Skip to content

Commit

Permalink
Prevent shelling out to KMS plugin for softkms
Browse files Browse the repository at this point in the history
  • Loading branch information
@hslatman
hslatman committed Aug 9, 2023
1 parent 290f81d commit 9845803
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion internal/cryptoutil/cryptoutil.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ type Attestor interface {
// CreateSigner reads a key from a file with a given name or creates a signer
// with the given kms and name uri.
func CreateSigner(kms, name string, opts ...pemutil.Options) (crypto.Signer, error) {
if kms == "" {
if kms == "" || isSoftKMS(kms) {

Check warning on line 32 in internal/cryptoutil/cryptoutil.go

View check run for this annotation

Codecov / codecov/patch

internal/cryptoutil/cryptoutil.go#L32 

Added line #L32 was not covered by tests
s, err := pemutil.Read(name, opts...)
if err != nil {
return nil, err
Expand All @@ -43,6 +43,10 @@ func CreateSigner(kms, name string, opts ...pemutil.Options) (crypto.Signer, err
return newKMSSigner(kms, name)
}

func isSoftKMS(kms string) bool {
return strings.HasPrefix(strings.ToLower(strings.TrimSpace(kms)), "softkms")

Check warning on line 47 in internal/cryptoutil/cryptoutil.go

View check run for this annotation

Codecov / codecov/patch

internal/cryptoutil/cryptoutil.go#L46-L47 

Added lines #L46 - L47 were not covered by tests
}

// LoadCertificate returns a x509.Certificate from a kms or file
func LoadCertificate(kms, certPath string) ([]*x509.Certificate, error) {
if kms == "" {
Expand Down

0 comments on commit 9845803

Please sign in to comment.