Merge branch '33216-fix-ecdsa-key-validator' into 'master'

Change ECDSA key validator to check the asn1 flag instead

Closes #33216

See merge request gitlab-org/gitlab!18017

app/validators/named_ecdsa_key_validator.rb

@@ -19,15 +19,13 @@ class NamedEcdsaKeyValidator < ActiveModel::EachValidator
 
   private
 
-  UNNAMED_CURVE = "UNDEF"
-
   def explicit_ec?(value)
     return false unless value
 
     pkey = OpenSSL::PKey.read(value)
     return false unless pkey.is_a?(OpenSSL::PKey::EC)
 
-    pkey.group.curve_name == UNNAMED_CURVE
+    pkey.group.asn1_flag != OpenSSL::PKey::EC::NAMED_CURVE
   rescue OpenSSL::PKey::PKeyError
     false
   end

spec/models/pages_domain_spec.rb

@@ -160,7 +160,7 @@ describe PagesDomain do
       end
 
       context 'when curve is set explicitly by parameters' do
-        it 'adds errors to private key', :quarantine do
+        it 'adds errors to private key' do
           domain = build(:pages_domain, :explicit_ecdsa)
 
           expect(domain).to be_invalid

spec/validators/named_ecdsa_key_validator_spec.rb

@@ -43,7 +43,7 @@ describe NamedEcdsaKeyValidator do
   context 'with ECDSA certificate with explicit curve params' do
     let(:value) { attributes_for(:pages_domain, :explicit_ecdsa)[:key] }
 
-    it 'adds errors', :quarantine do
+    it 'adds errors' do
       expect(value).to be_present
 
       subject