commit 7b113c86a64aeb7060ff35882a2f2def97cd0484
author Alex Klyubin <klyubin@google.com> Fri Jun 19 10:44:28 2015 -0700
committer Alex Klyubin <klyubin@google.com> Fri Jun 19 10:44:28 2015 -0700
tree 6ea360d14d8b5f7060f5d9dcc30a121bbdab4a8d
parent a47d5d6948f50f3bbc8300b8656bb426edc2c746

Remove tests for generating keys requiring user auth.

These tests require that the secure lock screen is set up and that at
least one fingerprint is enrolled. However, CTS does not require that
at the moment.

Bug: 21949423
Change-Id: I9118ffac7a46293f518de9890e1fe5e1c426193a

tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java

diff --git a/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java b/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java
index ff46e87..2dbcbbf 100644
--- a/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java
+++ b/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java
@@ -556,8 +556,6 @@
                 .setCertificateSubject(certSubject)
                 .setCertificateNotBefore(certNotBefore)
                 .setCertificateNotAfter(certNotAfter)
-                .setUserAuthenticationRequired(true)
-                .setUserAuthenticationValidityDurationSeconds(600)
                 .build());
         KeyPair keyPair = generator.generateKeyPair();
         assertGeneratedKeyPairAndSelfSignedCertificate(
@@ -588,8 +586,8 @@
                 KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512);
         MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getSignaturePaddings()));
         MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getEncryptionPaddings()));
-        assertTrue(keyInfo.isUserAuthenticationRequired());
-        assertEquals(600, keyInfo.getUserAuthenticationValidityDurationSeconds());
+        assertFalse(keyInfo.isUserAuthenticationRequired());
+        assertEquals(-1, keyInfo.getUserAuthenticationValidityDurationSeconds());
     }
 
     public void testGenerate_RSA_ModernSpec_AsCustomAsPossible() throws Exception {
@@ -622,8 +620,6 @@
                 .setCertificateSubject(certSubject)
                 .setCertificateNotBefore(certNotBefore)
                 .setCertificateNotAfter(certNotAfter)
-                .setUserAuthenticationRequired(true)
-                .setUserAuthenticationValidityDurationSeconds(600)
                 .build());
         KeyPair keyPair = generator.generateKeyPair();
         assertGeneratedKeyPairAndSelfSignedCertificate(
@@ -659,8 +655,8 @@
         MoreAsserts.assertContentsInAnyOrder(Arrays.asList(keyInfo.getEncryptionPaddings()),
                 KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1,
                 KeyProperties.ENCRYPTION_PADDING_RSA_OAEP);
-        assertTrue(keyInfo.isUserAuthenticationRequired());
-        assertEquals(600, keyInfo.getUserAuthenticationValidityDurationSeconds());
+        assertFalse(keyInfo.isUserAuthenticationRequired());
+        assertEquals(-1, keyInfo.getUserAuthenticationValidityDurationSeconds());
     }
 
     public void testGenerate_EC_ModernSpec_UsableForTLSPeerAuth() throws Exception {
@@ -721,99 +717,9 @@
         assertKeyPairAndCertificateUsableForTLSPeerAuthentication(TEST_ALIAS_1);
     }
 
