Why Android KeyStore fails to setKeyEntry in deep sleep mode? (Bouncy Castle)

Question

I have an Android Service for reading messages which is always enabled in my App. Sometimes connection to the Messages Broker is gettings lost and it call special event for recconecting.

Log.d(TAG, "< ----- Loading KeyStore ----- >");
KeyStore androidKeyStore = KeyStore.getInstance(SystemVariables.ANDROID_KEYSTORE);
androidKeyStore.load(null);

Log.d(TAG, "< ----- Getting Private Key ----- >");
PrivateKey clientPrivateKey = (PrivateKey) androidKeyStore.getKey(SystemVariables.KEY_ALIAS, null);

Log.d(TAG, "< ----- Loading Certificates ----- >");

Certificate clientCertificate = CertificateReader.loadX509Certificate(ECertificateType.CLIENT);
Certificate distribCertificate = CertificateReader.loadX509Certificate(ECertificateType.DISTRIBUTOR);

Log.d(TAG, "< ----- Init KeyStore ----- >");
KeyStore keyStore = KeyStore.getInstance("pkcs12");
keyStore.load(null, null);

Log.d(TAG, "< ----- Init Certificate ----- >");
Certificate[] certChain = new Certificate[2];
certChain[1] = distribCertificate;
certChain[0] = clientCertificate;

if(clientPrivateKey == null){
    Log.d(TAG, "< ----- Private Key Is NULL ----- >");
}


Log.d(TAG, "< ----- Set KeyStore ----- >");
keyStore.setKeyEntry("client", clientPrivateKey, null, certChain);

...

In general, I identified four states in which this code is triggered.

1. The first state is when the application has just started; the code works perfectly.

2. The second state occurs when the phone is locked; the application may lose connection after a few hours but reconnects successfully.

3. The third state usually happens after a prolonged sleep. On average, the phone is unused for a day (sometimes two days are needed, while other times, one night is enough). Reconnection does not occur, and a cyclic error appears.

4. The fourth state is when the application is unlocked from state three; the application still fails to reconnect.

The source of exception:

keyStore.setKeyEntry("client", clientPrivateKey, null, certChain);

The log trace:

BouncyCastleProvider    com.example.cable                    D  < ----- Loading KeyStore ----- >
BouncyCastleProvider    com.example.cable                    D  < ----- Getting Private Key ----- >
BouncyCastleProvider    com.example.cable                    D  < ----- Loading Certificates ----- >
BouncyCastleProvider    com.example.cable                    D  < ----- Init KeyStore ----- >
BouncyCastleProvider    com.example.cable                    D  < ----- Init Certificate ----- >
BouncyCastleProvider    com.example.cable                    D  < ----- Set KeyStore ----- >
BouncyCastleProvider    com.example.cable                    D  < ----- B Connection to MQTT Client is failed: java.lang.NullPointerException ----- >

Exception trace:

java.util.Hashtable.put(Hashtable.java:477), 
org.spongycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi$IgnoresCaseHashtable.put(PKCS12KeyStoreSpi.java:1780), 
org.spongycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.engineSetKeyEntry(PKCS12KeyStoreSpi.java:577),
java.security.KeyStore.setKeyEntry(KeyStore.java:1200), 
com.example.cable.crypto.MqttSSL.trySSLConnect(MqttSSL.java:132)

Also I use Bouncy Castle as Security Provider:

 static {
        Security.insertProviderAt(new org.spongycastle.jce.provider.BouncyCastleProvider(), 1);
    }

So, my question is: what might be causing this problem? Currently, I can't say for sure that the issue is due to the phone entering sleep mode, but I suspect that in this mode, access to processor encryption or something similar might be disabled, causing everything to crash.

It's also worth noting that Android periodically recreates the service, along with all related entities like the message broker client, etc. Could it be that there’s some kind of read lock on the previous service, preventing data from being read in the new state?