Documentation
¶
Index ¶
Constants ¶
const AccountIDEntropy = 30
Variables ¶
This section is empty.
Functions ¶
func GenerateAccountID ¶
func GenerateAccountID(idType AccountIdentifier) (string, error)
Types ¶
type AccountIdentifier ¶
type AccountIdentifier uint16
const ( System AccountIdentifier = 510 SystemAPI AccountIdentifier = 766 User AccountIdentifier = 257 UserAPI AccountIdentifier = 513 )
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
func NewAuthenticator ¶
func NewAuthenticator(ks *keystar.KeyStar, id []byte) *Authenticator
func (*Authenticator) Challenge ¶
func (a *Authenticator) Challenge(duration int32) (*Challenge, error)
func (*Authenticator) Validate ¶
func (a *Authenticator) Validate(challenge *Challenge, actual []byte) (*Authorizer, bool)
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
func (*Authorizer) Authorize ¶
func (a *Authorizer) Authorize() (*Bearer, error)
func (*Authorizer) Verify ¶
func (a *Authorizer) Verify(b []byte) bool
type Bearer ¶
type Bearer struct {
// Timestamp at which point the bearer token was created.
Timestamp time.Time
// Duration for which the bearer token is valid (in minutes). Zero implies the
// token is valid indefinitely. The longest duration is 65,535 minutes or
// about 45 and 1/2 days.
Duration uint32
// AccountOnly indicates that the token is valid only for requests within the
// account's namespace. This is stored in the lowest of the two higher order
// bytes used for calculating the duration.
AccountOnly bool
// ID associated with the account identity. Always 32 bytes.
ID []byte
// Signature contains 20 to 40 bytes of the generated signature hash. For
// single-occupancy modes, the signature will always be 20 bytes unless the
// client has been configured to use an API key. For multi-tenancy modes, this
// will always be 40 bytes unless the account accessing the API is the
// administrative account.
//
// Bearers generated for API key access or user accounts are always signed a
// second time with the system's secret key.
Signature *bytes.Buffer
// contains filtered or unexported fields
}
Bearer token for successful challenge-response.
func BearerFromBytes ¶
func (*Bearer) Base64 ¶
Base64 returns a representation of this Bearer token as a base64-encoded string. If the token is signed, this will also encode the signature.
func (*Bearer) Bytes ¶
Bytes returns a slice containing a serialized copy of the challenge. This will always return a slice of 32 bytes.
type Challenge ¶
type Challenge struct {
// Timestamp at which the challenge was created.
Timestamp time.Time
// Duration for which the challenge is valid (in seconds). Zero implies
// indefinite.
Duration int32
// ID associated with the user identity. Always 32 bytes and will be padded
// accordingly if not with null.
ID []byte
// Trailing entropy to pad challenge to 64 bytes.
Entropy []byte
}
Challenge type for challenge-response authentication. When a challenge is generated, it is created with a timestamp and a duration (default: indefinite) with entropy padding to get the challenge up to 32 bytes.
func ChallengeFromBytes ¶
ChallengeFromBytes returns an initialized and configured Challenge instance from the src byte slice.
func NewChallenge ¶
NewChallenge returns a Challenge with the current timestamp, specified duration (int32), user identity (base64 encoded slice), and 12 bytes of entropy. Entropy is pre-generated using crypt/rand.Read. An error may be returned if random entropy cannot be read. Entropy quality isn't as important for the challenge, but we don't downgrade to a lower-quality source since this should be a decision made by consumers of NewChallenge.
func (*Challenge) Bytes ¶
Bytes returns a slice containing a serialized copy of the challenge. This will always return a slice of 32 bytes.
func (*Challenge) MarshalJSON ¶
MarshalJSON from the challenge instance. Returns a base64 encoded version of Challenge.
func (*Challenge) UnmarshalJSON ¶
UnmarshalJSON from the provided byte slice containing an encoded challenge.
Source Files