create files with reduced permissions when possible

2010-11-24  Omair Majid  <[email protected]>

    * netx/net/sourceforge/jnlp/util/FileUtils.java
    (createRestrictedDirectory): New method. Creates a directory with reduced
    permissions.
    (createRestrictedFile(File,boolean)): New method. Creates a file with reduced
    permissions.
    (createRestrictedFile(File,boolean,boolean): New method. Creates a file or
    a directory with reduced permissions.
    * netx/net/sourceforge/jnlp/Launcher.java
    (markNetxRunning): Do not grant unnecessary file permissions.
    * netx/net/sourceforge/jnlp/runtime/Boot.java: Remove umask from
    help message.
    * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
    (activateNative): Create file with proper permissions.
    (getNativeDir): Create directory with proper permissions.
    * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
    (initializeStreams): Create files with proper permissions.
    * netx/net/sourceforge/jnlp/security/CertWarningPane.java
    (CheckBoxListener.actionPerformed): Likewise.
    * netx/net/sourceforge/jnlp/security/KeyStores.java
    (createKeyStoreFromFile): Likewise.
    * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
    (ImportButtonListener.actionPerformed): Likewise.
    (RemoveButtonListener.actionPerformed): Likewise.
    * netx/net/sourceforge/jnlp/services/SingleInstanceLock.java
    (createWithPort): Likewise.
    (getLockFile): Likewise.
    * netx/net/sourceforge/jnlp/services/XExtendedService.java
    (openFile): Likewise.
    * netx/net/sourceforge/jnlp/services/XPersistenceService.java
    (create): Likewise.
    * netx/net/sourceforge/jnlp/util/XDesktopEntry.java
    (installDesktopLauncher): Likewise.
    * netx/net/sourceforge/jnlp/resources/Messages.properties: Add
    CantCreateFile, RCantCreateDir and RCantRename. Remove BNoBase and
    BOUmask.

3 files changed, 26 insertions, 5 deletions

diff --git a/netx/net/sourceforge/jnlp/security/CertWarningPane.java b/netx/net/sourceforge/jnlp/security/CertWarningPane.java
index e1ebecb..56105e9 100644
--- a/netx/net/sourceforge/jnlp/security/CertWarningPane.java
+++ b/netx/net/sourceforge/jnlp/security/CertWarningPane.java
@@ -47,6 +47,7 @@ import java.awt.Font;
 import java.awt.GridLayout;
 import java.awt.event.ActionEvent;
 import java.awt.event.ActionListener;
+import java.io.File;
 import java.io.FileOutputStream;
 import java.io.OutputStream;
 import java.security.KeyStore;
@@ -68,6 +69,7 @@ import net.sourceforge.jnlp.runtime.JNLPRuntime;
 import net.sourceforge.jnlp.security.KeyStores.Level;
 import net.sourceforge.jnlp.security.KeyStores.Type;
 import net.sourceforge.jnlp.security.SecurityWarning.AccessType;
+import net.sourceforge.jnlp.util.FileUtils;
 
 /**
  * Provides the panel for using inside a SecurityWarningDialog. These dialogs are
@@ -246,7 +248,12 @@ public class CertWarningPane extends SecurityDialogPanel {
                     KeyStore ks = KeyStores.getKeyStore(Level.USER, Type.CERTS);
                     X509Certificate c = (X509Certificate) parent.getJarSigner().getPublisher();
                     CertificateUtils.addToKeyStore(c, ks);
-                    OutputStream os = new FileOutputStream(KeyStores.getKeyStoreLocation(Level.USER, Type.CERTS));
+                    File keyStoreFile = new File(KeyStores.getKeyStoreLocation(Level.USER, Type.CERTS));
+                    if (!keyStoreFile.isFile()) {
+                        FileUtils.createRestrictedFile(keyStoreFile, true);
+                    }
+
+                    OutputStream os = new FileOutputStream(keyStoreFile);
                     ks.store(os, KeyStores.getPassword());
                     if (JNLPRuntime.isDebug()) {
                         System.out.println("certificate is now permanently trusted");
diff --git a/netx/net/sourceforge/jnlp/security/KeyStores.java b/netx/net/sourceforge/jnlp/security/KeyStores.java
index 05bc150..de4aff3 100644
--- a/netx/net/sourceforge/jnlp/security/KeyStores.java
+++ b/netx/net/sourceforge/jnlp/security/KeyStores.java
@@ -53,6 +53,7 @@ import java.util.StringTokenizer;
 import net.sourceforge.jnlp.runtime.DeploymentConfiguration;
 import net.sourceforge.jnlp.runtime.JNLPRuntime;
 import net.sourceforge.jnlp.runtime.Translator;
+import net.sourceforge.jnlp.util.FileUtils;
 
