass() != IllegalArgumentException.class) {
throw e;
}
}
assertNull(keyStore.getCertificateChain(""));
// test case sensitive
assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE));
// test case insensitive
if (isCaseSensitive(keyStore)) {
assertNull(keyStore.getCertificateChain(ALIAS_ALT_CASE_PRIVATE));
} else {
assertCertificateChain(keyStore.getCertificateChain(ALIAS_ALT_CASE_PRIVATE));
}
}
}
public void test_KeyStore_getCertificate() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.getCertificate(null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
// test odd inputs
try {
keyStore.getCertificate(null);
fail();
} catch (Exception e) {
if (e.getClass() != NullPointerException.class
&& e.getClass() != IllegalArgumentException.class) {
throw e;
}
}
assertNull(keyStore.getCertificate(""));
// test case sensitive
if (isCertificateEnabled(keyStore)) {
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
} else {
assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE));
}
// test case insensitive
if (isCaseSensitive(keyStore)) {
assertNull(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE));
} else {
if (isCertificateEnabled(keyStore)) {
assertCertificate(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE));
}
}
}
}
public void test_KeyStore_getCreationDate() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
assertNotNull(keyStore.getCreationDate(null));
} catch (KeyStoreException expected) {
}
}
long before = System.currentTimeMillis();
for (KeyStore keyStore : keyStores()) {
// add 1000 since some key stores round of time to nearest second
long after = System.currentTimeMillis() + 1000;
populate(keyStore);
// test odd inputs
try {
keyStore.getCreationDate(null);
fail();
} catch (NullPointerException expected) {
}
assertNull(keyStore.getCreationDate(""));
// test case sensitive
if (isCertificateEnabled(keyStore)) {
Date date = keyStore.getCreationDate(ALIAS_CERTIFICATE);
assertNotNull(date);
assertTrue(before <= date.getTime());
assertTrue(date.getTime() <= after);
} else {
assertNull(keyStore.getCreationDate(ALIAS_CERTIFICATE));
}
// test case insensitive
if (isCaseSensitive(keyStore)) {
assertNull(keyStore.getCreationDate(ALIAS_ALT_CASE_CERTIFICATE));
} else {
if (isCertificateEnabled(keyStore)) {
Date date = keyStore.getCreationDate(ALIAS_ALT_CASE_CERTIFICATE);
assertTrue(before <= date.getTime());
assertTrue(date.getTime() <= after);
}
}
}
}
public void test_KeyStore_setKeyEntry_Key() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.setKeyEntry(null, null, null, null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
// test odd inputs
try {
keyStore.setKeyEntry(null, null, null, null);
fail();
} catch (Exception e) {
if (e.getClass() != NullPointerException.class
&& e.getClass() != KeyStoreException.class) {
throw e;
}
}
try {
keyStore.setKeyEntry(null, null, PASSWORD_KEY, null);
fail();
} catch (Exception e) {
if (e.getClass() != NullPointerException.class
&& e.getClass() != KeyStoreException.class) {
throw e;
}
}
try {
keyStore.setKeyEntry(ALIAS_PRIVATE,
PRIVATE_KEY.getPrivateKey(),
PASSWORD_KEY,
null);
fail();
} catch (IllegalArgumentException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
// test case sensitive
assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
setPrivateKey(keyStore);
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE));
if (isSecretKeyEnabled(keyStore)) {
assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
setSecretKey(keyStore);
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
} else {
try {
keyStore.setKeyEntry(ALIAS_SECRET, SECRET_KEY, PASSWORD_KEY, null);
fail();
} catch (Exception e) {
if (e.getClass() != KeyStoreException.class
&& e.getClass() != NullPointerException.class) {
throw e;
}
}
}
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
// test case insensitive
if (isCaseSensitive(keyStore)) {
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
setPrivateKey(keyStore, ALIAS_ALT_CASE_PRIVATE, PRIVATE_KEY_2);
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
setSecretKey(keyStore, ALIAS_ALT_CASE_SECRET, SECRET_KEY_2);
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
