ensure created certs have proper permissions

author: Andrew Cady <d@jerkface.net> 2016-05-01 00:15:54 -0400
committer: Andrew Cady <d@jerkface.net> 2016-05-01 00:16:03 -0400
commit: 1a03d33cb840b5484f5d3f0954e29643332d5993 (patch)
tree: 2e699a75662a31217fd136918b3616b352832264
parent: 3f29357ec3b42450a01ef58d20df1534bf126466 (diff)
1 files changed, 13 insertions, 2 deletions
diff --git a/acme-certify.hs b/acme-certify.hs
index 0215219..b246a66 100644
--- a/acme-certify.hs
+++ b/acme-certify.hs
@@ -409,8 +409,19 @@ saveCertificate :: X509 -> Maybe DHP -> Keys -> CertSpec -> X509 -> IO ()
 saveCertificate issuerCert dh domainKeys cs = saveBoth
  where
    saveBoth x509      = savePEM x509 >> saveCombined x509
-    saveCombined       = combinedCert issuerCert dh domainKeys >=> writeFile (domainCombinedFile cs)
+    saveCombined       = combinedCert issuerCert dh domainKeys >=> writePrivateFile (domainCombinedFile cs)
-    savePEM            = writeX509                             >=> writeFile (domainCertFile cs)
+    savePEM            = writeX509                             >=> writePrivateFile (domainCertFile cs)
+writePrivateFile :: FilePath -> String -> IO ()
+writePrivateFile fn content = do
+  touchFile fn
+  setPermissions fn privatePerms
+  writeFile fn content
+  where
+    privatePerms = emptyPermissions & setOwnerReadable True & setOwnerWritable True
+touchFile :: FilePath -> IO ()
+touchFile fn = writeFile fn ""
 domainDhFile :: CertSpec -> FilePath
 domainDhFile CertSpec{..} = csCertificateDir </> "dhparams.pem"
author	Andrew Cady <d@jerkface.net>	2016-05-01 00:15:54 -0400
committer	Andrew Cady <d@jerkface.net>	2016-05-01 00:16:03 -0400
commit	1a03d33cb840b5484f5d3f0954e29643332d5993 (patch)
tree	2e699a75662a31217fd136918b3616b352832264
parent	3f29357ec3b42450a01ef58d20df1534bf126466 (diff)

diff --git a/acme-certify.hs b/acme-certify.hs index 0215219..b246a66 100644 --- a/acme-certify.hs +++ b/acme-certify.hs
@@ -409,8 +409,19 @@ saveCertificate :: X509 -> Maybe DHP -> Keys -> CertSpec -> X509 -> IO ()
409	saveCertificate issuerCert dh domainKeys cs = saveBoth	409	saveCertificate issuerCert dh domainKeys cs = saveBoth
410	where	410	where
411	saveBoth x509 = savePEM x509 >> saveCombined x509	411	saveBoth x509 = savePEM x509 >> saveCombined x509
412	saveCombined = combinedCert issuerCert dh domainKeys >=> writeFile (domainCombinedFile cs)	412	saveCombined = combinedCert issuerCert dh domainKeys >=> writePrivateFile (domainCombinedFile cs)
413	savePEM = writeX509 >=> writeFile (domainCertFile cs)	413	savePEM = writeX509 >=> writePrivateFile (domainCertFile cs)
		414
		415	writePrivateFile :: FilePath -> String -> IO ()
		416	writePrivateFile fn content = do
		417	touchFile fn
		418	setPermissions fn privatePerms
		419	writeFile fn content
		420	where
		421	privatePerms = emptyPermissions & setOwnerReadable True & setOwnerWritable True
		422
		423	touchFile :: FilePath -> IO ()
		424	touchFile fn = writeFile fn ""
414		425
415	domainDhFile :: CertSpec -> FilePath	426	domainDhFile :: CertSpec -> FilePath
416	domainDhFile CertSpec{..} = csCertificateDir </> "dhparams.pem"	427	domainDhFile CertSpec{..} = csCertificateDir </> "dhparams.pem"