Documentation ¶
Overview ¶
Package auth implements an interface for providing CFSSL authentication. This is meant to authenticate a client CFSSL to a remote CFSSL in order to prevent unauthorised use of the signature capabilities. This package provides both the interface and a standard HMAC-based implementation.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthenticatedRequest ¶
type AuthenticatedRequest struct { // An Authenticator decides whether to use this field. Timestamp int64 `json:"timestamp,omitempty"` RemoteAddress []byte `json:"remote_address,omitempty"` Token []byte `json:"token"` Request []byte `json:"request"` }
An AuthenticatedRequest contains a request and authentication token. The Provider may determine whether to validate the timestamp and remote address.
type Provider ¶
type Provider interface { Token(req []byte) (token []byte, err error) Verify(aReq *AuthenticatedRequest) bool }
A Provider can generate tokens from a request and verify a request. The handling of additional authentication data (such as the IP address) is handled by the concrete type, as is any serialisation and state-keeping.
type Standard ¶
type Standard struct {
// contains filtered or unexported fields
}
Standard implements an HMAC-SHA-256 authentication provider. It may be supplied additional data at creation time that will be used as request || additional-data with the HMAC.
func New ¶
New generates a new standard authentication provider from the key and additional data. The additional data will be used when generating a new token.
func (Standard) Token ¶
Token generates a new authentication token from the request.
func (Standard) Verify ¶
func (p Standard) Verify(ad *AuthenticatedRequest) bool
Verify determines whether an authenticated request is valid.