diff options
| author | Hai Shalom <haishalom@google.com> | 2020-01-09 13:05:39 -0800 |
|---|---|---|
| committer | Hai Shalom <haishalom@google.com> | 2020-01-13 12:37:14 -0800 |
| commit | 5f42e0ea34ca70696cd2b4609e727a5bb760a8a3 (patch) | |
| tree | c3366e3060447b65685bf9ed16cd6361b39fd8fc /tests | |
| parent | 25f89010a9807302ecfcbbcf50e067a31ea976bc (diff) | |
[Passpoint] Do not use conscrypt.TrustManagerImpl for OSU
Do not use conscrypt.TrustManagerImpl for OSU server connections.
Instead, use TrustManagerFactory to get a root trust manager and
extend with WFATrustManager it.
Bug: 142148188
Test: atest OsuServerConnectionTest
Test: atest PasspointProvisionerTest
Test: Connect to OSU server
Test: Swap WFA certificates with other certificates, verify OSU
connection fails.
Change-Id: Id579c6b9ffe46e64b94d8c5ad2d285d3ff85b6b7
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java | 48 | ||||
| -rw-r--r-- | tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java | 10 |
2 files changed, 32 insertions, 26 deletions
diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java index fbb653bc0..4d75b3e8a 100644 --- a/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java +++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java @@ -36,7 +36,6 @@ import android.util.Pair; import androidx.test.filters.SmallTest; import com.android.dx.mockito.inline.extended.ExtendedMockito; -import com.android.org.conscrypt.TrustManagerImpl; import com.android.server.wifi.WifiBaseTest; import com.android.server.wifi.hotspot2.soap.HttpsServiceConnection; import com.android.server.wifi.hotspot2.soap.HttpsTransport; @@ -59,7 +58,6 @@ import org.mockito.MockitoSession; import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; -import java.net.Socket; import java.net.URL; import java.security.KeyManagementException; import java.security.KeyStore; @@ -75,6 +73,7 @@ import java.util.Map; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; /** @@ -98,6 +97,9 @@ public class OsuServerConnectionTest extends WifiBaseTest { private ArgumentCaptor<TrustManager[]> mTrustManagerCaptor = ArgumentCaptor.forClass(TrustManager[].class); private Map<Integer, Map<String, byte[]>> mTrustCertsInfo = new HashMap<>(); + private ArgumentCaptor<X509Certificate[]> mX509CertificateCaptor = + ArgumentCaptor.forClass(X509Certificate[].class); + private X509Certificate[] mCertificateArray; @Mock PasspointProvisioner.OsuServerCallbacks mOsuServerCallbacks; @Mock Network mNetwork; @@ -105,10 +107,11 @@ public class OsuServerConnectionTest extends WifiBaseTest { @Mock WfaKeyStore mWfaKeyStore; @Mock SSLContext mTlsContext; @Mock KeyStore mKeyStore; - @Mock TrustManagerImpl mDelegate; + @Mock X509TrustManager mX509TrustManager; @Mock HttpsTransport mHttpsTransport; @Mock HttpsServiceConnection mHttpsServiceConnection; @Mock SppResponseMessage mSppResponseMessage; + @Mock TrustManagerFactory mTrustManagerFactory; @Before public void setUp() throws Exception { @@ -121,9 +124,12 @@ public class OsuServerConnectionTest extends WifiBaseTest { when(mOsuServerCallbacks.getSessionId()).thenReturn(TEST_SESSION_ID); when(mNetwork.openConnection(any(URL.class))).thenReturn(mUrlConnection); when(mHttpsTransport.getServiceConnection()).thenReturn(mHttpsServiceConnection); - when(mDelegate.getTrustedChainForServer(any(X509Certificate[].class), anyString(), - (Socket) isNull())) - .thenReturn(PasspointProvisioningTestUtil.getOsuCertsForTest()); + when(mTrustManagerFactory.getTrustManagers()) + .thenReturn(new X509TrustManager[]{mX509TrustManager}); + mCertificateArray = new X509Certificate[]{ + PasspointProvisioningTestUtil.getOsuCertsForTest().get(0), + PasspointProvisioningTestUtil.getOsuCertsForTest().get(1) + }; } /** @@ -143,7 +149,7 @@ public class OsuServerConnectionTest extends WifiBaseTest { TrustManager[] trustManagers = mTrustManagerCaptor.getValue(); X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; - trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE); + trustManager.checkServerTrusted(mCertificateArray, AUTH_TYPE); verify(mOsuServerCallbacks).onServerValidationStatus(anyInt(), eq(true)); Map<String, String> providerNames = new HashMap<>(); @@ -168,7 +174,7 @@ public class OsuServerConnectionTest extends WifiBaseTest { establishServerConnection(); TrustManager[] trustManagers = mTrustManagerCaptor.getValue(); X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; - trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE); + trustManager.checkServerTrusted(mCertificateArray, AUTH_TYPE); Map<String, String> friendlyNames = new HashMap<>(); friendlyNames.put( Locale.SIMPLIFIED_CHINESE.getISO3Language(), TEST_PROVIDER_CHINESE_NAME); @@ -194,7 +200,7 @@ public class OsuServerConnectionTest extends WifiBaseTest { establishServerConnection(); TrustManager[] trustManagers = mTrustManagerCaptor.getValue(); X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; - trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE); + trustManager.checkServerTrusted(mCertificateArray, AUTH_TYPE); Map<String, String> friendlyNames = new HashMap<>(); friendlyNames.put( Locale.SIMPLIFIED_CHINESE.getISO3Language(), TEST_PROVIDER_CHINESE_NAME); @@ -219,7 +225,7 @@ public class OsuServerConnectionTest extends WifiBaseTest { establishServerConnection(); TrustManager[] trustManagers = mTrustManagerCaptor.getValue(); X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; - trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE); + trustManager.checkServerTrusted(mCertificateArray, AUTH_TYPE); Map<String, String> friendlyNames = new HashMap<>(); friendlyNames.put( Locale.CANADA.getISO3Language(), PROVIDER_NAME_VALID); @@ -235,7 +241,7 @@ public class OsuServerConnectionTest extends WifiBaseTest { */ @Test public void verifyInvalidTlsContext() { - mOsuServerConnection.init(null, mDelegate); + mOsuServerConnection.init(null, mTrustManagerFactory); mOsuServerConnection.setEventCallback(mOsuServerCallbacks); assertFalse(mOsuServerConnection.canValidateServer()); @@ -248,7 +254,7 @@ public class OsuServerConnectionTest extends WifiBaseTest { public void verifyTlsContextInitFailure() throws Exception { doThrow(new KeyManagementException()).when(mTlsContext).init(any(), any(), any()); - mOsuServerConnection.init(mTlsContext, mDelegate); + mOsuServerConnection.init(mTlsContext, mTrustManagerFactory); mOsuServerConnection.setEventCallback(mOsuServerCallbacks); assertFalse(mOsuServerConnection.canValidateServer()); @@ -261,7 +267,7 @@ public class OsuServerConnectionTest extends WifiBaseTest { public void verifyInitAndNetworkOpenURLConnectionFailed() throws Exception { doThrow(new IOException()).when(mNetwork).openConnection(any(URL.class)); - mOsuServerConnection.init(mTlsContext, mDelegate); + mOsuServerConnection.init(mTlsContext, mTrustManagerFactory); mOsuServerConnection.setEventCallback(mOsuServerCallbacks); assertTrue(mOsuServerConnection.canValidateServer()); @@ -279,7 +285,7 @@ public class OsuServerConnectionTest extends WifiBaseTest { public void verifyInitAndServerConnectFailure() throws Exception { doThrow(new IOException()).when(mUrlConnection).connect(); - mOsuServerConnection.init(mTlsContext, mDelegate); + mOsuServerConnection.init(mTlsContext, mTrustManagerFactory); mOsuServerConnection.setEventCallback(mOsuServerCallbacks); assertTrue(mOsuServerConnection.canValidateServer()); @@ -301,9 +307,8 @@ public class OsuServerConnectionTest extends WifiBaseTest { certificates[0] = certificateList.get(0); TrustManager[] trustManagers = mTrustManagerCaptor.getValue(); X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; - doThrow(new CertificateException()).when(mDelegate) - .getTrustedChainForServer(any(X509Certificate[].class), anyString(), - (Socket) isNull()); + doThrow(new CertificateException()).when(mX509TrustManager) + .checkServerTrusted(any(X509Certificate[].class), anyString()); trustManager.checkServerTrusted(certificates, AUTH_TYPE); @@ -327,7 +332,7 @@ public class OsuServerConnectionTest extends WifiBaseTest { TrustManager[] trustManagers = mTrustManagerCaptor.getValue(); X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; - trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE); + trustManager.checkServerTrusted(mCertificateArray, AUTH_TYPE); verify(mOsuServerCallbacks).onServerValidationStatus(anyInt(), eq(true)); Map<String, String> providerNames = new HashMap<>(); @@ -426,7 +431,7 @@ public class OsuServerConnectionTest extends WifiBaseTest { */ @Test public void verifyRetrieveTrustRootCertsWithEmptyOfTrustCertsInfo() { - mOsuServerConnection.init(mTlsContext, mDelegate); + mOsuServerConnection.init(mTlsContext, mTrustManagerFactory); mOsuServerConnection.setEventCallback(mOsuServerCallbacks); assertFalse(mOsuServerConnection.retrieveTrustRootCerts(mTrustCertsInfo)); } @@ -566,7 +571,7 @@ public class OsuServerConnectionTest extends WifiBaseTest { @Test public void verifyInitAndNetworkOpenURLConnectionFailedWithHttpUrl() throws Exception { mServerUrl = new URL(TEST_INVALID_URL); - mOsuServerConnection.init(mTlsContext, mDelegate); + mOsuServerConnection.init(mTlsContext, mTrustManagerFactory); mOsuServerConnection.setEventCallback(mOsuServerCallbacks); assertTrue(mOsuServerConnection.canValidateServer()); @@ -574,9 +579,10 @@ public class OsuServerConnectionTest extends WifiBaseTest { } private void establishServerConnection() throws Exception { - mOsuServerConnection.init(mTlsContext, mDelegate); + mOsuServerConnection.init(mTlsContext, mTrustManagerFactory); mOsuServerConnection.setEventCallback(mOsuServerCallbacks); verify(mTlsContext).init(isNull(), mTrustManagerCaptor.capture(), isNull()); + verify(mTrustManagerFactory).getTrustManagers(); assertTrue(mOsuServerConnection.canValidateServer()); assertTrue(mOsuServerConnection.connect(mServerUrl, mNetwork)); diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java index e5f71b747..4c6cf7b66 100644 --- a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java +++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java @@ -62,7 +62,6 @@ import android.telephony.TelephonyManager; import androidx.test.filters.SmallTest; import com.android.dx.mockito.inline.extended.ExtendedMockito; -import com.android.org.conscrypt.TrustManagerImpl; import com.android.server.wifi.WifiBaseTest; import com.android.server.wifi.WifiMetrics; import com.android.server.wifi.WifiNative; @@ -101,6 +100,7 @@ import java.util.List; import java.util.Map; import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; /** * Unit tests for {@link PasspointProvisioner}. @@ -165,7 +165,7 @@ public class PasspointProvisionerTest extends WifiBaseTest { ArgumentCaptor.forClass(RedirectListener.RedirectCallback.class); private ArgumentCaptor<Handler> mHandlerCaptor = ArgumentCaptor.forClass(Handler.class); private OsuProvider mOsuProvider; - private TrustManagerImpl mDelegate; + private TrustManagerFactory mDelegate; private URL mTestUrl; private MockitoSession mSession; @@ -215,7 +215,6 @@ public class PasspointProvisionerTest extends WifiBaseTest { when(mWfaKeyStore.get()).thenReturn(mKeyStore); when(mObjectFactory.makeWfaKeyStore()).thenReturn(mWfaKeyStore); when(mObjectFactory.getSSLContext(any(String.class))).thenReturn(mTlsContext); - when(mObjectFactory.getTrustManagerImpl(any(KeyStore.class))).thenReturn(mDelegate); when(mObjectFactory.getSystemInfo(any(Context.class), any(WifiNative.class))).thenReturn( mSystemInfo); doReturn(mWifiManager).when(mContext) @@ -229,8 +228,9 @@ public class PasspointProvisionerTest extends WifiBaseTest { when(mOsuServerConnection.canValidateServer()).thenReturn(true); mPasspointProvisioner.enableVerboseLogging(1); mOsuProvider = PasspointProvisioningTestUtil.generateOsuProvider(true); - mDelegate = new TrustManagerImpl(PasspointProvisioningTestUtil.createFakeKeyStore()); - when(mObjectFactory.getTrustManagerImpl(any(KeyStore.class))).thenReturn(mDelegate); + mDelegate = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + mDelegate.init(PasspointProvisioningTestUtil.createFakeKeyStore()); + when(mObjectFactory.getTrustManagerFactory(any(KeyStore.class))).thenReturn(mDelegate); when(mContext.getSystemService(TelephonyManager.class)).thenReturn(mTelephonyManager); when(mTelephonyManager.createForSubscriptionId(anyInt())).thenReturn(mDataTelephonyManager); when(mSystemInfo.getDeviceModel()).thenReturn(TEST_MODEL); |