-    public void testGenerate_EC_ModernSpec_PerOpAuthRequired() throws Exception {
-        KeyPairGenerator generator = getEcGenerator();
-        generator.initialize(new KeyGenParameterSpec.Builder(
-                TEST_ALIAS_1,
-                KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
-                .setDigests(KeyProperties.DIGEST_NONE)
-                .setUserAuthenticationRequired(true)
-                .build());
-        KeyPair keyPair = generator.generateKeyPair();
-        assertGeneratedKeyPairAndSelfSignedCertificate(
-                keyPair,
-                TEST_ALIAS_1,
-                "EC",
-                256,
-                DEFAULT_CERT_SUBJECT,
-                DEFAULT_CERT_SERIAL_NUMBER,
-                DEFAULT_CERT_NOT_BEFORE,
-                DEFAULT_CERT_NOT_AFTER);
-        KeyInfo keyInfo = TestUtils.getKeyInfo(keyPair.getPrivate());
-        assertTrue(keyInfo.isUserAuthenticationRequired());
-        assertEquals(-1, keyInfo.getUserAuthenticationValidityDurationSeconds());
-    }
-
-    public void testGenerate_RSA_ModernSpec_PerOpAuthRequired() throws Exception {
-        KeyPairGenerator generator = getRsaGenerator();
-        generator.initialize(new KeyGenParameterSpec.Builder(
-                TEST_ALIAS_1,
-                KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
-                .setDigests(KeyProperties.DIGEST_NONE)
-                .setUserAuthenticationRequired(true)
-                .build());
-        KeyPair keyPair = generator.generateKeyPair();
-        assertGeneratedKeyPairAndSelfSignedCertificate(
-                keyPair,
-                TEST_ALIAS_1,
-                "RSA",
-                2048,
-                DEFAULT_CERT_SUBJECT,
-                DEFAULT_CERT_SERIAL_NUMBER,
-                DEFAULT_CERT_NOT_BEFORE,
-                DEFAULT_CERT_NOT_AFTER);
-        KeyInfo keyInfo = TestUtils.getKeyInfo(keyPair.getPrivate());
-        assertTrue(keyInfo.isUserAuthenticationRequired());
-        assertEquals(-1, keyInfo.getUserAuthenticationValidityDurationSeconds());
-    }
-
-    public void testGenerate_EC_ModernSpec_TimeoutBasedAuthRequired() throws Exception {
-        KeyPairGenerator generator = getEcGenerator();
-        generator.initialize(new KeyGenParameterSpec.Builder(
-                TEST_ALIAS_1,
-                KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
-                .setDigests(KeyProperties.DIGEST_NONE)
-                .setUserAuthenticationRequired(true)
-                .setUserAuthenticationValidityDurationSeconds(60)
-                .build());
-        KeyPair keyPair = generator.generateKeyPair();
-        assertGeneratedKeyPairAndSelfSignedCertificate(
-                keyPair,
-                TEST_ALIAS_1,
-                "EC",
-                256,
-                DEFAULT_CERT_SUBJECT,
-                DEFAULT_CERT_SERIAL_NUMBER,
-                DEFAULT_CERT_NOT_BEFORE,
-                DEFAULT_CERT_NOT_AFTER);
-        KeyInfo keyInfo = TestUtils.getKeyInfo(keyPair.getPrivate());
-        assertTrue(keyInfo.isUserAuthenticationRequired());
-        assertEquals(60, keyInfo.getUserAuthenticationValidityDurationSeconds());
-    }
-
-    public void testGenerate_RSA_ModernSpec_TimeoutBasedAuthRequired() throws Exception {
-        KeyPairGenerator generator = getRsaGenerator();
-        generator.initialize(new KeyGenParameterSpec.Builder(
-                TEST_ALIAS_1,
-                KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
-                .setDigests(KeyProperties.DIGEST_NONE)
-                .setUserAuthenticationRequired(true)
-                .setUserAuthenticationValidityDurationSeconds(60)
-                .build());
-        KeyPair keyPair = generator.generateKeyPair();
-        assertGeneratedKeyPairAndSelfSignedCertificate(
-                keyPair,
-                TEST_ALIAS_1,
-                "RSA",
-                2048,
-                DEFAULT_CERT_SUBJECT,
-                DEFAULT_CERT_SERIAL_NUMBER,
-                DEFAULT_CERT_NOT_BEFORE,
-                DEFAULT_CERT_NOT_AFTER);
-        KeyInfo keyInfo = TestUtils.getKeyInfo(keyPair.getPrivate());
-        assertTrue(keyInfo.isUserAuthenticationRequired());
-        assertEquals(60, keyInfo.getUserAuthenticationValidityDurationSeconds());
-    }
+    // TODO: Test fingerprint-authorized and secure lock screen-authorized keys. These can't
+    // currently be tested here because CTS does not require that secure lock screen is set up and
+    // that at least one fingerprint is enrolled.
 
     public void testGenerate_EC_ModernSpec_SupportedSizes() throws Exception {
         assertKeyGenUsingECSizeOnlyUsesCorrectCurve(224, ECCurves.NIST_P_224_SPEC);