hostsidetests/devicepolicy/app/DelegateApp/src/com/android/cts/delegate/CertInstallDelegateTest.java - platform/cts - Git at Google

 /*
  * Copyright (C) 2017 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package com.android.cts.delegate;

 import static android.app.admin.DevicePolicyManager.DELEGATION_CERT_INSTALL;

 import static com.android.cts.delegate.DelegateTestUtils.assertExpectException;
 import static com.android.cts.devicepolicy.TestCertificates.TEST_CA;
 import static com.android.cts.devicepolicy.TestCertificates.TEST_CERT;
 import static com.android.cts.devicepolicy.TestCertificates.TEST_KEY;

 import android.app.admin.DevicePolicyManager;
 import android.content.ComponentName;
 import android.util.Base64;
 import android.util.Base64InputStream;

 import java.io.ByteArrayInputStream;
 import java.security.KeyFactory;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.List;

 /**
  * Tests that a package other than the DPC can manage app restrictions if allowed by the DPC
  * via {@link DevicePolicyManager#setApplicationRestrictionsManagingPackage(ComponentName, String)}
  */
 public class CertInstallDelegateTest extends BaseJUnit3TestCase {

     public void testCannotAccessApis() {
         assertFalse(amICertInstallDelegate());

         assertExpectException(SecurityException.class,
                 "Calling identity is not authorized", () -> {
                     mDpm.installCaCert(null, null);
                 });

         assertExpectException(SecurityException.class,
                 "Calling identity is not authorized", () -> {
                     mDpm.removeKeyPair(null, "alias");
                 });
     }

     public void testCanAccessApis() throws Exception {
         assertTrue(amICertInstallDelegate());

         byte[] cert = TEST_CA.getBytes();

         // Exercise installCaCert.
         assertTrue("Certificate installation failed", mDpm.installCaCert(null, cert));

         // Exercise hasCertInstalled.
         assertTrue("Certificate is not installed properly", mDpm.hasCaCertInstalled(null, cert));

         // Exercise getInstalledCaCerts.
         assertTrue("Certificate is not among installed certs",
                 containsCertificate(mDpm.getInstalledCaCerts(null), cert));

         // Exercise uninstallCaCert.
         mDpm.uninstallCaCert(null, cert);
         assertFalse("Certificate was not uninstalled", mDpm.hasCaCertInstalled(null, cert));

         // Exercise installKeyPair.
         final String alias = "delegated-cert-installer-test-key";
         PrivateKey privateKey = KeyFactory.getInstance("RSA").generatePrivate(
                 new PKCS8EncodedKeySpec(Base64.decode(TEST_KEY, Base64.DEFAULT)));

         Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(
                 new Base64InputStream(new ByteArrayInputStream(TEST_CERT.getBytes()),
                     Base64.DEFAULT));
         assertTrue("Key pair not installed successfully",
                 mDpm.installKeyPair(null, privateKey, certificate, alias));

         // Exercise removeKeyPair.
         assertTrue("Key pair not removed successfully", mDpm.removeKeyPair(null, alias));
     }

     private static boolean containsCertificate(List<byte[]> certificates, byte[] toMatch)
             throws CertificateException {
         Certificate certificateToMatch = readCertificate(toMatch);
         for (byte[] certBuffer : certificates) {
             Certificate cert = readCertificate(certBuffer);
             if (certificateToMatch.equals(cert)) {
                 return true;
             }
         }
         return false;
     }

     private static Certificate readCertificate(byte[] certBuffer) throws CertificateException {
         final CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
         return certFactory.generateCertificate(new ByteArrayInputStream(certBuffer));
     }

     private boolean amICertInstallDelegate() {
         final String packageName = getInstrumentation().getContext().getPackageName();
         final List<String> scopes = mDpm.getDelegatedScopes(null, packageName);
         return scopes.contains(DELEGATION_CERT_INSTALL);
     }
 }
	/*
	* Copyright (C) 2017 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package com.android.cts.delegate;

