From 454128b1656640caa6a0a84138a57a62735d056e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emilio=20A=2E=20S=C3=A1nchez=20L=C3=B3pez?=
 <esanchez@yaco.es>
Date: Wed, 8 May 2013 12:39:50 +0000
Subject: [PATCH] Check valid public key. Fixes #1004  - Legacy-Id: 5711

---
 ietf/nomcom/forms.py | 12 +++++++++++-
 ietf/nomcom/utils.py | 14 ++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/ietf/nomcom/forms.py b/ietf/nomcom/forms.py
index e6b1cd0e9..71bc1f0d4 100644
--- a/ietf/nomcom/forms.py
+++ b/ietf/nomcom/forms.py
@@ -26,7 +26,8 @@ from ietf.nomcom.utils import QUESTIONNAIRE_TEMPLATE, NOMINATION_EMAIL_TEMPLATE,
                               INEXISTENT_PERSON_TEMPLATE, NOMINEE_EMAIL_TEMPLATE, \
                               NOMINATION_RECEIPT_TEMPLATE, FEEDBACK_RECEIPT_TEMPLATE, \
                               get_user_email, get_hash_nominee_position, get_year_by_nomcom, \
-                              HEADER_QUESTIONNAIRE_TEMPLATE, validate_private_key
+                              HEADER_QUESTIONNAIRE_TEMPLATE, validate_private_key, \
+                              validate_public_key
 from ietf.nomcom.decorators import member_required
 
 
@@ -284,6 +285,15 @@ class EditNomcomForm(BaseNomcomForm, forms.ModelForm):
         fields = ('public_key', 'initial_text',
                   'send_questionnaire', 'reminder_interval')
 
+    def clean_public_key(self):
+        public_key = self.cleaned_data.get('public_key', None)
+        if not public_key:
+            return
+        (validation, error) = validate_public_key(public_key)
+        if validation:
+            return public_key
+        raise forms.ValidationError('Invalid public key. Error was: %s' % error)
+
 
 class MergeForm(BaseNomcomForm, forms.Form):
 
diff --git a/ietf/nomcom/utils.py b/ietf/nomcom/utils.py
index f355282b5..e3c57842d 100644
--- a/ietf/nomcom/utils.py
+++ b/ietf/nomcom/utils.py
@@ -171,3 +171,17 @@ def validate_private_key(key):
 
     os.unlink(key_file.name)
     return (not error, error)
+
+
+def validate_public_key(public_key):
+    key_file = tempfile.NamedTemporaryFile(delete=False)
+    for chunk in public_key.chunks():
+        key_file.write(chunk)
+    key_file.close()
+
+    command = "%s x509 -in %s -noout"
+    code, out, error = pipe(command % (settings.OPENSSL_COMMAND,
+                                       key_file.name))
+
+    os.unlink(key_file.name)
+    return (not error, error)