Module iu.util.auth
Package edu.iu.auth

Interface IuOneTimeNumber

All Superinterfaces:
AutoCloseable
public interface IuOneTimeNumber extends AutoCloseable
One-time number (nonce) engine. UML Sequence Diagram

Provides securely generated one-time numbers. Clients should optimistically limit concurrent access to a single thread. Single-use tracking is performed internally:

  • Nonce values must be used within the configured time to live interval. PT15S is recommended as a default value.
  • Creating a new nonce value causes all previously created nonce values for the same client to expire if generated more than PT0.25S in the past.
  • Client is thumbprinted by sha256(utf8(remoteAddr || userAgent))
  • remoteAddr is resolved by IuWebUtils.getInetAddress(String) then canonicalized with InetAddress.getAddress()
  • userAgent is validated
  • When pruning stale nonce challenges, 25ms artificial delay is inserted to prevent excessive use
  • Regardless of validation status, a nonce value may only be used once.

  • Method Details

    • initialize

      static IuOneTimeNumber initialize(IuOneTimeNumberConfig config)
      Initializes a new one-time number generator.
      Parameters:
      config - configuration properties
      Returns:
      IuOneTimeNumber

    • create

      String create(String remoteAddress, String userAgent)
      Creates a one-time number (nonce) value.
      Parameters:
      remoteAddress - textual representation of the client IP address
      userAgent - user agent string
      Returns:
      one-time number

    • validate

      void validate(String remoteAddress, String userAgent, String nonce)
      Validates a one-time number (nonce) value.
      Parameters:
      remoteAddress - textual representation of the client IP address
      userAgent - user agent string
      nonce - one-time number