From 318064bfe9381f37b2c0193df9caf589905e3ba9 Mon Sep 17 00:00:00 2001
From: slang <slang@bethel.jw.org>
Date: Tue, 26 Apr 2022 15:54:31 +0200
Subject: [PATCH] detect invalid private key

The `privateKey.pem` can become an empty file due to several reasons, but this case is falsely detected as an existing valid key.
Instead of just assuming an existing file means a valid key, at least there should be a check if the file is not empty.

There are several issues filed that cover this situation:

https://github.com/kubernetes-sigs/aws-efs-csi-driver/issues/683

https://github.com/kubernetes-sigs/aws-efs-csi-driver/issues/569
Signed-off-by: Samuel Lang <gh@lang-sam.de>
---
 src/watchdog/__init__.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/watchdog/__init__.py b/src/watchdog/__init__.py
index 5fb73c66..26dae75b 100755
--- a/src/watchdog/__init__.py
+++ b/src/watchdog/__init__.py
@@ -1363,7 +1363,11 @@ def do_with_lock(function):
 
     def generate_key():
         if os.path.isfile(key):
-            return
+            if os.path.getsize(key) == 0:
+                logging.info("Purging empty private key file")
+                os.remove(key)
+            else:
+                return
 
         cmd = (
             "openssl genpkey -algorithm RSA -out %s -pkeyopt rsa_keygen_bits:3072" % key