diff options
author | Kenny Root <kroot@google.com> | 2013-04-10 11:30:58 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2013-04-12 15:19:48 -0700 |
commit | 2eeda7286f3c7cb79f7eb71ae6464cad213d12a3 (patch) | |
tree | cf77426b72b1287ce66c230da7c67d2d5c8cdd8a /keystore/tests/src/android | |
parent | a3788b00bb221e20abdd42f747d2af419e0a088c (diff) | |
download | frameworks_base-2eeda7286f3c7cb79f7eb71ae6464cad213d12a3.zip frameworks_base-2eeda7286f3c7cb79f7eb71ae6464cad213d12a3.tar.gz frameworks_base-2eeda7286f3c7cb79f7eb71ae6464cad213d12a3.tar.bz2 |
AndroidKeyStore: Add encrypted flag
Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.
Bug: 8122243
Change-Id: Ia802afe965f2377ad3f282dab8c512388c705850
Diffstat (limited to 'keystore/tests/src/android')
3 files changed, 460 insertions, 85 deletions
diff --git a/keystore/tests/src/android/security/AndroidKeyPairGeneratorSpecTest.java b/keystore/tests/src/android/security/AndroidKeyPairGeneratorSpecTest.java index 3d275cd..5d4ab9c 100644 --- a/keystore/tests/src/android/security/AndroidKeyPairGeneratorSpecTest.java +++ b/keystore/tests/src/android/security/AndroidKeyPairGeneratorSpecTest.java @@ -39,8 +39,9 @@ public class AndroidKeyPairGeneratorSpecTest extends AndroidTestCase { private static final Date NOW_PLUS_10_YEARS = new Date(NOW.getYear() + 10, 0, 1); public void testConstructor_Success() throws Exception { - AndroidKeyPairGeneratorSpec spec = new AndroidKeyPairGeneratorSpec(getContext(), - TEST_ALIAS_1, TEST_DN_1, SERIAL_1, NOW, NOW_PLUS_10_YEARS); + AndroidKeyPairGeneratorSpec spec = + new AndroidKeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, TEST_DN_1, SERIAL_1, + NOW, NOW_PLUS_10_YEARS, 0); assertEquals("Context should be the one specified", getContext(), spec.getContext()); @@ -60,6 +61,7 @@ public class AndroidKeyPairGeneratorSpecTest extends AndroidTestCase { .setSerialNumber(SERIAL_1) .setStartDate(NOW) .setEndDate(NOW_PLUS_10_YEARS) + .setEncryptionRequired() .build(); assertEquals("Context should be the one specified", getContext(), spec.getContext()); @@ -71,12 +73,14 @@ public class AndroidKeyPairGeneratorSpecTest extends AndroidTestCase { assertEquals("startDate should be the one specified", NOW, spec.getStartDate()); assertEquals("endDate should be the one specified", NOW_PLUS_10_YEARS, spec.getEndDate()); + + assertEquals("encryption flag should be on", KeyStore.FLAG_ENCRYPTED, spec.getFlags()); } public void testConstructor_NullContext_Failure() throws Exception { try { new AndroidKeyPairGeneratorSpec(null, TEST_ALIAS_1, TEST_DN_1, SERIAL_1, NOW, - NOW_PLUS_10_YEARS); + NOW_PLUS_10_YEARS, 0); fail("Should throw IllegalArgumentException when context is null"); } catch (IllegalArgumentException success) { } @@ -85,7 +89,7 @@ public class AndroidKeyPairGeneratorSpecTest extends AndroidTestCase { public void testConstructor_NullKeystoreAlias_Failure() throws Exception { try { new AndroidKeyPairGeneratorSpec(getContext(), null, TEST_DN_1, SERIAL_1, NOW, - NOW_PLUS_10_YEARS); + NOW_PLUS_10_YEARS, 0); fail("Should throw IllegalArgumentException when keystoreAlias is null"); } catch (IllegalArgumentException success) { } @@ -94,7 +98,7 @@ public class AndroidKeyPairGeneratorSpecTest extends AndroidTestCase { public void testConstructor_NullSubjectDN_Failure() throws Exception { try { new AndroidKeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, null, SERIAL_1, NOW, - NOW_PLUS_10_YEARS); + NOW_PLUS_10_YEARS, 0); fail("Should throw IllegalArgumentException when subjectDN is null"); } catch (IllegalArgumentException success) { } @@ -103,7 +107,7 @@ public class AndroidKeyPairGeneratorSpecTest extends AndroidTestCase { public void testConstructor_NullSerial_Failure() throws Exception { try { new AndroidKeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, TEST_DN_1, null, NOW, - NOW_PLUS_10_YEARS); + NOW_PLUS_10_YEARS, 0); fail("Should throw IllegalArgumentException when startDate is null"); } catch (IllegalArgumentException success) { } @@ -112,7 +116,7 @@ public class AndroidKeyPairGeneratorSpecTest extends AndroidTestCase { public void testConstructor_NullStartDate_Failure() throws Exception { try { new AndroidKeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, TEST_DN_1, SERIAL_1, null, - NOW_PLUS_10_YEARS); + NOW_PLUS_10_YEARS, 0); fail("Should throw IllegalArgumentException when startDate is null"); } catch (IllegalArgumentException success) { } @@ -121,7 +125,7 @@ public class AndroidKeyPairGeneratorSpecTest extends AndroidTestCase { public void testConstructor_NullEndDate_Failure() throws Exception { try { new AndroidKeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, TEST_DN_1, SERIAL_1, NOW, - null); + null, 0); fail("Should throw IllegalArgumentException when keystoreAlias is null"); } catch (IllegalArgumentException