/hg/icedtea-web: 3 new changesets
jvanek at icedtea.classpath.org
jvanek at icedtea.classpath.org
Wed Apr 15 08:44:10 UTC 2015
changeset 4382cb0e63d2 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=4382cb0e63d2
author: Jiri Vanek <jvanek at redhat.com>
date: Wed Apr 15 10:12:09 2015 +0200
User is now prompted on unknown password to keystore
* netx/net/sourceforge/jnlp/security/KeyStores.java: Operations above keystores moved to calls to SecurityUtil.storeKeyStore/loadKeyStore
* netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java: same
* netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java: same
* netx/net/sourceforge/jnlp/security/SecurityUtil.java: (initKeyManagerFactory) setKeyEntry) (getKey) (loadKeyStore) (setKeyEntry/storeKeyStore) refactored to use unified call to unlockKeystore. Added inner class KeystorePasswordAttempter which is reponsible for attempting several passwrods and to ask user if fail.
changeset 3a2bcf0e60d9 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=3a2bcf0e60d9
author: Jiri Vanek <jvanek at redhat.com>
date: Wed Apr 15 10:36:09 2015 +0200
KeystorePasswordAttempter moved to outer class. Added comments and prevention about possible null password writing to keystore. KeystorePasswordAttempter made much more object-like.
changeset 40d37c2486a0 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=40d37c2486a0
author: Jiri Vanek <jvanek at redhat.com>
date: Wed Apr 15 10:43:53 2015 +0200
jnlp-signing mechanism now uses general parser (and so also tagsoup if enabled)
* netx/net/sourceforge/jnlp/JNLPMatcher.java: removed redundant code to laod xmls and used Parser.getRootNode rather. Added same brackets to if statements. Added parameter of ParserSettings to
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: same.
* tests/netx/unit/net/sourceforge/jnlp/JNLPMatcherTest.java: refactored to autoclseable and to never use tagsoup.
* tests/netx/unit/net/sourceforge/jnlp/JNLPMatcherTestMallformedAllowed.java: new file, copy of JNLPMatcherTest. But always using tagsoup (if available)
diffstat:
ChangeLog | 42 +
netx/net/sourceforge/jnlp/JNLPMatcher.java | 76 +-
netx/net/sourceforge/jnlp/resources/Messages.properties | 6 +
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 59 +-
netx/net/sourceforge/jnlp/security/KeyStores.java | 10 +-
netx/net/sourceforge/jnlp/security/KeystorePasswordAttempter.java | 206 ++++
netx/net/sourceforge/jnlp/security/SecurityUtil.java | 143 ++-
netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java | 16 +-
netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java | 14 +-
tests/netx/unit/net/sourceforge/jnlp/JNLPMatcherTest.java | 426 +++------
tests/netx/unit/net/sourceforge/jnlp/JNLPMatcherTestMallformedAllowed.java | 340 +++++++
tests/netx/unit/net/sourceforge/jnlp/ParserCornerCases.java | 26 +
12 files changed, 928 insertions(+), 436 deletions(-)
diffs (truncated from 1798 to 500 lines):
diff -r 039af1289ac9 -r 40d37c2486a0 ChangeLog
--- a/ChangeLog Mon Apr 13 11:25:58 2015 -0400
+++ b/ChangeLog Wed Apr 15 10:43:53 2015 +0200
@@ -1,3 +1,45 @@
+2015-04-15 Jiri Vanek <jvanek at redhat.com>
+
+ jnlp-signing mechanism now uses general parser (and so also tagsoup if enabled)
+ * netx/net/sourceforge/jnlp/JNLPMatcher.java: removed redundant code to laod xmls
+ and used Parser.getRootNode rather. Added same brackets to if statements. Added
+ parameter of ParserSettings to
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: same.
+ * tests/netx/unit/net/sourceforge/jnlp/JNLPMatcherTest.java: refactored to
+ autoclseable and to never use tagsoup.
+ * tests/netx/unit/net/sourceforge/jnlp/JNLPMatcherTestMallformedAllowed.java:
+ new file, copy of JNLPMatcherTest. But always using tagsoup (if available)
+
+2015-04-15 Jiri Vanek <jvanek at redhat.com>
+
+ KeystorePasswordAttempter moved to outer class. Added comments and prevention
+ about possible null password writing to keystore. KeystorePasswordAttempter
+ made much more object-like.
