Make all the keyset.Handle API consistently fail with `&keyset.Hand…

…le{}`

PiperOrigin-RevId: 652422931
Change-Id: I785b9cfbf496533ff8d5f87fa00f07f03e0844f6

keyset/handle.go

@@ -320,6 +320,9 @@ func (h *Handle) WriteWithAssociatedData(writer Writer, masterKey tink.AEAD, ass
 // WriteWithNoSecrets exports the keyset in h to the given Writer w returning an error if the keyset
 // contains secret key material.
 func (h *Handle) WriteWithNoSecrets(w Writer) error {
+	if h.ks == nil {
+		return errors.New("keyset.Handle: invalid keyset")
+	}
 	if h.keysetHasSecrets {
 		return errors.New("keyset.Handle: exporting unencrypted secret key material is forbidden")
 	}

keyset/handle_test.go

@@ -213,39 +213,67 @@ func TestReadWithMismatchedAssociatedData(t *testing.T) {
 	}
 }
 
-func TestPrimaryReturnsErrorForZeroValueHandle(t *testing.T) {
+func TestPrimaryReturnsErrorWithZeroValueHandle(t *testing.T) {
 	handle := &keyset.Handle{}
 	_, err := handle.Primary()
 	if err == nil {
 		t.Errorf("handle.Primary() err = nil, want err")
 	}
 }
 
-func TestLenReturnsZeroForZeroValueHandle(t *testing.T) {
+func TestLenReturnsZeroWithZeroValueHandle(t *testing.T) {
 	handle := &keyset.Handle{}
 	length := handle.Len()
 	if length != 0 {
 		t.Errorf("handle.Len() = %v, want 0", length)
 	}
 }
 
-func TestPublicReturnsErrorForZeroValueHandle(t *testing.T) {
+func TestPublicReturnsErrorWithZeroValueHandle(t *testing.T) {
 	handle := &keyset.Handle{}
 	_, err := handle.Public()
 	if err == nil {
 		t.Errorf("handle.Public() err = nil, want err")
 	}
 }
 
-func TestEntryReturnsErrorForZeroValueHandle(t *testing.T) {
+func TestEntryReturnsErrorWithZeroValueHandle(t *testing.T) {
 	handle := &keyset.Handle{}
 	_, err := handle.Entry(0)
 	if err == nil {
 		t.Errorf("handle.Entry(0) err = nil, want err")
 	}
 }
 
-func TestWriteReturnsErrorForZeroValueHandle(t *testing.T) {
+func TestPrimitivesReturnsErrorWithZeroValueHandle(t *testing.T) {
+	handle := &keyset.Handle{}
+	_, err := handle.Primitives()
+	if err == nil {
+		t.Errorf("handle.Primitives() err = nil, want err")
+	}
+}
+
+func TestKeysetInfoPanicsWithZeroValueHandle(t *testing.T) {
+	handle := &keyset.Handle{}
+	defer func() {
+		if r := recover(); r == nil {
+			t.Errorf("handle.KeysetInfo() did not panic")
+		}
+	}()
+	_ = handle.KeysetInfo()
+}
+
+func TestStringPanicsWithZeroValueHandle(t *testing.T) {
+	handle := &keyset.Handle{}
+	defer func() {
+		if r := recover(); r == nil {
+			t.Errorf("handle.String() did not panic")
+		}
+	}()
+	_ = handle.String()
+}
+
+func TestWriteReturnsErrorWithZeroValueHandle(t *testing.T) {
 	keysetEncryptionHandle, err := keyset.NewHandle(aead.AES128GCMKeyTemplate())
 	if err != nil {
 		t.Errorf("keyset.NewHandle(aead.AES128GCMKeyTemplate()) err = %v, want nil", err)
@@ -263,6 +291,32 @@ func TestWriteReturnsErrorForZeroValueHandle(t *testing.T) {
 	}
 }
 
+func TestWriteWithAssociatedDataReturnsErrorWithZeroValueHandle(t *testing.T) {
+	keysetEncryptionHandle, err := keyset.NewHandle(aead.AES128GCMKeyTemplate())
+	if err != nil {
+		t.Errorf("keyset.NewHandle(aead.AES128GCMKeyTemplate()) err = %v, want nil", err)
+	}
+	keysetEncryptionAEAD, err := aead.New(keysetEncryptionHandle)
+	if err != nil {
+		t.Errorf("aead.New(keysetEncryptionHandle) err = %v, want nil", err)
+	}
+
+	handle := &keyset.Handle{}
+	buff := &bytes.Buffer{}
+	err = handle.WriteWithAssociatedData(keyset.NewBinaryWriter(buff), keysetEncryptionAEAD, []byte("aad"))
+	if err == nil {
+		t.Error("handle.WriteWithAssociatedData() err = nil, want err")
+	}
+}
+
+func TestWriteWithNoSecretsReturnsErrorWithZeroValueHandle(t *testing.T) {
+	handle := &keyset.Handle{}
+	buff := &bytes.Buffer{}
+	if err := handle.WriteWithNoSecrets(keyset.NewBinaryWriter(buff)); err == nil {
+		t.Error("handle.WriteWithNoSecrets() err = nil, want err")
+	}
+}
+
 func TestWriteAndReadWithNoSecrets(t *testing.T) {
 	// Create a keyset that contains a public key.
 	privateHandle, err := keyset.NewHandle(signature.ECDSAP256KeyTemplate())