in tough-kms/src/lib.rs [77:129]
fn as_sign(
&self,
) -> std::result::Result<Box<dyn Sign>, Box<dyn std::error::Error + Send + Sync + 'static>>
{
let kms_client = match self.client.clone() {
Some(value) => value,
None => client::build_client_kms(self.profile.as_deref())?,
};
// Get the public key from AWS KMS
let fut = kms_client.get_public_key(rusoto_kms::GetPublicKeyRequest {
key_id: self.key_id.clone(),
..rusoto_kms::GetPublicKeyRequest::default()
});
let response = tokio::runtime::Runtime::new()
.context(error::RuntimeCreationSnafu)?
.block_on(fut)
.context(error::KmsGetPublicKeySnafu {
profile: self.profile.clone(),
key_id: self.key_id.clone(),
})?;
let key = pem::encode_config(
&pem::Pem {
tag: String::from("PUBLIC KEY"),
contents: response
.public_key
.context(error::PublicKeyNoneSnafu)?
.to_vec(),
},
pem::EncodeConfig {
line_ending: pem::LineEnding::LF,
},
);
ensure!(
response
.signing_algorithms
.context(error::MissingSignAlgorithmSnafu)?
.contains(&self.signing_algorithm.value()),
error::ValidSignAlgorithmSnafu
);
Ok(Box::new(KmsRsaKey {
profile: self.profile.clone(),
client: Some(kms_client.clone()),
key_id: self.key_id.clone(),
public_key: key.parse().context(error::PublicKeyParseSnafu)?,
signing_algorithm: self.signing_algorithm,
modulus_size_bytes: parse_modulus_length_bytes(
response
.customer_master_key_spec
.as_ref()
.context(error::MissingCustomerMasterKeySpecSnafu)?,
)?,
}))
}