Mercurial > hg > release > thermostat-1.6
changeset 1751:bdde8b47dd93
Create credential files with permissions mode 600
Reviewed-by: aazores, omajid, jerboaa
Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2015-August/015284.html
PR2581
author | Severin Gehwolf <sgehwolf@redhat.com> |
---|---|
date | Wed, 02 Sep 2015 14:37:13 +0200 |
parents | aa3934b1f7d1 |
children | ec2678a35b0f |
files | distribution/pom.xml setup-command/command/src/main/java/com/redhat/thermostat/setup/command/internal/ThermostatSetupImpl.java setup-command/command/src/test/java/com/redhat/thermostat/setup/command/internal/ThermostatSetupImplTest.java |
diffstat | 3 files changed, 60 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/distribution/pom.xml Fri Aug 14 12:15:56 2015 -0400 +++ b/distribution/pom.xml Wed Sep 02 14:37:13 2015 +0200 @@ -253,6 +253,10 @@ <target> <chmod file="${project.build.directory}/image/bin/*" perm="755" /> <chmod file="${project.build.directory}/tools/*" perm="755" /> + <chmod file="${project.build.directory}/image/etc/thermostat-roles.properties" perm="600" /> + <chmod file="${project.build.directory}/image/etc/thermostat-users.properties" perm="600" /> + <chmod file="${project.build.directory}/image/etc/web.auth" perm="600" /> + <chmod file="${project.build.directory}/image/etc/agent.auth" perm="600" /> </target> </configuration> <goals>
--- a/setup-command/command/src/main/java/com/redhat/thermostat/setup/command/internal/ThermostatSetupImpl.java Fri Aug 14 12:15:56 2015 -0400 +++ b/setup-command/command/src/main/java/com/redhat/thermostat/setup/command/internal/ThermostatSetupImpl.java Wed Sep 02 14:37:13 2015 +0200 @@ -56,13 +56,17 @@ import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.nio.file.attribute.PosixFilePermission; +import java.nio.file.attribute.PosixFilePermissions; import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Date; +import java.util.EnumSet; import java.util.List; import java.util.Arrays; import java.util.Properties; +import java.util.Set; public class ThermostatSetupImpl implements ThermostatSetup { @@ -76,18 +80,22 @@ private static final Translate<LocaleResources> translator = LocaleResources.createLocalizer(); private static final String[] STORAGE_START_ARGS = {"storage", "--start", "--permitLocalhostException"}; private static final String[] STORAGE_STOP_ARGS = {"storage", "--stop"}; + private static final Set<PosixFilePermission> credFilePermissions = EnumSet.of( + PosixFilePermission.OWNER_READ, + PosixFilePermission.OWNER_WRITE + ); private static boolean storageFailed = false; private List<ActionListener<ApplicationState>> listeners; private String setupTmpUnlockContent; private String webApp; private String setupUnlockContentRegular; - private String userAgentAuth; private String userDoneFile; private String createUserScript; private PrintStream out; private CredentialFinder finder; private File setupCompleteFile; + private File agentAuthFile; private Launcher launcher; private Properties roleProps; @@ -115,10 +123,10 @@ private void setThermostatVars(CommonPaths paths) { //set thermostat environment createUserScript = paths.getSystemThermostatHome().toString() + "/lib/create-user.js"; - userAgentAuth = paths.getUserAgentAuthConfigFile().toString(); userDoneFile = paths.getUserThermostatHome().toString() + "/data/mongodb-user-done.stamp"; webApp = paths.getSystemThermostatHome() + "/webapp"; String setupCompletePath = paths.getUserThermostatHome().toString() + "/data/setup-complete.stamp"; + agentAuthFile = paths.getUserAgentAuthConfigFile(); setupCompleteFile = new File(setupCompletePath); //set stamp complete vars @@ -130,6 +138,14 @@ setupUnlockContentRegular = "Created by " + programName + " on " + timestamp; } + //package-private for testing + void createCredentialFile(File file) throws IOException { + if (!file.exists()) { + //create file and set file permissions to 600 + Files.createFile(file.toPath(), PosixFilePermissions.asFileAttribute(credFilePermissions)); + } + } + @Override public void createMongodbUser(String username, char[] password) throws MongodbUserSetupException { try { @@ -196,14 +212,12 @@ private void writeStorageCredentialsFile(String username, char[] password) throws