fix(plugins): block duplicate import, improve error messages and security tips

- Reject duplicate-address import by default, add --force flag to override
- Add friendly error messages when --password-file or --key-file not found
- Print security tips after keystore new/import (aligned with geth output)
- Add file existence checks in KeystoreCliUtils and KeystoreUpdate

Author: Barbatos

plugins/src/main/java/common/org/tron/plugins/KeystoreCliUtils.java

@@ -30,6 +30,11 @@ private KeystoreCliUtils() {
 
   static String readPassword(File passwordFile) throws IOException {
     if (passwordFile != null) {
+      if (!passwordFile.exists()) {
+        System.err.println("Password file not found: " + passwordFile.getPath()
+            + ". Omit --password-file for interactive input.");
+        return null;
+      }
       if (passwordFile.length() > MAX_FILE_SIZE) {
         System.err.println("Password file too large (max 1KB).");
         return null;
@@ -133,6 +138,33 @@ static String stripLineEndings(String s) {
     return s.substring(0, end);
   }
 
+  static boolean checkFileExists(File file, String label) {
+    if (file != null && !file.exists()) {
+      System.err.println(label + " not found: " + file.getPath());
+      return false;
+    }
+    return true;
+  }
+
+  static void printSecurityTips(String address, String fileName) {
+    System.out.println();
+    System.out.println("Public address of the key:   " + address);
+    System.out.println("Path of the secret key file: " + fileName);
+    System.out.println();
+    System.out.println(
+        "- You can share your public address with anyone."
+            + " Others need it to interact with you.");
+    System.out.println(
+        "- You must NEVER share the secret key with anyone!"
+            + " The key controls access to your funds!");
+    System.out.println(
+        "- You must BACKUP your key file!"
+            + " Without the key, it's impossible to access account funds!");
+    System.out.println(
+        "- You must REMEMBER your password!"
+            + " Without the password, it's impossible to decrypt the key!");
+  }
+
   static void setOwnerOnly(File file) {
     try {
       Files.setPosixFilePermissions(file.toPath(), OWNER_ONLY);

plugins/src/main/java/common/org/tron/plugins/KeystoreImport.java

@@ -43,9 +43,16 @@ public class KeystoreImport implements Callable<Integer> {
       description = "Use SM2 algorithm instead of ECDSA")
   private boolean sm2;
 
+  @Option(names = {"--force"},
+      description = "Allow import even if address already exists")
+  private boolean force;
+
   @Override
   public Integer call() {
     try {
+      if (!KeystoreCliUtils.checkFileExists(keyFile, "Key file")) {
+        return 1;
+      }
       KeystoreCliUtils.ensureDirectory(keystoreDir);
 
       String privateKey = readPrivateKey();
@@ -77,15 +84,22 @@ public Integer call() {
         return 1;
       }
       String address = Credentials.create(keyPair).getAddress();
-      warnIfAddressExists(keystoreDir, address);
+      String existingFile = findExistingKeystore(keystoreDir, address);
+      if (existingFile != null && !force) {
+        System.err.println("Keystore for address " + address
+            + " already exists: " + existingFile
+            + ". Use --force to import anyway.");
+        return 1;
+      }
       String fileName = WalletUtils.generateWalletFile(password, keyPair, keystoreDir, true);
       KeystoreCliUtils.setOwnerOnly(new File(keystoreDir, fileName));
       if (json) {
         KeystoreCliUtils.printJson(KeystoreCliUtils.jsonMap(
             "address", address, "file", fileName));
       } else {
-        System.out.println("Imported keystore: " + fileName);
-        System.out.println("Address: " + address);
+        System.out.println("Imported keystore successfully");
+        KeystoreCliUtils.printSecurityTips(address,
+            new File(keystoreDir, fileName).getPath());
       }
       return 0;
     } catch (CipherException e) {
@@ -137,13 +151,13 @@ private boolean isValidPrivateKey(String key) {
     return !StringUtils.isEmpty(key) && HEX_PATTERN.matcher(key).matches();
   }
 
-  private void warnIfAddressExists(File dir, String address) {
+  private String findExistingKeystore(File dir, String address) {
     if (!dir.exists() || !dir.isDirectory()) {
-      return;
+      return null;
     }
     File[] files = dir.listFiles((d, name) -> name.endsWith(".json"));
     if (files == null) {
-      return;
+      return null;
     }
     com.fasterxml.jackson.databind.ObjectMapper mapper =
         KeystoreCliUtils.mapper();
@@ -152,13 +166,12 @@ private void warnIfAddressExists(File dir, String address) {
         org.tron.keystore.WalletFile wf =
             mapper.readValue(file, org.tron.keystore.WalletFile.class);
         if (address.equals(wf.getAddress())) {
-          System.err.println("WARNING: keystore for address "
-              + address + " already exists: " + file.getName());
-          return;
+          return file.getName();
         }
       } catch (Exception e) {
         // Skip invalid files
       }
     }
+    return null;
   }
 }

plugins/src/main/java/common/org/tron/plugins/KeystoreNew.java

@@ -53,8 +53,9 @@ public Integer call() {
         KeystoreCliUtils.printJson(KeystoreCliUtils.jsonMap(
             "address", address, "file", fileName));
       } else {
-        System.out.println("Generated keystore: " + fileName);
-        System.out.println("Address: " + address);
+        System.out.println("Your new key was generated");
+        KeystoreCliUtils.printSecurityTips(address,
+            new File(keystoreDir, fileName).getPath());
       }
       return 0;
     } catch (CipherException e) {

plugins/src/main/java/common/org/tron/plugins/KeystoreUpdate.java

@@ -59,6 +59,11 @@ public Integer call() {
       String newPassword;
 
       if (passwordFile != null) {
+        if (!passwordFile.exists()) {
+          System.err.println("Password file not found: " + passwordFile.getPath()
+              + ". Omit --password-file for interactive input.");
+          return 1;
+        }
         if (passwordFile.length() > 1024) {
           System.err.println("Password file too large (max 1KB).");
           return 1;

plugins/src/test/java/org/tron/plugins/KeystoreImportTest.java

@@ -174,7 +174,7 @@ public void testImportKeyFileWithWhitespace() throws Exception {
   }
 
