fn key_id_to_handle()

in key/aziot-keyd/src/lib.rs [647:689]

• 37 lines of code
• 2 McCabe index (conditional complexity)

fn key_id_to_handle(
    id: &KeyId<'_>,
    keys: &mut keys::Keys,
) -> Result<aziot_key_common::KeyHandle, Error> {
    let engine = base64::engine::general_purpose::STANDARD;

    let sr = {
        let mut nonce = [0_u8; 64];
        openssl::rand::rand_bytes(&mut nonce)
            .map_err(|err| Error::Internal(InternalError::GenerateNonce(err)))?;
        let nonce = base64::Engine::encode(&engine, &nonce[..]);

        let sr = Sr {
            key_id: id.borrow(),
            nonce,
        };
        let sr = serde_json::to_string(&sr).expect("cannot fail to convert Sr to JSON");
        sr
    };

    let handle_validation_key = handle_validation_key_id(keys)?;
    let sig = keys
        .sign(
            handle_validation_key,
            keys::sys::AZIOT_KEYS_SIGN_MECHANISM_HMAC_SHA256,
            std::ptr::null(),
            sr.as_bytes(),
        )
        .map_err(|err| Error::Internal(InternalError::Sign(err)))?;

    // TODO: se for expiry

    // This *could* use percent-encoding instead of string concat. However, the only potential problem with base64-encoded values can arise from a trailing =,
    // since = is also used between a key and its value. But that usage of = is not ambiguous, so it isn't a problem.
    let token = format!(
        "sr={}&sig={}",
        base64::Engine::encode(&engine, sr.as_bytes()),
        base64::Engine::encode(&engine, sig)
    );

    let handle = aziot_key_common::KeyHandle(token);
    Ok(handle)
}