in fakekms/asymmetric_rpcs.go [36:78]
func (f *fakeKMS) GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest) (*kmspb.PublicKey, error) {
if err := allowlist("name").check(req); err != nil {
return nil, err
}
name, err := parseCryptoKeyVersionName(req.Name)
if err != nil {
return nil, err
}
ckv, err := f.cryptoKeyVersion(name)
if err != nil {
return nil, err
}
if ckv.pb.State != kmspb.CryptoKeyVersion_ENABLED {
return nil, errFailedPrecondition("key version %s is not enabled", name)
}
s, ok := ckv.keyMaterial.(crypto.Signer)
if !ok {
return nil, errFailedPrecondition("keys with algorithm %s do not contain a public key",
nameForValue(kmspb.CryptoKeyVersion_CryptoKeyVersionAlgorithm_name, int32(ckv.pb.Algorithm)))
}
derPub, err := x509.MarshalPKIXPublicKey(s.Public())
if err != nil {
return nil, err
}
pemPub := pem.EncodeToMemory(&pem.Block{
Type: "PUBLIC KEY",
Bytes: derPub,
})
return &kmspb.PublicKey{
Name: req.Name,
Algorithm: ckv.pb.Algorithm,
Pem: string(pemPub),
PemCrc32C: crc32c(pemPub),
ProtectionLevel: ckv.pb.ProtectionLevel,
}, nil
}