Run key management test in profile owner
Move KeyManagementTest to DeviceAndProfileOwner app so it runs under
both device owner and profile owner tests.
Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedProfileOwnerTest#testKeyManagement
Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testKeyManagement
Bug: 72658852
Bug: 71421376
Change-Id: I5569d3929c9409046daf8d905c2bb8f6fa106638
diff --git a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api23/Android.mk b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api23/Android.mk
index dc040cc..1599d60 100644
--- a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api23/Android.mk
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api23/Android.mk
@@ -31,13 +31,19 @@
LOCAL_USE_AAPT2 := true
-LOCAL_STATIC_JAVA_LIBRARIES = compatibility-device-util ctstestrunner ub-uiautomator
+LOCAL_STATIC_JAVA_LIBRARIES := \
+ compatibility-device-util \
+ ctstestrunner \
+ ub-uiautomator \
+ cts-security-test-support-library
LOCAL_STATIC_ANDROID_LIBRARIES := \
androidx.legacy_legacy-support-v4
LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/../res
+LOCAL_ASSET_DIR := $(LOCAL_PATH)/../assets
+
# tag this module as a cts test artifact
LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
diff --git a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api25/Android.mk b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api25/Android.mk
index 85d7eba..481f821 100644
--- a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api25/Android.mk
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api25/Android.mk
@@ -31,13 +31,19 @@
LOCAL_USE_AAPT2 := true
-LOCAL_STATIC_JAVA_LIBRARIES = compatibility-device-util ctstestrunner ub-uiautomator
+LOCAL_STATIC_JAVA_LIBRARIES := \
+ compatibility-device-util \
+ ctstestrunner \
+ ub-uiautomator \
+ cts-security-test-support-library
LOCAL_STATIC_ANDROID_LIBRARIES := \
androidx.legacy_legacy-support-v4
LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/../res
+LOCAL_ASSET_DIR := $(LOCAL_PATH)/../assets
+
# tag this module as a cts test artifact
LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
diff --git a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/assets/user-cert-chain.crt b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/assets/user-cert-chain.crt
new file mode 100644
index 0000000..69a2ec4
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/assets/user-cert-chain.crt
@@ -0,0 +1,90 @@
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwWzELMAkGA1UEBhMCR0Ix
+EDAOBgNVBAgMB0VuZ2xhbmQxEjAQBgNVBAoMCUdvb2dsZSBVSzEMMAoGA1UECwwD
+QWZXMRgwFgYDVQQDDA9JbnRlcm1lZGlhdGUgQ0EwHhcNMTgwNTA0MTM0MDE2WhcN
+MTkwNTA0MTM0MDE2WjBcMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRW5nbGFuZDES
+MBAGA1UECgwJR29vZ2xlIFVLMQwwCgYDVQQLDANBZlcxGTAXBgNVBAMMEExlYWYg
+Q2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANEeK9ebNbMU
+4SfnlCcWjndW6361NGP+G4lAzY8BC+ARL0M/sTCBWdI6rXdya4rKqeZoLmzrrnoy
+BhWjWR8/2PHPehe/0BYLfmvdAlly0qs3Sy/M8M1jm2EQSsn4Y7qQZzHd3miwmvYu
+D7V289GaMrtLOjTWY0K8el3+lbX4sFy3AgMBAAGjgcUwgcIwCQYDVR0TBAIwADAR
+BglghkgBhvhCAQEEBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJh
+dGVkIENsaWVudCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU7SFqAjCmwZOZISq5+fo7
+9rhxKTAwHwYDVR0jBBgwFoAU1g0G+yGBoH3bYetZOsR4KBLmDSkwDgYDVR0PAQH/
+BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0B
+AQsFAAOCAgEAAwQofIl4Hkv2F7buuifJmbCrlt3PMPAUOHqXeBHBwBqx0NZGmmeD
+cIhLSUxcy4LItr4dHjJZhLc8S3LWrb56hPhUgQyZXxDqJkK8tIVYRjSm+HEarcV7
+LGYrifbk6SbNXDNDyNFaISR2JTUjqJoTh1scqoNECyFi2/R2L2YJnUNZlraZc8Jh
+jwM/I1sAawb0VQ9sl6l9PRZpblFCeGIGuJjse73iD4N3CV3cANsnLBczHY8hVO7O
+lqkDEL1lQaK7UoIbfMjlwRYo3lXhA/fucoFVtZMU4moFrF8EFkXtm1WpFjt17uEc
+3wRMKVUdEe9eC0e6J3ygX8jQePmsJ2KPu/YNDwX7IbZdco8ve3h42EQMCWf5tj+r
+8If/WktFMYTjOry9UjBNJR/GhC813DdXbBeLgiosv0F6t5WAR4xN5+kd5IOJsxfm
+XH6Gqc58S0fQ2qYhadJ2xeyd+wTq+vEKXjRAT+ux/g75YuWClI3TPIcUayqhDTbG
+CtWh8CWv1ner8ikDQav9QftYmfeg6pt84G7Gp5GVOhMjSK0++NUBP9U9BNbqfF7w
+3mTLIVd9EFNZj6ZYq7BVZLT+LkWz5L9eA0FNCwYJ28cAdWfwZIo2zYi80sMPSBhX
+gAMyTUT5U1r1e2rmIenMOissJklugck9aMfy2eeL2DAPPkpHJaRQibQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFkDCCA3igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwUzELMAkGA1UEBhMCR0Ix
+EDAOBgNVBAgMB0VuZ2xhbmQxEjAQBgNVBAoMCUdvb2dsZSBVSzEMMAoGA1UECwwD
+QWZXMRAwDgYDVQQDDAdSb290IENBMB4XDTE4MDUwNDEzMzk1OFoXDTI4MDUwMTEz
+Mzk1OFowWzELMAkGA1UEBhMCR0IxEDAOBgNVBAgMB0VuZ2xhbmQxEjAQBgNVBAoM
+CUdvb2dsZSBVSzEMMAoGA1UECwwDQWZXMRgwFgYDVQQDDA9JbnRlcm1lZGlhdGUg
+Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC4wg9xAYmkcBVL8zOY
+watFS5clnxZYvzyrDOAUnEIb8+485+9b94FgAV3/BeoHK8TGK3L63zj5ZfTBwKaH
+qMo6KJZDq3HXVf02nFdyGsF2Tt0XUsJByKi0Zyow6921mTwKJIifeJOyV2bYVTyl
+rkw04M9XAtsT0BdH61eDrTc2KTIqUyf81Zjac2RJ/y4zECtZK8owO2ACf1a8UXUF
+8qLxeEI/QFgpVb8arm0NrNy/MuSkltMb1K4+iAbMimsL75mkYm9FynoBXeaCkrF1
