diff options
| author | Kenny Root <kroot@google.com> | 2016-10-18 11:38:22 -0700 |
|---|---|---|
| committer | Kenny Root <kroot@google.com> | 2016-11-04 22:28:09 +0000 |
| commit | a86c73bb4b81906c965a55de48e38dd4e44f49e6 (patch) | |
| tree | aaa23ed8cecc97266e7ce81002c9e404de67952b /support | |
| parent | 332b1ef6fed9327bdfd4f3388a5ae62a56fa5bba (diff) | |
SSLSocketTest: TLS client auth with opaque keys
AndroidKeyStore can be used with TLS client auth, but we don't test
anything similar with SSLSocketTest. Add a PrivateKey wrapper that
allows us to closely simulate the conditions which trigger the special
code in Conscrypt to do upcalls to Java to generate signatures with the
client private key.
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Bug: 31714503
Change-Id: I559db546ddd31f8efbe73fc70a91689ed6d7d7e5
Diffstat (limited to 'support')
| -rw-r--r-- | support/src/test/java/libcore/java/security/TestKeyStore.java | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/support/src/test/java/libcore/java/security/TestKeyStore.java b/support/src/test/java/libcore/java/security/TestKeyStore.java index e537268450..ef62a44c17 100644 --- a/support/src/test/java/libcore/java/security/TestKeyStore.java +++ b/support/src/test/java/libcore/java/security/TestKeyStore.java @@ -132,10 +132,13 @@ public final class TestKeyStore extends Assert { private static TestKeyStore ROOT_CA; private static TestKeyStore INTERMEDIATE_CA; private static TestKeyStore INTERMEDIATE_CA_2; + private static TestKeyStore INTERMEDIATE_CA_EC; private static TestKeyStore SERVER; private static TestKeyStore CLIENT; private static TestKeyStore CLIENT_CERTIFICATE; + private static TestKeyStore CLIENT_EC_RSA_CERTIFICATE; + private static TestKeyStore CLIENT_EC_EC_CERTIFICATE; private static TestKeyStore CLIENT_2; @@ -209,6 +212,15 @@ public final class TestKeyStore extends Assert { .ca(true) .certificateSerialNumber(BigInteger.valueOf(1)) .build(); + INTERMEDIATE_CA_EC = new Builder() + .aliasPrefix("IntermediateCA-EC") + .keyAlgorithms("EC") + .subject("CN=Test Intermediate Certificate Authority ECDSA") + .ca(true) + .signer(ROOT_CA.getPrivateKey("RSA", "RSA")) + .rootCa(ROOT_CA.getRootCertificate("RSA")) + .certificateSerialNumber(BigInteger.valueOf(2)) + .build(); INTERMEDIATE_CA = new Builder() .aliasPrefix("IntermediateCA") .subject("CN=Test Intermediate Certificate Authority") @@ -225,6 +237,20 @@ public final class TestKeyStore extends Assert { .certificateSerialNumber(BigInteger.valueOf(3)) .build(); CLIENT = new TestKeyStore(createClient(INTERMEDIATE_CA.keyStore), null, null); + CLIENT_EC_RSA_CERTIFICATE = new Builder() + .aliasPrefix("client-ec") + .keyAlgorithms("EC") + .subject("emailAddress=test-ec@user") + .signer(INTERMEDIATE_CA.getPrivateKey("RSA", "RSA")) + .rootCa(INTERMEDIATE_CA.getRootCertificate("RSA")) + .build(); + CLIENT_EC_EC_CERTIFICATE = new Builder() + .aliasPrefix("client-ec") + .keyAlgorithms("EC") + .subject("emailAddress=test-ec@user") + .signer(INTERMEDIATE_CA_EC.getPrivateKey("EC", "RSA")) + .rootCa(INTERMEDIATE_CA_EC.getRootCertificate("RSA")) + .build(); CLIENT_CERTIFICATE = new Builder() .aliasPrefix("client") .subject("emailAddress=test@user") @@ -297,6 +323,24 @@ public final class TestKeyStore extends Assert { } /** + * Return a client keystore with a matched RSA certificate and + * private key as well as a CA certificate. + */ + public static TestKeyStore getClientEcRsaCertificate() { + initCerts(); + return CLIENT_EC_RSA_CERTIFICATE; + } + + /** + * Return a client keystore with a matched RSA certificate and + * private key as well as a CA certificate. + */ + public static TestKeyStore getClientEcEcCertificate() { + initCerts(); + return CLIENT_EC_EC_CERTIFICATE; + } + + /** * Return a keystore with a second CA certificate that does not * trust the server certificate returned by getServer for negative * testing. |