Do not accept null password in PKCS12KeyStoreSpi#engineStore.

android.keystore.cts.KeyStoreTest verifies that NPE is thrown on null password. Android followed that behaviour historically, but during upgrade to 1.68 upstream version was applied. Bug: 179780002 Bug: 181339859 Test: CtsLibcoreTestCases Test: CtsWhycheProofTestCases Test: CtsLibcoreOkHttpTestCases Test: MtsConscryptTestCases Change-Id: I47c4d25ae3237e6580d5d1afcd731a87962028d0
author: Almaz Mingaleev <mingaleev@google.com> 2021-03-08 16:55:41 +0000
committer: Almaz Mingaleev <mingaleev@google.com> 2021-03-10 10:02:31 +0000
commit: 0fcbf6f8504f8a61005896436dd5732ff559870d (patch)
tree: 8d510413ecc6d17cef7aeb2ebed39e715ad0da54
parent: 8b678848c31ca7f016e54566327daf1ff42f5be3 (diff)
download: bouncycastle-0fcbf6f8504f8a61005896436dd5732ff559870d.tar.gz
3 files changed, 33 insertions, 0 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
index 4969e8a3..4c3e480d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
@@ -1306,6 +1306,14 @@ public class PKCS12KeyStoreSpi
     private void doStore(OutputStream stream, char[] password, boolean useDEREncoding)
         throws IOException
     {
+        // BEGIN Android-changed: Upstream allows null passwords, but we maintain historical Android
+        // behaviour.
+        // See CtsKeystoreTestCases:android.keystore.cts.KeyStoreTest
+        if (password == null)
+        {
+            throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
+        }
+        /*
         if (keys.size() == 0)
         {
             if (password == null)
@@ -1358,6 +1366,9 @@ public class PKCS12KeyStoreSpi
                 throw new NullPointerException("no password supplied for PKCS#12 KeyStore");
             }
         }
+        */
+        // END Android-changed: Upstream allows null passwords, but we maintain historical Android
+        // behaviour.
 
         //
         // handle the key
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
index f53f8df0..fb5f2fdd 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
@@ -1310,6 +1310,14 @@ public class PKCS12KeyStoreSpi
     private void doStore(OutputStream stream, char[] password, boolean useDEREncoding)
         throws IOException
     {
+        // BEGIN Android-changed: Upstream allows null passwords, but we maintain historical Android
+        // behaviour.
+        // See CtsKeystoreTestCases:android.keystore.cts.KeyStoreTest
+        if (password == null)
+        {
+            throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
+        }
+        /*
         if (keys.size() == 0)
         {
             if (password == null)
@@ -1362,6 +1370,9 @@ public class PKCS12KeyStoreSpi
                 throw new NullPointerException("no password supplied for PKCS#12 KeyStore");
             }
         }
+        */
+        // END Android-changed: Upstream allows null passwords, but we maintain historical Android
+        // behaviour.
 
         //
         // handle the key
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
index 0b4e2d90..d5897959 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
@@ -1310,6 +1310,14 @@ public class PKCS12KeyStoreSpi
     private void doStore(OutputStream stream, char[] password, boolean useDEREncoding)
         throws IOException
     {
+        // BEGIN Android-changed: Upstream allows null passwords, but we maintain historical Android
+        // behaviour.
+        // See CtsKeystoreTestCases:android.keystore.cts.KeyStoreTest
+        if (password == null)
+        {
+            throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
+        }
+        /*
         if (keys.size() == 0)
         {
             if (password == null)
@@ -1362,6 +1370,9 @@ public class PKCS12KeyStoreSpi
                 throw new NullPointerException("no password supplied for PKCS#12 KeyStore");
             }
         }
+        */
+        // END Android-changed: Upstream allows null passwords, but we maintain historical Android
+        // behaviour.
 
         //
         // handle the key
author	Almaz Mingaleev <mingaleev@google.com>	2021-03-08 16:55:41 +0000
committer	Almaz Mingaleev <mingaleev@google.com>	2021-03-10 10:02:31 +0000
commit	0fcbf6f8504f8a61005896436dd5732ff559870d (patch)
tree	8d510413ecc6d17cef7aeb2ebed39e715ad0da54
parent	8b678848c31ca7f016e54566327daf1ff42f5be3 (diff)
download	bouncycastle-0fcbf6f8504f8a61005896436dd5732ff559870d.tar.gz