1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package com.android.cts.profileowner;
17 
18 import android.app.admin.DevicePolicyManager;
19 import android.content.ContentResolver;
20 import android.content.Context;
21 import android.os.Process;
22 import android.os.UserHandle;
23 import android.provider.Settings;
24 
25 import com.android.org.conscrypt.TrustedCertificateStore;
26 
27 import java.io.ByteArrayInputStream;
28 import java.security.cert.Certificate;
29 import java.security.cert.CertificateFactory;
30 import java.util.List;
31 
32 public class AdminActionBookkeepingTest extends BaseProfileOwnerTest {
33     /*
34      * The CA cert below is the content of cacert.pem as generated by:
35      *
36      * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem
37      */
38     private static final String TEST_CA =
39             "-----BEGIN CERTIFICATE-----\n" +
40             "MIIDXTCCAkWgAwIBAgIJAK9Tl/F9V8kSMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n" +
41             "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n" +
42             "aWRnaXRzIFB0eSBMdGQwHhcNMTUwMzA2MTczMjExWhcNMjUwMzAzMTczMjExWjBF\n" +
43             "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n" +
44             "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" +
45             "CgKCAQEAvItOutsE75WBTgTyNAHt4JXQ3JoseaGqcC3WQij6vhrleWi5KJ0jh1/M\n" +
46             "Rpry7Fajtwwb4t8VZa0NuM2h2YALv52w1xivql88zce/HU1y7XzbXhxis9o6SCI+\n" +
47             "oVQSbPeXRgBPppFzBEh3ZqYTVhAqw451XhwdA4Aqs3wts7ddjwlUzyMdU44osCUg\n" +
48             "kVg7lfPf9sTm5IoHVcfLSCWH5n6Nr9sH3o2ksyTwxuOAvsN11F/a0mmUoPciYPp+\n" +
49             "q7DzQzdi7akRG601DZ4YVOwo6UITGvDyuAAdxl5isovUXqe6Jmz2/myTSpAKxGFs\n" +
50             "jk9oRoG6WXWB1kni490GIPjJ1OceyQIDAQABo1AwTjAdBgNVHQ4EFgQUH1QIlPKL\n" +
51             "p2OQ/AoLOjKvBW4zK3AwHwYDVR0jBBgwFoAUH1QIlPKLp2OQ/AoLOjKvBW4zK3Aw\n" +
52             "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAcMi4voMMJHeQLjtq8Oky\n" +
53             "Azpyk8moDwgCd4llcGj7izOkIIFqq/lyqKdtykVKUWz2bSHO5cLrtaOCiBWVlaCV\n" +
54             "DYAnnVLM8aqaA6hJDIfaGs4zmwz0dY8hVMFCuCBiLWuPfiYtbEmjHGSmpQTG6Qxn\n" +
55             "ZJlaK5CZyt5pgh5EdNdvQmDEbKGmu0wpCq9qjZImwdyAul1t/B0DrsWApZMgZpeI\n" +
56             "d2od0VBrCICB1K4p+C51D93xyQiva7xQcCne+TAnGNy9+gjQ/MyR8MRpwRLv5ikD\n" +
57             "u0anJCN8pXo6IMglfMAsoton1J6o5/ae5uhC6caQU8bNUsCK570gpNfjkzo6rbP0\n" +
58             "wQ==\n" +
59             "-----END CERTIFICATE-----";
60 
61     @Override
tearDown()62     protected void tearDown() throws Exception {
63         mDevicePolicyManager.uninstallCaCert(getWho(), TEST_CA.getBytes());
64 
65         super.tearDown();
66     }
67 
68     /**
69      * Test: It should be recored whether the Profile Owner or the user set the current IME.
70      */
testIsDefaultInputMethodSet()71     public void testIsDefaultInputMethodSet() throws Exception {
72         final String setting = Settings.Secure.DEFAULT_INPUT_METHOD;
73         final ContentResolver resolver = getContext().getContentResolver();
74         final String ime = Settings.Secure.getString(resolver, setting);
75 
76         Settings.Secure.putString(resolver, setting, "com.test.1");
77         Thread.sleep(500);
78         assertFalse(mDevicePolicyManager.isCurrentInputMethodSetByOwner());
79 
80         mDevicePolicyManager.setSecureSetting(getWho(), setting, "com.test.2");
81         Thread.sleep(500);
82         assertTrue(mDevicePolicyManager.isCurrentInputMethodSetByOwner());
83 
84         Settings.Secure.putString(resolver, setting, ime);
85         Thread.sleep(500);
86         assertFalse(mDevicePolicyManager.isCurrentInputMethodSetByOwner());
87     }
88 
89     /**
90      * Test: It should be recored whether the Profile Owner or the user installed a CA cert.
91      */
testGetPolicyInstalledCaCerts()92     public void testGetPolicyInstalledCaCerts() throws Exception {
93         final byte[] rawCert = TEST_CA.getBytes();
94         final Certificate cert = CertificateFactory.getInstance("X.509")
95                 .generateCertificate(new ByteArrayInputStream(rawCert));
96         final TrustedCertificateStore store = new TrustedCertificateStore();
97 
98         // Install a CA cert.
99         assertNull(store.getCertificateAlias(cert));
100         assertTrue(mDevicePolicyManager.installCaCert(getWho(), rawCert));
101         final String alias = store.getCertificateAlias(cert);
102         assertNotNull(alias);
103 
104         // Verify that the CA cert was marked as installed by the Profile Owner.
105         verifyOwnerInstalledStatus(alias, true);
106 
107         // Uninstall the CA cert.
108         mDevicePolicyManager.uninstallCaCert(getWho(), rawCert);
109 
110         // Verify that the CA cert is no longer marked as installed by the Profile Owner.
111         verifyOwnerInstalledStatus(alias, false);
112     }
113 
verifyOwnerInstalledStatus(String alias, boolean expectOwnerInstalled)114     private void verifyOwnerInstalledStatus(String alias, boolean expectOwnerInstalled) {
115         final List<String> ownerInstalledCerts =
116                 mDevicePolicyManager.getOwnerInstalledCaCerts(Process.myUserHandle());
117         assertNotNull(ownerInstalledCerts);
118         assertEquals(expectOwnerInstalled, ownerInstalledCerts.contains(alias));
119     }
120 }
121