func GetPublicKey()

in assertion/pkg/jwtvault/helpers.go [46:92]

• 35 lines of code
• 10 McCabe index (conditional complexity)

func GetPublicKey(vaultClient *api.Client, transitPath, keyName string) (publicKey interface{}, version uint, err error) {
	// Check arguments
	if vaultClient == nil {
		return nil, 0, fmt.Errorf("vault client must not be nil")
	}
	if transitPath == "" {
		return nil, 0, fmt.Errorf("transit path path must not be blank")
	}
	if keyName == "" {
		return nil, 0, fmt.Errorf("key name must not be blank")
	}

	// Retrieve transit key
	d, err := vaultClient.Logical().Read(path.Join(transitPath, "keys", keyName))
	if err != nil {
		return nil, 0, fmt.Errorf("unable to retrieve key details: %w", err)
	}
	if d == nil {
		return nil, 0, fmt.Errorf("returned key details are nil")
	}

	// Decode data
	var transitKey keyResponse
	if err = mapstructure.Decode(d.Data, &transitKey); err != nil {
		return nil, 0, fmt.Errorf("unable to decode key response: %w", err)
	}

	// Get latest version
	latestVersion, ok := transitKey.Keys[fmt.Sprintf("%d", uint(transitKey.LatestVersion))]
	if !ok {
		return nil, 0, fmt.Errorf("unable to retrieve transit key version '%f'", transitKey.LatestVersion)
	}

	// Decode PEM
	block, _ := pem.Decode([]byte(latestVersion.PublicKey))
	if block == nil {
		return nil, 0, fmt.Errorf("unable to decode public key PEM block")
	}

	pub, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil, 0, fmt.Errorf("unable to decode publiv key: %w", err)
	}

	// No error
	return pub, uint(transitKey.LatestVersion), nil
}