diff options
Diffstat (limited to 'tests/NetworkSecurityConfigTest')
3 files changed, 59 insertions, 0 deletions
diff --git a/tests/NetworkSecurityConfigTest/res/xml/nested_domains.xml b/tests/NetworkSecurityConfigTest/res/xml/nested_domains.xml new file mode 100644 index 000000000000..d45fd77a5f0f --- /dev/null +++ b/tests/NetworkSecurityConfigTest/res/xml/nested_domains.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="utf-8"?> +<network-security-config> + <domain-config> + <domain includeSubdomains="true">android.com</domain> + <trust-anchors> + <certificates src="system" /> + </trust-anchors> + <!-- nested config that adds pins --> + <domain-config> + <domain>developer.android.com</domain> + <pin-set> + <pin digest="SHA-256">7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</pin> + </pin-set> + </domain-config> + </domain-config> + <base-config cleartextTrafficPermitted="false"> + </base-config> +</network-security-config> diff --git a/tests/NetworkSecurityConfigTest/res/xml/nested_domains_override.xml b/tests/NetworkSecurityConfigTest/res/xml/nested_domains_override.xml new file mode 100644 index 000000000000..84e06e324513 --- /dev/null +++ b/tests/NetworkSecurityConfigTest/res/xml/nested_domains_override.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="utf-8"?> +<network-security-config> + <base-config cleartextTrafficPermitted="false"> + </base-config> + <!-- Nested config that overrides parent --> + <domain-config cleartextTrafficPermitted="true"> + <domain includeSubdomains="true">android.com</domain> + <domain-config cleartextTrafficPermitted="false"> + <domain>developer.android.com</domain> + </domain-config> + </domain-config> +</network-security-config> diff --git a/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java b/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java index 4914d06e2311..f52a27995854 100644 --- a/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java +++ b/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java @@ -245,6 +245,35 @@ public class XmlConfigTests extends AndroidTestCase { TestUtils.assertUrlConnectionSucceeds(context, "android.com", 443); } + public void testNestedDomainConfigs() throws Exception { + XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.nested_domains); + ApplicationConfig appConfig = new ApplicationConfig(source); + assertTrue(appConfig.hasPerDomainConfigs()); + NetworkSecurityConfig parent = appConfig.getConfigForHostname("android.com"); + NetworkSecurityConfig child = appConfig.getConfigForHostname("developer.android.com"); + MoreAsserts.assertNotEqual(parent, child); + MoreAsserts.assertEmpty(parent.getPins().pins); + MoreAsserts.assertNotEmpty(child.getPins().pins); + // Check that the child inherited the cleartext value and anchors. + assertFalse(child.isCleartextTrafficPermitted()); + MoreAsserts.assertNotEmpty(child.getTrustAnchors()); + // Test connections. + SSLContext context = TestUtils.getSSLContext(source); + TestUtils.assertConnectionSucceeds(context, "android.com", 443); + TestUtils.assertConnectionSucceeds(context, "developer.android.com", 443); + } + + public void testNestedDomainConfigsOverride() throws Exception { + XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.nested_domains_override); + ApplicationConfig appConfig = new ApplicationConfig(source); + assertTrue(appConfig.hasPerDomainConfigs()); + NetworkSecurityConfig parent = appConfig.getConfigForHostname("android.com"); + NetworkSecurityConfig child = appConfig.getConfigForHostname("developer.android.com"); + MoreAsserts.assertNotEqual(parent, child); + assertTrue(parent.isCleartextTrafficPermitted()); + assertFalse(child.isCleartextTrafficPermitted()); + } + private void testBadConfig(int configId) throws Exception { try { XmlConfigSource source = new XmlConfigSource(getContext(), configId); |