native

package
v11.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 13, 2022 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuildPrincipals

func BuildPrincipals(hostID string, nodeName string, clusterName string, roles types.SystemRoles) []string

BuildPrincipals takes a hostID, nodeName, clusterName, and role and builds a list of principals to insert into a certificate. This function is backward compatible with older clients which means:

  • If RoleAdmin is in the list of roles, only a single principal is returned: hostID
  • If nodename is empty, it is not included in the list of principals.

func GenerateKeyPair

func GenerateKeyPair() ([]byte, []byte, error)

GenerateKeyPair generates a new RSA key pair.

func GeneratePrivateKey

func GeneratePrivateKey() (*keys.PrivateKey, error)

GeneratePrivateKey generates a new RSA private key.

func PrecomputeKeys

func PrecomputeKeys()

PrecomputeKeys sets this package into a mode where a small backlog of keys are computed in advance. This should only be enabled if large spikes in key computation are expected (e.g. in auth/proxy services). Safe to double-call.

Types

type Keygen

type Keygen struct {
	// contains filtered or unexported fields
}

keygen is a key generator that precomputes keys to provide quick access to public/private key pairs.

func New

func New(ctx context.Context, opts ...KeygenOption) *Keygen

New returns a new key generator.

func (*Keygen) Close

func (k *Keygen) Close()

Close stops the precomputation of keys (if enabled) and releases all resources.

func (*Keygen) GenerateHostCert

func (k *Keygen) GenerateHostCert(c services.HostCertParams) ([]byte, error)

GenerateHostCert generates a host certificate with the passed in parameters. The private key of the CA to sign the certificate must be provided.

func (*Keygen) GenerateHostCertWithoutValidation

func (k *Keygen) GenerateHostCertWithoutValidation(c services.HostCertParams) ([]byte, error)

GenerateHostCertWithoutValidation generates a host certificate with the passed in parameters without validating them. For use in tests only.

func (*Keygen) GenerateKeyPair

func (k *Keygen) GenerateKeyPair() ([]byte, []byte, error)

GenerateKeyPair returns fresh priv/pub keypair, takes about 300ms to execute.

func (*Keygen) GenerateUserCert

func (k *Keygen) GenerateUserCert(c services.UserCertParams) ([]byte, error)

GenerateUserCert generates a user ssh certificate with the passed in parameters. The private key of the CA to sign the certificate must be provided.

func (*Keygen) GenerateUserCertWithoutValidation

func (k *Keygen) GenerateUserCertWithoutValidation(c services.UserCertParams) ([]byte, error)

GenerateUserCertWithoutValidation generates a user ssh certificate with the passed in parameters without validating them.

type KeygenOption

type KeygenOption func(k *Keygen)

KeygenOption is a functional optional argument for key generator

func SetClock

func SetClock(clock clockwork.Clock) KeygenOption

SetClock sets the clock to use for key generation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL