diff options
| author | Roshan Pius <rpius@google.com> | 2020-02-04 13:18:32 -0800 |
|---|---|---|
| committer | Roshan Pius <rpius@google.com> | 2020-02-26 09:47:34 -0800 |
| commit | ae1c89d3997e0c1bf645153726ef06038275c799 (patch) | |
| tree | a7824d4441d68f63cc84ce8ab79a800103968ee2 /tests | |
| parent | d794326839ee3d23d02860a50aaad1575619d7ac (diff) | |
RELAND: WifiKeyStore: Always use a different alias for CA
The public keystore API's don't allow the usage of the same key alias
for CA certificates and private key/cert entries. So, switch to a
different naming scheme.
Also, this aligns the wifi enterprise network key alias naming scheme with
passpoint networks, i.e priv key/cert have alias A, CA cert have alias
A_0, A_1, etc.
Fixed a bug in the previous version of the CL: Add the correct alias
name in the list.
Bug: 148861206
Test: atest com.android.server.wifi
Test: Verified that all EAP regression tests are passing.
Change-Id: I6dfd32a4b11fd531b4b63e573e4a39f2efd27965
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java b/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java index 42eb52613..4fc156518 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java @@ -16,11 +16,16 @@ package com.android.server.wifi; +import static org.junit.Assert.assertTrue; +import static org.mockito.AdditionalMatchers.aryEq; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.validateMockitoUsage; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyNoMoreInteractions; import static org.mockito.Mockito.when; +import android.net.wifi.WifiConfiguration; import android.net.wifi.WifiEnterpriseConfig; import androidx.test.filters.SmallTest; @@ -32,6 +37,7 @@ import org.mockito.Mock; import org.mockito.MockitoAnnotations; import java.security.KeyStore; +import java.security.cert.X509Certificate; /** * Unit tests for {@link com.android.server.wifi.WifiConfigManager}. @@ -42,6 +48,7 @@ public class WifiKeyStoreTest extends WifiBaseTest { @Mock private KeyStore mKeyStore; private WifiKeyStore mWifiKeyStore; + private static final String TEST_KEY_ID = "blah"; private static final String USER_CERT_ALIAS = "aabbccddee"; private static final String [] USER_CA_CERT_ALIAS = {"aacccddd", "bbbqqqqmmm"}; @@ -56,6 +63,14 @@ public class WifiKeyStoreTest extends WifiBaseTest { when(mWifiEnterpriseConfig.getClientCertificateAlias()).thenReturn(USER_CERT_ALIAS); when(mWifiEnterpriseConfig.getCaCertificateAliases()) .thenReturn(USER_CA_CERT_ALIAS); + when(mWifiEnterpriseConfig.getClientPrivateKey()).thenReturn(FakeKeys.RSA_KEY1); + when(mWifiEnterpriseConfig.getClientCertificate()).thenReturn(FakeKeys.CLIENT_CERT); + when(mWifiEnterpriseConfig.getCaCertificate()).thenReturn(FakeKeys.CA_CERT0); + when(mWifiEnterpriseConfig.getClientCertificateChain()) + .thenReturn(new X509Certificate[] {FakeKeys.CLIENT_CERT}); + when(mWifiEnterpriseConfig.getCaCertificates()) + .thenReturn(new X509Certificate[] {FakeKeys.CA_CERT0}); + when(mWifiEnterpriseConfig.getKeyId(any())).thenReturn(TEST_KEY_ID); } /** @@ -122,4 +137,26 @@ public class WifiKeyStoreTest extends WifiBaseTest { mWifiKeyStore.removeKeys(mWifiEnterpriseConfig); verifyNoMoreInteractions(mKeyStore); } + + /** + * Verifies that keys and certs are added when they were installed by an app and verifies the + * alias used. + */ + @Test + public void testAddKeysForAppInstalledCerts() throws Exception { + WifiConfiguration config = WifiConfigurationTestUtil.createEapNetwork(); + config.enterpriseConfig = mWifiEnterpriseConfig; + assertTrue(mWifiKeyStore.updateNetworkKeys(config, null)); + + String expectedAlias = config.getKeyIdForCredentials(null); + String expectedCaAlias = expectedAlias + "_0"; + // Method calls the KeyStore#delete method 4 times, user key, user cert, and 2 CA cert + verify(mKeyStore).setKeyEntry( + eq(expectedAlias), eq(FakeKeys.RSA_KEY1), eq(null), + aryEq(new X509Certificate[] {FakeKeys.CLIENT_CERT})); + verify(mKeyStore).setCertificateEntry(eq(expectedCaAlias), eq(FakeKeys.CA_CERT0)); + verify(mWifiEnterpriseConfig).setClientCertificateAlias(eq(expectedAlias)); + verify(mWifiEnterpriseConfig).setCaCertificateAliases( + aryEq(new String[] {expectedCaAlias})); + } } |