Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b2c0ff64 authored by Kenny Root's avatar Kenny Root
Browse files

Remove old KeyStore call sites 

Remove the call sites that don't have the flags specified. This is to
ensure that callers know what flags they're setting.

Bug: 8122243
Change-Id: Ifbd178fddbf8dbd8f7b821ea739a20d056ef9fa7
parent 8692685a

keystore/tests/src/android/security/AndroidKeyStoreTest.java

+105 −60
Original line number Diff line number Diff line
@@ -504,11 +504,13 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 


        assertAliases(new String[] {});



        assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1));

        assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertAliases(new String[] { TEST_ALIAS_1 });



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 });

    }
@@ -530,11 +532,13 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 


        assertAliases(new String[] {});



        assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1));

        assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertTrue("Should contain generated private key", mKeyStore.containsAlias(TEST_ALIAS_1));



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2));
@@ -547,7 +551,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 


        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2));

    }
@@ -567,15 +572,19 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 


        // TEST_ALIAS_1

        assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                FAKE_KEY_1));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

                FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        // TEST_ALIAS_2

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        // TEST_ALIAS_3

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_3, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_3, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 });
@@ -608,9 +617,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 


        // TEST_ALIAS_1

        assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                FAKE_KEY_1));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

                FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        // Should not throw when a non-existent entry is requested for delete.

        mKeyStore.deleteEntry(TEST_ALIAS_2);
@@ -621,7 +632,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 


        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertAliases(new String[] { TEST_ALIAS_1 });
@@ -652,7 +664,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 


        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        CertificateFactory f = CertificateFactory.getInstance("X.509");

        Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
@@ -668,9 +681,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                FAKE_KEY_1));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

                FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        CertificateFactory f = CertificateFactory.getInstance("X.509");

        Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
@@ -686,13 +701,16 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        mKeyStore.load(null, null);



        // Insert TrustedCertificateEntry with CA name

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        // Insert PrivateKeyEntry that uses the same CA

        assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                FAKE_KEY_1));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

                FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        CertificateFactory f = CertificateFactory.getInstance("X.509");

        Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1));
@@ -719,7 +737,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 


        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        CertificateFactory f = CertificateFactory.getInstance("X.509");

        Certificate userCert = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1));
@@ -734,9 +753,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                FAKE_KEY_1));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

                FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        CertificateFactory cf = CertificateFactory.getInstance("X.509");

        Certificate[] expected = new Certificate[2];
@@ -771,9 +792,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                FAKE_KEY_1));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

                FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        Date now = new Date();

        Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1);
@@ -810,7 +833,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 


        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        Date now = new Date();

        Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1);
@@ -829,9 +853,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                FAKE_KEY_1));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

                FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null);

        assertNotNull("Entry should exist", entry);
@@ -930,9 +956,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                FAKE_KEY_1));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

                FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        Key key = mKeyStore.getKey(TEST_ALIAS_1, null);

        assertNotNull("Key should exist", key);
@@ -977,7 +1005,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 


        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertNull("Certificate entries should return null", mKeyStore.getKey(TEST_ALIAS_1, null));

    }
@@ -1006,7 +1035,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        setupPassword();

        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertTrue("Should return true for CA certificate",

                mKeyStore.isCertificateEntry(TEST_ALIAS_1));
@@ -1017,9 +1047,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                FAKE_KEY_1));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

                FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertFalse("Should return false for PrivateKeyEntry",

                mKeyStore.isCertificateEntry(TEST_ALIAS_1));
@@ -1045,9 +1077,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                FAKE_KEY_1));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

                FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertTrue("Should return true for PrivateKeyEntry", mKeyStore.isKeyEntry(TEST_ALIAS_1));

    }
@@ -1056,7 +1090,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        setupPassword();

        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertFalse("Should return false for CA certificate", mKeyStore.isKeyEntry(TEST_ALIAS_1));

    }
@@ -1089,7 +1124,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        setupPassword();

        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertAliases(new String[] { TEST_ALIAS_1 });
@@ -1107,9 +1143,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                FAKE_KEY_1));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

                FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertAliases(new String[] { TEST_ALIAS_1 });
@@ -1596,7 +1634,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        // Create key #1

        {

            final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1;

            assertTrue(mAndroidKeyStore.generate(privateKeyAlias));

            assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF,

                    KeyStore.FLAG_ENCRYPTED));