success) { } @@ -130,7 +134,7 @@ public class AndroidKeyPairGeneratorSpecTest extends AndroidTestCase { public void testConstructor_EndBeforeStart_Failure() throws Exception { try { new AndroidKeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, TEST_DN_1, SERIAL_1, - NOW_PLUS_10_YEARS, NOW); + NOW_PLUS_10_YEARS, NOW, 0); fail("Should throw IllegalArgumentException when end is before start"); } catch (IllegalArgumentException success) { } diff --git a/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java b/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java index 69007c4..c5cf514 100644 --- a/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java +++ b/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java @@ -27,6 +27,7 @@ import java.security.SecureRandom; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; +import java.text.SimpleDateFormat; import java.util.Date; import javax.security.auth.x500.X500Principal; @@ -64,22 +65,34 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { assertFalse(mAndroidKeyStore.isUnlocked()); + mGenerator = java.security.KeyPairGenerator.getInstance("AndroidKeyStore"); + } + + private void setupPassword() { assertTrue(mAndroidKeyStore.password("1111")); assertTrue(mAndroidKeyStore.isUnlocked()); String[] aliases = mAndroidKeyStore.saw(""); assertNotNull(aliases); assertEquals(0, aliases.length); - - mGenerator = java.security.KeyPairGenerator.getInstance(AndroidKeyPairGenerator.NAME); } - public void testKeyPairGenerator_Initialize_Params_Success() throws Exception { - mGenerator.initialize(new AndroidKeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, - TEST_DN_1, TEST_SERIAL_1, NOW, NOW_PLUS_10_YEARS)); + public void testKeyPairGenerator_Initialize_Params_Encrypted_Success() throws Exception { + setupPassword(); + + mGenerator.initialize(new AndroidKeyPairGeneratorSpec.Builder(getContext()) + .setAlias(TEST_ALIAS_1) + .setSubject(TEST_DN_1) + .setSerialNumber(TEST_SERIAL_1) + .setStartDate(NOW) + .setEndDate(NOW_PLUS_10_YEARS) + .setEncryptionRequired() + .build()); } - public void testKeyPairGenerator_Initialize_KeySize_Failure() throws Exception { + public void testKeyPairGenerator_Initialize_KeySize_Encrypted_Failure() throws Exception { + setupPassword(); + try { mGenerator.initialize(1024); fail("KeyPairGenerator should not support setting the key size"); @@ -87,7 +100,10 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { } } - public void testKeyPairGenerator_Initialize_KeySizeAndSecureRandom_Failure() throws Exception { + public void testKeyPairGenerator_Initialize_KeySizeAndSecureRandom_Encrypted_Failure() + throws Exception { + setupPassword(); + try { mGenerator.initialize(1024, new SecureRandom()); fail("KeyPairGenerator should not support setting the key size"); @@ -95,14 +111,48 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { } } - public void testKeyPairGenerator_Initialize_ParamsAndSecureRandom_Failure() throws Exception { - mGenerator.initialize(new AndroidKeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, - TEST_DN_1, TEST_SERIAL_1, NOW, NOW_PLUS_10_YEARS), new SecureRandom()); + public void testKeyPairGenerator_Initialize_ParamsAndSecureRandom_Encrypted_Failure() + throws Exception { + setupPassword(); + + mGenerator.initialize( + new AndroidKeyPairGeneratorSpec.Builder(getContext()) + .setAlias(TEST_ALIAS_1) + .setSubject(TEST_DN_1) + .setSerialNumber(TEST_SERIAL_1) + .setStartDate(NOW) + .setEndDate(NOW_PLUS_10_YEARS) + .setEncryptionRequired() + .build(), + new SecureRandom()); } - public void testKeyPairGenerator_GenerateKeyPair_Success() throws Exception { - mGenerator.initialize(new AndroidKeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, - TEST_DN_1, TEST_SERIAL_1, NOW, NOW_PLUS_10_YEARS)); + public void testKeyPairGenerator_GenerateKeyPair_Encrypted_Success() throws Exception { + setupPassword(); + + mGenerator.initialize(new AndroidKeyPairGeneratorSpec.Builder(getContext()) + .setAlias(TEST_ALIAS_1) + .setSubject(TEST_DN_1) + .setSerialNumber(TEST_SERIAL_1) + .setStartDate(NOW) + .setEndDate(NOW_PLUS_10_YEARS) + .setEncryptionRequired() + .build()); + + final KeyPair pair = mGenerator.generateKeyPair(); + assertNotNull("The KeyPair returned should not be null", pair); + + assertKeyPairCorrect(pair, TEST_ALIAS_1, TEST_DN_1, TEST_SERIAL_1, NOW, NOW_PLUS_10_YEARS); + } + + public void testKeyPairGenerator_GenerateKeyPair_Unencrypted_Success() throws Exception { + mGenerator.initialize(new AndroidKeyPairGeneratorSpec.Builder(getContext()) + .setAlias(TEST_ALIAS_1) + .setSubject(TEST_DN_1) + .setSerialNumber(TEST_SERIAL_1) + .setStartDate(NOW) + .setEndDate(NOW_PLUS_10_YEARS) + .build()); final KeyPair pair = mGenerator.generateKeyPair(); assertNotNull("The KeyPair returned should not be null", pair); @@ -113,8 +163,13 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { public void testKeyPairGenerator_GenerateKeyPair_Replaced_Success() throws Exception { // Generate the first key { - mGenerator.initialize(new AndroidKeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, - TEST_DN_1, TEST_SERIAL_1, NOW, NOW_PLUS_10_YEARS)); + mGenerator.initialize(new AndroidKeyPairGeneratorSpec.Builder(getContext()) + .setAlias(TEST_ALIAS_1) + .setSubject(TEST_DN_1) + .setSerialNumber(TEST_SERIAL_1) + .setStartDate(NOW) + .setEndDate(NOW_PLUS_10_YEARS) + .build()); final KeyPair pair1 = mGenerator.generateKeyPair(); assertNotNull("The KeyPair returned should not be null", pair1); assertKeyPairCorrect(pair1, TEST_ALIAS_1, TEST_DN_1, TEST_SERIAL_1, NOW, @@ -123,8 +178,13 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { // Replace the original key { - mGenerator.initialize(new AndroidKeyPairGeneratorSpec(getContext(), TEST_ALIAS_2, - TEST_DN_2, TEST_SERIAL_2, NOW, NOW_PLUS_10_YEARS)); + mGenerator.initialize(new AndroidKeyPairGeneratorSpec.Builder(getContext()) + .setAlias(TEST_ALIAS_2) + .setSubject(TEST_DN_2) + .setSerialNumber(TEST_SERIAL_2) + .setStartDate(NOW) + .setEndDate(NOW_PLUS_10_YEARS) + .build()); final KeyPair pair2 = mGenerator.generateKeyPair(); assertNotNull("The KeyPair returned should not be null", pair2); assertKeyPairCorrect(pair2, TEST_ALIAS_2, TEST_DN_2, TEST_SERIAL_2, NOW, @@ -132,6 +192,49 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { } } + public void testKeyPairGenerator_GenerateKeyPair_Replaced_UnencryptedToEncrypted_Success() + throws Exception { + // Generate the first key + { + mGenerator.initialize(new AndroidKeyPairGeneratorSpec.Builder(getContext()) + .setAlias(TEST_ALIAS_1) + .setSubject(TEST_DN_1) + .setSerialNumber(TEST_SERIAL_1) + .setStartDate(NOW) + .setEndDate(NOW_PLUS_10_YEARS) + .build()); + final KeyPair pair1 = mGenerator.generateKeyPair(); + assertNotNull("The KeyPair returned should not be null", pair1); + assertKeyPairCorrect(pair1, TEST_ALIAS_1, TEST_DN_1, TEST_SERIAL_1, NOW, + NOW_PLUS_10_YEARS); + } + + // Attempt to replace previous key + { + mGenerator.initialize(new AndroidKeyPairGeneratorSpec.Builder(getContext()) + .setAlias(TEST_ALIAS_1) + .setSubject(TEST_DN_2) + .setSerialNumber(TEST_SERIAL_2) + .setStartDate(NOW) + .setEndDate(NOW_PLUS_10_YEARS) + .setEncryptionRequired() + .build()); + try { + mGenerator.generateKeyPair(); + fail("Should not be able to generate encrypted key while not initialized"); + } catch (IllegalStateException expected) { + } + + assertTrue(mAndroidKeyStore.password("1111")); + assertTrue(mAndroidKeyStore.isUnlocked()); + + final KeyPair pair2 = mGenerator.generateKeyPair(); + assertNotNull("The KeyPair returned should not be null", pair2); + assertKeyPairCorrect(pair2, TEST_ALIAS_1, TEST_DN_2, TEST_SERIAL_2, NOW, + NOW_PLUS_10_YEARS); + } + } + private void assertKeyPairCorrect(KeyPair pair, String alias, X500Principal dn, BigInteger serial, Date start, Date end) throws Exception { final PublicKey pubKey = pair.getPublic(); @@ -163,10 +266,10 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { assertEquals("The Serial should be the one passed into the params", serial, x509userCert.getSerialNumber()); - assertEquals("The notBefore date should be the one passed into the params", start, + assertDateEquals("The notBefore date should be the one passed into the params", start, x509userCert.getNotBefore()); - assertEquals("The notAfter date should be the one passed into the params", end, + assertDateEquals("The notAfter date should be the one passed into the params", end, x509userCert.getNotAfter()); x509userCert.verify(pubKey); @@ -178,4 +281,13 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { assertNotNull("The keystore should return the public key for the generated key", pubKeyBytes); } + + private static void assertDateEquals(String message, Date date1, Date date2) throws Exception { + SimpleDateFormat formatter = new SimpleDateFormat("dd MMM yyyy HH:mm:ss"); + + String result1 = formatter.format(date1); + String result2 = formatter.format(date2); + + assertEquals(message, result1, result2); + } } diff --git a/keystore/tests/src/android/security/AndroidKeyStoreTest.java b/keystore/tests/src/android/security/AndroidKeyStoreTest.java index 8928e06..05ffe109 100644 --- a/keystore/tests/src/android/security/AndroidKeyStoreTest.java +++ b/keystore/tests/src/android/security/AndroidKeyStoreTest.java @@ -469,12 +469,14 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertTrue(mAndroidKeyStore.reset()); assertFalse(mAndroidKeyStore.isUnlocked()); + mKeyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); + } + + private void setupPassword() { assertTrue(mAndroidKeyStore.password("1111")); assertTrue(mAndroidKeyStore.isUnlocked()); assertEquals(0, mAndroidKeyStore.saw("").length); - - mKeyStore = java.security.KeyStore.getInstance(AndroidKeyStore.NAME); } private void assertAliases(final String[] expectedAliases) throws KeyStoreException { @@ -495,7 +497,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { expectedAliases.length, count); } - public void testKeyStore_Aliases_Success() throws Exception { + public void testKeyStore_Aliases_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertAliases(new String[] {}); @@ -509,7 +513,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); } - public void testKeyStore_Aliases_NotInitialized_Failure() throws Exception { + public void testKeyStore_Aliases_NotInitialized_Encrypted_Failure() throws Exception { + setupPassword(); + try { mKeyStore.aliases(); fail("KeyStore should throw exception when not initialized"); @@ -517,7 +523,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_ContainsAliases_PrivateAndCA_Success() throws Exception { + public void testKeyStore_ContainsAliases_PrivateAndCA_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertAliases(new String[] {}); @@ -534,7 +542,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.containsAlias(TEST_ALIAS_3)); } - public void testKeyStore_ContainsAliases_CAOnly_Success() throws Exception { + public void testKeyStore_ContainsAliases_CAOnly_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); @@ -542,13 +552,17 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); } - public void testKeyStore_ContainsAliases_NonExistent_Failure() throws Exception { + public void testKeyStore_ContainsAliases_NonExistent_Encrypted_Failure() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertFalse("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_1)); } - public void testKeyStore_DeleteEntry_Success() throws Exception { + public void testKeyStore_DeleteEntry_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); // TEST_ALIAS_1 @@ -578,14 +592,18 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertAliases(new String[] { }); } - public void testKeyStore_DeleteEntry_EmptyStore_Success() throws Exception { + public void testKeyStore_DeleteEntry_EmptyStore_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); // Should not throw when a non-existent entry is requested for delete. mKeyStore.deleteEntry(TEST_ALIAS_1); } - public void testKeyStore_DeleteEntry_NonExistent_Success() throws Exception { + public void testKeyStore_DeleteEntry_NonExistent_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); // TEST_ALIAS_1 @@ -598,7 +616,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.deleteEntry(TEST_ALIAS_2); } - public void testKeyStore_GetCertificate_Single_Success() throws Exception { + public void testKeyStore_GetCertificate_Single_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); @@ -618,14 +638,18 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertEquals("Actual and retrieved certificates should be the same", actual, retrieved); } - public void testKeyStore_GetCertificate_NonExist_Failure() throws Exception { + public void testKeyStore_GetCertificate_NonExist_Encrypted_Failure() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertNull("Certificate should not exist in keystore", mKeyStore.getCertificate(TEST_ALIAS_1)); } - public void testKeyStore_GetCertificateAlias_CAEntry_Success() throws Exception { + public void testKeyStore_GetCertificateAlias_CAEntry_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); @@ -637,7 +661,10 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.getCertificateAlias(actual)); } - public void testKeyStore_GetCertificateAlias_PrivateKeyEntry_Success() throws Exception { + public void testKeyStore_GetCertificateAlias_PrivateKeyEntry_Encrypted_Success() + throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, @@ -652,8 +679,10 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.getCertificateAlias(actual)); } - public void testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Success() + public void testKeyStore_GetCertificateAlias_CAEntry_WithPrivateKeyUsingCA_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); // Insert TrustedCertificateEntry with CA name @@ -672,7 +701,10 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.getCertificateAlias(actual)); } - public void testKeyStore_GetCertificateAlias_NonExist_Empty_Failure() throws Exception { + public void testKeyStore_GetCertificateAlias_NonExist_Empty_Encrypted_Failure() + throws Exception { + setupPassword(); + mKeyStore.load(null, null); CertificateFactory f = CertificateFactory.getInstance("X.509"); @@ -682,7 +714,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.getCertificateAlias(actual)); } - public void testKeyStore_GetCertificateAlias_NonExist_Failure() throws Exception { + public void