Merge "Convert LockSettingsService tests to JUnit4"

package com.android.server.locksettings;

import static org.mockito.Matchers.any;

import static org.mockito.Matchers.anyBoolean;

import static org.mockito.Matchers.anyInt;

import static org.mockito.Matchers.eq;

import static org.junit.Assert.assertFalse;

import static org.junit.Assert.assertTrue;

import static org.mockito.ArgumentMatchers.any;

import static org.mockito.ArgumentMatchers.anyBoolean;

import static org.mockito.ArgumentMatchers.anyInt;

import static org.mockito.ArgumentMatchers.eq;

import static org.mockito.Mockito.doAnswer;

import static org.mockito.Mockito.mock;

import static org.mockito.Mockito.when;

import android.os.storage.IStorageManager;

import android.os.storage.StorageManager;

import android.security.KeyStore;

import android.test.AndroidTestCase;

import androidx.test.InstrumentationRegistry;

import androidx.test.runner.AndroidJUnit4;

import com.android.internal.widget.ILockSettings;

import com.android.internal.widget.LockPatternUtils;

import com.android.server.locksettings.recoverablekeystore.RecoverableKeyStoreManager;

import com.android.server.wm.WindowManagerInternal;

import org.junit.After;

import org.junit.Before;

import org.junit.runner.RunWith;

import org.mockito.invocation.InvocationOnMock;

import org.mockito.stubbing.Answer;

import java.util.ArrayList;

import java.util.Arrays;

public abstract class BaseLockSettingsServiceTests extends AndroidTestCase {

@RunWith(AndroidJUnit4.class)

public abstract class BaseLockSettingsServiceTests {

    protected static final int PRIMARY_USER_ID = 0;

    protected static final int MANAGED_PROFILE_USER_ID = 12;

    protected static final int TURNED_OFF_PROFILE_USER_ID = 17;

    RecoverableKeyStoreManager mRecoverableKeyStoreManager;

    protected boolean mHasSecureLockScreen;

    @Override

    protected void setUp() throws Exception {

        super.setUp();

    @Before

    public void setUp_baseServices() throws Exception {

        mGateKeeperService = new FakeGateKeeperService();

        mNotificationManager = mock(NotificationManager.class);

        mUserManager = mock(UserManager.class);

        LocalServices.addService(DevicePolicyManagerInternal.class, mDevicePolicyManagerInternal);

        LocalServices.addService(WindowManagerInternal.class, mMockWindowManager);

        mContext = new MockLockSettingsContext(getContext(), mUserManager, mNotificationManager,

                mDevicePolicyManager, mock(StorageManager.class), mock(TrustManager.class),

                mock(KeyguardManager.class));

        mContext = new MockLockSettingsContext(InstrumentationRegistry.getContext(), mUserManager,

                mNotificationManager, mDevicePolicyManager, mock(StorageManager.class),

                mock(TrustManager.class), mock(KeyguardManager.class));

        mStorage = new LockSettingsStorageTestable(mContext,

                new File(getContext().getFilesDir(), "locksettings"));

                new File(InstrumentationRegistry.getContext().getFilesDir(), "locksettings"));

        File storageDir = mStorage.mStorageDir;

        if (storageDir.exists()) {

            FileUtils.deleteContents(storageDir);

        return sm;

    }

    @Override

    protected void tearDown() throws Exception {

        super.tearDown();

    @After

    public void tearDown_baseServices() throws Exception {

        mStorage.closeDatabase();

        File db = getContext().getDatabasePath("locksettings.db");

        File db = InstrumentationRegistry.getContext().getDatabasePath("locksettings.db");

        assertTrue(!db.exists() || db.delete());

        File storageDir = mStorage.mStorageDir;

import static com.android.server.testutils.TestUtils.assertExpectException;

import static org.junit.Assert.assertEquals;

import static org.mockito.Mockito.anyInt;

import static org.mockito.Mockito.atLeastOnce;

import static org.mockito.Mockito.verify;

import android.platform.test.annotations.Presubmit;

import androidx.test.filters.SmallTest;

import androidx.test.runner.AndroidJUnit4;

import com.android.internal.widget.LockPatternUtils;

import com.android.internal.widget.VerifyCredentialResponse;

import org.junit.Before;

import org.junit.Test;

import org.junit.runner.RunWith;

import org.mockito.ArgumentCaptor;

import java.util.ArrayList;

 */

@SmallTest

@Presubmit

@RunWith(AndroidJUnit4.class)

public class CachedSyntheticPasswordTests extends SyntheticPasswordTests {

    @Override

    protected void setUp() throws Exception {

        super.setUp();

    @Before

    public void enableSpCache() throws Exception {

        enableSpCaching(true);

    }

                .canUserHaveUntrustedCredentialReset(anyInt())).thenReturn(enable);

