Validate that the signer can get the public key.

2021-02-19 11:28:35 -08:00 · 2021-02-19 11:28:35 -08:00 · cae08bff80
commit cae08bff80
parent d177279044
1 changed files with 11 additions and 0 deletions
--- a/kms/cloudkms/cloudkms.go
+++ b/kms/cloudkms/cloudkms.go
@ -141,6 +141,17 @@ func (k *CloudKMS) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer,
 		return nil, errors.New("signing key cannot be empty")
 	}

+	// Validate that the key exists
+	ctx, cancel := defaultContext()
+	defer cancel()
+
+	_, err := k.client.GetPublicKey(ctx, &kmspb.GetPublicKeyRequest{
+		Name: req.SigningKey,
+	})
+	if err != nil {
+		return nil, errors.Wrap(err, "cloudKMS GetPublicKey failed")
+	}
+
 	return NewSigner(k.client, req.SigningKey), nil
 }