}
} else {
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
setPrivateKey(keyStore, ALIAS_ALT_CASE_PRIVATE, PRIVATE_KEY_2);
assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
setSecretKey(keyStore, ALIAS_ALT_CASE_PRIVATE, SECRET_KEY_2);
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
}
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
// test with null passwords
if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) {
keyStore.setKeyEntry(ALIAS_PRIVATE,
PRIVATE_KEY.getPrivateKey(),
null,
PRIVATE_KEY.getCertificateChain());
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, null));
} else {
try {
keyStore.setKeyEntry(ALIAS_PRIVATE,
PRIVATE_KEY.getPrivateKey(),
null,
PRIVATE_KEY.getCertificateChain());
fail();
} catch (Exception e) {
if (e.getClass() != UnrecoverableKeyException.class
&& e.getClass() != IllegalArgumentException.class
&& e.getClass() != KeyStoreException.class) {
throw e;
}
}
}
if (isSecretKeyEnabled(keyStore)) {
if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) {
keyStore.setKeyEntry(ALIAS_SECRET, SECRET_KEY, null, null);
assertSecretKey(keyStore.getKey(ALIAS_SECRET, null));
} else {
try {
keyStore.setKeyEntry(ALIAS_SECRET, SECRET_KEY, null, null);
fail();
} catch (Exception e) {
if (e.getClass() != UnrecoverableKeyException.class
&& e.getClass() != IllegalArgumentException.class
&& e.getClass() != KeyStoreException.class) {
throw e;
}
}
}
}
}
}
public void test_KeyStore_setKeyEntry_array() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.setKeyEntry(null, null, null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
// test odd inputs
try {
keyStore.setKeyEntry(null, null, null);
fail();
} catch (Exception e) {
if (e.getClass() != NullPointerException.class
&& e.getClass() != IllegalArgumentException.class
&& e.getClass() != KeyStoreException.class
&& e.getClass() != RuntimeException.class) {
throw e;
}
}
}
for (KeyStore keyStore : keyStores()) {
if (!isNullPasswordAllowed(keyStore)) {
// TODO Use EncryptedPrivateKeyInfo to protect keys if
// password is required.
continue;
}
if (isSetKeyByteArrayUnimplemented(keyStore)) {
continue;
}
keyStore.load(null, null);
// test case sensitive
assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
setPrivateKeyBytes(keyStore);
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE));
if (isSecretKeyEnabled(keyStore)) {
assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
setSecretKeyBytes(keyStore);
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
} else {
try {
keyStore.setKeyEntry(ALIAS_SECRET, SECRET_KEY.getEncoded(), null);
fail();
} catch (KeyStoreException expected) {
}
}
}
for (KeyStore keyStore : keyStores()) {
if (!isNullPasswordAllowed(keyStore)) {
// TODO Use EncryptedPrivateKeyInfo to protect keys if
// password is required.
continue;
}
if (isSetKeyByteArrayUnimplemented(keyStore)) {
continue;
}
populate(keyStore);
// test case insensitive
if (isCaseSensitive(keyStore)) {
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
setPrivateKeyBytes(keyStore, ALIAS_ALT_CASE_PRIVATE, PRIVATE_KEY_2);
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
setSecretKeyBytes(keyStore, ALIAS_ALT_CASE_PRIVATE, SECRET_KEY_2);
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
}
} else {
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
setPrivateKeyBytes(keyStore, ALIAS_ALT_CASE_PRIVATE, PRIVATE_KEY_2);
assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
setSecretKeyBytes(keyStore, ALIAS_ALT_CASE_PRIVATE, SECRET_KEY_2);
assertSecretKey2(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
}
}
}
}
public void test_KeyStore_setCertificateEntry() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.setCertificateEntry(null, null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
// test odd inputs
try {
keyStore.setCertificateEntry(null, null);
fail();
} catch (Exception e) {
if (e.getClass() != NullPointerException.class
&& e.getClass() != KeyStoreException.class) {
throw e;
}
}
// Sort of delete by setting null. Note that even though
// certificiate is null, size doesn't change,
// isCertificateEntry returns true, and it is still listed in aliases.
if (isCertificateEnabled(keyStore)) {
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
try {
int size = keyStore.size();
keyStore.setCertificateEntry(ALIAS_CERTIFICATE, null);
assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE));
assertEquals(size, keyStore.size());
assertTrue(keyStore.isCertificateEntry(ALIAS_CERTIFICATE));
assertTrue(Collections.list(keyStore.aliases()).contains(ALIAS_CERTIFICATE));
} catch (NullPointerException expectedSometimes) {
assertEquals("PKCS12", keyStore.getType());
assertEquals("BC", keyStore.getProvider().getName());
}
} else {
try {
keyStore.setCertificateEntry(ALIAS_CERTIFICATE, null);
} catch (KeyStoreException expected) {
}
}
}
for (KeyStore keyStore : keyStores()) {
if (!isCertificateEnabled(keyStore)) {
continue;
}
keyStore.load(null, null);
// test case sensitive
assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE));
setCertificate(keyStore);
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
}
for (KeyStore keyStore : keyStores()) {
if (!isCertificateEnabled(keyStore)) {
continue;
}
populate(keyStore);
// test case insensitive
if (isCaseSensitive(keyStore)) {
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
assertNull(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE));
setCertificate(keyStore,
ALIAS_ALT_CASE_CERTIFICATE,
PRIVATE_KEY_2.getCertificate());
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
assertCertificate2(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE));
} else {
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
assertCertificate(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE));
setCertificate(keyStore,
ALIAS_ALT_CASE_CERTIFICATE,
PRIVATE_KEY_2.getCertificate());
assertCertificate2(keyStore.getCertificate(ALIAS_CERTIFICATE));
assertCertificate2(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE));
}
}
}
public void test_KeyStore_deleteEntry() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.deleteEntry(null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
// test odd inputs
try {
keyStore.deleteEntry(null);
fail();
} catch (Exception e) {
if (e.getClass() != NullPointerException.class
&& e.getClass() != KeyStoreException.class) {
throw e;
}
}
keyStore.deleteEntry("");
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
// test case sensitive
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE));
keyStore.deleteEntry(ALIAS_PRIVATE);
assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
keyStore.deleteEntry(ALIAS_SECRET);
assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
} else {
keyStore.deleteEntry(ALIAS_SECRET);
}
if (isCertificateEnabled(keyStore)) {
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
keyStore.deleteEntry(ALIAS_CERTIFICATE);
assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE));
} else {
keyStore.deleteEntry(ALIAS_CERTIFICATE);
}
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
// test case insensitive
if (isCaseSensitive(keyStore)) {
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
keyStore.deleteEntry(ALIAS_ALT_CASE_PRIVATE);
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
keyStore.deleteEntry(ALIAS_ALT_CASE_SECRET);
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
} else {
keyStore.deleteEntry(ALIAS_SECRET);
}
if (isCertificateEnabled(keyStore)) {
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
keyStore.deleteEntry(ALIAS_ALT_CASE_CERTIFICATE);
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
} else {
keyStore.deleteEntry(ALIAS_CERTIFICATE);
}
}
}
}
public void test_KeyStore_aliases() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.aliases();
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
assertEquals(Collections.EMPTY_SET, new HashSet(Collections.list(keyStore.aliases())));
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
Set<String> expected = new HashSet<String>();
expected.add(ALIAS_PRIVATE);
if (isNullPasswordAllowed(keyStore)) {
expected.add(ALIAS_NO_PASSWORD_PRIVATE);
}
if (isSecretKeyEnabled(keyStore)) {
expected.add(ALIAS_SECRET);
if (isNullPasswordAllowed(keyStore)) {
expected.add(ALIAS_NO_PASSWORD_SECRET);
}
}
