From abf541c154f5e08708aab42db1e177d61616b28e Mon Sep 17 00:00:00 2001
From: Laurent Stacul <laurent.stacul@gmail.com>
Date: Fri, 13 Jun 2025 17:50:16 +0200
Subject: [PATCH] Allow disabling keystore file checks

This change allow the gem users to disable the owner and permissions
validation on the key file.

Solves: #139 #170
---
 lib/symmetric_encryption/keystore/file.rb        |  4 ++--
 lib/symmetric_encryption/symmetric_encryption.rb | 16 ++++++++++++++++
 test/keystore/file_test.rb                       |  8 ++++++++
 3 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/lib/symmetric_encryption/keystore/file.rb b/lib/symmetric_encryption/keystore/file.rb
index fed652e..31a8ead 100644
--- a/lib/symmetric_encryption/keystore/file.rb
+++ b/lib/symmetric_encryption/keystore/file.rb
@@ -52,12 +52,12 @@ def read
           raise(SymmetricEncryption::ConfigError,
                 "Symmetric Encryption key file: '#{file_name}' not found")
         end
-        unless correct_permissions?
+        unless SymmetricEncryption.skip_keystore_file_permissions? || correct_permissions?
           raise(SymmetricEncryption::ConfigError,
                 "Symmetric Encryption key file '#{file_name}' has the wrong " \
                 "permissions: #{::File.stat(file_name).mode.to_s(8)}. Expected 100600 or 100400.")
         end
-        unless owned?
+        unless SymmetricEncryption.skip_keystore_file_owner? || owned?
           raise(SymmetricEncryption::ConfigError,
                 "Symmetric Encryption key file '#{file_name}' has the wrong " \
                 "owner (#{stat.uid}) or group (#{stat.gid}). " \
diff --git a/lib/symmetric_encryption/symmetric_encryption.rb b/lib/symmetric_encryption/symmetric_encryption.rb
index d8f18f7..8062c5a 100644
--- a/lib/symmetric_encryption/symmetric_encryption.rb
+++ b/lib/symmetric_encryption/symmetric_encryption.rb
@@ -300,6 +300,20 @@ def self.random_password(size = 22)
     SecureRandom.urlsafe_base64(size)
   end
 
+  class << self
+    attr_accessor :skip_keystore_file_permissions, :skip_keystore_file_owner
+    alias_method :skip_keystore_file_permissions?, :skip_keystore_file_permissions
+    alias_method :skip_keystore_file_owner?, :skip_keystore_file_owner
+  end
+
+  def self.skip_keystore_file_permissions!
+    @skip_keystore_file_permissions = true
+  end
+
+  def self.skip_keystore_file_owner!
+    @skip_keystore_file_owner = true
+  end
+
   BINARY_ENCODING = Encoding.find("binary")
   UTF8_ENCODING   = Encoding.find("UTF-8")
 
@@ -308,4 +322,6 @@ def self.random_password(size = 22)
   @secondary_ciphers = []
   @select_cipher     = nil
   @randomize_iv      = false
+  @skip_keystore_file_permissions = false
+  @skip_keystore_file_owner = false
 end
diff --git a/test/keystore/file_test.rb b/test/keystore/file_test.rb
index f10e534..cd96754 100644
--- a/test/keystore/file_test.rb
+++ b/test/keystore/file_test.rb
@@ -79,6 +79,7 @@ class FileTest < Minitest::Test
 
         after do
           FileUtils.chmod 0o600, Dir.glob("#{the_test_path}/*")
+          SymmetricEncryption.skip_keystore_file_permissions = false
         end
 
         it "stores the key" do
@@ -91,6 +92,13 @@ class FileTest < Minitest::Test
           FileUtils.chmod 0o666, Dir.glob("#{the_test_path}/*")
           assert_raises { keystore.read }
         end
+
+        it "does not raise an exception when the permission validation is disabled" do
+          keystore.write("TEST")
+          FileUtils.chmod 0o666, Dir.glob("#{the_test_path}/*")
+          SymmetricEncryption.skip_keystore_file_permissions!
+          assert_equal "TEST", keystore.read
+        end
       end
     end
   end