mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Validate that the signer can get the public key.

Browse source
This commit is contained in:
Mariano Cano 2021-02-19 11:28:35 -08:00
parent d177279044
commit cae08bff80
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
kms/cloudkms/cloudkms.go
View file

@ -141,6 +141,17 @@ func (k *CloudKMS) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer,
return nil, errors.New("signing key cannot be empty") return nil, errors.New("signing key cannot be empty")
} }
// Validate that the key exists
ctx, cancel := defaultContext()
defer cancel()
_, err := k.client.GetPublicKey(ctx, &kmspb.GetPublicKeyRequest{
Name: req.SigningKey,
})
if err != nil {
return nil, errors.Wrap(err, "cloudKMS GetPublicKey failed")
}
return NewSigner(k.client, req.SigningKey), nil return NewSigner(k.client, req.SigningKey), nil
} }