[dsfm-client]: change file permissions of keys and certificates.

IBM-Cloud · Jan 15, 2019 · 41c6ab5 · 41c6ab5
1 parent d86bf76
commit 41c6ab5
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/python/client.py b/python/client.py
@@ -17,6 +17,7 @@
 import json
 import logging
 import os
+import stat
 import shutil
 import signal
 import subprocess as sp
@@ -96,6 +97,12 @@ def write_openssl_cli_conf(self):
         with open(self.cli_conf, 'w') as f:
             f.write(self.openssl_cli_conf())
 
+    def update_cli_key_perms(self):
+        os.chmod(self.cli_key, stat.S_IRUSR | stat.S_IWUSR)
+
+    def update_cli_cert_perms(self):
+        os.chmod(self.cli_cert, stat.S_IRUSR | stat.S_IWUSR)
+
     def read_openssl_cli_req(self):
         cli_req = ''
         with open(self.cli_req, 'r') as f:
@@ -233,6 +240,7 @@ def create_ssl_key(self, ssl_cnf):
         try:
             ssl_cnf.write_openssl_cli_conf()
             ret,_,_ = call(ssl_cnf.openssl_generate_cli_keys_cmd())
+            ssl_cnf.update_cli_key_perms()
         except Exception:
             exc_type, exc_value, exc_traceback = sys.exc_info()
             traceback.print_exception(exc_type, exc_value, exc_traceback,
@@ -286,9 +294,12 @@ def configure_stunnel(self, ssl_cnf):
             # write ca cert
             with open(cli.ca_cert, 'w') as f:
                 f.write(self.ca_cert_string)
+            os.chmod(cli.ca_cert, stat.S_IRUSR | stat.S_IWUSR)
 
             # Client: written stunel conf and start stunnel
             cli.write_stunnel_cli_conf()
+            ssl_cnf.update_cli_cert_perms()
+
             cli_stunnel = sp.Popen('stunnel {}'.format(cli.cli_stunnel_conf), shell=True)
         except Exception:
             exc_type, exc_value, exc_traceback = sys.exc_info()