refactor reportPasswordChanged

        return new JournaledFile(new File(base), new File(base + ".tmp"));

    }

    /**

     * Persist modified values to disk by calling {@link #saveSettingsLocked} for each

     * affected user ID.

     */

    @GuardedBy("getLockObject()")

    private void saveSettingsForUsersLocked(Set<Integer> affectedUserIds) {

        for (int userId : affectedUserIds) {

            saveSettingsLocked(userId);

        }

    }

    private void saveSettingsLocked(int userHandle) {

        DevicePolicyData policy = getUserData(userHandle);

        JournaledFile journal = makeJournaledFile(userHandle);

    /**

     * Updates a flag that tells us whether the user's password currently satisfies the

     * requirements set by all of the user's active admins. The flag is updated both in memory

     * and persisted to disk by calling {@link #saveSettingsLocked}, for the value of the flag

     * be the correct one upon boot.

     * This should be called whenever the password or the admin policies have changed.

     * requirements set by all of the user's active admins.

     * This should be called whenever the password or the admin policies have changed. The caller

     * is responsible for calling {@link #saveSettingsLocked} to persist the change.

     *

     * @return the set of user IDs that have been affected

     */

    @GuardedBy("getLockObject()")

    private void updatePasswordValidityCheckpointLocked(int userHandle, boolean parent) {

    private Set<Integer> updatePasswordValidityCheckpointLocked(int userHandle, boolean parent) {

        final ArraySet<Integer> affectedUserIds = new ArraySet<>();

        final int credentialOwner = getCredentialOwner(userHandle, parent);

        DevicePolicyData policy = getUserData(credentialOwner);

        PasswordMetrics metrics = mLockSettingsInternal.getUserPasswordMetrics(credentialOwner);

                    metrics, userHandle, parent);

            if (newCheckpoint != policy.mPasswordValidAtLastCheckpoint) {

                policy.mPasswordValidAtLastCheckpoint = newCheckpoint;

                saveSettingsLocked(credentialOwner);

                affectedUserIds.add(credentialOwner);

            }

        }

        return affectedUserIds;

    }

    /**

        }

    }

    private void removeCaApprovalsIfNeeded(int userId) {

    private Set<Integer> removeCaApprovalsIfNeeded(int userId) {

        final ArraySet<Integer> affectedUserIds = new ArraySet<>();

        for (UserInfo userInfo : mUserManager.getProfiles(userId)) {

            boolean isSecure = mLockPatternUtils.isSecure(userInfo.id);

            if (userInfo.isManagedProfile()){

            if (!isSecure) {

                synchronized (getLockObject()) {

                    getUserData(userInfo.id).mAcceptedCaCertificates.clear();

                    saveSettingsLocked(userInfo.id);

                    affectedUserIds.add(userInfo.id);

                }

                mCertificateMonitor.onCertificateApprovalsChanged(userId);

            }

        }

        return affectedUserIds;

    }

    @Override

        }

        DevicePolicyData policy = getUserData(userId);

        final ArraySet<Integer> affectedUserIds = new ArraySet<>();

        synchronized (getLockObject()) {

            policy.mFailedPasswordAttempts = 0;

            updatePasswordValidityCheckpointLocked(userId, /* parent */ false);

            saveSettingsLocked(userId);

            updatePasswordExpirationsLocked(userId);

            affectedUserIds.add(userId);

            affectedUserIds.addAll(updatePasswordValidityCheckpointLocked(

                    userId, /* parent */ false));

            affectedUserIds.addAll(updatePasswordExpirationsLocked(userId));

            setExpirationAlarmCheckLocked(mContext, userId, /* parent */ false);

            // Send a broadcast to each profile using this password as its primary unlock.

            sendAdminCommandForLockscreenPoliciesLocked(

                    DeviceAdminReceiver.ACTION_PASSWORD_CHANGED,

                    DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, userId);

            affectedUserIds.addAll(removeCaApprovalsIfNeeded(userId));

            saveSettingsForUsersLocked(affectedUserIds);

        }

        removeCaApprovalsIfNeeded(userId);

    }

    /**

     * Called any time the device password is updated. Resets all password expiration clocks.

     *

     * @return the set of user IDs that have been affected

     */

    private void updatePasswordExpirationsLocked(int userHandle) {

        ArraySet<Integer> affectedUserIds = new ArraySet<Integer>();

    private Set<Integer> updatePasswordExpirationsLocked(int userHandle) {

        final ArraySet<Integer> affectedUserIds = new ArraySet<>();

        List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(

                userHandle, /* parent */ false);

        final int N = admins.size();

        for (int i = 0; i < N; i++) {

        for (int i = 0; i < admins.size(); i++) {

            ActiveAdmin admin = admins.get(i);

            if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) {

                affectedUserIds.add(admin.getUserHandle().getIdentifier());

                long timeout = admin.passwordExpirationTimeout;

                long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L;

                admin.passwordExpirationDate = expiration;

            }

                admin.passwordExpirationDate =

                        timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L;

            }

        for (int affectedUserId : affectedUserIds) {

            saveSettingsLocked(affectedUserId);

        }

        return affectedUserIds;

    }

    @Override

import static org.mockito.Matchers.anyString;

import static org.mockito.Matchers.eq;

import static org.mockito.Matchers.isNull;

import static org.mockito.Mockito.atLeast;

import static org.mockito.Mockito.atMost;

import static org.mockito.Mockito.clearInvocations;

import static org.mockito.Mockito.doAnswer;

import static org.mockito.Mockito.doReturn;

                .thenReturn(passwordMetrics);

        dpm.reportPasswordChanged(userHandle);

        // Drain ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED broadcasts as part of

        // reportPasswordChanged()

        // This broadcast should be sent 2-4 times:

        // * Twice from calls to DevicePolicyManagerService.updatePasswordExpirationsLocked,

        //   once for each affected user, in DevicePolicyManagerService.reportPasswordChanged.

        // * Optionally, at most twice from calls to DevicePolicyManagerService.saveSettingsLocked

        //   in DevicePolicyManagerService.reportPasswordChanged, once with the userId

        //   the password change is relevant to and another with the credential owner of said

        //   userId, if the password checkpoint value changes.

        verify(mContext.spiedContext, atMost(4)).sendBroadcastAsUser(

                MockUtils.checkIntentAction(

                        DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),

                MockUtils.checkUserHandle(userHandle));

        verify(mContext.spiedContext, atLeast(2)).sendBroadcastAsUser(

        verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(

                MockUtils.checkIntentAction(

                        DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),

                MockUtils.checkUserHandle(userHandle));