Tests and resources for encrypted KeyStore data.
Verifies Android can correctly read PKCS#12 KeyStores
containing PKCS#7 data encrypted in all supported
formats.
Bug: 230750823
Test: atest CtsLibcoreTestCases:tests.targets.security.KeyStorePkcs7FormatTest
Change-Id: I3f6dfb2e476422983002ce014d24a9d0b4050c2b
diff --git a/luni/src/test/java/tests/targets/security/KeyStorePkcs7FormatTest.java b/luni/src/test/java/tests/targets/security/KeyStorePkcs7FormatTest.java
new file mode 100644
index 0000000..1dd9ecf
--- /dev/null
+++ b/luni/src/test/java/tests/targets/security/KeyStorePkcs7FormatTest.java
@@ -0,0 +1,144 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package tests.targets.security;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.KeyStore.PrivateKeyEntry;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Arrays;
+import java.util.Enumeration;
+import javax.crypto.Cipher;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
+
+/**
+ * Tests the ability of PKCS#12 KeyStores to read PKCS#7 private key entries
+ * shrouded with different encryption schemes.
+ *
+ * KeyStores to test and instructions for regenerating them are in
+ * libcore/luni/src/test/resources/keystore.
+ *
+ * Each KeyStore to be tested contains the same certificate and private key
+ * pair and has the password "password".
+ */
+@RunWith(Parameterized.class)
+public class KeyStorePkcs7FormatTest {
+ private static final char[] PASSWORD = "password".toCharArray();
+
+ @Parameters(name = "{0}")
+ public static Iterable<?> data() {
+ return Arrays.asList(
+ "/keystore/pberc2.p12",
+ "/keystore/pbes2-aes-128-aes-128-sha1.p12",
+ "/keystore/pbes2-aes-128-aes-128-sha224.p12",
+ "/keystore/pbes2-aes-128-aes-128-sha256.p12",
+ "/keystore/pbes2-aes-128-aes-128-sha384.p12",
+ "/keystore/pbes2-aes-128-aes-128-sha512.p12",
+ "/keystore/pbes2-aes-128-aes-192-sha1.p12",
+ "/keystore/pbes2-aes-128-aes-192-sha224.p12",
+ "/keystore/pbes2-aes-128-aes-192-sha256.p12",
+ "/keystore/pbes2-aes-128-aes-192-sha384.p12",
+ "/keystore/pbes2-aes-128-aes-192-sha512.p12",
+ "/keystore/pbes2-aes-128-aes-256-sha1.p12",
+ "/keystore/pbes2-aes-128-aes-256-sha224.p12",
+ "/keystore/pbes2-aes-128-aes-256-sha256.p12",
+ "/keystore/pbes2-aes-128-aes-256-sha384.p12",
+ "/keystore/pbes2-aes-128-aes-256-sha512.p12",
+ "/keystore/pbes2-aes-192-aes-128-sha1.p12",
+ "/keystore/pbes2-aes-192-aes-128-sha224.p12",
+ "/keystore/pbes2-aes-192-aes-128-sha256.p12",
+ "/keystore/pbes2-aes-192-aes-128-sha384.p12",
+ "/keystore/pbes2-aes-192-aes-128-sha512.p12",
+ "/keystore/pbes2-aes-192-aes-192-sha1.p12",
+ "/keystore/pbes2-aes-192-aes-192-sha224.p12",
+ "/keystore/pbes2-aes-192-aes-192-sha256.p12",
+ "/keystore/pbes2-aes-192-aes-192-sha384.p12",
+ "/keystore/pbes2-aes-192-aes-192-sha512.p12",
+ "/keystore/pbes2-aes-192-aes-256-sha1.p12",
+ "/keystore/pbes2-aes-192-aes-256-sha224.p12",
+ "/keystore/pbes2-aes-192-aes-256-sha256.p12",
+ "/keystore/pbes2-aes-192-aes-256-sha384.p12",
+ "/keystore/pbes2-aes-192-aes-256-sha512.p12",
+ "/keystore/pbes2-aes-256-aes-128-sha1.p12",
+ "/keystore/pbes2-aes-256-aes-128-sha224.p12",
+ "/keystore/pbes2-aes-256-aes-128-sha256.p12",
+ "/keystore/pbes2-aes-256-aes-128-sha384.p12",
+ "/keystore/pbes2-aes-256-aes-128-sha512.p12",
+ "/keystore/pbes2-aes-256-aes-192-sha1.p12",
+ "/keystore/pbes2-aes-256-aes-192-sha224.p12",
+ "/keystore/pbes2-aes-256-aes-192-sha256.p12",
+ "/keystore/pbes2-aes-256-aes-192-sha384.p12",
