Do not assume type of private key

The only type of private key supported at the moment are RSA keys. Since there are multiple types (RSA, DSA, EC ...), it would be best not to assume. Seems like the OpenSSL::PKey.read(string [,pwd]) does exactly what we need to have that abstraction: Reads a DER or PEM encoded string from string or io and returns an instance of the appropriate PKey class.
sensu-plugins · Jun 12, 2019 · 111ca7c · 111ca7c
1 parent d718bd6
commit 111ca7c
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@ This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachang
 ## [Unreleased]
 ### Changed
 - Updated Travis configuration to include Ruby 2.4.1
+- Updated to be compatible with other type of private keys than RSA
 
 ### Removed
 - Ruby 1.9.3 from deploy-time testing (@eheydrick)

diff --git a/bin/check-etcd-peer-count.rb b/bin/check-etcd-peer-count.rb
@@ -87,7 +87,7 @@ def run
     r = RestClient::Resource.new("#{protocol}://#{config[:server]}:#{config[:port]}/v2/members",
                                  timeout: 5,
                                  ssl_client_cert: (OpenSSL::X509::Certificate.new(File.read(config[:cert])) unless config[:cert].nil?),
-                                 ssl_client_key: (OpenSSL::PKey::RSA.new(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?),
+                                 ssl_client_key: (OpenSSL::PKey.read(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?),
                                  ssl_ca_file:  config[:ca],
                                  verify_ssl:  config[:insecure] ? 0 : 1).get
     peers = JSON.parse(r.to_str)['members'].length

diff --git a/bin/check-etcd.rb b/bin/check-etcd.rb
@@ -124,7 +124,7 @@ def request(path, server)
     RestClient::Resource.new("#{protocol}://#{server}:#{config[:port]}/#{path}",
                              timeout: 5,
                              ssl_client_cert: (OpenSSL::X509::Certificate.new(File.read(config[:cert])) unless config[:cert].nil?),
-                             ssl_client_key: (OpenSSL::PKey::RSA.new(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?),
+                             ssl_client_key: (OpenSSL::PKey.read(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?),
                              ssl_ca_file:  config[:ca],
                              verify_ssl:  config[:insecure] ? 0 : 1).get
   end

diff --git a/bin/check-flannel-subnet-count.rb b/bin/check-flannel-subnet-count.rb
@@ -122,7 +122,7 @@ def request(path, server)
       "#{protocol}://#{server}:#{config[:port]}/#{path}",
       timeout: 5,
       ssl_client_cert: (OpenSSL::X509::Certificate.new(File.read(config[:cert])) unless config[:cert].nil?),
-      ssl_client_key: (OpenSSL::PKey::RSA.new(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?),
+      ssl_client_key: (OpenSSL::PKey.read(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?),
       ssl_ca_file:  config[:ca],
       verify_ssl:  config[:insecure] ? 0 : 1
     ).get

diff --git a/bin/metrics-etcd.rb b/bin/metrics-etcd.rb
@@ -96,7 +96,7 @@ def run
         verify_mode: (config[:insecure] ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER),
         ca_file: config[:ca],
         ssl_cert: (OpenSSL::X509::Certificate.new(File.read(config[:cert])) unless config[:cert].nil?),
-        ssl_key:  (OpenSSL::PKey::RSA.new(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?)
+        ssl_key:  (OpenSSL::PKey.read(File.read(config[:key]), config[:passphrase]) unless config[:key].nil?)
       )
     else
       client = Etcd.client(host: config[:etcd_host], port: config[:etcd_port])