in jsign-core/src/main/java/net/jsign/jca/GoogleCloudSigningService.java [110:154]
public SigningServicePrivateKey getPrivateKey(String alias) throws UnrecoverableKeyException {
// check if the alias is absolute or relative to the keyring
if (!alias.startsWith("projects/")) {
alias = keyring + "/cryptoKeys/" + alias;
}
if (keys.containsKey(alias)) {
return keys.get(alias);
}
String algorithm;
try {
if (alias.contains("cryptoKeyVersions")) {
// full key with version specified
if (alias.contains(":")) {
// algorithm appended to the alias
algorithm = alias.substring(alias.indexOf(':') + 1) + "_SIGN";
alias = alias.substring(0, alias.indexOf(':'));
} else {
Map<String, ?> response = client.get(alias);
algorithm = (String) response.get("algorithm");
}
} else {
// key version not specified, find the most recent
Map<String, ?> response = client.get(alias + "/cryptoKeyVersions?filter=state%3DENABLED");
Object[] cryptoKeyVersions = (Object[]) response.get("cryptoKeyVersions");
if (cryptoKeyVersions == null || cryptoKeyVersions.length == 0) {
throw new UnrecoverableKeyException("Unable to fetch Google Cloud private key '" + alias + "', no version found");
}
Map<String, ?> cryptoKeyVersion = (Map) cryptoKeyVersions[cryptoKeyVersions.length - 1];
alias = (String) cryptoKeyVersion.get("name");
algorithm = (String) cryptoKeyVersion.get("algorithm");
}
} catch (IOException e) {
throw (UnrecoverableKeyException) new UnrecoverableKeyException("Unable to fetch Google Cloud private key '" + alias + "'").initCause(e);
}
algorithm = algorithm.substring(0, algorithm.indexOf("_")); // RSA_SIGN_PKCS1_2048_SHA256 -> RSA
SigningServicePrivateKey key = new SigningServicePrivateKey(alias, algorithm);
keys.put(alias, key);
return key;
}