diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2022-06-21 14:12:16 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2022-06-21 14:12:16 +0000 |
commit | 7a465726efef11293971ef6946cd8c31561cc4d1 (patch) | |
tree | fca972cff84aafa3853f433d484ea88fba55bb89 | |
parent | eecc0a082c4899bb127f66af800c61f3ffa0025e (diff) | |
parent | 1bbb8107fffd5f21f184205ac47156f979b8fba7 (diff) | |
download | cts-7a465726efef11293971ef6946cd8c31561cc4d1.tar.gz |
Merge "Adjust KeyAttestation test for RKP" into tm-dev
-rw-r--r-- | tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java b/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java index ae87bdc7d91..f864e52812d 100644 --- a/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java +++ b/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java @@ -1489,6 +1489,7 @@ public class KeyAttestationTest { public static void verifyCertificateChain(Certificate[] certChain, boolean expectStrongBox) throws GeneralSecurityException { assertNotNull(certChain); + boolean strongBoxSubjectFound = false; for (int i = 1; i < certChain.length; ++i) { try { PublicKey pubKey = certChain[i].getPublicKey(); @@ -1515,19 +1516,19 @@ public class KeyAttestationTest { if (i == 1) { // First cert should have subject "CN=Android Keystore Key". assertEquals(signedCertSubject, new X500Name("CN=Android Keystore Key")); - } else { - // Only strongbox implementations should have strongbox in the subject line - assertEquals(expectStrongBox, signedCertSubject.toString() - .toLowerCase() - .contains("strongbox")); + } else if (signedCertSubject.toString().toLowerCase().contains("strongbox")) { + strongBoxSubjectFound = true; } } catch (InvalidKeyException | CertificateException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e) { throw new GeneralSecurityException("Using StrongBox: " + expectStrongBox + "\n" - + "Failed to verify certificate " - + certChain[i - 1] + " with public key " + certChain[i].getPublicKey(), e); + + "Failed to verify certificate " + certChain[i - 1] + + " with public key " + certChain[i].getPublicKey(), + e); } } + // At least one intermediate in a StrongBox chain must have "strongbox" in the subject. + assertEquals(expectStrongBox, strongBoxSubjectFound); } private void testDeviceIdAttestationFailure(int idType, |