// Sign is called to create a new signed authentication token.
func (a *AuthToken) Sign(ctx context.Context, challengeInfo keybase1.ChallengeInfo) (string, error) {
// make sure we're being asked to sign a legit challenge
if !auth.IsValidChallenge(challengeInfo.Challenge) {
return "", errors.New("Invalid challenge")
}
// get UID, deviceKID and normalized username
uid, err := a.config.KBPKI().GetCurrentUID(ctx)
if err != nil {
return "", err
}
key, err := a.config.KBPKI().GetCurrentVerifyingKey(ctx)
if err != nil {
return "", err
}
username, err := a.config.KBPKI().GetNormalizedUsername(ctx, uid)
if err != nil {
return "", err
}
// create the token
token := auth.NewToken(uid, username, key.kid, a.tokenType,
challengeInfo.Challenge, challengeInfo.Now, a.expireIn,
a.clientName, a.clientVersion)
// sign the token
signature, err := a.config.Crypto().SignToString(ctx, token.Bytes())
if err != nil {
return "", err
}
// reset the ticker
refreshSeconds := a.expireIn / 2
if refreshSeconds < AuthTokenMinRefreshSeconds {
refreshSeconds = AuthTokenMinRefreshSeconds
}
a.startTicker(refreshSeconds)
return signature, nil
}
// Sign is called to create a new signed authentication token.
func (a *AuthToken) signWithUserAndKeyInfo(ctx context.Context,
challengeInfo keybase1.ChallengeInfo, uid keybase1.UID,
username libkb.NormalizedUsername, key VerifyingKey) (string, error) {
// create the token
token := auth.NewToken(uid, username, key.kid, a.tokenType,
challengeInfo.Challenge, challengeInfo.Now, a.expireIn,
a.clientName, a.clientVersion)
// sign the token
signature, err := a.config.Crypto().SignToString(ctx, token.Bytes())
if err != nil {
return "", err
}
// reset the ticker
refreshSeconds := a.expireIn / 2
if refreshSeconds < AuthTokenMinRefreshSeconds {
refreshSeconds = AuthTokenMinRefreshSeconds
}
a.startTicker(refreshSeconds)
return signature, nil
}