    }

    @Test

    public void testSyntheticPasswordClearCredentialUntrusted() throws RemoteException {

        final byte[] password = "testSyntheticPasswordClearCredential-password".getBytes();

        final byte[] newPassword = "testSyntheticPasswordClearCredential-newpassword".getBytes();

        assertNotEquals(sid, mGateKeeperService.getSecureUserId(PRIMARY_USER_ID));

    }

    @Test

    public void testSyntheticPasswordChangeCredentialUntrusted() throws RemoteException {

        final byte[] password = "testSyntheticPasswordClearCredential-password".getBytes();

        final byte[] newPassword = "testSyntheticPasswordClearCredential-newpassword".getBytes();

                LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 0, PRIMARY_USER_ID).getResponseCode());

    }

    @Test

    public void testUntrustedCredentialChangeMaintainsAuthSecret() throws RemoteException {

        final byte[] password =

                "testUntrustedCredentialChangeMaintainsAuthSecret-password".getBytes();

        assertEquals(1, secret.getAllValues().stream().distinct().count());

    }

    @Test

    public void testUntrustedCredentialChangeBlockedIfSpNotCached() throws RemoteException {

        final byte[] password =

                "testUntrustedCredentialChangeBlockedIfSpNotCached-password".getBytes();

import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PASSWORD;

import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PATTERN;

import static org.junit.Assert.assertEquals;

import static org.junit.Assert.assertFalse;

import static org.junit.Assert.assertNotNull;

import static org.junit.Assert.assertNull;

import static org.junit.Assert.assertTrue;

import static org.junit.Assert.fail;

import static org.mockito.ArgumentMatchers.any;

import static org.mockito.ArgumentMatchers.anyInt;

import static org.mockito.ArgumentMatchers.eq;

import android.service.gatekeeper.GateKeeperResponse;

import androidx.test.filters.SmallTest;

import androidx.test.runner.AndroidJUnit4;

import com.android.internal.widget.LockPatternUtils;

import com.android.internal.widget.VerifyCredentialResponse;

import com.android.server.locksettings.FakeGateKeeperService.VerifyHandle;

import com.android.server.locksettings.LockSettingsStorage.CredentialHash;

import org.junit.Test;

import org.junit.runner.RunWith;

/**

 * runtest frameworks-services -c com.android.server.locksettings.LockSettingsServiceTests

 * atest FrameworksServicesTests:LockSettingsServiceTests

 */

@SmallTest

@Presubmit

@RunWith(AndroidJUnit4.class)

public class LockSettingsServiceTests extends BaseLockSettingsServiceTests {

    @Override

    protected void setUp() throws Exception {

        super.setUp();

    }

    @Override

    protected void tearDown() throws Exception {

        super.tearDown();

    }

    @Test

    public void testCreatePasswordPrimaryUser() throws RemoteException {

        testCreateCredential(PRIMARY_USER_ID, "password", CREDENTIAL_TYPE_PASSWORD,

                PASSWORD_QUALITY_ALPHABETIC);

    }

    @Test

    public void testCreatePasswordFailsWithoutLockScreen() throws RemoteException {

        testCreateCredentialFailsWithoutLockScreen(PRIMARY_USER_ID, "password",

                CREDENTIAL_TYPE_PASSWORD, PASSWORD_QUALITY_ALPHABETIC);

    }

    @Test

    public void testCreatePatternPrimaryUser() throws RemoteException {

        testCreateCredential(PRIMARY_USER_ID, "123456789", CREDENTIAL_TYPE_PATTERN,

                PASSWORD_QUALITY_SOMETHING);

    }

    @Test

    public void testCreatePatternFailsWithoutLockScreen() throws RemoteException {

        testCreateCredentialFailsWithoutLockScreen(PRIMARY_USER_ID, "123456789",

                CREDENTIAL_TYPE_PATTERN, PASSWORD_QUALITY_SOMETHING);

    }

    @Test

    public void testChangePasswordPrimaryUser() throws RemoteException {

        testChangeCredentials(PRIMARY_USER_ID, "78963214", CREDENTIAL_TYPE_PATTERN,

                "asdfghjk", CREDENTIAL_TYPE_PASSWORD, PASSWORD_QUALITY_ALPHABETIC);

    }

    @Test

    public void testChangePatternPrimaryUser() throws RemoteException {

        testChangeCredentials(PRIMARY_USER_ID, "!£$%^&*(())", CREDENTIAL_TYPE_PASSWORD,

                "1596321", CREDENTIAL_TYPE_PATTERN, PASSWORD_QUALITY_SOMETHING);

    }

    @Test

    public void testChangePasswordFailPrimaryUser() throws RemoteException {

        final long sid = 1234;

        final String FAILED_MESSAGE = "Failed to enroll password";

        assertVerifyCredentials(PRIMARY_USER_ID, "password", CREDENTIAL_TYPE_PASSWORD, sid);

