commit bac071b74f0a0a7c20db21cc30c7b21b432eb948
author Chad Brubaker <cbrubaker@google.com> Wed Apr 20 13:34:40 2016 -0700
committer Chad Brubaker <cbrubaker@google.com> Wed Apr 20 15:12:38 2016 -0700
tree f0c8e026f16366b8c73f2620632a1a3f1a43e721
parent 0e47422a47489a8eea8fa7cd8b56ae94ac4f123c

Rewrite X509TrustManagerExtensionsTest

X509TrustManagerExtensionsTest used internal implementation details to
test X509TrustManagerExtensions#isUserAddedCertificate, these
implementation details are no longer the same and so this test failed to
catch the API being broken and then incorrectly flagged the fixed API as
broken.

To ensure that isUserAddedCertificate is properly covered the tests for
the API are split into two places: X509TrustManagerExtensionsTest covers
tests for the default case where there are no added CAs and
CaCertManagementTest to test the behavior when CAs have been added.

Bug:28262103
Change-Id: I14f3211c277fdc9c8bfc3d4ac932be375961fa28

tests/cts/net/src/android/net/http/cts/X509TrustManagerExtensionsTest.java

diff --git a/tests/cts/net/src/android/net/http/cts/X509TrustManagerExtensionsTest.java b/tests/cts/net/src/android/net/http/cts/X509TrustManagerExtensionsTest.java
index 9c0d774..99de614 100644
--- a/tests/cts/net/src/android/net/http/cts/X509TrustManagerExtensionsTest.java
+++ b/tests/cts/net/src/android/net/http/cts/X509TrustManagerExtensionsTest.java
@@ -17,61 +17,39 @@
 package android.net.http.cts;
 
 import android.net.http.X509TrustManagerExtensions;
-import android.util.Base64;
-
-import java.io.File;
-import java.io.ByteArrayInputStream;
 
 import java.security.KeyStore;
-import java.security.cert.CertificateFactory;
+import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
 import junit.framework.TestCase;
 
-import com.android.org.conscrypt.TrustedCertificateStore;
-import com.android.org.conscrypt.TrustManagerImpl;
-
 public class X509TrustManagerExtensionsTest extends TestCase {
 
-    public void testIsUserAddedCert() throws Exception {
-        final String testCert =
-            "MIICfjCCAeegAwIBAgIJAMefIzKHY5H4MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV" +
-            "BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEPMA0G" +
-            "A1UECgwGR2V3Z3VsMRMwEQYDVQQDDApnZXdndWwuY29tMB4XDTEzMTEwNTAwNDE0" +
-            "MFoXDTEzMTIwNTAwNDE0MFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYw" +
-            "FAYDVQQHDA1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQKDAZHZXdndWwxEzARBgNVBAMM" +
-            "Cmdld2d1bC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpc/I0Ss4sm" +
-            "yV2iX5xRMM7+XXAhiWrceGair4MpvDrGIa1kFj2phtx4IqTfDnNU7AhRJYkDYmJQ" +
-            "fUJ8i6F+I08uNiGVO4DtPJbZcBXg9ME9EMaJCslm995ueeNWSw1Ky8zM0tt4p+94" +
-            "BcXJ7PC3N2WgkvtE8xwNbaeUfhGPzJKXAgMBAAGjUDBOMB0GA1UdDgQWBBQQ/iW7" +
-            "JCkSI2sbn4nTBiZ9PSiO8zAfBgNVHSMEGDAWgBQQ/iW7JCkSI2sbn4nTBiZ9PSiO" +
-            "8zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABQBrUOWTCSIl3vkRR3w" +
-            "3bPzh3BpqDmxH9xe4rZr+MVKKjpGjY1z2m2EEtyNz3tbgVQym5+si00DUHFL0IP1" +
-            "SuRULmPyEpTBVbV+PA5Kc967ZcDgYt4JtdMcCeKbIFaU6r8oEYEL2PTlNZmgbunM" +
-            "pXktkhVvNxZeSa8yM9bPhXkN";
+    private static X509TrustManager getFirstX509TrustManager(TrustManagerFactory tmf)
+            throws Exception {
+        for (TrustManager trustManager : tmf.getTrustManagers()) {
+             if (trustManager instanceof X509TrustManager) {
+                 return (X509TrustManager) trustManager;
+             }
+        }
+        fail("Unable to find X509TrustManager");
+        return null;
+    }
 
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-        X509Certificate cert = (X509Certificate)cf.generateCertificate(
-            new ByteArrayInputStream(Base64.decode(testCert, Base64.DEFAULT)));
-
-        // Test without adding cert to keystore.
-        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-        X509TrustManagerExtensions tmeNegative =
-            new X509TrustManagerExtensions(new TrustManagerImpl(keyStore));
-        assertEquals(false, tmeNegative.isUserAddedCertificate(cert));
-
-        // Test with cert added to keystore.
-        final File DIR_TEMP = new File(System.getProperty("java.io.tmpdir"));
-        final File DIR_TEST = new File(DIR_TEMP, "test");
-        final File system = new File(DIR_TEST, "system-test");
-        final File added = new File(DIR_TEST, "added-test");
-        final File deleted = new File(DIR_TEST, "deleted-test");
-
-        TrustedCertificateStore tcs = new TrustedCertificateStore(system, added, deleted);
-        added.mkdirs();
-        tcs.installCertificate(cert);
-        X509TrustManagerExtensions tmePositive =
-            new X509TrustManagerExtensions(new TrustManagerImpl(keyStore, null, tcs));
-        assertEquals(true, tmePositive.isUserAddedCertificate(cert));
+    public void testIsUserAddedCertificateDefaults() throws Exception {
+        final TrustManagerFactory tmf =
+                TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init((KeyStore) null);
+        X509TrustManager tm = getFirstX509TrustManager(tmf);
+        X509TrustManagerExtensions xtm = new X509TrustManagerExtensions(tm);
+        // Verify that all the default system provided CAs are not marked as user added.
+        for (Certificate cert : tm.getAcceptedIssuers()) {
+            assertFalse(xtm.isUserAddedCertificate((X509Certificate) cert));
+        }
     }
 }