new classes, requires Java 1.6 to build

core/java/src/net/i2p/util/SecureDirectory.java

@@ -0,0 +1,62 @@
+package net.i2p.util;
+
+import java.io.File;
+
+/**
+ * Same as File but sets the file mode after mkdir() so it can
+ * be read and written by the owner only (i.e. 700 on linux)
+ *
+ * @since 0.8.1
+ * @author zzz
+ */
+public class SecureDirectory extends File {
+
+    private static final boolean canSetPerms =
+        (new VersionComparator()).compare(System.getProperty("java.version"), "1.6") >= 0;
+    private static final boolean isNotWindows = !System.getProperty("os.name").startsWith("Win");
+
+    public SecureDirectory(String pathname) {
+        super(pathname);
+    }
+
+    public SecureDirectory(String parent, String child) {
+        super(parent, child);
+    }
+
+    public SecureDirectory(File parent, String child) {
+        super(parent, child);
+    }
+
+    /**
+     *  Sets directory to mode 700 if the directory is created
+     */
+    @Override
+    public boolean mkdir() {
+        boolean rv = super.mkdir();
+        if (rv)
+            setPerms();
+        return rv;
+    }
+
+    /**
+     *  Tries to set the permissions to 700,
+     *  ignores errors
+     */
+    private void setPerms() {
+        if (!canSetPerms)
+            return;
+        try {
+            setReadable(false, false);
+            setReadable(true, true);
+            setWritable(false, false);
+            setWritable(true, true);
+            if (isNotWindows) {
+                setExecutable(false, false);
+                setExecutable(true, true);
+            }
+        } catch (Throwable t) {
+            // NoSuchMethodException or NoSuchMethodError if we somehow got the
+            // version detection wrong or the JVM doesn't support it
+        }
+    }
+}

core/java/src/net/i2p/util/SecureFileOutputStream.java

@@ -0,0 +1,72 @@
+package net.i2p.util;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+
+/**
+ * Same as FileOutputStream but sets the file mode so it can only
+ * be read and written by the owner only (i.e. 600 on linux)
+ *
+ * @since 0.8.1
+ * @author zzz
+ */
+public class SecureFileOutputStream extends FileOutputStream {
+
+    private static final boolean canSetPerms =
+        (new VersionComparator()).compare(System.getProperty("java.version"), "1.6") >= 0;
+
+    /**
+     *  Sets output file to mode 600
+     */
+    public SecureFileOutputStream(String file) throws FileNotFoundException {
+        super(file);
+        setPerms(new File(file));
+    }
+
+    /**
+     *  Sets output file to mode 600 only if append = false
+     *  (otherwise it is presumed to be 600 already)
+     */
+    public SecureFileOutputStream(String file, boolean append) throws FileNotFoundException {
+        super(file, append);
+        if (!append)
+            setPerms(new File(file));
+    }
+
+    /**
+     *  Sets output file to mode 600
+     */
+    public SecureFileOutputStream(File file) throws FileNotFoundException {
+        super(file);
+        setPerms(file);
+    }
+
+    /**
+     *  Sets output file to mode 600 only if append = false
+     *  (otherwise it is presumed to be 600 already)
+     */
+    public SecureFileOutputStream(File file, boolean append) throws FileNotFoundException {
+        super(file, append);
+        if (!append)
+            setPerms(file);
+    }
+
+    /**
+     *  Tries to set the permissions to 600,
+     *  ignores errors
+     */
+    private static void setPerms(File f) {
+        if (!canSetPerms)
+            return;
+        try {
+            f.setReadable(false, false);
+            f.setReadable(true, true);
+            f.setWritable(false, false);
+            f.setWritable(true, true);
+        } catch (Throwable t) {
+            // NoSuchMethodException or NoSuchMethodError if we somehow got the
+            // version detection wrong or the JVM doesn't support it
+        }
+    }
+}