hostsidetests/devicepolicy/app/ManagedProfile/src/com/android/cts/managedprofile/ResetPasswordWithTokenTest.java

/*
 * Copyright (C) 2017 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.android.cts.managedprofile;

import android.app.admin.DevicePolicyManager;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.os.UserManager;

public class ResetPasswordWithTokenTest extends BaseManagedProfileTest {

    private static final String PASSWORD0 = "1234";
    // This needs to be in sync with ManagedProfileTest.RESET_PASSWORD_TEST_DEFAULT_PASSWORD
    private static final String PASSWORD1 = "123456";

    private static final byte[] token = "abcdefghijklmnopqrstuvwxyz0123456789".getBytes();

    /**
     * A dummy receiver marked as direct boot aware in manifest to make this test app
     * runnable by instrumentation before FBE unlock.
     */
    public static class DummyReceiver extends BroadcastReceiver {
        @Override
        public void onReceive(Context context, Intent intent) {
        }
    }

    /**
     * Set a reset password token and work challenge on the work profile, and then lock it
     * with CE evicted. This is the preparation step for {@link #testResetPasswordBeforeUnlock}
     * to put the profile in RUNNING_LOCKED state, and will be called by the hostside logic before
     * {@link #testResetPasswordBeforeUnlock} is exercised.
     */
    public void testSetupWorkProfileAndLock() {
        testSetResetPasswordToken();
        // Reset password on the work profile will enable separate work challenge for it.
        assertTrue(mDevicePolicyManager.resetPasswordWithToken(ADMIN_RECEIVER_COMPONENT, PASSWORD0,
                token, 0));

        mDevicePolicyManager.setPasswordQuality(ADMIN_RECEIVER_COMPONENT,
                DevicePolicyManager.PASSWORD_QUALITY_NUMERIC);
        mDevicePolicyManager.setPasswordMinimumLength(ADMIN_RECEIVER_COMPONENT, 6);

        testLockWorkProfile();
    }

    public void testResetPasswordBeforeUnlock() {
        UserManager um = mContext.getSystemService(UserManager.class);
        assertFalse(um.isUserUnlocked());
        assertTrue(mDevicePolicyManager.isResetPasswordTokenActive(ADMIN_RECEIVER_COMPONENT));
        assertTrue(mDevicePolicyManager.resetPasswordWithToken(ADMIN_RECEIVER_COMPONENT, PASSWORD1,
                token, 0));
        try {
            mDevicePolicyManager.isActivePasswordSufficient();
            fail("Did not throw expected exception.");
        } catch (IllegalStateException expected) {}
    }

    public void testSetResetPasswordToken() {
        assertTrue(mDevicePolicyManager.setResetPasswordToken(ADMIN_RECEIVER_COMPONENT, token));
        assertTrue(mDevicePolicyManager.isResetPasswordTokenActive(ADMIN_RECEIVER_COMPONENT));
    }

    public void testLockWorkProfile() {
        mDevicePolicyManager.lockNow(DevicePolicyManager.FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY);
    }
}