github.com/gravitational/teleport/api@v0.0.0-20240507183017-3110591cbafc/utils/keys/yubikey_common.go (about) 1 /* 2 Copyright 2022 Gravitational, Inc. 3 Licensed under the Apache License, Version 2.0 (the "License"); 4 you may not use this file except in compliance with the License. 5 You may obtain a copy of the License at 6 http://www.apache.org/licenses/LICENSE-2.0 7 Unless required by applicable law or agreed to in writing, software 8 distributed under the License is distributed on an "AS IS" BASIS, 9 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 See the License for the specific language governing permissions and 11 limitations under the License. 12 */ 13 14 package keys 15 16 import ( 17 "context" 18 19 "github.com/gravitational/trace" 20 ) 21 22 // GetYubiKeyPrivateKey attempt to retrieve a YubiKey private key matching the given hardware key policy 23 // from the given slot. If slot is unspecified, the default slot for the given key policy will be used. 24 // If the slot is empty, a new private key matching the given policy will be generated in the slot. 25 // - hardware_key: 9a 26 // - hardware_key_touch: 9c 27 // - hardware_key_pin: 9d 28 // - hardware_key_touch_pin: 9e 29 func GetYubiKeyPrivateKey(ctx context.Context, policy PrivateKeyPolicy, slot PIVSlot) (*PrivateKey, error) { 30 priv, err := getOrGenerateYubiKeyPrivateKey(ctx, policy, slot) 31 if err != nil { 32 return nil, trace.Wrap(err, "failed to get a YubiKey private key") 33 } 34 return priv, nil 35 } 36 37 // PIVSlot is the string representation of a PIV slot. e.g. "9a". 38 type PIVSlot string 39 40 // Validate that the PIV slot is a valid value. 41 func (s PIVSlot) Validate() error { 42 return trace.Wrap(s.validate()) 43 }