From cb9703670844e9dc629010799338d880d1493f3e Mon Sep 17 00:00:00 2001
From: Rich Wellner <rkw@objenv.com>
Date: Thu, 2 May 2024 17:59:31 -0500
Subject: [PATCH 1/2] verifies readability of key files (when they exist) and
 aborts startup if they are not readable.

---
 src/S3FileSystem.cc | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/S3FileSystem.cc b/src/S3FileSystem.cc
index 3a4e939..c3bc84f 100644
--- a/src/S3FileSystem.cc
+++ b/src/S3FileSystem.cc
@@ -20,6 +20,7 @@
 #include "S3AccessInfo.hh"
 #include "S3Directory.hh"
 #include "S3File.hh"
+#include "shortfile.hh"
 #include "stl_string_utils.hh"
 
 #include <XrdOuc/XrdOucEnv.hh>
@@ -87,8 +88,21 @@ bool S3FileSystem::Config(XrdSysLogger *lp, const char *configfn) {
 				m_log.Emsg("Config", "s3.region not specified");
 				return false;
 			}
-			newAccessInfo = new S3AccessInfo();
-			exposedPath = "";
+            std::string contents;
+            if(newAccessInfo->getS3AccessKeyFile() != "") {
+                if (!readShortFile(newAccessInfo->getS3AccessKeyFile(), contents)) {
+                    m_log.Emsg("Config", "s3.access_key_file not readable");
+                    return false;
+                }
+            }
+            if(newAccessInfo->getS3SecretKeyFile() != "") {
+                if (!readShortFile(newAccessInfo->getS3SecretKeyFile(), contents)) {
+                    m_log.Emsg("Config", "s3.secret_key_file not readable");
+                    return false;
+                }
+            }
+            newAccessInfo = new S3AccessInfo();
+            exposedPath = "";
 			continue;
 		}
 		if (!temporary) {

From 00d9a886fde526bfc41654360bfbb50b0f7acd8e Mon Sep 17 00:00:00 2001
From: Rich Wellner <rkw@objenv.com>
Date: Wed, 8 May 2024 10:07:12 -0500
Subject: [PATCH 2/2] verifies readability of key files (when they exist) and
 aborts startup if they are not readable.

---
 src/S3FileSystem.cc | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/src/S3FileSystem.cc b/src/S3FileSystem.cc
index c3bc84f..4c5668d 100644
--- a/src/S3FileSystem.cc
+++ b/src/S3FileSystem.cc
@@ -88,21 +88,23 @@ bool S3FileSystem::Config(XrdSysLogger *lp, const char *configfn) {
 				m_log.Emsg("Config", "s3.region not specified");
 				return false;
 			}
-            std::string contents;
-            if(newAccessInfo->getS3AccessKeyFile() != "") {
-                if (!readShortFile(newAccessInfo->getS3AccessKeyFile(), contents)) {
-                    m_log.Emsg("Config", "s3.access_key_file not readable");
-                    return false;
-                }
-            }
-            if(newAccessInfo->getS3SecretKeyFile() != "") {
-                if (!readShortFile(newAccessInfo->getS3SecretKeyFile(), contents)) {
-                    m_log.Emsg("Config", "s3.secret_key_file not readable");
-                    return false;
-                }
-            }
-            newAccessInfo = new S3AccessInfo();
-            exposedPath = "";
+			std::string contents;
+			if (newAccessInfo->getS3AccessKeyFile() != "") {
+				if (!readShortFile(newAccessInfo->getS3AccessKeyFile(),
+								   contents)) {
+					m_log.Emsg("Config", "s3.access_key_file not readable");
+					return false;
+				}
+			}
+			if (newAccessInfo->getS3SecretKeyFile() != "") {
+				if (!readShortFile(newAccessInfo->getS3SecretKeyFile(),
+								   contents)) {
+					m_log.Emsg("Config", "s3.secret_key_file not readable");
+					return false;
+				}
+			}
+			newAccessInfo = new S3AccessInfo();
+			exposedPath = "";
 			continue;
 		}
 		if (!temporary) {