check write permission just before write to keystore

Co-authored-by: Ralf Pannemans <[email protected]>

certificate_loader.go

@@ -29,7 +29,6 @@ import (
 
 	"github.com/paketo-buildpacks/libpak/v2/log"
 	"github.com/paketo-buildpacks/libpak/v2/sherpa"
-	"golang.org/x/sys/unix"
 )
 
 const DefaultCertFile = "/etc/ssl/certs/ca-certificates.crt"
@@ -59,10 +58,6 @@ func NewCertificateLoader(logger log.Logger) CertificateLoader {
 }
 
 func (c *CertificateLoader) Load(path string, password string) error {
-	if unix.Access(path, unix.W_OK) != nil {
-		return nil
-	}
-
 	ks, err := DetectKeystore(path)
 	if err != nil {
 		return err

keystore.go

@@ -24,6 +24,7 @@ import (
 	"os"
 
 	"github.com/pavlo-v-chernykh/keystore-go/v4"
+	"golang.org/x/sys/unix"
 	"software.sslmate.com/src/go-pkcs12"
 )
 
@@ -90,6 +91,10 @@ func (k *JKSKeystore) Add(name string, b *pem.Block) error {
 }
 
 func (k *JKSKeystore) Write() error {
+	if unix.Access(k.location, unix.W_OK) != nil {
+		return nil
+	}
+
 	out, err := os.OpenFile(k.location, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
 	if err != nil {
 		return fmt.Errorf("unable to open %s\n%w", k.location, err)
@@ -154,6 +159,10 @@ func (k *PasswordLessPKCS12Keystore) Add(name string, b *pem.Block) error {
 }
 
 func (k *PasswordLessPKCS12Keystore) Write() error {
+	if unix.Access(k.location, unix.W_OK) != nil {
+		return nil
+	}
+
 	out, err := os.OpenFile(k.location, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
 	if err != nil {
 		return err