+DS/TFu2vjAjxs0j7ly7LkoEZFVE/rCSUnJ84BX37sIBZVWSh/lJU2aW79BA8LqtU
+mbihzNOef0odIjDmvkb+pa+PM9q/TMxaIk75pS/xKkhvHsXcR+mbVdFItO8V/cY2
+R+RumeNNuloNSqIFtg+YcoLkaVJcJL7YHfNLp5RaxbZCurR0uCp/bebjg5ofhOtx
+vUFQntq8MBJJdyZBh/P9RSMXqKv5WZg/tdjlRn6QPn1E4hJGXgctp5qXLGDPlNq4
+bDfA3cTpNadBIVPbo7apNe1MGbJBAGec54pHd7xEPcvQxE+MKLHwFJ+gfpenJjf0
+ZhEvEWQWN/v1URgbj/tIPUsmxxCfwJurIB6JSWSM8rEaGod5xk4hdtwl3K6tgdNI
+pHnofVEFPCQ5BYQgwZYhz9N92wIDAQABo2YwZDAdBgNVHQ4EFgQU1g0G+yGBoH3b
+YetZOsR4KBLmDSkwHwYDVR0jBBgwFoAUvAjWrHfE0UJ1CL1TBLA6oUOGlyMwEgYD
+VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD
+ggIBADyWqCGfkV9krR5YfMhgYf29FY1hdhkmqtj+xM4k3Xjz2T/S7mnK38tZWuhy
+Dm4bNHcOXGFv5Lkt2I1WhHsSYanpPNxQ0rNf1Q6GN25jTUIL2LW4BADsojXx9FFC
+ZR83p5sU8tUbxkCYsCL71FrimDlP9HI7/DKLQpt+Aen606DD/OgCpdu2z8qjAKSm
+8XY1g76IZXhBRCwmePUBHZdE4mLIEbA0A4hliDpSmnqcW82KgpLwqZEWnBqOQ1jS
+Sz6Wkc103nNmXU+bbRrp6QbIiXm6MxvcyLmwFlsz1755op9L2pt5u7oYto49uoPZ
+usG4XcM3yu6xX98OdZ8GY8LfC5gjKE/hLxyqQ8WFDhHLXcWK9OFnNpOdZPdQY/hr
+kEc9Dy/6PhSm0bcHwdb/8ULIpPeAK4YoI/PnX6yFkQ1d+/u8v3KUDWhHLcDw6bx3
+m5+rHS9qi5uFrrMQVe9djT6fCcOSSOWysBnGjhi/2kq0QANYTWCZt54POZWyhdM8
+fxiWKWb0TYcZ8WglJiw6VbhgubYk1L4e5Oc11usoMZbPvQisUmM5jHrG1UoomIiZ
+4++crlQh150vhALQlMWiVoy4kkcukianHRxTwyt0Qp5+aZVWZsgvXG4GJV3zdHhl
+/QS03DR8RVuR+gocytZ4/AVe8OLSbQgkyo0TFdi+e9/eZsuT
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFjDCCA3SgAwIBAgIJAPkRa828+pS/MA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV
+BAYTAkdCMRAwDgYDVQQIDAdFbmdsYW5kMRIwEAYDVQQKDAlHb29nbGUgVUsxDDAK
+BgNVBAsMA0FmVzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xODA1MDQxMzM5NTBaFw0z
+ODA0MjkxMzM5NTBaMFMxCzAJBgNVBAYTAkdCMRAwDgYDVQQIDAdFbmdsYW5kMRIw
+EAYDVQQKDAlHb29nbGUgVUsxDDAKBgNVBAsMA0FmVzEQMA4GA1UEAwwHUm9vdCBD
+QTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANus/4IJXnsfrQACYHpa
+ZlVol3Z99dHGf5i6tqBP8E2uXGMc9ntC2lNJZwWrptIli1f2mpBQYbAstpaZNLZB
+8To9CxySbqNtZEXJEQhs5vh3iyStcXaQHhreikLzpgr0UpVrKy+SvL4ILarKF6+U
+JN9vShEmO7AhfqBs0mOUqNuQlM+loHvhCta+wtiLIQEFyHXdLIXR1YCh3gwqrFtA
+xvCDhK6J6ZGAM9f8W+LaCaWoMylDqD27Vth6tBhnRKtyfWj8bkE+sPKgkIb09yks
+0SjAq2bHMpe07nMR5BHREVl73h1QswZVYQKI21PLAc976r1ec7U1oviHQuPSpNBQ
+L0t/0V8X6jBe2SzPfpG8I34HPs/UPyPCC7Eu514MV03OdvWx24XbvfwQoZlxQ/g4
+6gg9jSI/87rFfI92r8NjgVg88QWTpRaBh15BSrRXEkvzenvjs7TlxgxdSmC6wsuH
+jfEYCfelZvMEHBwK9hCwzavFtiTTfsyq9FBdvtpp35IFd7Nvg0j0EtKeWTFTEO3z
+p00yNn20dND5prXMnTA6XKn/+cFRwIKx7Mh5+NK8zJBkh/32griye06ZGvH3tfFR
+45TkYkS7sxYbmaTEg/seWH8nkBW24q/ItY/M0xebPXSemM8RdhEY/nlVMxO/QKl+
+ja4rc7zqzFlonTu/zP0QaVV9AgMBAAGjYzBhMB0GA1UdDgQWBBS8CNasd8TRQnUI
+vVMEsDqhQ4aXIzAfBgNVHSMEGDAWgBS8CNasd8TRQnUIvVMEsDqhQ4aXIzAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEA
+Y1rIDPAUc4g0GMX8/V4KZARFrM7ql64wqpjyJ4qe+dXnX0fAjhvQff8ozPdZ44N2
+CAukKCMO74DtnFWAI/MjATAXfrTeBtznQiGopnO+cHAvWP6U+7uuUqCQcYWaCx/b
+eyEAaOg7FVUQ4vTdl4qgsqagyjqBFiefpTYYdH3wbWso2N3xUTBbnUHJZ2h+LGMW
+VS//hyxhNKjXjCKtOJQmg5x1DQPi1tiQx9PcjMqCsbzEzbr7Gr4otOue+fDWnFTR
+AVUtxigLk508NrArbvIK6YCZ0eSsRVeaMknfcFxq7Oh9wXBDXNnQ+Gf+Y4PCLz2F
+FRJ/+8AaZYnLjTbJ2By3u6r5xkLoKUoLF8W4ERMF4eEQzU0wASLYYI1SdzqEZjv9
+yDF7E2CATs0/3X89HolnOdMTxBJBdOEApg53f7nSsMLSYc1umbfPRg/db5FOhruR
+xwCzcDJEpT2NYnmnDtzIIsQLrOLZAc/KLsR346scXjIqfW3uJFqF7JKu217QHmRq
+cPHjoTX2vWzJH2mo43fpRzJEXhThQ0Ii6COH3r8OScSxyC4yrDoOSvdmL1q9KTH+
+o2D52WTNglmJy4NKfuAcs3EPmmaf8fv9kOgE667Ifm2yl5/NvxDAWq4UoeCIHBf9
+76b9U8xQgKFCTXWQu23kMxuNaaPHwTPjBhxA6+Pjxh8=
+-----END CERTIFICATE-----
diff --git a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/assets/user-cert-chain.key b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/assets/user-cert-chain.key
new file mode 100644
index 0000000..f6d5942
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/assets/user-cert-chain.key
Binary files differ
diff --git a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/latest/Android.mk b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/latest/Android.mk
index f2d145e..8c6d3fd 100644
--- a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/latest/Android.mk
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/latest/Android.mk
@@ -31,13 +31,19 @@
LOCAL_USE_AAPT2 := true
-LOCAL_STATIC_JAVA_LIBRARIES = compatibility-device-util ctstestrunner ub-uiautomator
+LOCAL_STATIC_JAVA_LIBRARIES := \
+ compatibility-device-util \
+ ctstestrunner \
+ ub-uiautomator \
+ cts-security-test-support-library
LOCAL_STATIC_ANDROID_LIBRARIES := \
androidx.legacy_legacy-support-v4
LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/../res
+LOCAL_ASSET_DIR := $(LOCAL_PATH)/../assets
+
# tag this module as a cts test artifact
LOCAL_COMPATIBILITY_SUITE := arcts cts vts general-tests
diff --git a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/latest/AndroidManifest.xml b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/latest/AndroidManifest.xml
index 515db7c..5419611 100644
