diff options
| author | Ecco Park <eccopark@google.com> | 2018-10-12 10:23:10 -0700 |
|---|---|---|
| committer | Ecco Park <eccopark@google.com> | 2018-10-17 22:04:52 -0700 |
| commit | 246b0296bee15438b2e9acafbdb3117f97be88ee (patch) | |
| tree | 189de98c76181a46bae596197601f3663efb660f /tests | |
| parent | 1ff63057eb276526c10e8aab0f8b6687cca38cfe (diff) | |
passpoint-r2: retrieve trust root certificates as final message exchange
Bug: 74244324
Test: ./frameworks/opt/net/wifi/tests/wifitests/runtests.sh
Test: live test with Passpoint R2 service provider AP.
Change-Id: I24f0bc9bdcfdb5366fffa1d13f0fb4b4502ea8af
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java | 152 | ||||
| -rw-r--r-- | tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java | 118 | ||||
| -rw-r--r-- | tests/wifitests/src/com/android/server/wifi/hotspot2/ServiceProviderVerifierTest.java (renamed from tests/wifitests/src/com/android/server/wifi/hotspot2/ASN1SubjectAltNamesParserTest.java) | 78 | ||||
| -rw-r--r-- | tests/wifitests/src/com/android/server/wifi/hotspot2/soap/HttpsTransportTest.java | 6 |
4 files changed, 328 insertions, 26 deletions
diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java index f0a72efce..39ef15e5d 100644 --- a/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java +++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java @@ -16,6 +16,7 @@ package com.android.server.wifi.hotspot2; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import static org.mockito.ArgumentMatchers.anyString; @@ -41,24 +42,31 @@ import com.android.server.wifi.hotspot2.soap.SppResponseMessage; import org.junit.Before; import org.junit.Test; +import org.ksoap2.HeaderProperty; import org.ksoap2.SoapEnvelope; import org.ksoap2.serialization.SoapObject; import org.ksoap2.serialization.SoapSerializationEnvelope; import org.mockito.ArgumentCaptor; import org.mockito.Mock; +import org.mockito.Mockito; import org.mockito.MockitoAnnotations; import org.mockito.MockitoSession; import java.io.IOException; +import java.io.InputStream; +import java.net.HttpURLConnection; import java.net.Socket; import java.net.URL; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Locale; +import java.util.Map; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; @@ -66,7 +74,7 @@ import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; /** - * Unit tests for {@link com.android.server.wifi.hotspot2.OsuServerConnection}. + * Unit tests for {@link OsuServerConnection}. */ @SmallTest public class OsuServerConnectionTest { @@ -84,6 +92,8 @@ public class OsuServerConnectionTest { private ArgumentCaptor<TrustManager[]> mTrustManagerCaptor = ArgumentCaptor.forClass(TrustManager[].class); + private Map<Integer, Map<String, byte[]>> mTrustCertsInfo = new HashMap<>(); + @Mock PasspointProvisioner.OsuServerCallbacks mOsuServerCallbacks; @Mock Network mNetwork; @Mock HttpsURLConnection mUrlConnection; @@ -118,9 +128,9 @@ public class OsuServerConnectionTest { public void verifyInitAndConnect() throws Exception { // static mocking MockitoSession session = ExtendedMockito.mockitoSession().mockStatic( - ASN1SubjectAltNamesParser.class).startMocking(); + ServiceProviderVerifier.class).startMocking(); try { - when(ASN1SubjectAltNamesParser.getProviderNames(any(X509Certificate.class))).thenReturn( + when(ServiceProviderVerifier.getProviderNames(any(X509Certificate.class))).thenReturn( mProviderIdentities); mOsuServerConnection.init(mTlsContext, mDelegate); @@ -224,9 +234,9 @@ public class OsuServerConnectionTest { public void verifyInitAndConnectInvalidProviderIdentity() throws