8c3d0703ed
Just replace RSA.new with PKey.read
34 lines
867 B
Ruby
34 lines
867 B
Ruby
# frozen_string_literal: true
|
|
|
|
# NamedEcdsaKeyValidator
|
|
#
|
|
# Custom validator for ecdsa private keys.
|
|
# Golang currently doesn't support explicit curves for ECDSA certificates
|
|
# This validator checks if curve is set by name, not by parameters
|
|
#
|
|
# class Project < ActiveRecord::Base
|
|
# validates :certificate_key, named_ecdsa_key: true
|
|
# end
|
|
#
|
|
class NamedEcdsaKeyValidator < ActiveModel::EachValidator
|
|
def validate_each(record, attribute, value)
|
|
if explicit_ec?(value)
|
|
record.errors.add(attribute, "ECDSA keys with explicit curves are not supported")
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
UNNAMED_CURVE = "UNDEF"
|
|
|
|
def explicit_ec?(value)
|
|
return false unless value
|
|
|
|
pkey = OpenSSL::PKey.read(value)
|
|
return false unless pkey.is_a?(OpenSSL::PKey::EC)
|
|
|
|
pkey.group.curve_name == UNNAMED_CURVE
|
|
rescue OpenSSL::PKey::PKeyError
|
|
false
|
|
end
|
|
end
|