   @Test
-  public void testImportDuplicateAddress() throws Exception {
+  public void testImportDuplicateAddressBlocked() throws Exception {
     File dir = tempFolder.newFolder("keystore-dup");
     SignInterface keyPair = SignUtils.getGeneratedRandomSign(
         SecureRandom.getInstance("NativePRNG"), true);
@@ -185,22 +185,70 @@ public void testImportDuplicateAddress() throws Exception {
     File pwFile = tempFolder.newFile("pw-dup.txt");
     Files.write(pwFile.toPath(), "test123456".getBytes(StandardCharsets.UTF_8));
 
-    // Import same key twice
+    // First import succeeds
     CommandLine cmd1 = new CommandLine(new Toolkit());
     assertEquals(0, cmd1.execute("keystore", "import",
         "--keystore-dir", dir.getAbsolutePath(),
         "--key-file", keyFile.getAbsolutePath(),
         "--password-file", pwFile.getAbsolutePath()));
 
+    // Second import of same key is blocked
     CommandLine cmd2 = new CommandLine(new Toolkit());
-    assertEquals(0, cmd2.execute("keystore", "import",
+    assertEquals("Duplicate import should be blocked", 1,
+        cmd2.execute("keystore", "import",
+            "--keystore-dir", dir.getAbsolutePath(),
+            "--key-file", keyFile.getAbsolutePath(),
+            "--password-file", pwFile.getAbsolutePath()));
+
+    File[] files = dir.listFiles((d, name) -> name.endsWith(".json"));
+    assertNotNull(files);
+    assertEquals("Should still have only 1 keystore", 1, files.length);
+  }
+
+  @Test
+  public void testImportDuplicateAddressWithForce() throws Exception {
+    File dir = tempFolder.newFolder("keystore-force");
+    SignInterface keyPair = SignUtils.getGeneratedRandomSign(
+        SecureRandom.getInstance("NativePRNG"), true);
+    String privateKeyHex = ByteArray.toHexString(keyPair.getPrivateKey());
+
+    File keyFile = tempFolder.newFile("force.key");
+    Files.write(keyFile.toPath(), privateKeyHex.getBytes(StandardCharsets.UTF_8));
+    File pwFile = tempFolder.newFile("pw-force.txt");
+    Files.write(pwFile.toPath(), "test123456".getBytes(StandardCharsets.UTF_8));
+
+    // First import
+    CommandLine cmd1 = new CommandLine(new Toolkit());
+    assertEquals(0, cmd1.execute("keystore", "import",
         "--keystore-dir", dir.getAbsolutePath(),
         "--key-file", keyFile.getAbsolutePath(),
         "--password-file", pwFile.getAbsolutePath()));
 
-    // Should create two separate files (timestamped names differ)
+    // Second import with --force succeeds
+    CommandLine cmd2 = new CommandLine(new Toolkit());
+    assertEquals(0, cmd2.execute("keystore", "import",
+        "--keystore-dir", dir.getAbsolutePath(),
+        "--key-file", keyFile.getAbsolutePath(),
+        "--password-file", pwFile.getAbsolutePath(),
+        "--force"));
+
     File[] files = dir.listFiles((d, name) -> name.endsWith(".json"));
     assertNotNull(files);
-    assertEquals("Duplicate import should create 2 separate files", 2, files.length);
+    assertEquals("Force import should create 2 files", 2, files.length);
+  }
+
+  @Test
+  public void testImportKeyFileNotFound() throws Exception {
+    File dir = tempFolder.newFolder("keystore-nokey");
+    File pwFile = tempFolder.newFile("pw-nokey.txt");
+    Files.write(pwFile.toPath(), "test123456".getBytes(StandardCharsets.UTF_8));
+
+    CommandLine cmd = new CommandLine(new Toolkit());
+    int exitCode = cmd.execute("keystore", "import",
+        "--keystore-dir", dir.getAbsolutePath(),
+        "--key-file", "/tmp/nonexistent-key-file.txt",
+        "--password-file", pwFile.getAbsolutePath());
+
+    assertEquals("Should fail when key file not found", 1, exitCode);
   }
 }

plugins/src/test/java/org/tron/plugins/KeystoreNewTest.java

@@ -180,6 +180,18 @@ public void testNewKeystoreSpecialCharPassword() throws Exception {
     assertNotNull(creds.getAddress());
   }
 
+  @Test
+  public void testNewKeystorePasswordFileNotFound() throws Exception {
+    File dir = tempFolder.newFolder("keystore-nopw");
+
+    CommandLine cmd = new CommandLine(new Toolkit());
+    int exitCode = cmd.execute("keystore", "new",
+        "--keystore-dir", dir.getAbsolutePath(),
+        "--password-file", "/tmp/nonexistent-pw.txt");
+
+    assertEquals("Should fail when password file not found", 1, exitCode);
+  }
+
   @Test
   public void testNewKeystoreDirIsFile() throws Exception {
     File notADir = tempFolder.newFile("not-a-dir");