Google Git
Sign in
android / platform / external / bouncycastle / 1b335c5efbcf241b55345622fe9978047c3fdf9e / . / bcprov / src / main / java / org / bouncycastle / jce / provider / test / BCFKSStoreTest.java
blob: 2df1e7f313c35a60a42e740df99582583f20ee61 [file] [log] [blame]
package org.bouncycastle.jce.provider.test;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.bc.EncryptedObjectStoreData;
import org.bouncycastle.asn1.bc.ObjectStore;
import org.bouncycastle.asn1.bc.ObjectStoreIntegrityCheck;
import org.bouncycastle.asn1.bc.PbkdMacIntegrityCheck;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.ScryptParams;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PBES2Parameters;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.util.PBKDF2Config;
import org.bouncycastle.crypto.util.PBKDFConfig;
import org.bouncycastle.crypto.util.ScryptConfig;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.test.SimpleTest;
/**
* Exercise the BCFKS KeyStore,
*/
public class BCFKSStoreTest
extends SimpleTest
{
private static byte[] trustedCertData = Base64.decode(
"MIIB/DCCAaagAwIBAgIBATANBgkqhkiG9w0BAQQFADCBhjELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb24gb2YgdGhlIE" +
"JvdW5jeSBDYXN0bGUxEjAQBgNVBAcMCU1lbGJvdXJuZTERMA8GA1UECAwIVmljdG9yaWExJjAkBgkqhkiG9w0BCQEWF2lzc3VlckBi" +
"b3VuY3ljYXN0bGUub3JnMB4XDTE0MDIyODExMjcxMVoXDTE0MDQyOTExMjcxMVowgYcxCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaG" +
"UgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHDAlNZWxib3VybmUxETAPBgNVBAgMCFZpY3RvcmlhMScwJQYJKoZI" +
"hvcNAQkBFhhzdWJqZWN0QGJvdW5jeWNhc3RsZS5vcmcwWjANBgkqhkiG9w0BAQEFAANJADBGAkEAtKfkYXBXTxapcIKyK+WLaipil5" +
"hBm+EocqS9umJs+umQD3ar+xITnc5d5WVk+rK2VDFloEDGBoh0IOM9ke1+1wIBETANBgkqhkiG9w0BAQQFAANBAJ/ZhfF21NykhbEY" +
"RQrAo/yRr9XfpmBTVUSlLJXYoNVVRT5u9SGQqmPNfHElrTvNMZQPC0ridDZtBWb6S2tg9/E=");
static char[] testPassword = {'h', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd'};
static char[] invalidTestPassword = {'Y', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd'};
static byte[] kwpKeyStore = Base64.decode(
"MIIJ/TCCCT8wgZUGCSqGSIb3DQEFDTCBhzBlBgkqhkiG9w0BBQwwWARAKXQjiKdsRc8lgCbMh8wLqjNPCiLcXVxArXA4/n6Y72G8jn" +
"jWUsXqvMQFmruTbQF6USSVaMgS1UlTbdLtu7yH9wIDAMgAAgEgMAwGCCqGSIb3DQILBQAwHgYJYIZIAWUDBAEvMBEEDJMoeNdAkcnM" +
"QjtxowIBCASCCKMU5dCIAkTb84CUiUGy4no3nGgVZL+2t4MNPKhMiL+2Xv7Ok9rucD2SMitzm+kxnkVU+aYGLVUrwEPFCvq5GWdnzO" +
"yjCd3XzTieySlfxhIxYMixGfz8NAvPu+P2LwtE+j2C4poHS7+MG22OXpxTTLGzWGuYusxb1zVLTujP6gSVGbtBikLxOXRiYXapZQzL" +
"32bOIKV/tHLv3JCKvIGyJAnTQBDlHQxVsm8fcYBhc101qc9vd3qMborJEZK3E+znJ++lI0yIb+WcZJ3PDI11Fzf22M1D6qtV8RELsL" +
"b5zfLheFLc4rJcY0YSja24se0tFvT7X9cSyrpvXdNDmzBlBThPdINsKPf3N6fO/9ibn/0QIJPY5bQc3SwbN8c7vboHOJzbWjq7n7Q7" +
"1ZkFeiYO/NIXKZ4/KN8sqlRLjvEy4BFnbGoufim+K1zpFGdUPbYpDkuzCkfQfiEaQ9Zt69p5w5e6qh04kgHue0Ac/0IsnRIFy78k4J" +
"lK5TlrB3exqpuISZEWP72WDa+0yTaRM6ecMfIqieDNQmpD9U3HpmdMgiWZXTpCTtM/3I62Bv7EkwcVccRP9z4QUcoGZy81EemQ4d3e" +
"OVfYgvgZBCsbSpf+V8HlsnApTbJubTY1wJQAA19h49E7l3VCxSmeNcUSSE68xJjdJPPAzU1v83+RkYUDPlRx1YsO77zYBSuOwJr0g4" +
"BDTfnyd1vZCM6APt9N7Z2MfALoSSg4EF68nr144GLAMZw4ZVjfUeZ+kF3mjTDPujOoyI3vDztA5ZFa0JCQpp8Yh0CuO+sGnWLh+7Tb" +
"irH2ifEscmNI++csUwDPSInjfGzv722JY6c9XzbaqDGqstpykwwUVN01IceolCvgeHZW7P0feDyqbpgmpdRxiGuBWshFEdcttXDSl9" +
"mQVEyYAMHQFVQKIx2RrFD7QPWZhITGqCvF44GNst/3962Au9oyGAY6rRQfN/HdF4+ygWjOS0t/50c1eAyBj1Rfk/M4sHBi8dKDjOpX" +
"QzqfqLqHjevxQPw1761q629iTagOO/3AIebbraD2qLqDHjmqUAW0ZVLkdS5n8zYyiqGsVeKok7SSDDKQfqwouPHJvRmKzHAK6bZDdr" +
"qMBqNfNcRghWHSH0jM4j8G1w3H2FQsNfBHqTb+kiFx1jEovKkf2HumctWwI5hqV2R2I23ThRNQbh6bdtFc8D3a8YnuXpUK+Tw/RTzM" +
"eGtUsVeakGOZDHh9AlxsdcLChY9xTLMzbpLfb6VAE9kpZ86Uwe60i+S4ropyIp5cwXizAgJPh1T51ZWTzEu+s8BDEAkXSDgxs1PFML" +
"Ha2pWnHPMNSs4VF6eeyK0Vj66m4LcQ0AgE35jAGxWQm31KbWI/h8EMxiC/tDJfMJ3UUKxYCRdbcneDBRc4E4cNmZVqajc8o9Fexr97" +
"GLQ6Is1HVoG65qtq6I9Wt6wmA/5i8ptG7bl7NrIzn3Fg0bMbwHEaKIoXrFHTM0EjwnOkVtQWBNDhnBa66IDJXMxJzXDB2uoMU/wX2y" +
"4dGpM+mgomJt0U3i29HqeihEQjHDc0hTJLkp2SJ2tKw3+VtoXUinV1W7tsG9TMj3F+XNSeiGFrcZpryi6+Fml3Tohg/FaiJQLpB9pL" +
"tzNd61ln1Q6RTHcOMChNocCRaagH6ntX5j8GcVp0auPfw8zyR5iNGueQdnV38Q6MhiGxlMQKC/gjBdKAHRI2q+31tGK8ZslHFxDee1" +
"fy3wtRZpLDwgecH74g4+1TYTLPj/PNeYRQicRCa1BbvI3zB1d8t+LKTg/f34MeEzdMpRT8fRb6vw/O1CRhtdl/0pBQ7RZQSrZFPdEr" +
"KPRv4/1IG46crTCw1/AOMTXKjPeaUeADjff7aLKizJHUSPr6sTRxoMWQeOYfBDnRiLDZ/XYvSDkjnzesa0hdQIIe/tHnqSZ23Jbi46" +
"bLD7Lhf3lfZzbEOqKXAlq0m/ooidubndc0K1xVex4M/T+M0mMPRwO0uICJM4EtivU9Fp5/12GXdvimGEhr/adGodf+JduhsUoIUiz5" +
"TghRV0dSuLtQkcD2d0GkfxgHkCBlhbS3WifMWLTa3lHWrCVyhdIf6m5UOtqfzj5CEEkwE+L6urNBo3D4zHUjm8XJekjI3xjGbQHjBo" +
"sr+BFHkwGNfTXXBHVqRE0L8lH6kSpLaCF5iMpU2NuAeaJ/xdS7LUXBtn4Zvi34PR3/akwMYIr4X+uDM0eB0KkOyyqSXZVPsT7uGMef" +
"wOHmbx1eHe22mR/q1r1iczDwOtXNYo8OB9jSsL3XWFdt4STxdA7kFEsAvK001x0pjrpTa/j/4ixjKhBGu8V/WVuBl0Hlicybtdl7xF" +
"CgoeF3FrAsn2Rw0EjVJm4uLpdEHGIVCWWTgadhZ9YyMWoMenLOUoGMlWXGE9hLGUfJG1wOMlFg33zq4dwCj17O0ULdpHh7QFQFEEpM" +
"+zscDhOHKmrZZEuiJvhR0JFkZz2rml0TEfSjCmdQ8XfJMzLbQ8BKZhWLOQdVh8Scn96Hm0EGkFBkcb4dO/Ubw+cu+bGskxHL1Q6uW0" +
"hGOdejiS7yWclE//uzSlSTa7GRtZ1F/vziWIVno0IInEyiOsCGagagWmxMvv1GTnRJwJl8Bt0BPJmWS2L4CClD6ocH2DrCEEYjMraP" +
"dquGbe0/0eYv3qANDWjvzJs4o4/4SoKZuRBuVj5YQMs69XdaxPgnC3Xfx59pf1Q5qOQe94R8oVTnT6z6G1Radsoweh1UnwItjjt4pt" +
"pfjyUn4bF2Ovz6bs/Tprbo2B4gmBraimCVHT5pruScBY2q4Vd8XiGbiviS8SgqUnxhH/4XmRRdeYpHpZyet1DT+nNTdJdOCfrsE630" +
"9CEQNhQRXt9j5c9S8fnwEA3x/FsriCOAnXsmjVZTnMmctnEYs0aChPxnCBgW1vb2dVUTJQ+KR+2CD3xPNiIEwdk9rA+80k1z3JXek8" +
"tac4cwgbcwDAYIKoZIhvcNAgsFADBlBgkqhkiG9w0BBQwwWARAvH3U5H5R/XeTJYthNF/5aUAsqnHPEeperLR1iXVAiVH8t4iby2WP" +
"FbvQtoKDbREOo9NaULKIWlDlimxCJosvygIDAMgAAgFAMAwGCCqGSIb3DQILBQAEQGeIvocQlW6yjPCczqj+yNdn6sTcmuHI9AnFtn" +
"aY0K7Ki2oIlXl5D9TLznFhJuHDtrIA3VYy2XTCvyrY3qEIySo=");
static byte[] oldKeyStoreNoPW = Base64.decode(
"MIIF/jCCBUEwgZQGCSqGSIb3DQEFDTCBhjBkBgkqhkiG9w0BBQwwVwRAr1ik7Ut78AkRAXYcwhwjOjlSjfjzLzCqFFFsT2OHXWtCK1h" +
"FEnbVpdi5OFL+TQ6g8kU9w8EYrIZH7elwkMt+6wICBAACASAwDAYIKoZIhvcNAgsFADAeBglghkgBZQMEAS8wEQQMi3d/cdRmlkhW1" +
"B43AgEIBIIEpvp3Y9FgZwdOCGGd3pJmhTy4z3FQ+xQD5yQizR3GtuNwLQvrsDfaZOPdmt6bKSLQdjVXX214d2JmBlKNOj9MD6SDIsW" +
"+yEVoqk4asmQjY5KZi/l7o9IRMTAVFBSKyXYcmnV/0Wqpv/AEOaV1ytrxwu2TOW3gZcbNHs3YQvAArxMcqCLyyGJYJ73Qt2xuccZa8" +
"YgagCovr0t2KJYHdpeTIFvhaAU7/iHKa0z4ES0YjZoEKNu7jA91WCnKIaFdJCRLS5NKqcuHw93KgGNelEEJt9BbhmddlzZ3upxdw9Q" +
