Call KeyChain credential management app APIs Settings
Background
* This is part of the work to support
a credential management app on
unmanaged devices.
Changes
* Add calls to KeyChain credential management
app API methods.
* Add logic to add, update and remove credential
management app from KeyChain.
Manual Testing
* Install TestDPC
* Request to manage credentials (fire intent).
Add policy mapping: 'com.android.chrome' ->
'client.badssl.com:443' -> 'testAlias'
* Install badssl user certificate as credential
management app (TestDPC). Set alias to 'testAlias'
* Check certificate is installed in Settings
* Go to chrome > client.badssl.com
* Verify no certificate selection prompt is
displayed. User is automatically authenticated.
* Remove credential management app from Settings
Security > Encryption and credentials >
Certificate management app
* Verify credential management app is removed and
'testAlias' is uninstalled.
Bug: 165641221
Test: Manual Testing
make RunSettingsRoboTests -j ROBOTEST_FILTER=com.android.settings.security.RequestManageCredentialsTest
Change-Id: I52254ccbdb0b46941b35130d487e0cf346212968
This commit is contained in:
Alex Johnston
Rubin Xu
@@ -18,18 +18,24 @@ package com.android.settings.security;
|
||||
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
|
||||
import static org.robolectric.Shadows.shadowOf;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.doReturn;
|
||||
import static org.mockito.Mockito.spy;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import android.app.Activity;
|
||||
import android.app.admin.DevicePolicyManager;
|
||||
import android.content.ComponentName;
|
||||
import android.content.Intent;
|
||||
import android.net.Uri;
|
||||
import android.os.UserHandle;
|
||||
import android.security.AppUriAuthenticationPolicy;
|
||||
import android.security.Credentials;
|
||||
import android.security.IKeyChainService;
|
||||
import android.security.KeyChain;
|
||||
import android.widget.Button;
|
||||
import android.widget.LinearLayout;
|
||||
|
||||
import androidx.annotation.NonNull;
|
||||
import androidx.recyclerview.widget.RecyclerView;
|
||||
|
||||
import com.android.settings.R;
|
||||
@@ -37,10 +43,10 @@ import com.android.settings.R;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.MockitoAnnotations;
|
||||
import org.robolectric.Robolectric;
|
||||
import org.robolectric.RobolectricTestRunner;
|
||||
import org.robolectric.shadows.ShadowActivity;
|
||||
|
||||
@RunWith(RobolectricTestRunner.class)
|
||||
public class RequestManageCredentialsTest {
|
||||
@@ -52,7 +58,14 @@ public class RequestManageCredentialsTest {
|
||||
|
||||
private RequestManageCredentials mActivity;
|
||||
|
||||
private ShadowActivity mShadowActivity;
|
||||
@Mock
|
||||
private DevicePolicyManager mDevicePolicyManager;
|
||||
|
||||
@Mock
|
||||
private KeyChain.KeyChainConnection mKeyChainConnection;
|
||||
|
||||
@Mock
|
||||
private IKeyChainService mKeyChainService;
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
@@ -60,21 +73,98 @@ public class RequestManageCredentialsTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onCreate_intentActionNotManageCredentials_finishActivity() {
|
||||
final Intent intent = new Intent("android.security.ANOTHER_ACTION");
|
||||
public void onCreate_intentActionNotManageCredentials_finishActivity()
|
||||
throws Exception {
|
||||
final Intent intent = new Intent(Credentials.ACTION_MANAGE_CREDENTIALS + "_bad");
|
||||
intent.putExtra(KeyChain.EXTRA_AUTHENTICATION_POLICY, AUTHENTICATION_POLICY);
|
||||
setupActivityWithAction(intent);
|
||||
when(mDevicePolicyManager.getDeviceOwnerUser()).thenReturn(null);
|
||||
when(mDevicePolicyManager.getProfileOwner()).thenReturn(null);
|
||||
when(mActivity.getLaunchedFromPackage()).thenReturn("com.example.credapp");
|
||||
|
||||
initActivity(intent);
|
||||
mActivity.onCreate(null);
|
||||
|
||||
assertThat(mActivity).isNotNull();
|
||||
assertThat(mActivity.isFinishing()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onCreate_authenticationPolicyProvided_startActivity() {
|
||||
public void onCreate_noAuthenticationPolicy_finishActivity()
|
||||
throws Exception {
|
||||
final Intent intent = new Intent(Credentials.ACTION_MANAGE_CREDENTIALS);
|
||||
setupActivityWithAction(intent);
|
||||
when(mDevicePolicyManager.getDeviceOwnerUser()).thenReturn(null);
|
||||
when(mDevicePolicyManager.getProfileOwner()).thenReturn(null);
|
||||
when(mActivity.getLaunchedFromPackage()).thenReturn("com.example.credapp");