+ * netx/net/sourceforge/jnlp/resources/Messages.properties: added KSresultUntilNow
+ KSinvalidPassword KSheadlesWarning KSnwPassHelp keys for keystore prompt
+ * netx/net/sourceforge/jnlp/security/KeyStores.java: operation on keystores
+ moved from stream to file
+ * netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java: same +
+ removal of unused fields and imports
+ * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java: same
+ * netx/net/sourceforge/jnlp/security/SecurityUtil.java: same. Also get rid
+ of default password - moved to KeystorePasswordAttempter. (initKeyManagerFactory)
+ (setKeyEntry) (getKey) (loadKeyStore) (storeKeyStore) moved from enum and switch to
+ runnable like approach.
+ * netx/net/sourceforge/jnlp/security/KeystorePasswordAttempter.java: moved from inner
+
+2015-04-15 Jiri Vanek <jvanek at redhat.com>
+
+ User is now prompted on unknown password to keystore
+ * netx/net/sourceforge/jnlp/security/KeyStores.java: Operations above keystores
+ moved to calls to SecurityUtil.storeKeyStore/loadKeyStore
+ * netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java: same
+ * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java: same
+ * netx/net/sourceforge/jnlp/security/SecurityUtil.java: (initKeyManagerFactory)
+ (setKeyEntry) (getKey) (loadKeyStore) (setKeyEntry/storeKeyStore) refactored
+ to use unified call to unlockKeystore. Added inner class KeystorePasswordAttempter
+ which is responsible for attempting several passwords and to ask user if fail.
+
2015-04-13 Jie Kang <jkang at redhat.com>
Increase server timeout for remote reproducers
diff -r 039af1289ac9 -r 40d37c2486a0 netx/net/sourceforge/jnlp/JNLPMatcher.java
--- a/netx/net/sourceforge/jnlp/JNLPMatcher.java Mon Apr 13 11:25:58 2015 -0400
+++ b/netx/net/sourceforge/jnlp/JNLPMatcher.java Wed Apr 15 10:43:53 2015 +0200
@@ -73,56 +73,30 @@
* the reader stream of the launching JNLP file
* @param isTemplate
* a boolean that specifies if appTemplateFile is a template
+ * @param p settings of parser
* @throws JNLPMatcherException
* if IOException, XMLParseException is thrown during parsing;
* Or launchJNLP/appTemplate is null
*/
- public JNLPMatcher(Reader appTemplate, Reader launchJNLP,
- boolean isTemplate) throws JNLPMatcherException {
+ public JNLPMatcher(InputStream appTemplate, InputStream launchJNLP,
+ boolean isTemplate, ParserSettings p) throws JNLPMatcherException {
if (appTemplate == null && launchJNLP == null)
- throw new JNLPMatcherException(
- "Template JNLP file and Launching JNLP file are both null.");
+ throw new JNLPMatcherException("Template JNLP file and Launching JNLP file are both null.");
else if (appTemplate == null)
throw new JNLPMatcherException("Template JNLP file is null.");
else if (launchJNLP == null)
throw new JNLPMatcherException("Launching JNLP file is null.");
-
- //Declare variables for signed JNLP file
- ByteArrayOutputStream poutTemplate= null;
-
- //Declare variables for launching JNLP file
- ByteArrayOutputStream poutJNLPFile = null;
-
+
try {
- XMLElement appTemplateXML = new XMLElement();
- XMLElement launchJNLPXML = new XMLElement();
-
- // Remove the comments and CDATA from the JNLP file
- poutTemplate = new ByteArrayOutputStream();
- appTemplateXML.sanitizeInput(appTemplate, poutTemplate);
-
- poutJNLPFile = new ByteArrayOutputStream();
- launchJNLPXML.sanitizeInput(launchJNLP, poutJNLPFile);
-
- // Parse both files
- appTemplateXML.parseFromReader(new StringReader(poutTemplate.toString()));
- launchJNLPXML.parseFromReader(new StringReader(poutJNLPFile.toString()));
-
- // Initialize parent nodes
- this.appTemplateNode = new Node(appTemplateXML);
- this.launchJNLPNode = new Node(launchJNLPXML);
+ this.appTemplateNode = Parser.getRootNode(appTemplate, p);
+ this.launchJNLPNode = Parser.getRootNode(launchJNLP, p);
this.isTemplate = isTemplate;
-
} catch (Exception e) {
- throw new JNLPMatcherException(
- "Failed to create an instance of JNLPVerify with specified InputStreamReader",
- e);
+ throw new JNLPMatcherException("Failed to create an instance of JNLPVerify with specified InputStreamReader", e);
