Automate test cases for MWPJ scenarios.

msalautomationapp/build.gradle

@@ -1,4 +1,5 @@
 apply plugin: 'com.android.application'
+apply plugin: 'kotlin-android'
 
 def msalVersion = "4.+"
 
@@ -146,12 +147,12 @@ android {
     sourceSets {
         main {
             manifest.srcFile 'src/main/AndroidManifest.xml'
-            java.srcDirs = ['src/main/java']
+            java.srcDirs = ['src/main/java', 'src/main/kotlin']
         }
 
         androidTest {
             manifest.srcFile 'src/androidTest/AndroidManifest.xml'
-            res.srcDirs = ['src/main/res']
+            res.srcDirs = ['src/main/res', 'src/main/kotlin']
         }
     }
 }
@@ -184,5 +185,8 @@ dependencies {
     }
     androidTestImplementation "androidx.test:runner:$rootProject.ext.androidxTestRunnerVersion"
     androidTestUtil "androidx.test:orchestrator:$rootProject.ext.androidxTestOrchestratorVersion"
+    implementation "org.jetbrains.kotlin:kotlin-stdlib:${rootProject.ext.kotlinVersion}"
+    testImplementation "org.jetbrains.kotlin:kotlin-stdlib:${rootProject.ext.kotlinVersion}"
+    androidTestImplementation "org.jetbrains.kotlin:kotlin-stdlib:${rootProject.ext.kotlinVersion}"
 }
 

msalautomationapp/src/androidTest/java/com/microsoft/identity/client/msal/automationapp/testpass/broker/brokerapi/TestCase1561652.java

@@ -22,17 +22,27 @@
 //  THE SOFTWARE.
 package com.microsoft.identity.client.msal.automationapp.testpass.broker.brokerapi;
 
+import android.util.Base64;
+
+import androidx.annotation.NonNull;
+
+import com.google.gson.Gson;
 import com.microsoft.identity.client.msal.automationapp.R;
 import com.microsoft.identity.client.msal.automationapp.testpass.broker.AbstractMsalBrokerTest;
 import com.microsoft.identity.client.ui.automation.annotations.LocalBrokerHostDebugUiTest;
 import com.microsoft.identity.client.ui.automation.annotations.RetryOnFailure;
 import com.microsoft.identity.client.ui.automation.annotations.SupportedBrokers;
 import com.microsoft.identity.client.ui.automation.broker.BrokerHost;
+import com.microsoft.identity.common.java.util.StringUtil;
 import com.microsoft.identity.labapi.utilities.client.LabQuery;
 import com.microsoft.identity.labapi.utilities.constants.TempUserType;
 
+import org.junit.Assert;
 import org.junit.Test;
 
+import java.util.Map;
+import java.util.Set;
+
 // SSO Token Requests
 // https://identitydivision.visualstudio.com/Engineering/_workitems/edit/1561652
 @SupportedBrokers(brokers = {BrokerHost.class})
@@ -50,7 +60,7 @@ public void test_1561652() {
         // Get SSO token and decode to confirm nonce
         final String ssoToken = ((BrokerHost) mBroker).acquireSSOToken(nonce);
 
-        ((BrokerHost) mBroker).decodeSSOTokenAndVerifyNonce(ssoToken, nonce);
+        decodeSSOTokenAndVerifyNonce(ssoToken, nonce);
     }
 