"vZsaasD30ezK6viROxAkerfXzI5QVS8Qlz1/TQ10/ri8Lf04H3+HNRV5YS0cH9ghoBxKvvu8whcA43FdvGE7MREIEykJBWWWK5bgul" +
"duf2ONNA5cIBTLwLOmPdT2I4PkXUjCROHBmX9m4F0p41+9DCpqS2z5H2oS4+n+sBLHFWZbsOu/NAXKswLDVRaBbSGJW270dc8Gv1Vo" +
"B9VWlkqX4wLZTLp+Gbk2aJaKlp9zeN5EHG/vh1wJWYq138h2MB+cYZ2TCl3+orhzlzx6xfRVAtbBz9kpPDpfgpnahM0+IdcuVc5B2s" +
"UR6hBM/GQY4cgFdsBI1XhoEjLxzD8PxF4Se2KbseB6fq0+h1GKSB8YXv+IVvroF1ueqsi8DisNcrkN3Bdbl28gopF7kG+aJ84JkEHP" +
"bmN+EaYIZZ6yRBHa/nfXltblCIRbSfB0x4L8Uz+/lbEen5hov7v/60+v+6nAlNWs3Af0ZlmOU4KAcSgmLBJzh3+83qld8BlJH1t1HI" +
"Ct/md7BQLXn4fRWeKUhbwvSvlut7knai1ZKaLxEhNCh+/7UDE7Y1wvzBfWJYfyAFkCxW9U0erkwp8euea7OgMd1U+6R9H8FEgEjzaj" +
"maMCKqmAizZromgxsiPzZgMkz9J1eY/VtWqk1Gu3mq7O/6ilWh/dogxVfeVZ2kyS17rXL152pcJHIx20Vsd4gnFx8sLqfqiO5n/qoA" +
"8BkbbwdrBmURNCVmDMuqlMl/yiOpqohQ8kcp81l6B6NHAtxAWCSz7ypfKw43G80tTKhHYDguCUvdbLCuR43DJj22SuuxoRKHjnhtYD" +
"xKL58W5HhIcSFliI5qBuRc+EHVOdHfFfqNhisitOzuTk9z1Emg0lweVFzaWkpqxiwtNfOmiYrg+EzDYiGmiQ7/r5Uxqku+aX69khXN" +
"OKQbx1d48PI/0mNJV7qUY6k1hhU3ZkMSnuR1akaq/Skds7BnC3yj8byDlWouJ5AYreHPc4uxoH6YwSrBGBWw9omxGPFE6aGWze8pV/" +
"95HOrftINptVRDPtuBvV8fo9qPJ7Xr6unG3kEbKoflYTbolguI4YN338+QIc6+53I7N7H+3kkb8TJhUPj4ImS1dvN5KfkSwYuKX8sQ" +
"r4MGUVTfJwbRCKkbimtJ1MY/Rcpe9No1xQObp/3G4Tfam1KlhhLaM3A9fCLm+WwS7zlemJ+KcWa7iOyoS5f646+aLRZ7sNeuoxYecq" +
"9ybT5W8mYitUdvxcPwMlh2w1DqwmDqXVqkevs8WnDBJM2FYWVJenoU98oPd3pbFicZsjuMIG2MAwGCCqGSIb3DQILBQAwZAYJKoZIh" +
"vcNAQUMMFcEQAI9+HvmFMWhbl/EmZBy/B2CDIKcCs4AuhrKu50UVHSHobnuX7phOAtxdI9VevE2ehMCbWkLrUa3Qtkv4CmozFwCAgQ" +
"AAgFAMAwGCCqGSIb3DQILBQAEQHGAl3x6ij1f4oSoeKX/KQOYByXY/Kk4BinJM0cG0zXapG4vYidgmTMPTguuWXxL1u3+ncAGmW2EY" +
"gEAHiOUu5c=");
static byte[] oldKeyStore = Base64.decode(
"MIIF/jCCBUEwgZQGCSqGSIb3DQEFDTCBhjBkBgkqhkiG9w0BBQwwVwRA1njcCRF+e+s3pQsVaifZNKCablZ+5cLEeJXEdsAtJt7ZG2" +
"6dq5iYzBhbol5L5D0n9RLYFW5IoK9rCd8UpD61GAICBAACASAwDAYIKoZIhvcNAgsFADAeBglghkgBZQMEAS8wEQQMhT2rGv09UX8P" +
"pmcZAgEIBIIEpu8KeIMyG7FZL+rxPCJ7YFNRXEjykNt70W1BD8VDsN/bGuW4kCnKXNlzV2SAx/44mhdR47qiKrXziCwZUgpck9d1R5" +
"nQQtTKw0Q2F1EuWGm9ErFpCMYl6E43/URmkmjuCMIpEbrKHTmuEjqsdHJ7+CST4cFU3lCsBj7dMl9G7tLxJhq5aCTYxhFX6R5kM5QH" +
"t/pkxE/5Ei94nh606cKNjLA7Zlrbn1c5WlTpesOjE1pZp/QY9UuSiSA0nucNd8Ir0H4PK120QerdQQ4EWY/KHEDn4EqGpaE1Z6WVAS" +
"qyYING7g1q4YeYeJjFA2V8fqsj0j/wxG29x5J5ghcERnrcQGTL2P3uLvy2chgHdqIaFxKStANVntW+dy9MD/uCZnYi7DzeS3qWEZcl" +
"cpp5oImL79k08uc9jpfOnNaqbxz8b76ABH39OVQVSGRhh7fkYYSlUEWpSlaFoKaywV3yJwXlilhX7JqyiqRt/hrlVLTlQZZeJbYMrE" +
"KA/Fn2ePmNt5hJRiHzF5w/YVd5My27QtPvInCgJ2bV+Z0Di3l+Sd4SCS1NiHtR6uB7G3xlI8E3uQVV4dRNXM8drb1Uu/eTGxGSH0hY" +
"2Z0N8TvSGdz+TAQRNn/nXaMA2nZdfhVmwiRPPP3BaiBCJM6y5FroOT1rkPupA+gpmlw1M7Ey+rABphsqEig2XyRe4FMMmIc4i8ga6m" +
"KH+F0e26ycsb+nSycdhLIs5Dcdo42wzmvmoG8fvM+/C1N98TfB0m2KbtS1TV9dohagJi4l685iUMnUbH3nmha7RPYUVnpZdDokiATV" +
"WjuSezCdpIxv1m6HOqXuArvDtvExDzyVZnPoIF4DEuRypDpW8tkppvLGA6VEo1TPJvjvyrX6SqorwDa1JINVnQGPpx5StjL+eIQBzV" +
"RHoy+NP2dcPBHUlAfwWrkk7V7CwST6uNYBL+YVhTYYIN1HnJY0CkmmraqMvkMks17WAd9hONzSLmNT3St6s3VIQMMPC7qNatB+570Q" +
"BxgiQC7ieFu1wqy9ZNnNLU9DC69HR37uUFyiCnbCb54XY/zmCUhc8ONBi3L8DwmiDZ2oF7WIEmWvblcbWaQNFPNBMS9KzejHLpvopW" +
"+XcfRX4jCz9PwZ9HhUwGk8R7b1MALgJhXxuAD/a4VQK2OtlTHeAgSGBrGcGgjzSa7JWM5ks+EHdTuLaiU3ViVXLrZq4lr/D8ni1Ipt" +
"kKPaVcWnl56i7AXZtPj5xVE5v2eVual3sBOkObpoObyrDfmouZW0A9GPk69jGTm5j2FU+50p7JxSfR78BZJitBqrcYS4boVDFmTZYN" +
"MBpgGkHqW79gWKIde/pf6nf9cSnDEjZEIZJQI5rnLqmGG6+vKxJQJt7be4vCzGTVMqiY3+QgVCuwtK7Vd44RaPDnzQDxC9OwJOhIUF" +
"s1UwoS/vU/n5kbaYmD+py3dgffw4EicaOv5hG7NELZRKxueCjnVwdeCGH+WgJL7AIUdruK/SvsQbJX1asEFKU5KCG4Z9Sw0Sw4MjL+" +
"OAiyIbpQpMfHtG+9ORfWWmlH8McA3rjT07fKelhPn1YauY2jGZLfBrpBrQKxvcL82og7rUMIG2MAwGCCqGSIb3DQILBQAwZAYJKoZI" +
"hvcNAQUMMFcEQOchs+KAXDWhUaENOgpSls0plNpIUYDkgnMa/iL4RzEOCwiZBOuBdGsEfP3oKLWUS3wO83vrgetSLK5fkN6QNnoCAg" +
"QAAgFAMAwGCCqGSIb3DQILBQAEQBLCR5e4teCd8JX0xJbGadSCFaO1oEehyXSZrnKahsYJ7yTHqJTvlcWvqTiwn7Gud/SJmMXPQkZC" +
"SQhMQ5k+xZ4=");
public void shouldCreateEmptyBCFKSNoPassword()
throws Exception
{
checkEmptyStore(null);
}
public void shouldCreateEmptyBCFKSPassword()
throws Exception
{
checkEmptyStore(testPassword);
}
private void checkEmptyStore(char[] passwd)
throws KeyStoreException, NoSuchProviderException, IOException, NoSuchAlgorithmException, CertificateException
{
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
isTrue("", 0 == store1.size());
isTrue("", !store1.aliases().hasMoreElements());
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
store1.store(bOut, passwd);
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(bOut.toByteArray()), passwd);
isTrue("", 0 == store2.size());
isTrue("", !store2.aliases().hasMoreElements());
checkInvalidLoad(store2, passwd, bOut.toByteArray());
}
private void checkInvalidLoad(KeyStore store, char[] passwd, byte[] data)
throws NoSuchAlgorithmException, CertificateException, KeyStoreException
{
checkInvalidLoadForPassword(store, invalidTestPassword, data);
if (passwd != null)
{
checkInvalidLoadForPassword(store, null, data);
}
}
private void checkInvalidLoadForPassword(KeyStore store, char[] password, byte[] data)
throws NoSuchAlgorithmException, CertificateException, KeyStoreException
{
try
{
store.load(new ByteArrayInputStream(data), password);
}
catch (IOException e)
{
isTrue("wrong message", "BCFKS KeyStore corrupted: MAC calculation failed".equals(e.getMessage()));
}
isTrue("", 0 == store.size());
isTrue("", !store.aliases().hasMoreElements());
}
public void shouldStoreOneCertificate()
throws Exception
{
X509Certificate cert = (X509Certificate)CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
checkOneCertificate(cert, null);
checkOneCertificate(cert, testPassword);
}
public void shouldStoreOneCertificateWithECDSASignature()
throws Exception
{
KeyPairGenerator kpG = KeyPairGenerator.getInstance("EC", "BC");
kpG.initialize(new ECGenParameterSpec("P-256"));
KeyPair kp = kpG.generateKeyPair();
X509Certificate cert = (X509Certificate)CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
store1.setCertificateEntry("cert", cert);
isTrue("", 1 == store1.size());
Enumeration<String> en1 = store1.aliases();
isTrue("", "cert".equals(en1.nextElement()));
isTrue("", !en1.hasMoreElements());
certStorageCheck(store1, "cert", cert);
Date entryDate = store1.getCreationDate("cert");
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
BCFKSLoadStoreParameter storeParameter = new BCFKSLoadStoreParameter.Builder(bOut, kp.getPrivate())
.withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA)
.build();
store1.store(storeParameter);
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
BCFKSLoadStoreParameter loadParameter = new BCFKSLoadStoreParameter.Builder(
new ByteArrayInputStream(bOut.toByteArray()), kp.getPublic())
.withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA)
.build();
store2.load(loadParameter);
}
public void shouldStoreOneCertificateWithECDSASignatureAndCertificates()
throws Exception
{
KeyPairGenerator kpG = KeyPairGenerator.getInstance("EC", "BC");
kpG.initialize(new ECGenParameterSpec("P-256"));
KeyPair kp = kpG.generateKeyPair();
X509Certificate cert = (X509Certificate)CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
store1.setCertificateEntry("cert", cert);
isTrue("", 1 == store1.size());
Enumeration<String> en1 = store1.aliases();
isTrue("", "cert".equals(en1.nextElement()));
isTrue("", !en1.hasMoreElements());
certStorageCheck(store1, "cert", cert);
Date entryDate = store1.getCreationDate("cert");
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
final X509Certificate selfSignedCert = TestUtils.createSelfSignedCert("CN=ECDSA", "SHA256withECDSA", kp);
BCFKSLoadStoreParameter storeParameter = new BCFKSLoadStoreParameter.Builder(bOut, kp.getPrivate())
.withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA)
.withCertificates(
new X509Certificate[] {selfSignedCert})
.build();
store1.store(storeParameter);
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
final AtomicBoolean isCalled = new AtomicBoolean(false);
BCFKSLoadStoreParameter loadParameter = new BCFKSLoadStoreParameter.Builder(
new ByteArrayInputStream(bOut.toByteArray()), new BCFKSLoadStoreParameter.CertChainValidator()
{
public boolean isValid(X509Certificate[] chain)
{
isEquals(selfSignedCert, chain[0]);
isCalled.set(true);
return true;
}
})
.withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA)
.build();
store2.load(loadParameter);
isTrue(isCalled.get());
loadParameter = new BCFKSLoadStoreParameter.Builder(
new ByteArrayInputStream(bOut.toByteArray()), new BCFKSLoadStoreParameter.CertChainValidator()
{
public boolean isValid(X509Certificate[] chain)
{
isEquals(selfSignedCert, chain[0]);
return false;
}
})
.withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withECDSA)
.build();
try
{
store2.load(loadParameter);
fail("no exception");
}
catch (IOException e)
{
isEquals("certificate chain in key store signature not valid", e.getMessage());
}
}
public void shouldStoreOneCertificateWithDSASignature()
throws Exception
{
KeyPairGenerator kpG = KeyPairGenerator.getInstance("DSA", "BC");
kpG.initialize(2048);
KeyPair kp = kpG.generateKeyPair();
X509Certificate cert = (X509Certificate)CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
store1.setCertificateEntry("cert", cert);
isTrue("", 1 == store1.size());
Enumeration<String> en1 = store1.aliases();
isTrue("", "cert".equals(en1.nextElement()));
isTrue("", !en1.hasMoreElements());
certStorageCheck(store1, "cert", cert);
Date entryDate = store1.getCreationDate("cert");
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
BCFKSLoadStoreParameter storeParameter = new BCFKSLoadStoreParameter.Builder(bOut, kp.getPrivate())
.withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA)
.build();
store1.store(storeParameter);
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
BCFKSLoadStoreParameter loadParameter = new BCFKSLoadStoreParameter.Builder(
new ByteArrayInputStream(bOut.toByteArray()), kp.getPublic())
.withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withDSA)
.build();
store2.load(loadParameter);
}
public void shouldStoreOneCertificateWithRSASignature()
throws Exception
{
KeyPairGenerator kpG = KeyPairGenerator.getInstance("RSA", "BC");
kpG.initialize(2048);
KeyPair kp = kpG.generateKeyPair();
X509Certificate cert = (X509Certificate)CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
store1.setCertificateEntry("cert", cert);
isTrue("", 1 == store1.size());
Enumeration<String> en1 = store1.aliases();
isTrue("", "cert".equals(en1.nextElement()));
isTrue("", !en1.hasMoreElements());
certStorageCheck(store1, "cert", cert);
Date entryDate = store1.getCreationDate("cert");
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
BCFKSLoadStoreParameter storeParameter = new BCFKSLoadStoreParameter.Builder(bOut, kp.getPrivate())
.withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA)
.build();
store1.store(storeParameter);
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
BCFKSLoadStoreParameter loadParameter = new BCFKSLoadStoreParameter.Builder(
new ByteArrayInputStream(bOut.toByteArray()), kp.getPublic())
.withStoreSignatureAlgorithm(BCFKSLoadStoreParameter.SignatureAlgorithm.SHA512withRSA)
.build();
store2.load(loadParameter);
}
private void checkOneCertificate(X509Certificate cert, char[] passwd)
throws KeyStoreException, NoSuchProviderException, IOException, NoSuchAlgorithmException, CertificateException
{
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
store1.setCertificateEntry("cert", cert);
isTrue("", 1 == store1.size());
Enumeration<String> en1 = store1.aliases();
isTrue("", "cert".equals(en1.nextElement()));
isTrue("", !en1.hasMoreElements());
certStorageCheck(store1, "cert", cert);
Date entryDate = store1.getCreationDate("cert");
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
store1.store(bOut, passwd);
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(bOut.toByteArray()), passwd);
isTrue("", entryDate.equals(store2.getCreationDate("cert")));
isTrue("", 1 == store2.size());
Enumeration<String> en2 = store2.aliases();
isTrue("", "cert".equals(en2.nextElement()));
isTrue("", !en2.hasMoreElements());
certStorageCheck(store2, "cert", cert);
// check invalid load with content
checkInvalidLoad(store2, passwd, bOut.toByteArray());
// check deletion on purpose
store1.deleteEntry("cert");
isTrue("", 0 == store1.size());
isTrue("", !store1.aliases().hasMoreElements());
bOut = new ByteArrayOutputStream();
store1.store(bOut, passwd);
store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(bOut.toByteArray()), passwd);
isTrue("", 0 == store2.size());
isTrue("", !store2.aliases().hasMoreElements());
}
public void shouldStoreOnePrivateKey()
throws Exception
{
PrivateKey privKey = getPrivateKey();
