diff options
author | 2016-02-29 14:02:32 -0800 | |
---|---|---|
committer | 2016-03-01 12:42:54 -0800 | |
commit | 567f6f24747c80b4ab362a22985576c4f8a418fd (patch) | |
tree | 348247aeb61bc3d44bb0fff9a0503aab657c99ee /tests/NetworkSecurityConfigTest | |
parent | 1ce163fe34ae05218d723acafc4dd47bd55cc8da (diff) |
Allow debug-overrides to be specified in an extra resource
An application can specify its debug-overrides in an extra resource with
the same name suffixed with "_debug" (e.g. res/xml/security_config.xml and
res/xml/security_config_debug.xml).
By specifying the debug-overrides in an extra file release builds can
strip out the file (and any certificate resources that the
debug-overrides depend on) to prevent including testing configuration
information in the release build of an application.
Bug: 27418003
Change-Id: Ibfebc376360ca474fc0f9f2fd565faa0cffd9549
Diffstat (limited to 'tests/NetworkSecurityConfigTest')
5 files changed, 62 insertions, 0 deletions
diff --git a/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource.xml b/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource.xml new file mode 100644 index 000000000000..8093b9d05153 --- /dev/null +++ b/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<network-security-config> + <base-config> + <trust-anchors> + </trust-anchors> + </base-config> +</network-security-config> diff --git a/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource_debug.xml b/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource_debug.xml new file mode 100644 index 000000000000..fc24df5f783c --- /dev/null +++ b/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource_debug.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- debug-overrides not inside network-security-config should cause a parsing error --> +<debug-overrides> + <trust-anchors> + <certificates src="system" /> + </trust-anchors> +</debug-overrides> diff --git a/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource.xml b/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource.xml new file mode 100644 index 000000000000..8093b9d05153 --- /dev/null +++ b/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<network-security-config> + <base-config> + <trust-anchors> + </trust-anchors> + </base-config> +</network-security-config> diff --git a/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource_debug.xml b/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource_debug.xml new file mode 100644 index 000000000000..6a2ad37113c9 --- /dev/null +++ b/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource_debug.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="utf-8"?> +<network-security-config> + <debug-overrides> + <trust-anchors> + <certificates src="system" /> + </trust-anchors> + </debug-overrides> +</network-security-config> diff --git a/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java b/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java index 35e3ef4c38cc..10bcc18a0019 100644 --- a/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java +++ b/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java @@ -431,4 +431,37 @@ public class XmlConfigTests extends AndroidTestCase { TestUtils.assertConnectionSucceeds(context, "android.com", 443); TestUtils.assertUrlConnectionSucceeds(context, "android.com", 443); } + + public void testExtraDebugResource() throws Exception { + XmlConfigSource source = + new XmlConfigSource(getContext(), R.xml.extra_debug_resource, true); + ApplicationConfig appConfig = new ApplicationConfig(source); + assertFalse(appConfig.hasPerDomainConfigs()); + NetworkSecurityConfig config = appConfig.getConfigForHostname(""); + MoreAsserts.assertNotEmpty(config.getTrustAnchors()); + + // Check that the _debug file is ignored if debug is false. + source = new XmlConfigSource(getContext(), R.xml.extra_debug_resource, false); + appConfig = new ApplicationConfig(source); + assertFalse(appConfig.hasPerDomainConfigs()); + config = appConfig.getConfigForHostname(""); + MoreAsserts.assertEmpty(config.getTrustAnchors()); + } + + public void testExtraDebugResourceIgnored() throws Exception { + // Verify that parsing the extra debug config resource fails only when debugging is true. + XmlConfigSource source = + new XmlConfigSource(getContext(), R.xml.bad_extra_debug_resource, false); + ApplicationConfig appConfig = new ApplicationConfig(source); + // Force parsing the config file. + appConfig.getConfigForHostname(""); + + source = new XmlConfigSource(getContext(), R.xml.bad_extra_debug_resource, true); + appConfig = new ApplicationConfig(source); + try { + appConfig.getConfigForHostname(""); + fail("Bad extra debug resource did not fail to parse"); + } catch (RuntimeException expected) { + } + } } |