From e78b12569e2306cf5b457c49b88ab34c8da4edd7 Mon Sep 17 00:00:00 2001
From: Stephane de Labrusse <stephdl@de-labrusse.fr>
Date: Wed, 29 May 2024 14:46:57 +0200
Subject: [PATCH] feat: Compare md5 of public keys for certificate validation

---
 .../actions/upload-certificate/21validate_certificates | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/imageroot/actions/upload-certificate/21validate_certificates b/imageroot/actions/upload-certificate/21validate_certificates
index a759c31..f57be95 100755
--- a/imageroot/actions/upload-certificate/21validate_certificates
+++ b/imageroot/actions/upload-certificate/21validate_certificates
@@ -41,10 +41,12 @@ if ! openssl x509 -text -noout -in $CERT_FILE >/dev/null 2>&1; then
     exit 4
 fi
 
-# check if cert is provided by key
-cert_hash="$(openssl x509 -noout -modulus -in $CERT_FILE | openssl md5)"
-key_hash="$(openssl $TYPE_KEY -noout -modulus -in $KEY_FILE | openssl md5)"
-if [ "$cert_hash" != "$key_hash" ]; then
+# check if cert is provided by key (we compare md5 of public keys)
+cert_public_key="$(openssl x509 -noout -pubkey -in  $CERT_FILE | openssl md5)"
+key_public_key="$(openssl  pkey -pubout -in $KEY_FILE | openssl md5)"
+
+
+if [ "$cert_public_key" != "$key_public_key" ]; then
     echo "Key didn't generate certificate."
     del_certs
     exit 3