From 512a63f593242774e521d2e67d899c5920173edd Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Wed, 26 Nov 2008 12:06:20 +0000
Subject: [PATCH] Fix for issue 3481 (password file generated by setup/quicksetup for LDAPS can have read access for everybody)
---
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java | 10 +++++-----
opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/util/Utils.java | 12 ++++++++++--
2 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java
index 0e275ce..6b468d2 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java
@@ -1032,7 +1032,7 @@
pwd);
trustManager.addCertificate(SELF_SIGNED_CERT_ALIAS,
new File(getTemporaryCertificatePath()));
- createFile(getKeystorePinPath(), pwd);
+ createProtectedFile(getKeystorePinPath(), pwd);
f = new File(getTemporaryCertificatePath());
f.delete();
@@ -1051,7 +1051,7 @@
sec.getKeystorePassword());
trustManager.addCertificate(sec.getAliasToUse(),
new File(getTemporaryCertificatePath()));
- createFile(getKeystorePinPath(), sec.getKeystorePassword());
+ createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
f = new File(getTemporaryCertificatePath());
f.delete();
break;
@@ -1069,7 +1069,7 @@
sec.getKeystorePassword());
trustManager.addCertificate(sec.getAliasToUse(),
new File(getTemporaryCertificatePath()));
- createFile(getKeystorePinPath(), sec.getKeystorePassword());
+ createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
f = new File(getTemporaryCertificatePath());
f.delete();
break;
@@ -1087,7 +1087,7 @@
sec.getKeystorePassword());
trustManager.addCertificate(sec.getAliasToUse(),
new File(getTemporaryCertificatePath()));
- createFile(getKeystorePinPath(), sec.getKeystorePassword());
+ createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
f = new File(getTemporaryCertificatePath());
f.delete();
break;
@@ -1105,7 +1105,7 @@
sec.getKeystorePassword());
trustManager.addCertificate(sec.getAliasToUse(),
new File(getTemporaryCertificatePath()));
- createFile(getKeystorePinPath(), sec.getKeystorePassword());
+ createProtectedFile(getKeystorePinPath(), sec.getKeystorePassword());
break;
default:
throw new IllegalStateException("Unknown certificate type: "+certType);
diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/util/Utils.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/util/Utils.java
index dfea9b8..0d47414 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/util/Utils.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/util/Utils.java
@@ -634,12 +634,15 @@
/**
* Creates a file on the specified path with the contents of the provided
- * String.
+ * String. The file is protected, so that 'others' have no access to it.
* @param path the path where the file will be created.
* @param content the String with the contents of the file.
* @throws IOException if something goes wrong.
+ * @throws InterruptedException if there is a problem changing the permissions
+ * of the file.
*/
- public static void createFile(String path, String content) throws IOException
+ public static void createProtectedFile(String path, String content)
+ throws IOException, InterruptedException
{
FileWriter file = new FileWriter(path);
PrintWriter out = new PrintWriter(file);
@@ -648,6 +651,11 @@
out.flush();
out.close();
+
+ if (!isWindows())
+ {
+ setPermissionsUnix(path, "640");
+ }
}
/**
--
Gitblit v1.10.0