gitlab-org--gitlab-foss/app/validators/named_ecdsa_key_validator.rb
Vladimir Shushlin 8c3d0703ed Allow to load ECDSA certificates for pages domains
Just replace RSA.new with PKey.read
2019-09-07 00:29:03 +00:00

34 lines
867 B
Ruby

# frozen_string_literal: true
# NamedEcdsaKeyValidator
#
# Custom validator for ecdsa private keys.
# Golang currently doesn't support explicit curves for ECDSA certificates
# This validator checks if curve is set by name, not by parameters
#
# class Project < ActiveRecord::Base
# validates :certificate_key, named_ecdsa_key: true
# end
#
class NamedEcdsaKeyValidator < ActiveModel::EachValidator
def validate_each(record, attribute, value)
if explicit_ec?(value)
record.errors.add(attribute, "ECDSA keys with explicit curves are not supported")
end
end
private
UNNAMED_CURVE = "UNDEF"
def explicit_ec?(value)
return false unless value
pkey = OpenSSL::PKey.read(value)
return false unless pkey.is_a?(OpenSSL::PKey::EC)
pkey.group.curve_name == UNNAMED_CURVE
rescue OpenSSL::PKey::PKeyError
false
end
end