commit f74ca25a63aefea6440c8a7d16df0c240999def1
author A. Cody Schuffelen <schuffelen@google.com> Thu Apr 08 20:58:04 2021 -0700
committer A. Cody Schuffelen <schuffelen@google.com> Thu Apr 08 20:58:04 2021 -0700
tree 31123f56a423ee364c9ea09383e5dc63df732a65
parent 8ec84b332bb96bcaf6b8f9bdc8f9bafceec5284f

Handle keystore keys that are missing certificates.

The calling code handles missing public keys, but the implementation did
not handle missing certificates, so this would trigger a program crash.

Test: Run with cuttlefish keymint implementation
Bug: 182928606
Change-Id: Ie80373d0a3eca2b39e963c175feafd20698f499b

ondevice-signing/KeystoreKey.cpp

diff --git a/ondevice-signing/KeystoreKey.cpp b/ondevice-signing/KeystoreKey.cpp
index 840b683..9b5e505 100644
--- a/ondevice-signing/KeystoreKey.cpp
+++ b/ondevice-signing/KeystoreKey.cpp
@@ -239,5 +239,10 @@
 }
 
 Result<std::vector<uint8_t>> KeystoreKey::getPublicKey() const {
-    return extractPublicKeyFromX509(mKeyMetadata.certificate.value());
+    auto cert = mKeyMetadata.certificate;
+    if (cert) {
+        return extractPublicKeyFromX509(cert.value());
+    } else {
+        return Error() << "Key did not have a certificate";
+    }
 }