Skip to main content

SshAuthCredentials

coven_ssh

Struct SshAuthCredentials 

Source 
pub struct SshAuthCredentials {
    pub pubkey: String,
    pub signature: String,
    pub timestamp: i64,
    pub nonce: String,
}
Expand description

SSH authentication credentials for gRPC metadata.

Contains all the fields needed to authenticate with coven-gateway:

  • pubkey: OpenSSH format public key
  • signature: Base64-encoded SSH signature of timestamp|nonce
  • timestamp: Unix timestamp when credentials were created
  • nonce: Random hex string to prevent replay attacks

Fields§

§pubkey: String

OpenSSH format public key string.

§signature: String

Base64-encoded SSH signature of the message {timestamp}|{nonce}.

§timestamp: i64

Unix timestamp when these credentials were created.

§nonce: String

Random nonce to prevent replay attacks.

Implementations§

Source§

impl SshAuthCredentials

Source

pub fn new(private_key: &PrivateKey) -> Result<Self>

Create new authentication credentials by signing timestamp|nonce.

Generates a fresh timestamp and nonce, signs the combined message, and packages everything needed for gRPC authentication.

§Errors

Returns an error if signing fails or the public key cannot be serialized.

Source

pub fn age_secs(&self) -> i64

Get the age of these credentials in seconds.

Returns the number of seconds since these credentials were created.

Source

pub fn is_stale(&self, ttl_secs: i64) -> bool

Check if these credentials are stale and should be refreshed.

Credentials are considered stale if they are older than the given TTL. The gateway rejects signatures older than 5 minutes (300 seconds), so a typical TTL would be 240 seconds (4 minutes) to refresh early.

Source

pub fn apply_to_request<T>(&self, req: &mut Request<T>) -> Result<()>

Apply credentials to a gRPC request as metadata headers.

Adds the following headers to the request:

  • x-ssh-pubkey: The OpenSSH format public key
  • x-ssh-signature: The base64-encoded signature
  • x-ssh-timestamp: The Unix timestamp as a string
  • x-ssh-nonce: The random nonce
§Errors

Returns an error if any metadata value is invalid.

Trait Implementations§

Source§

impl Clone for SshAuthCredentials

Source§

fn clone(&self) -> SshAuthCredentials

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SshAuthCredentials

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more