mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: b4d63bc8 | patch | commit | show whitespace
jvergara
26.06.2008 b0254b5903aae25708c349860bc56ee6026a8218 
Fix for issue 3481 (password file generated by setup/quicksetup for LDAPS can have read access for everybody)

The keystore.pin now has permissions 640.
2 files modified
22 ■■■■■ changed files
opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java 10 ●●●● patch | view | raw | blame | history
opends/src/quicksetup/org/opends/quicksetup/util/Utils.java 12 ●●●● patch | view | raw | blame | history 
 opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java


@@ -1032,7 +1032,7 @@


            pwd);


        trustManager.addCertificate(SELF_SIGNED_CERT_ALIAS,


            new File(getTemporaryCertificatePath()));


        createFile(getKeystorePinPath(), pwd);


        createProtectedFile(getKeystorePinPath(), pwd);


        f = new File(getTemporaryCertificatePath());


        f.delete();




@@ -1051,7 +1051,7 @@


            sec.getKeystorePassword());


        trustManager.addCertificate(sec.getAliasToUse(),


            new File(getTemporaryCertificatePath()));


        createFile(getKeystorePinPath(), sec.getKeystorePassword());


        createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());


        f = new File(getTemporaryCertificatePath());


        f.delete();


        break;


@@ -1069,7 +1069,7 @@


            sec.getKeystorePassword());


        trustManager.addCertificate(sec.getAliasToUse(),


            new File(getTemporaryCertificatePath()));


        createFile(getKeystorePinPath(), sec.getKeystorePassword());


        createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());


        f = new File(getTemporaryCertificatePath());


        f.delete();


        break;


@@ -1087,7 +1087,7 @@


            sec.getKeystorePassword());


        trustManager.addCertificate(sec.getAliasToUse(),


            new File(getTemporaryCertificatePath()));


        createFile(getKeystorePinPath(), sec.getKeystorePassword());


        createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());


        f = new File(getTemporaryCertificatePath());


        f.delete();


        break;


@@ -1105,7 +1105,7 @@


            sec.getKeystorePassword());


        trustManager.addCertificate(sec.getAliasToUse(),


            new File(getTemporaryCertificatePath()));


        createFile(getKeystorePinPath(), sec.getKeystorePassword());


        createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());


        break;


      default:


        throw new IllegalStateException("Unknown certificate type: "+certType);




 opends/src/quicksetup/org/opends/quicksetup/util/Utils.java


@@ -634,12 +634,15 @@




  /**


   * Creates a file on the specified path with the contents of the provided


   * String.


   * String.  The file is protected, so that 'others' have no access to it.


   * @param path the path where the file will be created.


   * @param content the String with the contents of the file.


   * @throws IOException if something goes wrong.


   * @throws InterruptedException if there is a problem changing the permissions


   * of the file.


   */


  public static void createFile(String path, String content) throws IOException


  public static void createProtectedFile(String path, String content)


  throws IOException, InterruptedException


  {


    FileWriter file = new FileWriter(path);


    PrintWriter out = new PrintWriter(file);


@@ -648,6 +651,11 @@




    out.flush();


    out.close();




    if (!isWindows())


    {


      setPermissionsUnix(path, "640");


    }


  }




  /**