Check if private key is really a private key

drogus · drogus · commit 97dbbcd8670a · 2014-07-24T13:46:17.000+02:00
diff --git a/lib/travis/model/repository/settings.rb b/lib/travis/model/repository/settings.rb
@@ -17,6 +17,8 @@ class EnvVar < Travis::Settings::Model
   end
 
   class SshKey < Travis::Settings::Model
+    class NotAPrivateKeyError < StandardError; end
+
     attribute :description, String
     attribute :value, Travis::Settings::EncryptedValue
     attribute :repository_id, Integer
@@ -25,9 +27,10 @@ class SshKey < Travis::Settings::Model
     validate :validate_correctness
 
     def validate_correctness
-      OpenSSL::PKey::RSA.new(value.decrypt)
-    rescue OpenSSL::PKey::RSAError
-      errors.add(:value, :not_private_key)
+      key = OpenSSL::PKey::RSA.new(value.decrypt)
+      raise NotAPrivateKeyError unless key.private?
+    rescue OpenSSL::PKey::RSAError, NotAPrivateKeyError
+      errors.add(:value, :not_a_private_key)
     end
   end
 
diff --git a/spec/travis/model/repository/settings/ssh_key_spec.rb b/spec/travis/model/repository/settings/ssh_key_spec.rb
@@ -40,6 +40,14 @@
     ssh_key.value = 'foo'
     ssh_key.should_not be_valid
 
-    ssh_key.errors[:value].should == [:not_private_key]
+    ssh_key.errors[:value].should == [:not_a_private_key]
+  end
+
+  it 'allows only private key' do
+    public_key =  OpenSSL::PKey::RSA.new(private_key).public_key.to_s
+    ssh_key = described_class.new(value: public_key)
+
+    ssh_key.should_not be_valid
+    ssh_key.errors[:value].should == [:not_a_private_key]
   end
 end
