[Core] Fix AWSKeyValueStore for stringSet operations and propagate exceptions when encryption key cannot be loaded/created

Author: Karthikeyan Vasuki Balasubramaniam

aws-android-sdk-core-test/src/androidTest/java/com/amazonaws/internal/keyvaluestore/AWSKeyValueStoreMigrationIntegrationTest.java

@@ -36,24 +36,29 @@
 import com.amazonaws.regions.Regions;
 
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
 
 
 @RunWith(AndroidJUnit4.class)
 public class AWSKeyValueStoreMigrationIntegrationTest extends CoreIntegrationTestBase {
 
     private static String TAG = CognitoCachingCredentialsProviderIntegrationTest.class.getSimpleName();
+    private static SharedPreferences sharedPreferencesForAuth;
+    private static final String SHARED_PREFERENCES_NAME = "com.amazonaws.android.auth";
 
     private ArrayList<CognitoCachingCredentialsProvider> credentialsProviders =new ArrayList<CognitoCachingCredentialsProvider>();
     private CognitoCachingCredentialsProvider credentialsProvider;
 
-    private static SharedPreferences sharedPreferencesForAuth;
     private String identityPoolId;
     private long time;
+    private Set<String> stringSet;
 
     @BeforeClass
     public static void setupBeforeClass() {
         sharedPreferencesForAuth = InstrumentationRegistry.getTargetContext()
-                .getSharedPreferences("com.amazonaws.android.auth", Context.MODE_PRIVATE);
+                .getSharedPreferences(SHARED_PREFERENCES_NAME, Context.MODE_PRIVATE);
     }
 
     @AfterClass
@@ -68,12 +73,14 @@ public static void tearDownAfterClass() {
     public void setUp() throws Exception {
         time = System.currentTimeMillis();
         identityPoolId = getPackageConfigure().getString("identity_pool_id");
+        stringSet = new HashSet<>(Arrays.asList("openid", "profile", "email"));
         sharedPreferencesForAuth.edit()
                 .putString(identityPoolId + ".accessKey" , "accessKey")
                 .putString(identityPoolId + ".secretKey" , "secretKey")
                 .putString(identityPoolId + ".sessionToken" , "sessionToken")
                 .putString(identityPoolId + ".identityId" , "identityId")
                 .putLong(identityPoolId + ".expirationDate" , time)
+                .putStringSet("stringSet", stringSet)
                 .commit();
     }
 
@@ -89,14 +96,15 @@ public void tearDown() {
 
     @Test
     public void testCachedAWSCredentialsMigration() throws Exception {
-        Log.d(TAG, "SharedPreferences contents before migration for com.amazonaws.android.auth => " +
+        Log.d(TAG, "SharedPreferences contents before migration for " + SHARED_PREFERENCES_NAME + "=> " +
                 sharedPreferencesForAuth.getAll().toString());
 
         assertEquals("accessKey", sharedPreferencesForAuth.getString(identityPoolId + ".accessKey", null));
         assertEquals("secretKey", sharedPreferencesForAuth.getString(identityPoolId + ".secretKey", null));
         assertEquals("sessionToken", sharedPreferencesForAuth.getString(identityPoolId + ".sessionToken", null));
         assertEquals("identityId", sharedPreferencesForAuth.getString(identityPoolId + ".identityId", null));
         assertEquals(time, sharedPreferencesForAuth.getLong(identityPoolId + ".expirationDate", 0));
+        assertEquals(stringSet, sharedPreferencesForAuth.getStringSet("stringSet", null));
 
         credentialsProvider = new CognitoCachingCredentialsProvider(
                 InstrumentationRegistry.getTargetContext(),
@@ -105,17 +113,20 @@ public void testCachedAWSCredentialsMigration() throws Exception {
         credentialsProviders.add(credentialsProvider);
 
         AWSKeyValueStore awsKeyValueStore = new AWSKeyValueStore(InstrumentationRegistry.getTargetContext(),
-                "com.amazonaws.android.auth",
+                SHARED_PREFERENCES_NAME,
                 true);
+        assertNotNull(awsKeyValueStore);
 
