LockSettingsServiceTests.java revision 0cbc19e4a66f7db51596b57ca91afc6f5b27f3b4
1c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams/* 2a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk * Copyright (C) 2016 The Android Open Source Project 3c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * 4c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * Licensed under the Apache License, Version 2.0 (the "License"); 5c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * you may not use this file except in compliance with the License. 6c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * You may obtain a copy of the License at 7c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * 8c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * http://www.apache.org/licenses/LICENSE-2.0 9c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * 10c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * Unless required by applicable law or agreed to in writing, software 11c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * distributed under the License is distributed on an "AS IS" BASIS, 12c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * See the License for the specific language governing permissions and 14c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * limitations under the License 15c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams */ 16c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams 17a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchoukpackage com.android.server; 18a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk 19a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchoukimport static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE; 20a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchoukimport static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PASSWORD; 21a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchoukimport static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PATTERN; 22c19ff0177a7a0dadfc01b1990f822354fdc95991Alex Sakhartchouk 23a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchoukimport android.os.RemoteException; 24c460e55d78cbe8bee95c5c947dfe541218142a5bJason Samsimport android.service.gatekeeper.GateKeeperResponse; 25c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams 26c460e55d78cbe8bee95c5c947dfe541218142a5bJason Samsimport com.android.internal.widget.LockPatternUtils; 27c460e55d78cbe8bee95c5c947dfe541218142a5bJason Samsimport com.android.internal.widget.VerifyCredentialResponse; 28c460e55d78cbe8bee95c5c947dfe541218142a5bJason Samsimport com.android.server.LockSettingsStorage.CredentialHash; 29c460e55d78cbe8bee95c5c947dfe541218142a5bJason Samsimport com.android.server.MockGateKeeperService.VerifyHandle; 30c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams 31a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk/** 32889fe50e7aaebed8cb8284b16a0e51e64e8a3a9cAlex Sakhartchouk * runtest frameworks-services -c com.android.server.LockSettingsServiceTests 33a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk */ 34a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchoukpublic class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 35c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams 36c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams @Override 37a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk protected void setUp() throws Exception { 382cbfc4ca83ef045f004b52cd3a89934ae0318c12Jason Sams super.setUp(); 39c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams } 40c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams 41a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk @Override 4254929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk protected void tearDown() throws Exception { 4354929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk super.tearDown(); 4454929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk } 4554929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk 46afb743aca56c18beb7ab924e75cb6e070ef3e55aAlex Sakhartchouk public void testCreatePasswordPrimaryUser() throws RemoteException { 4754929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk testCreateCredential(PRIMARY_USER_ID, "password", CREDENTIAL_TYPE_PASSWORD); 48afb743aca56c18beb7ab924e75cb6e070ef3e55aAlex Sakhartchouk } 49afb743aca56c18beb7ab924e75cb6e070ef3e55aAlex Sakhartchouk 5054929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk public void testCreatePatternPrimaryUser() throws RemoteException { 5154929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk testCreateCredential(PRIMARY_USER_ID, "123456789", CREDENTIAL_TYPE_PATTERN); 5254929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk } 5354929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk 5454929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk public void testChangePasswordPrimaryUser() throws RemoteException { 5554929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk testChangeCredentials(PRIMARY_USER_ID, "78963214", CREDENTIAL_TYPE_PATTERN, 5654929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk "asdfghjk", CREDENTIAL_TYPE_PASSWORD); 576598201f1c4f409defac9a5af789fb53a7cc00f8Steve Block } 5854929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk 5954929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk public void testChangePatternPrimaryUser() throws RemoteException { 6054929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk testChangeCredentials(PRIMARY_USER_ID, "!