X509Certificate cert = (X509Certificate)CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
checkOnePrivateKeyFips(privKey, new X509Certificate[]{cert}, null);
checkOnePrivateKeyFips(privKey, new X509Certificate[]{cert}, testPassword);
checkOnePrivateKeyDef(privKey, new X509Certificate[]{cert}, null);
checkOnePrivateKeyDef(privKey, new X509Certificate[]{cert}, testPassword);
}
public void shouldStoreOnePrivateKeyWithChain()
throws Exception
{
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
kpGen.initialize(512);
KeyPair kp1 = kpGen.generateKeyPair();
KeyPair kp2 = kpGen.generateKeyPair();
X509Certificate finalCert = TestUtils.createSelfSignedCert("CN=Final", "SHA1withRSA", kp2);
X509Certificate interCert = TestUtils.createCert(
TestUtils.getCertSubject(finalCert),
kp2.getPrivate(),
"CN=EE",
"SHA1withRSA",
null,
kp1.getPublic());
checkOnePrivateKeyFips(kp1.getPrivate(), new X509Certificate[]{interCert, finalCert}, null);
checkOnePrivateKeyFips(kp1.getPrivate(), new X509Certificate[]{interCert, finalCert}, testPassword);
checkOnePrivateKeyDef(kp1.getPrivate(), new X509Certificate[]{interCert, finalCert}, null);
checkOnePrivateKeyDef(kp1.getPrivate(), new X509Certificate[]{interCert, finalCert}, testPassword);
}
public void shouldStoreOneECKeyWithChain()
throws Exception
{
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC", "BC");
kpGen.initialize(256);
KeyPair kp1 = kpGen.generateKeyPair();
KeyPair kp2 = kpGen.generateKeyPair();
X509Certificate finalCert = TestUtils.createSelfSignedCert("CN=Final", "SHA1withECDSA", kp2);
X509Certificate interCert = TestUtils.createCert(
TestUtils.getCertSubject(finalCert),
kp2.getPrivate(),
"CN=EE",
"SHA1withECDSA",
null,
kp1.getPublic());
checkOnePrivateKeyFips(kp1.getPrivate(), new X509Certificate[]{interCert, finalCert}, null);
checkOnePrivateKeyFips(kp1.getPrivate(), new X509Certificate[]{interCert, finalCert}, testPassword);
checkOnePrivateKeyDef(kp1.getPrivate(), new X509Certificate[]{interCert, finalCert}, null);
checkOnePrivateKeyDef(kp1.getPrivate(), new X509Certificate[]{interCert, finalCert}, testPassword);
}
public void shouldRejectInconsistentKeys()
throws Exception
{
PrivateKey privKey = getPrivateKey();
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
X509Certificate interCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.interCertBin));
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
try
{
store1.setKeyEntry("privkey", privKey, "hello".toCharArray(), new X509Certificate[]{interCert});
fail("no exception");
}
catch (KeyStoreException e)
{
isTrue("", "RSA keys do not have the same modulus".equals(e.getCause().getMessage()));
}
}
private void checkOnePrivateKeyFips(PrivateKey key, X509Certificate[] certs, char[] passwd)
throws Exception
{
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
checkOnePrivateKey(key, store1, certs, passwd);
}
private void checkOnePrivateKeyDef(PrivateKey key, X509Certificate[] certs, char[] passwd)
throws Exception
{
KeyStore store1 = KeyStore.getInstance("BCFKS-DEF", "BC");
store1.load(null, null);
checkOnePrivateKey(key, store1, certs, passwd);
}
private void checkOnePrivateKey(PrivateKey key, KeyStore store1, X509Certificate[] certs, char[] passwd)
throws Exception
{
store1.setKeyEntry("privkey", key, passwd, certs);
isTrue("", 1 == store1.size());
Enumeration<String> en1 = store1.aliases();
isTrue("", "privkey".equals(en1.nextElement()));
isTrue("", !en1.hasMoreElements());
privateKeyStorageCheck(store1, "privkey", key, certs[0], passwd);
Date entryDate = store1.getCreationDate("privkey");
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
store1.store(bOut, passwd);
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(bOut.toByteArray()), passwd);
isTrue("", store2.getCertificateChain("privkey").length == certs.length);
Certificate[] sChain = store2.getCertificateChain("privkey");
for (int i = 0; i != sChain.length; i++)
{
isTrue("", certs[i].equals(sChain[i]));
}
isTrue("", entryDate.equals(store2.getCreationDate("privkey")));
isTrue("", 1 == store2.size());
Enumeration<String> en2 = store2.aliases();
isTrue("", "privkey".equals(en2.nextElement()));
isTrue("", !en2.hasMoreElements());
privateKeyStorageCheck(store2, "privkey", key, certs[0], passwd);
// check invalid load with content
checkInvalidLoad(store2, passwd, bOut.toByteArray());
// check deletion on purpose
store1.deleteEntry("privkey");
isTrue("", 0 == store1.size());
isTrue("", !store1.aliases().hasMoreElements());
bOut = new ByteArrayOutputStream();
store1.store(bOut, passwd);
store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(bOut.toByteArray()), passwd);
isTrue("", 0 == store2.size());
isTrue("", !store2.aliases().hasMoreElements());
}
public void shouldStoreMultipleKeys()
throws Exception
{
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
kpGen.initialize(512);
KeyPair kp1 = kpGen.generateKeyPair();
KeyPair kp2 = kpGen.generateKeyPair();
X509Certificate finalCert = TestUtils.createSelfSignedCert("CN=Final", "SHA1withRSA", kp2);
X509Certificate interCert = TestUtils.createCert(
TestUtils.getCertSubject(finalCert),
kp2.getPrivate(),
"CN=EE",
"SHA1withRSA",
null,
kp1.getPublic());
PrivateKey privKey = kp1.getPrivate();
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
X509Certificate cert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(trustedCertData));
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
store1.setKeyEntry("privkey", privKey, testPassword, new X509Certificate[]{interCert, finalCert});
store1.setCertificateEntry("trusted", cert);
SecretKeySpec aesKey = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"), "AES");
store1.setKeyEntry("secret1", aesKey, "secretPwd1".toCharArray(), null);
SecretKeySpec edeKey = new SecretKeySpec(Hex.decode("010102020404070708080b0b0d0d0e0e"), "DESede");
store1.setKeyEntry("secret2", edeKey, "secretPwd2".toCharArray(), null);
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
store1.store(bOut, testPassword);
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(bOut.toByteArray()), testPassword);
isTrue("", 4 == store2.size());
Key storeDesEde = store2.getKey("secret2", "secretPwd2".toCharArray());
isTrue("", edeKey.getAlgorithm().equals(storeDesEde.getAlgorithm()));
isTrue("", Arrays.areEqual(edeKey.getEncoded(), storeDesEde.getEncoded()));
