Skip to content

Commit c2782bf

Browse files
roger2hkroger2hk
committed
Refactor pem.Decode 
1 parent 14c4ba8 commit c2782bf

File tree

1 file changed

+16
-22
lines changed

1 file changed

+16
-22
lines changed

cmd/gcp/secret_manager.go

Lines changed: 16 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -69,18 +69,11 @@ func NewSecretManagerSigner(ctx context.Context, publicKeySecretName, privateKey
6969
defer client.Close()
7070

7171
// Public Key
72-
publicKeyRaw, err := accessSecretVersion(ctx, client, publicKeySecretName)
72+
var publicKey crypto.PublicKey
73+
pemBlock, err := secretPEM(ctx, client, publicKeySecretName)
7374
if err != nil {
74-
return nil, fmt.Errorf("failed to access public key secret (%s): %w", publicKeySecretName, err)
75-
}
76-
pemBlock, rest := pem.Decode([]byte(publicKeyRaw))
77-
if pemBlock == nil {
78-
return nil, errors.New("failed to decode PEM")
79-
}
80-
if len(rest) > 0 {
81-
return nil, fmt.Errorf("extra data after decoding PEM: %v", rest)
75+
return nil, fmt.Errorf("failed to get public key secret PEM (%s): %w", publicKeySecretName, err)
8276
}
83-
var publicKey crypto.PublicKey
8477
switch pemBlock.Type {
8578
case "PUBLIC KEY":
8679
publicKey, err = x509.ParsePKIXPublicKey(pemBlock.Bytes)
@@ -92,18 +85,11 @@ func NewSecretManagerSigner(ctx context.Context, publicKeySecretName, privateKey
9285
}
9386

9487
// Private Key
95-
privateKeyRaw, err := accessSecretVersion(ctx, client, privateKeySecretName)
88+
var privateKey crypto.PrivateKey
89+
pemBlock, err = secretPEM(ctx, client, privateKeySecretName)
9690
if err != nil {
97-
return nil, fmt.Errorf("failed to access private key secret (%s): %w", privateKeySecretName, err)
98-
}
99-
pemBlock, rest = pem.Decode([]byte(privateKeyRaw))
100-
if pemBlock == nil {
101-
return nil, errors.New("failed to decode PEM")
91+
return nil, fmt.Errorf("failed to get private key secret PEM (%s): %w", privateKeySecretName, err)
10292
}
103-
if len(rest) > 0 {
104-
return nil, fmt.Errorf("extra data after decoding PEM: %v", rest)
105-
}
106-
var privateKey crypto.PrivateKey
10793
switch pemBlock.Type {
10894
case "EC PRIVATE KEY":
10995
privateKey, err = x509.ParseECPrivateKey(pemBlock.Bytes)
@@ -120,7 +106,7 @@ func NewSecretManagerSigner(ctx context.Context, publicKeySecretName, privateKey
120106
}, nil
121107
}
122108

123-
func accessSecretVersion(ctx context.Context, client *secretmanager.Client, secretName string) ([]byte, error) {
109+
func secretPEM(ctx context.Context, client *secretmanager.Client, secretName string) (*pem.Block, error) {
124110
resp, err := client.AccessSecretVersion(ctx, &secretmanagerpb.AccessSecretVersionRequest{
125111
Name: secretName,
126112
})
@@ -137,5 +123,13 @@ func accessSecretVersion(ctx context.Context, client *secretmanager.Client, secr
137123
return nil, errors.New("Data corruption detected.")
138124
}
139125

140-
return resp.Payload.Data, nil
126+
pemBlock, rest := pem.Decode([]byte(resp.Payload.Data))
127+
if pemBlock == nil {
128+
return nil, errors.New("failed to decode PEM")
129+
}
130+
if len(rest) > 0 {
131+
return nil, fmt.Errorf("extra data after decoding PEM: %v", rest)
132+
}
133+
134+
return pemBlock, nil
141135
}

0 commit comments

Comments
 (0)