Example #1
0
// Sign is called to create a new signed authentication token,
// including a challenge and username/uid/kid identifiers.
func (a *AuthToken) Sign(ctx context.Context, challengeInfo keybase1.ChallengeInfo) (string, error) {
	// make sure we're being asked to sign a legit challenge
	if !auth.IsValidChallenge(challengeInfo.Challenge) {
		return "", errors.New("Invalid challenge")
	}

	// get UID, deviceKID and normalized username
	username, uid, err := a.config.KBPKI().GetCurrentUserInfo(ctx)
	if err != nil {
		return "", err
	}
	key, err := a.config.KBPKI().GetCurrentVerifyingKey(ctx)
	if err != nil {
		return "", err
	}

	return a.signWithUserAndKeyInfo(ctx, challengeInfo, uid, username, key)
}
Example #2
0
// Sign is called to create a new signed authentication token.
func (a *AuthToken) Sign(ctx context.Context, challengeInfo keybase1.ChallengeInfo) (string, error) {
	// make sure we're being asked to sign a legit challenge
	if !auth.IsValidChallenge(challengeInfo.Challenge) {
		return "", errors.New("Invalid challenge")
	}

	// get UID, deviceKID and normalized username
	uid, err := a.config.KBPKI().GetCurrentUID(ctx)
	if err != nil {
		return "", err
	}
	key, err := a.config.KBPKI().GetCurrentVerifyingKey(ctx)
	if err != nil {
		return "", err
	}
	username, err := a.config.KBPKI().GetNormalizedUsername(ctx, uid)
	if err != nil {
		return "", err
	}

	// create the token
	token := auth.NewToken(uid, username, key.kid, a.tokenType,
		challengeInfo.Challenge, challengeInfo.Now, a.expireIn,
		a.clientName, a.clientVersion)

	// sign the token
	signature, err := a.config.Crypto().SignToString(ctx, token.Bytes())
	if err != nil {
		return "", err
	}

	// reset the ticker
	refreshSeconds := a.expireIn / 2
	if refreshSeconds < AuthTokenMinRefreshSeconds {
		refreshSeconds = AuthTokenMinRefreshSeconds
	}
	a.startTicker(refreshSeconds)

	return signature, nil
}