From 6af13d4f40f3735a5026269a1809c5b41f9d08e4 Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Mon, 14 Dec 2020 12:08:39 +0100
Subject: [PATCH] Removes explicit privkeytype check and adds passphrase error

---
 backend/internal/certificate.js             | 32 +++++++++++++--------
 frontend/js/app/nginx/certificates/form.ejs |  3 ++
 frontend/js/i18n/messages.json              |  3 +-
 3 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 3725c1c..030b344 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -615,18 +615,26 @@ const internalCertificate = {
 	checkPrivateKey: (private_key) => {
 		return tempWrite(private_key, '/tmp')
 			.then((filepath) => {
-				let key_type = private_key.includes('-----BEGIN RSA') ? 'rsa' : 'ec';
-				return utils.exec('openssl ' + key_type + ' -in ' + filepath + ' -check -noout 2>&1 ')
-					.then((result) => {
-						if (!result.toLowerCase().includes('key ok') && !result.toLowerCase().includes('key valid') ) {
-							throw new error.ValidationError('Result Validation Error: ' + result);
-						}
-						fs.unlinkSync(filepath);
-						return true;
-					}).catch((err) => {
-						fs.unlinkSync(filepath);
-						throw new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err);
-					});
+				return new Promise((resolve, reject) => {
+					const failTimeout = setTimeout(() => {
+						reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.'));
+					}, 10000);
+					utils
+						.exec('openssl pkey -in ' + filepath + ' -check -noout 2>&1 ')
+						.then((result) => {
+							clearTimeout(failTimeout);
+							if (!result.toLowerCase().includes('key is valid')) {
+								reject(new error.ValidationError('Result Validation Error: ' + result));
+							}
+							fs.unlinkSync(filepath);
+							resolve(true);
+						})
+						.catch((err) => {
+							clearTimeout(failTimeout);
+							fs.unlinkSync(filepath);
+							reject(new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err));
+						});
+				});
 			});
 	},
 
diff --git a/frontend/js/app/nginx/certificates/form.ejs b/frontend/js/app/nginx/certificates/form.ejs
index 4e40e0b..c8b1369 100644
--- a/frontend/js/app/nginx/certificates/form.ejs
+++ b/frontend/js/app/nginx/certificates/form.ejs
@@ -129,6 +129,9 @@
                     </div>
                 <% } else if (provider === 'other') { %>
                     <!-- Other -->
+                    <div class="col-sm-12 col-md-12">
+                        <div class="text-blue mb-4"><i class="fe fe-alert-triangle"></i> <%= i18n('ssl', 'passphrase-protection-support-info') %></div>
+                    </div>
                     <div class="col-sm-12 col-md-12">
                         <div class="form-group">
                             <label class="form-label"><%- i18n('str', 'name') %> <span class="form-required">*</span></label>
diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json
index eb0f2d2..202e94a 100644
--- a/frontend/js/i18n/messages.json
+++ b/frontend/js/i18n/messages.json
@@ -112,7 +112,8 @@
       "stored-as-plaintext-info": "This data will be stored as plaintext in the database and in a file!",
       "propagation-seconds": "Propagation Seconds",
       "propagation-seconds-info": "Leave empty to use the plugins default value. Number of seconds to wait for DNS propagation.",
-      "processing-info": "Processing... This might take a few minutes."
+      "processing-info": "Processing... This might take a few minutes.",
+      "passphrase-protection-support-info": "Key files protected with a passphrase are not supported."
     },
     "proxy-hosts": {
       "title": "Proxy Hosts",