From fc6306575db517c06c51580dffce9725dcbba23e Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Mon, 5 Jul 2010 16:01:50 +0000
Subject: [PATCH] new classes, requires Java 1.6 to build

---
 .../src/net/i2p/util/SecureDirectory.java     | 62 ++++++++++++++++
 .../net/i2p/util/SecureFileOutputStream.java  | 72 +++++++++++++++++++
 2 files changed, 134 insertions(+)
 create mode 100644 core/java/src/net/i2p/util/SecureDirectory.java
 create mode 100644 core/java/src/net/i2p/util/SecureFileOutputStream.java

diff --git a/core/java/src/net/i2p/util/SecureDirectory.java b/core/java/src/net/i2p/util/SecureDirectory.java
new file mode 100644
index 000000000..393e11886
--- /dev/null
+++ b/core/java/src/net/i2p/util/SecureDirectory.java
@@ -0,0 +1,62 @@
+package net.i2p.util;
+
+import java.io.File;
+
+/**
+ * Same as File but sets the file mode after mkdir() so it can
+ * be read and written by the owner only (i.e. 700 on linux)
+ *
+ * @since 0.8.1
+ * @author zzz
+ */
+public class SecureDirectory extends File {
+
+    private static final boolean canSetPerms =
+        (new VersionComparator()).compare(System.getProperty("java.version"), "1.6") >= 0;
+    private static final boolean isNotWindows = !System.getProperty("os.name").startsWith("Win");
+
+    public SecureDirectory(String pathname) {
+        super(pathname);
+    }
+
+    public SecureDirectory(String parent, String child) {
+        super(parent, child);
+    }
+
+    public SecureDirectory(File parent, String child) {
+        super(parent, child);
+    }
+
+    /**
+     *  Sets directory to mode 700 if the directory is created
+     */
+    @Override
+    public boolean mkdir() {
+        boolean rv = super.mkdir();
+        if (rv)
+            setPerms();
+        return rv;
+    }
+
+    /**
+     *  Tries to set the permissions to 700,
+     *  ignores errors
+     */
+    private void setPerms() {
+        if (!canSetPerms)
+            return;
+        try {
+            setReadable(false, false);
+            setReadable(true, true);
+            setWritable(false, false);
+            setWritable(true, true);
+            if (isNotWindows) {
+                setExecutable(false, false);
+                setExecutable(true, true);
+            }
+        } catch (Throwable t) {
+            // NoSuchMethodException or NoSuchMethodError if we somehow got the
+            // version detection wrong or the JVM doesn't support it
+        }
+    }
+}
diff --git a/core/java/src/net/i2p/util/SecureFileOutputStream.java b/core/java/src/net/i2p/util/SecureFileOutputStream.java
new file mode 100644
index 000000000..dd02f2d32
--- /dev/null
+++ b/core/java/src/net/i2p/util/SecureFileOutputStream.java
@@ -0,0 +1,72 @@
+package net.i2p.util;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+
+/**
+ * Same as FileOutputStream but sets the file mode so it can only
+ * be read and written by the owner only (i.e. 600 on linux)
+ *
+ * @since 0.8.1
+ * @author zzz
+ */
+public class SecureFileOutputStream extends FileOutputStream {
+
+    private static final boolean canSetPerms =
+        (new VersionComparator()).compare(System.getProperty("java.version"), "1.6") >= 0;
+
+    /**
+     *  Sets output file to mode 600
+     */
+    public SecureFileOutputStream(String file) throws FileNotFoundException {
+        super(file);
+        setPerms(new File(file));
+    }
+
+    /**
+     *  Sets output file to mode 600 only if append = false
+     *  (otherwise it is presumed to be 600 already)
+     */
+    public SecureFileOutputStream(String file, boolean append) throws FileNotFoundException {
+        super(file, append);
+        if (!append)
+            setPerms(new File(file));
+    }
+
+    /**
+     *  Sets output file to mode 600
+     */
+    public SecureFileOutputStream(File file) throws FileNotFoundException {
+        super(file);
+        setPerms(file);
+    }
+
+    /**
+     *  Sets output file to mode 600 only if append = false
+     *  (otherwise it is presumed to be 600 already)
+     */
+    public SecureFileOutputStream(File file, boolean append) throws FileNotFoundException {
+        super(file, append);
+        if (!append)
+            setPerms(file);
+    }
+
+    /**
+     *  Tries to set the permissions to 600,
+     *  ignores errors
+     */
+    private static void setPerms(File f) {
+        if (!canSetPerms)
+            return;
+        try {
+            f.setReadable(false, false);
+            f.setReadable(true, true);
+            f.setWritable(false, false);
+            f.setWritable(true, true);
+        } catch (Throwable t) {
+            // NoSuchMethodException or NoSuchMethodError if we somehow got the
+            // version detection wrong or the JVM doesn't support it
+        }
+    }
+}