Create crypto tool output streams with RW permissions for owner only

author: Tor Brede Vekterli <vekterli@yahooinc.com> 2023-05-02 16:38:32 +0200
committer: Tor Brede Vekterli <vekterli@yahooinc.com> 2023-05-02 16:38:32 +0200
commit: 9efc6df01c94971e9254affd2800f04b4dd0cb68 (patch)
tree: 301773eb31a2031d02eb2ef66e55a09f8c432e60 /vespaclient-java/src/test/java/com
parent: e23486dfb4adaf88242053c9ce27acdc2beeb6ff (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java b/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java
index f55278342e1..05d7e8c9511 100644
--- a/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java
+++ b/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java
@@ -64,6 +64,12 @@ public class CryptoToolsTest {
         Files.writeString(keyPath, contents);
     }
 
+    private static void assertOnlyFileOwnerHasAccessRights(Path file) throws IOException {
+        var actualFilePerms = Files.getPosixFilePermissions(file);
+        var expectedPerms   = PosixFilePermissions.fromString("rw-------");
+        assertEquals(expectedPerms, actualFilePerms);
+    }
+
     @Test
     void top_level_help_page_printed_if_help_option_given() throws IOException {
         verifyStdoutMatchesFile(List.of("--help"), "expected-help-output.txt");
@@ -180,9 +186,7 @@ public class CryptoToolsTest {
                                       "--private-out-file", absPathOf(privKeyFile),
                                       "--public-out-file",  absPathOf(pubKeyFile)));
         assertEquals(0, procOut.exitCode());
-        var privKeyPerms  = Files.getPosixFilePermissions(privKeyFile);
-        var expectedPerms = PosixFilePermissions.fromString("rw-------");
-        assertEquals(expectedPerms, privKeyPerms);
+        assertOnlyFileOwnerHasAccessRights(privKeyFile);
     }
 
     private static final String TEST_PRIV_KEY     = "GFg54SaGNCmcSGufZCx68SKLGuAFrASoDeMk3t5AjU6L";
@@ -381,6 +385,7 @@ public class CryptoToolsTest {
         assertEquals("", procOut.stdErr());
 
         assertEquals(greatSecret, Files.readString(decryptedPath));
+        assertOnlyFileOwnerHasAccessRights(decryptedPath);
     }
 
     @Test
author	Tor Brede Vekterli <vekterli@yahooinc.com>	2023-05-02 16:38:32 +0200
committer	Tor Brede Vekterli <vekterli@yahooinc.com>	2023-05-02 16:38:32 +0200
commit	9efc6df01c94971e9254affd2800f04b4dd0cb68 (patch)
tree	301773eb31a2031d02eb2ef66e55a09f8c432e60 /vespaclient-java/src/test/java/com
parent	e23486dfb4adaf88242053c9ce27acdc2beeb6ff (diff)