Keystore 2.0 SPI: Fix NPE in getUniqueAliases.

getUniqueAliases may return a null if an error occurred. This would lead to a NPE in engineAliases. This patch makes getUniqueAliases return an empty HashSet instead. Test: atest KeystoreTests Change-Id: I387d90ea851a8b9c18bb2b20d1a0bfc1ab76c99f
author: Janis Danisevskis <jdanis@google.com> 2021-05-12 08:39:52 -0700
committer: Janis Danisevskis <jdanis@google.com> 2021-05-12 17:29:26 -0700
commit: 738e422b00b14b4959de4654db4edd20b786b18f (patch)
tree: 971604c5576f2ccc04892eee403adcb1a5b11ef4 /keystore
parent: 919e8c1ba3417c11087c5e1a243359c8f9416ce6 (diff)
3 files changed, 70 insertions, 2 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
index 3e2fb94f0387..f3cfcf18dec1 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
@@ -41,6 +41,8 @@ import android.system.keystore2.KeyMetadata;
 import android.system.keystore2.ResponseCode;
 import android.util.Log;
 
+import com.android.internal.annotations.VisibleForTesting;
+
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -974,7 +976,6 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
     }
 
     private Set<String> getUniqueAliases() {
-
         try {
             final KeyDescriptor[] keys = mKeyStore.list(
                     getTargetDomain(),
@@ -987,7 +988,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
             return aliases;
         } catch (android.security.KeyStoreException e) {
             Log.e(TAG, "Failed to list keystore entries.", e);
-            return null;
+            return new HashSet<>();
         }
     }
 
@@ -1099,6 +1100,17 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
         return caAlias;
     }
 
+    /**
+     * Used by Tests to initialize with a fake KeyStore2.
+     * @hide
+     * @param keystore
+     */
+    @VisibleForTesting
+    public void initForTesting(KeyStore2 keystore) {
+        mKeyStore = keystore;
+        mNamespace = KeyProperties.NAMESPACE_APPLICATION;
+    }
+
     @Override
     public void engineStore(OutputStream stream, char[] password) throws IOException,
             NoSuchAlgorithmException, CertificateException {
diff --git a/keystore/tests/Android.bp b/keystore/tests/Android.bp
index 2315a8568c64..7de45233494b 100644
--- a/keystore/tests/Android.bp
+++ b/keystore/tests/Android.bp
@@ -28,6 +28,7 @@ android_test {
     static_libs: [
         "androidx.test.rules",
         "hamcrest-library",
+        "mockito-target-minus-junit4",
     ],
     platform_apis: true,
     libs: ["android.test.runner"],
diff --git a/keystore/tests/src/android/security/keystore2/AndroidKeyStoreSpiTest.java b/keystore/tests/src/android/security/keystore2/AndroidKeyStoreSpiTest.java
new file mode 100644
index 000000000000..1bd3069f483a
--- /dev/null
+++ b/keystore/tests/src/android/security/keystore2/AndroidKeyStoreSpiTest.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.keystore2;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.mockito.Mockito.anyInt;
+import static org.mockito.Mockito.anyLong;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import android.security.KeyStore2;
+import android.security.KeyStoreException;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+public class AndroidKeyStoreSpiTest {
+
+    @Mock
+    private KeyStore2 mKeystore2;
+
+    @Before
+    public void setUp() {
+        MockitoAnnotations.initMocks(this);
+    }
+
+    @Test
+    public void testEngineAliasesReturnsEmptySetOnKeyStoreError() throws Exception {
+        when(mKeystore2.list(anyInt(), anyLong()))
+                .thenThrow(new KeyStoreException(6, "Some Error"));
+        AndroidKeyStoreSpi spi = new AndroidKeyStoreSpi();
+        spi.initForTesting(mKeystore2);
+
+        assertThat("Empty collection expected", !spi.engineAliases().hasMoreElements());
+
+        verify(mKeystore2).list(anyInt(), anyLong());
+    }
+
+}
author	Janis Danisevskis <jdanis@google.com>	2021-05-12 08:39:52 -0700
committer	Janis Danisevskis <jdanis@google.com>	2021-05-12 17:29:26 -0700
commit	738e422b00b14b4959de4654db4edd20b786b18f (patch)
tree	971604c5576f2ccc04892eee403adcb1a5b11ef4 /keystore
parent	919e8c1ba3417c11087c5e1a243359c8f9416ce6 (diff)