--- a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/latest/AndroidManifest.xml
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/latest/AndroidManifest.xml
@@ -29,6 +29,8 @@
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.SET_WALLPAPER" />
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />
+ <!-- Needed to read the serial number during Device ID attestation tests -->
+ <uses-permission android:name="android.permission.READ_PHONE_STATE" />
<!-- Add a network security config that trusts user added CAs for tests -->
<application android:networkSecurityConfig="@xml/network_security_config"
@@ -73,6 +75,10 @@
<activity android:name="com.android.cts.deviceandprofileowner.AutofillActivity"/>
<activity android:name=".PrintActivity"/>
+
+ <activity
+ android:name="com.android.cts.deviceandprofileowner.KeyManagementActivity"
+ android:theme="@android:style/Theme.Translucent.NoTitleBar" />
</application>
<instrumentation
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/assets/ca.conf b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/scripts/ca.conf
similarity index 100%
rename from hostsidetests/devicepolicy/app/DeviceOwner/assets/ca.conf
rename to hostsidetests/devicepolicy/app/DeviceAndProfileOwner/scripts/ca.conf
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/assets/generate-client-cert-chain.sh b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/scripts/generate-client-cert-chain.sh
similarity index 91%
rename from hostsidetests/devicepolicy/app/DeviceOwner/assets/generate-client-cert-chain.sh
rename to hostsidetests/devicepolicy/app/DeviceAndProfileOwner/scripts/generate-client-cert-chain.sh
index 8b0639f..df2f380 100755
--- a/hostsidetests/devicepolicy/app/DeviceOwner/assets/generate-client-cert-chain.sh
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/scripts/generate-client-cert-chain.sh
@@ -9,7 +9,9 @@
set -e
WORKDIR='temp'
+TARGETDIR='../assets/'
+rm -rf "$WORKDIR"
mkdir "$WORKDIR"
cp ca.conf "$WORKDIR/"
pushd "$WORKDIR"
@@ -26,6 +28,7 @@
-days 7300 \
-sha256 \
-extensions v3_ca \
+ -nodes \
-keyout private/ca.key.pem \
-out certs/ca.cert.pem
popd
@@ -41,6 +44,7 @@
-config ca.conf \
-new \
-sha256 \
+ -nodes \
-keyout intermediate/private/intermediate.key.pem \
-out intermediate/csr/intermediate.csr.pem
@@ -80,7 +84,7 @@
"$WORKDIR"/user.cert.pem \
"$WORKDIR"/intermediate/certs/intermediate.cert.pem \
"$WORKDIR"/rootca/certs/ca.cert.pem \
- > user-cert-chain.crt
+ > "$TARGETDIR"/user-cert-chain.crt
openssl pkcs8 \
-topk8 \
@@ -88,6 +92,6 @@
-inform PEM \
-outform DER \
-in "$WORKDIR"/user.key.pem \
- -out user-cert-chain.key
+ -out "$TARGETDIR"/user-cert-chain.key
-rm -r "$WORKDIR"
\ No newline at end of file
+rm -r "$WORKDIR"
diff --git a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/src/com/android/cts/deviceandprofileowner/BaseDeviceAdminTest.java b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/src/com/android/cts/deviceandprofileowner/BaseDeviceAdminTest.java
index 1c4230b..a88a463 100644
--- a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/src/com/android/cts/deviceandprofileowner/BaseDeviceAdminTest.java
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/src/com/android/cts/deviceandprofileowner/BaseDeviceAdminTest.java
@@ -19,8 +19,11 @@
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
+import android.content.Intent;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
+import android.net.Uri;
+import android.os.Process;
import android.os.UserManager;
import android.test.InstrumentationTestCase;
import android.text.TextUtils;
@@ -37,6 +40,16 @@
public class BaseDeviceAdminTest extends InstrumentationTestCase {
public static class BasicAdminReceiver extends DeviceAdminReceiver {
+
+ @Override
+ public String onChoosePrivateKeyAlias(Context context, Intent intent, int uid, Uri uri,
+ String suggestedAlias) {
+ super.onChoosePrivateKeyAlias(context, intent, uid, uri, suggestedAlias);
+ if (uid != Process.myUid() || uri == null) {
+ return null;
+ }
+ return uri.getQueryParameter("alias");
+ }
}
public static final String PACKAGE_NAME = BasicAdminReceiver.class.getPackage().getName();
@@ -100,4 +113,8 @@
}
assertEquals(expectPasswordSufficient, mDevicePolicyManager.isActivePasswordSufficient());
}
+
+ protected boolean isDeviceOwner() {
+ return mDevicePolicyManager.isDeviceOwnerApp(PACKAGE_NAME);
+ }
}
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/KeyManagementActivity.java b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/src/com/android/cts/deviceandprofileowner/KeyManagementActivity.java
similarity index 93%
rename from hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/KeyManagementActivity.java
rename to hostsidetests/devicepolicy/app/DeviceAndProfileOwner/src/com/android/cts/deviceandprofileowner/KeyManagementActivity.java
index fda124f..c7c53c5 100644