Exception { // static mocking MockitoSession session = ExtendedMockito.mockitoSession().mockStatic( - ASN1SubjectAltNamesParser.class).startMocking(); + ServiceProviderVerifier.class).startMocking(); try { - when(ASN1SubjectAltNamesParser.getProviderNames(any(X509Certificate.class))).thenReturn( + when(ServiceProviderVerifier.getProviderNames(any(X509Certificate.class))).thenReturn( mProviderIdentities); mOsuServerConnection.init(mTlsContext, mDelegate); @@ -263,10 +273,7 @@ public class OsuServerConnectionTest { */ @Test public void verifyExchangeSoapMessageWithInvalidArgument() { - mOsuServerConnection.init(mTlsContext, mDelegate); - mOsuServerConnection.setEventCallback(mOsuServerCallbacks); - - assertTrue(mOsuServerConnection.connect(mValidServerUrl, mNetwork)); + establishServerConnection(); assertFalse(mOsuServerConnection.exchangeSoapMessage(null)); } @@ -307,9 +314,7 @@ public class OsuServerConnectionTest { MockitoSession session = ExtendedMockito.mockitoSession().mockStatic( HttpsTransport.class).mockStatic(SoapParser.class).startMocking(); try { - mOsuServerConnection.init(mTlsContext, mDelegate); - mOsuServerConnection.setEventCallback(mOsuServerCallbacks); - assertTrue(mOsuServerConnection.connect(mValidServerUrl, mNetwork)); + establishServerConnection(); SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER12); envelope.bodyIn = new SoapObject(); @@ -325,4 +330,127 @@ public class OsuServerConnectionTest { session.finishMocking(); } } + + /** + * Verifies {@code retrieveTrustRootCerts} should return {@code false} if there is no + * connection. + */ + @Test + public void verifyRetrieveTrustRootCertsWithoutConnection() { + assertFalse(mOsuServerConnection.retrieveTrustRootCerts(mTrustCertsInfo)); + } + + /** + * Verifies {@code retrieveTrustRootCerts} should return {@code false} if {@code + * mTrustCertsInfo} is empty. + */ + @Test + public void verifyRetrieveTrustRootCertsWithEmptyOfTrustCertsInfo() { + mOsuServerConnection.init(mTlsContext, mDelegate); + mOsuServerConnection.setEventCallback(mOsuServerCallbacks); + assertFalse(mOsuServerConnection.retrieveTrustRootCerts(mTrustCertsInfo)); + } + + /** + * Verifies it should return an empty collection of CA certificates if HTTPS response from + * server to get root CA certificate is not HTTP OK. + */ + @Test + public void verifyRetrieveTrustRootCertsWithErrorInHTTPSResponse() throws IOException { + // static mocking + MockitoSession session = ExtendedMockito.mockitoSession().mockStatic( + HttpsTransport.class).startMocking(); + try { + when(HttpsTransport.createInstance(any(Network.class), any(URL.class))).thenReturn( + mHttpsTransport); + when(mHttpsServiceConnection.getResponseCode()).thenReturn( + HttpURLConnection.HTTP_NO_CONTENT); + ArgumentCaptor<Map<Integer, List<X509Certificate>>> argumentCaptor = + ArgumentCaptor.forClass(Map.class); + + // Test Data + Map<String, byte[]> certInfo = new HashMap<>(); + certInfo.put("https://test.com/trustroot", "testData".getBytes()); + certInfo.put("https://test2.com/trustroot", "testData2".getBytes()); + mTrustCertsInfo.put(OsuServerConnection.TRUST_CERT_TYPE_AAA, certInfo); + + establishServerConnection(); + + assertTrue(mOsuServerConnection.retrieveTrustRootCerts(mTrustCertsInfo)); + + mLooper.dispatchAll(); + + verify(mOsuServerCallbacks).onReceivedTrustRootCertificates(anyInt(), + argumentCaptor.capture()); + assertTrue(argumentCaptor.getValue().isEmpty()); + } finally { + session.finishMocking(); + } + } + + /** + * Verifies it should return a collection of CA certificates if there is no error while + * downloading root CA certificate from each {@code URL} provided + */ + @Test + public void verifyRetrieveTrustRootCertsWithoutError() throws IOException, + CertificateException { + // static mocking + MockitoSession session = ExtendedMockito.mockitoSession().mockStatic( + HttpsTransport.class).mockStatic(CertificateFactory.class).mockStatic( + ServiceProviderVerifier.class).startMocking(); + try { + X509Certificate certificate = Mockito.mock(X509Certificate.class); + InputStream inputStream = Mockito.mock(InputStream.class); + + // To avoid infinite loop in OsuServerConnection.getCert. + when(inputStream.read(any(byte[].class), anyInt(), anyInt())).thenReturn(-1); + + CertificateFactory certificateFactory = Mockito.mock(CertificateFactory.class); + when(certificateFactory.generateCertificate(any(InputStream.class))).thenReturn( + certificate); + when(CertificateFactory.getInstance(anyString())).thenReturn(certificateFactory); + when(HttpsTransport.createInstance(any(Network.class), any(URL.class))).thenReturn( + mHttpsTransport); + when(mHttpsServiceConnection.getResponseCode()).thenReturn( + HttpURLConnection.HTTP_OK); + when(mHttpsServiceConnection.openInputStream()).thenReturn(inputStream); + ArgumentCaptor<Map<Integer, List<X509Certificate>>> argumentCaptor = + ArgumentCaptor.forClass(Map.class); + when(ServiceProviderVerifier.verifyCertFingerprint(any(X509Certificate.class), + any(byte[].class))).thenReturn(true); + + // Test Data + Map<String, byte[]> certInfo = new HashMap<>(); + certInfo.put("https://test.com/trustroot", "testData".getBytes()); + mTrustCertsInfo.put(OsuServerConnection.TRUST_CERT_TYPE_AAA, certInfo); + + List<HeaderProperty> properties = new ArrayList<>(); + + // Indicates that X.509 CA certificate is included. + properties.add(new HeaderProperty("Content-Type", "application/x-x509-ca-cert")); + when(mHttpsServiceConnection.getResponseProperties()).thenReturn(properties); + + establishServerConnection(); + + assertTrue(mOsuServerConnection.retrieveTrustRootCerts(mTrustCertsInfo)); + + mLooper.dispatchAll(); + + verify(mOsuServerCallbacks).onReceivedTrustRootCertificates(anyInt(), + argumentCaptor.capture()); + assertEquals(1, argumentCaptor.getValue().size()); + assertEquals(certificate, + argumentCaptor.getValue().get(OsuServerConnection.TRUST_CERT_TYPE_AAA).get(0)); + } finally { + session.finishMocking(); + } + } + + private void establishServerConnection() { + mOsuServerConnection.init(mTlsContext, mDelegate); + mOsuServerConnection.setEventCallback(mOsuServerCallbacks); + + assertTrue(mOsuServerConnection.connect(mValidServerUrl, mNetwork)); + } } diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java index 2214d53d3..3607a0326 100644 --- a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java +++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java @@ -18,10 +18,14 @@ package com.android.server.wifi.hotspot2; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; +import static org.mockito.ArgumentMatchers.anyMap; +import static org.mockito.ArgumentMatchers.isNull; import static org.mockito.Mockito.any; import static org.mockito.Mockito.atLeastOnce; import static org.mockito.Mockito.doReturn; +import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.eq; +import static org.mockito.Mockito.lenient; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.never; import static org.mockito.Mockito.verify; @@ -39,7 +43,12 @@ import android.net.wifi.WifiManager; import android.net.wifi.WifiSsid; import android.net.wifi.hotspot2.IProvisioningCallback; import