     @Override
@@ -77,4 +87,32 @@ public String getAuthority() {
     public int getConfigFileResourceId() {
         return R.raw.msal_config_default;
     }
+
+    /**
+     * Decode SSO token and verify the expected nonce
+     */
+    public void decodeSSOTokenAndVerifyNonce(@NonNull final String ssoToken,
+                                             @NonNull final String nonce) {
+        Assert.assertFalse("Passed an empty or null token", StringUtil.isNullOrEmpty(ssoToken));
+        String token = new String(Base64.decode(ssoToken.split("\\.")[1], Base64.NO_WRAP));
+        final Map<Object, Object> map = new Gson().fromJson(token, Map.class);
+        StringBuilder sb = new StringBuilder();
+        final Set<Map.Entry<Object, Object>> set = map.entrySet();
+        for (Map.Entry<Object, Object> e : set) {
+            sb.append(e.getKey()).append(" => ")
+                    .append(e.getValue())
+                    .append('\n');
+        }
+        final String decodedToken = sb.toString();
+        if (decodedToken.contains("request_nonce")) {
+            final String[] str = decodedToken.split("request_nonce => ");
+            if (str.length > 1) {
+                Assert.assertEquals(str[1].trim(), nonce);
+            } else {
+                Assert.fail("decoded token does not contain correct nonce");
+            }
+        } else {
+            Assert.fail("decoded token does not contain correct nonce");
+        }
+    }
 }

msalautomationapp/src/androidTest/java/com/microsoft/identity/client/msal/automationapp/testpass/broker/brokerapi/TestCase1600567.java

@@ -35,6 +35,7 @@
 import com.microsoft.identity.labapi.utilities.constants.AzureEnvironment;
 import com.microsoft.identity.labapi.utilities.constants.TempUserType;
 
+import org.junit.Assert;
 import org.junit.Test;
 
 // Invoke each API from non-allowed apps. the request should be blocked.
@@ -51,7 +52,7 @@ public void test_1600567() throws Throwable {
         brokerHost.brokerApiFragment.launch();
         // verify getAccounts call gives calling app not verified
         UiAutomatorUtils.handleButtonClick("com.microsoft.identity.testuserapp:id/button_get_accounts");
-        brokerHost.confirmCallingAppNotVerified();
+       confirmCallingAppNotVerified();
 
         // verify removeAccount call gives calling app not verified
         final UiObject usernameTxt = UiAutomatorUtils.obtainChildInScrollable("someone@contoso.com");
@@ -60,7 +61,7 @@ public void test_1600567() throws Throwable {
                 "com.microsoft.identity.testuserapp:id/button_remove_account"
         );
         removeAccount.click();
-        brokerHost.confirmCallingAppNotVerified();
+        confirmCallingAppNotVerified();
 
         // verify update BRT call gives calling app not verified
         // fill BRT
@@ -69,18 +70,18 @@ public void test_1600567() throws Throwable {
         UiAutomatorUtils.handleInput("com.microsoft.identity.testuserapp:id/edit_text_home_authority", "https://login.microsoftonline.com/common");
         // click on update BRT
         UiAutomatorUtils.handleButtonClick("com.microsoft.identity.testuserapp:id/button_update_brt");
-        brokerHost.confirmCallingAppNotVerified();
+        confirmCallingAppNotVerified();
 
         brokerHost.brokerFlightsFragment.launch();
         // verify setFlights call gives calling app not verified
         UiAutomatorUtils.handleButtonClick("com.microsoft.identity.testuserapp:id/flight_provider_local_storage");
         UiAutomatorUtils.handleInput("com.microsoft.identity.testuserapp:id/edit_text_flights", "{test : true}");
         UiAutomatorUtils.handleButtonClick("com.microsoft.identity.testuserapp:id/button_set_flights");
-        brokerHost.confirmCallingAppNotVerified();
+        confirmCallingAppNotVerified();
 
         // verify getFlights call gives calling app not verified
         UiAutomatorUtils.handleButtonClick("com.microsoft.identity.testuserapp:id/button_get_flights");
-        brokerHost.confirmCallingAppNotVerified();
+        confirmCallingAppNotVerified();
     }
 
 
@@ -110,5 +111,14 @@ public String getAuthority() {
     public int getConfigFileResourceId() {
         return R.raw.msal_config_default;
     }
+
+    /**
+     * Confirm that the calling app is not verified
+     */
+    public void confirmCallingAppNotVerified() {
+        String dialogMessage = ((BrokerHost)getBroker()).dismissDialog();
+        Assert.assertTrue(dialogMessage.contains("Calling app could not be verified"));
+    }
+
 }
 

msalautomationapp/src/androidTest/java/com/microsoft/identity/client/msal/automationapp/testpass/broker/brokerapi/TestCase2110359.java

