blob: 5dd54c9bd5bfc4b740f8304ce489203c43023db8 [file] [log] [blame]
// Copyright 2015 The LUCI Authors.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// See the License for the specific language governing permissions and
// limitations under the License.
package types
import (
const (
// PrefixSecretLength is the size, in bytes, of the stream secret.
// This value was chosen such that it is:
// - Sufficiently large to avoid collisions.
// - Can be expressed as a Base64 string without ugly padding.
PrefixSecretLength = 36
// OpNonceLength is the exact length that an OpNonce must be, if supplied.
OpNonceLength = 32
// PrefixSecret is the prefix secret value. It is used to assert ownership of
// a prefix space.
// The Prefix secret is generated by the Coordinator at prefix registration,
// and is included by the Butler to prove that it is the entity that registered
// the stream. The secret is asserted by microservices and the Coordinator
// during Butler-initiated stream operations.
type PrefixSecret []byte
// NewPrefixSecret generates a new, default-length secret parameter.
func NewPrefixSecret() (PrefixSecret, error) {
buf := make([]byte, PrefixSecretLength)
if _, err := rand.Read(buf); err != nil {
return nil, err
value := PrefixSecret(buf)
if err := value.Validate(); err != nil {
return value, nil
// Validate confirms that this prefix secret is conformant.
// Note that this does not scan the byte contents of the secret for any
// security-related parameters.
func (s PrefixSecret) Validate() error {
if len(s) != PrefixSecretLength {
return fmt.Errorf("invalid prefix secret length (%d != %d)", len(s), PrefixSecretLength)
return nil