£$%^&*(())", CREDENTIAL_TYPE_PASSWORD, 6154929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk "1596321", CREDENTIAL_TYPE_PATTERN); 6254929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk } 63a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk 6454929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk public void testChangePasswordFailPrimaryUser() throws RemoteException { 6554929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk final long sid = 1234; 6654929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk final String FAILED_MESSAGE = "Failed to enroll password"; 6754929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk initializeStorageWithCredential(PRIMARY_USER_ID, "password", CREDENTIAL_TYPE_PASSWORD, sid); 6854929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk 6954929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk try { 70a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk mService.setLockCredential("newpwd", CREDENTIAL_TYPE_PASSWORD, "badpwd", 7154929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk PRIMARY_USER_ID); 7254929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk fail("Did not fail when enrolling using incorrect credential"); 73afb743aca56c18beb7ab924e75cb6e070ef3e55aAlex Sakhartchouk } catch (RemoteException expected) { 7454929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk assertTrue(expected.getMessage().equals(FAILED_MESSAGE)); 7554929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk } 7654929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk try { 7754929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk mService.setLockCredential("newpwd", CREDENTIAL_TYPE_PASSWORD, null, PRIMARY_USER_ID); 7854929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk fail("Did not fail when enrolling using incorrect credential"); 79afb743aca56c18beb7ab924e75cb6e070ef3e55aAlex Sakhartchouk } catch (RemoteException expected) { 8054929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk assertTrue(expected.getMessage().equals(FAILED_MESSAGE)); 8154929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk } 8254929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk assertVerifyCredentials(PRIMARY_USER_ID, "password", CREDENTIAL_TYPE_PASSWORD, sid); 8354929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk } 8454929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk 8554929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk public void testClearPasswordPrimaryUser() throws RemoteException { 86a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk final String PASSWORD = "password"; 87a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk initializeStorageWithCredential(PRIMARY_USER_ID, PASSWORD, CREDENTIAL_TYPE_PASSWORD, 1234); 88a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk mService.setLockCredential(null, CREDENTIAL_TYPE_NONE, PASSWORD, PRIMARY_USER_ID); 89a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk assertFalse(mService.havePassword(PRIMARY_USER_ID)); 90a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk assertFalse(mService.havePattern(PRIMARY_USER_ID)); 91a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk assertEquals(0, mGateKeeperService.getSecureUserId(PRIMARY_USER_ID)); 92a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk } 93a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk 94a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk public void testManagedProfileUnifiedChallenge() throws RemoteException { 95a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk final String UnifiedPassword = "testManagedProfileUnifiedChallenge-pwd"; 96a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk mService.setLockCredential(UnifiedPassword, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, null, 97a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk PRIMARY_USER_ID); 98a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, false, null); 99a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk final long primarySid = mGateKeeperService.getSecureUserId(PRIMARY_USER_ID); 100a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk final long profileSid = mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID); 101a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk assertTrue(primarySid != 0); 102a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk assertTrue(profileSid != 0); 103a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk assertTrue(profileSid != primarySid); 104a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk 105a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk // clear auth token and wait for verify challenge from primary user to re-generate it. 106a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk mGateKeeperService.clearAuthToken(MANAGED_PROFILE_USER_ID); 107a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk // verify credential 108a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential( 109a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk UnifiedPassword, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 0, PRIMARY_USER_ID) 110a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk .getResponseCode()); 111c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams 112cd50653f99c960e1a47c2c30e53b369b8805344aJason Sams // Verify that we have a new auth token for the profile 113c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams assertNotNull(mGateKeeperService.getAuthToken(MANAGED_PROFILE_USER_ID)); 114c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams assertEquals(profileSid, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID)); 115cd50653f99c960e1a47c2c30e53b369b8805344aJason Sams 116c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams /* Currently in LockSettingsService.setLockCredential, unlockUser() is called with the new 117886f11ade9dde05485cb11c0d67d87f76a428f6cAlex Sakhartchouk * credential as part of verifyCredential() before the new credential is committed in 118886f11ade9dde05485cb11c0d67d87f76a428f6cAlex Sakhartchouk * StorageManager. So we relax the check in our mock StorageManager to allow that. 