Skip to content

Commit

Permalink
Merge pull request #59 from NethServer/verifyCert
Browse files Browse the repository at this point in the history
Add validation for uploaded key type NethServer/dev#6937
  • Loading branch information
stephdl authored May 29, 2024
2 parents 39e52d1 + 3c82cae commit 086c4d8
Showing 1 changed file with 15 additions and 2 deletions.
17 changes: 15 additions & 2 deletions imageroot/actions/upload-certificate/21validate_certificates
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,26 @@ set -e

CERT_FILE=uploaded_cert
KEY_FILE=uploaded_key
VALID_KEY=0
TYPE_KEY=""

del_certs() {
rm -f $KEY_FILE $CERT_FILE
}

# checking if key is valid
if ! openssl rsa -check -in $KEY_FILE >/dev/null 2>&1; then
if openssl rsa -check -in $KEY_FILE >/dev/null 2>&1; then
VALID_KEY=1
TYPE_KEY="rsa"
elif openssl dsa -check -in $KEY_FILE >/dev/null 2>&1; then
VALID_KEY=1
TYPE_KEY="dsa"
elif openssl ec -check -in $KEY_FILE >/dev/null 2>&1; then
VALID_KEY=1
TYPE_KEY="ec"
fi

if [ $VALID_KEY -eq 0 ]; then
echo "Key validation failed."
del_certs
exit 2
Expand All @@ -30,7 +43,7 @@ fi

# check if cert is provided by key
cert_hash="$(openssl x509 -noout -modulus -in $CERT_FILE | openssl md5)"
key_hash="$(openssl rsa -noout -modulus -in $KEY_FILE | openssl md5)"
key_hash="$(openssl $TYPE_KEY -noout -modulus -in $KEY_FILE | openssl md5)"
if [ "$cert_hash" != "$key_hash" ]; then
echo "Key didn't generate certificate."
del_certs
Expand Down

0 comments on commit 086c4d8

Please sign in to comment.