--- a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/KeyManagementActivity.java
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/src/com/android/cts/deviceandprofileowner/KeyManagementActivity.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.cts.deviceowner;
+package com.android.cts.deviceandprofileowner;
import android.app.Activity;
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/KeyManagementTest.java b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/src/com/android/cts/deviceandprofileowner/KeyManagementTest.java
similarity index 89%
rename from hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/KeyManagementTest.java
rename to hostsidetests/devicepolicy/app/DeviceAndProfileOwner/src/com/android/cts/deviceandprofileowner/KeyManagementTest.java
index 13b0f53..7d05b17 100755
--- a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/KeyManagementTest.java
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/src/com/android/cts/deviceandprofileowner/KeyManagementTest.java
@@ -13,19 +13,16 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package com.android.cts.deviceowner;
+package com.android.cts.deviceandprofileowner;
-import static android.keystore.cts.CertificateUtils.createCertificate;
-import static com.android.compatibility.common.util.FakeKeys.FAKE_RSA_1;
import static android.app.admin.DevicePolicyManager.ID_TYPE_BASE_INFO;
import static android.app.admin.DevicePolicyManager.ID_TYPE_IMEI;
import static android.app.admin.DevicePolicyManager.ID_TYPE_MEID;
import static android.app.admin.DevicePolicyManager.ID_TYPE_SERIAL;
+import static android.keystore.cts.CertificateUtils.createCertificate;
-import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
-import android.content.pm.PackageManager;
import android.content.res.AssetManager;
import android.keystore.cts.Attestation;
import android.keystore.cts.AuthorizationList;
@@ -37,8 +34,10 @@
import android.security.KeyChainException;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProperties;
+import android.support.test.uiautomator.UiDevice;
import android.telephony.TelephonyManager;
-import android.test.ActivityInstrumentationTestCase2;
+
+import com.android.compatibility.common.util.FakeKeys.FAKE_RSA_1;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -63,18 +62,14 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
+import java.util.List;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
-import java.util.HashSet;
-import java.util.List;
-import java.util.LinkedList;
-import java.util.Set;
+
import javax.security.auth.x500.X500Principal;
-public class KeyManagementTest extends ActivityInstrumentationTestCase2<KeyManagementActivity> {
-
+public class KeyManagementTest extends BaseDeviceAdminTest {
private static final long KEYCHAIN_TIMEOUT_MINS = 6;
- private DevicePolicyManager mDevicePolicyManager;
private static class SupportedKeyAlgorithm {
public final String keyAlgorithm;
@@ -88,7 +83,7 @@
this.signatureAlgorithm = signatureAlgorithm;
this.signaturePaddingSchemes = signaturePaddingSchemes;
}
- };
+ }
private final SupportedKeyAlgorithm[] SUPPORTED_KEY_ALGORITHMS = new SupportedKeyAlgorithm[] {
new SupportedKeyAlgorithm(KeyProperties.KEY_ALGORITHM_RSA, "SHA256withRSA",
@@ -97,25 +92,20 @@
new SupportedKeyAlgorithm(KeyProperties.KEY_ALGORITHM_EC, "SHA256withECDSA", null)
};
- public KeyManagementTest() {
- super(KeyManagementActivity.class);
- }
+ private KeyManagementActivity mActivity;
@Override
- protected void setUp() throws Exception {
+ public void setUp() throws Exception {
super.setUp();
-
- // Confirm our DeviceOwner is set up
- mDevicePolicyManager = (DevicePolicyManager)
- getActivity().getSystemService(Context.DEVICE_POLICY_SERVICE);
- assertDeviceOwner(mDevicePolicyManager);
-
- // Hostside test has set a device lockscreen in order to enable credential storage
+ final UiDevice device = UiDevice.getInstance(getInstrumentation());
+ mActivity = launchActivity(getInstrumentation().getTargetContext().getPackageName(),
+ KeyManagementActivity.class, null);
+ device.waitForIdle();
}
@Override
- protected void tearDown() throws Exception {
- // Hostside test will clear device lockscreen which in turn will clear the keystore.
+ public void tearDown() throws Exception {
+ mActivity.finish();
super.tearDown();
}
@@ -133,7 +123,7 @@
assertGranted(alias, true);
// Verify key is at least something like the one we put in.
- assertEquals(KeyChain.getPrivateKey(getActivity(), alias).getAlgorithm(), "RSA");
+ assertEquals(KeyChain.getPrivateKey(mActivity, alias).getAlgorithm(), "RSA");
} finally {
// Delete regardless of whether the test succeeded.
assertTrue(mDevicePolicyManager.removeKeyPair(getWho(), alias));
@@ -159,7 +149,7 @@
assertGranted(withhold, false);
// Verify the granted key is actually obtainable in PrivateKey form.
