Implement proper verification of certificate's public_key against the private_key

2 files changed, 5 insertions, 10 deletions

diff --git a/app/validators/certificate_key_validator.rb b/app/validators/certificate_key_validator.rb
index 3b5bd30db1a..7039bd5a621 100644
--- a/app/validators/certificate_key_validator.rb
+++ b/app/validators/certificate_key_validator.rb
@@ -16,6 +16,7 @@ class CertificateKeyValidator < ActiveModel::EachValidator
   private
 
   def valid_private_key_pem?(value)
+    return unless value
     pkey = OpenSSL::PKey::RSA.new(value)
     pkey.private?
   rescue OpenSSL::PKey::PKeyError
diff --git a/app/validators/certificate_validator.rb b/app/validators/certificate_validator.rb
index 2cba5a435b7..2a04c76d4b9 100644
--- a/app/validators/certificate_validator.rb
+++ b/app/validators/certificate_validator.rb
@@ -3,26 +3,20 @@
 # Custom validator for private keys.
 #
 #   class Project < ActiveRecord::Base
-#     validates :certificate_key, certificate_key: true
+#     validates :certificate_key, certificate: true
 #   end
 #
 class CertificateValidator < ActiveModel::EachValidator
   def validate_each(record, attribute, value)
-    certificate = parse_certificate(value)
-    unless certificate
+    unless valid_certificate_pem?(value)
       record.errors.add(attribute, "must be a valid PEM certificate")
     end
-
-    if options[:intermediates]
-      unless certificate
-        record.errors.add(attribute, "certificate verification failed: missing intermediate certificates")
-      end
-    end
   end
 
   private
 
-  def parse_certificate(value)
+  def valid_certificate_pem?(value)
+    return unless value
     OpenSSL::X509::Certificate.new(value)
   rescue OpenSSL::X509::CertificateError
     nil