testKeyStore_GetCertificateAlias_NonExist_Encrypted_Failure() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); @@ -694,7 +728,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.getCertificateAlias(userCert)); } - public void testKeyStore_GetCertificateChain_SingleLength_Success() throws Exception { + public void testKeyStore_GetCertificateChain_SingleLength_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, @@ -720,14 +756,18 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.getCertificateChain(TEST_ALIAS_2)); } - public void testKeyStore_GetCertificateChain_NonExist_Failure() throws Exception { + public void testKeyStore_GetCertificateChain_NonExist_Encrypted_Failure() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertNull("Stored certificate alias should not be found", mKeyStore.getCertificateChain(TEST_ALIAS_1)); } - public void testKeyStore_GetCreationDate_PrivateKeyEntry_Success() throws Exception { + public void testKeyStore_GetCreationDate_PrivateKeyEntry_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, @@ -745,7 +785,29 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertTrue("Time should be close to current time", actual.after(expectedAfter)); } - public void testKeyStore_GetCreationDate_CAEntry_Success() throws Exception { + public void testKeyStore_GetCreationDate_PrivateKeyEntry_Unencrypted_Success() throws Exception { + mKeyStore.load(null, null); + + assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_NONE)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_NONE)); + + Date now = new Date(); + Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); + + Date expectedAfter = new Date(now.getTime() - SLOP_TIME_MILLIS); + Date expectedBefore = new Date(now.getTime() + SLOP_TIME_MILLIS); + + assertTrue("Time should be close to current time", actual.before(expectedBefore)); + assertTrue("Time should be close to current time", actual.after(expectedAfter)); + } + + public void testKeyStore_GetCreationDate_CAEntry_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); @@ -761,7 +823,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertTrue("Time should be close to current time", actual.after(expectedAfter)); } - public void testKeyStore_GetEntry_NullParams_Success() throws Exception { + public void testKeyStore_GetEntry_NullParams_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, @@ -779,6 +843,26 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertPrivateKeyEntryEquals(keyEntry, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); } + public void testKeyStore_GetEntry_NullParams_Unencrypted_Success() throws Exception { + mKeyStore.load(null, null); + + assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_NONE)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_NONE)); + + Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); + assertNotNull("Entry should exist", entry); + + assertTrue("Should be a PrivateKeyEntry", entry instanceof PrivateKeyEntry); + + PrivateKeyEntry keyEntry = (PrivateKeyEntry) entry; + + assertPrivateKeyEntryEquals(keyEntry, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); + } + @SuppressWarnings("unchecked") private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, byte[] key, byte[] cert, byte[] ca) throws Exception { @@ -801,8 +885,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey, Certificate expectedCert, Collection<Certificate> expectedChain) throws Exception { - assertEquals("Returned PrivateKey should be what we inserted", expectedKey, - keyEntry.getPrivateKey()); + assertEquals("Returned PrivateKey should be what we inserted", + ((RSAPrivateKey) expectedKey).getModulus(), + ((RSAPrivateKey) keyEntry.getPrivateKey()).getModulus()); assertEquals("Returned Certificate should be what we inserted", expectedCert, keyEntry.getCertificate()); @@ -823,14 +908,25 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_GetEntry_Nonexistent_NullParams_Failure() throws Exception { + public void testKeyStore_GetEntry_Nonexistent_NullParams_Encrypted_Failure() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertNull("A non-existent entry should return null", mKeyStore.getEntry(TEST_ALIAS_1, null)); } - public void testKeyStore_GetKey_NoPassword_Success() throws Exception { + public void testKeyStore_GetEntry_Nonexistent_NullParams_Unencrypted_Failure() throws Exception { + mKeyStore.load(null, null); + + assertNull("A non-existent entry should return null", + mKeyStore.getEntry(TEST_ALIAS_1, null)); + } + + public void testKeyStore_GetKey_NoPassword_Encrypted_Success() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, @@ -848,10 +944,37 @@ public class AndroidKeyStoreTest extends AndroidTestCase { KeyFactory keyFact = KeyFactory.getInstance("RSA"); PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); - assertEquals("Inserted key