Delegated cert installer: test importing key
Add a test for importing of keys into KeyChain by calling
installKeyPair.
This test is similar to the testInstallKeyPair test case in
DelegatedCertInstallerTest, with the following differences:
* No negative test (will be added later when the test will be remove
from the DelegatedCertInstallerTest class).
* The new test case requests access to the installed key and tries to
get it via KeyChain to verify it's a similar key.
A more complete test would have been trying to use the private key for
signing and verifying the signature.
That will be added when KeyManagementTest will share code with the
DirectDelegatedCertInstallerTest.
Bug: 110824288
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegatedCertInstallerDirectly
Change-Id: If5ab4bb147bfff637ed63603fe492e0a5bcc01d8
diff --git a/hostsidetests/devicepolicy/app/CertInstaller/src/com/android/cts/certinstaller/DirectDelegatedCertInstallerTest.java b/hostsidetests/devicepolicy/app/CertInstaller/src/com/android/cts/certinstaller/DirectDelegatedCertInstallerTest.java
index f7bbec8..0d01ecd 100644
--- a/hostsidetests/devicepolicy/app/CertInstaller/src/com/android/cts/certinstaller/DirectDelegatedCertInstallerTest.java
+++ b/hostsidetests/devicepolicy/app/CertInstaller/src/com/android/cts/certinstaller/DirectDelegatedCertInstallerTest.java
@@ -17,17 +17,28 @@
package com.android.cts.certinstaller;
import static com.google.common.truth.Truth.assertWithMessage;
+import static com.google.common.truth.Truth.assertThat;
+import android.app.KeyguardManager;
import android.app.admin.DevicePolicyManager;
+import android.content.Context;
+import android.security.KeyChain;
+import android.security.KeyChainException;
import android.test.InstrumentationTestCase;
+import android.util.Base64;
+import android.util.Base64InputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
+import java.security.spec.PKCS8EncodedKeySpec;
import java.util.List;
/*
@@ -106,7 +117,7 @@
@Override
public void setUp() throws Exception {
super.setUp();
- mDpm = getInstrumentation().getContext().getSystemService(DevicePolicyManager.class);
+ mDpm = getContext().getSystemService(DevicePolicyManager.class);
}
@Override
@@ -147,6 +158,27 @@
mDpm.hasCaCertInstalled(null, cert)).isFalse();
}
+ public void testInstallKeyPair()
+ throws GeneralSecurityException, KeyChainException, InterruptedException {
+ final String alias = "delegated-cert-installer-test-key";
+
+ PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(
+ Base64.decode(TEST_KEY, Base64.DEFAULT));
+ PrivateKey privatekey = KeyFactory.getInstance("RSA").generatePrivate(keySpec);
+
+ Certificate certificate = CertificateFactory.getInstance("X.509")
+ .generateCertificate(
+ new Base64InputStream(new ByteArrayInputStream(TEST_CERT.getBytes()),
+ Base64.DEFAULT));
+ assertThat(mDpm.installKeyPair(null, privatekey, new Certificate[]{certificate}, alias,
+ true)).isTrue();
+
+ // Test that the installed private key can be obtained.
+ PrivateKey obtainedKey = KeyChain.getPrivateKey(getContext(), alias);
+ assertThat(obtainedKey).isNotNull();
+ assertThat(obtainedKey.getAlgorithm()).isEqualTo("RSA");
+ }
+
private static boolean containsCertificate(List<byte[]> certificates, byte[] toMatch)
throws CertificateException {
Certificate certificateToMatch = readCertificate(toMatch);
@@ -163,4 +195,8 @@
final CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
return certFactory.generateCertificate(new ByteArrayInputStream(certBuffer));
}
+
+ private Context getContext() {
+ return getInstrumentation().getContext();
+ }
}