+ "/keystore/pbes2-aes-256-aes-192-sha512.p12",
+ "/keystore/pbes2-aes-256-aes-256-sha1.p12",
+ "/keystore/pbes2-aes-256-aes-256-sha224.p12",
+ "/keystore/pbes2-aes-256-aes-256-sha256.p12",
+ "/keystore/pbes2-aes-256-aes-256-sha384.p12",
+ "/keystore/pbes2-aes-256-aes-256-sha512.p12"
+ );
+ }
+
+ @Parameter
+ public String keystoreFile;
+
+ @Test
+ public void keystoreIsReadableAndConsistent() throws Exception {
+ KeyStore keystore = KeyStore.getInstance("PKCS12");
+ InputStream inputStream = getClass().getResourceAsStream(keystoreFile);
+ assertNotNull("Resource not found: " + keystoreFile, inputStream);
+ keystore.load(inputStream, PASSWORD);
+
+ Enumeration<String> aliases = keystore.aliases();
+ assertTrue("Empty KeyStore", aliases.hasMoreElements());
+
+ while (aliases.hasMoreElements()) {
+ String alias = aliases.nextElement();
+
+ if (!keystore.isKeyEntry(alias)) {
+ fail("Test KeyStore should only contain private key entries");
+ }
+
+ PrivateKeyEntry keyEntry = (PrivateKeyEntry) keystore.getEntry(alias, null);
+ X509Certificate certificate = (X509Certificate) keyEntry.getCertificate();
+ assertEquals("CN=Test", certificate.getSubjectX500Principal().getName());
+
+ // Check the keys actually work with each other.
+ RSAPublicKey publicKey = (RSAPublicKey) certificate.getPublicKey();
+ RSAPrivateKey privateKey = (RSAPrivateKey) keyEntry.getPrivateKey();
+ byte[] original = "Some random input text".getBytes();
+
+ Cipher cipher = Cipher.getInstance("RSA");
+ cipher.init(Cipher.ENCRYPT_MODE, privateKey);
+ byte[] encrypted = cipher.doFinal(original);
+
+ cipher.init(Cipher.DECRYPT_MODE, publicKey);
+ byte[] decrypted = cipher.doFinal(encrypted);
+
+ assertArrayEquals(original, decrypted);
+ }
+ }
+}
diff --git a/luni/src/test/resources/keystore/README.md b/luni/src/test/resources/keystore/README.md
new file mode 100644
index 0000000..1721f0b
--- /dev/null
+++ b/luni/src/test/resources/keystore/README.md
@@ -0,0 +1,49 @@
+## Test KeyStore data
+
+This directory contains the same certificate and private key stored in multiple
+PKCS#12 KeyStore files, each using a different PKCS#7 encryption scheme for the
+private key, for use in `KeyStorePkcs7FormatTest`.
+
+To generate the certificate and private key:
+
+```
+openssl req -x509 -nodes -days 36500 -subj "/CN=Test" -newkey rsa:1024 \
+ -out certificate.pem -keyout privkey.pem
+```
+
+### Tested formats
+
+All KeyStores have the password "password".
+
+#### Openssl version notes
+
+In the following commands `openssl1` refers to version 1.x of the
+`openssl` binary and `openssl3` refers to version 3.x.
+
+On most Linux installations openssl1 is still the default and you may need
+to build openssl3 from source.
+
+
+#### RC2 / 3DES
+
+Very old format, but still the default generated by openssl 1.x.
+
+* PKCS12 MAC: SHA-1
+* PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
+* Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
+
+(The "Encrypted data" scheme is for the outer layer encryption for the
+whole KeyStore and the "Shrouded Keybag" is the scheme used to encrypt
+the private key)
+
+```
+openssl1 pkcs12 -export -out pberc2.p12 -in certificate.pem -inkey privkey.pem \
+ -passout pass:password
+```
+
+#### PBES2
+
+All the other files are generated with the mkstores.sh script which uses
+openssl3 to generate all supported variations of private key and certificate
+encryption (from the AES family) and overall MAC algorithm from the SHA-1 and
+SHA-2 family.
