From 27d15d7e2d1c3b07e4aa806946672bd137c1c785 Mon Sep 17 00:00:00 2001
From: Alex Heneveld <alex.heneveld@cloudsoftcorp.com>
Date: Tue, 15 Jul 2014 15:06:31 -0400
Subject: [PATCH] put keys on server with permissions 0600 rather than 0400 so
 we can rebind (rebind still always replaces them which is slightly wasteful
 but we can live with that)

---
 .../java/brooklyn/entity/proxy/nginx/NginxControllerImpl.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxControllerImpl.java b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxControllerImpl.java
index b11d9511f8..f4824222fa 100644
--- a/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxControllerImpl.java
+++ b/software/webapp/src/main/java/brooklyn/entity/proxy/nginx/NginxControllerImpl.java
@@ -227,14 +227,14 @@ public void installSslKeys(String id, ProxySslConfig ssl) {
 
         if (!Strings.isEmpty(ssl.getCertificateSourceUrl())) {
             String certificateDestination = Strings.isEmpty(ssl.getCertificateDestination()) ? driver.getRunDir() + "/conf/" + id + ".crt" : ssl.getCertificateDestination();
-            driver.getMachine().copyTo(ImmutableMap.of("permissions", "0400"),
+            driver.getMachine().copyTo(ImmutableMap.of("permissions", "0600"),
                     ResourceUtils.create(this).getResourceFromUrl(ssl.getCertificateSourceUrl()),
                     certificateDestination);
         }
 
         if (!Strings.isEmpty(ssl.getKeySourceUrl())) {
             String keyDestination = Strings.isEmpty(ssl.getKeyDestination()) ? driver.getRunDir() + "/conf/" + id + ".key" : ssl.getKeyDestination();
-            driver.getMachine().copyTo(ImmutableMap.of("permissions", "0400"),
+            driver.getMachine().copyTo(ImmutableMap.of("permissions", "0600"),
                     ResourceUtils.create(this).getResourceFromUrl(ssl.getKeySourceUrl()),
                     keyDestination);
         }