Skip non KeyEntry from PKCS12 file during extraction.staging/cm-14.0cm-14.0

Change-Id: I76880fc3a39c092cfc007450f59c477a2bdaf48e
Fix: 29315994

1 files changed, 14 insertions, 7 deletions

diff --git a/src/com/android/certinstaller/CredentialHelper.java b/src/com/android/certinstaller/CredentialHelper.java
index 3285a36..6c1efba 100644
--- a/src/com/android/certinstaller/CredentialHelper.java
+++ b/src/com/android/certinstaller/CredentialHelper.java
@@ -370,14 +370,21 @@ class CredentialHelper {
 
         while (aliases.hasMoreElements()) {
             String alias = aliases.nextElement();
-            KeyStore.Entry entry = keystore.getEntry(alias, password);
-            Log.d(TAG, "extracted alias = " + alias + ", entry=" + entry.getClass());
-
-            if (entry instanceof PrivateKeyEntry) {
-                if (TextUtils.isEmpty(mName)) {
-                    mName = alias;
+            if (keystore.isKeyEntry(alias)) {
+                KeyStore.Entry entry = keystore.getEntry(alias, password);
+                Log.d(TAG, "extracted alias = " + alias + ", entry=" + entry.getClass());
+
+                if (entry instanceof PrivateKeyEntry) {
+                    if (TextUtils.isEmpty(mName)) {
+                        mName = alias;
+                    }
+                    return installFrom((PrivateKeyEntry) entry);
                 }
-                return installFrom((PrivateKeyEntry) entry);
+            } else {
+                // KeyStore.getEntry with non-null ProtectionParameter can only be invoked on
+                // PrivateKeyEntry or SecretKeyEntry.
+                // See https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html
+                Log.d(TAG, "Skip non-key entry, alias = " + alias);
             }
         }
         return true;