MOB-10857 fix encryption crash (#884)

sumeruchat · web-flow · commit 9140d3d80036 · 2025-02-20T03:41:58.000Z
diff --git a/iterableapi/src/main/java/com/iterable/iterableapi/IterableKeychain.kt b/iterableapi/src/main/java/com/iterable/iterableapi/IterableKeychain.kt
@@ -9,6 +9,7 @@ class IterableKeychain {
         const val KEY_EMAIL = "iterable-email"
 		const val KEY_USER_ID = "iterable-user-id"
 		const val KEY_AUTH_TOKEN = "iterable-auth-token"
+        private const val PLAINTEXT_SUFFIX = "_plaintext"
     }
 
     private var sharedPrefs: SharedPreferences
@@ -74,6 +75,11 @@ class IterableKeychain {
     }
 
     private fun secureGet(key: String): String? {
+        // First check if it's stored in plaintext
+        if (sharedPrefs.getBoolean(key + PLAINTEXT_SUFFIX, false)) {
+            return sharedPrefs.getString(key, null)
+        }
+        
         return try {
             sharedPrefs.getString(key, null)?.let { encryptor.decrypt(it) }
         } catch (e: Exception) {
@@ -83,9 +89,22 @@ class IterableKeychain {
     }
 
     private fun secureSave(key: String, value: String?) {
-        sharedPrefs.edit()
-            .putString(key, value?.let { encryptor.encrypt(it) })
-            .apply()
+        val editor = sharedPrefs.edit()
+        if (value == null) {
+            editor.remove(key).remove(key + PLAINTEXT_SUFFIX).apply()
+            return
+        }
+
+        try {
+            editor.putString(key, encryptor.encrypt(value))
+                .remove(key + PLAINTEXT_SUFFIX)
+                .apply()
+        } catch (e: Exception) {
+            handleDecryptionError(e)
+            editor.putString(key, value)
+                .putBoolean(key + PLAINTEXT_SUFFIX, true)
+                .apply()
+        }
     }
 
     fun getEmail() = secureGet(KEY_EMAIL)
diff --git a/iterableapi/src/test/java/com/iterable/iterableapi/IterableKeychainTest.kt b/iterableapi/src/test/java/com/iterable/iterableapi/IterableKeychainTest.kt
@@ -23,6 +23,9 @@ import org.mockito.MockedStatic
 import org.mockito.Mockito.mockStatic
 import org.mockito.Mockito.doThrow
 import org.mockito.Mockito.mock
+import org.mockito.Mockito.clearInvocations
+import org.mockito.ArgumentMatchers.matches
+import org.mockito.Mockito.never
 
 class IterableKeychainTest {
 
@@ -202,8 +205,9 @@ class IterableKeychainTest {
         keychain.saveUserId(null)
         keychain.saveAuthToken(null)
 
-        // Verify exactly one putString call for each save operation
-        verify(mockEditor, times(3)).putString(any(), isNull())
+        // Verify remove calls for both key and plaintext flag
+        verify(mockEditor, times(6)).remove(any())  // 2 removes per save (key + plaintext flag)
+        verify(mockEditor, times(3)).remove(matches(".*_plaintext"))
         // Verify exactly one apply call for each save operation
         verify(mockEditor, times(3)).apply()
     }
@@ -285,4 +289,41 @@ class IterableKeychainTest {
         // Verify attemptMigration was called exactly once
         verify(mockMigrator, times(1)).attemptMigration()
     }
+
+    @Test
+    fun testEncryptionAndDecryptionFailure() {
+        // Setup encryption and decryption to fail
+        `when`(mockEncryptor.encrypt(any())).thenThrow(RuntimeException("Simulated encryption failure"))
+        `when`(mockEncryptor.decrypt(any())).thenThrow(RuntimeException("Simulated decryption failure"))
+        
+        val testData = "test data for encryption failure"
+        
+        // Save data - should fall back to plaintext
+        keychain.saveUserId(testData)
+
+        // Verify plaintext save operations
+        verify(mockEditor).putString(eq("iterable-user-id"), eq(testData))
+        verify(mockEditor).putBoolean(eq("iterable-user-id_plaintext"), eq(true))
+
+        // Setup SharedPreferences to return the saved data
+        `when`(mockSharedPrefs.getString(eq("iterable-user-id"), isNull())).thenReturn(testData)
+        `when`(mockSharedPrefs.getBoolean(eq("iterable-user-id_plaintext"), eq(false))).thenReturn(true)
+
+        // Verify data can be retrieved
+        assertEquals(testData, keychain.getUserId())
+
+        // Verify encryption was attempted and failed
+        verify(mockEncryptor).encrypt(eq(testData))
+        verify(mockEncryptor, never()).decrypt(any()) // Should not attempt decryption for plaintext
+
+        // Test null handling
+        clearInvocations(mockEditor)
+        keychain.saveUserId(null)
+        verify(mockEditor).remove(eq("iterable-user-id"))
+        verify(mockEditor).remove(eq("iterable-user-id_plaintext"))
+
+        // Verify no more encryption attempts for null
+        verify(mockEncryptor, never()).encrypt(isNull())
+        verify(mockEncryptor, never()).decrypt(isNull())
+    }
 } 