 /**
  * The <code>KeyStores</code> class allows easily accessing the various KeyStores
@@ -339,6 +340,8 @@ public final class KeyStores {
                 if (!parent.isDirectory() && !parent.mkdirs()) {
                     throw new IOException("unable to create " + parent);
                 }
+                FileUtils.createRestrictedFile(file, true);
+
                 ks = KeyStore.getInstance(KEYSTORE_TYPE);
                 ks.load(null, password.toCharArray());
                 FileOutputStream fos = new FileOutputStream(file);
diff --git a/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java b/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
index f309b02..ce36154 100644
--- a/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
+++ b/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
@@ -45,6 +45,7 @@ import java.awt.FlowLayout;
 import java.awt.event.ActionEvent;
 import java.awt.event.ActionListener;
 import java.awt.event.KeyEvent;
+import java.io.File;
 import java.io.FileOutputStream;
 import java.io.OutputStream;
 import java.io.PrintStream;
@@ -76,6 +77,7 @@ import net.sourceforge.jnlp.security.KeyStores;
 import net.sourceforge.jnlp.security.SecurityUtil;
 import net.sourceforge.jnlp.security.SecurityWarningDialog;
 import net.sourceforge.jnlp.security.KeyStores.Level;
+import net.sourceforge.jnlp.util.FileUtils;
 
 public class CertificatePane extends JPanel {
 
@@ -361,8 +363,13 @@ public class CertificatePane extends JPanel {
                         try {
                                 KeyStore ks = keyStore;
                                 CertificateUtils.addToKeyStore(chooser.getSelectedFile(), ks);
-                                OutputStream os = new FileOutputStream(
-                                        KeyStores.getKeyStoreLocation(currentKeyStoreLevel, currentKeyStoreType));
+                                File keyStoreFile = new File(KeyStores
+                                        .getKeyStoreLocation(currentKeyStoreLevel, currentKeyStoreType));
+                                if (!keyStoreFile.isFile()) {
+                                    FileUtils.createRestrictedFile(keyStoreFile, true);
+                                }
+
+                                OutputStream os = new FileOutputStream(keyStoreFile);
                                 ks.store(os, KeyStores.getPassword());
                                 repopulateTables();
                         } catch (Exception ex) {
@@ -436,8 +443,12 @@ public class CertificatePane extends JPanel {
                                                         JOptionPane.YES_NO_OPTION);
                                         if (i == 0) {
                                                 keyStore.deleteEntry(alias);
-                                                FileOutputStream fos = new FileOutputStream(
-                                                        KeyStores.getKeyStoreLocation(currentKeyStoreLevel, currentKeyStoreType));
+                                                File keyStoreFile = new File(KeyStores
+                                                        .getKeyStoreLocation(currentKeyStoreLevel, currentKeyStoreType));
+                                                if (!keyStoreFile.isFile()) {
+                                                    FileUtils.createRestrictedFile(keyStoreFile, true);
+                                                }
+                                                FileOutputStream fos = new FileOutputStream(keyStoreFile);
                                                 keyStore.store(fos, KeyStores.getPassword());
                                                 fos.close();
                                         }