    }

    @Test

    public void testClearPasswordPrimaryUser() throws RemoteException {

        final String PASSWORD = "password";

        initializeStorageWithCredential(PRIMARY_USER_ID, PASSWORD, CREDENTIAL_TYPE_PASSWORD, 1234);

        assertEquals(0, mGateKeeperService.getSecureUserId(PRIMARY_USER_ID));

    }

    @Test

    public void testManagedProfileUnifiedChallenge() throws RemoteException {

        final String firstUnifiedPassword = "testManagedProfileUnifiedChallenge-pwd-1";

        final String secondUnifiedPassword = "testManagedProfileUnifiedChallenge-pwd-2";

        assertEquals(0, mGateKeeperService.getSecureUserId(TURNED_OFF_PROFILE_USER_ID));

    }

    @Test

    public void testManagedProfileSeparateChallenge() throws RemoteException {

        final String primaryPassword = "testManagedProfileSeparateChallenge-primary";

        final String profilePassword = "testManagedProfileSeparateChallenge-profile";

        assertEquals(profileSid, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID));

    }

    @Test

    public void testSetLockCredential_forPrimaryUser_sendsCredentials() throws Exception {

        final byte[] password = "password".getBytes();

                .lockScreenSecretChanged(CREDENTIAL_TYPE_PASSWORD, password, PRIMARY_USER_ID);

    }

    @Test

    public void testSetLockCredential_forProfileWithSeparateChallenge_sendsCredentials()

            throws Exception {

        final byte[] pattern = "12345".getBytes();

                .lockScreenSecretChanged(CREDENTIAL_TYPE_PATTERN, pattern, MANAGED_PROFILE_USER_ID);

    }

    @Test

    public void testSetLockCredential_forProfileWithSeparateChallenge_updatesCredentials()

            throws Exception {

        final String oldCredential = "12345";

                        CREDENTIAL_TYPE_PASSWORD, newCredential, MANAGED_PROFILE_USER_ID);

    }

    @Test

    public void testSetLockCredential_forProfileWithUnifiedChallenge_doesNotSendRandomCredential()

            throws Exception {

        mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, false, null);

                        eq(CREDENTIAL_TYPE_PASSWORD), any(), eq(MANAGED_PROFILE_USER_ID));

    }

    @Test

    public void

            testSetLockCredential_forPrimaryUserWithUnifiedChallengeProfile_updatesBothCredentials()

                    throws Exception {

                        CREDENTIAL_TYPE_PASSWORD, newCredential, MANAGED_PROFILE_USER_ID);

    }

    @Test

    public void

            testSetLockCredential_forPrimaryUserWithUnifiedChallengeProfile_removesBothCredentials()

                    throws Exception {

                .lockScreenSecretChanged(CREDENTIAL_TYPE_NONE, null, MANAGED_PROFILE_USER_ID);

    }

    @Test

    public void testSetLockCredential_forUnifiedToSeparateChallengeProfile_sendsNewCredentials()

            throws Exception {

        final String parentPassword = "parentPassword";

                        CREDENTIAL_TYPE_PASSWORD, profilePassword, MANAGED_PROFILE_USER_ID);

    }

    @Test

    public void

            testSetLockCredential_forSeparateToUnifiedChallengeProfile_doesNotSendRandomCredential()

                    throws Exception {

                .lockScreenSecretChanged(anyInt(), any(), eq(MANAGED_PROFILE_USER_ID));

    }

    @Test

    public void testVerifyCredential_forPrimaryUser_sendsCredentials() throws Exception {

        final String password = "password";

        initializeStorageWithCredential(PRIMARY_USER_ID, password, CREDENTIAL_TYPE_PASSWORD, 1234);

                        CREDENTIAL_TYPE_PASSWORD, password.getBytes(), PRIMARY_USER_ID);

    }

    @Test

    public void testVerifyCredential_forProfileWithSeparateChallenge_sendsCredentials()

            throws Exception {

        final byte[] pattern = "12345".getBytes();

                        CREDENTIAL_TYPE_PATTERN, pattern, MANAGED_PROFILE_USER_ID);

    }

    public void

            testVerifyCredential_forPrimaryUserWithUnifiedChallengeProfile_sendsCredentialsForBoth()

    @Test

    public void verifyCredential_forPrimaryUserWithUnifiedChallengeProfile_sendsCredentialsForBoth()

                    throws Exception {

        final String pattern = "12345";

        initializeStorageWithCredential(PRIMARY_USER_ID, pattern, CREDENTIAL_TYPE_PATTERN, 1234);

import static junit.framework.Assert.assertEquals;

import static org.mockito.Matchers.anyInt;

import static org.mockito.ArgumentMatchers.anyInt;

import static org.mockito.Mockito.any;

import static org.mockito.Mockito.never;

import static org.mockito.Mockito.verify;