	import static android.app.admin.DevicePolicyManager.DELEGATION_CERT_INSTALL;

	import static com.android.cts.delegate.DelegateTestUtils.assertExpectException;
	import static com.android.cts.devicepolicy.TestCertificates.TEST_CA;
	import static com.android.cts.devicepolicy.TestCertificates.TEST_CERT;
	import static com.android.cts.devicepolicy.TestCertificates.TEST_KEY;

	import android.app.admin.DevicePolicyManager;
	import android.content.ComponentName;
	import android.util.Base64;
	import android.util.Base64InputStream;

	import java.io.ByteArrayInputStream;
	import java.security.KeyFactory;
	import java.security.PrivateKey;
	import java.security.cert.Certificate;
	import java.security.cert.CertificateException;
	import java.security.cert.CertificateFactory;
	import java.security.spec.PKCS8EncodedKeySpec;
	import java.util.List;

	/**
	* Tests that a package other than the DPC can manage app restrictions if allowed by the DPC
	* via {@link DevicePolicyManager#setApplicationRestrictionsManagingPackage(ComponentName, String)}
	*/
	public class CertInstallDelegateTest extends BaseJUnit3TestCase {

	public void testCannotAccessApis() {
	assertFalse(amICertInstallDelegate());

	assertExpectException(SecurityException.class,
	"Calling identity is not authorized", () -> {
	mDpm.installCaCert(null, null);
	});

	assertExpectException(SecurityException.class,
	"Calling identity is not authorized", () -> {
	mDpm.removeKeyPair(null, "alias");
	});
	}

	public void testCanAccessApis() throws Exception {
	assertTrue(amICertInstallDelegate());

	byte[] cert = TEST_CA.getBytes();

	// Exercise installCaCert.
	assertTrue("Certificate installation failed", mDpm.installCaCert(null, cert));

	// Exercise hasCertInstalled.
	assertTrue("Certificate is not installed properly", mDpm.hasCaCertInstalled(null, cert));

	// Exercise getInstalledCaCerts.
	assertTrue("Certificate is not among installed certs",
	containsCertificate(mDpm.getInstalledCaCerts(null), cert));

	// Exercise uninstallCaCert.
	mDpm.uninstallCaCert(null, cert);
	assertFalse("Certificate was not uninstalled", mDpm.hasCaCertInstalled(null, cert));

	// Exercise installKeyPair.
	final String alias = "delegated-cert-installer-test-key";
	PrivateKey privateKey = KeyFactory.getInstance("RSA").generatePrivate(
	new PKCS8EncodedKeySpec(Base64.decode(TEST_KEY, Base64.DEFAULT)));

	Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(
	new Base64InputStream(new ByteArrayInputStream(TEST_CERT.getBytes()),
	Base64.DEFAULT));
	assertTrue("Key pair not installed successfully",
	mDpm.installKeyPair(null, privateKey, certificate, alias));

	// Exercise removeKeyPair.
	assertTrue("Key pair not removed successfully", mDpm.removeKeyPair(null, alias));
	}

	private static boolean containsCertificate(List<byte[]> certificates, byte[] toMatch)
	throws CertificateException {
	Certificate certificateToMatch = readCertificate(toMatch);
	for (byte[] certBuffer : certificates) {
	Certificate cert = readCertificate(certBuffer);
	if (certificateToMatch.equals(cert)) {
	return true;
	}
	}
	return false;
	}

	private static Certificate readCertificate(byte[] certBuffer) throws CertificateException {
	final CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
	return certFactory.generateCertificate(new ByteArrayInputStream(certBuffer));
	}

	private boolean amICertInstallDelegate() {
	final String packageName = getInstrumentation().getContext().getPackageName();
	final List<String> scopes = mDpm.getDelegatedScopes(null, packageName);
	return scopes.contains(DELEGATION_CERT_INSTALL);
	}
	}