[aws|iam] Mock upload_server_certificate errors if private key is not RSA.

2022-11-09 13:51:43 -05:00 · 2012-02-15 14:12:29 -04:00 · 2012-02-15 14:12:29 -04:00 · 0f4841b237
commit 0f4841b237
parent aeb11a127f
3 changed files with 27 additions and 0 deletions
--- a/lib/fog/aws/requests/iam/upload_server_certificate.rb
+++ b/lib/fog/aws/requests/iam/upload_server_certificate.rb
@ -51,6 +51,9 @@ module Fog

          # Validate cert and key
          begin
+            # must be an RSA private key
+            raise OpenSSL::PKey::RSAError unless private_key =~ /BEGIN RSA PRIVATE KEY/
+
            cert = OpenSSL::X509::Certificate.new(certificate)
            chain = OpenSSL::X509::Certificate.new(options['CertificateChain']) if options['CertificateChain']
            key = OpenSSL::PKey::RSA.new(private_key)
--- a/tests/aws/requests/iam/helper.rb
+++ b/tests/aws/requests/iam/helper.rb
@ -41,6 +41,25 @@ c0AQtoYBTJePxiYyd8i32ypkkK83ar+sFoxKO9jYwD1IkZax2xZ0aoTdMindQPR7
 Yjs+QiLmOHcbPqX+GHcCQERsSn0RjzKmKirDntseMB59BB/cEN32+gMDVsZuCfb+
 fOy2ZavFl13afnhbh2/AjKeDhnb19x/uXjF7JCUtwpA=
 -----END RSA PRIVATE KEY-----
+}
+
+    # openssl pkcs8 -nocrypt -topk8 -in SERVER_CERT_PRIVATE_KEY.key -outform pem
+    SERVER_CERT_PRIVATE_KEY_PKCS8 = %{-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALQJHvqyi+N2alZG
+YRp/xdob6cZ7tzOGl0sqRq7ZvXpW1KOQ9y3E8vlTi9ozFBRugs+v72gv719Jg3fV
+XMMPiHJp4ah4jl+GcZ6qTvWSrm4c40E5BQxtlsFDw9V31J2T7L0knoTl8L4aEsvk
+j7LYMruzIHPLKarVaLqs+nVdcXsBAgMBAAECgYA2ONEFvCR5ez6HgWbZbkYObH25
+86S3df+2+aKUIqv4XpJoOM7ZEAoFoW3rZ5rSlH39QwWdoWI8lo1r1+y6KsFzAh35
+GLOu4Sn7sUbOIz2YLmRwTtYpmteAYacu2qDjHm3BUsCuCnSOLtMDXyr/vi5Osjhr
+PwfmJNjifb05GUuaaQJBAOwYy4sSAYeA3ljVz1rHUNP+tRcrGeqwiuKNGSBuJOdw
+cACsUnzxzfLKRaoa9idIXAxLwNJaI/I9oAic02Vv988CQQDDNngJ+8n46UT76tM8
+f2N6YLz12fELsQUa5YmbB1p2d6/wRiC6+95x0Z0a20PtCxkqlzPmYOeA5SCFtWby
+8EQvAkAwd86hWCr0NGJw/kO5MR3Ix4tJnFGPunpok+rKm5H76Ts1CCtO9xz+cMPo
+beyGl/Y9l/eXt2WVv0zxN7C2LExFAkEAh1dzQBC2hgFMl4/GJjJ3yLfbKmSQrzdq
+v6wWjEo72NjAPUiRlrHbFnRqhN0yKd1A9HtiOz5CIuY4dxs+pf4YdwJARGxKfRGP
+MqYqKsOe2x4wHn0EH9wQ3fb6AwNWxm4J9v587LZlq8WXXdp+eFuHb8CMp4OGdvX3
+H+5eMXskJS3CkA==
+-----END PRIVATE KEY-----
 }

    SERVER_CERT_PRIVATE_KEY_MISMATCHED = %{-----BEGIN RSA PRIVATE KEY-----
--- a/tests/aws/requests/iam/server_certificate_tests.rb
+++ b/tests/aws/requests/iam/server_certificate_tests.rb
@ -24,6 +24,7 @@ Shindo.tests('AWS::IAM | server certificate requests', ['aws']) do
  tests('#upload_server_certificate') do
    public_key  = AWS::IAM::SERVER_CERT_PUBLIC_KEY
    private_key = AWS::IAM::SERVER_CERT_PRIVATE_KEY
+    private_key_pkcs8 = AWS::IAM::SERVER_CERT_PRIVATE_KEY_PKCS8
    private_key_mismatch = AWS::IAM::SERVER_CERT_PRIVATE_KEY_MISMATCHED

    tests('empty public key').raises(Fog::AWS::IAM::ValidationError) do
@ -42,6 +43,10 @@ Shindo.tests('AWS::IAM | server certificate requests', ['aws']) do
      Fog::AWS::IAM.new.upload_server_certificate(public_key, 'abcde', @key_name)
    end

+    tests('non-RSA private key').raises(Fog::AWS::IAM::MalformedCertificate) do
+      Fog::AWS::IAM.new.upload_server_certificate(public_key, private_key_pkcs8, @key_name)
+    end
+
    tests('mismatched private key').raises(Fog::AWS::IAM::KeyPairMismatch) do
      Fog::AWS::IAM.new.upload_server_certificate(public_key, private_key_mismatch, @key_name)
    end