MongodbUserSetupException { try { - File credentialsFile = finder.getConfiguration(WEB_AUTH_FILE); Properties credentialProps = new Properties(); credentialProps.setProperty("storage.username", username); credentialProps.setProperty("storage.password", String.valueOf(password)); + File credentialsFile = finder.getConfiguration(WEB_AUTH_FILE); + createCredentialFile(credentialsFile); credentialProps.store(new FileOutputStream(credentialsFile), "Storage Credentials"); - - credentialsFile.setReadable(true, false); - credentialsFile.setWritable(true, true); } catch (IOException e) { throw new MongodbUserSetupException("Storing credentials to file " + WEB_AUTH_FILE + " failed!", e); } @@ -228,7 +242,9 @@ private void createClientUser(String username, char[] password, String[] roles) throws IOException { Properties userProps = new Properties(); - FileOutputStream userStream = new FileOutputStream(finder.getConfiguration(USERS_PROPERTIES), true); + File userPropsFile = finder.getConfiguration(USERS_PROPERTIES); + createCredentialFile(userPropsFile); + FileOutputStream userStream = new FileOutputStream(userPropsFile, true); userProps.setProperty(username, String.valueOf(password)); userProps.store(userStream, "Client User"); @@ -256,19 +272,24 @@ setRoleProperty(THERMOSTAT_CLIENT, clientRoles); setRoleProperty(THERMOSTAT_CMDC, cmdcRoles); - FileOutputStream roleStream = new FileOutputStream(finder.getConfiguration(ROLES_PROPERTIES), true); + File rolePropsFile = finder.getConfiguration(ROLES_PROPERTIES); + createCredentialFile(rolePropsFile); + FileOutputStream roleStream = new FileOutputStream(rolePropsFile, true); roleProps.store(new PropertiesWriter(roleStream), "Thermostat Client Roles"); } private void createAgentUser(String username, char[] password, String[] roles) throws IOException { Properties userProps = new Properties(); - FileOutputStream userStream = new FileOutputStream(finder.getConfiguration(USERS_PROPERTIES), true); + File userPropsFile = finder.getConfiguration(USERS_PROPERTIES); + createCredentialFile(userPropsFile); + FileOutputStream userStream = new FileOutputStream(userPropsFile, true); userProps.setProperty(username, String.valueOf(password)); userProps.store(userStream, "Agent User"); //set agent credentials Properties agentProps = new Properties(); - FileOutputStream agentAuthStream = new FileOutputStream(new File(userAgentAuth)); + createCredentialFile(agentAuthFile); + FileOutputStream agentAuthStream = new FileOutputStream(agentAuthFile); agentProps.setProperty("username", username); agentProps.setProperty("password", String.valueOf(password)); agentProps.store(agentAuthStream, "Agent Credentials"); @@ -282,7 +303,9 @@ }; setRoleProperty(username, agentUserRoles); setRoleProperty(THERMOSTAT_AGENT, agentRoles); - FileOutputStream roleStream = new FileOutputStream(finder.getConfiguration(ROLES_PROPERTIES), true); + File rolePropsFile = finder.getConfiguration(ROLES_PROPERTIES); + createCredentialFile(rolePropsFile); + FileOutputStream roleStream = new FileOutputStream(rolePropsFile, true); roleProps.store(new PropertiesWriter(roleStream), "Thermostat Agent Roles"); }
--- a/setup-command/command/src/test/java/com/redhat/thermostat/setup/command/internal/ThermostatSetupImplTest.java Fri Aug 14 12:15:56 2015 -0400 +++ b/setup-command/command/src/test/java/com/redhat/thermostat/setup/command/internal/ThermostatSetupImplTest.java Wed Sep 02 14:37:13 2015 +0200 @@ -450,4 +450,26 @@ assertTrue(Arrays.asList(roles).containsAll(Arrays.asList(loadedRoles))); } + + @Test + public void testCrendentialFileCreatedIfNotExists() throws IOException { + File agentAuthFile = mock(File.class); + when(agentAuthFile.exists()).thenReturn(false); + when(agentAuthFile.toPath()).thenReturn(userAgentAuth); + + tSetup.createCredentialFile(agentAuthFile); + + assertTrue(userAgentAuth.toFile().exists()); + } + + @Test + public void testCrendentialFileNotCreatedIfAlreadyExists() throws IOException { + File agentAuthFile = mock(File.class); + when(agentAuthFile.exists()).thenReturn(true); + when(agentAuthFile.toPath()).thenReturn(userAgentAuth); + + tSetup.createCredentialFile(agentAuthFile); + + assertFalse(userAgentAuth.toFile().exists()); + } }