TheLanc3/lan-mouse
1
0
Fork 0
mirror of https://github.com/feschber/lan-mouse.git synced 2026-04-16 19:51:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

make private key file inaccessible to other users

Browse Source
This commit is contained in:
Ferdinand Schober
2024-09-27 23:57:11 +02:00
parent 49e139198a
commit cf4a06a44a
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/crypto.rs
View File

@@ -2,6 +2,9 @@ use std::io::{self, BufWriter, Read, Write};
use std::path::Path; use std::path::Path;
use std::{fs::File, io::BufReader}; use std::{fs::File, io::BufReader};
#[cfg(unix)]
use std::os::unix::fs::PermissionsExt;
use sha2::{Digest, Sha256}; use sha2::{Digest, Sha256};
use thiserror::Error; use thiserror::Error;
use webrtc_dtls::crypto::Certificate; use webrtc_dtls::crypto::Certificate;
@@ -70,6 +73,13 @@ pub(crate) fn generate_key_and_cert(path: &Path) -> Result<Certificate, Error> {
let cert = Certificate::generate_self_signed(["ignored".to_owned()])?; let cert = Certificate::generate_self_signed(["ignored".to_owned()])?;
let serialized = cert.serialize_pem(); let serialized = cert.serialize_pem();
let f = File::create(path)?; let f = File::create(path)?;
#[cfg(unix)]
{
let mut perm = f.metadata()?.permissions();
perm.set_mode(0o400); /* r-- --- --- */
f.set_permissions(perm)?;
}
/* FIXME windows permissions */
let mut writer = BufWriter::new(f); let mut writer = BufWriter::new(f);
writer.write(serialized.as_bytes())?; writer.write(serialized.as_bytes())?;
Ok(cert) Ok(cert)