From bac071b74f0a0a7c20db21cc30c7b21b432eb948 Mon Sep 17 00:00:00 2001
From: Chad Brubaker <cbrubaker@google.com>
Date: Wed, 20 Apr 2016 13:34:40 -0700
Subject: [PATCH] Rewrite X509TrustManagerExtensionsTest

X509TrustManagerExtensionsTest used internal implementation details to
test X509TrustManagerExtensions#isUserAddedCertificate, these
implementation details are no longer the same and so this test failed to
catch the API being broken and then incorrectly flagged the fixed API as
broken.

To ensure that isUserAddedCertificate is properly covered the tests for
the API are split into two places: X509TrustManagerExtensionsTest covers
tests for the default case where there are no added CAs and
CaCertManagementTest to test the behavior when CAs have been added.

Bug:28262103
Change-Id: I14f3211c277fdc9c8bfc3d4ac932be375961fa28
---
 .../cts/X509TrustManagerExtensionsTest.java   | 72 +++++++------------
 1 file changed, 25 insertions(+), 47 deletions(-)

diff --git a/tests/cts/net/src/android/net/http/cts/X509TrustManagerExtensionsTest.java b/tests/cts/net/src/android/net/http/cts/X509TrustManagerExtensionsTest.java
index 9c0d7744c7..99de614d80 100644
--- a/tests/cts/net/src/android/net/http/cts/X509TrustManagerExtensionsTest.java
+++ b/tests/cts/net/src/android/net/http/cts/X509TrustManagerExtensionsTest.java
@@ -17,61 +17,39 @@
 package android.net.http.cts;
 
 import android.net.http.X509TrustManagerExtensions;
-import android.util.Base64;
-
-import java.io.File;
-import java.io.ByteArrayInputStream;
 
 import java.security.KeyStore;
-import java.security.cert.CertificateFactory;
+import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
 import junit.framework.TestCase;
 
-import com.android.org.conscrypt.TrustedCertificateStore;
-import com.android.org.conscrypt.TrustManagerImpl;
-
 public class X509TrustManagerExtensionsTest extends TestCase {
 
-    public void testIsUserAddedCert() throws Exception {
-        final String testCert =
-            "MIICfjCCAeegAwIBAgIJAMefIzKHY5H4MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV" +
-            "BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEPMA0G" +
-            "A1UECgwGR2V3Z3VsMRMwEQYDVQQDDApnZXdndWwuY29tMB4XDTEzMTEwNTAwNDE0" +
-            "MFoXDTEzMTIwNTAwNDE0MFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYw" +
-            "FAYDVQQHDA1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQKDAZHZXdndWwxEzARBgNVBAMM" +
-            "Cmdld2d1bC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpc/I0Ss4sm" +
-            "yV2iX5xRMM7+XXAhiWrceGair4MpvDrGIa1kFj2phtx4IqTfDnNU7AhRJYkDYmJQ" +
-            "fUJ8i6F+I08uNiGVO4DtPJbZcBXg9ME9EMaJCslm995ueeNWSw1Ky8zM0tt4p+94" +
-            "BcXJ7PC3N2WgkvtE8xwNbaeUfhGPzJKXAgMBAAGjUDBOMB0GA1UdDgQWBBQQ/iW7" +
-            "JCkSI2sbn4nTBiZ9PSiO8zAfBgNVHSMEGDAWgBQQ/iW7JCkSI2sbn4nTBiZ9PSiO" +
-            "8zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABQBrUOWTCSIl3vkRR3w" +
-            "3bPzh3BpqDmxH9xe4rZr+MVKKjpGjY1z2m2EEtyNz3tbgVQym5+si00DUHFL0IP1" +
-            "SuRULmPyEpTBVbV+PA5Kc967ZcDgYt4JtdMcCeKbIFaU6r8oEYEL2PTlNZmgbunM" +
-            "pXktkhVvNxZeSa8yM9bPhXkN";
+    private static X509TrustManager getFirstX509TrustManager(TrustManagerFactory tmf)
+            throws Exception {
+        for (TrustManager trustManager : tmf.getTrustManagers()) {
+             if (trustManager instanceof X509TrustManager) {
+                 return (X509TrustManager) trustManager;
+             }
+        }
+        fail("Unable to find X509TrustManager");
+        return null;
+    }
 
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-        X509Certificate cert = (X509Certificate)cf.generateCertificate(
-            new ByteArrayInputStream(Base64.decode(testCert, Base64.DEFAULT)));
-
-        // Test without adding cert to keystore.
-        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-        X509TrustManagerExtensions tmeNegative =
-            new X509TrustManagerExtensions(new TrustManagerImpl(keyStore));
-        assertEquals(false, tmeNegative.isUserAddedCertificate(cert));
-
-        // Test with cert added to keystore.
-        final File DIR_TEMP = new File(System.getProperty("java.io.tmpdir"));
-        final File DIR_TEST = new File(DIR_TEMP, "test");
-        final File system = new File(DIR_TEST, "system-test");
-        final File added = new File(DIR_TEST, "added-test");
-        final File deleted = new File(DIR_TEST, "deleted-test");
-
-        TrustedCertificateStore tcs = new TrustedCertificateStore(system, added, deleted);
-        added.mkdirs();
-        tcs.installCertificate(cert);
-        X509TrustManagerExtensions tmePositive =
-            new X509TrustManagerExtensions(new TrustManagerImpl(keyStore, null, tcs));
-        assertEquals(true, tmePositive.isUserAddedCertificate(cert));
+    public void testIsUserAddedCertificateDefaults() throws Exception {
+        final TrustManagerFactory tmf =
+                TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init((KeyStore) null);
+        X509TrustManager tm = getFirstX509TrustManager(tmf);
+        X509TrustManagerExtensions xtm = new X509TrustManagerExtensions(tm);
+        // Verify that all the default system provided CAs are not marked as user added.
+        for (Certificate cert : tm.getAcceptedIssuers()) {
+            assertFalse(xtm.isUserAddedCertificate((X509Certificate) cert));
+        }
     }
 }