FileDocCategorySizeDatePackage
CertPinInstallReceiverTest.javaAPI DocAndroid 5.1 API11812Thu Mar 12 22:22:42 GMT 2015com.android.server.updates

CertPinInstallReceiverTest

public class CertPinInstallReceiverTest extends android.test.AndroidTestCase
Tests for {@link com.android.server.CertPinInstallReceiver}

Fields Summary
private static final String
TAG
private static final String
PINLIST_ROOT
public static final String
PINLIST_CONTENT_PATH
public static final String
PINLIST_METADATA_PATH
public static final String
PINLIST_CONTENT_URL_KEY
public static final String
PINLIST_METADATA_URL_KEY
public static final String
PINLIST_CERTIFICATE_KEY
public static final String
PINLIST_VERSION_KEY
private static final String
EXTRA_CONTENT_PATH
private static final String
EXTRA_REQUIRED_HASH
private static final String
EXTRA_SIGNATURE
private static final String
EXTRA_VERSION_NUMBER
public static final String
TEST_CERT
public static final String
TEST_KEY
Constructors Summary
Methods Summary
private java.security.cert.X509CertificatecreateCertificate()

        byte[] derCert = Base64.decode(TEST_CERT.getBytes(), Base64.DEFAULT);
        InputStream istream = new ByteArrayInputStream(derCert);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        return (X509Certificate) cf.generateCertificate(istream);
private java.security.PrivateKeycreateKey()

        byte[] derKey = Base64.decode(TEST_KEY.getBytes(), Base64.DEFAULT);
        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(derKey);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        return (PrivateKey) keyFactory.generatePrivate(keySpec);
private java.lang.StringcreateSignature(java.lang.String content, java.lang.String version, java.lang.String requiredHash)

        Signature signer = Signature.getInstance("SHA512withRSA");
        signer.initSign(createKey());
        signer.update(content.trim().getBytes());
        signer.update(version.trim().getBytes());
        signer.update(requiredHash.getBytes());
        String sig = new String(Base64.encode(signer.sign(), Base64.DEFAULT));
        assertEquals(true,
                     verifySignature(content, version, requiredHash, sig, createCertificate()));
        return sig;
private static java.lang.StringgetCurrentHash(java.lang.String content)

        if (content == null) {
            return "0";
        }
        MessageDigest dgst = MessageDigest.getInstance("SHA512");
        byte[] encoded = content.getBytes();
        byte[] fingerprint = dgst.digest(encoded);
        return IntegralToString.bytesToHexString(fingerprint, false);
private static java.lang.StringgetHashOfCurrentContent()

        String content = IoUtils.readFileAsString("/data/misc/keychain/pins");
        return getCurrentHash(content);
private java.lang.StringgetNextVersion()

        int currentVersion = Integer.parseInt(readCurrentVersion());
        return Integer.toString(currentVersion + 1);
private java.lang.StringmakeTemporaryContentFile(java.lang.String content)

        FileOutputStream fw = mContext.openFileOutput("content.txt", mContext.MODE_WORLD_READABLE);
        fw.write(content.getBytes(), 0, content.length());
        fw.close();
        return mContext.getFilesDir() + "/content.txt";
private voidoverrideCert(java.lang.String value)

        overrideSettings(PINLIST_CERTIFICATE_KEY, value);
private voidoverrideSettings(java.lang.String key, java.lang.String value)


            
        assertTrue(Settings.Secure.putString(mContext.getContentResolver(), key, value));
        Thread.sleep(1000);
private java.lang.StringreadCurrentVersion()

        return IoUtils.readFileAsString("/data/misc/keychain/metadata/version");
private java.lang.StringreadPins()

        return IoUtils.readFileAsString(PINLIST_CONTENT_PATH);
private java.lang.StringrunTest(java.lang.String cert, java.lang.String content, java.lang.String version, java.lang.String required, java.lang.String sig)

        Log.e(TAG, "started test");
        overrideCert(cert);
        String contentPath = makeTemporaryContentFile(content);
        sendIntent(contentPath, version, required, sig);
        Thread.sleep(1000);
        return readPins();
private java.lang.StringrunTestWithoutSig(java.lang.String cert, java.lang.String content, java.lang.String version, java.lang.String required)

        String sig = createSignature(content, version, required);
        return runTest(cert, content, version, required, sig);
private voidsendIntent(java.lang.String contentPath, java.lang.String version, java.lang.String required, java.lang.String sig)

        Intent i = new Intent();
        i.setAction("android.intent.action.UPDATE_PINS");
        i.putExtra(EXTRA_CONTENT_PATH, contentPath);
        i.putExtra(EXTRA_VERSION_NUMBER, version);
        i.putExtra(EXTRA_REQUIRED_HASH, required);
        i.putExtra(EXTRA_SIGNATURE, sig);
        mContext.sendBroadcast(i);
public voidtestBadRequiredHashFails()

        runTestWithoutSig(TEST_CERT, "blahblahblah", getNextVersion(), getHashOfCurrentContent());
        assertEquals("blahblahblah", runTestWithoutSig(TEST_CERT, "cdefg", getNextVersion(), "0"));
        Log.e(TAG, "started testOverwritePinList");
public voidtestBadSignatureFails()

        Log.e(TAG, "started testOverwritePinList");
        String text = "blahblah";
        runTestWithoutSig(TEST_CERT, text, getNextVersion(), getHashOfCurrentContent());
        assertEquals(text, runTest(TEST_CERT, "bcdef", getNextVersion(), getCurrentHash(text), ""));
        Log.e(TAG, "started testOverwritePinList");
public voidtestBadVersionFails()

        String text = "blahblahblahblah";
        String version = getNextVersion();
        runTestWithoutSig(TEST_CERT, text, version, getHashOfCurrentContent());
        assertEquals(text, runTestWithoutSig(TEST_CERT, "defgh", version, getCurrentHash(text)));
        Log.e(TAG, "started testOverwritePinList");
public voidtestOverrideRequiredHash()

        runTestWithoutSig(TEST_CERT, "blahblahblah", getNextVersion(), getHashOfCurrentContent());
        assertEquals("blahblahblah", runTestWithoutSig(TEST_CERT, "cdefg", "NONE", "0"));
        Log.e(TAG, "started testOverwritePinList");
public voidtestOverwritePinlist()

        Log.e(TAG, "started testOverwritePinList");
        assertEquals("abcde", runTestWithoutSig(TEST_CERT, "abcde", getNextVersion(), getHashOfCurrentContent()));
        Log.e(TAG, "started testOverwritePinList");
public booleanverifySignature(java.lang.String content, java.lang.String version, java.lang.String requiredPrevious, java.lang.String signature, java.security.cert.X509Certificate cert)

        Signature signer = Signature.getInstance("SHA512withRSA");
        signer.initVerify(cert);
        signer.update(content.trim().getBytes());
        signer.update(version.trim().getBytes());
        signer.update(requiredPrevious.trim().getBytes());
        return signer.verify(Base64.decode(signature.getBytes(), Base64.DEFAULT));