1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.appsecurity.cts.keyrotationtest.test; 18 19 import static org.junit.Assert.assertEquals; 20 21 import android.appsecurity.cts.keyrotationtest.service.ISignatureQueryService; 22 import android.appsecurity.cts.keyrotationtest.service.SignatureQueryService; 23 import android.content.Context; 24 import android.content.Intent; 25 import android.os.Bundle; 26 import android.os.IBinder; 27 28 import androidx.test.core.app.ApplicationProvider; 29 import androidx.test.platform.app.InstrumentationRegistry; 30 import androidx.test.rule.ServiceTestRule; 31 import androidx.test.runner.AndroidJUnit4; 32 33 import org.junit.Before; 34 import org.junit.Rule; 35 import org.junit.Test; 36 import org.junit.runner.RunWith; 37 38 /** 39 * Verifies that the SignatureQueryService test app is functioning as expected and signed with the 40 * expected signatures. 41 */ 42 @RunWith(AndroidJUnit4.class) 43 public final class SignatureQueryServiceInstrumentationTest { 44 private Context context; 45 private ISignatureQueryService signatureQueryService; 46 47 // These are the sha256 digests of the DER encoding of the ec-p256 and ec-p256_2 signing 48 // certificates used to sign this and the app under test. 49 private static final String FIRST_SIGNATURE_DIGEST = 50 "6a8b96e278e58f62cfe3584022cec1d0527fcb85a9e5d2e1694eb0405be5b599"; 51 private static final String SECOND_SIGNATURE_DIGEST = 52 "d78405f761ff6236cc9b570347a570aba0c62a129a3ac30c831c64d09ad95469"; 53 54 @Rule 55 public final ServiceTestRule serviceTestRule = new ServiceTestRule(); 56 57 @Before setUp()58 public void setUp() throws Exception { 59 context = InstrumentationRegistry.getInstrumentation().getContext(); 60 IBinder binder = serviceTestRule.bindService( 61 new Intent(ApplicationProvider.getApplicationContext(), 62 SignatureQueryService.class)); 63 signatureQueryService = ISignatureQueryService.Stub.asInterface(binder); 64 } 65 66 @Test verifySignatures_noRotation_succeeds()67 public void verifySignatures_noRotation_succeeds() throws Exception { 68 // Verifies the signatures of the app under test when it is only signed with the original 69 // signing key. 70 Bundle responseBundle = signatureQueryService.verifySignatures( 71 new String[]{FIRST_SIGNATURE_DIGEST}, context.getPackageName()); 72 73 assertEquals(0, responseBundle.getInt(ISignatureQueryService.KEY_VERIFY_SIGNATURES_RESULT)); 74 } 75 76 @Test verifySignatures_withRotation_succeeds()77 public void verifySignatures_withRotation_succeeds() throws Exception { 78 // Verifies the signatures of the test app when it is signed with the rotated key and 79 // lineage. 80 Bundle responseBundle = signatureQueryService.verifySignatures( 81 new String[]{FIRST_SIGNATURE_DIGEST, SECOND_SIGNATURE_DIGEST}, 82 context.getPackageName()); 83 84 assertEquals(0, responseBundle.getInt(ISignatureQueryService.KEY_VERIFY_SIGNATURES_RESULT)); 85 } 86 } 87 88