debian-mirror-gitlab/app/validators/named_ecdsa_key_validator.rb

# frozen_string_literal: true

# NamedEcdsaKeyValidator
#
# Custom validator for ecdsa private keys.
# Golang currently doesn't support explicit curves for ECDSA certificates
# This validator checks if curve is set by name, not by parameters
#
#   class Project < ActiveRecord::Base
#     validates :certificate_key, named_ecdsa_key: true
#   end
#
class NamedEcdsaKeyValidator < ActiveModel::EachValidator
  def validate_each(record, attribute, value)
    if explicit_ec?(value)
      record.errors.add(attribute, "ECDSA keys with explicit curves are not supported")
    end
  end

  private

  def explicit_ec?(value)
    return false unless value

    pkey = OpenSSL::PKey.read(value)
    return false unless pkey.is_a?(OpenSSL::PKey::EC)

    pkey.group.asn1_flag != OpenSSL::PKey::EC::NAMED_CURVE
  rescue OpenSSL::PKey::PKeyError
    false
  end
end
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`# frozen_string_literal: true`

			`# NamedEcdsaKeyValidator`
			`#`
			`# Custom validator for ecdsa private keys.`
			`# Golang currently doesn't support explicit curves for ECDSA certificates`
			`# This validator checks if curve is set by name, not by parameters`
			`#`
			`# class Project < ActiveRecord::Base`
			`# validates :certificate_key, named_ecdsa_key: true`
			`# end`
			`#`
			`class NamedEcdsaKeyValidator < ActiveModel::EachValidator`
			`def validate_each(record, attribute, value)`
			`if explicit_ec?(value)`
			`record.errors.add(attribute, "ECDSA keys with explicit curves are not supported")`
			`end`
			`end`

			`private`

			`def explicit_ec?(value)`
			`return false unless value`

			`pkey = OpenSSL::PKey.read(value)`
			`return false unless pkey.is_a?(OpenSSL::PKey::EC)`

New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`pkey.group.asn1_flag != OpenSSL::PKey::EC::NAMED_CURVE`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`rescue OpenSSL::PKey::PKeyError`
			`false`
			`end`
			`end`