} finally {
- // Close all stream
- closeOutputStream(poutTemplate);
-
- closeOutputStream(poutJNLPFile);
+ closeInputStream(appTemplate);
+ closeInputStream(launchJNLP);
}
}
@@ -155,10 +129,8 @@
Node templateNode = appTemplate;
Node launchNode = launchJNLP;
// Store children of Node
- List<Node> appTemplateChild = new LinkedList<Node>(Arrays.asList(templateNode
- .getChildNodes()));
- List<Node> launchJNLPChild = new LinkedList<Node>(Arrays.asList(launchNode
- .getChildNodes()));
+ List<Node> appTemplateChild = new LinkedList<>(Arrays.asList(templateNode.getChildNodes()));
+ List<Node> launchJNLPChild = new LinkedList<>(Arrays.asList(launchNode.getChildNodes()));
// Compare only if both Nodes have the same name, else return false
if (templateNode.getNodeName().equals(launchNode.getNodeName())) {
@@ -170,12 +142,10 @@
for (int i = 0; i < childLength;) {
for (int j = 0; j < childLength; j++) {
- boolean isSame = matchNodes(appTemplateChild.get(i),
- launchJNLPChild.get(j));
-
- if (!isSame && j == childLength - 1)
+ boolean isSame = matchNodes(appTemplateChild.get(i), launchJNLPChild.get(j));
+ if (!isSame && j == childLength - 1) {
return false;
- else if (isSame) { // If both child matches, remove them from the list of children
+ } else if (isSame) { // If both child matches, remove them from the list of children
appTemplateChild.remove(i);
launchJNLPChild.remove(j);
--childLength;
@@ -187,11 +157,13 @@
if (!templateNode.getNodeValue().equals(launchNode.getNodeValue())) {
// If it's a template and the template's value is NOT '*'
- if (isTemplate && !templateNode.getNodeValue().equals("*"))
+ if (isTemplate && !templateNode.getNodeValue().equals("*")) {
return false;
+ }
// Else if it's not a template, then return false
- else if (!isTemplate)
+ else if (!isTemplate) {
return false;
+ }
}
// Compare attributes of both Nodes
return matchAttributes(templateNode, launchNode);
@@ -233,15 +205,15 @@
boolean isSame = templateNode.getAttribute(attribute).equals( // Check if the Attribute values match
launchNode.getAttribute(attribute));
- if (!isTemplate && !isSame)
+ if (!isTemplate && !isSame) {
return false;
- else if (isTemplate && !isSame
- && !templateNode.getAttribute(attribute).equals("*"))
+ } else if (isTemplate && !isSame && !templateNode.getAttribute(attribute).equals("*")) {
return false;
-
- } else
+ }
+ } else {
// If attributes names do not match, return false
return false;
+ }
}
return true;
}
diff -r 039af1289ac9 -r 40d37c2486a0 netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Apr 13 11:25:58 2015 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Wed Apr 15 10:43:53 2015 +0200
@@ -522,6 +522,12 @@
KSJsseCaCerts=Trusted JSSE Root CA Certificates
KSClientCerts=Client Authentication Certificates
+# KeyStores: set password
+KSresultUntilNow=Got {0} during keystore operation {1}. Attempts to unlock: {2}
+KSinvalidPassword=Invalid password?
+KSheadlesWarning=Headless mode currently does not support runtime-passwords
+KSnwPassHelp=Type new password and press ok. Give up by pressing anything else.
+
# Deployment Configuration messages
DCIncorrectValue=Property "{0}" has incorrect value "{1}". Possible values {2}.
DCInternal=Internal error: {0}
diff -r 039af1289ac9 -r 40d37c2486a0 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Mon Apr 13 11:25:58 2015 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Apr 15 10:43:53 2015 +0200
@@ -18,11 +18,10 @@
import static net.sourceforge.jnlp.runtime.Translator.R;
import java.io.File;
+import java.io.FileInputStream;
import java.io.FileOutputStream;
-import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
-import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.SocketPermission;
import java.net.URL;
@@ -967,12 +966,6 @@
List<JARDesc> desc = new ArrayList<>();
desc.add(jarDesc);
- // Initialize streams
- InputStream inStream = null;
- InputStreamReader inputReader = null;
- FileReader fr = null;
- InputStreamReader jnlpReader = null;
-
try {
// NOTE: verification should have happened by now. In other words,
// calling jcv.verifyJars(desc, tracker) here should have no affect.
