Mercurial > hg > release > thermostat-1.6

changeset 1751:bdde8b47dd93

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Create credential files with permissions mode 600 Reviewed-by: aazores, omajid, jerboaa Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2015-August/015284.html PR2581
author Severin Gehwolf <sgehwolf@redhat.com>
date Wed, 02 Sep 2015 14:37:13 +0200
parents aa3934b1f7d1
children ec2678a35b0f
files distribution/pom.xml setup-command/command/src/main/java/com/redhat/thermostat/setup/command/internal/ThermostatSetupImpl.java setup-command/command/src/test/java/com/redhat/thermostat/setup/command/internal/ThermostatSetupImplTest.java
diffstat 3 files changed, 60 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/distribution/pom.xml	Fri Aug 14 12:15:56 2015 -0400
+++ b/distribution/pom.xml	Wed Sep 02 14:37:13 2015 +0200
@@ -253,6 +253,10 @@
               <target>
                 <chmod file="${project.build.directory}/image/bin/*" perm="755" />
                 <chmod file="${project.build.directory}/tools/*" perm="755" />
+                <chmod file="${project.build.directory}/image/etc/thermostat-roles.properties" perm="600" />
+                <chmod file="${project.build.directory}/image/etc/thermostat-users.properties" perm="600" />
+                <chmod file="${project.build.directory}/image/etc/web.auth" perm="600" />
+                <chmod file="${project.build.directory}/image/etc/agent.auth" perm="600" />
               </target>
             </configuration>
             <goals>
--- a/setup-command/command/src/main/java/com/redhat/thermostat/setup/command/internal/ThermostatSetupImpl.java	Fri Aug 14 12:15:56 2015 -0400
+++ b/setup-command/command/src/main/java/com/redhat/thermostat/setup/command/internal/ThermostatSetupImpl.java	Wed Sep 02 14:37:13 2015 +0200
@@ -56,13 +56,17 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFilePermission;
+import java.nio.file.attribute.PosixFilePermissions;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Date;
+import java.util.EnumSet;
 import java.util.List;
 import java.util.Arrays;
 import java.util.Properties;
+import java.util.Set;
 
 
 public class ThermostatSetupImpl implements ThermostatSetup {
@@ -76,18 +80,22 @@
     private static final Translate<LocaleResources> translator = LocaleResources.createLocalizer();
     private static final String[] STORAGE_START_ARGS = {"storage", "--start", "--permitLocalhostException"};
     private static final String[] STORAGE_STOP_ARGS = {"storage", "--stop"};
+    private static final Set<PosixFilePermission> credFilePermissions = EnumSet.of(
+            PosixFilePermission.OWNER_READ,
+            PosixFilePermission.OWNER_WRITE
+    );
 
     private static boolean storageFailed = false;
     private List<ActionListener<ApplicationState>> listeners;
     private String setupTmpUnlockContent;
     private String webApp;
     private String setupUnlockContentRegular;
-    private String userAgentAuth;
     private String userDoneFile;
     private String createUserScript;
     private PrintStream out;
     private CredentialFinder finder;
     private File setupCompleteFile;
+    private File agentAuthFile;
     private Launcher launcher;
     private Properties roleProps;
 
@@ -115,10 +123,10 @@
     private void setThermostatVars(CommonPaths paths) {
         //set thermostat environment
         createUserScript = paths.getSystemThermostatHome().toString() + "/lib/create-user.js";
-        userAgentAuth = paths.getUserAgentAuthConfigFile().toString();
         userDoneFile = paths.getUserThermostatHome().toString() + "/data/mongodb-user-done.stamp";
         webApp = paths.getSystemThermostatHome() + "/webapp";
         String setupCompletePath = paths.getUserThermostatHome().toString() + "/data/setup-complete.stamp";
+        agentAuthFile = paths.getUserAgentAuthConfigFile();
         setupCompleteFile = new File(setupCompletePath);
 
         //set stamp complete vars
@@ -130,6 +138,14 @@
         setupUnlockContentRegular = "Created by " + programName + " on " + timestamp;
     }
 
+    //package-private for testing
+    void createCredentialFile(File file) throws IOException {
+        if (!file.exists()) {
+            //create file and set file permissions to 600
+            Files.createFile(file.toPath(), PosixFilePermissions.asFileAttribute(credFilePermissions));
+        }
+    }
+
     @Override
     public void createMongodbUser(String username, char[] password) throws MongodbUserSetupException {
         try {
@@ -196,14 +212,12 @@
 
