1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package com.android.cts.deviceowner; 17 18 import static com.android.cts.deviceowner.FakeKeys.FAKE_RSA_1; 19 import static com.android.cts.deviceowner.FakeKeys.FAKE_DSA_1; 20 21 import java.io.ByteArrayInputStream; 22 import java.security.cert.CertificateException; 23 import java.security.cert.CertificateFactory; 24 import java.security.cert.Certificate; 25 import java.util.List; 26 27 public class CaCertManagementTest extends BaseDeviceOwnerTest { testCanRetrieveListOfInstalledCaCerts()28 public void testCanRetrieveListOfInstalledCaCerts() { 29 List<byte[]> caCerts = mDevicePolicyManager.getInstalledCaCerts(getWho()); 30 assertNotNull(caCerts); 31 } 32 testCanInstallAndUninstallACaCert()33 public void testCanInstallAndUninstallACaCert() 34 throws CertificateException { 35 assertFalse(hasCaCertInstalled(FAKE_RSA_1.caCertificate)); 36 assertFalse(hasCaCertInstalled(FAKE_DSA_1.caCertificate)); 37 assertTrue(mDevicePolicyManager.installCaCert(getWho(), FAKE_RSA_1.caCertificate)); 38 assertTrue(hasCaCertInstalled(FAKE_RSA_1.caCertificate)); 39 assertFalse(hasCaCertInstalled(FAKE_DSA_1.caCertificate)); 40 mDevicePolicyManager.uninstallCaCert(getWho(), FAKE_RSA_1.caCertificate); 41 assertFalse(hasCaCertInstalled(FAKE_RSA_1.caCertificate)); 42 assertFalse(hasCaCertInstalled(FAKE_DSA_1.caCertificate)); 43 } 44 testUninstallationIsSelective()45 public void testUninstallationIsSelective() throws CertificateException { 46 assertTrue(mDevicePolicyManager.installCaCert(getWho(), FAKE_RSA_1.caCertificate)); 47 assertTrue(mDevicePolicyManager.installCaCert(getWho(), FAKE_DSA_1.caCertificate)); 48 mDevicePolicyManager.uninstallCaCert(getWho(), FAKE_DSA_1.caCertificate); 49 assertTrue(hasCaCertInstalled(FAKE_RSA_1.caCertificate)); 50 assertFalse(hasCaCertInstalled(FAKE_DSA_1.caCertificate)); 51 mDevicePolicyManager.uninstallCaCert(getWho(), FAKE_RSA_1.caCertificate); 52 } 53 testCanUninstallAllUserCaCerts()54 public void testCanUninstallAllUserCaCerts() throws CertificateException { 55 assertTrue(mDevicePolicyManager.installCaCert(getWho(), FAKE_RSA_1.caCertificate)); 56 assertTrue(mDevicePolicyManager.installCaCert(getWho(), FAKE_DSA_1.caCertificate)); 57 mDevicePolicyManager.uninstallAllUserCaCerts(getWho()); 58 assertFalse(hasCaCertInstalled(FAKE_RSA_1.caCertificate)); 59 assertFalse(hasCaCertInstalled(FAKE_DSA_1.caCertificate)); 60 } 61 hasCaCertInstalled(byte [] caCert)62 private boolean hasCaCertInstalled(byte [] caCert) throws CertificateException { 63 boolean result = mDevicePolicyManager.hasCaCertInstalled(getWho(), caCert); 64 assertEquals(result, containsCertificate( 65 mDevicePolicyManager.getInstalledCaCerts(getWho()), caCert)); 66 return result; 67 } 68 containsCertificate(List<byte[]> certificates, byte [] toMatch)69 private static boolean containsCertificate(List<byte[]> certificates, byte [] toMatch) 70 throws CertificateException { 71 Certificate certificateToMatch = readCertificate(toMatch); 72 for (byte[] certBuffer : certificates) { 73 Certificate cert = readCertificate(certBuffer); 74 if (certificateToMatch.equals(cert)) { 75 return true; 76 } 77 } 78 return false; 79 } 80 readCertificate(byte[] certBuffer)81 private static Certificate readCertificate(byte[] certBuffer) throws CertificateException { 82 final CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); 83 return certFactory.generateCertificate(new ByteArrayInputStream(certBuffer)); 84 } 85 } 86