Skip to content

Instantly share code, notes, and snippets.

@mattmook

mattmook/EncryptedSharedPreferencesTest.kt

Last active January 15, 2024 08:30
Show Gist options
  • Save mattmook/bbe5a9dbed227ca3508aab4b84cd9b3b to your computer and use it in GitHub Desktop.
Save mattmook/bbe5a9dbed227ca3508aab4b84cd9b3b to your computer and use it in GitHub Desktop.
Download ZIP
Testing EncryptedSharedPreferences from Android Jetpack Security with Robolectric
Raw
EncryptedSharedPreferencesTest.kt
/*
* Copyright 2020 Appmattus Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.appmattus
import android.content.Context
import androidx.security.crypto.EncryptedSharedPreferences
import androidx.security.crypto.MasterKey
import androidx.test.core.app.ApplicationProvider
import com.appmattus.FakeAndroidKeyStore
import org.junit.Assert.assertEquals
import org.junit.BeforeClass
import org.junit.Test
import org.junit.runner.RunWith
import org.robolectric.RobolectricTestRunner
import org.robolectric.annotation.Config
@RunWith(RobolectricTestRunner::class)
@Config(manifest = Config.NONE, sdk = [22, 28])
class EncryptedSharedPreferencesTest {
private val context = ApplicationProvider.getApplicationContext<Context>()
private val masterKey = MasterKey.Builder(context)
.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
.build()
private val sharedPreferences =
EncryptedSharedPreferences.create(
context,
"testPrefs",
masterKey,
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
)
@Test
fun `verify string storage`() {
sharedPreferences.edit().apply {
putString("key", "value")
}.apply()
assertEquals("value", sharedPreferences.getString("key", "default"))
}
companion object {
@JvmStatic
@BeforeClass
fun beforeClass() {
FakeAndroidKeyStore.setup
}
}
}
Raw
FakeAndroidKeyStore.kt
/*
* Copyright 2020 Appmattus Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.appmattus
import java.io.InputStream
import java.io.OutputStream
import java.security.Key
import java.security.KeyStore
import java.security.KeyStoreSpi
import java.security.Provider
import java.security.SecureRandom
import java.security.Security
import java.security.cert.Certificate
import java.security.spec.AlgorithmParameterSpec
import java.util.Date
import java.util.Enumeration
import javax.crypto.KeyGenerator
import javax.crypto.KeyGeneratorSpi
import javax.crypto.SecretKey
object FakeAndroidKeyStore {
val setup by lazy {
Security.addProvider(object : Provider("AndroidKeyStore", 1.0, "") {
init {
put("KeyStore.AndroidKeyStore", FakeKeyStore::class.java.name)
put("KeyGenerator.AES", FakeAesKeyGenerator::class.java.name)
}
})
}
@Suppress("unused")
class FakeKeyStore : KeyStoreSpi() {
private val wrapped = KeyStore.getInstance(KeyStore.getDefaultType())
override fun engineIsKeyEntry(alias: String?): Boolean = wrapped.isKeyEntry(alias)
override fun engineIsCertificateEntry(alias: String?): Boolean = wrapped.isCertificateEntry(alias)
override fun engineGetCertificate(alias: String?): Certificate = wrapped.getCertificate(alias)
override fun engineGetCreationDate(alias: String?): Date = wrapped.getCreationDate(alias)
override fun engineDeleteEntry(alias: String?) = wrapped.deleteEntry(alias)
override fun engineSetKeyEntry(alias: String?, key: Key?, password: CharArray?, chain: Array<out Certificate>?) =
wrapped.setKeyEntry(alias, key, password, chain)
override fun engineSetKeyEntry(alias: String?, key: ByteArray?, chain: Array<out Certificate>?) = wrapped.setKeyEntry(alias, key, chain)
override fun engineStore(stream: OutputStream?, password: CharArray?) = wrapped.store(stream, password)
override fun engineSize(): Int = wrapped.size()
override fun engineAliases(): Enumeration<String> = wrapped.aliases()
override fun engineContainsAlias(alias: String?): Boolean = wrapped.containsAlias(alias)
override fun engineLoad(stream: InputStream?, password: CharArray?) = wrapped.load(stream, password)
override fun engineGetCertificateChain(alias: String?): Array<Certificate> = wrapped.getCertificateChain(alias)
override fun engineSetCertificateEntry(alias: String?, cert: Certificate?) = wrapped.setCertificateEntry(alias, cert)
override fun engineGetCertificateAlias(cert: Certificate?): String = wrapped.getCertificateAlias(cert)
override fun engineGetKey(alias: String?, password: CharArray?): Key = wrapped.getKey(alias, password)
}
@Suppress("unused")
class FakeAesKeyGenerator : KeyGeneratorSpi() {
private val wrapped = KeyGenerator.getInstance("AES")
override fun engineInit(random: SecureRandom?) = Unit
override fun engineInit(params: AlgorithmParameterSpec?, random: SecureRandom?) = Unit
override fun engineInit(keysize: Int, random: SecureRandom?) = Unit
override fun engineGenerateKey(): SecretKey = wrapped.generateKey()
}
}
@jeorgearomal
Copy link