- assertEquals(KeyChain.getPrivateKey(getActivity(), grant).getAlgorithm(), "RSA");
+ assertEquals(KeyChain.getPrivateKey(mActivity, grant).getAlgorithm(), "RSA");
} finally {
// Delete both keypairs.
assertTrue(mDevicePolicyManager.removeKeyPair(getWho(), grant));
@@ -195,10 +185,10 @@
assertGranted(alias, true);
// Verify the granted key is actually obtainable in PrivateKey form.
- assertEquals(KeyChain.getPrivateKey(getActivity(), alias).getAlgorithm(), "RSA");
+ assertEquals(KeyChain.getPrivateKey(mActivity, alias).getAlgorithm(), "RSA");
// Verify the certificate chain is correct
- X509Certificate[] returnedCerts = KeyChain.getCertificateChain(getActivity(), alias);
+ X509Certificate[] returnedCerts = KeyChain.getCertificateChain(mActivity, alias);
assertTrue(Arrays.equals(certChain, returnedCerts));
} finally {
// Delete both keypairs.
@@ -471,25 +461,29 @@
public void testAllVariationsOfDeviceIdAttestation() throws Exception {
List<Integer> modesToTest = new ArrayList<Integer>();
+ String imei = null;
+ String meid = null;
// All devices must support at least basic device information attestation as well as serial
- // number attestation.
+ // number attestation. Although attestation of unique device ids are only callable by device
+ // owner.
modesToTest.add(ID_TYPE_BASE_INFO);
- modesToTest.add(ID_TYPE_SERIAL);
- // Get IMEI and MEID of the device.
- TelephonyManager telephonyService = (TelephonyManager) getActivity().getSystemService(
- Context.TELEPHONY_SERVICE);
- assertNotNull("Need to be able to read device identifiers", telephonyService);
- String imei = telephonyService.getImei(0);
- String meid = telephonyService.getMeid(0);
- // If the device has a valid IMEI it must support attestation for it.
- if (imei != null) {
- modesToTest.add(ID_TYPE_IMEI);
+ if (isDeviceOwner()) {
+ modesToTest.add(ID_TYPE_SERIAL);
+ // Get IMEI and MEID of the device.
+ TelephonyManager telephonyService = (TelephonyManager) mActivity.getSystemService(
+ Context.TELEPHONY_SERVICE);
+ assertNotNull("Need to be able to read device identifiers", telephonyService);
+ imei = telephonyService.getImei(0);
+ meid = telephonyService.getMeid(0);
+ // If the device has a valid IMEI it must support attestation for it.
+ if (imei != null) {
+ modesToTest.add(ID_TYPE_IMEI);
+ }
+ // Same for MEID
+ if (meid != null) {
+ modesToTest.add(ID_TYPE_MEID);
+ }
}
- // Same for MEID
- if (meid != null) {
- modesToTest.add(ID_TYPE_MEID);
- }
-
int numCombinations = 1 << modesToTest.size();
for (int i = 1; i < numCombinations; i++) {
// Set the bits in devIdOpt to be passed into generateKeyPair according to the
@@ -539,6 +533,27 @@
}
}
+ public void testProfileOwnerCannotAttestDeviceUniqueIds() throws Exception {
+ if (isDeviceOwner()) {
+ return;
+ }
+ int[] forbiddenModes = new int[] {ID_TYPE_SERIAL, ID_TYPE_IMEI, ID_TYPE_MEID};
+ for (int i = 0; i < forbiddenModes.length; i++) {
+ try {
+ for (SupportedKeyAlgorithm supportedKey: SUPPORTED_KEY_ALGORITHMS) {
+ generateKeyAndCheckAttestation(supportedKey.keyAlgorithm,
+ supportedKey.signatureAlgorithm,
+ supportedKey.signaturePaddingSchemes,
+ forbiddenModes[i]);
+ fail("Attestation of device UID (" + forbiddenModes[i] + ") should not be "
+ + "possible from profile owner");
+ }
+ } catch (SecurityException e) {
+ assertTrue(e.getMessage().contains("does not own the device"));
+ }
+ }
+ }
+
public void testCanSetKeyPairCert() throws Exception {
final String alias = "com.android.test.set-ec-1";
try {
@@ -562,7 +577,7 @@
// Make sure that the alias can now be obtained.
assertEquals(alias, new KeyChainAliasFuture(alias).get());
// And can be retrieved from KeyChain
- X509Certificate[] fetchedCerts = KeyChain.getCertificateChain(getActivity(), alias);
+ X509Certificate[] fetchedCerts = KeyChain.getCertificateChain(mActivity, alias);
assertEquals(fetchedCerts.length, certs.size());
assertTrue(Arrays.equals(fetchedCerts[0].getEncoded(), certs.get(0).getEncoded()));
} finally {
@@ -587,7 +602,7 @@
// Make sure that the alias can now be obtained.
assertEquals(alias, new KeyChainAliasFuture(alias).get());
// And can be retrieved from KeyChain
- X509Certificate[] fetchedCerts = KeyChain.getCertificateChain(getActivity(), alias);
+ X509Certificate[] fetchedCerts = KeyChain.getCertificateChain(mActivity, alias);
assertEquals(fetchedCerts.length, chain.size());
for (int i = 0; i < chain.size(); i++) {
assertTrue(Arrays.equals(fetchedCerts[i].getEncoded(), chain.get(i).getEncoded()));
@@ -600,7 +615,7 @@
private void assertGranted(String alias, boolean expected) throws InterruptedException {
boolean granted = false;
try {
- granted = (KeyChain.getPrivateKey(getActivity(), alias) != null);
+ granted = (KeyChain.getPrivateKey(mActivity, alias) != null);
} catch (KeyChainException e) {
if (expected) {
e.printStackTrace();
@@ -623,7 +638,7 @@
private Collection<Certificate> loadCertificatesFromAsset(String assetName) {
try {
final CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
- AssetManager am = getActivity().getAssets();
+ AssetManager am = mActivity.getAssets();
InputStream is = am.open(assetName);
return (Collection<Certificate>) certFactory.generateCertificates(is);
} catch (IOException | CertificateException e) {
@@ -634,7 +649,7 @@
private PrivateKey loadPrivateKeyFromAsset(String assetName) {
try {
- AssetManager am = getActivity().getAssets();
+ AssetManager am = mActivity.getAssets();
InputStream is = am.open(assetName);
ByteArrayOutputStream output = new ByteArrayOutputStream();
int length;
@@ -659,13 +674,14 @@
mLatch.countDown();
}
- public KeyChainAliasFuture(String alias) throws UnsupportedEncodingException {
+ public KeyChainAliasFuture(String alias)
+ throws UnsupportedEncodingException {
/* Pass the alias as a GET to an imaginary server instead of explicitly asking for it,
* to make sure the DPC actually has to do some work to grant the cert.
