trait CSRFTokenSigner extends AnyRef

Cryptographic utilities for generating and validating CSRF tokens.

This trait should not be used as a general purpose encryption utility.

Source
CSRFTokenSigner.scala
Linear Supertypes
AnyRef, Any
Known Subclasses
DefaultCSRFTokenSigner
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. CSRFTokenSigner
  2. AnyRef
  3. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Abstract Value Members

  1. abstract def compareSignedTokens(tokenA: String, tokenB: String): Boolean

    Compare two signed tokens

  2. abstract def extractSignedToken(token: String): Option[String]

    Extract a signed token that was signed by signToken(String).

    Extract a signed token that was signed by signToken(String).

    token

    The signed token to extract.

    returns

    The verified raw token, or None if the token isn't valid.

  3. abstract def generateSignedToken: String

    Generates a signed token.

  4. abstract def generateToken: String

    Generates a cryptographically secure token.

  5. abstract def signToken(token: String): String

    Sign a token.

    Sign a token. This produces a new token, that has this token signed with a nonce.

    This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

    token

    The token to sign

    returns

    The signed token

  6. abstract def constantTimeEquals(a: String, b: String): Boolean

    Constant time equals method.

    Constant time equals method.

    Given a length that both Strings are equal to, this method will always run in constant time. This prevents timing attacks.

    Annotations
    @deprecated
    Deprecated

    (Since version 2.6.0) Please use java.security.MessageDigest.isEqual(a.getBytes("utf-8"), b.getBytes("utf-8")) over this method.