diff options
author | Galen Guyer <galen@galenguyer.com> | 2022-11-17 15:19:09 -0500 |
---|---|---|
committer | Galen Guyer <galen@galenguyer.com> | 2022-11-17 15:19:09 -0500 |
commit | 47b9c18aba5025ecf21ab669c69010552498f407 (patch) | |
tree | d7d00beab87e7cc559c584a15066c5980c8b3d67 | |
parent | 56d131c935422ac9b281c89b03836787535dc60f (diff) |
Set file permissions for all files created
-rw-r--r-- | src/lib/cert.rs | 7 | ||||
-rw-r--r-- | src/lib/path.rs | 4 | ||||
-rw-r--r-- | src/lib/pkey.rs | 7 | ||||
-rw-r--r-- | src/lib/req.rs | 7 |
4 files changed, 22 insertions, 3 deletions
diff --git a/src/lib/cert.rs b/src/lib/cert.rs index 007bfe6..3f6b4c0 100644 --- a/src/lib/cert.rs +++ b/src/lib/cert.rs @@ -6,7 +6,8 @@ use openssl::x509::extension::*; use openssl::x509::*; use crate::path; -use std::fs::{read, write}; +use std::fs::{read, write, File}; +use std::os::unix::prelude::PermissionsExt; pub fn generate_cert( lifetime_days: u32, @@ -96,6 +97,10 @@ pub fn generate_cert( pub fn save_cert(path: &str, cert: &X509) { path::ensure_dir(path); + let file = File::create(path).unwrap(); + let mut permissions = file.metadata().unwrap().permissions(); + permissions.set_mode(0o600); + std::fs::set_permissions(path, permissions).unwrap(); write(path, cert.to_pem().unwrap()).unwrap(); } diff --git a/src/lib/path.rs b/src/lib/path.rs index d77fd59..c14581e 100644 --- a/src/lib/path.rs +++ b/src/lib/path.rs @@ -2,6 +2,7 @@ use crate::KeyType; use path_absolutize::*; use shellexpand; use std::fs::create_dir_all; +use std::os::unix::fs::PermissionsExt; use std::path::Path; pub fn ca_pkey(base_dir: &str, key_type: KeyType) -> String { @@ -74,4 +75,7 @@ pub fn ensure_dir(path: &str) { }; create_dir_all(dir).unwrap(); + let mut permissions = std::fs::metadata(dir).unwrap().permissions(); + permissions.set_mode(0o700); + std::fs::set_permissions(dir, permissions).unwrap(); } diff --git a/src/lib/pkey.rs b/src/lib/pkey.rs index 41bb3e9..9f1ab28 100644 --- a/src/lib/pkey.rs +++ b/src/lib/pkey.rs @@ -5,7 +5,8 @@ use openssl::nid::Nid; use openssl::pkey::{PKey, Private}; use openssl::rsa::Rsa; use openssl::symm::Cipher; -use std::fs::{read, write}; +use std::fs::{read, write, File}; +use std::os::unix::fs::PermissionsExt; pub fn generate_pkey(key_type: KeyType) -> PKey<Private> { match key_type { @@ -31,6 +32,10 @@ pub fn save_pkey(path: &str, key: &PKey<Private>, password: Option<String>) { } None => key.private_key_to_pem_pkcs8().unwrap(), }; + let file = File::create(path).unwrap(); + let mut permissions = file.metadata().unwrap().permissions(); + permissions.set_mode(0o600); + std::fs::set_permissions(path, permissions).unwrap(); write(path, pem_encoded).unwrap(); } diff --git a/src/lib/req.rs b/src/lib/req.rs index 3e6a311..f97955c 100644 --- a/src/lib/req.rs +++ b/src/lib/req.rs @@ -5,8 +5,9 @@ use openssl::stack::Stack; use openssl::x509::extension::SubjectAlternativeName; use openssl::x509::{X509Name, X509Req}; -use std::fs::{read, write}; +use std::fs::{read, write, File}; use std::net::IpAddr; +use std::os::unix::fs::PermissionsExt; use std::str::FromStr; use crate::path; @@ -102,6 +103,10 @@ pub fn generate_req( pub fn save_req(path: &str, req: &X509Req) { println!("{}", path); path::ensure_dir(path); + let file = File::create(path).unwrap(); + let mut permissions = file.metadata().unwrap().permissions(); + permissions.set_mode(0o600); + std::fs::set_permissions(path, permissions).unwrap(); write(path, req.to_pem().unwrap()).unwrap(); } |