| /* |
| * Copyright (C) 2016 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package com.android.cts.deviceadmin; |
| |
| import android.app.admin.DevicePolicyManager; |
| import android.test.MoreAsserts; |
| |
| /** |
| * Tests that: |
| * - need to be run as device admin (as opposed to device owner) and |
| * - require resetting the password at the end. |
| * |
| * Note: when adding a new method, make sure to add a corresponding method in |
| * BaseDeviceAdminHostSideTest. |
| */ |
| public class DeviceAdminPasswordTest extends BaseDeviceAdminTest { |
| |
| @Override |
| protected void setUp() throws Exception { |
| super.setUp(); |
| |
| assertNotDeviceOwner(); |
| } |
| |
| private void checkSetPassword_nycRestrictions_success() { |
| assertTrue(dpm.resetPassword("1234", /* flags= */ 0)); |
| } |
| |
| private void checkSetPassword_nycRestrictions_failure() { |
| try { |
| assertFalse(dpm.resetPassword("1234", /* flags= */ 0)); |
| if (shouldResetPasswordThrow()) { |
| fail("Didn't throw"); |
| } |
| } catch (SecurityException e) { |
| if (!shouldResetPasswordThrow()) { |
| fail("Shouldn't throw"); |
| } |
| MoreAsserts.assertContainsRegex("Cannot change current password", e.getMessage()); |
| } |
| } |
| |
| private void checkClearPassword_nycRestrictions_failure() { |
| try { |
| assertFalse(dpm.resetPassword("", /* flags= */ 0)); |
| if (shouldResetPasswordThrow()) { |
| fail("Didn't throw"); |
| } |
| } catch (SecurityException e) { |
| if (!shouldResetPasswordThrow()) { |
| fail("Shouldn't throw"); |
| } |
| MoreAsserts.assertContainsRegex("Cannot call with null password", e.getMessage()); |
| } |
| } |
| |
| private boolean waitUntilPasswordState(boolean expected) throws InterruptedException { |
| final int currentQuality = dpm.getPasswordQuality(mAdminComponent); |
| dpm.setPasswordQuality(mAdminComponent, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING); |
| |
| int numTries = 5; |
| boolean result = dpm.isActivePasswordSufficient(); |
| while ((numTries > 0) && (result != expected)) { |
| numTries = numTries - 1; |
| Thread.sleep(100); |
| result = dpm.isActivePasswordSufficient(); |
| } |
| |
| dpm.setPasswordQuality(mAdminComponent, currentQuality); |
| return expected == result; |
| } |
| |
| private void assertHasPassword() throws InterruptedException { |
| assertTrue("No password set", waitUntilPasswordState(true)); |
| } |
| |
| private void assertNoPassword() throws InterruptedException { |
| assertTrue("Password is set", waitUntilPasswordState(false)); |
| } |
| |
| /** |
| * Tests for the new restrictions on {@link DevicePolicyManager#resetPassword} introduced |
| * on NYC. |
| */ |
| public void testResetPassword_nycRestrictions() throws Exception { |
| |
| assertNoPassword(); |
| |
| // Can't clear the password, even if there's no password set currently. |
| checkClearPassword_nycRestrictions_failure(); |
| |
| assertNoPassword(); |
| |
| // No password -> setting one is okay. |
| checkSetPassword_nycRestrictions_success(); |
| |
| assertHasPassword(); |
| |
| // But once set, DA can't change the password. |
| checkSetPassword_nycRestrictions_failure(); |
| |
| assertHasPassword(); |
| |
| // Still can't clear the password. |
| checkClearPassword_nycRestrictions_failure(); |
| |
| assertHasPassword(); |
| } |
| } |