*/
final Uri uri =
Uri.parse("https://example.org/?alias=" + URLEncoder.encode(alias, "UTF-8"));
- KeyChain.choosePrivateKeyAlias(getActivity(), this,
+ KeyChain.choosePrivateKeyAlias(mActivity, this,
null /* keyTypes */, null /* issuers */, uri, null /* alias */);
}
@@ -675,14 +691,7 @@
}
}
- private void assertDeviceOwner(DevicePolicyManager devicePolicyManager) {
- assertNotNull(devicePolicyManager);
- assertTrue(devicePolicyManager.isAdminActive(getWho()));
- assertTrue(devicePolicyManager.isDeviceOwnerApp(getActivity().getPackageName()));
- assertFalse(devicePolicyManager.isManagedProfile(getWho()));
- }
-
- private ComponentName getWho() {
- return BasicAdminReceiver.getComponentName(getActivity());
+ protected ComponentName getWho() {
+ return ADMIN_RECEIVER_COMPONENT;
}
}
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/AndroidManifest.xml b/hostsidetests/devicepolicy/app/DeviceOwner/AndroidManifest.xml
index b13589d..b4dff59 100644
--- a/hostsidetests/devicepolicy/app/DeviceOwner/AndroidManifest.xml
+++ b/hostsidetests/devicepolicy/app/DeviceOwner/AndroidManifest.xml
@@ -29,8 +29,6 @@
<uses-permission android:name="android.permission.BLUETOOTH" />
<uses-permission android:name="android.permission.BLUETOOTH_ADMIN" />
<uses-permission android:name="android.permission.DISABLE_KEYGUARD" />
- <!-- Needed to read the serial number during Device ID attestation tests -->
- <uses-permission android:name="android.permission.READ_PHONE_STATE" />
<application
android:testOnly="true"
@@ -71,10 +69,6 @@
</service>
<activity
- android:name="com.android.cts.deviceowner.KeyManagementActivity"
- android:theme="@android:style/Theme.Translucent.NoTitleBar" />
-
- <activity
android:name="com.android.cts.deviceowner.LockTaskUtilityActivity" />
<activity
android:name="com.android.cts.deviceowner.LockTaskUtilityActivityIfWhitelisted"
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/assets/user-cert-chain.crt b/hostsidetests/devicepolicy/app/DeviceOwner/assets/user-cert-chain.crt
deleted file mode 100644
index 72a86e3..0000000
--- a/hostsidetests/devicepolicy/app/DeviceOwner/assets/user-cert-chain.crt
+++ /dev/null
@@ -1,96 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFLzCCAxegAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UEBhMCR0Ix
-EDAOBgNVBAgMB0VuZ2xhbmQxEjAQBgNVBAoMCUdvb2dsZSBVSzEMMAoGA1UECwwD
-QWZ3MSEwHwYDVQQDDBhBZlcgVGVzdCBJbnRlcm1lZGlhdGUgQ0EwHhcNMTYwMzE4
-MTcxMzA4WhcNMTcwMzI4MTcxMzA4WjCBiDELMAkGA1UEBhMCR0IxEDAOBgNVBAgM
-B0VuZ2xhbmQxEjAQBgNVBAoMCUdvb2dsZSBVSzEMMAoGA1UECwwDQWZ3MSUwIwYD
-VQQDDBxVc2VyMDAgdW5kZXIgaW50ZXJtZWRpYXRlIENBMR4wHAYJKoZIhvcNAQkB
-Fg90ZXN0QGdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQC8W+PUeNVDIy6GSeTVjN9JSkYxcsupFq9AOUma0R+7z9EGuZBURZprgbrN7c2q
-RQnlSBZTC9fRMkXZ6LImWoY5GqS3NcbkJbUlA+UeK2uJXQQfjTO7bYDslvudX+8y
-WfYrR71DLpIFgDkxQAWGywMzNTR6TEmPy1qBGIFYohGqZkQoTS//s/iEEKDSsbPr
-mkTrf4lDAc8cgnmUPFPkN1Lr4ITkvhmEHQjJTcS+Qjeotlt+ss5vrmlqopFkCbI9
-7uC6RQDI0PvP9achzBsTUi0vNsGg45luCJhNrDu6s4NpnusKIVAoJPSJdion2yoD
-3Dp8LX/ueGNbP64LY6qmDWDlAgMBAAGjgcUwgcIwCQYDVR0TBAIwADARBglghkgB
-hvhCAQEEBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIENs
-aWVudCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUSp7kS1On3b7MdMstDVPCNkHm/EUw
-HwYDVR0jBBgwFoAUdejD6Fb3X8ZHOCKMWe5XwukxBDswDgYDVR0PAQH/BAQDAgXg
-MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOC
-AgEAXIOVhMjxbpO1uxe1MnyIsTrl0ajPlkn+4qWLwjXzUQ6TcE2Ow91AMcYs5siq
-UBplZyNYNBOhX8TZLNy7jJ/REwj65Qa/y0TcDucpGhtT9l1JIJCdEpPoymyiM18C
-NktXDyaw+DFkWC0a5oUhjk4UuzTfHkSVMKjZUnRPPiwL2gl9zEgS8qVI3ew4JjdP
-KCYGy/1B+61EE5vCP8GAByeKgtgnh4sVZnsKYQZzjwwUGL1uXQtazPs04qTUw3IK
-YvoOyNsXB4gcp2u4DXv2roVI36DQM5ZGenS9MViTeblg5vkZgy8xsktHyDGDlNe6
-cPw5OgyxDo4nr6TY4SX9eankantPMx7498n390B4lYAgBj4Cz4QaXM1IGN3JVF5J
-EEKqGkLpOYMRNZ4qPFhMknDZgHljjgFlcXGwtXtugCzQ5ldwkFb9qZeB5lQn1Aw0
