func PemFromRsaSsaPkcs1Sha256KeysetHandle()

in server/signedcontainer/internal/convert/convert.go [226:264]

• 39 lines of code
• 9 McCabe index (conditional complexity)

func PemFromRsaSsaPkcs1Sha256KeysetHandle(handle *keyset.Handle) ([]byte, error) {
	if handle.Len() != 1 {
		return nil, fmt.Errorf("unexpected number of keys: got %v, want 1", handle.Len())
	}
	entry, err := handle.Entry(0)
	if err != nil {
		return nil, err
	}
	if entry.KeyStatus() != keyset.Enabled {
		return nil, fmt.Errorf("unsupported key status: %v, want %v", entry.KeyStatus(), keyset.Enabled)
	}
	publicKey, ok := entry.Key().(*rsassapkcs1.PublicKey)
	if !ok {
		return nil, fmt.Errorf("invalid key type: %T, want *rsassapkcs1.PublicKey", entry.Key())
	}
	params := publicKey.Parameters().(*rsassapkcs1.Parameters)
	if params.HashType() != rsassapkcs1.SHA256 {
		return nil, fmt.Errorf("unsupported hash type: %v, want %v", params.HashType(), rsassapkcs1.SHA256)
	}
	if params.PublicExponent() != f4 {
		return nil, fmt.Errorf("invalid public exponent: %v, want %v", params.PublicExponent(), f4)
	}
	if params.Variant() != rsassapkcs1.VariantNoPrefix {
		return nil, fmt.Errorf("unsupported output prefix variant: %v, want %v", params.Variant(), rsassapkcs1.VariantNoPrefix)
	}
	encoded, err := x509.MarshalPKIXPublicKey(
		&rsa.PublicKey{
			N: new(big.Int).SetBytes(publicKey.Modulus()),
			E: params.PublicExponent(),
		})
	if err != nil {
		return nil, fmt.Errorf("x509.MarshalPKIXPublicKey failed: %v", err)
	}
	block := &pem.Block{
		Type:  "PUBLIC KEY",
		Bytes: encoded,
	}
	return pem.EncodeToMemory(block), nil
}