Initial work on GitLab Pages update

2 files changed, 54 insertions, 0 deletions

diff --git a/app/validators/certificate_key_validator.rb b/app/validators/certificate_key_validator.rb
new file mode 100644
index 00000000000..3b5bd30db1a
--- /dev/null
+++ b/app/validators/certificate_key_validator.rb
@@ -0,0 +1,24 @@
+# UrlValidator
+#
+# Custom validator for private keys.
+#
+#   class Project < ActiveRecord::Base
+#     validates :certificate_key, certificate_key: true
+#   end
+#
+class CertificateKeyValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    unless valid_private_key_pem?(value)
+      record.errors.add(attribute, "must be a valid PEM private key")
+    end
+  end
+
+  private
+
+  def valid_private_key_pem?(value)
+    pkey = OpenSSL::PKey::RSA.new(value)
+    pkey.private?
+  rescue OpenSSL::PKey::PKeyError
+    false
+  end
+end
diff --git a/app/validators/certificate_validator.rb b/app/validators/certificate_validator.rb
new file mode 100644
index 00000000000..2cba5a435b7
--- /dev/null
+++ b/app/validators/certificate_validator.rb
@@ -0,0 +1,30 @@
+# UrlValidator
+#
+# Custom validator for private keys.
+#
+#   class Project < ActiveRecord::Base
+#     validates :certificate_key, certificate_key: true
+#   end
+#
+class CertificateValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    certificate = parse_certificate(value)
+    unless certificate
+      record.errors.add(attribute, "must be a valid PEM certificate")
+    end
+
+    if options[:intermediates]
+      unless certificate
+        record.errors.add(attribute, "certificate verification failed: missing intermediate certificates")
+      end
+    end
+  end
+
+  private
+
+  def parse_certificate(value)
+    OpenSSL::X509::Certificate.new(value)
+  rescue OpenSSL::X509::CertificateError
+    nil
+  end
+end