From b10ba442dddf8ed388c265734974c45ad1f115e8 Mon Sep 17 00:00:00 2001 From: Bo Zhu Date: Sat, 31 Mar 2018 17:13:46 -0700 Subject: [PATCH] Skip the cert xml serial number check if the test root cert is in use Bug: 77165400 Test: runtest frameworks-services -p com.android.server.locksettings.recoverablekeystore Change-Id: I2242b4a97b9efa60a5a5ad7ab79e786951580299 --- .../RecoverableKeyStoreManager.java | 3 +- .../storage/RecoverableKeyStoreDb.java | 8 + .../RecoverableKeyStoreManagerTest.java | 46 +++ .../recoverablekeystore/TestData.java | 290 ++++++++++++++++++ 4 files changed, 346 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java index 105a4cc9f1450..c09d7259e6c2c 100644 --- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java @@ -206,7 +206,8 @@ public class RecoverableKeyStoreManager { // Check serial number long newSerial = certXml.getSerial(); Long oldSerial = mDatabase.getRecoveryServiceCertSerial(userId, uid, rootCertificateAlias); - if (oldSerial != null && oldSerial >= newSerial) { + if (oldSerial != null && oldSerial >= newSerial + && !mTestCertHelper.isTestOnlyCertificateAlias(rootCertificateAlias)) { if (oldSerial == newSerial) { Log.i(TAG, "The cert file serial number is the same, so skip updating."); } else { diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java index 38834ac6c1f55..53c972fb6e85e 100644 --- a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java +++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java @@ -26,6 +26,7 @@ import android.security.keystore.recovery.RecoveryController; import android.text.TextUtils; import android.util.Log; +import com.android.server.locksettings.recoverablekeystore.TestOnlyInsecureCertificateHelper; import com.android.server.locksettings.recoverablekeystore.WrappedKey; import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.KeysEntry; import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.RecoveryServiceMetadataEntry; @@ -62,6 +63,7 @@ public class RecoverableKeyStoreDb { private static final String CERT_PATH_ENCODING = "PkiPath"; private final RecoverableKeyStoreDbHelper mKeyStoreDbHelper; + private final TestOnlyInsecureCertificateHelper mTestOnlyInsecureCertificateHelper; /** * A new instance, storing the database in the user directory of {@code context}. @@ -77,6 +79,7 @@ public class RecoverableKeyStoreDb { private RecoverableKeyStoreDb(RecoverableKeyStoreDbHelper keyStoreDbHelper) { this.mKeyStoreDbHelper = keyStoreDbHelper; + this.mTestOnlyInsecureCertificateHelper = new TestOnlyInsecureCertificateHelper(); } /** @@ -627,6 +630,7 @@ public class RecoverableKeyStoreDb { * @hide */ public long setActiveRootOfTrust(int userId, int uid, @Nullable String rootAlias) { + // TODO: Call getDefaultCertificateAliasIfEmpty() here too? SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase(); ContentValues values = new ContentValues(); values.put(RecoveryServiceMetadataEntry.COLUMN_NAME_ACTIVE_ROOT_OF_TRUST, rootAlias); @@ -988,6 +992,7 @@ public class RecoverableKeyStoreDb { * @hide */ private byte[] getBytes(int userId, int uid, String rootAlias, String key) { + rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias); SQLiteDatabase db = mKeyStoreDbHelper.getReadableDatabase(); String[] projection = { @@ -1046,6 +1051,7 @@ public class RecoverableKeyStoreDb { * @hide */ private long setBytes(int userId, int uid, String rootAlias, String key, byte[] value) { + rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias); SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase(); ContentValues values = new ContentValues(); values.put(key, value); @@ -1072,6 +1078,7 @@ public class RecoverableKeyStoreDb { * @hide */ private Long getLong(int userId, int uid, String rootAlias, String key) { + rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias); SQLiteDatabase db = mKeyStoreDbHelper.getReadableDatabase(); String[] projection = { @@ -1131,6 +1138,7 @@ public class RecoverableKeyStoreDb { */ private long setLong(int userId, int uid, String rootAlias, String key, long value) { + rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias); SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase(); ContentValues values = new ContentValues(); values.put(key, value); diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java index ae01f2808f6ac..f0d799f36707a 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java @@ -424,6 +424,52 @@ public class RecoverableKeyStoreManagerTest { assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse(); } + @Test + public void initRecoveryService_alwaysUpdatesCertsWhenTestRootCertIsUsed() throws Exception { + int uid = Binder.getCallingUid(); + int userId = UserHandle.getCallingUserId(); + int certSerial = 3333; + + String testRootCertAlias = TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS; + + mRecoverableKeyStoreManager.initRecoveryService(testRootCertAlias, + TestData.getInsecureCertXmlBytesWithEndpoint1(certSerial)); + assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid, + testRootCertAlias)).isEqualTo(certSerial); + assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid, + testRootCertAlias)).isEqualTo(TestData.getInsecureCertPathForEndpoint1()); + + mRecoverableKeyStoreManager.initRecoveryService(testRootCertAlias, + TestData.getInsecureCertXmlBytesWithEndpoint2(certSerial - 1)); + assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid, + testRootCertAlias)).isEqualTo(certSerial - 1); + assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid, + testRootCertAlias)).isEqualTo(TestData.getInsecureCertPathForEndpoint2()); + } + + @Test + public void initRecoveryService_updatesCertsIndependentlyForDifferentRoots() throws Exception { + int uid = Binder.getCallingUid(); + int userId = UserHandle.getCallingUserId(); + + mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS, + TestData.getCertXmlWithSerial(1111L)); + mRecoverableKeyStoreManager.initRecoveryService( + TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS, + TestData.getInsecureCertXmlBytesWithEndpoint1(2222)); + + assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid, + ROOT_CERTIFICATE_ALIAS)).isEqualTo(1111L); + assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid, + TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS)).isEqualTo(2222L); + + assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid, + ROOT_CERTIFICATE_ALIAS)).isEqualTo(TestData.CERT_PATH_1); + assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid, + TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS)).isEqualTo( + TestData.getInsecureCertPathForEndpoint1()); + } + @Test public void initRecoveryService_ignoresTheSameSerial() throws Exception { int uid = Binder.getCallingUid(); diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/TestData.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/TestData.java index 9b2c853d6b6fb..64eb49bbb131e 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/TestData.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/TestData.java @@ -1,3 +1,19 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package com.android.server.locksettings.recoverablekeystore; import static com.google.common.truth.Truth.assertThat; @@ -13,6 +29,7 @@ import java.security.PublicKey; import java.security.cert.CertificateFactory; import java.security.cert.CertPath; import java.security.spec.ECPrivateKeySpec; +import java.util.Base64; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; @@ -318,4 +335,277 @@ public final class TestData { keyGenerator.init(/*keySize=*/ 256); return keyGenerator.generateKey(); } + + private static final String INSECURE_CERT_XML_HEADER = "" + + "\n" + + "\n" + + " \n" + + " \n"; + private static final String INSECURE_CERT_XML_BODY = "" + + " \n" + + " \n" + + " 1515697631\n" + + " \n" + + " \n" + + " 2592000\n" + + " \n" + + " \n" + + " \n" + + " 0\n" + + " \n" + + " \n" + + " 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=\n" + + " \n" + + " \n" + + " \n" + + " \n" + + " \n" + + " MIIEQjCCAiqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwLTErMCkGA1UEAwwiVGVz\n" + + " dCBPbmx5IFVuc2VjdXJlIEludGVybWVkaWF0ZSBDQTAeFw0xODAzMjgwNTA1MjNa\n" + + " Fw0yMzAzMDIwNTA1MjNaMDMxMTAvBgNVBAMMKFRlc3QgT25seSBVbnNlY3VyZSBJ\n" + + " bnRlci1JbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + + " AoIBAQDF3CyLIFWaNspHUwEr5hHDr6nmP5Iog73E6G7kBB1Xytt955AagHffmHze\n" + + " WZ/mAWBYHe6kJMsTLTfmb+kZLK8/s58AjUu/byrgPPIL92v7HgIa1148OePYmohX\n" + + " z0uNZQK5sYeb4kT2cyprKSWPBceyCcZDelTYpbleXd2yJSY/37XoiacmR8z6fEds\n" + + " ezqNLBpVApiVsVehizdIioYUCAtZlS2DnShacVGOq/FE/RCOC3wfKVcOV4HqaVBM\n" + + " JwwMOSL6YUIq34fi6VSNAunReeF7tckESUFu0pz52UmRyMhDZ/FCrjE5EIslxomD\n" + + " NJJttZyAmZDUB087SA6vNWhJOwynAgMBAAGjZjBkMB0GA1UdDgQWBBRcOlrOWbGw\n" + + " +UIwB8/P1ZRHsgEyvzAfBgNVHSMEGDAWgBQhLxSvWzSypPWVIcPdbtgiAphaNDAS\n" + + " BgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF\n" + + " AAOCAgEAkI+gomTRa34s3lea8Amg+W9WeyitdVw2MxBF/jYLAELq9pIfgsI8EYRt\n" + + " rUGT05xzrcis+cqdwxDTAQNNcvOxHj3F/VkGiAHvCFapw7quxeq6+