119afb743aca56c18beb7ab924e75cb6e070ef3e55aAlex Sakhartchouk */ 120886f11ade9dde05485cb11c0d67d87f76a428f6cAlex Sakhartchouk mStorageManager.setIgnoreBadUnlock(true); 121886f11ade9dde05485cb11c0d67d87f76a428f6cAlex Sakhartchouk // Change primary password and verify that profile SID remains 1226598201f1c4f409defac9a5af789fb53a7cc00f8Steve Block mService.setLockCredential("pwd", LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 123889fe50e7aaebed8cb8284b16a0e51e64e8a3a9cAlex Sakhartchouk UnifiedPassword, PRIMARY_USER_ID); 124afb743aca56c18beb7ab924e75cb6e070ef3e55aAlex Sakhartchouk mStorageManager.setIgnoreBadUnlock(false); 125889fe50e7aaebed8cb8284b16a0e51e64e8a3a9cAlex Sakhartchouk assertEquals(profileSid, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID)); 126889fe50e7aaebed8cb8284b16a0e51e64e8a3a9cAlex Sakhartchouk } 127889fe50e7aaebed8cb8284b16a0e51e64e8a3a9cAlex Sakhartchouk 1286598201f1c4f409defac9a5af789fb53a7cc00f8Steve Block public void testManagedProfileSeparateChallenge() throws RemoteException { 129889fe50e7aaebed8cb8284b16a0e51e64e8a3a9cAlex Sakhartchouk final String primaryPassword = "testManagedProfileSeparateChallenge-primary"; 130889fe50e7aaebed8cb8284b16a0e51e64e8a3a9cAlex Sakhartchouk final String profilePassword = "testManagedProfileSeparateChallenge-profile"; 1316598201f1c4f409defac9a5af789fb53a7cc00f8Steve Block mService.setLockCredential(primaryPassword, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, null, 132c19ff0177a7a0dadfc01b1990f822354fdc95991Alex Sakhartchouk PRIMARY_USER_ID); 133c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams /* Currently in LockSettingsService.setLockCredential, unlockUser() is called with the new 134c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * credential as part of verifyCredential() before the new credential is committed in 135c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams * StorageManager. So we relax the check in our mock StorageManager to allow that. 136c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams */ 1376598201f1c4f409defac9a5af789fb53a7cc00f8Steve Block mStorageManager.setIgnoreBadUnlock(true); 138af12ac6a08651464f8d823add667c706f993b587Steve Block mService.setLockCredential(profilePassword, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, null, 13954929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk MANAGED_PROFILE_USER_ID); 14054929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk mStorageManager.setIgnoreBadUnlock(false); 14154929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk 142889fe50e7aaebed8cb8284b16a0e51e64e8a3a9cAlex Sakhartchouk final long primarySid = mGateKeeperService.getSecureUserId(PRIMARY_USER_ID); 143c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams final long profileSid = mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID); 144c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams assertTrue(primarySid != 0); 145c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams assertTrue(profileSid != 0); 146c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams assertTrue(profileSid != primarySid); 147889fe50e7aaebed8cb8284b16a0e51e64e8a3a9cAlex Sakhartchouk 148c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams // clear auth token and make sure verify challenge from primary user does not regenerate it. 149c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams mGateKeeperService.clearAuthToken(MANAGED_PROFILE_USER_ID); 150af12ac6a08651464f8d823add667c706f993b587Steve Block // verify primary credential 151c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential( 152c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams primaryPassword, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 0, PRIMARY_USER_ID) 153a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk .getResponseCode()); 154a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk assertNull(mGateKeeperService.getAuthToken(MANAGED_PROFILE_USER_ID)); 155a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk 156a04e30dbb5ab11592b03666bb3d102070759c58eAlex Sakhartchouk // verify profile credential 157c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential( 158af12ac6a08651464f8d823add667c706f993b587Steve Block profilePassword, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 0, 159c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams MANAGED_PROFILE_USER_ID).getResponseCode()); 160af12ac6a08651464f8d823add667c706f993b587Steve Block assertNotNull(mGateKeeperService.getAuthToken(MANAGED_PROFILE_USER_ID)); 161c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams assertEquals(profileSid, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID)); 162c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams 163c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams // Change primary credential and make sure we don't affect profile 164c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams mStorageManager.setIgnoreBadUnlock(true); 165c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams mService.setLockCredential("pwd", LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 166c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams primaryPassword, PRIMARY_USER_ID); 167c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams mStorageManager.setIgnoreBadUnlock(false); 168c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential( 169c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams profilePassword, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 0, 170af12ac6a08651464f8d823add667c706f993b587Steve Block MANAGED_PROFILE_USER_ID).getResponseCode()); 171c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams assertEquals(profileSid, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID)); 172c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams } 173c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams 174c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams private void testCreateCredential(int userId, String credential, int type) 17587319de2b16a185cf360827c96a42cf1fcaae744Jason Sams throws RemoteException { 176a2cf755a28a1e7ffff2955df656d714f40e4d715Jason Sams mService.setLockCredential(credential, type, null, userId); 177c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams assertVerifyCredentials(userId, credential, type, -1); 178886f11ade9dde05485cb11c0d67d87f76a428f6cAlex Sakhartchouk } 179886f11ade9dde05485cb11c0d67d87f76a428f6cAlex Sakhartchouk 18054929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk private void testChangeCredentials(int userId, String newCredential, int newType, 18154929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk String oldCredential, int oldType) throws RemoteException { 182886f11ade9dde05485cb11c0d67d87f76a428f6cAlex Sakhartchouk final long sid = 1234; 1836598201f1c4f409defac9a5af789fb53a7cc00f8Steve Block initializeStorageWithCredential(userId, oldCredential, oldType, sid); 184cd50653f99c960e1a47c2c30e53b369b8805344aJason Sams mService.setLockCredential(newCredential, newType, oldCredential, userId); 185c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams assertVerifyCredentials(userId, newCredential, newType, sid); 186886f11ade9dde05485cb11c0d67d87f76a428f6cAlex Sakhartchouk } 18754929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk 18854929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk private void assertVerifyCredentials(int userId, String credential, int type, long sid) 18954929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk throws RemoteException{ 19054929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk final long challenge = 54321; 19154929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk VerifyCredentialResponse response = mService.verifyCredential(credential, type, challenge, 19254929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk userId); 19354929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk 194afb743aca56c18beb7ab924e75cb6e070ef3e55aAlex Sakhartchouk assertEquals(GateKeeperResponse.RESPONSE_OK, response.getResponseCode()); 19554929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk if (sid != -1) assertEquals(sid, mGateKeeperService.getSecureUserId(userId)); 19654929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk final int incorrectType; 19754929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk if (type == LockPatternUtils.CREDENTIAL_TYPE_PASSWORD) { 19854929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk assertTrue(mService.havePassword(userId)); 199afb743aca56c18beb7ab924e75cb6e070ef3e55aAlex Sakhartchouk assertFalse(mService.havePattern(userId)); 20054929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk incorrectType = LockPatternUtils.CREDENTIAL_TYPE_PATTERN; 20154929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk } else if (type == LockPatternUtils.CREDENTIAL_TYPE_PATTERN){ 20254929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk assertFalse(mService.havePassword(userId)); 203afb743aca56c18beb7ab924e75cb6e070ef3e55aAlex Sakhartchouk assertTrue(mService.havePattern(userId)); 20454929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk incorrectType = LockPatternUtils.CREDENTIAL_TYPE_PASSWORD; 20554929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk } else { 20654929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk assertFalse(mService.havePassword(userId)); 20754929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk assertFalse(mService.havePassword(userId)); 208af12ac6a08651464f8d823add667c706f993b587Steve Block incorrectType = LockPatternUtils.CREDENTIAL_TYPE_PASSWORD; 20954929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk } 21054929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk // check for bad type 211cd50653f99c960e1a47c2c30e53b369b8805344aJason Sams assertEquals(GateKeeperResponse.RESPONSE_ERROR, mService.verifyCredential(credential, 212c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams incorrectType, challenge, userId).getResponseCode()); 21354929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk // check for bad credential 21454929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk assertEquals(GateKeeperResponse.RESPONSE_ERROR, mService.verifyCredential("0" + credential, 21554929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk type, challenge, userId).getResponseCode()); 21654929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk } 21754929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk 21854929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk private void initializeStorageWithCredential(int userId, String credential, int type, long sid) { 21954929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk byte[] oldHash = new VerifyHandle(credential.getBytes(), sid).toBytes(); 22054929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk if (type == LockPatternUtils.CREDENTIAL_TYPE_PASSWORD) { 22154929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk mStorage.writeCredentialHash(CredentialHash.create(oldHash, 22254929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk LockPatternUtils.CREDENTIAL_TYPE_PASSWORD), userId); 223afb743aca56c18beb7ab924e75cb6e070ef3e55aAlex Sakhartchouk } else { 224afb743aca56c18beb7ab924e75cb6e070ef3e55aAlex Sakhartchouk mStorage.writeCredentialHash(CredentialHash.create(oldHash, 22554929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk LockPatternUtils.CREDENTIAL_TYPE_PATTERN), userId); 226cd50653f99c960e1a47c2c30e53b369b8805344aJason Sams } 22754929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk } 22854929cce0bf44090424b1f91b676529a2422378fAlex Sakhartchouk} 229c460e55d78cbe8bee95c5c947dfe541218142a5bJason Sams