Ensure the server is the exclusive owner of the key

This commit is contained in:
Alex Bilbie 2017-06-16 16:58:49 +01:00
parent 57d199b889
commit 2f8de3d230

View File

@ -44,6 +44,23 @@ class CryptKey
throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath)); throw new \LogicException(sprintf('Key path "%s" does not exist or is not readable', $keyPath));
} }
// Verify the permissions of the key
$keyPathPerms = decoct(fileperms($keyPath) & 0777);
if ($keyPathPerms !== '600') {
// Attempt to correct the permissions
if (chmod($keyPath, 0600) === false) {
// @codeCoverageIgnoreStart
throw new \LogicException(
sprintf(
'Key file "%s" permissions are not correct, should be 600 instead of %s, unable to automatically resolve the issue',
$keyPath,
$keyPathPerms
)
);
// @codeCoverageIgnoreEnd
}
}
$this->keyPath = $keyPath; $this->keyPath = $keyPath;
$this->passPhrase = $passPhrase; $this->passPhrase = $passPhrase;
} }