in aziotctl/src/internal/check/checks/certs_match_private_keys.rs [29:61]
fn inner_execute(_shared: &CheckerShared, cache: &mut CheckerCache) -> Result<CheckResult> {
if !cache.daemons_running.certd || !cache.daemons_running.keyd {
return Ok(CheckResult::Skipped);
}
let mut err_aggregated = String::new();
for (id, private_key) in &cache.private_keys {
if let Some(cert) = cache.certs.get(id) {
unsafe {
let result = openssl2::openssl_returns_1(openssl_sys2::X509_check_private_key(
foreign_types_shared::ForeignType::as_ptr(cert),
foreign_types_shared::ForeignType::as_ptr(private_key),
));
if result.is_err() {
if !err_aggregated.is_empty() {
err_aggregated.push('\n');
}
write!(
&mut err_aggregated,
"preloaded cert with ID {id:?} does not match preloaded private key with ID {id:?}"
).expect("std::fmt::Write for String should not fail");
}
}
}
}
if err_aggregated.is_empty() {
Ok(CheckResult::Ok)
} else {
Err(anyhow!("{}", err_aggregated))
}
}