android.net.wifi.hotspot2.OsuProvider; +import android.net.wifi.hotspot2.PasspointConfiguration; import android.net.wifi.hotspot2.ProvisioningCallback; +import android.net.wifi.hotspot2.omadm.PpsMoParser; +import android.net.wifi.hotspot2.pps.Credential; +import android.net.wifi.hotspot2.pps.HomeSp; +import android.net.wifi.hotspot2.pps.UpdateParameter; import android.os.Build; import android.os.Handler; import android.os.RemoteException; @@ -70,12 +79,17 @@ import org.mockito.MockitoSession; import java.net.URL; import java.security.KeyStore; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; import java.util.Locale; +import java.util.Map; import javax.net.ssl.SSLContext; /** - * Unit tests for {@link com.android.server.wifi.hotspot2.PasspointProvisioner}. + * Unit tests for {@link PasspointProvisioner}. */ @SmallTest public class PasspointProvisionerTest { @@ -86,6 +100,7 @@ public class PasspointProvisionerTest { private static final int STEP_WAIT_FOR_REDIRECT_RESPONSE = 3; private static final int STEP_WAIT_FOR_SECOND_SOAP_RESPONSE = 4; private static final int STEP_WAIT_FOR_THIRD_SOAP_RESPONSE = 5; + private static final int STEP_WAIT_FOR_TRUST_ROOT_CERTS = 6; private static final String TEST_DEV_ID = "12312341"; private static final String TEST_MANUFACTURER = Build.MANUFACTURER; @@ -141,13 +156,15 @@ public class PasspointProvisionerTest { @Mock PpsMoData mPpsMoData; @Mock RedirectListener mRedirectListener; @Mock PackageManager mPackageManager; + @Mock PasspointConfiguration mPasspointConfiguration; + @Mock X509Certificate mX509Certificate; @Before public void setUp() throws Exception { MockitoAnnotations.initMocks(this); mTestUrl = new URL(TEST_REDIRECT_URL); mSession = ExtendedMockito.mockitoSession().mockStatic( - RedirectListener.class).startMocking(); + RedirectListener.class).mockStatic(PpsMoParser.class).startMocking(); when(RedirectListener.createInstance(mLooper.getLooper())).thenReturn( mRedirectListener); @@ -212,6 +229,21 @@ public class PasspointProvisionerTest { resolveInfo.activityInfo.applicationInfo.packageName = OSU_APP_PACKAGE; when(mPackageManager.resolveActivity(any(Intent.class), eq(PackageManager.MATCH_DEFAULT_ONLY))).thenReturn(resolveInfo); + + Map<String, byte[]> trustCertInfo = new HashMap<>(); + trustCertInfo.put("https://testurl.com", "testData".getBytes()); + when(mPasspointConfiguration.getTrustRootCertList()).thenReturn(trustCertInfo); + when(mPasspointConfiguration.getCredential()).thenReturn(new Credential()); + HomeSp homeSp = new HomeSp(); + homeSp.setFqdn("test.com"); + when(mPasspointConfiguration.getHomeSp()).thenReturn(homeSp); + + UpdateParameter updateParameter = new UpdateParameter(); + updateParameter.setTrustRootCertUrl("https://testurl.com"); + updateParameter.setTrustRootCertSha256Fingerprint("testData".getBytes()); + when(mPasspointConfiguration.getSubscriptionUpdate()).thenReturn(updateParameter); + when(mOsuServerConnection.retrieveTrustRootCerts(anyMap())).thenReturn(true); + lenient().when(PpsMoParser.parseMoText(isNull())).thenReturn(mPasspointConfiguration); } @After @@ -309,6 +341,20 @@ public class PasspointProvisionerTest { mOsuServerCallbacks.onReceivedSoapMessage(mOsuServerCallbacks.getSessionId(), mExchangeCompleteMessage); mLooper.dispatchAll(); + } else if (step == STEP_WAIT_FOR_TRUST_ROOT_CERTS) { + verify(mCallback).onProvisioningStatus( + ProvisioningCallback.OSU_STATUS_RETRIEVING_TRUST_ROOT_CERTS); + + Map<Integer, List<X509Certificate>> trustRootCertificates = new HashMap<>(); + List<X509Certificate> certificates = new