summaryrefslogtreecommitdiff
path: root/tests/NetworkSecurityConfigTest
diff options
context:
space:
mode:
author Chad Brubaker <cbrubaker@google.com> 2016-02-29 14:02:32 -0800
committer Chad Brubaker <cbrubaker@google.com> 2016-03-01 12:42:54 -0800
commit567f6f24747c80b4ab362a22985576c4f8a418fd (patch)
tree348247aeb61bc3d44bb0fff9a0503aab657c99ee /tests/NetworkSecurityConfigTest
parent1ce163fe34ae05218d723acafc4dd47bd55cc8da (diff)
Allow debug-overrides to be specified in an extra resource
An application can specify its debug-overrides in an extra resource with the same name suffixed with "_debug" (e.g. res/xml/security_config.xml and res/xml/security_config_debug.xml). By specifying the debug-overrides in an extra file release builds can strip out the file (and any certificate resources that the debug-overrides depend on) to prevent including testing configuration information in the release build of an application. Bug: 27418003 Change-Id: Ibfebc376360ca474fc0f9f2fd565faa0cffd9549
Diffstat (limited to 'tests/NetworkSecurityConfigTest')
-rw-r--r--tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource.xml7
-rw-r--r--tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource_debug.xml7
-rw-r--r--tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource.xml7
-rw-r--r--tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource_debug.xml8
-rw-r--r--tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java33
5 files changed, 62 insertions, 0 deletions
diff --git a/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource.xml b/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource.xml
new file mode 100644
index 000000000000..8093b9d05153
--- /dev/null
+++ b/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+ <base-config>
+ <trust-anchors>
+ </trust-anchors>
+ </base-config>
+</network-security-config>
diff --git a/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource_debug.xml b/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource_debug.xml
new file mode 100644
index 000000000000..fc24df5f783c
--- /dev/null
+++ b/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource_debug.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- debug-overrides not inside network-security-config should cause a parsing error -->
+<debug-overrides>
+ <trust-anchors>
+ <certificates src="system" />
+ </trust-anchors>
+</debug-overrides>
diff --git a/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource.xml b/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource.xml
new file mode 100644
index 000000000000..8093b9d05153
--- /dev/null
+++ b/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+ <base-config>
+ <trust-anchors>
+ </trust-anchors>
+ </base-config>
+</network-security-config>
diff --git a/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource_debug.xml b/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource_debug.xml
new file mode 100644
index 000000000000..6a2ad37113c9
--- /dev/null
+++ b/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource_debug.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+ <debug-overrides>
+ <trust-anchors>
+ <certificates src="system" />
+ </trust-anchors>
+ </debug-overrides>
+</network-security-config>
diff --git a/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java b/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
index 35e3ef4c38cc..10bcc18a0019 100644
--- a/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
+++ b/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
@@ -431,4 +431,37 @@ public class XmlConfigTests extends AndroidTestCase {
TestUtils.assertConnectionSucceeds(context, "android.com", 443);
TestUtils.assertUrlConnectionSucceeds(context, "android.com", 443);
}
+
+ public void testExtraDebugResource() throws Exception {
+ XmlConfigSource source =
+ new XmlConfigSource(getContext(), R.xml.extra_debug_resource, true);
+ ApplicationConfig appConfig = new ApplicationConfig(source);
+ assertFalse(appConfig.hasPerDomainConfigs());
+ NetworkSecurityConfig config = appConfig.getConfigForHostname("");
+ MoreAsserts.assertNotEmpty(config.getTrustAnchors());
+
+ // Check that the _debug file is ignored if debug is false.
+ source = new XmlConfigSource(getContext(), R.xml.extra_debug_resource, false);
+ appConfig = new ApplicationConfig(source);
+ assertFalse(appConfig.hasPerDomainConfigs());
+ config = appConfig.getConfigForHostname("");
+ MoreAsserts.assertEmpty(config.getTrustAnchors());
+ }
+
+ public void testExtraDebugResourceIgnored() throws Exception {
+ // Verify that parsing the extra debug config resource fails only when debugging is true.
+ XmlConfigSource source =
+ new XmlConfigSource(getContext(), R.xml.bad_extra_debug_resource, false);
+ ApplicationConfig appConfig = new ApplicationConfig(source);
+ // Force parsing the config file.
+ appConfig.getConfigForHostname("");
+
+ source = new XmlConfigSource(getContext(), R.xml.bad_extra_debug_resource, true);
+ appConfig = new ApplicationConfig(source);
+ try {
+ appConfig.getConfigForHostname("");
+ fail("Bad extra debug resource did not fail to parse");
+ } catch (RuntimeException expected) {
+ }
+ }
}