move publickey len check to signer

mozilla-services · Sep 23, 2019 · 0f66638 · 0f66638
1 parent 6006bae
commit 0f66638
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/signer/contentsignaturepki/x509.go b/signer/contentsignaturepki/x509.go
@@ -37,10 +37,6 @@ func (s *ContentSigner) findAndSetEE(conf signer.Configuration) (err error) {
 		err = errors.Wrapf(err, "found suitable end-entity labeled %q in database but not in hsm", s.eeLabel)
 		return
 	}
-	if len(s.PublicKey) < 50 {
-		err = errors.Errorf("malformed public key in key label %q for signer %q: %q", s.eeLabel, s.ID, s.PublicKey)
-		return
-	}
 	return
 }
 

diff --git a/signer/signer.go b/signer/signer.go
@@ -249,6 +249,10 @@ func (cfg *Configuration) GetKeys() (priv crypto.PrivateKey, pub crypto.PublicKe
 		return
 	}
 	publicKey = base64.StdEncoding.EncodeToString(publicKeyBytes)
+	if len(publicKey) < 50 {
+		err = errors.Errorf("encoded public key is shorter than 50char, which is impossible: %q", publicKey)
+		return
+	}
 	return
 }