client

package
v0.0.0-...-1785cd0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 17, 2024 License: MIT Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultComment

func DefaultComment() string

DefaultComment will create the default ssh key comment given the local environment. The default option will be to construct username@hostname.

If the username can not be determined, it will default to 'hallow'. If the hostname can not be determined, it will default to the username.

func SSHCLI

func SSHCLI(signer crypto.Signer, sshCert ssh.PublicKey, sshArgs ...string) ([]string, error)

SSHCLI will write out key material to a tempfile and return a command to be exec'd.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is an encapsulation of the configuration and state required to request a new ssh certificate from the Hallow server.

func New

func New(sess *session.Session, endpoint string) Client

New creates a new Client object with the configured AWS session, and the Hallow API endpoint.

func NewWithHTTPClient

func NewWithHTTPClient(sess *session.Session, client *http.Client, endpoint string) Client

NewWithHTTPClient creates a new Client object with the configured AWS session, HTTP Client, and the Hallow API endpoint.

func (Client) GenerateAndRequestCertificate

func (c Client) GenerateAndRequestCertificate(
	ctx context.Context,
	keyType KeyType,
	comment string,
) (crypto.Signer, ssh.PublicKey, error)

GenerateAndRequestCertificate will create a very opinionated private key, and return the private key handle, the public key (signed by Hallow), and any error conditions that were hit during execution.

func (Client) GetOrGenerateFromAgent

func (c Client) GetOrGenerateFromAgent(
	ctx context.Context,
	agentClient agent.Agent,
	keyType KeyType,
	keyID string,
) (ssh.PublicKey, error)

GetOrGenerateFromAgent will either fetch the first (by ssh-agent ordering) valid ssh Certificate issued by our configured upstream, or generate a new private key, request a Certificate, and add that Certificate to the running agent.

This will allow the caller to repeatedly call this function (for instance, on every ssh invocation), and not flood the agent with new private key material.

This function will never reuse existing private key material when getting a new Certificate, a new key will always be created.

Keys added to the agent will have their LifetimeSecs set as appropriate to clean the keyring when the key expires.

func (Client) ListCertificatesFromAgent

func (c Client) ListCertificatesFromAgent(
	agentClient agent.Agent,
) ([]*ssh.Certificate, error)

ListCertificatesFromAgent will find all active ssh.Certificate entries in the connected ssh agent which were issued by the endpoint the Client is configured to talk to.

func (Client) RequestCertificate

func (c Client) RequestCertificate(
	ctx context.Context,
	pubKey ssh.PublicKey,
	comment string,
) (ssh.PublicKey, error)

RequestCertificate will request that the CA sign our Public Key. This function will return the parsed ssh.PublicKey (which is of type ssh.Certificate), as well as the stringified version of that Certificate in a format ssh will understand as a public key.

type KeyType

type KeyType uint8

KeyType is an enum type to allow for the description of a specific Key algorithm.

const (
	// KeyTypeECDSAP256 is ECDSA P-256
	KeyTypeECDSAP256 KeyType = iota

	// KeyTypeECDSAP384 is ECDSA P-384
	KeyTypeECDSAP384

	// KeyTypeECDSAP521 is ECDSA P-521
	KeyTypeECDSAP521

	// KeyTypeED25519 is Ed25519
	KeyTypeED25519

	// KeyTypeRSA2048 is RSA with 2048 bits.
	KeyTypeRSA2048

	// KeyTypeRSA4096 is RSA with 4096 bits.
	KeyTypeRSA4096
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL