From 9efc6df01c94971e9254affd2800f04b4dd0cb68 Mon Sep 17 00:00:00 2001
From: Tor Brede Vekterli <vekterli@yahooinc.com>
Date: Tue, 2 May 2023 16:38:32 +0200
Subject: Create crypto tool output streams with RW permissions for owner only

---
 .../src/main/java/com/yahoo/vespa/security/tool/CliUtils.java       | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'vespaclient-java/src/main/java/com/yahoo')

diff --git a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/CliUtils.java b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/CliUtils.java
index a60c3647b41..b09ae17cd77 100644
--- a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/CliUtils.java
+++ b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/CliUtils.java
@@ -8,6 +8,7 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.nio.file.Files;
 import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFilePermissions;
 
 /**
  * @author vekterli
@@ -43,7 +44,10 @@ public class CliUtils {
             return stdOut;
         } else {
             // TODO fail if file already exists?
-            return Files.newOutputStream(Paths.get(pathOrDash));
+            var privFilePerms = PosixFilePermissions.fromString("rw-------");
+            var outPath = Paths.get(pathOrDash);
+            Files.createFile(outPath, PosixFilePermissions.asFileAttribute(privFilePerms));
+            return Files.newOutputStream(outPath);
         }
     }
 
-- 
cgit v1.2.3