Author: rgodfrey
Date: Mon Nov 24 21:13:31 2014
New Revision: 1641474
URL: http://svn.apache.org/r1641474
Log:
QPID-6242 : Ensure created directory has sufficient permissions to create a
file for AES key
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java?rev=1641474&r1=1641473&r2=1641474&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
Mon Nov 24 21:13:31 2014
@@ -26,9 +26,25 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
-import java.nio.file.attribute.*;
+import java.nio.file.attribute.AclEntry;
+import java.nio.file.attribute.AclEntryPermission;
+import java.nio.file.attribute.AclEntryType;
+import java.nio.file.attribute.AclFileAttributeView;
+import java.nio.file.attribute.FileAttribute;
+import java.nio.file.attribute.PosixFileAttributeView;
+import java.nio.file.attribute.PosixFilePermission;
+import java.nio.file.attribute.PosixFilePermissions;
+import java.nio.file.attribute.UserPrincipal;
import java.security.NoSuchAlgorithmException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.EnumSet;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.ListIterator;
+import java.util.Map;
+import java.util.Set;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
@@ -262,7 +278,8 @@ public class AESKeyFileEncrypterFactory
final UserPrincipal owner = Files.getOwner(parentFilePath);
AclFileAttributeView attributeView =
Files.getFileAttributeView(parentFilePath, AclFileAttributeView.class);
List<AclEntry> acls = new ArrayList<>(attributeView.getAcl());
- Iterator<AclEntry> iter = acls.iterator();
+ ListIterator<AclEntry> iter = acls.listIterator();
+ boolean found = false;
while(iter.hasNext())
{
AclEntry acl = iter.next();
@@ -270,6 +287,23 @@ public class AESKeyFileEncrypterFactory
{
iter.remove();
}
+ else if(acl.type() == AclEntryType.ALLOW)
+ {
+ found = true;
+ AclEntry.Builder builder = AclEntry.newBuilder(acl);
+ Set<AclEntryPermission> permissions =
EnumSet.copyOf(acl.permissions());
+
permissions.addAll(Arrays.asList(AclEntryPermission.ADD_FILE,
AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.LIST_DIRECTORY));
+ builder.setPermissions(permissions);
+ iter.set(builder.build());
+ }
+ }
+ if(!found)
+ {
+ AclEntry.Builder builder = AclEntry.newBuilder();
+ builder.setPermissions(AclEntryPermission.ADD_FILE,
AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.LIST_DIRECTORY);
+ builder.setType(AclEntryType.ALLOW);
+ builder.setPrincipal(owner);
+ acls.add(builder.build());
}
attributeView.setAcl(acls);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
