From 41c6ab5ee6c53b773e76044d8ebfb26e6900ea14 Mon Sep 17 00:00:00 2001
From: Nikolas Ioannou <nio@zurich.ibm.com>
Date: Tue, 15 Jan 2019 10:13:16 +0100
Subject: [PATCH] [dsfm-client]: change file permissions of keys and
 certificates.

---
 python/client.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/python/client.py b/python/client.py
index 56dd4bf..709e7cf 100644
--- a/python/client.py
+++ b/python/client.py
@@ -17,6 +17,7 @@
 import json
 import logging
 import os
+import stat
 import shutil
 import signal
 import subprocess as sp
@@ -96,6 +97,12 @@ def write_openssl_cli_conf(self):
         with open(self.cli_conf, 'w') as f:
             f.write(self.openssl_cli_conf())
 
+    def update_cli_key_perms(self):
+        os.chmod(self.cli_key, stat.S_IRUSR | stat.S_IWUSR)
+
+    def update_cli_cert_perms(self):
+        os.chmod(self.cli_cert, stat.S_IRUSR | stat.S_IWUSR)
+
     def read_openssl_cli_req(self):
         cli_req = ''
         with open(self.cli_req, 'r') as f:
@@ -233,6 +240,7 @@ def create_ssl_key(self, ssl_cnf):
         try:
             ssl_cnf.write_openssl_cli_conf()
             ret,_,_ = call(ssl_cnf.openssl_generate_cli_keys_cmd())
+            ssl_cnf.update_cli_key_perms()
         except Exception:
             exc_type, exc_value, exc_traceback = sys.exc_info()
             traceback.print_exception(exc_type, exc_value, exc_traceback,
@@ -286,9 +294,12 @@ def configure_stunnel(self, ssl_cnf):
             # write ca cert
             with open(cli.ca_cert, 'w') as f:
                 f.write(self.ca_cert_string)
+            os.chmod(cli.ca_cert, stat.S_IRUSR | stat.S_IWUSR)
 
             # Client: written stunel conf and start stunnel
             cli.write_stunnel_cli_conf()
+            ssl_cnf.update_cli_cert_perms()
+
             cli_stunnel = sp.Popen('stunnel {}'.format(cli.cli_stunnel_conf), shell=True)
         except Exception:
             exc_type, exc_value, exc_traceback = sys.exc_info()