ArrayList<>(); + certificates.add(mX509Certificate); + trustRootCertificates.put(OsuServerConnection.TRUST_CERT_TYPE_AAA, certificates); + + // Received trust root CA certificates + mOsuServerCallbacks.onReceivedTrustRootCertificates( + mOsuServerCallbacks.getSessionId(), trustRootCertificates); + mLooper.dispatchAll(); + verify(mCallback).onProvisioningComplete(); } } } @@ -646,14 +692,78 @@ public class PasspointProvisionerTest { } /** + * Verifies that the right provisioning callbacks are invoked when failing to call {@link + * OsuServerConnection#retrieveTrustRootCerts(Map)}. + */ + @Test + public void verifyHandlingErrorForCallingRetrieveTrustRootCerts() + throws RemoteException { + when(mOsuServerConnection.retrieveTrustRootCerts(anyMap())).thenReturn(false); + stopAfterStep(STEP_WAIT_FOR_THIRD_SOAP_RESPONSE); + + verify(mCallback).onProvisioningFailure( + ProvisioningCallback.OSU_FAILURE_SERVER_CONNECTION); + } + + /** + * Verifies that the right provisioning callbacks are invoked when a new {@link + * PasspointConfiguration} is failed to add. + */ + @Test + public void verifyHandlingErrorForAddingPasspointConfiguration() throws RemoteException { + doThrow(IllegalArgumentException.class).when( + mWifiManager).addOrUpdatePasspointConfiguration(any(PasspointConfiguration.class)); + stopAfterStep(STEP_WAIT_FOR_THIRD_SOAP_RESPONSE); + verify(mCallback).onProvisioningStatus( + ProvisioningCallback.OSU_STATUS_RETRIEVING_TRUST_ROOT_CERTS); + + Map<Integer, List<X509Certificate>> trustRootCertificates = new HashMap<>(); + List<X509Certificate> certificates = new ArrayList<>(); + certificates.add(mX509Certificate); + trustRootCertificates.put(OsuServerConnection.TRUST_CERT_TYPE_AAA, certificates); + + // Received trust root CA certificates + mOsuServerCallbacks.onReceivedTrustRootCertificates( + mOsuServerCallbacks.getSessionId(), trustRootCertificates); + mLooper.dispatchAll(); + + verify(mCallback).onProvisioningFailure( + ProvisioningCallback.OSU_FAILURE_ADD_PASSPOINT_CONFIGURATION); + } + + /** + * Verifies that the right provisioning callbacks are invoked when it is failed to retrieve + * trust root certificates from the URLs provided. + */ + @Test + public void verifyHandlingEmptyTrustRootCertificateRetrieved() throws RemoteException { + doThrow(IllegalArgumentException.class).when( + mWifiManager).addOrUpdatePasspointConfiguration(any(PasspointConfiguration.class)); + stopAfterStep(STEP_WAIT_FOR_THIRD_SOAP_RESPONSE); + verify(mCallback).onProvisioningStatus( + ProvisioningCallback.OSU_STATUS_RETRIEVING_TRUST_ROOT_CERTS); + + // Empty trust root certificates. + Map<Integer, List<X509Certificate>> trustRootCertificates = new HashMap<>(); + + // Received trust root CA certificates + mOsuServerCallbacks.onReceivedTrustRootCertificates( + mOsuServerCallbacks.getSessionId(), trustRootCertificates); + mLooper.dispatchAll(); + + verify(mCallback).onProvisioningFailure( + ProvisioningCallback.OSU_FAILURE_RETRIEVE_TRUST_ROOT_CERTIFICATES); + } + + /** * Verifies that the right provisioning callbacks are invoked as the provisioner progresses * to the end as successful case. */ @Test public void verifyProvisioningFlowForSuccessfulCase() throws RemoteException { - stopAfterStep(STEP_WAIT_FOR_THIRD_SOAP_RESPONSE); + stopAfterStep(STEP_WAIT_FOR_TRUST_ROOT_CERTS); - // No further runnables posted + // No further runnable posted verifyNoMoreInteractions(mCallback); } } diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/ASN1SubjectAltNamesParserTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/ServiceProviderVerifierTest.java index 