From 827a6dc9cae8459a907effc3d1e0307a6d6658c6 Mon Sep 17 00:00:00 2001
From: Van Nguyen <vanh.nguyen@gsa.gov>
Date: Mon, 23 Oct 2023 09:56:38 -0400
Subject: [PATCH] update rsa check

---
 ci/provision-certificate.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ci/provision-certificate.sh b/ci/provision-certificate.sh
index bcf1360c7..c1bf389bf 100755
--- a/ci/provision-certificate.sh
+++ b/ci/provision-certificate.sh
@@ -44,7 +44,7 @@ cp ${out_path}/*.pem acme
 # Before provision exit - check that certificate and key are RSA based and 2048 bit length - if not error out task
 
 CERT_CHECK=$(cat acme/cert.pem | openssl x509 -text -noout | grep "Public-Key")
-KEY_CHECK=$(cat acme/privkey.pem | openssl rsa -text -noout | grep "Private-Key")
+KEY_CHECK=$(openssl rsa -in acme/privkey.pem -check -noout | grep "RSA key")
 
 if [[ "$CERT_CHECK" == *"2048 bit"* ]]; then
     echo  "Certificate is 2048 bit and good"
@@ -53,7 +53,7 @@ if [[ "$CERT_CHECK" == *"2048 bit"* ]]; then
     exit 1
 fi
 
-if [[ "$KEY_CHECK" == *"RSA Private"* ]]; then
+if [[ "$KEY_CHECK" == *"RSA key ok"* ]]; then
     echo  "Key is RSA based and good"
     else
     echo "Key is NOT RSA based and is bad/corrupt"