jeorgearomal commented Jul 14, 2021
edited by mattmook
Loading

Facing below exception. If you have encountered similar issue, please share the steps to overcome this

java.security.NoSuchProviderException: JCE cannot authenticate the provider AndroidKeyStore

	at javax.crypto.JceSecurity.getInstance(JceSecurity.java:105)
	at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:265)
	at androidx.security.crypto.MasterKeys.generateKey(MasterKeys.java:138)
	at androidx.security.crypto.MasterKeys.getOrCreate(MasterKeys.java:97)
	at androidx.security.crypto.MasterKey$Builder.buildOnM(MasterKey.java:357)
	at androidx.security.crypto.MasterKey$Builder.build(MasterKey.java:314)
	at com.example.okhttpsample.EncryptedSharedPreferencesTest.<init>(EncryptedSharedPreferencesTest.kt:22)
	at org.junit.runners.BlockJUnit4ClassRunner.createTest(BlockJUnit4ClassRunner.java:250)
	at org.robolectric.RobolectricTestRunner$HelperTestRunner.createTest(RobolectricTestRunner.java:561)
	at org.junit.runners.BlockJUnit4ClassRunner.createTest(BlockJUnit4ClassRunner.java:260)
	at org.junit.runners.BlockJUnit4ClassRunner$2.runReflectiveCall(BlockJUnit4ClassRunner.java:309)
	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
	at org.junit.runners.BlockJUnit4ClassRunner.methodBlock(BlockJUnit4ClassRunner.java:306)
	at org.robolectric.internal.SandboxTestRunner$HelperTestRunner.methodBlock(SandboxTestRunner.java:344)
	at org.robolectric.RobolectricTestRunner$HelperTestRunner.methodBlock(RobolectricTestRunner.java:570)
	at org.robolectric.internal.SandboxTestRunner$2.lambda$evaluate$0(SandboxTestRunner.java:274)
	at org.robolectric.internal.bytecode.Sandbox.lambda$runOnMainThread$0(Sandbox.java:89)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.util.jar.JarException: Class is on the bootclasspath
	at javax.crypto.JarVerifier.verify(JarVerifier.java:286)
	at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:164)
	at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:190)
	at javax.crypto.JceSecurity.getInstance(JceSecurity.java:102)
	at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:265)
	at androidx.security.crypto.MasterKeys.$$robo$$androidx_security_crypto_MasterKeys$generateKey(MasterKeys.java:138)
	at androidx.security.crypto.MasterKeys.generateKey(MasterKeys.java)
	at androidx.security.crypto.MasterKeys.$$robo$$androidx_security_crypto_MasterKeys$getOrCreate(MasterKeys.java:97)
	at androidx.security.crypto.MasterKeys.getOrCreate(MasterKeys.java)
	at androidx.security.crypto.MasterKey$Builder.$$robo$$androidx_security_crypto_MasterKey_Builder$buildOnM(MasterKey.java:357)
	at androidx.security.crypto.MasterKey$Builder.buildOnM(MasterKey.java)
	at androidx.security.crypto.MasterKey$Builder.$$robo$$androidx_security_crypto_MasterKey_Builder$build(MasterKey.java:314)
	at androidx.security.crypto.MasterKey$Builder.build(MasterKey.java)
	at com.example.okhttpsample.EncryptedSharedPreferencesTest.<init>(EncryptedSharedPreferencesTest.kt:22)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	... 14 more

@mattmook
Copy link
Author

Main problem is the JVM version the code runs on as Java 9 and up force the key stores to be signed. I think, if I remember correctly, that means it will only run on Android 10 and below.

@jeorgearomal
Copy link

Currently I am using java version 8. If we set the sdk version to only 22 then it works fine since EncryptedSharedPreferences uses AndroidKeystore from Api 23.

Attached is the sample project with test case failng issue.

https://drive.google.com/file/d/1v6eId7EnNeklrMsiAyelMJ30R9qqUvP5/view?usp=sharing

Kindly validate it and provide your suggestions

@chandrakantNeogov
Copy link

I am also facing same issue in with android 34, any suggestions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment