fix(weaver): resource incorrect permission assignment

musicboy0322 · musicboy0322 · commit 552a9e99ba2e · 2025-07-15T14:27:49.000+08:00
Primary change: Grant full permissions to owner only Fixes #2769 Signed-off-by: musicboy0322 <plusultra0322@gmail.com>
diff --git a/weaver/sdks/corda/src/main/kotlin/org/hyperledger/cacti/weaver/sdk/corda/CredentialsExtractor.java b/weaver/sdks/corda/src/main/kotlin/org/hyperledger/cacti/weaver/sdk/corda/CredentialsExtractor.java
@@ -151,6 +151,14 @@ private static String getRootCertPEM(KeyStore ks, String trustStore, String temp
 							File outputDir = new File(tempStore + "root/");
 							if (!outputDir.exists()) {
 								outputDir.mkdirs();
+								// remove all privilege from all previous users
+								outputDir.setReadable(false, false);
+								outputDir.setWritable(false, false);
+								outputDir.setExecutable(false, false);
+								// add all privilege to owner
+								outputDir.setReadable(true, true); 
+								outputDir.setWritable(true, true);
+								outputDir.setExecutable(true, true);
 							}
 							JcaPEMWriter xwriter = new JcaPEMWriter(new FileWriter(tempStore + "root/rootcert.pem"));
 							xwriter.writeObject(xcert);
@@ -201,6 +209,14 @@ private static Vector<String> getCertChain(KeyStore ks, String nodeKeyStorePath,
 							File outputDir = new File(tmpStore);
 							if (!outputDir.exists()) {
 								outputDir.mkdirs();
+								// remove all permissions from all users (including owner)
+								outputDir.setReadable(false, false);
+								outputDir.setWritable(false, false);
+								outputDir.setExecutable(false, false);
+								// grant full permissions to owner only
+								outputDir.setReadable(true, true); 
+								outputDir.setWritable(true, true);  
+								outputDir.setExecutable(true, true);
 							}
 							String filePath = tmpStore + tmpCertfiles[i] + ".pem";
 							JcaPEMWriter xwriter = new JcaPEMWriter(new FileWriter(filePath));
