Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / cts / 312023c5c3fe211dd47b5e4d85f7265bb0d1e10c^! / .
commit312023c5c3fe211dd47b5e4d85f7265bb0d1e10c[log] [tgz]
authorShawn Willden <swillden@google.com>Tue Aug 23 09:16:40 2022 -0600
committerShawn Willden <swillden@google.com>Tue Aug 23 19:43:44 2022 +0000
tree404007334ac3e4bb74491bea3025b6547390bf9a
parent18b08851aa429e870c71574a95b315ddc248176e [diff]
Allow for later failure of NoAttestKeyTest

On a device that does not support the a.hw.keystore.app_attest_key
feature, an attempt to build and use an ATTEST_KEY may fail at the
'use' stage rather than the 'build' stage, so extend the test to
allow for this.

Also, fix some import verification errors.

Bug: 242601830
Bug: 238568891
Test: atest CtsKeystoreTestCases:android.keystore.cts.NoAttestKeyTest CtsKeystoreTestCases: android.keystore.cts.AttestKeyTest
Change-Id: I9327e7d68a3892daa981e1a16b430b0999006e37
(cherry picked from commit 78a3bcf0e043c4162c537d1920880f7b94eeb1ae)

diff --git a/tests/tests/keystore/src/android/keystore/cts/NoAttestKeyTest.java b/tests/tests/keystore/src/android/keystore/cts/NoAttestKeyTest.java
index e259aff..b3d9539 100644
--- a/tests/tests/keystore/src/android/keystore/cts/NoAttestKeyTest.java
+++ b/tests/tests/keystore/src/android/keystore/cts/NoAttestKeyTest.java

@@ -20,23 +20,23 @@
 import static android.security.keystore.KeyProperties.KEY_ALGORITHM_RSA;
 import static android.security.keystore.KeyProperties.PURPOSE_ATTEST_KEY;
 import static android.security.keystore.KeyProperties.PURPOSE_SIGN;
+
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.junit.Assume.assumeFalse;
 
 import android.content.pm.PackageManager;
 import android.keystore.cts.util.TestUtils;
 import android.security.keystore.KeyGenParameterSpec;
+
 import androidx.test.platform.app.InstrumentationRegistry;
+
 import com.android.compatibility.common.util.CddTest;
+
 import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyPairGenerator;
 import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
 import java.security.ProviderException;
 import java.security.cert.Certificate;
 import java.util.ArrayList;
@@ -103,11 +103,16 @@
         // The device does not have the attest key feature, so attempting to create and use a
         // key with ATTEST_KEY purpose should fail.
         try {
-            Certificate attestKeyCertChain[] = generateKeyPair(algorithm,
+            Certificate[] attestKeyCertChain = generateKeyPair(algorithm,
                     new KeyGenParameterSpec.Builder(attestKeyAlias, PURPOSE_ATTEST_KEY)
                             .setAttestationChallenge("challenge".getBytes())
                             .setIsStrongBoxBacked(useStrongBox)
                             .build());
+            Certificate[] attestedKeyCertChain = generateKeyPair(KEY_ALGORITHM_EC,
+                    new KeyGenParameterSpec.Builder(attestedKeyAlias, PURPOSE_SIGN)
+                            .setAttestationChallenge("challenge".getBytes())
+                            .setAttestKeyAlias(attestKeyAlias)
+                            .build());
             fail("Expected that use of PURPOSE_ATTEST_KEY should fail with StrongBox = "
                     + useStrongBox + " and algorithm = " + algorithm + " as the "
                     + PackageManager.FEATURE_KEYSTORE_APP_ATTEST_KEY