-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(all): Add fallback logic for corrupt keys to EncryptedKeyValueRepository #2686
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few general comments and before approval I'd like to do some manual test checks but this looks great overall.
core/src/main/java/com/amplifyframework/core/store/EncryptedKeyValueRepository.kt
Show resolved
Hide resolved
core/src/main/java/com/amplifyframework/core/store/EncryptedKeyValueRepository.kt
Outdated
Show resolved
Hide resolved
core/src/main/java/com/amplifyframework/core/store/EncryptedKeyValueRepository.kt
Outdated
Show resolved
Hide resolved
core/src/main/java/com/amplifyframework/core/store/EncryptedKeyValueRepository.kt
Show resolved
Hide resolved
core/src/main/java/com/amplifyframework/core/store/EncryptedKeyValueRepository.kt
Outdated
Show resolved
Hide resolved
Codecov ReportAttention:
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #2686 +/- ##
==========================================
+ Coverage 42.65% 42.81% +0.16%
==========================================
Files 905 905
Lines 29026 29088 +62
Branches 4131 4140 +9
==========================================
+ Hits 12382 12455 +73
+ Misses 15294 15277 -17
- Partials 1350 1356 +6 |
Issue #, if available:
#2681
#2684
#2548
#2616
#2510
Description of changes:
This PR aims to implement workarounds for corrupted master keys causing crashes when attempting to open the encrypted shared preferences.
Certain OEM devices have unreliable KeyStore implementations that can occasionally corrupt their key material. When this happens the keys become unusable, and the encrypted preferences are therefore unretrievable. The workaround is to catch this error, create a new key to use, and create a new set of encrypted preferences. Please see the Google tracker bug and tink issue for more details.
NB: This is destructive, as a corrupt key means we can never recover any previously stored data.
At a high level, the logic in this change can be described as follows:
How did you test these changes?
I simulated various keystore errors by manually throwing exceptions using a debugger. I tried various scenarios like an existing user upgrading to a new version without errors, an existing user encountering a corrupt default master key, and corrupt amplify master keys. I tried having an open repository and deleting the master key in a different instance.
Documentation update required?
General Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.