Skip to main content

ChallengeResponse

ap_proxy_client

Struct ChallengeResponse 

Source 
pub struct ChallengeResponse { /* private fields */ }
Expand description

A signed response to an authentication challenge.

Contains a COSE_Sign1 structure with the signature over the challenge bytes, proving possession of the private key corresponding to the claimed identity.

§Examples

Create and verify a challenge response:

use ap_proxy_protocol::{Challenge, IdentityKeyPair};

// Client signs challenge
let keypair = IdentityKeyPair::generate();
let challenge = Challenge::new();
let response = challenge.sign(&keypair);

// Server verifies response
let identity = keypair.identity();
assert!(response.verify(&challenge, &identity));

Implementations§

Source§

impl ChallengeResponse

Source

pub fn verify(&self, challenge: &Challenge, identity: &Identity) -> bool

Verify this response against the original challenge and claimed identity.

Returns true if the signature is valid and was created by the private key corresponding to the provided identity. Returns false if:

  • The signature is malformed
  • The signature verification fails
  • The identity public key is invalid
  • The algorithm in the signature doesn’t match the identity
§Authentication Process

The server uses this method to authenticate clients:

  1. Receive Identity and ChallengeResponse from client
  2. Call response.verify(&original_challenge, &claimed_identity)
  3. If true, the client possesses the private key (authenticated)
  4. If false, reject the authentication attempt
§Examples
use ap_proxy_protocol::{Challenge, IdentityKeyPair};

let keypair = IdentityKeyPair::generate();
let challenge = Challenge::new();
let response = challenge.sign(&keypair);

// Valid signature
assert!(response.verify(&challenge, &keypair.identity()));

// Invalid signature (different challenge)
let other_challenge = Challenge::new();
assert!(!response.verify(&other_challenge, &keypair.identity()));

// Invalid signature (different identity)
let other_keypair = IdentityKeyPair::generate();
assert!(!response.verify(&challenge, &other_keypair.identity()));

Trait Implementations§

Source§

impl Clone for ChallengeResponse

Source§

fn clone(&self) -> ChallengeResponse

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ChallengeResponse

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for ChallengeResponse

Source§

fn deserialize<__D>( __deserializer: __D, ) -> Result<ChallengeResponse, <__D as Deserializer<'de>>::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for ChallengeResponse

Source§

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,