Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v16] Cache PIV connections to share across the program execution #47952

Merged
merged 4 commits into from
Nov 21, 2024
Merged

[v16] Cache PIV connections to share across the program execution #47952

merged 4 commits into from
Nov 21, 2024

Conversation

gzdunek
Copy link
Contributor

@gzdunek gzdunek commented Oct 25, 2024

Backport #47091 to branch/v16

Manual backport because of some minor conflicts.

changelog: Resolved an issue that caused false positive errors incorrectly indicating that the YubiKey was in use by another application, while only tsh was accessing it

@gzdunek
Cache PIV connections to share across the program execution (#47091)
d5c31d0 
* Cache yubikey objects.

* Cache PIV connections to share across the program execution.

* Do not release the connection until `sign` returns

* Do not ignore errors

* Perform a "warm up" call to YubiKey

* Fix tests

* Use a specific interface to check if the key can be "warmed up"

* Allow abandoning `signer.Sign` call when context is canceled

* Make sure that the cached key is valid for the given private key policy

The reason for adding this check was failing `invalid key policies` test.

* Make `hardwareKeyWarmer` private

* Force callers to release connection

* Improve comments

* Fix lint

* Improve `connect` comment

* Fix race condition

* Simplify `release` logic

* Trigger license/cla

---------

Co-authored-by: joerger <bjoerger@goteleport.com>

(cherry picked from commit bd6fdbf)
@github-actions github-actions bot requested review from Joerger and nklaassen October 25, 2024 16:03
@aws-amplify-us-west-2 AWS Amplify (us-west-2)
Copy link

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-47952.d212ksyjt6y4yg.amplifyapp.com

@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from nklaassen October 25, 2024 17:26
@Joerger Joerger mentioned this pull request Nov 6, 2024
Merged
gzdunek and others added 3 commits November 14, 2024 15:32
@gzdunek
Merge branch 'branch/v16' into gzdunek/backport-47091/v16
000ebb9
@gzdunek
Sign a hashed message in hardware key warmup call (#48206)
a3ff45d 
Otherwise, signing may fail with "input must be a hashed message" error.

(cherry picked from commit 47494db)
@Joerger @gzdunek
Remove delayed closing of yubikey connection to prevent the connectio…
05eb823 
…n from leaking after program execution. (#48414)

(cherry picked from commit b7c0e79)
@gzdunek gzdunek added this pull request to the merge queue Nov 21, 2024
Merged via the queue into branch/v16 with commit a585619 Nov 21, 2024
41 checks passed
@gzdunek gzdunek deleted the gzdunek/backport-47091/v16 branch November 21, 2024 17:43
@doggydogworld doggydogworld mentioned this pull request Dec 3, 2024
Merged
@bayandin bayandin mentioned this pull request Dec 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Joerger Joerger Joerger approved these changes

@tigrato tigrato tigrato approved these changes

Assignees
No one assigned
Labels
backport size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gzdunek @tigrato @Joerger