Key storeAes = store2.getKey("secret1", "secretPwd1".toCharArray());
isTrue("", Arrays.areEqual(aesKey.getEncoded(), storeAes.getEncoded()));
isTrue("", aesKey.getAlgorithm().equals(storeAes.getAlgorithm()));
Key storePrivKey = store2.getKey("privkey", testPassword);
isTrue("", privKey.equals(storePrivKey));
isTrue("", 2 == store2.getCertificateChain("privkey").length);
Certificate storeCert = store2.getCertificate("trusted");
isTrue("", cert.equals(storeCert));
isTrue("", null == store2.getCertificate("unknown"));
isTrue("", null == store2.getCertificateChain("unknown"));
isTrue("", !store2.isCertificateEntry("unknown"));
isTrue("", !store2.isKeyEntry("unknown"));
isTrue("", !store2.containsAlias("unknown"));
}
public void shouldParseKWPKeyStore()
throws Exception
{
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
X509Certificate cert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(trustedCertData));
SecretKeySpec aesKey = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"), "AES");
SecretKeySpec edeKey = new SecretKeySpec(Hex.decode("010102020404070708080b0b0d0d0e0e"), "DESede");
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(kwpKeyStore), testPassword);
isTrue("", 4 == store2.size());
Key storeDesEde = store2.getKey("secret2", "secretPwd2".toCharArray());
isTrue("", edeKey.getAlgorithm().equals(storeDesEde.getAlgorithm()));
isTrue("", Arrays.areEqual(edeKey.getEncoded(), storeDesEde.getEncoded()));
Key storeAes = store2.getKey("secret1", "secretPwd1".toCharArray());
isTrue("", Arrays.areEqual(aesKey.getEncoded(), storeAes.getEncoded()));
isTrue("", aesKey.getAlgorithm().equals(storeAes.getAlgorithm()));
Key storePrivKey = store2.getKey("privkey", testPassword);
isTrue("", 2 == store2.getCertificateChain("privkey").length);
isTrue("", storePrivKey instanceof RSAPrivateCrtKey);
Certificate storeCert = store2.getCertificate("trusted");
isTrue("", cert.equals(storeCert));
isTrue("", null == store2.getCertificate("unknown"));
isTrue("", null == store2.getCertificateChain("unknown"));
isTrue("", !store2.isCertificateEntry("unknown"));
isTrue("", !store2.isKeyEntry("unknown"));
isTrue("", !store2.containsAlias("unknown"));
}
public void shouldStoreSecretKeys()
throws Exception
{
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
SecretKeySpec aesKey = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"), "AES");
SecretKeySpec edeKey1 = new SecretKeySpec(Hex.decode("010102020404070708080b0b0d0d0e0e"), "DESede");
SecretKeySpec edeKey2 = new SecretKeySpec(Hex.decode("010102020404070708080b0b0d0d0e0e"), "TripleDES");
SecretKeySpec edeKey3 = new SecretKeySpec(Hex.decode("010102020404070708080b0b0d0d0e0e"), "TDEA");
SecretKeySpec hmacKey1 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff"), "HmacSHA1");
SecretKeySpec hmacKey224 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff"), "HmacSHA224");
SecretKeySpec hmacKey256 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff01ff"), "HmacSHA256");
SecretKeySpec hmacKey384 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff0102ff"), "HmacSHA384");
SecretKeySpec hmacKey512 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0eff010203ff"), "HmacSHA512");
SecretKeySpec camellia128 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f"), "Camellia");
SecretKeySpec camellia192 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f0001020304050607"), "Camellia");
SecretKeySpec camellia256 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"), "Camellia");
SecretKeySpec seed = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f"), "SEED");
SecretKeySpec aria128 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f"), "ARIA");
SecretKeySpec aria192 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f0001020304050607"), "ARIA");
SecretKeySpec aria256 = new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"), "ARIA");
store1.setKeyEntry("secret1", aesKey, "secretPwd1".toCharArray(), null);
store1.setKeyEntry("secret2", edeKey1, "secretPwd2".toCharArray(), null);
store1.setKeyEntry("secret3", edeKey2, "secretPwd3".toCharArray(), null);
store1.setKeyEntry("secret4", edeKey3, "secretPwd4".toCharArray(), null);
store1.setKeyEntry("secret5", hmacKey1, "secretPwd5".toCharArray(), null);
store1.setKeyEntry("secret6", hmacKey224, "secretPwd6".toCharArray(), null);
store1.setKeyEntry("secret7", hmacKey256, "secretPwd7".toCharArray(), null);
store1.setKeyEntry("secret8", hmacKey384, "secretPwd8".toCharArray(), null);
store1.setKeyEntry("secret9", hmacKey512, "secretPwd9".toCharArray(), null);
store1.setKeyEntry("secret10", camellia128, "secretPwd10".toCharArray(), null);
store1.setKeyEntry("secret11", camellia192, "secretPwd11".toCharArray(), null);
store1.setKeyEntry("secret12", camellia256, "secretPwd12".toCharArray(), null);
store1.setKeyEntry("secret13", seed, "secretPwd13".toCharArray(), null);
store1.setKeyEntry("secret14", aria128, "secretPwd14".toCharArray(), null);
store1.setKeyEntry("secret15", aria192, "secretPwd15".toCharArray(), null);
store1.setKeyEntry("secret16", aria256, "secretPwd16".toCharArray(), null);
checkSecretKey(store1, "secret1", "secretPwd1".toCharArray(), aesKey);
checkSecretKey(store1, "secret2", "secretPwd2".toCharArray(), edeKey1); // TRIPLEDES and TDEA will convert to DESEDE
checkSecretKey(store1, "secret3", "secretPwd3".toCharArray(), edeKey1);
checkSecretKey(store1, "secret4", "secretPwd4".toCharArray(), edeKey1);
// TODO:
// checkSecretKey(store1, "secret5", "secretPwd5".toCharArray(), hmacKey1);
// checkSecretKey(store1, "secret6", "secretPwd6".toCharArray(), hmacKey224);
// checkSecretKey(store1, "secret7", "secretPwd7".toCharArray(), hmacKey256);
// checkSecretKey(store1, "secret8", "secretPwd8".toCharArray(), hmacKey384);
// checkSecretKey(store1, "secret9", "secretPwd9".toCharArray(), hmacKey512);
checkSecretKey(store1, "secret10", "secretPwd10".toCharArray(), camellia128);
checkSecretKey(store1, "secret11", "secretPwd11".toCharArray(), camellia192);
checkSecretKey(store1, "secret12", "secretPwd12".toCharArray(), camellia256);
checkSecretKey(store1, "secret13", "secretPwd13".toCharArray(), seed);
checkSecretKey(store1, "secret14", "secretPwd14".toCharArray(), aria128);
checkSecretKey(store1, "secret15", "secretPwd15".toCharArray(), aria192);