59711fa67..ee0ac896f 100644 --- a/tests/wifitests/src/com/android/server/wifi/hotspot2/ASN1SubjectAltNamesParserTest.java +++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/ServiceProviderVerifierTest.java @@ -16,11 +16,12 @@ package com.android.server.wifi.hotspot2; -import static com.android.server.wifi.hotspot2.ASN1SubjectAltNamesParser +import static com.android.server.wifi.hotspot2.ServiceProviderVerifier .ID_WFA_OID_HOTSPOT_FRIENDLYNAME; import static org.hamcrest.Matchers.is; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; import static org.mockito.Mockito.doThrow; @@ -50,10 +51,10 @@ import java.util.List; import java.util.Locale; /** - * Unit tests for {@link com.android.server.wifi.hotspot2.ASN1SubjectAltNamesParser}. + * Unit tests for {@link ServiceProviderVerifier}. */ @SmallTest -public class ASN1SubjectAltNamesParserTest { +public class ServiceProviderVerifierTest { private List<List<?>> mNewNames; private static final String LOCAL_HOST_NAME = "localhost"; private static final byte[] LOCAL_HOST_ADDRESS = {127, 0, 0, 1}; @@ -80,7 +81,7 @@ public class ASN1SubjectAltNamesParserTest { */ @Test public void testNullForProviderCertShouldReturnEmptyList() { - assertTrue(ASN1SubjectAltNamesParser.getProviderNames(null).isEmpty()); + assertTrue(ServiceProviderVerifier.getProviderNames(null).isEmpty()); } /** @@ -90,7 +91,7 @@ public class ASN1SubjectAltNamesParserTest { @Test public void testNullFromgetSubjectAlternativeNamesShouldReturnEmptyList() throws Exception { when(mX509Certificate.getSubjectAlternativeNames()).thenReturn(null); - assertTrue(ASN1SubjectAltNamesParser.getProviderNames(mX509Certificate).isEmpty()); + assertTrue(ServiceProviderVerifier.getProviderNames(mX509Certificate).isEmpty()); } /** @@ -101,7 +102,7 @@ public class ASN1SubjectAltNamesParserTest { public void testEmptyListFromGetSubjectAlternativeNamesShouldReturnEmptyList() throws Exception { when(mX509Certificate.getSubjectAlternativeNames()).thenReturn(Collections.emptySet()); - assertTrue(ASN1SubjectAltNamesParser.getProviderNames(mX509Certificate).isEmpty()); + assertTrue(ServiceProviderVerifier.getProviderNames(mX509Certificate).isEmpty()); } /** @@ -114,7 +115,7 @@ public class ASN1SubjectAltNamesParserTest { doThrow(new CertificateParsingException()).when( mX509Certificate).getSubjectAlternativeNames(); - assertTrue(ASN1SubjectAltNamesParser.getProviderNames(mX509Certificate).isEmpty()); + assertTrue(ServiceProviderVerifier.getProviderNames(mX509Certificate).isEmpty()); } /** @@ -131,7 +132,7 @@ public class ASN1SubjectAltNamesParserTest { when(mX509Certificate.getSubjectAlternativeNames()).thenReturn( Collections.unmodifiableCollection(mNewNames)); - assertTrue(ASN1SubjectAltNamesParser.getProviderNames(mX509Certificate).isEmpty()); + assertTrue(ServiceProviderVerifier.getProviderNames(mX509Certificate).isEmpty()); } /** @@ -149,7 +150,7 @@ public class ASN1SubjectAltNamesParserTest { when(mX509Certificate.getSubjectAlternativeNames()).thenReturn( Collections.unmodifiableCollection(mNewNames)); - assertTrue(ASN1SubjectAltNamesParser.getProviderNames(mX509Certificate).isEmpty()); + assertTrue(ServiceProviderVerifier.getProviderNames(mX509Certificate).isEmpty()); } /** @@ -169,7 +170,7 @@ public class ASN1SubjectAltNamesParserTest { when(mX509Certificate.getSubjectAlternativeNames()).thenReturn( Collections.unmodifiableCollection(mNewNames)); - List<Pair<Locale, String>> result = ASN1SubjectAltNamesParser.getProviderNames( + List<Pair<Locale, String>> result = ServiceProviderVerifier.getProviderNames( mX509Certificate); assertThat(result.size(), is(1)); @@ -177,6 +178,36 @@ public class ASN1SubjectAltNamesParserTest { } /** + * Verify that verifyCertFingerPrint should return {@code true} when a fingerprint of {@link + * X509Certificate} is same with a value of hash provided. + */ + @Test + public void testVerifyFingerPrintOfCertificateWithSameFingerPrintValueReturnTrue() + throws Exception { + String testData = "testData"; + String testHash = "ba477a0ac57e10dd90bb5bf0289c5990fe839c619b26fde7c2aac62f526d4113"; + when(mX509Certificate.getEncoded()).thenReturn(testData.getBytes()); + + assertTrue(ServiceProviderVerifier.verifyCertFingerprint(mX509Certificate, + hexToBytes(testHash))); + } + + /** + * Verify that verifyCertFingerPrint should return {@code false} when a fingerprint of {@link + * X509Certificate} is different with a value of hash provided. + */ + @Test + public void testVerifyFingerPrintOfCertificateWithDifferentFingerPrintValueReturnFalse() + throws Exception { + String testData = "differentData"; + String testHash = "ba477a0ac57e10dd90bb5bf0289c5990fe839c619b26fde7c2aac62f526d4113"; + when(mX509Certificate.getEncoded()).thenReturn(testData.getBytes()); + + assertFalse(ServiceProviderVerifier.verifyCertFingerprint(mX509Certificate, + hexToBytes(testHash))); + } + + /** * Helper function to create an entry complying with the format returned * {@link X509Certificate#getSubjectAlternativeNames()} */ @@ -187,4 +218,31 @@ public class ASN1SubjectAltNamesParserTest { return nameEntry; } + + /** + * Converts a hex string to an array of bytes. The {@code hex} should have an even length. If + * not, the last character will be ignored. + */ + private byte[] hexToBytes(String hex) { + byte[] output = new byte[hex.length() / 2]; + for (int i = 0, j = 0; i + 1 < hex.length(); i += 2, j++) { + output[j] = (byte) (charToByte(hex.charAt(i)) << 4 | charToByte(hex.charAt(i + 1))); + } + return output; + } + + /** + * Converts a character of [0-9a-aA-F] to its hex value in a byte. If the character is not a + * hex number, 0 will be returned. + */ + private byte charToByte(char c) { + if (c >= 0x30 && c <= 0x39) { + return (byte) (c - 0x30); + } else if (c >= 0x41 && c <= 0x46) { + return (byte) (c - 0x37); + } else if (c >= 0x61 && c <= 0x66) { + return (byte) (c - 0x57); + } + return 0; + } } diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/soap/HttpsTransportTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/soap/HttpsTransportTest.java index 7248c3823..0f189242f 100644 --- a/tests/wifitests/src/com/android/server/wifi/hotspot2/soap/HttpsTransportTest.java +++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/soap/HttpsTransportTest.java @@ -17,6 +17,8 @@ package com.android.server.wifi.hotspot2.soap; import static org.junit.Assert.assertNotNull; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; import static org.mockito.MockitoAnnotations.initMocks; import android.net.Network; @@ -29,6 +31,8 @@ import org.mockito.Mock; import java.io.IOException; import java.net.URL; +import javax.net.ssl.HttpsURLConnection; + /** * Unit tests for {@link HttpsTransport}. */ @@ -39,6 +43,7 @@ public class HttpsTransportTest { private HttpsTransport mHttpsTransport; @Mock Network mNetwork; + @Mock HttpsURLConnection mHttpsURLConnection; /** * Sets up test. @@ -47,6 +52,7 @@ public class HttpsTransportTest { public void setUp() throws Exception { initMocks(this); mUrl = new URL(TEST_URL); + when(mNetwork.openConnection(any(URL.class))).thenReturn(mHttpsURLConnection); mHttpsTransport = HttpsTransport.createInstance(mNetwork, mUrl); } |