mirror of
https://github.com/gogrlx/nats-server.git
synced 2026-04-02 03:38:42 -07:00
1527000d1f
As of Go 1.20, `math/rand.Read` is deprecated. In addition to that, it also isn't recommended for use in combination with anything cryptographic. I haven't replaced all `math/rand` with `crypto/rand` imports because there are still some legitimate uses for the `math/rand` package in some places. Signed-off-by: Neil Twigg <neil@nats.io>
48 lines
1.3 KiB
Go
48 lines
1.3 KiB
Go
// Copyright 2018 The NATS Authors
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package server
|
|
|
|
import (
|
|
crand "crypto/rand"
|
|
"encoding/base64"
|
|
)
|
|
|
|
// Raw length of the nonce challenge
|
|
const (
|
|
nonceRawLen = 11
|
|
nonceLen = 15 // base64.RawURLEncoding.EncodedLen(nonceRawLen)
|
|
)
|
|
|
|
// NonceRequired tells us if we should send a nonce.
|
|
func (s *Server) NonceRequired() bool {
|
|
s.mu.Lock()
|
|
defer s.mu.Unlock()
|
|
return s.nonceRequired()
|
|
}
|
|
|
|
// nonceRequired tells us if we should send a nonce.
|
|
// Lock should be held on entry.
|
|
func (s *Server) nonceRequired() bool {
|
|
return s.getOpts().AlwaysEnableNonce || len(s.nkeys) > 0 || s.trustedKeys != nil
|
|
}
|
|
|
|
// Generate a nonce for INFO challenge.
|
|
// Assumes server lock is held
|
|
func (s *Server) generateNonce(n []byte) {
|
|
var raw [nonceRawLen]byte
|
|
data := raw[:]
|
|
crand.Read(data)
|
|
base64.RawURLEncoding.Encode(n, data)
|
|
}
|