lib/ridley/client.rb in ridley-1.4.1 vs lib/ridley/client.rb in ridley-1.5.0

@@ -122,12 +122,12 @@
     # @option options [URI, String, Hash] :proxy
     #   URI, String, or Hash of HTTP proxy options
     # @option options [Integer] :pool_size (4)
     #   size of the connection pool
     #
-    # @raise [Errors::ClientKeyFileNotFound] if the option for :client_key does not contain
-    #   a file path pointing to a readable client key
+    # @raise [Errors::ClientKeyFileNotFoundOrInvalid] if the option for :client_key does not contain
+    #   a file path pointing to a readable client key, or is a string containing a valid key
     def initialize(options = {})
       @options = options.reverse_merge(
         ssh: Hash.new,
         winrm: Hash.new,
         pool_size: 4
@@ -137,26 +137,27 @@
       @ssh              = @options[:ssh]
       @winrm            = @options[:winrm]
       @chef_version     = @options[:chef_version]
       @validator_client = @options[:validator_client]
 
-      @options[:client_key] = File.expand_path(@options[:client_key])
-
       if @options[:validator_path]
         @validator_path = File.expand_path(@options[:validator_path])
       end
 
-      if @options[:encrypted_data_bag_secret_path]
-        @encrypted_data_bag_secret_path = File.expand_path(@options[:encrypted_data_bag_secret_path])
-      end
+      @options[:encrypted_data_bag_secret] ||= begin
+        if @options[:encrypted_data_bag_secret_path]
+          @encrypted_data_bag_secret_path = File.expand_path(@options[:encrypted_data_bag_secret_path])
+        end
 
-      @options[:encrypted_data_bag_secret] = encrypted_data_bag_secret
-
-      unless @options[:client_key].present? && File.exist?(@options[:client_key])
-        raise Errors::ClientKeyFileNotFound, "client key not found at: '#{@options[:client_key]}'"
+        encrypted_data_bag_secret
       end
 
+      unless verify_client_key(@options[:client_key])
+        @options[:client_key] = File.expand_path(@options[:client_key])
+        raise Errors::ClientKeyFileNotFoundOrInvalid, "client key is invalid or not found at: '#{@options[:client_key]}'" unless File.exist?(@options[:client_key]) && verify_client_key(::IO.read(@options[:client_key]))
+      end
+      
       @connection_registry   = Celluloid::Registry.new
       @resources_registry    = Celluloid::Registry.new
       @connection_supervisor = ConnectionSupervisor.new(@connection_registry, @options)
       @resources_supervisor  = ResourcesSupervisor.new(@resources_registry, @connection_registry, @options)
     end
@@ -270,9 +271,16 @@
     def server_url
       self.url_prefix.to_s
     end
 
     private
+
+      def verify_client_key(key)
+        OpenSSL::PKey::RSA.new(key)
+        true
+      rescue
+        false
+      end
 
       def connection
         @connection_registry[:connection_pool]
       end