func PemFromECDSAP256Sha256WithDEREncodingKeysetHandle()

in server/signedcontainer/internal/convert/convert.go [173:218]

• 44 lines of code
• 10 McCabe index (conditional complexity)

func PemFromECDSAP256Sha256WithDEREncodingKeysetHandle(handle *keyset.Handle) ([]byte, error) {
	if handle.Len() != 1 {
		return nil, fmt.Errorf("unexpected number of keys: got %v, want 1", handle.Len())
	}
	entry, err := handle.Entry(0)
	if err != nil {
		return nil, err
	}
	if entry.KeyStatus() != keyset.Enabled {
		return nil, fmt.Errorf("unsupported key status: %v, want %v", entry.KeyStatus(), keyset.Enabled)
	}
	publicKey, ok := entry.Key().(*tinkecdsa.PublicKey)
	if !ok {
		return nil, fmt.Errorf("invalid key type: %T, want *tinkecdsa.PublicKey", entry.Key())
	}
	params := publicKey.Parameters().(*tinkecdsa.Parameters)
	if params.HashType() != tinkecdsa.SHA256 {
		return nil, fmt.Errorf("unsupported hash type: %v, want %v", params.HashType(), tinkecdsa.SHA256)
	}
	if params.CurveType() != tinkecdsa.NistP256 {
		return nil, fmt.Errorf("unsupported curve type: %v, want %v", params.CurveType(), tinkecdsa.NistP256)
	}
	if params.SignatureEncoding() != tinkecdsa.DER {
		return nil, fmt.Errorf("unsupported signature encoding: %v, want %v", params.SignatureEncoding(), tinkecdsa.DER)
	}
	if params.Variant() != tinkecdsa.VariantNoPrefix {
		return nil, fmt.Errorf("unsupported output prefix variant: %v, want %v", params.Variant(), tinkecdsa.VariantNoPrefix)
	}
	// publicKey.PublicPoint() is in the uncompressed format as defined in
	// SEC 1 v2.0, Section 2.3.3 (https://www.secg.org/sec1-v2.pdf#page=17.08).
	x, y := elliptic.Unmarshal(elliptic.P256(), publicKey.PublicPoint())
	encoded, err := x509.MarshalPKIXPublicKey(
		&ecdsa.PublicKey{
			Curve: elliptic.P256(),
			X:     x,
			Y:     y,
		})
	if err != nil {
		return nil, fmt.Errorf("x509.MarshalPKIXPublicKey failed: %v", err)
	}
	block := &pem.Block{
		Type:  "PUBLIC KEY",
		Bytes: encoded,
	}
	return pem.EncodeToMemory(block), nil
}