checkSecretKey(store1, "secret16", "secretPwd16".toCharArray(), aria256);
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
store1.store(bOut, "secretkeytest".toCharArray());
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(bOut.toByteArray()), "secretkeytest".toCharArray());
checkSecretKey(store2, "secret1", "secretPwd1".toCharArray(), aesKey);
checkSecretKey(store2, "secret2", "secretPwd2".toCharArray(), edeKey1); // TRIPLEDES and TDEA will convert to DESEDE
checkSecretKey(store2, "secret3", "secretPwd3".toCharArray(), edeKey1);
checkSecretKey(store2, "secret4", "secretPwd4".toCharArray(), edeKey1);
// TODO:
// checkSecretKey(store2, "secret5", "secretPwd5".toCharArray(), hmacKey1);
// checkSecretKey(store2, "secret6", "secretPwd6".toCharArray(), hmacKey224);
// checkSecretKey(store2, "secret7", "secretPwd7".toCharArray(), hmacKey256);
// checkSecretKey(store2, "secret8", "secretPwd8".toCharArray(), hmacKey384);
// checkSecretKey(store2, "secret9", "secretPwd9".toCharArray(), hmacKey512);
isTrue("", null == store2.getKey("secret17", new char[0]));
}
public void shouldFailOnWrongPassword()
throws Exception
{
failOnWrongPasswordTest("IBCFKS");
failOnWrongPasswordTest("IBCFKS-DEF");
}
public void failOnWrongPasswordTest(String storeName)
throws Exception
{
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
kpGen.initialize(512);
KeyPair kp1 = kpGen.generateKeyPair();
KeyPair kp2 = kpGen.generateKeyPair();
X509Certificate finalCert = TestUtils.createSelfSignedCert("CN=Final", "SHA1withRSA", kp2);
X509Certificate interCert = TestUtils.createCert(
X500Name.getInstance(finalCert.getSubjectX500Principal().getEncoded()),
kp2.getPrivate(),
"CN=EE",
"SHA1withRSA",
null,
kp1.getPublic());
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
store1.setKeyEntry("privkey", kp1.getPrivate(), testPassword, new X509Certificate[]{interCert, finalCert});
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
store1.store(bOut, testPassword);
store1 = KeyStore.getInstance(storeName, "BC");
store1.load(new ByteArrayInputStream(bOut.toByteArray()), testPassword);
isTrue("privKey test 1", store1.getKey("privkey", testPassword) != null);
try
{
store1.getKey("privkey", invalidTestPassword);
fail("no exception");
}
catch (UnrecoverableKeyException e)
{
isEquals("wrong message, got : " + e.getMessage(), "unable to recover key (privkey)", e.getMessage());
}
isTrue("privKey test 2", store1.getKey("privkey", testPassword) != null);
}
private void checkSecretKey(KeyStore store, String alias, char[] passwd, SecretKey key)
throws Exception
{
SecretKey sKey = (SecretKey)store.getKey(alias, passwd);
isTrue("", Arrays.areEqual(key.getEncoded(), sKey.getEncoded()));
isTrue("", key.getAlgorithm().equals(sKey.getAlgorithm()));
if (!store.isKeyEntry(alias))
{
fail("key not identified as key entry");
}
if (!store.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class))
{
fail("not identified as key entry via SecretKeyEntry");
}
}
private PrivateKey getPrivateKey()
{
PrivateKey privKey = null;
RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
new BigInteger("11", 16),
new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
try
{
KeyFactory fact = KeyFactory.getInstance("RSA", "BC");
privKey = fact.generatePrivate(privKeySpec);
}
catch (Exception e)
{
fail("error setting up keys - " + e.toString());
}
return privKey;
}
public void shouldFailOnRemovesOrOverwrite()
throws Exception
{
failOnRemovesOrOverwrite("IBCFKS");
failOnRemovesOrOverwrite("IBCFKS-DEF");
}
private void failOnRemovesOrOverwrite(String storeName)
throws Exception
{
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
kpGen.initialize(512);
KeyPair kp1 = kpGen.generateKeyPair();
KeyPair kp2 = kpGen.generateKeyPair();
X509Certificate finalCert = TestUtils.createSelfSignedCert("CN=Final", "SHA1withRSA", kp2);
X509Certificate interCert = TestUtils.createCert(
X500Name.getInstance(finalCert.getSubjectX500Principal().getEncoded()),
kp2.getPrivate(),
"CN=EE",
"SHA1withRSA",
null,
kp1.getPublic());
KeyStore store1 = KeyStore.getInstance(storeName, "BC");
store1.load(new ByteArrayInputStream(oldKeyStoreNoPW), null);
try
{
store1.setKeyEntry("privkey", kp1.getPrivate(), testPassword, new X509Certificate[]{interCert, finalCert});
fail("no exception");
}
catch (KeyStoreException e)
{
isTrue("set operation not supported in shared mode".equals(e.getMessage()));
}
try
{
store1.setKeyEntry("privkey", kp1.getPrivate().getEncoded(), new X509Certificate[]{interCert, finalCert});
fail("no exception");
}
catch (KeyStoreException e)
{
isTrue("set operation not supported in shared mode".equals(e.getMessage()));
}
try
{
store1.setCertificateEntry("cert", interCert);
fail("no exception");
}
catch (KeyStoreException e)
{
isTrue("set operation not supported in shared mode".equals(e.getMessage()));
}
try
{
store1.deleteEntry("privkey");
fail("no exception");
}
catch (KeyStoreException e)
{
isTrue("delete operation not supported in shared mode".equals(e.getMessage()));
}
}
public void shouldStoreOneSecretKey()
throws Exception
{
checkOneSecretKey(new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f"), "AES"), null);
checkOneSecretKey(new SecretKeySpec(Hex.decode("000102030405060708090a0b0c0d0e0f"), "AES"), testPassword);
}
private void checkOneSecretKey(SecretKey key, char[] passwd)
throws Exception
{
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
store1.setKeyEntry("seckey", key, passwd, null);
isTrue("", 1 == store1.size());
Enumeration<String> en1 = store1.aliases();
isTrue("", "seckey".equals(en1.nextElement()));
isTrue("", !en1.hasMoreElements());
secretKeyStorageCheck(store1, "seckey", key, passwd);
Date entryDate = store1.getCreationDate("seckey");
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
store1.store(bOut, passwd);
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(bOut.toByteArray()), passwd);
isTrue("", entryDate.equals(store2.getCreationDate("seckey")));
isTrue("", 1 == store2.size());
Enumeration<String> en2 = store2.aliases();
isTrue("", "seckey".equals(en2.nextElement()));
isTrue("", !en2.hasMoreElements());
secretKeyStorageCheck(store2, "seckey", key, passwd);
// check invalid load with content
checkInvalidLoad(store2, passwd, bOut.toByteArray());
// check deletion on purpose
store1.deleteEntry("seckey");
