Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[v14] Cache PIV connections to share across the program execution (#4…
…7954) * Cache PIV connections to share across the program execution (#47091) * Cache yubikey objects. * Cache PIV connections to share across the program execution. * Do not release the connection until `sign` returns * Do not ignore errors * Perform a "warm up" call to YubiKey * Fix tests * Use a specific interface to check if the key can be "warmed up" * Allow abandoning `signer.Sign` call when context is canceled * Make sure that the cached key is valid for the given private key policy The reason for adding this check was failing `invalid key policies` test. * Make `hardwareKeyWarmer` private * Force callers to release connection * Improve comments * Fix lint * Improve `connect` comment * Fix race condition * Simplify `release` logic * Trigger license/cla --------- Co-authored-by: joerger <bjoerger@goteleport.com> (cherry picked from commit bd6fdbf) * Sign a hashed message in hardware key warmup call (#48206) Otherwise, signing may fail with "input must be a hashed message" error. (cherry picked from commit 47494db) * Remove delayed closing of yubikey connection to prevent the connection from leaking after program execution. (#48414) (cherry picked from commit b7c0e79) --------- Co-authored-by: Brian Joerger <bjoerger@goteleport.com>
- Loading branch information