            Key key = mKeyStore.getKey(TEST_ALIAS_1, null);
@@ -1608,7 +1647,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
                    TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS);



            assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1,

                    expectedCert.getEncoded()));

                    expectedCert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



            Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null);
@@ -1651,25 +1690,27 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        // Create key #1

        {

            final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1;

            assertTrue(mAndroidKeyStore.generate(privateKeyAlias));

            assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF,

                    KeyStore.FLAG_ENCRYPTED));



            X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1,

                    TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS);



            assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1,

                    cert.getEncoded()));

                    cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        }



        // Create key #2

        {

            final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_2;

            assertTrue(mAndroidKeyStore.generate(privateKeyAlias));

            assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF,

                    KeyStore.FLAG_ENCRYPTED));



            X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2,

                    TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS);



            assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_2,

                    cert.getEncoded()));

                    cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

        }



        // Replace key #1 with key #2
@@ -1731,17 +1772,20 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        setupPassword();

        mKeyStore.load(null, null);



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertEquals("The keystore size should match expected", 1, mKeyStore.size());

        assertAliases(new String[] { TEST_ALIAS_1 });



        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1));

        assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertEquals("The keystore size should match expected", 2, mKeyStore.size());

        assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 });



        assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3));

        assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3,

                KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        assertEquals("The keystore size should match expected", 3, mKeyStore.size());

        assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 });
@@ -1807,13 +1851,14 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 


    private void setupKey() throws Exception {

        final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1;

        assertTrue(mAndroidKeyStore.generate(privateKeyAlias));

        assertTrue(mAndroidKeyStore

                .generate(privateKeyAlias, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));



        X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1,

                TEST_DN_1, NOW, NOW_PLUS_10_YEARS);



        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1,

                cert.getEncoded()));

                cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));

    }



    public void testKeyStore_KeyOperations_Wrap_Encrypted_Success() throws Exception {

keystore/tests/src/android/security/KeyStoreTest.java

+70 −53

File changed.

Preview size limit exceeded, changes collapsed.

wifi/java/android/net/wifi/WifiEnterpriseConfig.java

+5 −9
Original line number Diff line number Diff line
@@ -19,17 +19,12 @@ import android.os.Parcel; 
import android.os.Parcelable;

import android.os.Process;

import android.security.Credentials;

import android.security.KeyStore;

import android.text.TextUtils;



import com.android.org.bouncycastle.asn1.ASN1InputStream;

import com.android.org.bouncycastle.asn1.ASN1Sequence;

import com.android.org.bouncycastle.asn1.DEROctetString;

import com.android.org.bouncycastle.asn1.x509.BasicConstraints;



import java.io.ByteArrayInputStream;

import java.io.IOException;

import java.security.KeyFactory;

import java.security.KeyStore;

import java.security.NoSuchAlgorithmException;

import java.security.PrivateKey;

import java.security.cert.Certificate;
@@ -481,7 +476,8 @@ public class WifiEnterpriseConfig implements Parcelable { 
        String caCertName = Credentials.CA_CERTIFICATE + name;

        if (mClientCertificate != null) {

            byte[] privKeyData = mClientPrivateKey.getEncoded();

            ret = keyStore.importKey(privKeyName, privKeyData, Process.WIFI_UID);

            ret = keyStore.importKey(privKeyName, privKeyData, Process.WIFI_UID,

                            KeyStore.FLAG_ENCRYPTED);

            if (ret == false) {

                return ret;

            }
@@ -525,7 +521,7 @@ public class WifiEnterpriseConfig implements Parcelable { 
            Certificate cert) {

        try {

            byte[] certData = Credentials.convertToPem(cert);

            return keyStore.put(name, certData, Process.WIFI_UID);

            return keyStore.put(name, certData, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED);

        } catch (IOException e1) {

            return false;

        } catch (CertificateException e2) {
@@ -533,7 +529,7 @@ public class WifiEnterpriseConfig implements Parcelable { 
        }

    }



    void removeKeys(android.security.KeyStore keyStore) {

    void removeKeys(KeyStore keyStore) {

        String client = getFieldValue(CLIENT_CERT_KEY, CLIENT_CERT_PREFIX);

        // a valid client certificate is configured

        if (!TextUtils.isEmpty(client)) {