diff --git a/luni/src/test/resources/keystore/certificate.pem b/luni/src/test/resources/keystore/certificate.pem
new file mode 100644
index 0000000..8364e47
--- /dev/null
+++ b/luni/src/test/resources/keystore/certificate.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB/DCCAWWgAwIBAgIUIcImGa1nvbzmXV2KuHXM7MpC5UkwDQYJKoZIhvcNAQEL
+BQAwDzENMAsGA1UEAwwEVGVzdDAgFw0yMjA1MTcxMzMwMzlaGA8yMTIyMDQyMzEz
+MzAzOVowDzENMAsGA1UEAwwEVGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAoXKYUP8oSM5eW3aSuDz6+vd/STgFL7YVf777oVOfcgk0t6UKCr4sTx2GJYJB
+KwgQBjcSWkpoS3kVDBN+PYaNOoWxp0+pvDaa6S5P5Gg2h6Qr3ag4bS6vjxx5JbTs
+Kw5wuPl+yINhAjGSzcArLJauEz0FACDSxQy9FQdjSPVIviMCAwEAAaNTMFEwHQYD
+VR0OBBYEFHyc1WuHSglRut4pgGgcQMX7BHTuMB8GA1UdIwQYMBaAFHyc1WuHSglR
+ut4pgGgcQMX7BHTuMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEA
+RvExqBRNmh+2h2OoHSH9GwVbWjN+YZCujX1p33kNQ+a+TogdBIoNET77IvvWlIqu
+kW1VPZdFksYpoOvbtW0z7qXpwMe9vfXaF17MS4tNhCaoE/3V/Qs3v4x1cK8S9fDa
+t/5O1U4ph488Esa7q7WcALq703nV3Q+cDXTX5d9gSQY=
+-----END CERTIFICATE-----
diff --git a/luni/src/test/resources/keystore/mkstores.sh b/luni/src/test/resources/keystore/mkstores.sh
new file mode 100755
index 0000000..19d13ba
--- /dev/null
+++ b/luni/src/test/resources/keystore/mkstores.sh
@@ -0,0 +1,27 @@
+#! /bin/sh
+#
+# Creates keystores from privkey.prm and certificate.pem with algorithm variations
+
+mkstore() {
+ local KEYALG="$1"
+ local CERTALG="$2"
+ local MACALG="$3"
+
+ local OUTFILE="pbes2-${KEYALG}-${CERTALG}-${MACALG}.p12"
+
+ openssl3 pkcs12 -export -out "$OUTFILE" -in certificate.pem \
+ -inkey privkey.pem -passout pass:password \
+ -macalg "$MACALG" -keypbe "${KEYALG}-cbc" -certpbe "${CERTALG}-cbc"
+}
+
+
+KEYALGS="aes-128 aes-192 aes-256"
+MACALGS="sha1 sha224 sha256 sha384 sha512"
+
+for keyalg in $KEYALGS; do
+ for certalg in $KEYALGS; do
+ for macalg in $MACALGS; do
+ mkstore "$keyalg" "$certalg" "$macalg"
+ done
+ done
+done
diff --git a/luni/src/test/resources/keystore/pberc2.p12 b/luni/src/test/resources/keystore/pberc2.p12
new file mode 100644
index 0000000..05d3537
--- /dev/null
+++ b/luni/src/test/resources/keystore/pberc2.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha1.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha1.p12
new file mode 100644
index 0000000..faf0fa0
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha1.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha224.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha224.p12
new file mode 100644
index 0000000..6f3a20d
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha224.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha256.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha256.p12
new file mode 100644
index 0000000..b3207e2
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha256.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha384.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha384.p12
new file mode 100644
index 0000000..3cd5906
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha384.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha512.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha512.p12
new file mode 100644
index 0000000..f499da1
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-128-sha512.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha1.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha1.p12
new file mode 100644
index 0000000..d69e3aa
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha1.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha224.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha224.p12
new file mode 100644
index 0000000..67b3380
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha224.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha256.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha256.p12
new file mode 100644
index 0000000..1fc3f54
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha256.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha384.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha384.p12
new file mode 100644
index 0000000..195c0ca
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha384.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha512.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha512.p12
new file mode 100644
index 0000000..4b49cd4
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-192-sha512.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha1.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha1.p12
new file mode 100644
index 0000000..f728c43
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha1.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha224.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha224.p12
new file mode 100644
index 0000000..e2bac979
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha224.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha256.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha256.p12
new file mode 100644
index 0000000..3b86484
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha256.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha384.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha384.p12
new file mode 100644
index 0000000..e08afac
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha384.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha512.p12 b/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha512.p12
new file mode 100644
index 0000000..dfaf763
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-128-aes-256-sha512.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha1.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha1.p12
new file mode 100644
index 0000000..049ac78
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha1.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha224.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha224.p12
new file mode 100644
index 0000000..25f0d26
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha224.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha256.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha256.p12
new file mode 100644
index 0000000..ab96aa6
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha256.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha384.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha384.p12
new file mode 100644
index 0000000..85b5e40
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha384.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha512.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha512.p12
new file mode 100644
index 0000000..81bc86e
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-128-sha512.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha1.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha1.p12
