hostsidetests/devicepolicy/app/DeviceAndProfileOwner/src/com/android/cts/deviceandprofileowner/ResetPasswordWithTokenTest.java

/*
 * Copyright (C) 2017 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.android.cts.deviceandprofileowner;


public class ResetPasswordWithTokenTest extends BaseDeviceAdminTest {

    private static final String PASSWORD = "1234";

    private static final byte[] TOKEN0 = "abcdefghijklmnopqrstuvwxyz0123456789".getBytes();
    private static final byte[] TOKEN1 = "abcdefghijklmnopqrstuvwxyz012345678*".getBytes();

    public void testResetPasswordWithToken() {
        testResetPasswordWithToken(false);
    }

    public void testResetPasswordWithTokenMayFail() {
        // If this test is executed on a device with password token disabled, allow the test to
        // pass.
        testResetPasswordWithToken(true);
    }

    private void testResetPasswordWithToken(boolean acceptFailure) {
        try {
            // set up a token
            assertFalse(mDevicePolicyManager.isResetPasswordTokenActive(ADMIN_RECEIVER_COMPONENT));

            try {
                // On devices with password token disabled, calling this method will throw
                // a security exception. If that's anticipated, then return early without failing.
                assertTrue(mDevicePolicyManager.setResetPasswordToken(ADMIN_RECEIVER_COMPONENT,
                        TOKEN0));
            } catch (SecurityException e) {
                if (acceptFailure &&
                        e.getMessage().equals("Escrow token is disabled on the current user")) {
                    return;
                } else {
                    throw e;
                }
            }
            assertTrue(mDevicePolicyManager.isResetPasswordTokenActive(ADMIN_RECEIVER_COMPONENT));

            // resetting password with wrong token should fail
            assertFalse(mDevicePolicyManager.resetPasswordWithToken(ADMIN_RECEIVER_COMPONENT, PASSWORD,
                    TOKEN1, 0));
            // try changing password with token
            assertTrue(mDevicePolicyManager.resetPasswordWithToken(ADMIN_RECEIVER_COMPONENT, PASSWORD,
                    TOKEN0, 0));
            // clear password with token
            assertTrue(mDevicePolicyManager.resetPasswordWithToken(ADMIN_RECEIVER_COMPONENT, null,
                    TOKEN0, 0));

            // remove token and check it succeeds
            assertTrue(mDevicePolicyManager.clearResetPasswordToken(ADMIN_RECEIVER_COMPONENT));
            assertFalse(mDevicePolicyManager.isResetPasswordTokenActive(ADMIN_RECEIVER_COMPONENT));
            assertFalse(mDevicePolicyManager.resetPasswordWithToken(ADMIN_RECEIVER_COMPONENT, PASSWORD,
                    TOKEN0, 0));
        } finally {
            mDevicePolicyManager.clearResetPasswordToken(ADMIN_RECEIVER_COMPONENT);
        }
    }

    //TODO: add test to reboot device and reset password while user is still locked.
}