aHU9m2nnZ1O\n" + + " Ss9qz7Low32yWhf5jJSQRA5HPO139H+CquVFDYOx1oiny0JsBivBoVkhb35HJmBu\n" + + " dkabfKIVdKAesd0At7KHZM9Voitp4LQsYctsi63EzELNvmFZ/NujVyoLmXz1wmQg\n" + + " avdc2FdWHMD3CdJzDyYmfqvn7FPds8wdWEnBnfZ4A5izwFD2BJjMvMfVs4pPv/8z\n" + + " GFYPkjhgN43Rh8kakJ+QgSbZpoEY0Vb7WbjMNRbdTBUJCk5waAMSNvWK26wcAzok\n" + + " OWZ+j6SHj2cku6sAcDbWLrlaREy6KTLpvhMqsiLzivmfu/FGWCZMb/zX1rllzzGP\n" + + " v6tIF29ewYNOic+RT3E4H9I7YO+mSbEs2szoRl6HRoC24DIcgUxpQ24Z3WriuIdB\n" + + " XwdHXgDGeoD9NsI3Lt7KRoXePDAyzKTnxTUwo+G9au5+ldtLs645ijDKKcX7CmyJ\n" + + " zCnIMeTeU9j88ht5s4Yo50s1WBeQv/Tq+euzprXrdUzFaih4aOFDytuyoZIwAi02\n" + + " dr2Dw+CkExaY755XQtEAV3KNi8+oy9Qy6pkBE50KGD40exzOru8=\n" + + " \n" + + " \n" + + " MIIFNDCCAxygAwIBAgICEAAwDQYJKoZIhvcNAQENBQAwJTEjMCEGA1UEAwwaVGVz\n" + + " dCBPbmx5IFVuc2VjdXJlIFJvb3QgQ0EwHhcNMTgwMzI4MDAzNzE4WhcNMjgwMzI1\n" + + " MDAzNzE4WjAtMSswKQYDVQQDDCJUZXN0IE9ubHkgVW5zZWN1cmUgSW50ZXJtZWRp\n" + + " YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1dwb6jH2QBwA\n" + + " kj6W8lrprOvJRCJQhx/sAAnMqcvFMDIb5cY2PIwWglMENmZvtigzOiE6Je+QxHsh\n" + + " EYYm7D8XU9vRjOUBW7NQW3Lb/tsEX4FUDmsGWbm7pYRoXQheAy1PTyPRNCRBciUd\n" + + " z2mQq7oL03jNGkOIIRKAluo/QzZbXVnVep8nUJRikt3lYxUl8hwiM3Epzqs3+No8\n" + + " HGCwf5ohQYXvYcJF/KxnTUKyFHPDpHSME2IViYnmY8bfzRDBkNlHsAcSSXir3AEe\n" + + " BDI9/uaY7PlwoQwrG1qQ5MKqPM5eLm+uOFVs1kKwSLRLmPk7X4mu56o88CE2InTc\n" + + " zIz5PUcBWW1RvGhAA/FX9fChgXrDC8megGbAzQCE22pxcqR+RUIphXxe2PkhkvUH\n" + + " PI6JM4ijFVGhCum6leMkOeRmwtlAZ8mmTBJbGVdHUSaKVxYy6LcFR8Rt1stjQxTN\n" + + " BJKXfZsI/qvKf9pTkevvMtaUoMwwYAd8rTMhwuAml+uhrf39UtLRS6SAH/POaD6d\n" + + " 8Dnl9KeAGLb6P5pixd+TYDUfj/ZebuzDkuK/BfJbDB+qYiXWbD7EhYtyHFIoc9pF\n" + + " IXmE0sb+n0/WGtBpXipZWInJqnzV0LDRKoFPfhO1YtsUNtSTCtiPSJGouwn4PlCC\n" + + " 2rIm8cnA9Mo1qtBfLRLVcHWWM69c7W0CAwEAAaNmMGQwHQYDVR0OBBYEFCEvFK9b\n" + + " NLKk9ZUhw91u2CICmFo0MB8GA1UdIwQYMBaAFMMnjaWILF12L4fc9P5Ra42u7Ffr\n" + + " MBIGA1UdEwEB/wQIMAYBAf8CAQIwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB\n" + + " DQUAA4ICAQAj08SwC3OWKq3rmDOxdGeODLYwPJl/lfiOdFFQMOhzSKKQ4oBlwRAR\n" + + " F4T32KU95/0QhwjgYB2nFo/frDKwk2j3F7gZvZuc4ekuP6Vc1qSSgv99kqIIrk74\n" + + " UNUK2BmOIqrCunpW7WF99VQgS4FHS0TJbJdsecV7KNznT4l3dac/QOOXeid5HSeE\n" + + " QHGyqMUd0noDS0UjqNfhdbd1sWpsZYjWsIq+gsZ3ADDSTCESwjElHZOMVKz3uyIx\n" + + " 7i4HY1pzWV4Ob0NedLfYvaauAxnQSsktQMk56mGWqLaiBQA3FjNGh5J28oSws93Z\n" + + " e/OBUtUT92vlbVqbqsQCq6GiNgh7RGnsMFqV7+hrJsHjI1SUG5YlgCWIw9sPNdpW\n" + + " q4jR0pOR+WVBW8HY8C7HTOlTOh3K6Isdwx813XeU6xGxLhQuN/zEQolQRSD8wBto\n" + + " 2gmZF9MWTzS3YE68b7LwxR6ByghaLxxN7ULRR2cxoRAuJEbgeFRzaI4xiRqLOoS2\n" + + " dwsPp30sVx6meXqfhYUT9CebexrI31+sbryaTAktExoP4Gsnx1uCjLr8UUsde7Jq\n" + + " Ln0gg4Sv9tHz7GWm0TE5iwMHk59KCKyMFc+x8MHY9Cdhd+p7drrba3X+FC80DRoK\n" + + " uRQ0rcOVWaGNoK3KLAr22axFSgWJX2wrNPMNqRfz9/6/t83HO/5xiw==\n" + + " \n" + + " \n" + + " \n"; + private static final String INSECURE_CERT_XML_ENDPOINT1_CERT = "" + + " \n" + + " MIIDlDCCAXygAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwLTErMCkGA1UEAwwiVGVz\n" + + " dCBPbmx5IFVuc2VjdXJlIEludGVybWVkaWF0ZSBDQTAeFw0xODAzMjgwNTIzMTZa\n" + + " Fw0yMjA1MDYwNTIzMTZaMCgxJjAkBgNVBAMMHVRlc3QgT25seSBVbnNlY3VyZSBF\n" + + " bmRwb2ludCAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEt0uibX2wsl5S0gPl\n" + + " mR8JNEa9oXYyV8RniS57AG1ZBEpqBi/cBtkLctiJ6RUPYxRSR7xkfGu90TEFapjc\n" + + " cELxYaOBjTCBijAJBgNVHRMEAjAAMB0GA1UdDgQWBBTE4A58EAivi5Lf/fgO4tjh\n" + + " NgVFJjBOBgNVHSMERzBFgBQhLxSvWzSypPWVIcPdbtgiAphaNKEppCcwJTEjMCEG\n" + + " A1UEAwwaVGVzdCBPbmx5IFVuc2VjdXJlIFJvb3QgQ0GCAhAAMA4GA1UdDwEB/wQE\n" + + " AwIDCDANBgkqhkiG9w0BAQsFAAOCAgEAOCwjSvJ/6+gjTEgX3uFV3OiGb5C1UIlR\n" + + " StZq9h+65m5Rj4rAM/1RYkjYrIy25VZyGk85cJhcv+ZIFKz4gKwgTxhDUjtOtNFS\n" + + " rsY50IFwXOwFC+NaP/Z9d75Om5FSbbmXCnoMpb8ErtNvUaJs7CezOg0m19JD3/eq\n" + + " 9DsroSDY9+3HQluURv92YlfsIhZaByTgQU5X2e56RKR2pcij+AoQGTzmAHou1k3+\n" + + " aNkdvZz8YRS7UoVPMyrii1rNFYaYOBYwZHzP/zM8CLGZ3O6nC0Rq+5f6Twi5tiIR\n" + + " WNz5gWawOdvPicVfv66EfEBQRfu45HsOLqnPjnAwbLVLUOn2mw/PH+jffgswD8Jl\n" + + " AKHIhuS6zE7+ArXz0/Uz88wYSJMj2TU2g9S+KxHCElltf2gLX3aak6lNeOnfbVP3\n" + + " Ld+S9t43Vu058Ao7a4htNbT9/kTvaB2gWqL2GIXAtZ/lEcgmOedVIX0AEv5doB9Z\n" + + " Ygue5SlJy/uXKcYmSaY5BrjiDBSiXi0tM1fxJHyVTtzfawv6SFszFEqBRFRRZdqL\n" + + " aWrNV3jplyOa/8D8HU7e6PGJsnjLKM8yA1zgSfDnNUj0Z3Ovj+AlMiFMU/Schdjb\n" + + " YD0cjgViI/4bkUgF4YDzOT1xOxIc1C4pi+PvlKbGYXFluLUEf0qoBe9ZEJN5Cwv6\n" + + " puOfIKtVqtA=\n" + + " \n"; + private static final String INSECURE_CERT_XML_ENDPOINT2_CERT = "" + + " \n" + + " MIICojCCAYqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAwwoVGVz\n" + + " dCBPbmx5IFVuc2VjdXJlIEludGVyLUludGVybWVkaWF0ZSBDQTAeFw0xODAzMjgw\n" + + " NTI0NDJaFw0yMjA1MDYwNTI0NDJaMCgxJjAkBgNVBAMMHVRlc3QgT25seSBVbnNl\n" + + " Y3VyZSBFbmRwb2ludCAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJFCmWFoj\n" + + " Y2neIsYdpWo/eeA2g+EsQayB7gYkt00eAS7bM+1bas0OqYUPeW4iHYF67jEbNg4b\n" + + " lzLWa76fzt/8AKOBlTCBkjAJBgNVHRMEAjAAMB0GA1UdDgQWBBS19DdRW13M4VHr\n" + + " UUagViNg9AxyujBWBgNVHSMETzBNgBRcOlrOWbGw+UIwB8/P1ZRHsgEyv6ExpC8w\n" + + " LTErMCkGA1UEAwwiVGVzdCBPbmx5IFVuc2VjdXJlIEludGVybWVkaWF0ZSBDQYIC\n" + + " EAAwDgYDVR0PAQH/BAQDAgMIMA0GCSqGSIb3DQEBCwUAA4IBAQB+0cAYzhkxfn5d\n" + + " XoyF6q0pxTNAREsJ6WtHa2wvtx4UnFIT9nxy3TuliGs2x6lR7knJxGmXC6XMYMwG\n" + + " suafjEhF3svAscGXXh7pwNZb3Q99/HFuxyCPKAOCwsoaZEm/xeuzvZqBVnVtNTVo\n" + + " PbqkTjsaYZNPd3X/hqLafHKA5Aq19vQQ9O9VgwSu9asDr2uv7A8xJY9629wMYRny\n" + + " FYWveJG124TEL2xGqdXkOG9lE5BJlC1D4lrqDwF6FQL2A8IRL3cQ5BRg+lFAR4PU\n" + + " IT7UgpPK4f4CnKcgpKPn5TXH44TdRlhNPMRyT9MnFOb5K/gV8K+nB2YMAxOMRld+\n" + + " 4VH7v7k6\n" + + " \n"; + private static final String INSECURE_CERT_XML_FOOTER = "" + + " \n" + + "\n"; + + private static final String INSECURE_CERT_PATH_FOR_ENDPOINT1_BASE64 = "" + + "MIII0DCCBTQwggMcoAMCAQICAhAAMA0GCSqGSIb3DQEBDQUAMCUxIzAhBgNVBAMM" + + "GlRlc3QgT25seSBVbnNlY3VyZSBSb290IENBMB4XDTE4MDMyODAwMzcxOFoXDTI4" + + "MDMyNTAwMzcxOFowLTErMCkGA1UEAwwiVGVzdCBPbmx5IFVuc2VjdXJlIEludGVy" + + "bWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANXcG+ox" + + "9kAcAJI+lvJa6azryUQiUIcf7AAJzKnLxTAyG+XGNjyMFoJTBDZmb7YoMzohOiXv" + + "kMR7IRGGJuw/F1Pb0YzlAVuzUFty2/7bBF+BVA5rBlm5u6WEaF0IXgMtT08j0TQk" + + "QXIlHc9pkKu6C9N4zRpDiCESgJbqP0M2W11Z1XqfJ1CUYpLd5WMVJfIcIjNxKc6r" + + "N/jaPBxgsH+aIUGF72HCRfysZ01CshRzw6R0jBNiFYmJ5mPG380QwZDZR7AHEkl4" + + "q9wBHgQyPf7mmOz5cKEMKxtakOTCqjzOXi5vrjhVbNZCsEi0S5j5O1+JrueqPPAh" + + "NiJ03MyM+T1HAVltUbxoQAPxV/XwoYF6wwvJnoBmwM0AhNtqcXKkfkVCKYV8Xtj5" + + "IZL1BzyOiTOIoxVRoQrpupXjJDnkZsLZQGfJpkwSWxlXR1EmilcWMui3BUfEbdbL" + + "Y0MUzQSSl32bCP6ryn/aU5Hr7zLWlKDMMGAHfK0zIcLgJpfroa39/VLS0UukgB/z" + + "zmg+nfA55fSngBi2+j+aYsXfk2A1H4/2Xm7sw5LivwXyWwwfqmIl1mw+xIWLchxS" + + "KHPaRSF5hNLG/p9P1hrQaV4qWViJyap81dCw0SqBT34TtWLbFDbUkwrYj0iRqLsJ" + + "+D5QgtqyJvHJwPTKNarQXy0S1XB1ljOvXO1tAgMBAAGjZjBkMB0GA1UdDgQWBBQh" + + "LxSvWzSypPWVIcPdbtgiAphaNDAfBgNVHSMEGDAWgBTDJ42liCxddi+H3PT+UWuN" + + "ruxX6zASBgNVHRMBAf8ECDAGAQH/AgECMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG" + + "9w0BAQ0FAAOCAgEAI9PEsAtzliqt65gzsXRnjgy2MDyZf5X4jnRRUDDoc0iikOKA" + + "ZcEQEReE99ilPef9EIcI4GAdpxaP36wysJNo9xe4Gb2bnOHpLj+lXNakkoL/fZKi" + + "CK5O+FDVCtgZjiKqwrp6Vu1hffVUIEuBR0tEyWyXbHnFeyjc50+Jd3WnP0Djl3on" + + "eR0nhEBxsqjFHdJ6A0tFI6jX4XW3dbFqbGWI1rCKvoLGdwAw0kwhEsIxJR2TjFSs" + + "97siMe4uB2Nac1leDm9DXnS32L2mrgMZ0ErJLUDJOephlqi2ogUANxYzRoeSdvKE" + + "sLPd2XvzgVLVE/dr5W1am6rEAquhojYIe0Rp7DBale/oaybB4yNUlBuWJYAliMPb" + + "DzXaVquI0dKTkfllQVvB2PAux0zpUzodyuiLHcMfNd13lOsRsS4ULjf8xEKJUEUg" + + "/MAbaNoJmRfTFk80t2BOvG+y8MUegcoIWi8cTe1C0UdnMaEQLiRG4HhUc2iOMYka" + + "izqEtncLD6d9LFcepnl6n4WFE/Qnm3sayN9frG68mkwJLRMaD+BrJ8dbgoy6/FFL" + + "HXuyai59IIOEr/bR8+xlptExOYsDB5OfSgisjBXPsfDB2PQnYXfqe3a622t1/hQv" + + "NA0aCrkUNK3DlVmhjaCtyiwK9tmsRUoFiV9sKzTzDakX8/f+v7fNxzv+cYswggOU" + + "MIIBfKADAgECAgIQAjANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJUZXN0IE9u" + + "bHkgVW5zZWN1cmUgSW50ZXJtZWRpYXRlIENBMB4XDTE4MDMyODA1MjMxNloXDTIy" + + "MDUwNjA1MjMxNlowKDEmMCQGA1UEAwwdVGVzdCBPbmx5IFVuc2VjdXJlIEVuZHBv" + + "aW50IDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS3S6JtfbCyXlLSA+WZHwk0" + + "Rr2hdjJXxGeJLnsAbVkESmoGL9wG2Qty2InpFQ9jFFJHvGR8a73RMQVqmNxwQvFh" + + "o4GNMIGKMAkGA1UdEwQCMAAwHQYDVR0OBBYEFMTgDnwQCK+Lkt/9+A7i2OE2BUUm" + + "ME4GA1UdIwRHMEWAFCEvFK9bNLKk9ZUhw91u2CICmFo0oSmkJzAlMSMwIQYDVQQD" + + "DBpUZXN0IE9ubHkgVW5zZWN1cmUgUm9vdCBDQYICEAAwDgYDVR0PAQH/BAQDAgMI" + + "MA0GCSqGSIb3DQEBCwUAA4ICAQA4LCNK8n/r6CNMSBfe4VXc6IZvkLVQiVFK1mr2" + + "H7rmblGPisAz/VFiSNisjLblVnIaTzlwmFy/5kgUrPiArCBPGENSO0600VKuxjnQ" + + "gXBc7AUL41o/9n13vk6bkVJtuZcKegylvwSu029RomzsJ7M6DSbX0kPf96r0Oyuh" + + "INj37cdCW5RG/3ZiV+wiFloHJOBBTlfZ7npEpHalyKP4ChAZPOYAei7WTf5o2R29" + + "nPxhFLtShU8zKuKLWs0Vhpg4FjBkfM//MzwIsZnc7qcLRGr7l/pPCLm2IhFY3PmB" + + "ZrA528+JxV+/roR8QFBF+7jkew4uqc+OcDBstUtQ6fabD88f6N9+CzAPwmUAociG" + + "5LrMTv4CtfPT9TPzzBhIkyPZNTaD1L4rEcISWW1/aAtfdpqTqU146d9tU/ct35L2" + + "3jdW7TnwCjtriG01tP3+RO9oHaBaovYYhcC1n+URyCY551UhfQAS/l2gH1liC57l" + + "KUnL+5cpxiZJpjkGuOIMFKJeLS0zV/EkfJVO3N9rC/pIWzMUSoFEVFFl2otpas1X" + + "eOmXI5r/wPwdTt7o8YmyeMsozzIDXOBJ8Oc1SPRnc6+P4CUyIUxT9JyF2NtgPRyO" + + "BWIj/huRSAXhgPM5PXE7EhzULimL4++UpsZhcWW4tQR/SqgF71kQk3kLC/qm458g" + + "q1Wq0A=="; + private