if (isCertificateEnabled(keyStore)) {
expected.add(ALIAS_CERTIFICATE);
}
assertEquals(expected, new HashSet<String>(Collections.list(keyStore.aliases())));
}
}
public void test_KeyStore_containsAlias() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.containsAlias(null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
try {
keyStore.containsAlias(null);
fail();
} catch (NullPointerException expected) {
}
assertFalse(keyStore.containsAlias(""));
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
assertFalse(keyStore.containsAlias(""));
assertTrue(keyStore.containsAlias(ALIAS_PRIVATE));
assertEquals(isSecretKeyEnabled(keyStore), keyStore.containsAlias(ALIAS_SECRET));
assertEquals(isCertificateEnabled(keyStore), keyStore.containsAlias(ALIAS_CERTIFICATE));
assertEquals(!isCaseSensitive(keyStore),
keyStore.containsAlias(ALIAS_ALT_CASE_PRIVATE));
assertEquals(!isCaseSensitive(keyStore) && isSecretKeyEnabled(keyStore),
keyStore.containsAlias(ALIAS_ALT_CASE_SECRET));
assertEquals(!isCaseSensitive(keyStore) && isCertificateEnabled(keyStore),
keyStore.containsAlias(ALIAS_ALT_CASE_CERTIFICATE));
}
}
public void test_KeyStore_size() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.aliases();
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
assertEquals(0, keyStore.size());
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
int expected = 1;
if (isNullPasswordAllowed(keyStore)) {
expected++;
}
if (isSecretKeyEnabled(keyStore)) {
expected++;
if (isNullPasswordAllowed(keyStore)) {
expected++;
}
}
if (isCertificateEnabled(keyStore)) {
expected++;
}
assertEquals(expected, keyStore.size());
}
}
public void test_KeyStore_isKeyEntry() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.isKeyEntry(null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
try {
keyStore.isKeyEntry(null);
fail();
} catch (NullPointerException expected) {
}
assertFalse(keyStore.isKeyEntry(""));
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
assertFalse(keyStore.isKeyEntry(""));
assertTrue(keyStore.isKeyEntry(ALIAS_PRIVATE));
assertEquals(isSecretKeyEnabled(keyStore), keyStore.isKeyEntry(ALIAS_SECRET));
assertFalse(keyStore.isKeyEntry(ALIAS_CERTIFICATE));
assertEquals(!isCaseSensitive(keyStore),
keyStore.isKeyEntry(ALIAS_ALT_CASE_PRIVATE));
assertEquals(!isCaseSensitive(keyStore) && isSecretKeyEnabled(keyStore),
keyStore.isKeyEntry(ALIAS_ALT_CASE_SECRET));
assertFalse(keyStore.isKeyEntry(ALIAS_ALT_CASE_CERTIFICATE));
}
}
public void test_KeyStore_isCertificateEntry() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.isCertificateEntry(null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
if (isCertificateEnabled(keyStore)) {
try {
keyStore.isCertificateEntry(null);
fail();
} catch (NullPointerException expected) {
}
} else {
assertFalse(keyStore.isCertificateEntry(null));
}
assertFalse(keyStore.isCertificateEntry(""));
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
assertFalse(keyStore.isCertificateEntry(""));
assertFalse(keyStore.isCertificateEntry(ALIAS_PRIVATE));
assertFalse(keyStore.isCertificateEntry(ALIAS_SECRET));
assertEquals(isCertificateEnabled(keyStore),
keyStore.isCertificateEntry(ALIAS_CERTIFICATE));
assertFalse(keyStore.isCertificateEntry(ALIAS_ALT_CASE_PRIVATE));
assertFalse(keyStore.isCertificateEntry(ALIAS_ALT_CASE_SECRET));
assertEquals(!isCaseSensitive(keyStore) && isCertificateEnabled(keyStore),
keyStore.isCertificateEntry(ALIAS_ALT_CASE_CERTIFICATE));
}
}
public void test_KeyStore_getCertificateAlias() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.getCertificateAlias(null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
assertNull(keyStore.getCertificateAlias(null));
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
Set<String> expected = new HashSet<String>();
expected.add(ALIAS_PRIVATE);
if (isNullPasswordAllowed(keyStore)) {
expected.add(ALIAS_NO_PASSWORD_PRIVATE);
}
if (isCertificateEnabled(keyStore)) {
expected.add(ALIAS_CERTIFICATE);
}
String actual = keyStore.getCertificateAlias(PRIVATE_KEY.getCertificate());
assertTrue(expected.contains(actual));
assertNull(keyStore.getCertificateAlias(PRIVATE_KEY_2.getCertificate()));