new file mode 100644
index 0000000..df18010
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha1.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha224.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha224.p12
new file mode 100644
index 0000000..c4e3c8f
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha224.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha256.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha256.p12
new file mode 100644
index 0000000..3593764
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha256.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha384.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha384.p12
new file mode 100644
index 0000000..2d97804
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha384.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha512.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha512.p12
new file mode 100644
index 0000000..36ce440
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-192-sha512.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha1.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha1.p12
new file mode 100644
index 0000000..feeb995
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha1.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha224.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha224.p12
new file mode 100644
index 0000000..1ac50be
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha224.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha256.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha256.p12
new file mode 100644
index 0000000..46975cd
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha256.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha384.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha384.p12
new file mode 100644
index 0000000..08a7669
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha384.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha512.p12 b/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha512.p12
new file mode 100644
index 0000000..e557c94
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-192-aes-256-sha512.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha1.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha1.p12
new file mode 100644
index 0000000..3218d65
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha1.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha224.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha224.p12
new file mode 100644
index 0000000..a20a1bc
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha224.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha256.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha256.p12
new file mode 100644
index 0000000..1a3e111
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha256.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha384.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha384.p12
new file mode 100644
index 0000000..ab59494
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha384.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha512.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha512.p12
new file mode 100644
index 0000000..82c3a21
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-128-sha512.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha1.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha1.p12
new file mode 100644
index 0000000..4f0e336
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha1.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha224.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha224.p12
new file mode 100644
index 0000000..fa05903
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha224.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha256.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha256.p12
new file mode 100644
index 0000000..83fb514
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha256.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha384.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha384.p12
new file mode 100644
index 0000000..943b6c2
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha384.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha512.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha512.p12
new file mode 100644
index 0000000..4bb85f5
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-192-sha512.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha1.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha1.p12
new file mode 100644
index 0000000..194c626
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha1.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha224.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha224.p12
new file mode 100644
index 0000000..a5cdbaa
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha224.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha256.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha256.p12
new file mode 100644
index 0000000..0f8c391
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha256.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha384.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha384.p12
new file mode 100644
index 0000000..65f940a
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha384.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha512.p12 b/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha512.p12
new file mode 100644
index 0000000..ac32f8f
--- /dev/null
+++ b/luni/src/test/resources/keystore/pbes2-aes-256-aes-256-sha512.p12
Binary files differ
diff --git a/luni/src/test/resources/keystore/privkey.pem b/luni/src/test/resources/keystore/privkey.pem
new file mode 100644
index 0000000..60dc0f0
--- /dev/null
+++ b/luni/src/test/resources/keystore/privkey.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKFymFD/KEjOXlt2
+krg8+vr3f0k4BS+2FX+++6FTn3IJNLelCgq+LE8dhiWCQSsIEAY3ElpKaEt5FQwT
+fj2GjTqFsadPqbw2mukuT+RoNoekK92oOG0ur48ceSW07CsOcLj5fsiDYQIxks3A
+KyyWrhM9BQAg0sUMvRUHY0j1SL4jAgMBAAECgYEAmrox4kZ3/DbT1YJxIONIgiea
+tLhcuBogxpppnHaBNBBAltQ0KJGT84rPGrmX7T6/5MT48NGo3NRBaJ5x+VMvm2X2
+Z1OCePuc1ZMmgnHzsbQLuzH5aajD1wLwyYCTmQl1cUOH+Qw38axkFMkKfDgveSax
+LW2H7VMrbFYiie3KeSkCQQDOb7hOSQHodxsyo02m00LyrwOu7g/o6RfC4YNLm5js
+rO9egrRBRFB99wTLcB+iSZ+HQvWzch8S6xbl/kWg7TatAkEAyDW2ifbldcD39dhq
+AC8N1VyOugbZcle2zb4bzx7x4rWe+ekFrZvKsomfTevevGIhp4HpLHCNim6z9LQS
+bd/yDwJAMT4jF8GAjARFX5nmvwGr+ZnX5hVxhBx+B4WlvRZbrzE9VC0XdG4oSTPw
+V9riIOMxA6HsXCa/1NJxPuGdmFqdbQJBAIajoJtNX2h+GgLJxBdVjX8D3LP7sTX1
+COl5xKfYTqDAtSWpcHkdAQZqCKjVS5fygmFsuwt4sab75adVheNALD8CQBDzw8HR
+YhwauMYGxvWZmSTmNDVW93ouBFnO+uweVZhqMqztRu2bUkXUbwJJchddOWL2Jx1S
+vguQtWRnq9yfNgQ=
+-----END PRIVATE KEY-----