-PthcDdGp/KCtHC5jF+BjlQITt0tVqJ4+SAdHyF53H+ScoINFul89m32pgvJjI/0k
-c0tidvXNPNodbJCqHmc917DryVJGXbxp+BqxTQ0a7e9K/WA4MnRKPfBTTeDq/j+w
-6B/rLd0bhMrPDi6a/1w97PqfAbS9TlkpnK8Gj4pN+ZOEEF0j0DtDRbb+CfJX14fR
-2R96mEfCeSbCuxLcbwdG1OUQM8GKlIcYfWIp0KjICxRKaDU=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFojCCA4qgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwXDELMAkGA1UEBhMCR0Ix
-EDAOBgNVBAgMB0VuZ2xhbmQxEjAQBgNVBAoMCUdvb2dsZSBVSzEMMAoGA1UECwwD
-QWZXMRkwFwYDVQQDDBBBZncgVGVzdCBSb290IENBMB4XDTE2MDMxODE3MDQ1N1oX
-DTI2MDMxNjE3MDQ1N1owZDELMAkGA1UEBhMCR0IxEDAOBgNVBAgMB0VuZ2xhbmQx
-EjAQBgNVBAoMCUdvb2dsZSBVSzEMMAoGA1UECwwDQWZ3MSEwHwYDVQQDDBhBZlcg
-VGVzdCBJbnRlcm1lZGlhdGUgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQCZbYchy2Fry9nJuu2YEp2P13lIbyWu0FXF8qTus8Vp/25LyXDjBiDXZUlY
-PL32PY0PRbBQjm7tm/WNqXw8S7gw+5XXpY+XNCd/ygyIZhMdxPm7nqYsEtZDFViL
-ct/QJNAKILFejZQOfRSeyxeINprL+EjFHecA6KtruZULzJE0u0UGTgs5h9HbqhH7
-LbZ8iiE/TfG6kflUI2kAPxGiRpIyerYoVjp3Ta5026T+aoc6VyNnSYiZULgYLoL8
-P8x19G3Pplqf4U5bUyKtRtnPWOvM9iYphxsVuTc8rRpZGcMKhdL4gGLQpdruIZ43
-gvGMq4Kt2xVJExBOKMg3j3x52j1XtOcad/nz7ncak/6ElTd0gfhFgt9PwAfQZ32b
-BL3Zlcb+7Pvtv14xAWNHy5cMyn7UDzIsy/yqWLvJSfkZViU0vPuokXMKZIyzv73V
-4N9qXQAWXNz4HwgWy35rB1sirgMxLdWCpHrVeh/DzSrWZ/MtJIC9Ac1jTAuI6F1u
-b7dRRujWpcr57ReKDXXJzM83JQnENJQ3gAHrY8qTkGz7NLa7DsyzPdKOC7vZ0+Ed
-VMvn+c2AMWrwkRpn9JlU5bd2BN7D6UWGLTdzSN9QH7n7sXmQNAo/M7Lr9baxKZNY
-aU5DORVjnGvITZDHYiw9OuakWZUZATF+TTInKEasF131r9q9ZwIDAQABo2YwZDAd
-BgNVHQ4EFgQUdejD6Fb3X8ZHOCKMWe5XwukxBDswHwYDVR0jBBgwFoAUV4EHHOi0
-AqQIj4IMjPEFW3fVS8QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMC
-AYYwDQYJKoZIhvcNAQELBQADggIBACs0qS3EXymo1VgBInR9GrzvUq1gC/d3ohSG
-iB3x2zfqfQ4D0eiYADcCdXTPIwPtm8P8woK5QsRV/MCklqyvgVpRHFQe1uOAZJ7X
-Ud6hx9CCye0QkEoy+JDeVdPeFFf1b8S/daxLXUVbCKSTA+z8YLPRSEFi2d3cOwpx
-WPlkfLSwP6DfODicmPNd1V/qB/fevlmfRB6UKquT+v9xWyQqu4aa6F6xGWYWmc+1
-E/MB/oEOizJVv8VVETqMk8/xFPrMk28foI8ohrLkstSx8gH+oII1Ud1k1XoMMqqU
-Ge656Tr85Di5WfacMdKUommOEKQYRiic6ikcNEAVVNOHlOtw08ua7g1k1G/dwcj0
-DCF2WmWzdAMwST0AH/RPa+i9cX8f/yS15OUP7ncSaI7/ChGT3EBzP+bqxeXFOCNH
-0yNLk4tNLIzNwnKXGTfSbKMTYOZ3ngAiR4w3ro/LJhe2z03MOawxoiIosTc9UwKA
-YJ3nYHYw8/EJCKPth6yrUU3gU1V0vyaBy34y4xuha3oWnbc53vm1cv4BINwmuAms
-ASQpqCiGp2ZaalNu87xCnWE3HA4S3+0U3dsFJXdPdQt/cDzX+kDzojWeHmECp6mn
-GodmmPbEBqzDckMaM9CvSAp8NyZuO8hrOSoGTdxQtP1w3waOeM4zLYd7aBYUfefL
-36OoziEN
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFnjCCA4agAwIBAgIJANLdX1zcxUSUMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV
-BAYTAkdCMRAwDgYDVQQIDAdFbmdsYW5kMRIwEAYDVQQKDAlHb29nbGUgVUsxDDAK
-BgNVBAsMA0FmVzEZMBcGA1UEAwwQQWZ3IFRlc3QgUm9vdCBDQTAeFw0xNjAzMTgx
-NzAxMDBaFw0zNjAzMTMxNzAxMDBaMFwxCzAJBgNVBAYTAkdCMRAwDgYDVQQIDAdF
-bmdsYW5kMRIwEAYDVQQKDAlHb29nbGUgVUsxDDAKBgNVBAsMA0FmVzEZMBcGA1UE
-AwwQQWZ3IFRlc3QgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBANFyOD/BIGV4iHSGDrp1ajvp+00098dn+p1cqlMHMrWUjnqzcMdOVmeqSaQ/
-EkOlAIsdcl1yb+oo3DhomIzX/B2lTQSOSLDmthIgmu0hfk/gAiqLdA8/L2F9m64N
-9x4+72xscN3MxzvjKGUBgPDmRfR9Tp347j42HUCjmF5sTa7DzGMrU7I3gCmi7B3D
-zbkgdTwpucH2JDqHQPv+7PLaNyuZNEmiXM76DPyMypxMrtGrq/FDVJ7JwF+cSwbY
-WVfzbmOfHG7g6hRw7Bap/NNjcdtP09hRPG/g2WDy4z0Ay8MTZVe95EHTsyeR+kpv
-0f60eUI0cV7EovbLmp10I3RdsxbWTjbeFmNjM7WmmmsFRzA1jMlFGil/po4mJvMF
-Bcqbi4kUhQ49F4tRUlHRG1b/up71tDuzToF0YmN9GHkf/kt7/noVTYdEsm4RwaeF
-mhoaTMFaNaHGTHSyqroqbBCqlkfTqB1Cqw1weGqV6bGfaYpCJGx5vXmr06mh5dwo
-zvpyHQKCQu96a0G81T526RtVeA4QR89ELa0JSBpWR9MqVZKBte9AgS5vlF0386uM
-vcKC3zJ4srv1YrTOmMkLktNJHsyfLQgb70RdHR38hDEwKaq6VDWiewKDhsWAI5SJ
-wRgjAYspsNUVahDWvpXq/bRGM3JTW+QxiR22vgEitvKeIysLAgMBAAGjYzBhMB0G
-A1UdDgQWBBRXgQcc6LQCpAiPggyM8QVbd9VLxDAfBgNVHSMEGDAWgBRXgQcc6LQC
-pAiPggyM8QVbd9VLxDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAjo/Fj7iTOr1/nTvZpeaon0/xY4D+Hf83FW/4yASZ
-Et0ITa510zIi8rIVvlaR1xdbXLYxHgdtm4vQtKZStwOBdwj+4VZrb9WgwQyBCYU5
