letsencrypt: Fix perm of user key

0d8d0ba5 · Xidorn Quan · 8655ea67 · 0d8d0ba5 · 0d8d0ba5
Commit 0d8d0ba5 authored Jan 16, 2016 by Xidorn Quan
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 1 deletion

caddy/letsencrypt/crypto.go caddy/letsencrypt/crypto.go +1 -0

caddy/letsencrypt/crypto_test.go caddy/letsencrypt/crypto_test.go +15 -1

No files found.
--- a/caddy/letsencrypt/crypto.go
+++ b/caddy/letsencrypt/crypto.go
@@ -25,6 +25,7 @@ func saveRSAPrivateKey(key *rsa.PrivateKey, file string) error {
 	if err != nil {
 		return err
 	}
+	keyOut.Chmod(0600)
 	defer keyOut.Close()
 	return pem.Encode(keyOut, &pemKey)
 }
--- a/caddy/letsencrypt/crypto_test.go
+++ b/caddy/letsencrypt/crypto_test.go
@@ -6,6 +6,7 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"os"
+	"runtime"
 	"testing"
 )

@@ -28,13 +29,26 @@ func TestSaveAndLoadRSAPrivateKey(t *testing.T) {
 		t.Fatal("error saving private key:", err)
 	}

+	// it doesn't make sense to test file permission on windows
+	if runtime.GOOS != "windows" {
+		// get info of the key file
+		info, err := os.Stat(keyFile)
+		if err != nil {
+			t.Fatal("error stating private key:", err)
+		}
+		// verify permission of key file is correct
+		if info.Mode().Perm() != 0600 {
+			t.Error("Expected key file to have permission 0600, but it wasn't")
+		}
+	}
+
 	// test load
 	loadedKey, err := loadRSAPrivateKey(keyFile)
 	if err != nil {
 		t.Error("error loading private key:", err)
 	}

-	// very loaded key is correct
+	// verify loaded key is correct
 	if !rsaPrivateKeysSame(privateKey, loadedKey) {
 		t.Error("Expected key bytes to be the same, but they weren't")
 	}