}
}
public void assertEqualsKeyStores(File expected, char[] storePassword, KeyStore actual)
throws Exception{
KeyStore ks = KeyStore.getInstance(actual.getType(), actual.getProvider());
ks.load(new FileInputStream(expected), storePassword);
assertEqualsKeyStores(ks, actual);
}
public void assertEqualsKeyStores(KeyStore expected,
ByteArrayOutputStream actual, char[] storePassword)
throws Exception{
KeyStore ks = KeyStore.getInstance(expected.getType(), expected.getProvider());
ks.load(new ByteArrayInputStream(actual.toByteArray()), storePassword);
assertEqualsKeyStores(expected, ks);
}
public void assertEqualsKeyStores(KeyStore expected, KeyStore actual)
throws Exception{
assertEquals(expected.size(), actual.size());
for (String alias : Collections.list(actual.aliases())) {
if (alias.equals(ALIAS_NO_PASSWORD_PRIVATE)
|| alias.equals(ALIAS_NO_PASSWORD_SECRET)) {
assertEquals(expected.getKey(alias, null),
actual.getKey(alias, null));
} else {
assertEquals(expected.getKey(alias, PASSWORD_KEY),
actual.getKey(alias, PASSWORD_KEY));
}
assertEquals(expected.getCertificate(alias), actual.getCertificate(alias));
}
}
public void test_KeyStore_store_OutputStream() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.store(null, null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
ByteArrayOutputStream out = new ByteArrayOutputStream();
if (isNullPasswordAllowed(keyStore)) {
keyStore.store(out, null);
assertEqualsKeyStores(keyStore, out, null);
} else {
try {
keyStore.store(out, null);
} catch (Exception e) {
if (e.getClass() != IllegalArgumentException.class
&& e.getClass() != NullPointerException.class) {
throw e;
}
}
}
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
ByteArrayOutputStream out = new ByteArrayOutputStream();
if (isNullPasswordAllowed(keyStore)) {
keyStore.store(out, null);
assertEqualsKeyStores(keyStore, out, null);
} else {
try {
keyStore.store(out, null);
} catch (Exception e) {
if (e.getClass() != IllegalArgumentException.class
&& e.getClass() != NullPointerException.class) {
throw e;
}
}
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
ByteArrayOutputStream out = new ByteArrayOutputStream();
keyStore.store(out, PASSWORD_STORE);
assertEqualsKeyStores(keyStore, out, PASSWORD_STORE);
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
ByteArrayOutputStream out = new ByteArrayOutputStream();
keyStore.store(out, PASSWORD_STORE);
assertEqualsKeyStores(keyStore, out, PASSWORD_STORE);
}
}
public void test_KeyStore_store_LoadStoreParameter() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.store(null);
fail();
} catch (KeyStoreException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
try {
keyStore.store(null);
fail();
} catch (UnsupportedOperationException expected) {
}
}
}
public void test_KeyStore_load_InputStream() throws Exception {
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
assertEquals(0, keyStore.size());
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, PASSWORD_STORE);
assertEquals(0, keyStore.size());
}
// test_KeyStore_store_OutputStream effectively tests load as well as store
}
public void test_KeyStore_load_LoadStoreParameter() throws Exception {
for (KeyStore keyStore : keyStores()) {
keyStore.load(null);
assertEquals(0, keyStore.size());
}
for (KeyStore keyStore : keyStores()) {
try {
keyStore.load(new LoadStoreParameter() {
public ProtectionParameter getProtectionParameter() {
return null;
}
});
assertEquals(0, keyStore.size());
} catch (UnsupportedOperationException expected) {
}
}
}
public void test_KeyStore_getEntry() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.getEntry(null, null);
fail();
} catch (NullPointerException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
// test odd inputs
try {
keyStore.getEntry(null, null);
fail();
} catch (NullPointerException expected) {
}
try {
keyStore.getEntry(null, PARAM_KEY);
fail();
} catch (NullPointerException expected) {
}
assertNull(keyStore.getEntry("", null));
assertNull(keyStore.getEntry("", PARAM_KEY));
// test case sensitive
assertPrivateKey(keyStore.getEntry(ALIAS_PRIVATE, PARAM_KEY));
