Keystore 2.0 SPI: Fix NPE in getUniqueAliases.

getUniqueAliases may return a null if an error occurred. This would lead
to a NPE in engineAliases.

This patch makes getUniqueAliases return an empty HashSet instead.

Test: atest KeystoreTests

Change-Id: I387d90ea851a8b9c18bb2b20d1a0bfc1ab76c99f

keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java

@@ -41,6 +41,8 @@ import android.system.keystore2.KeyMetadata;
 import android.system.keystore2.ResponseCode;
 import android.util.Log;
 
+import com.android.internal.annotations.VisibleForTesting;
+
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -974,7 +976,6 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
     }
 
     private Set<String> getUniqueAliases() {
-
         try {
             final KeyDescriptor[] keys = mKeyStore.list(
                     getTargetDomain(),
@@ -987,7 +988,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
             return aliases;
         } catch (android.security.KeyStoreException e) {
             Log.e(TAG, "Failed to list keystore entries.", e);
-            return null;
+            return new HashSet<>();
         }
     }
 
@@ -1099,6 +1100,17 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
         return caAlias;
     }
 
+    /**
+     * Used by Tests to initialize with a fake KeyStore2.
+     * @hide
+     * @param keystore
+     */
+    @VisibleForTesting
+    public void initForTesting(KeyStore2 keystore) {
+        mKeyStore = keystore;
+        mNamespace = KeyProperties.NAMESPACE_APPLICATION;
+    }
+
     @Override
     public void engineStore(OutputStream stream, char[] password) throws IOException,
             NoSuchAlgorithmException, CertificateException {

keystore/tests/Android.bp

@@ -28,6 +28,7 @@ android_test {
     static_libs: [
         "androidx.test.rules",
         "hamcrest-library",
+        "mockito-target-minus-junit4",
     ],
     platform_apis: true,
     libs: ["android.test.runner"],

keystore/tests/src/android/security/keystore2/AndroidKeyStoreSpiTest.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.keystore2;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.mockito.Mockito.anyInt;
+import static org.mockito.Mockito.anyLong;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import android.security.KeyStore2;
+import android.security.KeyStoreException;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+public class AndroidKeyStoreSpiTest {
+
+    @Mock
+    private KeyStore2 mKeystore2;
+
+    @Before
+    public void setUp() {
+        MockitoAnnotations.initMocks(this);
+    }
+
+    @Test
+    public void testEngineAliasesReturnsEmptySetOnKeyStoreError() throws Exception {
+        when(mKeystore2.list(anyInt(), anyLong()))
+                .thenThrow(new KeyStoreException(6, "Some Error"));
+        AndroidKeyStoreSpi spi = new AndroidKeyStoreSpi();
+        spi.initForTesting(mKeystore2);
+
+        assertThat("Empty collection expected", !spi.engineAliases().hasMoreElements());
+
+        verify(mKeystore2).list(anyInt(), anyLong());
+    }
+
+}