diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-05-02 16:38:32 +0200 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-05-02 16:38:32 +0200 |
commit | 9efc6df01c94971e9254affd2800f04b4dd0cb68 (patch) | |
tree | 301773eb31a2031d02eb2ef66e55a09f8c432e60 /vespaclient-java | |
parent | e23486dfb4adaf88242053c9ce27acdc2beeb6ff (diff) |
Create crypto tool output streams with RW permissions for owner only
Diffstat (limited to 'vespaclient-java')
-rw-r--r-- | vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/CliUtils.java | 6 | ||||
-rw-r--r-- | vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java | 11 |
2 files changed, 13 insertions, 4 deletions
diff --git a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/CliUtils.java b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/CliUtils.java index a60c3647b41..b09ae17cd77 100644 --- a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/CliUtils.java +++ b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/CliUtils.java @@ -8,6 +8,7 @@ import java.io.InputStream; import java.io.OutputStream; import java.nio.file.Files; import java.nio.file.Paths; +import java.nio.file.attribute.PosixFilePermissions; /** * @author vekterli @@ -43,7 +44,10 @@ public class CliUtils { return stdOut; } else { // TODO fail if file already exists? - return Files.newOutputStream(Paths.get(pathOrDash)); + var privFilePerms = PosixFilePermissions.fromString("rw-------"); + var outPath = Paths.get(pathOrDash); + Files.createFile(outPath, PosixFilePermissions.asFileAttribute(privFilePerms)); + return Files.newOutputStream(outPath); } } diff --git a/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java b/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java index f55278342e1..05d7e8c9511 100644 --- a/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java +++ b/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java @@ -64,6 +64,12 @@ public class CryptoToolsTest { Files.writeString(keyPath, contents); } + private static void assertOnlyFileOwnerHasAccessRights(Path file) throws IOException { + var actualFilePerms = Files.getPosixFilePermissions(file); + var expectedPerms = PosixFilePermissions.fromString("rw-------"); + assertEquals(expectedPerms, actualFilePerms); + } + @Test void top_level_help_page_printed_if_help_option_given() throws IOException { verifyStdoutMatchesFile(List.of("--help"), "expected-help-output.txt"); @@ -180,9 +186,7 @@ public class CryptoToolsTest { "--private-out-file", absPathOf(privKeyFile), "--public-out-file", absPathOf(pubKeyFile))); assertEquals(0, procOut.exitCode()); - var privKeyPerms = Files.getPosixFilePermissions(privKeyFile); - var expectedPerms = PosixFilePermissions.fromString("rw-------"); - assertEquals(expectedPerms, privKeyPerms); + assertOnlyFileOwnerHasAccessRights(privKeyFile); } private static final String TEST_PRIV_KEY = "GFg54SaGNCmcSGufZCx68SKLGuAFrASoDeMk3t5AjU6L"; @@ -381,6 +385,7 @@ public class CryptoToolsTest { assertEquals("", procOut.stdErr()); assertEquals(greatSecret, Files.readString(decryptedPath)); + assertOnlyFileOwnerHasAccessRights(decryptedPath); } @Test |