|
||||
|
||||
mActivity.onCreate(null);
|
||||
|
||||
assertThat(mActivity).isNotNull();
|
||||
assertThat(mActivity.isFinishing()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onCreate_invalidAuthenticationPolicy_finishActivity()
|
||||
throws Exception {
|
||||
final Intent intent = new Intent(Credentials.ACTION_MANAGE_CREDENTIALS);
|
||||
intent.putExtra(KeyChain.EXTRA_AUTHENTICATION_POLICY, "Invalid policy");
|
||||
|
||||
setupActivityWithAction(intent);
|
||||
when(mDevicePolicyManager.getDeviceOwnerUser()).thenReturn(null);
|
||||
when(mDevicePolicyManager.getProfileOwner()).thenReturn(null);
|
||||
when(mActivity.getLaunchedFromPackage()).thenReturn("com.example.credapp");
|
||||
|
||||
mActivity.onCreate(null);
|
||||
|
||||
assertThat(mActivity).isNotNull();
|
||||
assertThat(mActivity.isFinishing()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onCreate_runOnManagedProfile_finishActivity()
|
||||
throws Exception {
|
||||
final Intent intent = new Intent(Credentials.ACTION_MANAGE_CREDENTIALS);
|
||||
intent.putExtra(KeyChain.EXTRA_AUTHENTICATION_POLICY, AUTHENTICATION_POLICY);
|
||||
|
||||
initActivity(intent);
|
||||
setupActivityWithAction(intent);
|
||||
when(mDevicePolicyManager.getDeviceOwnerUser()).thenReturn(null);
|
||||
when(mDevicePolicyManager.getProfileOwner()).thenReturn(new ComponentName("pkg", "cls"));
|
||||
when(mActivity.getLaunchedFromPackage()).thenReturn("com.example.credapp");
|
||||
|
||||
mActivity.onCreate(null);
|
||||
|
||||
assertThat(mActivity).isNotNull();
|
||||
assertThat(mActivity.isFinishing()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onCreate_runOnManagedDevice_finishActivity()
|
||||
throws Exception {
|
||||
final Intent intent = new Intent(Credentials.ACTION_MANAGE_CREDENTIALS);
|
||||
intent.putExtra(KeyChain.EXTRA_AUTHENTICATION_POLICY, AUTHENTICATION_POLICY);
|
||||
|
||||
setupActivityWithAction(intent);
|
||||
when(mDevicePolicyManager.getDeviceOwnerUser()).thenReturn(UserHandle.SYSTEM);
|
||||
when(mDevicePolicyManager.getProfileOwner()).thenReturn(null);
|
||||
when(mActivity.getLaunchedFromPackage()).thenReturn("com.example.credapp");
|
||||
|
||||
mActivity.onCreate(null);
|
||||
|
||||
assertThat(mActivity).isNotNull();
|
||||
assertThat(mActivity.isFinishing()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onCreate_authenticationPolicyProvided_startActivity() throws Exception {
|
||||
final Intent intent = new Intent(Credentials.ACTION_MANAGE_CREDENTIALS);
|
||||
intent.putExtra(KeyChain.EXTRA_AUTHENTICATION_POLICY, AUTHENTICATION_POLICY);
|
||||
setupActivityWithAction(intent);
|
||||
|
||||
when(mDevicePolicyManager.getDeviceOwnerUser()).thenReturn(null);
|
||||
when(mDevicePolicyManager.getProfileOwner()).thenReturn(null);
|
||||
when(mActivity.getLaunchedFromPackage()).thenReturn("com.example.credapp");
|
||||
|
||||
mActivity.onCreate(null);
|
||||
|
||||
assertThat(mActivity).isNotNull();
|
||||
assertThat(mActivity.isFinishing()).isFalse();
|
||||
@@ -84,23 +174,10 @@ public class RequestManageCredentialsTest {
|
||||
assertThat((Button) mActivity.findViewById(R.id.dont_allow_button)).isNotNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onCreate_dontAllowButtonClicked_finishActivity() {
|
||||
final Intent intent = new Intent(Credentials.ACTION_MANAGE_CREDENTIALS);
|
||||
intent.putExtra(KeyChain.EXTRA_AUTHENTICATION_POLICY, AUTHENTICATION_POLICY);
|
||||
|
||||
initActivity(intent);
|
||||
|
||||
Button dontAllowButton = mActivity.findViewById(R.id.dont_allow_button);
|
||||
assertThat(dontAllowButton.hasOnClickListeners()).isTrue();
|
||||
dontAllowButton.performClick();
|
||||
assertThat(mActivity.isFinishing()).isTrue();
|
||||
assertThat(mShadowActivity.getResultCode()).isEqualTo(Activity.RESULT_CANCELED);
|
||||
private void setupActivityWithAction(Intent intent) throws Exception {
|
||||
mActivity = spy(Robolectric.buildActivity(RequestManageCredentials.class, intent).get());
|
||||
doReturn(mKeyChainConnection).when(mActivity).getKeyChainConnection(eq(mActivity), any());
|
||||
doReturn(mDevicePolicyManager).when(mActivity).getSystemService(DevicePolicyManager.class);
|
||||
when(mKeyChainConnection.getService()).thenReturn(mKeyChainService);
|
||||
}
|
||||
|
||||
private void initActivity(@NonNull Intent intent) {
|
||||
mActivity = Robolectric.buildActivity(RequestManageCredentials.class, intent).setup().get();
|
||||
mShadowActivity = shadowOf(mActivity);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user