Merge branch 'denali' into duplicated-writes

2020-06-22 17:59:09 -04:00 · 2020-06-22 17:59:09 -04:00 · 7bc66938da
parent 473bef24b1 c3c10a0a81
commit 7bc66938da
2 changed files with 23 additions and 6 deletions
--- a/snow/networking/router/handler.go
+++ b/snow/networking/router/handler.go
@ -54,6 +54,12 @@ func (h *Handler) Initialize(
 // Context of this Handler
 func (h *Handler) Context() *snow.Context { return h.engine.Context() }

+// Engine returns the engine this handler dispatches to
+func (h *Handler) Engine() common.Engine { return h.engine }
+
+// SetEngine sets the engine this handler dispatches to
+func (h *Handler) SetEngine(engine common.Engine) { h.engine = engine }
+
 // Dispatch waits for incoming messages from the network
 // and, when they arrive, sends them to the consensus engine
 func (h *Handler) Dispatch() {
--- a/staking/gen_staker_key.go
+++ b/staking/gen_staker_key.go
@ -40,20 +40,27 @@ func GenerateStakingKeyCert(keyPath, certPath string) error {
 		return fmt.Errorf("couldn't create certificate: %w", err)
 	}

-	// Write cert to disk
-	if err := os.MkdirAll(filepath.Dir(certPath), 0755); err != nil {
-		return fmt.Errorf("couldn't create path for key/cert: %w", err)
+	// Ensure directory where key/cert will live exist
+	if err := os.MkdirAll(filepath.Dir(certPath), 0700); err != nil {
+		return fmt.Errorf("couldn't create path for cert: %w", err)
+	} else if err := os.MkdirAll(filepath.Dir(keyPath), 0700); err != nil {
+		return fmt.Errorf("couldn't create path for key: %w", err)
 	}
-	certOut, err := os.Create(certPath)
+
+	// Write cert to disk
+	certFile, err := os.Create(certPath)
 	if err != nil {
 		return fmt.Errorf("couldn't create cert file: %w", err)
 	}
-	if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes}); err != nil {
+	if err := pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes}); err != nil {
 		return fmt.Errorf("couldn't write cert file: %w", err)
 	}
-	if err := certOut.Close(); err != nil {
+	if err := certFile.Close(); err != nil {
 		return fmt.Errorf("couldn't close cert file: %w", err)
 	}
+	if err := os.Chmod(certPath, 0400); err != nil { // Make cert read-only
+		return fmt.Errorf("couldn't change permissions on cert: %w", err)
+	}

 	// Write key to disk
 	keyOut, err := os.Create(keyPath)
@ -70,5 +77,9 @@ func GenerateStakingKeyCert(keyPath, certPath string) error {
 	if err := keyOut.Close(); err != nil {
 		return fmt.Errorf("couldn't close key file: %w", err)
 	}
+	if err := os.Chmod(keyPath, 0400); err != nil { // Make key read-only
+		return fmt.Errorf("couldn't change permissions on key")
+	}
+
 	return nil
 }