Skip to content

Commit f882294

Browse files
committed
Refactor ECDSAWithSHA256Signer to use ecdsa.{Public,Private}Key
1 parent 84cf5c2 commit f882294

File tree

1 file changed

+13
-13
lines changed

1 file changed

+13
-13
lines changed

cmd/gcp/secret_manager.go

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -32,8 +32,8 @@ import (
3232
// ECDSAWithSHA256Signer implements crypto.Signer using Google Cloud Secret Manager.
3333
// Only crypto.SHA256 and ECDSA are supported.
3434
type ECDSAWithSHA256Signer struct {
35-
publicKey crypto.PublicKey
36-
privateKey crypto.PrivateKey
35+
publicKey *ecdsa.PublicKey
36+
privateKey *ecdsa.PrivateKey
3737
}
3838

3939
// Public returns the public key stored in the Signer object.
@@ -54,12 +54,7 @@ func (s *ECDSAWithSHA256Signer) Sign(rand io.Reader, digest []byte, opts crypto.
5454
return nil, fmt.Errorf("digest bytes length %d does not match hash function bytes length %d", len(digest), opts.HashFunc().Size())
5555
}
5656

57-
privateKey, ok := s.privateKey.(*ecdsa.PrivateKey)
58-
if !ok {
59-
return nil, fmt.Errorf("the key stored in Secret Manager is not an ECDSA key")
60-
}
61-
62-
return ecdsa.SignASN1(rand, privateKey, digest)
57+
return ecdsa.SignASN1(rand, s.privateKey, digest)
6358
}
6459

6560
// NewSecretManagerSigner creates a new signer that uses the ECDSA P-256 key pair in
@@ -86,16 +81,21 @@ func NewSecretManagerSigner(ctx context.Context, publicKeySecretName, privateKey
8681
if err != nil {
8782
return nil, err
8883
}
84+
var ecdsaPublicKey *ecdsa.PublicKey
85+
ecdsaPublicKey, ok := publicKey.(*ecdsa.PublicKey)
86+
if !ok {
87+
return nil, fmt.Errorf("the public key stored in Secret Manager is not an ECDSA key")
88+
}
8989

9090
// Private Key
91-
var privateKey crypto.PrivateKey
91+
var ecdsaPrivateKey *ecdsa.PrivateKey
9292
pemBlock, err = secretPEM(ctx, client, privateKeySecretName)
9393
if err != nil {
9494
return nil, fmt.Errorf("failed to get private key secret PEM (%s): %w", privateKeySecretName, err)
9595
}
9696
switch pemBlock.Type {
9797
case "EC PRIVATE KEY":
98-
privateKey, err = x509.ParseECPrivateKey(pemBlock.Bytes)
98+
ecdsaPrivateKey, err = x509.ParseECPrivateKey(pemBlock.Bytes)
9999
default:
100100
return nil, fmt.Errorf("unsupported PEM type: %s", pemBlock.Type)
101101
}
@@ -104,13 +104,13 @@ func NewSecretManagerSigner(ctx context.Context, publicKeySecretName, privateKey
104104
}
105105

106106
// Verify the correctness of the signer key pair
107-
if !privateKey.(*ecdsa.PrivateKey).PublicKey.Equal(publicKey) {
107+
if !ecdsaPrivateKey.PublicKey.Equal(ecdsaPublicKey) {
108108
return nil, errors.New("signer key pair doesn't match")
109109
}
110110

111111
return &ECDSAWithSHA256Signer{
112-
publicKey: publicKey,
113-
privateKey: privateKey,
112+
publicKey: ecdsaPublicKey,
113+
privateKey: ecdsaPrivateKey,
114114
}, nil
115115
}
116116

0 commit comments

Comments
 (0)