From 1a03d33cb840b5484f5d3f0954e29643332d5993 Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@jerkface.net>
Date: Sun, 1 May 2016 00:15:54 -0400
Subject: ensure created certs have proper permissions

---
 acme-certify.hs | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/acme-certify.hs b/acme-certify.hs
index 0215219..b246a66 100644
--- a/acme-certify.hs
+++ b/acme-certify.hs
@@ -409,8 +409,19 @@ saveCertificate :: X509 -> Maybe DHP -> Keys -> CertSpec -> X509 -> IO ()
 saveCertificate issuerCert dh domainKeys cs = saveBoth
   where
     saveBoth x509      = savePEM x509 >> saveCombined x509
-    saveCombined       = combinedCert issuerCert dh domainKeys >=> writeFile (domainCombinedFile cs)
-    savePEM            = writeX509                             >=> writeFile (domainCertFile cs)
+    saveCombined       = combinedCert issuerCert dh domainKeys >=> writePrivateFile (domainCombinedFile cs)
+    savePEM            = writeX509                             >=> writePrivateFile (domainCertFile cs)
+
+writePrivateFile :: FilePath -> String -> IO ()
+writePrivateFile fn content = do
+  touchFile fn
+  setPermissions fn privatePerms
+  writeFile fn content
+  where
+    privatePerms = emptyPermissions & setOwnerReadable True & setOwnerWritable True
+
+touchFile :: FilePath -> IO ()
+touchFile fn = writeFile fn ""
 
 domainDhFile :: CertSpec -> FilePath
 domainDhFile CertSpec{..} = csCertificateDir </> "dhparams.pem"
-- 
cgit v1.2.3