Version: v1.6.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2021 License: BSD-2-Clause Imports: 7 Imported by: 59



Package auth implements an interface for providing CFSSL authentication. This is meant to authenticate a client CFSSL to a remote CFSSL in order to prevent unauthorised use of the signature capabilities. This package provides both the interface and a standard HMAC-based implementation.



This section is empty.


This section is empty.


This section is empty.


type AuthenticatedRequest

type AuthenticatedRequest struct {
	// An Authenticator decides whether to use this field.
	Timestamp     int64  `json:"timestamp,omitempty"`
	RemoteAddress []byte `json:"remote_address,omitempty"`
	Token         []byte `json:"token"`
	Request       []byte `json:"request"`

An AuthenticatedRequest contains a request and authentication token. The Provider may determine whether to validate the timestamp and remote address.

type Provider

type Provider interface {
	Token(req []byte) (token []byte, err error)
	Verify(aReq *AuthenticatedRequest) bool

A Provider can generate tokens from a request and verify a request. The handling of additional authentication data (such as the IP address) is handled by the concrete type, as is any serialisation and state-keeping.

type Standard

type Standard struct {
	// contains filtered or unexported fields

Standard implements an HMAC-SHA-256 authentication provider. It may be supplied additional data at creation time that will be used as request || additional-data with the HMAC.

func New

func New(key string, ad []byte) (*Standard, error)

New generates a new standard authentication provider from the key and additional data. The additional data will be used when generating a new token.

func (Standard) Token

func (p Standard) Token(req []byte) (token []byte, err error)

Token generates a new authentication token from the request.

func (Standard) Verify

func (p Standard) Verify(ad *AuthenticatedRequest) bool

Verify determines whether an authenticated request is valid.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL