Commit 0d8d0ba5 authored by Xidorn Quan's avatar Xidorn Quan

letsencrypt: Fix perm of user key

parent 8655ea67
...@@ -25,6 +25,7 @@ func saveRSAPrivateKey(key *rsa.PrivateKey, file string) error { ...@@ -25,6 +25,7 @@ func saveRSAPrivateKey(key *rsa.PrivateKey, file string) error {
if err != nil { if err != nil {
return err return err
} }
keyOut.Chmod(0600)
defer keyOut.Close() defer keyOut.Close()
return pem.Encode(keyOut, &pemKey) return pem.Encode(keyOut, &pemKey)
} }
...@@ -6,6 +6,7 @@ import ( ...@@ -6,6 +6,7 @@ import (
"crypto/rsa" "crypto/rsa"
"crypto/x509" "crypto/x509"
"os" "os"
"runtime"
"testing" "testing"
) )
...@@ -28,13 +29,26 @@ func TestSaveAndLoadRSAPrivateKey(t *testing.T) { ...@@ -28,13 +29,26 @@ func TestSaveAndLoadRSAPrivateKey(t *testing.T) {
t.Fatal("error saving private key:", err) t.Fatal("error saving private key:", err)
} }
// it doesn't make sense to test file permission on windows
if runtime.GOOS != "windows" {
// get info of the key file
info, err := os.Stat(keyFile)
if err != nil {
t.Fatal("error stating private key:", err)
}
// verify permission of key file is correct
if info.Mode().Perm() != 0600 {
t.Error("Expected key file to have permission 0600, but it wasn't")
}
}
// test load // test load
loadedKey, err := loadRSAPrivateKey(keyFile) loadedKey, err := loadRSAPrivateKey(keyFile)
if err != nil { if err != nil {
t.Error("error loading private key:", err) t.Error("error loading private key:", err)
} }
// very loaded key is correct // verify loaded key is correct
if !rsaPrivateKeysSame(privateKey, loadedKey) { if !rsaPrivateKeysSame(privateKey, loadedKey) {
t.Error("Expected key bytes to be the same, but they weren't") t.Error("Expected key bytes to be the same, but they weren't")
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment