Change validator to check the asn1 flag instead

Fixes the validation with OpenSSL 1.1

Change validator to check the asn1 flag instead
Fixes the validation with OpenSSL 1.1
fc34335a · Heinrich Lee Yu · 4055c2fe · fc34335a · fc34335a · fc34335a
Commit fc34335a authored Oct 02, 2019 by Heinrich Lee Yu
3 changed files
--- a/app/validators/named_ecdsa_key_validator.rb
+++ b/app/validators/named_ecdsa_key_validator.rb
@@ -19,15 +19,13 @@ class NamedEcdsaKeyValidator < ActiveModel::EachValidator

  private

-  UNNAMED_CURVE = "UNDEF"
-
  def explicit_ec?(value)
    return false unless value

    pkey = OpenSSL::PKey.read(value)
    return false unless pkey.is_a?(OpenSSL::PKey::EC)

-    pkey.group.curve_name == UNNAMED_CURVE
+    pkey.group.asn1_flag != OpenSSL::PKey::EC::NAMED_CURVE
  rescue OpenSSL::PKey::PKeyError
    false
  end

--- a/spec/models/pages_domain_spec.rb
+++ b/spec/models/pages_domain_spec.rb
@@ -160,7 +160,7 @@ describe PagesDomain do
      end

      context 'when curve is set explicitly by parameters' do
-        it 'adds errors to private key', :quarantine do
+        it 'adds errors to private key' do
          domain = build(:pages_domain, :explicit_ecdsa)

          expect(domain).to be_invalid

--- a/spec/validators/named_ecdsa_key_validator_spec.rb
+++ b/spec/validators/named_ecdsa_key_validator_spec.rb
@@ -43,7 +43,7 @@ describe NamedEcdsaKeyValidator do
  context 'with ECDSA certificate with explicit curve params' do
    let(:value) { attributes_for(:pages_domain, :explicit_ecdsa)[:key] }

-    it 'adds errors', :quarantine do
+    it 'adds errors' do
      expect(value).to be_present

      subject