isTrue("", 0 == store1.size());
isTrue("", !store1.aliases().hasMoreElements());
bOut = new ByteArrayOutputStream();
store1.store(bOut, passwd);
store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(bOut.toByteArray()), passwd);
isTrue("", 0 == store2.size());
isTrue("", !store2.aliases().hasMoreElements());
}
private void privateKeyStorageCheck(KeyStore store, String keyName, PrivateKey key, Certificate cert, char[] password)
throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException
{
if (!store.containsAlias(keyName))
{
fail("couldn't find alias privateKey");
}
if (store.isCertificateEntry(keyName))
{
fail("key identified as certificate entry");
}
if (!store.isKeyEntry(keyName))
{
fail("key not identified as key entry");
}
Key storeKey = store.getKey(keyName, password);
if (store.getType().equals("BCFKS"))
{
isTrue("", key.equals(storeKey));
}
if (password != null)
{
try
{
store.getKey(keyName, null);
}
catch (UnrecoverableKeyException e)
{
isTrue("", e.getMessage().startsWith("BCFKS KeyStore unable to recover private key (privkey)"));
}
}
Certificate[] certificateChain = store.getCertificateChain(keyName);
if (certificateChain == null)
{
fail("Did not return certificate chain");
}
isTrue("", cert.equals(certificateChain[0]));
isTrue("", keyName.equals(store.getCertificateAlias(cert)));
if (store.entryInstanceOf(keyName, KeyStore.TrustedCertificateEntry.class))
{
fail("identified as TrustedCertificateEntry");
}
if (!store.entryInstanceOf(keyName, KeyStore.PrivateKeyEntry.class))
{
fail("not identified as key entry via PrivateKeyEntry");
}
if (store.entryInstanceOf(keyName, KeyStore.SecretKeyEntry.class))
{
fail("identified as key entry via SecretKeyEntry");
}
}
private void certStorageCheck(KeyStore store, String certName, Certificate cert)
throws KeyStoreException
{
if (!store.containsAlias(certName))
{
fail("couldn't find alias " + certName);
}
if (!store.isCertificateEntry(certName))
{
fail("cert not identified as certificate entry");
}
if (store.isKeyEntry(certName))
{
fail("cert identified as key entry");
}
if (!store.entryInstanceOf(certName, KeyStore.TrustedCertificateEntry.class))
{
fail("cert not identified as TrustedCertificateEntry");
}
if (store.entryInstanceOf(certName, KeyStore.PrivateKeyEntry.class))
{
fail("cert identified as key entry via PrivateKeyEntry");
}
if (store.entryInstanceOf(certName, KeyStore.SecretKeyEntry.class))
{
fail("cert identified as key entry via SecretKeyEntry");
}
if (!certName.equals(store.getCertificateAlias(cert)))
{
fail("Did not return alias for certificate entry");
}
}
private void secretKeyStorageCheck(KeyStore store, String keyName, SecretKey key, char[] password)
throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException
{
if (!store.containsAlias(keyName))
{
fail("couldn't find alias privateKey");
}
if (store.isCertificateEntry(keyName))
{
fail("key identified as certificate entry");
}
if (!store.isKeyEntry(keyName))
{
fail("key not identified as key entry");
}
Key storeKey = store.getKey(keyName, password);
isTrue("", Arrays.areEqual(key.getEncoded(), storeKey.getEncoded()));
if (password != null)
{
try
{
store.getKey(keyName, null);
}
catch (UnrecoverableKeyException e)
{
isTrue("", e.getMessage().startsWith("BCFKS KeyStore unable to recover secret key (seckey)"));
}
}
Certificate[] certificateChain = store.getCertificateChain(keyName);
if (certificateChain != null)
{
fail("returned certificates!");
}
if (store.entryInstanceOf(keyName, KeyStore.TrustedCertificateEntry.class))
{
fail("identified as TrustedCertificateEntry");
}
if (store.entryInstanceOf(keyName, KeyStore.PrivateKeyEntry.class))
{
fail("identified as key entry via PrivateKeyEntry");
}
if (!store.entryInstanceOf(keyName, KeyStore.SecretKeyEntry.class))
{
fail("not identified as key entry via SecretKeyEntry");
}
}
private void shouldParseOldStores()
throws Exception
{
KeyStore store = KeyStore.getInstance("BCFKS", "BC");
store.load(new ByteArrayInputStream(oldKeyStore), testPassword);
checkStore(store, oldKeyStore, testPassword);
store.load(new ByteArrayInputStream(oldKeyStoreNoPW), null);
checkStore(store, oldKeyStoreNoPW, null);
}
private void checkStore(KeyStore store1, byte[] data, char[] passwd)
throws Exception
{
isEquals(store1.getCertificateChain("privkey").length, 2);
isEquals(1, store1.size());
Enumeration<String> en2 = store1.aliases();
isEquals("privkey", en2.nextElement());
isTrue(!en2.hasMoreElements());
// check invalid load with content
checkInvalidLoad(store1, passwd, data);
try
{
store1.store(new ByteArrayOutputStream(), passwd);
fail("no exception");
}
catch (IOException e)
{
isEquals("KeyStore not initialized", e.getMessage());
}
// check deletion on purpose
store1.load(new ByteArrayInputStream(data), passwd);
store1.deleteEntry("privkey");
isEquals(0, store1.size());
isTrue(!store1.aliases().hasMoreElements());
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
store1.store(bOut, passwd);
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(bOut.toByteArray()), passwd);
isEquals(0, store2.size());
isTrue(!store2.aliases().hasMoreElements());
}
private void shouldStoreUsingSCRYPT()
throws Exception
{
byte[] enc = doStoreUsingStoreParameter(new ScryptConfig.Builder(1024, 8, 1)
.withSaltLength(20).build());
ObjectStore store = ObjectStore.getInstance(enc);
ObjectStoreIntegrityCheck integrityCheck = store.getIntegrityCheck();
isEquals(integrityCheck.getType(), ObjectStoreIntegrityCheck.PBKD_MAC_CHECK);
PbkdMacIntegrityCheck check = PbkdMacIntegrityCheck.getInstance(integrityCheck.getIntegrityCheck());
isTrue("wrong MAC", check.getMacAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_hmacWithSHA512));
isTrue("wrong PBE", check.getPbkdAlgorithm().getAlgorithm().equals(MiscObjectIdentifiers.id_scrypt));
ScryptParams sParams = ScryptParams.getInstance(check.getPbkdAlgorithm().getParameters());
isEquals(20, sParams.getSalt().length);
isEquals(1024, sParams.getCostParameter().intValue());
isEquals(8, sParams.getBlockSize().intValue());
isEquals(1, sParams.getParallelizationParameter().intValue());
EncryptedObjectStoreData objStore = EncryptedObjectStoreData.getInstance(store.getStoreData());
AlgorithmIdentifier encryptionAlgorithm = objStore.getEncryptionAlgorithm();
isTrue(encryptionAlgorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2));