@@ -23,11 +23,19 @@
 package com.microsoft.identity.client.msal.automationapp.testpass.broker.brokerapi;
 
 
+import androidx.annotation.Nullable;
+import androidx.test.platform.app.InstrumentationRegistry;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject;
+import androidx.test.uiautomator.UiObjectNotFoundException;
+import androidx.test.uiautomator.UiSelector;
+
 import com.microsoft.identity.client.msal.automationapp.R;
 import com.microsoft.identity.client.msal.automationapp.testpass.broker.AbstractMsalBrokerTest;
 import com.microsoft.identity.client.ui.automation.annotations.LocalBrokerHostDebugUiTest;
 import com.microsoft.identity.client.ui.automation.annotations.SupportedBrokers;
 import com.microsoft.identity.client.ui.automation.broker.BrokerHost;
+import com.microsoft.identity.client.ui.automation.utils.UiAutomatorUtils;
 import com.microsoft.identity.labapi.utilities.client.LabQuery;
 import com.microsoft.identity.labapi.utilities.constants.TempUserType;
 import com.microsoft.identity.labapi.utilities.constants.UserType;
@@ -41,12 +49,12 @@
 @SupportedBrokers(brokers = BrokerHost.class)
 @LocalBrokerHostDebugUiTest
 public class TestCase2110359 extends AbstractMsalBrokerTest{
+    // tenant id where lab api and key vault api is registered
+    private final static String LAB_API_TENANT_ID = "72f988bf-86f1-41af-91ab-2d7cd011db47";
 
     @Test
     public void test_2110359() {
-        BrokerHost brokerHost = (BrokerHost) mBroker;
-
-        brokerHost.checkForDcfOption(null);
+        checkForDcfOption(null);
     }
 
     @Override
@@ -75,4 +83,42 @@ public String getAuthority() {
     public int getConfigFileResourceId() {
         return R.raw.msal_config_default;
     }
+
+    /**
+     * Check if the Device Code Flow option shows up in sign in flow.
+     *
+     * @param tenantId tenant ID to use in Join Tenant
+     */
+    public void checkForDcfOption(@Nullable final String tenantId) {
+        final String tenantIdToUse;
+
+        // If no tenant ID is specified, default to microsoft tenant
+        if (tenantId == null) {
+            tenantIdToUse = LAB_API_TENANT_ID;
+        } else {
+            tenantIdToUse = tenantId;
+        }
+        BrokerHost brokerHost = (BrokerHost) mBroker;
+        brokerHost.launch();
+        brokerHost.clickJoinTenant(tenantIdToUse);
+
+        // Apparently, there are two UI objects with exact text "Sign-in options", one is a button the other is a view
+        // Have to specify the search to button class
+        final UiDevice device =
+                UiDevice.getInstance(InstrumentationRegistry.getInstrumentation());
+
+        final UiObject optionsObject = device.findObject(new UiSelector()
+                .text("Sign-in options").className("android.widget.Button"));
+
+        try {
+            optionsObject.click();
+        } catch (UiObjectNotFoundException e) {
+            throw new AssertionError(e);
+        }
+        UiAutomatorUtils.handleButtonClickForObjectWithText("Sign in from another device");
+
+        // Doesn't look like the page with the device code is readable to the UI automation,
+        // this is a sufficient stopping point
+    }
+
 }

msalautomationapp/src/androidTest/java/com/microsoft/identity/client/msal/automationapp/testpass/broker/mwpj/TestCase2519783.kt

