From 02017334e50e8328fc7d1b009209ccec495182ae Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 16 Sep 2024 13:02:48 +0200
Subject: [PATCH] Fix: Make sure invalid private keys can not be added

---
 app/Livewire/Security/PrivateKey/Create.php | 26 +++++++++++++++------
 app/Models/PrivateKey.php                   | 19 +++++++++------
 2 files changed, 31 insertions(+), 14 deletions(-)

diff --git a/app/Livewire/Security/PrivateKey/Create.php b/app/Livewire/Security/PrivateKey/Create.php
index 32a67bbea..1a689076b 100644
--- a/app/Livewire/Security/PrivateKey/Create.php
+++ b/app/Livewire/Security/PrivateKey/Create.php
@@ -59,13 +59,11 @@ class Create extends Component
     {
         if ($updateProperty === 'value') {
             try {
-                $this->publicKey = PublicKeyLoader::load($this->$updateProperty)->getPublicKey()->toString('OpenSSH', ['comment' => '']);
+                $key = PublicKeyLoader::load($this->$updateProperty);
+                $this->publicKey = $key->getPublicKey()->toString('OpenSSH', ['comment' => '']);
             } catch (\Throwable $e) {
-                if ($this->$updateProperty === '') {
-                    $this->publicKey = '';
-                } else {
-                    $this->publicKey = 'Invalid private key';
-                }
+                $this->publicKey = '';
+                $this->addError('value', 'Invalid private key');
             }
         }
         $this->validateOnly($updateProperty);
@@ -73,7 +71,21 @@ class Create extends Component
 
     public function createPrivateKey()
     {
-        $this->validate();
+        $this->validate([
+            'name' => 'required|string',
+            'value' => [
+                'required',
+                'string',
+                function ($attribute, $value, $fail) {
+                    try {
+                        PublicKeyLoader::load($value);
+                    } catch (\Throwable $e) {
+                        $fail('The private key is invalid.');
+                    }
+                },
+            ],
+        ]);
+
         try {
             $this->value = trim($this->value);
             if (! str_ends_with($this->value, "\n")) {
diff --git a/app/Models/PrivateKey.php b/app/Models/PrivateKey.php
index 868210382..b047af6bb 100644
--- a/app/Models/PrivateKey.php
+++ b/app/Models/PrivateKey.php
@@ -4,6 +4,7 @@ namespace App\Models;
 
 use OpenApi\Attributes as OA;
 use phpseclib3\Crypt\PublicKeyLoader;
+use Illuminate\Validation\ValidationException;
 
 #[OA\Schema(
     description: 'Private Key model',
@@ -38,7 +39,15 @@ class PrivateKey extends BaseModel
             if (substr($privateKey, -1) !== "\n") {
                 $key->private_key = $privateKey . "\n";
             }
-            $key->fingerprint = $key->generateFingerprint();
+            
+            try {
+                $publicKey = PublicKeyLoader::load($key->private_key)->getPublicKey();
+                $key->fingerprint = $publicKey->getFingerprint('sha256');
+            } catch (\Throwable $e) {
+                throw ValidationException::withMessages([
+                    'private_key' => ['The private key is invalid.'],
+                ]);
+            }
         });
     }
 
@@ -89,11 +98,7 @@ class PrivateKey extends BaseModel
 
     public function generateFingerprint()
     {
-        try {
-            $key = PublicKeyLoader::load($this->private_key);
-            return $key->getPublicKey()->getFingerprint('sha256');
-        } catch (\Throwable $e) {
-            return 'invalid_' . md5($this->private_key); // TODO: DO NOT ALLOW SAVING IF INVALID SSH KEYS SAY SSH KEY IS INVALID
-        }
+        $key = PublicKeyLoader::load($this->private_key);
+        return $key->getPublicKey()->getFingerprint('sha256');
     }
 }