-RqK387oMUeZdfsh9m2nqM8buYls3mldv34XUg8y1oytx6GDdC7NKz6PLNpIVkj5F
-aBnyfh43FsXHkzAy0nfkdE2mqfhQ4CD9Zkm9fJcX0inEmcspM5G8ba16uESZDqUS
-oJc1bgNtW64fL7pOtVfHDIJqKf/G/iIq1lk33gv5/4z6Z8e7fYVm1JabUUd9rZ6t
-cjXXFqkA7SkcXTs829/gaXQQv2FARt7g70UxJmNN0MCKfYnKM4dKddi934mTWrOI
-eLe0u3OAa1wZaHggJJXgRxMx/acWnGfersTpsAB1XG74XTSXHV7zHHnNWXjQ+gu0
-N4RAkQFMYWqp6KoHgQrdQfLPcaw0wc+ZMJj35z50b4ab+Bygthx3W+v/MiMFK9Wv
-/AsQCGslDcGWbFCYP7IvHDfownIFGefMnOm41NKWus9z6HoEUmfJiiSSVxECDT/2
-fE7M+sQovdrlHx7ru/fO6PP+6ocUE1afY6cHUzE0Dhv6xMcdvwL7COGd5ZU1bqAQ
-TqbePM5Kpk1ytkigdixzMDz/HFum0fdGfc/59Ll+f6+uHAX5NpOJZkBHBCWAoCeX
-bsg=
------END CERTIFICATE-----
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/assets/user-cert-chain.key b/hostsidetests/devicepolicy/app/DeviceOwner/assets/user-cert-chain.key
deleted file mode 100644
index 8bb399e..0000000
--- a/hostsidetests/devicepolicy/app/DeviceOwner/assets/user-cert-chain.key
+++ /dev/null
Binary files differ
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/BasicAdminReceiver.java b/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/BasicAdminReceiver.java
index a46e83b..37b3ed7 100644
--- a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/BasicAdminReceiver.java
+++ b/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/BasicAdminReceiver.java
@@ -19,8 +19,6 @@
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
-import android.net.Uri;
-import android.os.Process;
import android.os.UserHandle;
import androidx.localbroadcastmanager.content.LocalBroadcastManager;
@@ -42,16 +40,6 @@
}
@Override
- public String onChoosePrivateKeyAlias(Context context, Intent intent, int uid, Uri uri,
- String suggestedAlias) {
- super.onChoosePrivateKeyAlias(context, intent, uid, uri, suggestedAlias);
- if (uid != Process.myUid() || uri == null) {
- return null;
- }
- return uri.getQueryParameter("alias");
- }
-
- @Override
public void onUserAdded(Context context, Intent intent, UserHandle userHandle) {
super.onUserAdded(context, intent, userHandle);
sendUserBroadcast(context, ACTION_USER_ADDED, userHandle);
diff --git a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceAndProfileOwnerTest.java b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceAndProfileOwnerTest.java
index 3edfdbd..fbe75d2 100644
--- a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceAndProfileOwnerTest.java
+++ b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceAndProfileOwnerTest.java
@@ -898,6 +898,23 @@
runDeviceTestsAsUser(DEVICE_ADMIN_PKG, className, mUserId);
}
+ public void testKeyManagement() throws Exception {
+ if (!mHasFeature) {
+ return;
+ }
+
+ try {
+ // Set a non-empty device lockscreen password, which is a precondition for installing
+ // CA certificates.
+ changeUserCredential("1234", null, mUserId);
+ // Verify the credential immediately to unlock the work profile challenge
+ verifyUserCredential("1234", mUserId);
+ executeDeviceTestClass(".KeyManagementTest");
+ } finally {
+ changeUserCredential(null, "1234", mUserId);
+ }
+ }
+
/**
* Executes a test class on device. Prior to running, turn off background data usage
* restrictions, and restore the original restrictions after the test.
diff --git a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java
index 25627ee..4b68e3a 100644
--- a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java
+++ b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java
@@ -120,16 +120,6 @@
executeDeviceOwnerTest("DeviceOwnerSetupTest");
}
- public void testKeyManagement() throws Exception {
- try {
- changeUserCredential("1234", null, mPrimaryUserId);
-
- executeDeviceOwnerTest("KeyManagementTest");
- } finally {
- changeUserCredential(null, "1234", mPrimaryUserId);
- }
- }
-
public void testLockScreenInfo() throws Exception {
executeDeviceOwnerTest("LockScreenInfoTest");
}