should be same as retrieved key", actualKey, expectedKey); + assertEquals("Inserted key should be same as retrieved key", + ((RSAPrivateKey) expectedKey).getModulus(), actualKey.getModulus()); } - public void testKeyStore_GetKey_Certificate_Failure() throws Exception { + public void testKeyStore_GetKey_NoPassword_Unencrypted_Success() throws Exception { + mKeyStore.load(null, null); + + assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_NONE)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_NONE)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_NONE)); + + Key key = mKeyStore.getKey(TEST_ALIAS_1, null); + assertNotNull("Key should exist", key); + + assertTrue("Should be a RSAPrivateKey", key instanceof RSAPrivateKey); + + RSAPrivateKey actualKey = (RSAPrivateKey) key; + + KeyFactory keyFact = KeyFactory.getInstance("RSA"); + PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); + + assertEquals("Inserted key should be same as retrieved key", + ((RSAPrivateKey) expectedKey).getModulus(), actualKey.getModulus()); + } + + public void testKeyStore_GetKey_Certificate_Encrypted_Failure() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); @@ -859,21 +982,28 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertNull("Certificate entries should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); } - public void testKeyStore_GetKey_NonExistent_Failure() throws Exception { + public void testKeyStore_GetKey_NonExistent_Encrypted_Failure() throws Exception { + setupPassword(); + mKeyStore.load(null, null); assertNull("A non-existent entry should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); } - public void testKeyStore_GetProvider_Success() throws Exception { + public void testKeyStore_GetProvider_Encrypted_Success() throws Exception { + assertEquals(AndroidKeyStoreProvider.PROVIDER_NAME, mKeyStore.getProvider().getName()); + setupPassword(); assertEquals(AndroidKeyStoreProvider.PROVIDER_NAME, mKeyStore.getProvider().getName()); } - public void testKeyStore_GetType_Success() throws Exception { + public void testKeyStore_GetType_Encrypted_Success() throws Exception { + assertEquals(AndroidKeyStore.NAME, mKeyStore.getType()); + setupPassword(); assertEquals(AndroidKeyStore.NAME, mKeyStore.getType()); } - public void testKeyStore_IsCertificateEntry_CA_Success() throws Exception { + public void testKeyStore_IsCertificateEntry_CA_Encrypted_Success() throws Exception { + setupPassword(); mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); @@ -882,7 +1012,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.isCertificateEntry(TEST_ALIAS_1)); } - public void testKeyStore_IsCertificateEntry_PrivateKey_Failure() throws Exception { + public void testKeyStore_IsCertificateEntry_PrivateKey_Encrypted_Failure() throws Exception { + setupPassword(); mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, @@ -894,14 +1025,23 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.isCertificateEntry(TEST_ALIAS_1)); } - public void testKeyStore_IsCertificateEntry_NonExist_Failure() throws Exception { + public void testKeyStore_IsCertificateEntry_NonExist_Encrypted_Failure() throws Exception { + setupPassword(); + mKeyStore.load(null, null); + + assertFalse("Should return false for non-existent entry", + mKeyStore.isCertificateEntry(TEST_ALIAS_1)); + } + + public void testKeyStore_IsCertificateEntry_NonExist_Unencrypted_Failure() throws Exception { mKeyStore.load(null, null); assertFalse("Should return false for non-existent entry", mKeyStore.isCertificateEntry(TEST_ALIAS_1)); } - public void testKeyStore_IsKeyEntry_PrivateKey_Success() throws Exception { + public void testKeyStore_IsKeyEntry_PrivateKey_Encrypted_Success() throws Exception { + setupPassword(); mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, @@ -912,7 +1052,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertTrue("Should return true for PrivateKeyEntry", mKeyStore.isKeyEntry(TEST_ALIAS_1)); } - public void testKeyStore_IsKeyEntry_CA_Failure() throws Exception { + public void testKeyStore_IsKeyEntry_CA_Encrypted_Failure() throws Exception { + setupPassword(); mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); @@ -920,17 +1061,19 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertFalse("Should return false for CA certificate", mKeyStore.isKeyEntry(TEST_ALIAS_1)); } - public void testKeyStore_IsKeyEntry_NonExist_Failure() throws Exception { + public void testKeyStore_IsKeyEntry_NonExist_Encrypted_Failure() throws Exception { + setupPassword(); mKeyStore.load(null, null); assertFalse("Should return false for non-existent entry", mKeyStore.isKeyEntry(TEST_ALIAS_1)); } - public void testKeyStore_SetCertificate_CA_Success() throws Exception { + public void testKeyStore_SetCertificate_CA_Encrypted_Success() throws Exception { final