func()

in pkg/provider/provider.go [431:495]


func (p *provider) getKey(ctx context.Context, kvClient KeyVault, kvObject types.KeyVaultObject) ([]keyvaultObject, error) {
	keybundle, err := kvClient.GetKey(ctx, kvObject.ObjectName, kvObject.ObjectVersion)
	if err != nil {
		return nil, wrapObjectTypeError(err, kvObject.ObjectType, kvObject.ObjectName, kvObject.ObjectVersion)
	}
	if keybundle.Key == nil {
		return nil, errors.Errorf("key value is nil")
	}
	if keybundle.Key.KID == nil {
		return nil, errors.Errorf("key id is nil")
	}

	id := *keybundle.Key.KID
	version := id.Version()
	// for object type "key" the public key is written to the file in PEM format
	switch *keybundle.Key.Kty {
	case azkeys.JSONWebKeyTypeRSA, azkeys.JSONWebKeyTypeRSAHSM:
		nb := keybundle.Key.N
		eb := keybundle.Key.E

		e := new(big.Int).SetBytes(eb).Int64()
		pKey := &rsa.PublicKey{
			N: new(big.Int).SetBytes(nb),
			E: int(e),
		}
		derBytes, err := x509.MarshalPKIXPublicKey(pKey)
		if err != nil {
			return nil, wrapObjectTypeError(err, kvObject.ObjectType, kvObject.ObjectName, kvObject.ObjectVersion)
		}
		pubKeyBlock := &pem.Block{
			Type:  "PUBLIC KEY",
			Bytes: derBytes,
		}
		var pemData []byte
		pemData = append(pemData, pem.EncodeToMemory(pubKeyBlock)...)
		return []keyvaultObject{{content: string(pemData), version: version}}, nil
	case azkeys.JSONWebKeyTypeEC, azkeys.JSONWebKeyTypeECHSM:
		xb := keybundle.Key.X
		yb := keybundle.Key.Y

		crv, err := getCurve(*keybundle.Key.Crv)
		if err != nil {
			return nil, wrapObjectTypeError(err, kvObject.ObjectType, kvObject.ObjectName, kvObject.ObjectVersion)
		}
		pKey := &ecdsa.PublicKey{
			X:     new(big.Int).SetBytes(xb),
			Y:     new(big.Int).SetBytes(yb),
			Curve: crv,
		}
		derBytes, err := x509.MarshalPKIXPublicKey(pKey)
		if err != nil {
			return nil, wrapObjectTypeError(err, kvObject.ObjectType, kvObject.ObjectName, kvObject.ObjectVersion)
		}
		pubKeyBlock := &pem.Block{
			Type:  "PUBLIC KEY",
			Bytes: derBytes,
		}
		var pemData []byte
		pemData = append(pemData, pem.EncodeToMemory(pubKeyBlock)...)
		return []keyvaultObject{{content: string(pemData), version: version}}, nil
	default:
		err := errors.Errorf("failed to get key. key type '%s' currently not supported", *keybundle.Key.Kty)
		return nil, wrapObjectTypeError(err, kvObject.ObjectType, kvObject.ObjectName, kvObject.ObjectVersion)
	}
}