@@ -982,41 +975,27 @@
String jeName = je.getName().toUpperCase();
if (jeName.equals(TEMPLATE) || jeName.equals(APPLICATION)) {
+ OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Creating Jar InputStream from JarEntry");
+ InputStream inStream = jarFile.getInputStream(je);
+ OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Creating File InputStream from lauching JNLP file");
+ JNLPFile jnlp = this.getJNLPFile();
+ File jn;
+ // If the file is on the local file system, use original path, otherwise find cached file
+ if (jnlp.getFileLocation().getProtocol().toLowerCase().equals("file")) {
+ jn = new File(jnlp.getFileLocation().getPath());
+ } else {
+ jn = CacheUtil.getCacheFile(jnlp.getFileLocation(), null);
+ }
- OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Creating Jar InputStream from JarEntry");
-
- inStream = jarFile.getInputStream(je);
- inputReader = new InputStreamReader(inStream);
-
- OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Creating File InputStream from lauching JNLP file");
-
- JNLPFile jnlp = this.getJNLPFile();
- URL url = jnlp.getFileLocation();
- File jn = null;
-
- // If the file is on the local file system, use original path, otherwise find cached file
- if (url.getProtocol().toLowerCase().equals("file"))
- jn = new File(url.getPath());
- else
- jn = CacheUtil.getCacheFile(url, null);
-
- fr = new FileReader(jn);
- jnlpReader = fr;
-
- // Initialize JNLPMatcher class
+ InputStream jnlpStream = new FileInputStream(jn);
JNLPMatcher matcher;
-
if (jeName.equals(APPLICATION)) { // If signed application was found
OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "APPLICATION.JNLP has been located within signed JAR. Starting verfication...");
-
- matcher = new JNLPMatcher(inputReader, jnlpReader, false);
+ matcher = new JNLPMatcher(inStream, jnlpStream, false, jnlp.getParserSettings());
} else { // Otherwise template was found
OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "APPLICATION_TEMPLATE.JNLP has been located within signed JAR. Starting verfication...");
-
- matcher = new JNLPMatcher(inputReader, jnlpReader,
- true);
+ matcher = new JNLPMatcher(inStream, jnlpStream, true, jnlp.getParserSettings());
}
-
// If signed JNLP file does not matches launching JNLP file, throw JNLPMatcherException
if (!matcher.isMatch())
throw new JNLPMatcherException("Signed Application did not match launching JNLP File");
@@ -1054,15 +1033,7 @@
* skip the check for a signed JNLP file
*/
- } finally {
-
- //Close all streams
- StreamUtils.closeSilently(inStream);
- StreamUtils.closeSilently(inputReader);
- StreamUtils.closeSilently(fr);
- StreamUtils.closeSilently(jnlpReader);
}
-
OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Ending check for signed JNLP file...");
}
diff -r 039af1289ac9 -r 40d37c2486a0 netx/net/sourceforge/jnlp/security/KeyStores.java
--- a/netx/net/sourceforge/jnlp/security/KeyStores.java Mon Apr 13 11:25:58 2015 -0400
+++ b/netx/net/sourceforge/jnlp/security/KeyStores.java Wed Apr 15 10:43:53 2015 +0200
@@ -39,7 +39,6 @@
import java.io.File;
import java.io.FileInputStream;
-import java.io.FileOutputStream;
import java.io.IOException;
import java.security.AllPermission;
import java.security.KeyStore;
@@ -340,17 +339,12 @@
ks = KeyStore.getInstance(KEYSTORE_TYPE);
SecurityUtil.loadKeyStore(ks, null);
- FileOutputStream fos = new FileOutputStream(file);
- SecurityUtil.keyStoreStore(ks, fos);
- fos.close();
+ SecurityUtil.storeKeyStore(ks, file);
}
- // TODO catch exception when password is incorrect and prompt user
-
if (file.exists()) {
- fis = new FileInputStream(file);
ks = KeyStore.getInstance(KEYSTORE_TYPE);
- SecurityUtil.loadKeyStore(ks, fis);
+ SecurityUtil.loadKeyStore(ks, file);
} else {
ks = KeyStore.getInstance(KEYSTORE_TYPE);
SecurityUtil.loadKeyStore(ks, null);
diff -r 039af1289ac9 -r 40d37c2486a0 netx/net/sourceforge/jnlp/security/KeystorePasswordAttempter.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/netx/net/sourceforge/jnlp/security/KeystorePasswordAttempter.java Wed Apr 15 10:43:53 2015 +0200
@@ -0,0 +1,206 @@
+/* CertificatePane.java
+ Copyright (C) 2015 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING. If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library. Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module. An independent module is a module which is not derived from
+ or based on this library. If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so. If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+package net.sourceforge.jnlp.security;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import javax.net.ssl.KeyManagerFactory;
+import javax.swing.JOptionPane;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
+import net.sourceforge.jnlp.runtime.Translator;
+import net.sourceforge.jnlp.util.logging.OutputController;
+
+class KeystorePasswordAttempter {
+
+ private static final char[] DEFAULT_PASSWORD = "changeit".toCharArray();
+
+ private static char[] getTrustedCertsPassword() {
+ return DEFAULT_PASSWORD;
+ }
+
+ static class SavedPassword {
+
+ private final char[] pass;
+
+ public SavedPassword(char[] pass) {
+ this.pass = pass;
+ }
+ }
+
+ /**
+ * This password can read any keystore. But if you save with him, integrity
+ * of keystore will be lsot for ever.