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getEntry(ALIAS_SECRET, PARAM_KEY));
} else {
assertNull(keyStore.getEntry(ALIAS_SECRET, PARAM_KEY));
}
if (isCertificateEnabled(keyStore)) {
assertCertificate(keyStore.getEntry(ALIAS_CERTIFICATE, null));
} else {
assertNull(keyStore.getEntry(ALIAS_CERTIFICATE, null));
}
// test case insensitive
if (isCaseSensitive(keyStore)) {
assertNull(keyStore.getEntry(ALIAS_ALT_CASE_PRIVATE, PARAM_KEY));
assertNull(keyStore.getEntry(ALIAS_ALT_CASE_SECRET, PARAM_KEY));
} else {
assertPrivateKey(keyStore.getEntry(ALIAS_ALT_CASE_PRIVATE, PARAM_KEY));
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getEntry(ALIAS_ALT_CASE_SECRET, PARAM_KEY));
}
}
if (isCaseSensitive(keyStore)) {
assertNull(keyStore.getEntry(ALIAS_ALT_CASE_CERTIFICATE, null));
} else {
if (isCertificateEnabled(keyStore)) {
assertCertificate(keyStore.getEntry(ALIAS_ALT_CASE_CERTIFICATE, null));
}
}
// test with null passwords
if (isNullPasswordAllowed(keyStore)) {
assertPrivateKey(keyStore.getEntry(ALIAS_NO_PASSWORD_PRIVATE, null));
} else if (isKeyPasswordIgnored(keyStore)) {
assertPrivateKey(keyStore.getEntry(ALIAS_PRIVATE, null));
} else {
try {
keyStore.getEntry(ALIAS_PRIVATE, null);
fail();
} catch (Exception e) {
if (e.getClass() != UnrecoverableKeyException.class
&& e.getClass() != IllegalArgumentException.class) {
throw e;
}
}
}
if (isSecretKeyEnabled(keyStore)) {
try {
keyStore.getEntry(ALIAS_SECRET, null);
fail();
} catch (Exception e) {
if (e.getClass() != UnrecoverableKeyException.class
&& e.getClass() != IllegalArgumentException.class) {
throw e;
}
}
}
// test with bad passwords
if (isKeyPasswordIgnored(keyStore)) {
assertPrivateKey(keyStore.getEntry(ALIAS_PRIVATE, PARAM_BAD));
} else {
try {
keyStore.getEntry(ALIAS_PRIVATE, PARAM_BAD);
fail();
} catch (UnrecoverableKeyException expected) {
}
}
if (isSecretKeyEnabled(keyStore)) {
try {
keyStore.getEntry(ALIAS_SECRET, PARAM_BAD);
fail();
} catch (UnrecoverableKeyException expected) {
}
}
}
}
public void test_KeyStore_setEntry() throws Exception {
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
try {
keyStore.setEntry(null, null, null);
fail();
} catch (NullPointerException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
// test odd inputs
try {
keyStore.setEntry(null, null, null);
fail();
} catch (Exception e) {
if (e.getClass() != NullPointerException.class
&& e.getClass() != KeyStoreException.class) {
throw e;
}
}
try {
keyStore.setEntry(null, null, PARAM_KEY);
fail();
} catch (Exception e) {
if (e.getClass() != NullPointerException.class
&& e.getClass() != KeyStoreException.class) {
throw e;
}
}
try {
keyStore.setEntry("", null, PARAM_KEY);
fail();
} catch (NullPointerException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
// test case sensitive
assertNull(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
keyStore.setEntry(ALIAS_PRIVATE, PRIVATE_KEY, PARAM_KEY);
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertCertificateChain(keyStore.getCertificateChain(ALIAS_PRIVATE));
if (isSecretKeyEnabled(keyStore)) {
assertNull(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
keyStore.setEntry(ALIAS_SECRET, new SecretKeyEntry(SECRET_KEY), PARAM_KEY);
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
} else {
try {
keyStore.setKeyEntry(ALIAS_SECRET, SECRET_KEY, PASSWORD_KEY, null);
fail();
} catch (KeyStoreException expected) {
}
}
if (isCertificateEnabled(keyStore)) {
assertNull(keyStore.getCertificate(ALIAS_CERTIFICATE));
keyStore.setEntry(ALIAS_CERTIFICATE,
new TrustedCertificateEntry(PRIVATE_KEY.getCertificate()),
null);
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
} else {
try {
keyStore.setEntry(ALIAS_CERTIFICATE,
new TrustedCertificateEntry(PRIVATE_KEY.getCertificate()),
null);
fail();
} catch (KeyStoreException expected) {
}
}
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
// test case insensitive
if (isCaseSensitive(keyStore)) {
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertNull(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
keyStore.setEntry(ALIAS_ALT_CASE_PRIVATE, PRIVATE_KEY_2, PARAM_KEY);
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
