From 1b2ee301caad7b665cf1953c6df5457ccadd1fb3 Mon Sep 17 00:00:00 2001
From: Robert Godfrey <rgodfrey@apache.org>
Date: Mon, 24 Nov 2014 21:13:31 +0000
Subject: QPID-6242 : Ensure created directory has sufficient permissions to
 create a file for AES key

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1641474 13f79535-47bb-0310-9956-ffa450edef68
---
 .../encryption/AESKeyFileEncrypterFactory.java     | 40 ++++++++++++++++++++--
 1 file changed, 37 insertions(+), 3 deletions(-)

(limited to 'qpid/java')

diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
index 5a718e5bc4..b396d5ec46 100644
--- a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
+++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypterFactory.java
@@ -26,9 +26,25 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.nio.file.attribute.*;
+import java.nio.file.attribute.AclEntry;
+import java.nio.file.attribute.AclEntryPermission;
+import java.nio.file.attribute.AclEntryType;
+import java.nio.file.attribute.AclFileAttributeView;
+import java.nio.file.attribute.FileAttribute;
+import java.nio.file.attribute.PosixFileAttributeView;
+import java.nio.file.attribute.PosixFilePermission;
+import java.nio.file.attribute.PosixFilePermissions;
+import java.nio.file.attribute.UserPrincipal;
 import java.security.NoSuchAlgorithmException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.EnumSet;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.ListIterator;
+import java.util.Map;
+import java.util.Set;
 
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
@@ -262,7 +278,8 @@ public class AESKeyFileEncrypterFactory implements ConfigurationSecretEncrypterF
             final UserPrincipal owner = Files.getOwner(parentFilePath);
             AclFileAttributeView attributeView = Files.getFileAttributeView(parentFilePath, AclFileAttributeView.class);
             List<AclEntry> acls = new ArrayList<>(attributeView.getAcl());
-            Iterator<AclEntry> iter = acls.iterator();
+            ListIterator<AclEntry> iter = acls.listIterator();
+            boolean found = false;
             while(iter.hasNext())
             {
                 AclEntry acl = iter.next();
@@ -270,6 +287,23 @@ public class AESKeyFileEncrypterFactory implements ConfigurationSecretEncrypterF
                 {
                     iter.remove();
                 }
+                else if(acl.type() == AclEntryType.ALLOW)
+                {
+                    found = true;
+                    AclEntry.Builder builder = AclEntry.newBuilder(acl);
+                    Set<AclEntryPermission> permissions = EnumSet.copyOf(acl.permissions());
+                    permissions.addAll(Arrays.asList(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.LIST_DIRECTORY));
+                    builder.setPermissions(permissions);
+                    iter.set(builder.build());
+                }
+            }
+            if(!found)
+            {
+                AclEntry.Builder builder = AclEntry.newBuilder();
+                builder.setPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.LIST_DIRECTORY);
+                builder.setType(AclEntryType.ALLOW);
+                builder.setPrincipal(owner);
+                acls.add(builder.build());
             }
             attributeView.setAcl(acls);
 
-- 
cgit v1.2.1