diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-02-09 19:04:39 +0100 |
---|---|---|
committer | James Edwards-Jones <jedwardsjones@gitlab.com> | 2017-01-31 22:53:57 +0000 |
commit | 930a7030b5a0080128b2fe3e2b9506717c54a6a5 (patch) | |
tree | 52c998612b54ce45c87b6731a8b23f85a59d5b7d /app/validators | |
parent | 5f7257c27dace1dcb9d3eb4732caf68f061a8d68 (diff) | |
download | gitlab-ce-930a7030b5a0080128b2fe3e2b9506717c54a6a5.tar.gz |
Implement proper verification of certificate's public_key against the private_key
Diffstat (limited to 'app/validators')
-rw-r--r-- | app/validators/certificate_key_validator.rb | 1 | ||||
-rw-r--r-- | app/validators/certificate_validator.rb | 14 |
2 files changed, 5 insertions, 10 deletions
diff --git a/app/validators/certificate_key_validator.rb b/app/validators/certificate_key_validator.rb index 3b5bd30db1a..7039bd5a621 100644 --- a/app/validators/certificate_key_validator.rb +++ b/app/validators/certificate_key_validator.rb @@ -16,6 +16,7 @@ class CertificateKeyValidator < ActiveModel::EachValidator private def valid_private_key_pem?(value) + return unless value pkey = OpenSSL::PKey::RSA.new(value) pkey.private? rescue OpenSSL::PKey::PKeyError diff --git a/app/validators/certificate_validator.rb b/app/validators/certificate_validator.rb index 2cba5a435b7..2a04c76d4b9 100644 --- a/app/validators/certificate_validator.rb +++ b/app/validators/certificate_validator.rb @@ -3,26 +3,20 @@ # Custom validator for private keys. # # class Project < ActiveRecord::Base -# validates :certificate_key, certificate_key: true +# validates :certificate_key, certificate: true # end # class CertificateValidator < ActiveModel::EachValidator def validate_each(record, attribute, value) - certificate = parse_certificate(value) - unless certificate + unless valid_certificate_pem?(value) record.errors.add(attribute, "must be a valid PEM certificate") end - - if options[:intermediates] - unless certificate - record.errors.add(attribute, "certificate verification failed: missing intermediate certificates") - end - end end private - def parse_certificate(value) + def valid_certificate_pem?(value) + return unless value OpenSSL::X509::Certificate.new(value) rescue OpenSSL::X509::CertificateError nil |