More extensive Oracle key and cert verification

Add verification logic both before and inside the Solaris VM to ensure
we are actually copying valid cert and keys.

Signed-off-by: michael-grunder <michael.grunder@gmail.com>

Author: michael-grunder

.github/workflows/build.yml

@@ -100,23 +100,33 @@ jobs:
        - name: Transfer Oracle Studio certificates
          run: |
            set -e
-           printf '%s\n' "$PKG_ORACLE_CERT" \
-             > pkg.oracle.com.certificate.pem
-           printf '%s\n' "$PKG_ORACLE_KEY" \
-             > pkg.oracle.com.key.pem
+           printf '%s\n' "$PKG_ORACLE_CERT" > pkg.oracle.com.certificate.pem
+           printf '%s\n' "$PKG_ORACLE_KEY" > pkg.oracle.com.key.pem
+
+       - name: Verify cert and key secrets
+         run: |
+           set -euo pipefail
+           openssl x509 -noout -in pkg.oracle.com.certificate.pem >/dev/null
+           openssl pkey -noout -in pkg.oracle.com.key.pem >/dev/null
 
        - name: Build on Solaris
          uses: vmactions/solaris-vm@v1.1.8
          with:
            usesh: true
            prepare: |
-             set -e
+             set -euo pipefail
 
              cp "$GITHUB_WORKSPACE/pkg.oracle.com.key.pem" \
                /root/pkg.oracle.com.key.pem
              cp "$GITHUB_WORKSPACE/pkg.oracle.com.certificate.pem" \
                /root/pkg.oracle.com.certificate.pem
 
+             # Double-check the cert and key files
+             /usr/bin/openssl x509 \
+                 -noout -in /root/pkg.oracle.com.certificate.pem >/dev/null
+             /usr/bin/openssl pkey \
+                 -noout -in /root/pkg.oracle.com.key.pem >/dev/null
+
              sudo pkg set-publisher \
                -k /root/pkg.oracle.com.key.pem \
                -c /root/pkg.oracle.com.certificate.pem \
@@ -132,6 +142,7 @@ jobs:
              export PATH
 
              gmake USE_THREADS=1 USE_TLS=1 -j"$(psrinfo -p)"
+
   build-cross:
     name: Cross-compile ${{ matrix.config.target }}
     runs-on: ubuntu-22.04