     private void writeStorageCredentialsFile(String username, char[] password) throws MongodbUserSetupException {
         try {
-            File credentialsFile = finder.getConfiguration(WEB_AUTH_FILE);
             Properties credentialProps = new Properties();
             credentialProps.setProperty("storage.username", username);
             credentialProps.setProperty("storage.password", String.valueOf(password));
+            File credentialsFile = finder.getConfiguration(WEB_AUTH_FILE);
+            createCredentialFile(credentialsFile);
             credentialProps.store(new FileOutputStream(credentialsFile), "Storage Credentials");
-
-            credentialsFile.setReadable(true, false);
-            credentialsFile.setWritable(true, true);
         } catch (IOException e) {
             throw new MongodbUserSetupException("Storing credentials to file " + WEB_AUTH_FILE + " failed!", e);
         }
@@ -228,7 +242,9 @@
 
     private void createClientUser(String username, char[] password, String[] roles) throws IOException {
         Properties userProps = new Properties();
-        FileOutputStream userStream = new FileOutputStream(finder.getConfiguration(USERS_PROPERTIES), true);
+        File userPropsFile = finder.getConfiguration(USERS_PROPERTIES);
+        createCredentialFile(userPropsFile);
+        FileOutputStream userStream = new FileOutputStream(userPropsFile, true);
         userProps.setProperty(username, String.valueOf(password));
         userProps.store(userStream, "Client User");
 
@@ -256,19 +272,24 @@
         setRoleProperty(THERMOSTAT_CLIENT, clientRoles);
         setRoleProperty(THERMOSTAT_CMDC, cmdcRoles);
 
-        FileOutputStream roleStream = new FileOutputStream(finder.getConfiguration(ROLES_PROPERTIES), true);
+        File rolePropsFile = finder.getConfiguration(ROLES_PROPERTIES);
+        createCredentialFile(rolePropsFile);
+        FileOutputStream roleStream = new FileOutputStream(rolePropsFile, true);
         roleProps.store(new PropertiesWriter(roleStream), "Thermostat Client Roles");
     }
 
     private void createAgentUser(String username, char[] password, String[] roles) throws IOException {
         Properties userProps = new Properties();
-        FileOutputStream userStream = new FileOutputStream(finder.getConfiguration(USERS_PROPERTIES), true);
+        File userPropsFile = finder.getConfiguration(USERS_PROPERTIES);
+        createCredentialFile(userPropsFile);
+        FileOutputStream userStream = new FileOutputStream(userPropsFile, true);
         userProps.setProperty(username, String.valueOf(password));
         userProps.store(userStream, "Agent User");
 
         //set agent credentials
         Properties agentProps = new Properties();
-        FileOutputStream agentAuthStream = new FileOutputStream(new File(userAgentAuth));
+        createCredentialFile(agentAuthFile);
+        FileOutputStream agentAuthStream = new FileOutputStream(agentAuthFile);
         agentProps.setProperty("username", username);
         agentProps.setProperty("password", String.valueOf(password));
         agentProps.store(agentAuthStream, "Agent Credentials");
@@ -282,7 +303,9 @@
         };
         setRoleProperty(username, agentUserRoles);
         setRoleProperty(THERMOSTAT_AGENT, agentRoles);
-        FileOutputStream roleStream = new FileOutputStream(finder.getConfiguration(ROLES_PROPERTIES), true);
+        File rolePropsFile = finder.getConfiguration(ROLES_PROPERTIES);
+        createCredentialFile(rolePropsFile);
+        FileOutputStream roleStream = new FileOutputStream(rolePropsFile, true);
         roleProps.store(new PropertiesWriter(roleStream), "Thermostat Agent Roles");
     }
 
--- a/setup-command/command/src/test/java/com/redhat/thermostat/setup/command/internal/ThermostatSetupImplTest.java	Fri Aug 14 12:15:56 2015 -0400
+++ b/setup-command/command/src/test/java/com/redhat/thermostat/setup/command/internal/ThermostatSetupImplTest.java	Wed Sep 02 14:37:13 2015 +0200
@@ -450,4 +450,26 @@
 
         assertTrue(Arrays.asList(roles).containsAll(Arrays.asList(loadedRoles)));
     }
+
+    @Test
+    public void testCrendentialFileCreatedIfNotExists() throws IOException {
+        File agentAuthFile = mock(File.class);
+        when(agentAuthFile.exists()).thenReturn(false);
+        when(agentAuthFile.toPath()).thenReturn(userAgentAuth);
+
+        tSetup.createCredentialFile(agentAuthFile);
+
+        assertTrue(userAgentAuth.toFile().exists());
+    }
+
+    @Test
+    public void testCrendentialFileNotCreatedIfAlreadyExists() throws IOException {
+        File agentAuthFile = mock(File.class);
+        when(agentAuthFile.exists()).thenReturn(true);
+        when(agentAuthFile.toPath()).thenReturn(userAgentAuth);
+
+        tSetup.createCredentialFile(agentAuthFile);
+
+        assertFalse(userAgentAuth.toFile().exists());
+    }
 }