Handle password protected key stores properly

hdecarne · hdecarne · commit 018d857d58b5 · 2020-03-07T10:40:41.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,7 +12,8 @@ GNU General Public License for more details.
 
 ![Install4j](http://certmgr.carne.de/install4j_small.png) The provided installer/launcher packages have been created using the multi-platform installer builder [Install4J](https://www.ej-technologies.com/products/install4j/overview.html).
 
-### v1.1.3 (2020-03-xx)
+### v1.1.3 (2020-03-07)
+* Handle password protected key stores properly
 * BouncyCastle version bump 1.64
 
 ### v1.1.2 (2019-02-23)
diff --git a/RELEASE-v1.1.3-SNAPSHOT.md b/RELEASE-v1.1.3-SNAPSHOT.md
@@ -2,6 +2,7 @@
 This is a maintenance release of the CertMgr application.
 
 Main changes are:
+* Handle password protected key stores properly
 * BouncyCastle version bump 1.64
 
 This program is distributed in the hope that it will be useful,
diff --git a/src/main/java/de/carne/certmgr/certs/io/JKSCertReaderWriter.java b/src/main/java/de/carne/certmgr/certs/io/JKSCertReaderWriter.java
@@ -53,7 +53,7 @@ public class JKSCertReaderWriter implements CertReader, CertWriter {
 
 	private static final Log LOG = new Log(CertIOI18N.class.getName());
 
-	private static final String KEYSTORE_TYPE = "JKS";
+	private static final String KEYSTORE_TYPE_JKS = "JKS";
 
 	/**
 	 * Provider name.
@@ -85,7 +85,7 @@ public String fileExtension(Class<?> cls) {
 	public CertObjectStore readBinary(IOResource<InputStream> in, PasswordCallback password) throws IOException {
 		LOG.debug("Trying to read KeyStore objects from file: ''{0}''...", in);
 
-		return readKeyStore(KEYSTORE_TYPE, in.io(), in.resource(), password);
+		return readKeyStore(KEYSTORE_TYPE_JKS, in.io(), in.resource(), password);
 	}
 
 	@Override
@@ -119,7 +119,7 @@ public void writeEncryptedBinary(IOResource<OutputStream> out, CertObjectStore c
 			throw new PasswordRequiredException(out.resource());
 		}
 		try {
-			KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
+			KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE_JKS);
 
 			keyStore.load(null, null);
 
@@ -249,7 +249,7 @@ private static CertObjectStore readKeyStore(String keyStoreType, @Nullable Input
 	private static KeyStore loadKeyStore(String keyStoreType, @Nullable InputStream inputStream, String resource,
 			PasswordCallback password) throws GeneralSecurityException, IOException {
 		KeyStore keyStore = KeyStore.getInstance(keyStoreType);
-		char[] passwordChars = null;
+		char[] passwordChars = password.queryPassword(resource);
 		Throwable passwordException = null;
 
 		do {
@@ -265,11 +265,8 @@ private static KeyStore loadKeyStore(String keyStoreType, @Nullable InputStream
 			}
 			if (passwordException != null) {
 				passwordChars = password.requeryPassword(resource, passwordException);
-				if (passwordChars == null) {
-					throw new PasswordRequiredException(resource, passwordException);
-				}
 			}
-		} while (passwordException != null);
+		} while (passwordChars != null && passwordException != null);
 		return keyStore;
 	}
 
