Validate provided external certificates during tenant creation (#1245)

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com> Co-authored-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
2021-11-19 16:37:34 -08:00
parent 0bbd4f0282
commit 3f60df9071
2 changed files with 8 additions and 4 deletions
--- a/operatorapi/operator_tenants_helper.go
+++ b/operatorapi/operator_tenants_helper.go
@@ -19,6 +19,7 @@ package operatorapi
 import (
 	"context"
 	"crypto"
+	"crypto/tls"
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
@@ -307,6 +308,10 @@ func createOrReplaceExternalCertSecrets(ctx context.Context, clientSet K8sClient
 		if err != nil {
 			return nil, err
 		}
+		// check if the key pair is valid
+		if _, err = tls.X509KeyPair(tlsCrt, tlsKey); err != nil {
+			return nil, err
+		}
 		externalTLSCertificateSecret := &corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: keyPairSecretName,