@@ -0,0 +1,111 @@
+//  Copyright (c) Microsoft Corporation.
+//  All rights reserved.
+//
+//  This code is licensed under the MIT License.
+//
+//  Permission is hereby granted, free of charge, to any person obtaining a copy
+//  of this software and associated documentation files(the "Software"), to deal
+//  in the Software without restriction, including without limitation the rights
+//  to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+//  copies of the Software, and to permit persons to whom the Software is
+//  furnished to do so, subject to the following conditions :
+//
+//  The above copyright notice and this permission notice shall be included in
+//  all copies or substantial portions of the Software.
+//
+//  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+//  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+//  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+//  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+//  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+//  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+//  THE SOFTWARE.
+package com.microsoft.identity.client.msal.automationapp.testpass.broker.mwpj
+
+import com.microsoft.identity.client.msal.automationapp.R
+import com.microsoft.identity.client.msal.automationapp.testpass.broker.AbstractMsalBrokerTest
+import com.microsoft.identity.client.ui.automation.annotations.LocalBrokerHostDebugUiTest
+import com.microsoft.identity.client.ui.automation.annotations.SupportedBrokers
+import com.microsoft.identity.client.ui.automation.broker.BrokerHost
+import com.microsoft.identity.labapi.utilities.client.ILabAccount
+import com.microsoft.identity.labapi.utilities.client.LabQuery
+import com.microsoft.identity.labapi.utilities.constants.AzureEnvironment
+import com.microsoft.identity.labapi.utilities.constants.TempUserType
+import com.microsoft.identity.labapi.utilities.constants.UserType
+import org.junit.Assert
+import org.junit.Before
+import org.junit.Test
+
+// https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2519783
+// [MWPJ] Install WPJ certificate for browser access in both registrations.
+@LocalBrokerHostDebugUiTest
+@SupportedBrokers(brokers = [BrokerHost::class])
+class TestCase2519783 : AbstractMsalBrokerTest() {
+
+    private lateinit var mUsGovAccount: ILabAccount
+    private lateinit var mBrokerHostApp: BrokerHost
+
+    @Test
+    fun test_2519783() {
+        // Register 2 accounts from different tenants
+        mBrokerHostApp.multipleWpjApiFragment.performDeviceRegistration(mLabAccount.username, mLabAccount.password)
+        mBrokerHostApp.multipleWpjApiFragment.performDeviceRegistration(mUsGovAccount.username, mUsGovAccount.password)
+        val deviceRegistrationRecords = mBrokerHostApp.multipleWpjApiFragment.allRecords
+        Assert.assertEquals(2, deviceRegistrationRecords.size)
+
+        // Install WPJ certificate for browser access in both registrations.
+        mBrokerHostApp.multipleWpjApiFragment.installCertificate(deviceRegistrationRecords[0]["TenantId"] as String)
+        mBrokerHostApp.multipleWpjApiFragment.installCertificate(deviceRegistrationRecords[1]["TenantId"] as String)
+    }
+
+    override fun getLabQuery(): LabQuery {
+        return LabQuery.builder()
+                .userType(UserType.CLOUD)
+                .build()
+    }
+
+    override fun getTempUserType(): TempUserType? {
+        return null
+    }
+
+    private fun getUsGovLabQuery(): LabQuery {
+        return LabQuery.builder()
+                .userType(UserType.CLOUD)
+                .azureEnvironment(AzureEnvironment.AZURE_US_GOVERNMENT)
+                .build()
+    }
+
+    @Before
+    fun before() {
+        mUsGovAccount = mLabClient.getLabAccount(getUsGovLabQuery())
+        mBrokerHostApp = broker as BrokerHost
+        mBrokerHostApp.enableMultipleWpj()
+    }
+
+    /**
+     * Get the scopes that can be used for an acquire token test.
+     *
+     * @return A string array consisting of OAUTH2 Scopes
+     */
+    override fun getScopes(): Array<String> {
+        return arrayOf("User.read")
+    }
+
+    /**
+     * Get the authority url that can be used for an acquire token test.
+     *
+     * @return A string representing the url for an authority that can be used as token issuer
+     */
+    override fun getAuthority(): String {
+        return mApplication.configuration.defaultAuthority.authorityURL.toString()
+    }
+
+    /**
+     * The MSAL config file that should be used to create a PublicClientApplication for the test.
+     *
+     * @return config file resource id
+     */
+    override fun getConfigFileResourceId(): Int {
+        return R.raw.msal_config_default
+    }
+}