From 0fcbf6f8504f8a61005896436dd5732ff559870d Mon Sep 17 00:00:00 2001
From: Almaz Mingaleev <mingaleev@google.com>
Date: Mon, 8 Mar 2021 16:55:41 +0000
Subject: Do not accept null password in PKCS12KeyStoreSpi#engineStore.

android.keystore.cts.KeyStoreTest verifies that NPE is thrown on
null password. Android followed that behaviour historically, but
during upgrade to 1.68 upstream version was applied.

Bug: 179780002
Bug: 181339859
Test: CtsLibcoreTestCases
Test: CtsWhycheProofTestCases
Test: CtsLibcoreOkHttpTestCases
Test: MtsConscryptTestCases
Change-Id: I47c4d25ae3237e6580d5d1afcd731a87962028d0
---
 .../jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java    | 11 +++++++++++
 .../jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java    | 11 +++++++++++
 .../jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java    | 11 +++++++++++
 3 files changed, 33 insertions(+)

diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
index 4969e8a3..4c3e480d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
@@ -1306,6 +1306,14 @@ public class PKCS12KeyStoreSpi
     private void doStore(OutputStream stream, char[] password, boolean useDEREncoding)
         throws IOException
     {
+        // BEGIN Android-changed: Upstream allows null passwords, but we maintain historical Android
+        // behaviour.
+        // See CtsKeystoreTestCases:android.keystore.cts.KeyStoreTest
+        if (password == null)
+        {
+            throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
+        }
+        /*
         if (keys.size() == 0)
         {
             if (password == null)
@@ -1358,6 +1366,9 @@ public class PKCS12KeyStoreSpi
                 throw new NullPointerException("no password supplied for PKCS#12 KeyStore");
             }
         }
+        */
+        // END Android-changed: Upstream allows null passwords, but we maintain historical Android
+        // behaviour.
 
         //
         // handle the key
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
index f53f8df0..fb5f2fdd 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
@@ -1310,6 +1310,14 @@ public class PKCS12KeyStoreSpi
     private void doStore(OutputStream stream, char[] password, boolean useDEREncoding)
         throws IOException
     {
+        // BEGIN Android-changed: Upstream allows null passwords, but we maintain historical Android
+        // behaviour.
+        // See CtsKeystoreTestCases:android.keystore.cts.KeyStoreTest
+        if (password == null)
+        {
+            throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
+        }
+        /*
         if (keys.size() == 0)
         {
             if (password == null)
@@ -1362,6 +1370,9 @@ public class PKCS12KeyStoreSpi
                 throw new NullPointerException("no password supplied for PKCS#12 KeyStore");
             }
         }
+        */
+        // END Android-changed: Upstream allows null passwords, but we maintain historical Android
+        // behaviour.
 
         //
         // handle the key
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
index 0b4e2d90..d5897959 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
@@ -1310,6 +1310,14 @@ public class PKCS12KeyStoreSpi
     private void doStore(OutputStream stream, char[] password, boolean useDEREncoding)
         throws IOException
     {
+        // BEGIN Android-changed: Upstream allows null passwords, but we maintain historical Android
+        // behaviour.
+        // See CtsKeystoreTestCases:android.keystore.cts.KeyStoreTest
+        if (password == null)
+        {
+            throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
+        }
+        /*
         if (keys.size() == 0)
         {
             if (password == null)
@@ -1362,6 +1370,9 @@ public class PKCS12KeyStoreSpi
                 throw new NullPointerException("no password supplied for PKCS#12 KeyStore");
             }
         }
+        */
+        // END Android-changed: Upstream allows null passwords, but we maintain historical Android
+        // behaviour.
 
         //
         // handle the key
-- 
cgit v1.2.3