assertNull(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
keyStore.setEntry(ALIAS_ALT_CASE_SECRET,
new SecretKeyEntry(SECRET_KEY_2),
PARAM_KEY);
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
}
if (isCertificateEnabled(keyStore)) {
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
assertNull(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE));
keyStore.setEntry(ALIAS_ALT_CASE_CERTIFICATE,
new TrustedCertificateEntry(PRIVATE_KEY_2.getCertificate()),
null);
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
assertCertificate2(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE));
}
} else {
assertPrivateKey(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertPrivateKey(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
keyStore.setEntry(ALIAS_ALT_CASE_PRIVATE, PRIVATE_KEY_2, PARAM_KEY);
assertPrivateKey2(keyStore.getKey(ALIAS_PRIVATE, PASSWORD_KEY));
assertPrivateKey2(keyStore.getKey(ALIAS_ALT_CASE_PRIVATE, PASSWORD_KEY));
if (isSecretKeyEnabled(keyStore)) {
assertSecretKey(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
assertSecretKey(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
keyStore.setEntry(ALIAS_ALT_CASE_SECRET,
new SecretKeyEntry(SECRET_KEY_2),
PARAM_KEY);
assertSecretKey2(keyStore.getKey(ALIAS_SECRET, PASSWORD_KEY));
assertSecretKey2(keyStore.getKey(ALIAS_ALT_CASE_SECRET, PASSWORD_KEY));
}
if (isCertificateEnabled(keyStore)) {
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
assertCertificate(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE));
keyStore.setEntry(ALIAS_ALT_CASE_CERTIFICATE,
new TrustedCertificateEntry(PRIVATE_KEY_2.getCertificate()),
null);
assertCertificate2(keyStore.getCertificate(ALIAS_CERTIFICATE));
assertCertificate2(keyStore.getCertificate(ALIAS_ALT_CASE_CERTIFICATE));
}
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
// test with null/non-null passwords
try {
keyStore.setEntry(ALIAS_PRIVATE, PRIVATE_KEY, null);
fail();
} catch (Exception e) {
if (e.getClass() != UnrecoverableKeyException.class
&& e.getClass() != IllegalArgumentException.class
&& e.getClass() != KeyStoreException.class) {
throw e;
}
}
if (isSecretKeyEnabled(keyStore)) {
try {
keyStore.setEntry(ALIAS_SECRET, new SecretKeyEntry(SECRET_KEY), null);
fail();
} catch (Exception e) {
if (e.getClass() != UnrecoverableKeyException.class
&& e.getClass() != IllegalArgumentException.class
&& e.getClass() != KeyStoreException.class) {
throw e;
}
}
}
if (isCertificateEnabled(keyStore)) {
if (isNullPasswordAllowed(keyStore) || isKeyPasswordIgnored(keyStore)) {
keyStore.setEntry(ALIAS_CERTIFICATE,
new TrustedCertificateEntry(PRIVATE_KEY.getCertificate()),
PARAM_KEY);
assertCertificate(keyStore.getCertificate(ALIAS_CERTIFICATE));
} else {
try {
keyStore.setEntry(ALIAS_CERTIFICATE,
new TrustedCertificateEntry(PRIVATE_KEY.getCertificate()),
PARAM_KEY);
fail();
} catch (KeyStoreException expected) {
}
}
}
}
}
public void test_KeyStore_entryInstanceOf() throws Exception {
for (KeyStore keyStore : keyStores()) {
try {
keyStore.entryInstanceOf(null, null);
fail();
} catch (NullPointerException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
try {
keyStore.entryInstanceOf(null, null);
fail();
} catch (NullPointerException expected) {
}
try {
keyStore.entryInstanceOf(null, Entry.class);
fail();
} catch (NullPointerException expected) {
}
try {
keyStore.entryInstanceOf("", null);
fail();
} catch (NullPointerException expected) {
}
assertFalse(keyStore.entryInstanceOf("", Entry.class));
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
// test odd inputs
assertFalse(keyStore.entryInstanceOf("", Entry.class));
assertFalse(keyStore.entryInstanceOf("", PrivateKeyEntry.class));
assertFalse(keyStore.entryInstanceOf("", SecretKeyEntry.class));
assertFalse(keyStore.entryInstanceOf("", TrustedCertificateEntry.class));
// test case sensitive
assertTrue(keyStore.entryInstanceOf(ALIAS_PRIVATE, PrivateKeyEntry.class));
assertFalse(keyStore.entryInstanceOf(ALIAS_PRIVATE, SecretKeyEntry.class));
assertFalse(keyStore.entryInstanceOf(ALIAS_PRIVATE, TrustedCertificateEntry.class));
assertEquals(isSecretKeyEnabled(keyStore),
