github.com/gravitational/teleport/api@v0.0.0-20240507183017-3110591cbafc/utils/keys/yubikey_common.go (about)

     1  /*
     2  Copyright 2022 Gravitational, Inc.
     3  Licensed under the Apache License, Version 2.0 (the "License");
     4  you may not use this file except in compliance with the License.
     5  You may obtain a copy of the License at
     6      http://www.apache.org/licenses/LICENSE-2.0
     7  Unless required by applicable law or agreed to in writing, software
     8  distributed under the License is distributed on an "AS IS" BASIS,
     9  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    10  See the License for the specific language governing permissions and
    11  limitations under the License.
    12  */
    13  
    14  package keys
    15  
    16  import (
    17  	"context"
    18  
    19  	"github.com/gravitational/trace"
    20  )
    21  
    22  // GetYubiKeyPrivateKey attempt to retrieve a YubiKey private key matching the given hardware key policy
    23  // from the given slot. If slot is unspecified, the default slot for the given key policy will be used.
    24  // If the slot is empty, a new private key matching the given policy will be generated in the slot.
    25  //   - hardware_key: 9a
    26  //   - hardware_key_touch: 9c
    27  //   - hardware_key_pin: 9d
    28  //   - hardware_key_touch_pin: 9e
    29  func GetYubiKeyPrivateKey(ctx context.Context, policy PrivateKeyPolicy, slot PIVSlot) (*PrivateKey, error) {
    30  	priv, err := getOrGenerateYubiKeyPrivateKey(ctx, policy, slot)
    31  	if err != nil {
    32  		return nil, trace.Wrap(err, "failed to get a YubiKey private key")
    33  	}
    34  	return priv, nil
    35  }
    36  
    37  // PIVSlot is the string representation of a PIV slot. e.g. "9a".
    38  type PIVSlot string
    39  
    40  // Validate that the PIV slot is a valid value.
    41  func (s PIVSlot) Validate() error {
    42  	return trace.Wrap(s.validate())
    43  }