play-v29
API
Generated with
play-v29/com.gu.play.secretrotation/RotatingSecretComponents/RotatingKeyCSRFTokenSigner

RotatingKeyCSRFTokenSigner

com.gu.play.secretrotation.RotatingSecretComponents.RotatingKeyCSRFTokenSigner
class RotatingKeyCSRFTokenSigner(snapshotProvider: SnapshotProvider, clock: Clock) extends CSRFTokenSigner

Attributes

Graph
Supertypes
trait CSRFTokenSigner
class Object
trait Matchable
class Any

Members list

Value members

Concrete methods

override def compareSignedTokens(tokenA: String, tokenB: String): Boolean

It's important that this method doesn't just delegate to an underlying DefaultCSRFTokenSigner, because this method uses the extractSignedToken() method, and we need to use the tolerant version of that method that's only available in this class.

It's important that this method doesn't just delegate to an underlying DefaultCSRFTokenSigner, because this method uses the extractSignedToken() method, and we need to use the tolerant version of that method that's only available in this class.

Attributes

Definition Classes
CSRFTokenSigner
override def constantTimeEquals(a: String, b: String): Boolean

Constant time equals method.

Constant time equals method.

Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.

Attributes

Definition Classes
CSRFTokenSigner
override def extractSignedToken(token: String): Option[String]

This method verifies tokens which may have been signed with a previous secret that we still consider valid for now. It tries all applicable secrets to see if any of them can verify the token.

This method verifies tokens which may have been signed with a previous secret that we still consider valid for now. It tries all applicable secrets to see if any of them can verify the token.

Attributes

Definition Classes
CSRFTokenSigner
override def generateSignedToken: String

Generates a signed token.

Generates a signed token.

Attributes

Definition Classes
CSRFTokenSigner
override def generateToken: String

Generates a cryptographically secure token.

Generates a cryptographically secure token.

Attributes

Definition Classes
CSRFTokenSigner
override def signToken(token: String): String

Sign a token. This produces a new token, that has this token signed with a nonce.

Sign a token. This produces a new token, that has this token signed with a nonce.

This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

Value parameters

token

The token to sign

Attributes

Returns

The signed token

Definition Classes
CSRFTokenSigner
Generated with