keyStore.entryInstanceOf(ALIAS_SECRET, SecretKeyEntry.class));
assertFalse(keyStore.entryInstanceOf(ALIAS_SECRET, PrivateKeyEntry.class));
assertFalse(keyStore.entryInstanceOf(ALIAS_SECRET, TrustedCertificateEntry.class));
assertEquals(isCertificateEnabled(keyStore),
keyStore.entryInstanceOf(ALIAS_CERTIFICATE,
TrustedCertificateEntry.class));
assertFalse(keyStore.entryInstanceOf(ALIAS_CERTIFICATE, PrivateKeyEntry.class));
assertFalse(keyStore.entryInstanceOf(ALIAS_CERTIFICATE, SecretKeyEntry.class));
// test case insensitive
assertEquals(!isCaseSensitive(keyStore),
keyStore.entryInstanceOf(ALIAS_ALT_CASE_PRIVATE, PrivateKeyEntry.class));
assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_PRIVATE, SecretKeyEntry.class));
assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_PRIVATE,
TrustedCertificateEntry.class));
assertEquals(!isCaseSensitive(keyStore) && isSecretKeyEnabled(keyStore),
keyStore.entryInstanceOf(ALIAS_ALT_CASE_SECRET, SecretKeyEntry.class));
assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_SECRET, PrivateKeyEntry.class));
assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_SECRET,
TrustedCertificateEntry.class));
assertEquals(!isCaseSensitive(keyStore) && isCertificateEnabled(keyStore),
keyStore.entryInstanceOf(ALIAS_ALT_CASE_CERTIFICATE,
TrustedCertificateEntry.class));
assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_CERTIFICATE,
PrivateKeyEntry.class));
assertFalse(keyStore.entryInstanceOf(ALIAS_ALT_CASE_CERTIFICATE, SecretKeyEntry.class));
}
}
public void test_KeyStore_Builder() throws Exception {
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
try {
Builder.newInstance(keyStore, null);
fail();
} catch (NullPointerException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
try {
Builder.newInstance(keyStore.getType(),
keyStore.getProvider(),
null);
} catch (NullPointerException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
try {
Builder.newInstance(null,
null,
null,
null);
fail();
} catch (NullPointerException expected) {
}
try {
Builder.newInstance(keyStore.getType(),
keyStore.getProvider(),
null,
null);
fail();
} catch (NullPointerException expected) {
}
}
for (KeyStore keyStore : keyStores()) {
keyStore.load(null, null);
Builder builder = Builder.newInstance(keyStore, PARAM_STORE);
try {
builder.getProtectionParameter(null);
fail();
} catch (NullPointerException expected) {
}
assertEquals(keyStore, builder.getKeyStore());
try {
builder.getProtectionParameter(null);
fail();
} catch (NullPointerException expected) {
}
assertEquals(PARAM_STORE, builder.getProtectionParameter(""));
}
for (KeyStore keyStore : keyStores()) {
populate(keyStore);
File file = File.createTempFile("keystore", keyStore.getProvider().getName());
try {
keyStore.store(new FileOutputStream(file), PASSWORD_STORE);
Builder builder = Builder.newInstance(keyStore.getType(),
keyStore.getProvider(),
file,
PARAM_STORE);
assertEquals(keyStore.getType(), builder.getKeyStore().getType());
assertEquals(keyStore.getProvider(), builder.getKeyStore().getProvider());
assertEquals(PARAM_STORE, builder.getProtectionParameter(""));
assertEqualsKeyStores(file, PASSWORD_STORE, keyStore);
} finally {
file.delete();
}
}
for (KeyStore keyStore : keyStores()) {
Builder builder = Builder.newInstance(keyStore.getType(),
keyStore.getProvider(),
PARAM_STORE);
assertEquals(keyStore.getType(), builder.getKeyStore().getType());
assertEquals(keyStore.getProvider(), builder.getKeyStore().getProvider());
assertEquals(PARAM_STORE, builder.getProtectionParameter(""));
}
}
public void test_KeyStore_cacerts_bks() throws Exception {
if (StandardNames.IS_RI) {
return;
}
KeyStore ks = KeyStore.getInstance("BKS");
InputStream in = new FileInputStream(System.getProperty(
"javax.net.ssl.trustStore", "/etc/security/cacerts.bks"));
ks.load(in, null);
for (String alias : Collections.list(ks.aliases())) {
assert(ks.isCertificateEntry(alias));
Certificate c = ks.getCertificate(alias);
assertTrue(c instanceof X509Certificate);
X509Certificate cert = (X509Certificate) c;
assertEquals(cert.getSubjectUniqueID(), cert.getIssuerUniqueID());
}
}
}