/** Generate a local password and save it in the local-password file. */ public void postConstruct() { logger.fine("Generating local password"); SecureRandom random = new SecureRandom(); byte[] pwd = new byte[PASSWORD_BYTES]; random.nextBytes(pwd); password = toHex(pwd); File localPasswordFile = new File(env.getConfigDirPath(), LOCAL_PASSWORD_FILE); PrintWriter w = null; try { if (!localPasswordFile.exists()) { localPasswordFile.createNewFile(); /* * XXX - There's a security hole here. * Between the time the file is created and the permissions * are changed to prevent others from opening it, someone * else could open it and wait for the data to be written. * Java needs the ability to create a file that's readable * only by the owner; coming in JDK 7. */ localPasswordFile.setWritable(false, false); // take from all localPasswordFile.setWritable(true, true); // owner only localPasswordFile.setReadable(false, false); // take from all localPasswordFile.setReadable(true, true); // owner only } w = new PrintWriter(localPasswordFile); w.println(password); } catch (IOException ex) { // ignore errors logger.log(Level.FINE, "Exception writing local password file", ex); } finally { if (w != null) w.close(); } }
public Config copyConfig(Configs configs, Config config, String destConfigName, Logger logger) throws PropertyVetoException, TransactionFailure { final Config destCopy = (Config) config.deepCopy(configs); if (systemproperties != null) { final Properties properties = GenericCrudCommand.convertStringToProperties(systemproperties, ':'); for (final Object key : properties.keySet()) { final String propName = (String) key; // cannot update a system property so remove it first List<SystemProperty> sysprops = destCopy.getSystemProperty(); for (SystemProperty sysprop : sysprops) { if (propName.equals(sysprop.getName())) { sysprops.remove(sysprop); break; } } SystemProperty newSysProp = destCopy.createChild(SystemProperty.class); newSysProp.setName(propName); newSysProp.setValue(properties.getProperty(propName)); destCopy.getSystemProperty().add(newSysProp); } } final String configName = destConfigName; destCopy.setName(configName); configs.getConfig().add(destCopy); copyOfConfig = destCopy; String srcConfig = ""; srcConfig = config.getName(); File configConfigDir = new File(env.getConfigDirPath(), configName); for (Config c : configs.getConfig()) { File existingConfigConfigDir = new File(env.getConfigDirPath(), c.getName()); if (!c.getName().equals(configName) && configConfigDir.equals(existingConfigConfigDir)) { throw new TransactionFailure( localStrings.getLocalString( "config.duplicate.dir", "Config {0} is trying to use the same directory as config {1}", configName, c.getName())); } } try { if (!(new File(configConfigDir, "docroot").mkdirs() && new File(configConfigDir, "lib/ext").mkdirs())) { throw new IOException( localStrings.getLocalString( "config.mkdirs", "error creating config specific directories")); } String srcConfigLoggingFile = env.getInstanceRoot().getAbsolutePath() + File.separator + "config" + File.separator + srcConfig + File.separator + ServerEnvironmentImpl.kLoggingPropertiesFileName; File src = new File(srcConfigLoggingFile); if (!src.exists()) { src = new File(env.getConfigDirPath(), ServerEnvironmentImpl.kLoggingPropertiesFileName); } File dest = new File(configConfigDir, ServerEnvironmentImpl.kLoggingPropertiesFileName); FileUtils.copy(src, dest); } catch (Exception e) { logger.log(Level.WARNING, ConfigApiLoggerInfo.copyConfigError, e.getLocalizedMessage()); } return destCopy; }