From ed82d53029e7391bfcf7938ddbeee039d25bebb4 Mon Sep 17 00:00:00 2001
From: Emmanuel Bourg <ebourg@apache.org>
Date: Thu, 14 Nov 2024 19:08:58 +0100
Subject: [PATCH] Removed KeyStoreType.reuseKeyStorePassword()

---
 .../src/test/java/net/jsign/JsignCLITest.java | 11 ++++++++
 .../src/main/java/net/jsign/SignerHelper.java |  7 +----
 .../src/main/java/net/jsign/KeyStoreType.java | 27 +++++++++----------
 3 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/jsign-cli/src/test/java/net/jsign/JsignCLITest.java b/jsign-cli/src/test/java/net/jsign/JsignCLITest.java
index 7b23a4c9..cff9d852 100644
--- a/jsign-cli/src/test/java/net/jsign/JsignCLITest.java
+++ b/jsign-cli/src/test/java/net/jsign/JsignCLITest.java
@@ -327,6 +327,17 @@ public void testSigningJCEKS() throws Exception {
         }
     }
 
+    @Test
+    public void testSigningJKS() throws Exception {
+        cli.execute("--name=WinEyes", "--url=http://www.steelblue.com/WinEyes", "--alg=SHA-256", "--keystore=target/test-classes/keystores/keystore.jks", "--alias=test", "--storepass=password", "" + targetFile);
+
+        assertTrue("The file " + targetFile + " wasn't changed", SOURCE_FILE_CRC32 != FileUtils.checksumCRC32(targetFile));
+
+        try (PEFile peFile = new PEFile(targetFile)) {
+            SignatureAssert.assertSigned(peFile, SHA256);
+        }
+    }
+
     @Test
     public void testSigningPVKSPC() throws Exception {
         cli.execute("--url=http://www.steelblue.com/WinEyes", "--certfile=target/test-classes/keystores/jsign-test-certificate-full-chain.spc", "--keyfile=target/test-classes/keystores/privatekey-encrypted.pvk", "--storepass=password", "" + targetFile);
diff --git a/jsign-core/src/main/java/net/jsign/SignerHelper.java b/jsign-core/src/main/java/net/jsign/SignerHelper.java
index 2e372768..99b66019 100644
--- a/jsign-core/src/main/java/net/jsign/SignerHelper.java
+++ b/jsign-core/src/main/java/net/jsign/SignerHelper.java
@@ -383,13 +383,8 @@ private AuthenticodeSigner build() throws SignerException {
             }
         }
 
-        String storepass = ksparams.storepass();
         String keypass = ksparams.keypass();
-        char[] password = keypass != null ? keypass.toCharArray() : null;
-        if (password == null && storepass != null && storetype.reuseKeyStorePassword()) {
-            // use the storepass as the keypass
-            password = storepass.toCharArray();
-        }
+        char[] password = keypass != null ? keypass.toCharArray() : new char[0];
 
         PrivateKey privateKey;
         try {
diff --git a/jsign-crypto/src/main/java/net/jsign/KeyStoreType.java b/jsign-crypto/src/main/java/net/jsign/KeyStoreType.java
index 53472ea9..3f92aa29 100644
--- a/jsign-crypto/src/main/java/net/jsign/KeyStoreType.java
+++ b/jsign-crypto/src/main/java/net/jsign/KeyStoreType.java
@@ -100,9 +100,6 @@ KeyStore getKeystore(KeyStoreBuilder params, Provider provider) throws KeyStoreE
             try {
                 ks.load(null, null);
                 String keypass = params.keypass();
-                if (keypass == null) {
-                    keypass = params.storepass();
-                }
                 ks.setKeyEntry("jsign", privateKey, keypass != null ? keypass.toCharArray() : new char[0], chain);
             } catch (Exception e) {
                 throw new KeyStoreException(e);
@@ -122,6 +119,10 @@ void validate(KeyStoreBuilder params) {
             if (!params.createFile(params.keystore()).exists()) {
                 throw new IllegalArgumentException("The keystore " + params.keystore() + " couldn't be found");
             }
+            if (params.keypass() == null && params.storepass() != null) {
+                // reuse the storepass as the keypass
+                params.keypass(params.storepass());
+            }
         }
     },
 
@@ -135,6 +136,10 @@ void validate(KeyStoreBuilder params) {
             if (!params.createFile(params.keystore()).exists()) {
                 throw new IllegalArgumentException("The keystore " + params.keystore() + " couldn't be found");
             }
+            if (params.keypass() == null && params.storepass() != null) {
+                // reuse the storepass as the keypass
+                params.keypass(params.storepass());
+            }
         }
     },
 
@@ -148,6 +153,10 @@ void validate(KeyStoreBuilder params) {
             if (!params.createFile(params.keystore()).exists()) {
                 throw new IllegalArgumentException("The keystore " + params.keystore() + " couldn't be found");
             }
+            if (params.keypass() == null && params.storepass() != null) {
+                // reuse the storepass as the keypass
+                params.keypass(params.storepass());
+            }
         }
     },
 
@@ -385,11 +394,6 @@ Provider getProvider(KeyStoreBuilder params) {
                 throw new IllegalStateException("Authentication failed with SSL.com", e);
             }
         }
-
-        @Override
-        boolean reuseKeyStorePassword() {
-            return false;
-        }
     },
 
     /**
@@ -656,13 +660,6 @@ Set<String> getAliases(KeyStore keystore) throws KeyStoreException {
         return new LinkedHashSet<>(Collections.list(keystore.aliases()));
     }
 
-    /**
-     * Tells if the keystore password can be reused as the key password.
-     */
-    boolean reuseKeyStorePassword() {
-        return true;
-    }
-
     /**
      * Guess the type of the keystore from the header or the extension of the file.
      *