static final String INSECURE_CERT_PATH_FOR_ENDPOINT2_BASE64 = "" + + "MIIMJDCCBTQwggMcoAMCAQICAhAAMA0GCSqGSIb3DQEBDQUAMCUxIzAhBgNVBAMM" + + "GlRlc3QgT25seSBVbnNlY3VyZSBSb290IENBMB4XDTE4MDMyODAwMzcxOFoXDTI4" + + "MDMyNTAwMzcxOFowLTErMCkGA1UEAwwiVGVzdCBPbmx5IFVuc2VjdXJlIEludGVy" + + "bWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANXcG+ox" + + "9kAcAJI+lvJa6azryUQiUIcf7AAJzKnLxTAyG+XGNjyMFoJTBDZmb7YoMzohOiXv" + + "kMR7IRGGJuw/F1Pb0YzlAVuzUFty2/7bBF+BVA5rBlm5u6WEaF0IXgMtT08j0TQk" + + "QXIlHc9pkKu6C9N4zRpDiCESgJbqP0M2W11Z1XqfJ1CUYpLd5WMVJfIcIjNxKc6r" + + "N/jaPBxgsH+aIUGF72HCRfysZ01CshRzw6R0jBNiFYmJ5mPG380QwZDZR7AHEkl4" + + "q9wBHgQyPf7mmOz5cKEMKxtakOTCqjzOXi5vrjhVbNZCsEi0S5j5O1+JrueqPPAh" + + "NiJ03MyM+T1HAVltUbxoQAPxV/XwoYF6wwvJnoBmwM0AhNtqcXKkfkVCKYV8Xtj5" + + "IZL1BzyOiTOIoxVRoQrpupXjJDnkZsLZQGfJpkwSWxlXR1EmilcWMui3BUfEbdbL" + + "Y0MUzQSSl32bCP6ryn/aU5Hr7zLWlKDMMGAHfK0zIcLgJpfroa39/VLS0UukgB/z" + + "zmg+nfA55fSngBi2+j+aYsXfk2A1H4/2Xm7sw5LivwXyWwwfqmIl1mw+xIWLchxS" + + "KHPaRSF5hNLG/p9P1hrQaV4qWViJyap81dCw0SqBT34TtWLbFDbUkwrYj0iRqLsJ" + + "+D5QgtqyJvHJwPTKNarQXy0S1XB1ljOvXO1tAgMBAAGjZjBkMB0GA1UdDgQWBBQh" + + "LxSvWzSypPWVIcPdbtgiAphaNDAfBgNVHSMEGDAWgBTDJ42liCxddi+H3PT+UWuN" + + "ruxX6zASBgNVHRMBAf8ECDAGAQH/AgECMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG" + + "9w0BAQ0FAAOCAgEAI9PEsAtzliqt65gzsXRnjgy2MDyZf5X4jnRRUDDoc0iikOKA" + + "ZcEQEReE99ilPef9EIcI4GAdpxaP36wysJNo9xe4Gb2bnOHpLj+lXNakkoL/fZKi" + + "CK5O+FDVCtgZjiKqwrp6Vu1hffVUIEuBR0tEyWyXbHnFeyjc50+Jd3WnP0Djl3on" + + "eR0nhEBxsqjFHdJ6A0tFI6jX4XW3dbFqbGWI1rCKvoLGdwAw0kwhEsIxJR2TjFSs" + + "97siMe4uB2Nac1leDm9DXnS32L2mrgMZ0ErJLUDJOephlqi2ogUANxYzRoeSdvKE" + + "sLPd2XvzgVLVE/dr5W1am6rEAquhojYIe0Rp7DBale/oaybB4yNUlBuWJYAliMPb" + + "DzXaVquI0dKTkfllQVvB2PAux0zpUzodyuiLHcMfNd13lOsRsS4ULjf8xEKJUEUg" + + "/MAbaNoJmRfTFk80t2BOvG+y8MUegcoIWi8cTe1C0UdnMaEQLiRG4HhUc2iOMYka" + + "izqEtncLD6d9LFcepnl6n4WFE/Qnm3sayN9frG68mkwJLRMaD+BrJ8dbgoy6/FFL" + + "HXuyai59IIOEr/bR8+xlptExOYsDB5OfSgisjBXPsfDB2PQnYXfqe3a622t1/hQv" + + "NA0aCrkUNK3DlVmhjaCtyiwK9tmsRUoFiV9sKzTzDakX8/f+v7fNxzv+cYswggRC" + + "MIICKqADAgECAgIQADANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDDCJUZXN0IE9u" + + "bHkgVW5zZWN1cmUgSW50ZXJtZWRpYXRlIENBMB4XDTE4MDMyODA1MDUyM1oXDTIz" + + "MDMwMjA1MDUyM1owMzExMC8GA1UEAwwoVGVzdCBPbmx5IFVuc2VjdXJlIEludGVy" + + "LUludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB" + + "AMXcLIsgVZo2ykdTASvmEcOvqeY/kiiDvcTobuQEHVfK233nkBqAd9+YfN5Zn+YB" + + "YFgd7qQkyxMtN+Zv6Rksrz+znwCNS79vKuA88gv3a/seAhrXXjw549iaiFfPS41l" + + "Armxh5viRPZzKmspJY8Fx7IJxkN6VNiluV5d3bIlJj/fteiJpyZHzPp8R2x7Oo0s" + + "GlUCmJWxV6GLN0iKhhQIC1mVLYOdKFpxUY6r8UT9EI4LfB8pVw5XgeppUEwnDAw5" + + "IvphQirfh+LpVI0C6dF54Xu1yQRJQW7SnPnZSZHIyENn8UKuMTkQiyXGiYM0km21" + + "nICZkNQHTztIDq81aEk7DKcCAwEAAaNmMGQwHQYDVR0OBBYEFFw6Ws5ZsbD5QjAH" + + "z8/VlEeyATK/MB8GA1UdIwQYMBaAFCEvFK9bNLKk9ZUhw91u2CICmFo0MBIGA1Ud" + + "EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC" + + "AQCQj6CiZNFrfizeV5rwCaD5b1Z7KK11XDYzEEX+NgsAQur2kh+CwjwRhG2tQZPT" + + "nHOtyKz5yp3DENMBA01y87EePcX9WQaIAe8IVqnDuq7F6rr5odT2baednU5Kz2rP" + + "sujDfbJaF/mMlJBEDkc87Xf0f4Kq5UUNg7HWiKfLQmwGK8GhWSFvfkcmYG52Rpt8" + + "ohV0oB6x3QC3sodkz1WiK2ngtCxhy2yLrcTMQs2+YVn826NXKguZfPXCZCBq91zY" + + "V1YcwPcJ0nMPJiZ+q+fsU92zzB1YScGd9ngDmLPAUPYEmMy8x9Wzik+//zMYVg+S" + + "OGA3jdGHyRqQn5CBJtmmgRjRVvtZuMw1Ft1MFQkKTnBoAxI29YrbrBwDOiQ5Zn6P" + + "pIePZyS7qwBwNtYuuVpETLopMum+EyqyIvOK+Z+78UZYJkxv/NfWuWXPMY+/q0gX" + + "b17Bg06Jz5FPcTgf0jtg76ZJsSzazOhGXodGgLbgMhyBTGlDbhndauK4h0FfB0de" + + "AMZ6gP02wjcu3spGhd48MDLMpOfFNTCj4b1q7n6V20uzrjmKMMopxfsKbInMKcgx" + + "5N5T2PzyG3mzhijnSzVYF5C/9Or567Omtet1TMVqKHho4UPK27KhkjACLTZ2vYPD" + + "4KQTFpjvnldC0QBXco2Lz6jL1DLqmQETnQoYPjR7HM6u7zCCAqIwggGKoAMCAQIC" + + "AhAAMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMMKFRlc3QgT25seSBVbnNlY3Vy" + + "ZSBJbnRlci1JbnRlcm1lZGlhdGUgQ0EwHhcNMTgwMzI4MDUyNDQyWhcNMjIwNTA2" + + "MDUyNDQyWjAoMSYwJAYDVQQDDB1UZXN0IE9ubHkgVW5zZWN1cmUgRW5kcG9pbnQg" + + "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCRQplhaI2Np3iLGHaVqP3ngNoPh" + + "LEGsge4GJLdNHgEu2zPtW2rNDqmFD3luIh2Beu4xGzYOG5cy1mu+n87f/ACjgZUw" + + "gZIwCQYDVR0TBAIwADAdBgNVHQ4EFgQUtfQ3UVtdzOFR61FGoFYjYPQMcrowVgYD" + + "VR0jBE8wTYAUXDpazlmxsPlCMAfPz9WUR7IBMr+hMaQvMC0xKzApBgNVBAMMIlRl" + + "c3QgT25seSBVbnNlY3VyZSBJbnRlcm1lZGlhdGUgQ0GCAhAAMA4GA1UdDwEB/wQE" + + "AwIDCDANBgkqhkiG9w0BAQsFAAOCAQEAftHAGM4ZMX5+XV6MheqtKcUzQERLCelr" + + "R2tsL7ceFJxSE/Z8ct07pYhrNsepUe5JycRplwulzGDMBrLmn4xIRd7LwLHBl14e" + + "6cDWW90PffxxbscgjygDgsLKGmRJv8Xrs72agVZ1bTU1aD26pE47GmGTT3d1/4ai" + + "2nxygOQKtfb0EPTvVYMErvWrA69rr+wPMSWPetvcDGEZ8hWFr3iRtduExC9sRqnV" + + "5DhvZROQSZQtQ+Ja6g8BehUC9gPCES93EOQUYPpRQEeD1CE+1IKTyuH+ApynIKSj" + + "5+U1x+OE3UZYTTzEck/TJxTm+Sv4FfCvpwdmDAMTjEZXfuFR+7+5Og=="; + + public static byte[] getInsecureCertXmlBytesWithEndpoint1(int serial) { + String str = INSECURE_CERT_XML_HEADER; + str += serial; + str += INSECURE_CERT_XML_BODY; + str += INSECURE_CERT_XML_ENDPOINT1_CERT; + str += INSECURE_CERT_XML_FOOTER; + return str.getBytes(StandardCharsets.UTF_8); + } + + public static byte[] getInsecureCertXmlBytesWithEndpoint2(int serial) { + String str = INSECURE_CERT_XML_HEADER; + str += serial; + str += INSECURE_CERT_XML_BODY; + str += INSECURE_CERT_XML_ENDPOINT2_CERT; + str += INSECURE_CERT_XML_FOOTER; + return str.getBytes(StandardCharsets.UTF_8); + } + + public static CertPath getInsecureCertPathForEndpoint1() throws Exception { + return decodeCertPath(INSECURE_CERT_PATH_FOR_ENDPOINT1_BASE64); + } + + public static CertPath getInsecureCertPathForEndpoint2() throws Exception { + return decodeCertPath(INSECURE_CERT_PATH_FOR_ENDPOINT2_BASE64); + } + + private static CertPath decodeCertPath(String base64CertPath) throws Exception { + byte[] certPathBytes = Base64.getDecoder().decode(base64CertPath); + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + return certFactory.generateCertPath(new ByteArrayInputStream(certPathBytes), "PkiPath"); + } }