1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package com.android.cts.profileowner; 17 18 import android.app.admin.DevicePolicyManager; 19 import android.content.ContentResolver; 20 import android.content.Context; 21 import android.os.Process; 22 import android.os.UserHandle; 23 import android.provider.Settings; 24 25 import com.android.org.conscrypt.TrustedCertificateStore; 26 27 import java.io.ByteArrayInputStream; 28 import java.security.cert.Certificate; 29 import java.security.cert.CertificateFactory; 30 import java.util.List; 31 32 public class AdminActionBookkeepingTest extends BaseProfileOwnerTest { 33 /* 34 * The CA cert below is the content of cacert.pem as generated by: 35 * 36 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 37 */ 38 private static final String TEST_CA = 39 "-----BEGIN CERTIFICATE-----\n" + 40 "MIIDXTCCAkWgAwIBAgIJAK9Tl/F9V8kSMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n" + 41 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n" + 42 "aWRnaXRzIFB0eSBMdGQwHhcNMTUwMzA2MTczMjExWhcNMjUwMzAzMTczMjExWjBF\n" + 43 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n" + 44 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 45 "CgKCAQEAvItOutsE75WBTgTyNAHt4JXQ3JoseaGqcC3WQij6vhrleWi5KJ0jh1/M\n" + 46 "Rpry7Fajtwwb4t8VZa0NuM2h2YALv52w1xivql88zce/HU1y7XzbXhxis9o6SCI+\n" + 47 "oVQSbPeXRgBPppFzBEh3ZqYTVhAqw451XhwdA4Aqs3wts7ddjwlUzyMdU44osCUg\n" + 48 "kVg7lfPf9sTm5IoHVcfLSCWH5n6Nr9sH3o2ksyTwxuOAvsN11F/a0mmUoPciYPp+\n" + 49 "q7DzQzdi7akRG601DZ4YVOwo6UITGvDyuAAdxl5isovUXqe6Jmz2/myTSpAKxGFs\n" + 50 "jk9oRoG6WXWB1kni490GIPjJ1OceyQIDAQABo1AwTjAdBgNVHQ4EFgQUH1QIlPKL\n" + 51 "p2OQ/AoLOjKvBW4zK3AwHwYDVR0jBBgwFoAUH1QIlPKLp2OQ/AoLOjKvBW4zK3Aw\n" + 52 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAcMi4voMMJHeQLjtq8Oky\n" + 53 "Azpyk8moDwgCd4llcGj7izOkIIFqq/lyqKdtykVKUWz2bSHO5cLrtaOCiBWVlaCV\n" + 54 "DYAnnVLM8aqaA6hJDIfaGs4zmwz0dY8hVMFCuCBiLWuPfiYtbEmjHGSmpQTG6Qxn\n" + 55 "ZJlaK5CZyt5pgh5EdNdvQmDEbKGmu0wpCq9qjZImwdyAul1t/B0DrsWApZMgZpeI\n" + 56 "d2od0VBrCICB1K4p+C51D93xyQiva7xQcCne+TAnGNy9+gjQ/MyR8MRpwRLv5ikD\n" + 57 "u0anJCN8pXo6IMglfMAsoton1J6o5/ae5uhC6caQU8bNUsCK570gpNfjkzo6rbP0\n" + 58 "wQ==\n" + 59 "-----END CERTIFICATE-----"; 60 61 @Override tearDown()62 protected void tearDown() throws Exception { 63 mDevicePolicyManager.uninstallCaCert(getWho(), TEST_CA.getBytes()); 64 65 super.tearDown(); 66 } 67 68 /** 69 * Test: It should be recored whether the Profile Owner or the user set the current IME. 70 */ testIsDefaultInputMethodSet()71 public void testIsDefaultInputMethodSet() throws Exception { 72 final String setting = Settings.Secure.DEFAULT_INPUT_METHOD; 73 final ContentResolver resolver = getContext().getContentResolver(); 74 final String ime = Settings.Secure.getString(resolver, setting); 75 76 Settings.Secure.putString(resolver, setting, "com.test.1"); 77 Thread.sleep(500); 78 assertFalse(mDevicePolicyManager.isCurrentInputMethodSetByOwner()); 79 80 mDevicePolicyManager.setSecureSetting(getWho(), setting, "com.test.2"); 81 Thread.sleep(500); 82 assertTrue(mDevicePolicyManager.isCurrentInputMethodSetByOwner()); 83 84 Settings.Secure.putString(resolver, setting, ime); 85 Thread.sleep(500); 86 assertFalse(mDevicePolicyManager.isCurrentInputMethodSetByOwner()); 87 } 88 89 /** 90 * Test: It should be recored whether the Profile Owner or the user installed a CA cert. 91 */ testGetPolicyInstalledCaCerts()92 public void testGetPolicyInstalledCaCerts() throws Exception { 93 final byte[] rawCert = TEST_CA.getBytes(); 94 final Certificate cert = CertificateFactory.getInstance("X.509") 95 .generateCertificate(new ByteArrayInputStream(rawCert)); 96 final TrustedCertificateStore store = new TrustedCertificateStore(); 97 98 // Install a CA cert. 99 assertNull(store.getCertificateAlias(cert)); 100 assertTrue(mDevicePolicyManager.installCaCert(getWho(), rawCert)); 101 final String alias = store.getCertificateAlias(cert); 102 assertNotNull(alias); 103 104 // Verify that the CA cert was marked as installed by the Profile Owner. 105 verifyOwnerInstalledStatus(alias, true); 106 107 // Uninstall the CA cert. 108 mDevicePolicyManager.uninstallCaCert(getWho(), rawCert); 109 110 // Verify that the CA cert is no longer marked as installed by the Profile Owner. 111 verifyOwnerInstalledStatus(alias, false); 112 } 113 verifyOwnerInstalledStatus(String alias, boolean expectOwnerInstalled)114 private void verifyOwnerInstalledStatus(String alias, boolean expectOwnerInstalled) { 115 final List<String> ownerInstalledCerts = 116 mDevicePolicyManager.getOwnerInstalledCaCerts(Process.myUserHandle()); 117 assertNotNull(ownerInstalledCerts); 118 assertEquals(expectOwnerInstalled, ownerInstalledCerts.contains(alias)); 119 } 120 } 121