Merge "Adjust KeyAttestation test for RKP" into tm-dev

author: TreeHugger Robot <treehugger-gerrit@google.com> 2022-06-21 14:12:16 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2022-06-21 14:12:16 +0000
commit: 7a465726efef11293971ef6946cd8c31561cc4d1 (patch)
tree: fca972cff84aafa3853f433d484ea88fba55bb89
parent: eecc0a082c4899bb127f66af800c61f3ffa0025e (diff)
parent: 1bbb8107fffd5f21f184205ac47156f979b8fba7 (diff)
download: cts-7a465726efef11293971ef6946cd8c31561cc4d1.tar.gz
1 files changed, 8 insertions, 7 deletions
diff --git a/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java b/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java
index ae87bdc7d91..f864e52812d 100644
--- a/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java
+++ b/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java
@@ -1489,6 +1489,7 @@ public class KeyAttestationTest {
     public static void verifyCertificateChain(Certificate[] certChain, boolean expectStrongBox)
             throws GeneralSecurityException {
         assertNotNull(certChain);
+        boolean strongBoxSubjectFound = false;
         for (int i = 1; i < certChain.length; ++i) {
             try {
                 PublicKey pubKey = certChain[i].getPublicKey();
@@ -1515,19 +1516,19 @@ public class KeyAttestationTest {
                 if (i == 1) {
                     // First cert should have subject "CN=Android Keystore Key".
                     assertEquals(signedCertSubject, new X500Name("CN=Android Keystore Key"));
-                } else {
-                    // Only strongbox implementations should have strongbox in the subject line
-                    assertEquals(expectStrongBox, signedCertSubject.toString()
-                                                                   .toLowerCase()
-                                                                   .contains("strongbox"));
+                } else if (signedCertSubject.toString().toLowerCase().contains("strongbox")) {
+                    strongBoxSubjectFound = true;
                 }
             } catch (InvalidKeyException | CertificateException | NoSuchAlgorithmException
                     | NoSuchProviderException | SignatureException e) {
                 throw new GeneralSecurityException("Using StrongBox: " + expectStrongBox + "\n"
-                        + "Failed to verify certificate "
-                        + certChain[i - 1] + " with public key " + certChain[i].getPublicKey(), e);
+                                + "Failed to verify certificate " + certChain[i - 1]
+                                + " with public key " + certChain[i].getPublicKey(),
+                        e);
             }
         }
+        // At least one intermediate in a StrongBox chain must have "strongbox" in the subject.
+        assertEquals(expectStrongBox, strongBoxSubjectFound);
     }
 
     private void testDeviceIdAttestationFailure(int idType,
author	TreeHugger Robot <treehugger-gerrit@google.com>	2022-06-21 14:12:16 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2022-06-21 14:12:16 +0000
commit	7a465726efef11293971ef6946cd8c31561cc4d1 (patch)
tree	fca972cff84aafa3853f433d484ea88fba55bb89
parent	eecc0a082c4899bb127f66af800c61f3ffa0025e (diff)
parent	1bbb8107fffd5f21f184205ac47156f979b8fba7 (diff)
download	cts-7a465726efef11293971ef6946cd8c31561cc4d1.tar.gz