+ */
+ static class AllmightyPassword extends SavedPassword {
+
+ public AllmightyPassword() {
+ super(null);
+ }
+
+ }
+
+ static abstract class KeystoreOperation {
+
+ protected final KeyManagerFactory kmf;
+ protected final KeyStore ks;
+ protected final String alias;
+ protected final Key key;
+ protected final Certificate[] certChain;
+ protected final File f;
+
+ public KeystoreOperation(KeyStore ks, File f) {
+ this(null, ks, null, null, null, f);
+ }
+
+ public KeystoreOperation(KeyStore ks, String alias, Key key, Certificate[] certChain) {
+ this(null, ks, alias, key, certChain, null);
+ }
+
+ public KeystoreOperation(KeyStore ks, String alias, Key key, Certificate[] certChain, File f) {
+ this(null, ks, alias, key, certChain, f);
+ }
+
+ public KeystoreOperation(KeyManagerFactory kmf, KeyStore ks) {
+ this(kmf, ks, null, null, null, null);
+ }
+
+ public KeystoreOperation(KeyManagerFactory kmf, KeyStore ks, String alias, Key key, Certificate[] certChain, File f) {
+ this.kmf = kmf;
+ this.ks = ks;
+ this.alias = alias;
+ this.key = key;
+ this.certChain = certChain;
+ this.f = f;
+ }
+
+ abstract Key operateKeystore(char[] pass) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, IOException, CertificateException;
+
+ abstract String getId();
+
+ }
+ //static final KeystorePasswordAttempter INSTANCE = new KeystorePasswordAttempter(new SavedPassword(getTrustedCertsPassword()), new AllmightyPassword());
+ static final KeystorePasswordAttempter INSTANCE = new KeystorePasswordAttempter(new SavedPassword(getTrustedCertsPassword()));
+ private final List<SavedPassword> passes;
+ private final Map<KeyStore, SavedPassword> sucesfullPerKeystore = new HashMap<>();
+
+ private KeystorePasswordAttempter(SavedPassword... initialPasswords) {
+ passes = new ArrayList<>(initialPasswords.length);
+ passes.addAll(Arrays.asList(initialPasswords));
+ }
+
+ Key unlockKeystore(KeystoreOperation operation) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, IOException, CertificateException {
+ SavedPassword sucessfullKey = sucesfullPerKeystore.get(operation.ks);
+ Exception firstEx = null;
+ String messages = "";
+ List<SavedPassword> localPases = new ArrayList<>();
+ if (sucessfullKey != null){
+ //sucessfull must be firts. If it is not, then writing to keystore by illegal password, will kill kesytore's integrity
+ localPases.add(sucessfullKey);
+ }
+ localPases.addAll(passes);
+ for (int i = 0; i < localPases.size(); i++) {
+ SavedPassword pass = localPases.get(i);
+ try {
+ //we expect, that any keystore is loaded before readed.
+ //so we are wrting by correct password
+ //if no sucessfull passwrod was provided during rading, then finish(firstEx); will save us from overwrite
+ Key result = operation.operateKeystore(pass.pass);
+ //ok we were sucessfull
+ //save the loading password for storing purposes (and another reading too)
+ sucesfullPerKeystore.put(operation.ks, pass);
+ return result;
+ } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | IOException | CertificateException ex) {
+ if (firstEx == null) {
+ firstEx = ex;
+ }
+ messages += "'" + ex.getMessage() + "' ";
+ OutputController.getLogger().log(ex);
More information about the distro-pkg-dev
mailing list