-        Log.d(TAG, "SharedPreferences contents after migration for com.amazonaws.android.auth => " +
+        Log.d(TAG, "SharedPreferences contents after migration for " + SHARED_PREFERENCES_NAME + " => " +
                 sharedPreferencesForAuth.getAll().toString());
 
         assertEquals("accessKey", awsKeyValueStore.get(identityPoolId + ".accessKey"));
         assertEquals("secretKey", awsKeyValueStore.get(identityPoolId + ".secretKey"));
         assertEquals("sessionToken", awsKeyValueStore.get(identityPoolId + ".sessionToken"));
         assertEquals("identityId", awsKeyValueStore.get(identityPoolId + ".identityId"));
         assertEquals(String.valueOf(time), awsKeyValueStore.get(identityPoolId + ".expirationDate"));
+        assertNotNull(awsKeyValueStore.get("stringSet"));
+        verifyStringSet();
 
         credentialsProvider.clearCredentials();
         credentialsProvider.clear();
@@ -131,6 +142,13 @@ public void testCachedAWSCredentialsMigration() throws Exception {
         verifyCredentialsProviderClear();
     }
 
+    private void verifyStringSet() {
+        assertNotNull(sharedPreferencesForAuth.getString("stringSet.encrypted", null));
+        assertNotNull(sharedPreferencesForAuth.getString("stringSet.encrypted.iv", null));
+        assertNotNull(sharedPreferencesForAuth.getString("stringSet.encrypted.keyvaluestoreversion", null));
+        assertNull(sharedPreferencesForAuth.getString("stringSet", null));
+    }
+
     private void verifySharedPreferencesContents() {
         assert sharedPreferencesForAuth.getAll().keySet().size() == credentialsProviders.size() * 5;
 

aws-android-sdk-core/src/main/java/com/amazonaws/auth/CognitoCachingCredentialsProvider.java

@@ -431,6 +431,7 @@ private void initialize(Context context) {
             registerIdentityChangedListener(listener);
         } catch (Exception ex) {
             Log.e(TAG, "Error in initializing the CognitoCachingCredentialsProvider. " + ex);
+            throw new IllegalStateException("Error in initializing the CognitoCachingCredentialsProvider. ", ex);
         }
     }
 

aws-android-sdk-core/src/main/java/com/amazonaws/internal/keyvaluestore/AWSKeyValueStore.java

@@ -19,6 +19,7 @@
 import android.content.SharedPreferences;
 import android.os.Build;
 
+import com.amazonaws.auth.policy.actions.SecurityTokenServiceActions;
 import com.amazonaws.logging.Log;
 import com.amazonaws.logging.LogFactory;
 import com.amazonaws.util.Base64;
@@ -27,7 +28,9 @@
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.Map;
+import java.util.Set;
 
 import javax.crypto.Cipher;
 import javax.crypto.spec.GCMParameterSpec;
@@ -315,6 +318,17 @@ private void onMigrateFromNoEncryption() {
                 } else if (map.get(spKey) instanceof Integer) {
                     Integer intValue = sharedPreferences.getInt(spKey, 0);
                     put(spKey, String.valueOf(intValue));
+                } else if (map.get(spKey) instanceof Set) {
+                    Set<String> stringSet = (Set<String>) map.get(spKey);
+                    StringBuilder stringBuilder = new StringBuilder();
+                    Iterator<String> setIterator = stringSet.iterator();
+                    while (setIterator.hasNext())  {
+                        stringBuilder.append(setIterator.next());
+                        if (setIterator.hasNext()) {
+                            stringBuilder.append(",");
+                        }
+                    }
+                    put(spKey, stringBuilder.toString());
                 }
 
                 // Remove the key since key.encrypted is written.

aws-android-sdk-core/src/main/java/com/amazonaws/internal/keyvaluestore/KeyProvider10.java

@@ -58,8 +58,8 @@ public Key getKey(SharedPreferences sharedPreferences, String keyAlias, Context
                     return secretKey;
                 }
             } catch (Exception ex) {
-                logger.error("Error occurred while getting the key." + ex);
-                return null;
+                logger.error("Error in loading the key from keystore.");
+                throw new IllegalStateException(ex);
             }
         }
     }

aws-android-sdk-core/src/main/java/com/amazonaws/internal/keyvaluestore/KeyProvider18.java

@@ -92,7 +92,7 @@ public Key getKey(SharedPreferences sharedPreferences,
                 }
             } catch (Exception ex) {
                 logger.error("Error in getting the key.", ex);
-                return null;
+                throw new IllegalStateException(ex);
             }
         }
     }

aws-android-sdk-core/src/main/java/com/amazonaws/internal/keyvaluestore/KeyProvider23.java

@@ -62,7 +62,7 @@ public Key getKey(SharedPreferences sharedPreferences,
                 }
             } catch (Exception ex) {
                 logger.error("Error in accessing the Android KeyStore.", ex);
-                return null;
+                throw new IllegalStateException(ex);
             }
         }
     }