Documentation ¶
Index ¶
- Constants
- func GenerateCertificate(SubjectAlternativeName string, Issuer string, certPath string, keyPath string) error
- func WebSafeB64Decode(b64 string) (data []byte, err error)
- func WebSafeB64Encode(data []byte) (b64 string)
- type Api
- func (a *Api) AuthenticateBegin(writer http.ResponseWriter, request *http.Request)
- func (a *Api) AuthenticateComplete(writer http.ResponseWriter, request *http.Request)
- func (a *Api) RegisterBegin(writer http.ResponseWriter, request *http.Request)
- func (a *Api) RegisterComplete(writer http.ResponseWriter, request *http.Request)
- type AuthenticationCompletedCallback
- type DemoMemDB
- type DemoMemDBEntry
- type HTTPServer
- func (s *HTTPServer) CORSMiddleware(next http.Handler) http.Handler
- func (s *HTTPServer) GetRouter() (router *mux.Router)
- func (s *HTTPServer) HandleFunc(path string, f func(http.ResponseWriter, *http.Request)) *mux.Route
- func (s *HTTPServer) HeaderMiddleware(next http.Handler) http.Handler
- func (s *HTTPServer) Start() error
- type KeyDatabase
- type RegistrationCallback
- type RegistrationCompletedCallback
- type RegistrationData
- type RegistrationResponse
- type RegistrationResponseClientData
- type RegistrationResponseRaw
- type SignRequestData
- type SignResponse
- type SignResponseClientData
- type SignResponseDataRaw
- type SignResponseSignatureData
- type UserAuthenticationCallback
Constants ¶
const ( U2fVersion = "U2F_V2" ApiTimeout = 10 * time.Second U2fTokenId = "U2FTID" )
const ( U2F_STATUS_SUCCESS = 0 U2F_STATUS_ERROR = 1 U2F_STATUS_FAILURE = 2 )
const (
DerPubKeyPrefix = "3059301306072a8648ce3d020106082a8648ce3d030107034200"
)
Variables ¶
This section is empty.
Functions ¶
func GenerateCertificate ¶
func WebSafeB64Decode ¶
func WebSafeB64Encode ¶
Types ¶
type Api ¶
type Api struct {
// contains filtered or unexported fields
}
TODO: implement garbage collection for timedout registration state
func NewU2FApi ¶
func NewU2FApi(server *mux.Router, db KeyDatabase, appId string, exposeRegisterEndpoint bool, cookieHashKey [32]byte, cookieBlockKey [32]byte, authCallback UserAuthenticationCallback, authCompletedCallback AuthenticationCompletedCallback, registrationCallback RegistrationCallback, registrationCompletedCallback RegistrationCompletedCallback) (a *Api)
func (*Api) AuthenticateBegin ¶
func (a *Api) AuthenticateBegin(writer http.ResponseWriter, request *http.Request)
func (*Api) AuthenticateComplete ¶
func (a *Api) AuthenticateComplete(writer http.ResponseWriter, request *http.Request)
func (*Api) RegisterBegin ¶
func (a *Api) RegisterBegin(writer http.ResponseWriter, request *http.Request)
func (*Api) RegisterComplete ¶
func (a *Api) RegisterComplete(writer http.ResponseWriter, request *http.Request)
type AuthenticationCompletedCallback ¶
type AuthenticationCompletedCallback func(authStatus int, writer http.ResponseWriter, request *http.Request, keyIdentifier string)
AuthenticationCompletedCallback is called when the U2F authentication either has failed or succeeded. The writer object should be used to send an appropriate response to the frontend.
type DemoMemDB ¶
type DemoMemDB struct {
// contains filtered or unexported fields
}
DemoMemDB is a minimal implementation of the KeyDatabase and not intended for production use!
func (*DemoMemDB) GetKeyHandle ¶
func (*DemoMemDB) GetPublicKey ¶
type DemoMemDBEntry ¶
type HTTPServer ¶
type HTTPServer struct {
// contains filtered or unexported fields
}
HTTPServer is only part of this package for use in the U2F demo server. Don't use this code directly for anything important.
func NewHTTPServer ¶
func (*HTTPServer) CORSMiddleware ¶
func (s *HTTPServer) CORSMiddleware(next http.Handler) http.Handler
CORSMiddleware handle CORS and pre-flight requests
func (*HTTPServer) GetRouter ¶
func (s *HTTPServer) GetRouter() (router *mux.Router)
func (*HTTPServer) HandleFunc ¶
func (s *HTTPServer) HandleFunc(path string, f func(http.ResponseWriter, *http.Request)) *mux.Route
func (*HTTPServer) HeaderMiddleware ¶
func (s *HTTPServer) HeaderMiddleware(next http.Handler) http.Handler
HeaderMiddleware set some headers
func (*HTTPServer) Start ¶
func (s *HTTPServer) Start() error
type KeyDatabase ¶
type RegistrationCallback ¶
type RegistrationCallback func(authData []byte, keyIdentifier string, request *http.Request) (authenticationSuccess bool)
RegistrationCallback is called on the initial call to the registration endpoint. Must return true for the enrollment to proceed.
type RegistrationCompletedCallback ¶
type RegistrationCompletedCallback func(writer http.ResponseWriter, request *http.Request, keyIdentifier string) (ok bool)
RegistrationCompletedCallback is called when a new key successfully enrolled. In case the enrollment request should be declined return false, otherwise return true.
type RegistrationData ¶
type RegistrationResponse ¶
type RegistrationResponse struct { ClientData *RegistrationResponseClientData ClientDataRaw []byte PubKey []byte KeyHandle []byte Cert []byte Signature []byte AppId string }
func ParseRegistrationResponse ¶
func ParseRegistrationResponse(response []byte) (registrationResponse *RegistrationResponse, err error)
type RegistrationResponseRaw ¶
type SignRequestData ¶
type SignResponse ¶
type SignResponse struct { ErrorCode int ClientDataRaw []byte ClientData *SignResponseClientData SignatureData *SignResponseSignatureData }
func ParseSignatureResponse ¶
func ParseSignatureResponse(response []byte) (signResponse *SignResponse, err error)
type SignResponseClientData ¶
type SignResponseDataRaw ¶
type UserAuthenticationCallback ¶
type UserAuthenticationCallback func(authData []byte, request *http.Request) (authenticationSuccess bool, identifier string)
UserAuthenticationCallback is called to authenticate a user in the "authenticate begin" step. The function must return true for a successful authentication and the identifier that corresponds to the stored key slot for the U2F device. A typical scenario would be a lookup in a user database that contains UNIQUE(userId == keyslotId), UNIQUE(username), password