PBES2Parameters pbeParams = PBES2Parameters.getInstance(encryptionAlgorithm.getParameters());
isTrue(pbeParams.getKeyDerivationFunc().getAlgorithm().equals(MiscObjectIdentifiers.id_scrypt));
sParams = ScryptParams.getInstance(pbeParams.getKeyDerivationFunc().getParameters());
isEquals(20, sParams.getSalt().length);
isEquals(1024, sParams.getCostParameter().intValue());
isEquals(8, sParams.getBlockSize().intValue());
isEquals(1, sParams.getParallelizationParameter().intValue());
}
private void shouldStoreUsingKWP()
throws Exception
{
X509Certificate cert = (X509Certificate)CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(new BCFKSLoadStoreParameter.Builder().withStoreEncryptionAlgorithm(BCFKSLoadStoreParameter.EncryptionAlgorithm.AES256_KWP).build());
store1.setCertificateEntry("cert", cert);
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
store1.store(bOut, testPassword);
byte[] enc = bOut.toByteArray();
ObjectStore store = ObjectStore.getInstance(enc);
ObjectStoreIntegrityCheck integrityCheck = store.getIntegrityCheck();
isEquals(integrityCheck.getType(), ObjectStoreIntegrityCheck.PBKD_MAC_CHECK);
PbkdMacIntegrityCheck check = PbkdMacIntegrityCheck.getInstance(integrityCheck.getIntegrityCheck());
isTrue("wrong MAC", check.getMacAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_hmacWithSHA512));
isTrue("wrong PBE", check.getPbkdAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2));
EncryptedObjectStoreData objStore = EncryptedObjectStoreData.getInstance(store.getStoreData());
AlgorithmIdentifier encryptionAlgorithm = objStore.getEncryptionAlgorithm();
isTrue(encryptionAlgorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2));
PBES2Parameters pbeParams = PBES2Parameters.getInstance(encryptionAlgorithm.getParameters());
isTrue(pbeParams.getKeyDerivationFunc().getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2));
isTrue(pbeParams.getEncryptionScheme().getAlgorithm().equals(NISTObjectIdentifiers.id_aes256_wrap_pad));
}
private void shouldStoreUsingPBKDF2()
throws Exception
{
doStoreUsingPBKDF2(PBKDF2Config.PRF_SHA512);
doStoreUsingPBKDF2(PBKDF2Config.PRF_SHA3_512);
}
private void doStoreUsingPBKDF2(AlgorithmIdentifier prf)
throws Exception
{
byte[] enc = doStoreUsingStoreParameter(new PBKDF2Config.Builder()
.withPRF(prf)
.withIterationCount(1024)
.withSaltLength(20).build());
ObjectStore store = ObjectStore.getInstance(enc);
ObjectStoreIntegrityCheck integrityCheck = store.getIntegrityCheck();
isEquals(integrityCheck.getType(), ObjectStoreIntegrityCheck.PBKD_MAC_CHECK);
PbkdMacIntegrityCheck check = PbkdMacIntegrityCheck.getInstance(integrityCheck.getIntegrityCheck());
isTrue("wrong MAC", check.getMacAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_hmacWithSHA512));
isTrue("wrong PBE", check.getPbkdAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2));
PBKDF2Params pParams = PBKDF2Params.getInstance(check.getPbkdAlgorithm().getParameters());
isTrue(pParams.getPrf().equals(prf));
isEquals(20, pParams.getSalt().length);
isEquals(1024, pParams.getIterationCount().intValue());
EncryptedObjectStoreData objStore = EncryptedObjectStoreData.getInstance(store.getStoreData());
AlgorithmIdentifier encryptionAlgorithm = objStore.getEncryptionAlgorithm();
isTrue(encryptionAlgorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBES2));
PBES2Parameters pbeParams = PBES2Parameters.getInstance(encryptionAlgorithm.getParameters());
isTrue(pbeParams.getKeyDerivationFunc().getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2));
pParams = PBKDF2Params.getInstance(check.getPbkdAlgorithm().getParameters());
isTrue(pParams.getPrf().equals(prf));
isEquals(20, pParams.getSalt().length);
isEquals(1024, pParams.getIterationCount().intValue());
}
private byte[] doStoreUsingStoreParameter(PBKDFConfig config)
throws Exception
{
X509Certificate cert = (X509Certificate)CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(trustedCertData));
KeyStore store1 = KeyStore.getInstance("BCFKS", "BC");
store1.load(null, null);
store1.setCertificateEntry("cert", cert);
isTrue("", 1 == store1.size());
Enumeration<String> en1 = store1.aliases();
isTrue("", "cert".equals(en1.nextElement()));
isTrue("", !en1.hasMoreElements());
certStorageCheck(store1, "cert", cert);
Date entryDate = store1.getCreationDate("cert");
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
store1.store(new BCFKSLoadStoreParameter.Builder(bOut, testPassword).withStorePBKDFConfig(config).build());
KeyStore store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(bOut.toByteArray()), testPassword);
isTrue("", entryDate.equals(store2.getCreationDate("cert")));
isTrue("", 1 == store2.size());
Enumeration<String> en2 = store2.aliases();
isTrue("", "cert".equals(en2.nextElement()));
isTrue("", !en2.hasMoreElements());
certStorageCheck(store2, "cert", cert);
// check invalid load with content
checkInvalidLoad(store2, testPassword, bOut.toByteArray());
// check deletion on purpose
store1.deleteEntry("cert");
isTrue("", 0 == store1.size());
isTrue("", !store1.aliases().hasMoreElements());
bOut = new ByteArrayOutputStream();
store1.store(bOut, testPassword);
store2 = KeyStore.getInstance("BCFKS", "BC");
store2.load(new ByteArrayInputStream(bOut.toByteArray()), testPassword);
isTrue("", 0 == store2.size());
isTrue("", !store2.aliases().hasMoreElements());
return bOut.toByteArray();
}
public String getName()
{
return "BCFKS";
}
public void performTest()
throws Exception
{
shouldCreateEmptyBCFKSNoPassword();
shouldCreateEmptyBCFKSPassword();
shouldStoreMultipleKeys();
shouldStoreOneCertificate();
shouldStoreOneCertificateWithECDSASignature();
shouldStoreOneCertificateWithDSASignature();
shouldStoreOneCertificateWithRSASignature();
shouldStoreOneCertificateWithECDSASignatureAndCertificates();
shouldStoreOneECKeyWithChain();
shouldStoreOnePrivateKey();
shouldStoreOnePrivateKeyWithChain();
shouldStoreOneSecretKey();
shouldStoreSecretKeys();
shouldStoreUsingSCRYPT();
shouldStoreUsingPBKDF2();
shouldFailOnWrongPassword();
shouldParseKWPKeyStore();
shouldFailOnRemovesOrOverwrite();
shouldParseOldStores();
shouldStoreUsingKWP();
//shouldRejectInconsistentKeys();
}
public static void main(
String[] args)
{
Security.addProvider(new BouncyCastleProvider());
runTest(new BCFKSStoreTest());
}
}