sshpop

package
v1.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2024 License: Apache-2.0 Imports: 19 Imported by: 2

Documentation

Overview

Package sshpop implements ssh proof of possession based node attestation.

Index

Constants

View Source
const (
	// PluginName is used for identifying this plugin type for protobuf blobs.
	PluginName = "sshpop"
)

Variables

View Source
var (
	// DefaultAgentPathTemplate is the default text/template.
	DefaultAgentPathTemplate = agentpathtemplate.MustParse("/{{ .PluginName}}/{{ .Fingerprint }}")
)

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is a factory for generating client handshake objects.

func NewClient

func NewClient(trustDomain string, configString string) (*Client, error)

func (*Client) NewHandshake

func (c *Client) NewHandshake() *ClientHandshake

type ClientConfig

type ClientConfig struct {
	HostKeyPath  string `hcl:"host_key_path"`
	HostCertPath string `hcl:"host_cert_path"`
	// contains filtered or unexported fields
}

ClientConfig configures the client.

func BuildClientConfig added in v1.11.0

func BuildClientConfig(coreConfig catalog.CoreConfig, hclText string, status *pluginconf.Status) *ClientConfig

func (*ClientConfig) NewClient added in v1.11.0

func (cc *ClientConfig) NewClient() *Client

type ClientConfigRequest added in v1.11.0

type ClientConfigRequest struct {
	// contains filtered or unexported fields
}

func (*ClientConfigRequest) GetCoreConfiguration added in v1.11.0

func (ccr *ClientConfigRequest) GetCoreConfiguration() *configv1.CoreConfiguration

func (*ClientConfigRequest) GetHclConfiguration added in v1.11.0

func (ccr *ClientConfigRequest) GetHclConfiguration() string

type ClientHandshake

type ClientHandshake struct {
	// contains filtered or unexported fields
}

ClientHandshake is a single-use object for an agent to do node attestation.

The handshake comprises a state machine that is not goroutine safe.

func (*ClientHandshake) AttestationData

func (c *ClientHandshake) AttestationData() ([]byte, error)

func (*ClientHandshake) RespondToChallenge

func (c *ClientHandshake) RespondToChallenge(req []byte) ([]byte, error)

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server is a factory for generating server handshake objects.

func NewServer

func NewServer(trustDomain, configString string) (*Server, error)

func (*Server) NewHandshake

func (s *Server) NewHandshake() *ServerHandshake

type ServerConfig

type ServerConfig struct {
	CertAuthorities     []string `hcl:"cert_authorities"`
	CertAuthoritiesPath string   `hcl:"cert_authorities_path"`
	// CanonicalDomain specifies the domain suffix for validating the hostname against
	// the certificate's valid principals. See CanonicalDomains in ssh_config(5).
	CanonicalDomain   string `hcl:"canonical_domain"`
	AgentPathTemplate string `hcl:"agent_path_template"`
	// contains filtered or unexported fields
}

ServerConfig configures the server.

func BuildServerConfig added in v1.11.0

func BuildServerConfig(coreConfig catalog.CoreConfig, hclText string, status *pluginconf.Status) *ServerConfig

func (*ServerConfig) NewServer added in v1.11.0

func (sc *ServerConfig) NewServer() *Server

type ServerConfigRequest added in v1.11.0

type ServerConfigRequest struct {
	// contains filtered or unexported fields
}

func (*ServerConfigRequest) GetCoreConfiguration added in v1.11.0

func (scr *ServerConfigRequest) GetCoreConfiguration() *configv1.CoreConfiguration

func (*ServerConfigRequest) GetHclConfiguration added in v1.11.0

func (scr *ServerConfigRequest) GetHclConfiguration() string

type ServerHandshake

type ServerHandshake struct {
	// contains filtered or unexported fields
}

ServerHandshake is a single-use object for a server to do node attestation.

The handshake comprises a state machine that is not goroutine safe.

func (*ServerHandshake) AgentID

func (s *ServerHandshake) AgentID() (spiffeid.ID, error)

func (*ServerHandshake) IssueChallenge

func (s *ServerHandshake) IssueChallenge() ([]byte, error)

func (*ServerHandshake) VerifyAttestationData

func (s *ServerHandshake) VerifyAttestationData(data []byte) error

func (*ServerHandshake) VerifyChallengeResponse

func (s *ServerHandshake) VerifyChallengeResponse(res []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL