@@ -29,10 +29,6 @@ const ()
2929var (
3030 refreshMutex = & sync.Mutex {}
3131 x509Certificate x509.Certificate
32-
33- rootCAs * x509.CertPool
34- clientCAs * x509.CertPool
35- clientAuth * tls.ClientAuthType
3632)
3733
3834type KMS struct {
@@ -45,6 +41,7 @@ type KMS struct {
4541 KeyRing string
4642 Key string
4743 KeyVersion string
44+ x509Certificate * x509.Certificate
4845 ECCRawOutput bool // for ECC keys, output raw signatures. If false, signature is ans1 formatted
4946 SignatureAlgorithm x509.SignatureAlgorithm
5047}
@@ -59,27 +56,27 @@ func NewKMSCrypto(conf *KMS) (KMS, error) {
5956 }
6057
6158 if conf .ProjectId == "" {
62- return KMS {}, fmt .Errorf ("ProjectID cannot be null" )
59+ return KMS {}, fmt .Errorf ("projectID cannot be null" )
6360 }
6461
6562 ctx := context .Background ()
6663 parentName := fmt .Sprintf ("projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s" , conf .ProjectId , conf .LocationId , conf .KeyRing , conf .Key , conf .KeyVersion )
6764
6865 kmsClient , err := cloudkms .NewKeyManagementClient (ctx )
6966 if err != nil {
70- return KMS {}, fmt .Errorf ("Error getting kms client %v" , err )
67+ return KMS {}, fmt .Errorf ("error getting kms client %v" , err )
7168 }
7269 defer kmsClient .Close ()
7370
7471 dresp , err := kmsClient .GetPublicKey (ctx , & kmspb.GetPublicKeyRequest {Name : parentName })
7572 if err != nil {
76- return KMS {}, fmt .Errorf ("Error getting GetPublicKey %v" , err )
73+ return KMS {}, fmt .Errorf ("error getting GetPublicKey %v" , err )
7774 }
7875 pubKeyBlock , _ := pem .Decode ([]byte (dresp .Pem ))
7976
8077 conf .publicKey , err = x509 .ParsePKIXPublicKey (pubKeyBlock .Bytes )
8178 if err != nil {
82- return KMS {}, fmt .Errorf ("Error parsing PublicKey %v" , err )
79+ return KMS {}, fmt .Errorf ("error parsing PublicKey %v" , err )
8380 }
8481
8582 return * conf , nil
@@ -95,23 +92,26 @@ func (t KMS) TLSCertificate() (tls.Certificate, error) {
9592 return tls.Certificate {}, fmt .Errorf ("public X509 certificate not specified" )
9693 }
9794
98- pubPEM , err := os .ReadFile (t .PublicKeyFile )
99- if err != nil {
100- return tls.Certificate {}, fmt .Errorf ("unable to read keys %v" , err )
101- }
102- block , _ := pem .Decode ([]byte (pubPEM ))
103- if block == nil {
104- return tls.Certificate {}, fmt .Errorf ("failed to parse PEM block containing the public key" )
105- }
106- pub , err := x509 .ParseCertificate (block .Bytes )
107- if err != nil {
108- return tls.Certificate {}, fmt .Errorf ("failed to parse public key: %v " , err )
95+ if t .x509Certificate == nil {
96+ pubPEM , err := os .ReadFile (t .PublicKeyFile )
97+ if err != nil {
98+ return tls.Certificate {}, fmt .Errorf ("unable to read keys %v" , err )
99+ }
100+ block , _ := pem .Decode ([]byte (pubPEM ))
101+ if block == nil {
102+ return tls.Certificate {}, fmt .Errorf ("failed to parse PEM block containing the public key" )
103+ }
104+ pub , err := x509 .ParseCertificate (block .Bytes )
105+ if err != nil {
106+ return tls.Certificate {}, fmt .Errorf ("failed to parse public key: %v " , err )
107+ }
108+ t .x509Certificate = pub
109109 }
110- x509Certificate = * pub
110+
111111 var privKey crypto.PrivateKey = t
112112 return tls.Certificate {
113113 PrivateKey : privKey ,
114- Leaf : & x509Certificate ,
114+ Leaf : t . x509Certificate ,
115115 Certificate : [][]byte {x509Certificate .Raw },
116116 }, nil
117117}
0 commit comments