Documentation ¶
Index ¶
- func BuildPrincipals(hostID string, nodeName string, clusterName string, roles types.SystemRoles) []string
- func GenerateKeyPair() ([]byte, []byte, error)
- func GeneratePrivateKey() (*keys.PrivateKey, error)
- func PrecomputeKeys()
- type Keygen
- func (k *Keygen) Close()
- func (k *Keygen) GenerateHostCert(c services.HostCertParams) ([]byte, error)
- func (k *Keygen) GenerateHostCertWithoutValidation(c services.HostCertParams) ([]byte, error)
- func (k *Keygen) GenerateKeyPair() ([]byte, []byte, error)
- func (k *Keygen) GenerateUserCert(c services.UserCertParams) ([]byte, error)
- func (k *Keygen) GenerateUserCertWithoutValidation(c services.UserCertParams) ([]byte, error)
- type KeygenOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildPrincipals ¶
func BuildPrincipals(hostID string, nodeName string, clusterName string, roles types.SystemRoles) []string
BuildPrincipals takes a hostID, nodeName, clusterName, and role and builds a list of principals to insert into a certificate. This function is backward compatible with older clients which means:
- If RoleAdmin is in the list of roles, only a single principal is returned: hostID
- If nodename is empty, it is not included in the list of principals.
func GenerateKeyPair ¶
GenerateKeyPair generates a new RSA key pair.
func GeneratePrivateKey ¶
func GeneratePrivateKey() (*keys.PrivateKey, error)
GeneratePrivateKey generates a new RSA private key.
func PrecomputeKeys ¶
func PrecomputeKeys()
PrecomputeKeys sets this package into a mode where a small backlog of keys are computed in advance. This should only be enabled if large spikes in key computation are expected (e.g. in auth/proxy services). Safe to double-call.
Types ¶
type Keygen ¶
type Keygen struct {
// contains filtered or unexported fields
}
keygen is a key generator that precomputes keys to provide quick access to public/private key pairs.
func New ¶
func New(ctx context.Context, opts ...KeygenOption) *Keygen
New returns a new key generator.
func (*Keygen) Close ¶
func (k *Keygen) Close()
Close stops the precomputation of keys (if enabled) and releases all resources.
func (*Keygen) GenerateHostCert ¶
func (k *Keygen) GenerateHostCert(c services.HostCertParams) ([]byte, error)
GenerateHostCert generates a host certificate with the passed in parameters. The private key of the CA to sign the certificate must be provided.
func (*Keygen) GenerateHostCertWithoutValidation ¶
func (k *Keygen) GenerateHostCertWithoutValidation(c services.HostCertParams) ([]byte, error)
GenerateHostCertWithoutValidation generates a host certificate with the passed in parameters without validating them. For use in tests only.
func (*Keygen) GenerateKeyPair ¶
GenerateKeyPair returns fresh priv/pub keypair, takes about 300ms to execute.
func (*Keygen) GenerateUserCert ¶
func (k *Keygen) GenerateUserCert(c services.UserCertParams) ([]byte, error)
GenerateUserCert generates a user ssh certificate with the passed in parameters. The private key of the CA to sign the certificate must be provided.
func (*Keygen) GenerateUserCertWithoutValidation ¶
func (k *Keygen) GenerateUserCertWithoutValidation(c services.UserCertParams) ([]byte, error)
GenerateUserCertWithoutValidation generates a user ssh certificate with the passed in parameters without validating them.
type KeygenOption ¶
type KeygenOption func(k *Keygen)
KeygenOption is a functional optional argument for key generator
func SetClock ¶
func SetClock(clock clockwork.Clock) KeygenOption
SetClock sets the clock to use for key generation.