CertificateFactory f = CertificateFactory.getInstance("X.509"); final Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); + setupPassword(); mKeyStore.load(null, null); mKeyStore.setCertificateEntry(TEST_ALIAS_1, actual); @@ -942,7 +1085,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { retrieved); } - public void testKeyStore_SetCertificate_CAExists_Overwrite_Success() throws Exception { + public void testKeyStore_SetCertificate_CAExists_Overwrite_Encrypted_Success() throws Exception { + setupPassword(); mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); @@ -958,7 +1102,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertAliases(new String[] { TEST_ALIAS_1 }); } - public void testKeyStore_SetCertificate_PrivateKeyExists_Failure() throws Exception { + public void testKeyStore_SetCertificate_PrivateKeyExists_Encrypted_Failure() throws Exception { + setupPassword(); mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, @@ -978,7 +1123,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_SetEntry_PrivateKeyEntry_Success() throws Exception { + public void testKeyStore_SetEntry_PrivateKeyEntry_Encrypted_Success() throws Exception { + setupPassword(); mKeyStore.load(null, null); KeyFactory keyFact = KeyFactory.getInstance("RSA"); @@ -1005,8 +1151,63 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); } - public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Success() + public void testKeyStore_SetEntry_PrivateKeyEntry_Unencrypted_Success() throws Exception { + mKeyStore.load(null, null); + + KeyFactory keyFact = KeyFactory.getInstance("RSA"); + PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); + + final CertificateFactory f = CertificateFactory.getInstance("X.509"); + + final Certificate[] expectedChain = new Certificate[2]; + expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); + expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); + + PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain); + + mKeyStore.setEntry(TEST_ALIAS_1, expected, null); + + Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null); + assertNotNull("Retrieved entry should exist", actualEntry); + + assertTrue("Retrieved entry should be of type PrivateKeyEntry", + actualEntry instanceof PrivateKeyEntry); + + PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry; + + assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); + } + + public void testKeyStore_SetEntry_PrivateKeyEntry_Params_Unencrypted_Failure() throws Exception { + mKeyStore.load(null, null); + + KeyFactory keyFact = KeyFactory.getInstance("RSA"); + PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_KEY_1)); + + final CertificateFactory f = CertificateFactory.getInstance("X.509"); + + final Certificate[] expectedChain = new Certificate[2]; + expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); + expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); + + PrivateKeyEntry entry = new PrivateKeyEntry(expectedKey, expectedChain); + + try { + mKeyStore.setEntry(TEST_ALIAS_1, entry, + new AndroidKeyStoreParameter.Builder(getContext()) + .setEncryptionRequired() + .build()); + fail("Shouldn't be able to insert encrypted entry when KeyStore uninitialized"); + } catch (KeyStoreException expected) { + } + + assertNull(mKeyStore.getEntry(TEST_ALIAS_1, null)); + } + + public void + testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_PrivateKeyEntry_Encrypted_Success() throws Exception { + setupPassword(); mKeyStore.load(null, null); final KeyFactory keyFact = KeyFactory.getInstance("RSA"); @@ -1060,7 +1261,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Success() throws Exception { + public void testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Encrypted_Success() + throws Exception { + setupPassword(); mKeyStore.load(null, null); final CertificateFactory f = CertificateFactory.getInstance("X.509"); @@ -1104,7 +1307,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Success() throws Exception { + public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success() + throws Exception { + setupPassword(); mKeyStore.load(null, null); final CertificateFactory f = CertificateFactory.getInstance("X.509"); @@ -1148,8 +1353,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Success() + public + void + testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_ShortPrivateKeyEntry_Encrypted_Success() throws Exception { + setupPassword(); mKeyStore.load(null, null); final CertificateFactory f = CertificateFactory.getInstance("X.509"); @@ -1198,7 +1406,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Success() throws Exception { + public void testKeyStore_SetEntry_CAEntry_Overwrites_CAEntry_Encrypted_Success() + throws Exception { + setupPassword(); mKeyStore.load(null, null); final CertificateFactory f = CertificateFactory.getInstance("X.509"); @@ -1239,7 +1449,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_SetKeyEntry_ProtectedKey_Failure() throws Exception { + public void testKeyStore_SetKeyEntry_ProtectedKey_Encrypted_Failure() throws Exception { + setupPassword(); mKeyStore.load(null, null); final CertificateFactory f = CertificateFactory.getInstance("X.509"); @@ -1259,7 +1470,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_SetKeyEntry_Success() throws Exception { + public void testKeyStore_SetKeyEntry_Encrypted_Success() throws Exception { + setupPassword(); mKeyStore.load(null, null); final CertificateFactory f = CertificateFactory.getInstance("X.509"); @@ -1285,7 +1497,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertPrivateKeyEntryEquals(actual, FAKE_KEY_1, FAKE_USER_1, FAKE_CA_1); } - public void testKeyStore_SetKeyEntry_Replaced_Success() throws Exception { + public void testKeyStore_SetKeyEntry_Replaced_Encrypted_Success() throws Exception { + setupPassword(); mKeyStore.load(null, null); final CertificateFactory f = CertificateFactory.getInstance("X.509"); @@ -1376,7 +1589,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { return cert; } - public void testKeyStore_SetKeyEntry_ReplacedChain_Success() throws Exception { + public void testKeyStore_SetKeyEntry_ReplacedChain_Encrypted_Success() throws Exception { + setupPassword(); mKeyStore.load(null, null); // Create key #1 @@ -1429,8 +1643,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Failure() + public void testKeyStore_SetKeyEntry_ReplacedChain_DifferentPrivateKey_Encrypted_Failure() throws Exception { + setupPassword(); mKeyStore.load(null, null); // Create key #1 @@ -1472,7 +1687,48 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_Size_Success() throws Exception { + public void testKeyStore_SetKeyEntry_ReplacedChain_UnencryptedToEncrypted_Failure() + throws Exception { + mKeyStore.load(null, null); + + // Create key #1 + { + final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; + assertTrue(mAndroidKeyStore.generate(privateKeyAlias, + android.security.KeyStore.UID_SELF, android.security.KeyStore.FLAG_NONE)); + + X509Certificate cert = + generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1, TEST_DN_1, + NOW, NOW_PLUS_10_YEARS); + + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, + cert.getEncoded(), android.security.KeyStore.UID_SELF, + android.security.KeyStore.FLAG_NONE)); + } + + // Replace with one that requires encryption + { + Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); + + try { + mKeyStore.setEntry(TEST_ALIAS_1, entry, new AndroidKeyStoreParameter.Builder( + getContext()).setEncryptionRequired().build()); + fail("Should not allow setting of Entry without unlocked keystore"); + } catch (KeyStoreException success) { + } + + assertTrue(mAndroidKeyStore.password("1111")); + assertTrue(mAndroidKeyStore.isUnlocked()); + + mKeyStore.setEntry(TEST_ALIAS_1, entry, + new AndroidKeyStoreParameter.Builder(getContext()) + .setEncryptionRequired() + .build()); + } + } + + public void testKeyStore_Size_Encrypted_Success() throws Exception { + setupPassword(); mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); @@ -1501,7 +1757,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertAliases(new String[] { TEST_ALIAS_2 }); } - public void testKeyStore_Store_LoadStoreParam_Failure() throws Exception { + public void testKeyStore_Store_LoadStoreParam_Encrypted_Failure() throws Exception { + setupPassword(); mKeyStore.load(null, null); try { @@ -1511,7 +1768,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_Load_InputStreamSupplied_Failure() throws Exception { + public void testKeyStore_Load_InputStreamSupplied_Encrypted_Failure() throws Exception { byte[] buf = "FAKE KEYSTORE".getBytes(); ByteArrayInputStream is = new ByteArrayInputStream(buf); @@ -1522,7 +1779,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_Load_PasswordSupplied_Failure() throws Exception { + public void testKeyStore_Load_PasswordSupplied_Encrypted_Failure() throws Exception { try { mKeyStore.load(null, "password".toCharArray()); fail("Should throw IllegalArgumentException when password is supplied"); @@ -1530,7 +1787,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } } - public void testKeyStore_Store_OutputStream_Failure() throws Exception { + public void testKeyStore_Store_OutputStream_Encrypted_Failure() throws Exception { + setupPassword(); mKeyStore.load(null, null); OutputStream sink = new ByteArrayOutputStream(); @@ -1558,7 +1816,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { cert.getEncoded())); } - public void testKeyStore_KeyOperations_Wrap_Success() throws Exception { + public void testKeyStore_KeyOperations_Wrap_Encrypted_Success() throws Exception { + setupPassword(); mKeyStore.load(null, null); setupKey(); |