SignedToken (Gerrit Review Plugin API Documentation)

java.lang.Object
- com.google.gerrit.server.mail.SignedToken

```
public class SignedToken
extends Object
```
Utility function to compute and verify XSRF tokens.
SignedTokenEmailTokenVerifier uses this class to verify tokens appearing in the custom xsrfKey JSON request property. The tokens protect against cross-site request forgery by depending upon the browser's security model. The classic browser security model prohibits a script from site A from reading any data received from site B. By sending unforgeable tokens from the server and asking the client to return them to us, the client script must have had read access to the token at some point and is therefore also from our server.

- Constructor Summary
  
  Constructors
  Constructor Description
  
  SignedToken(int age, String keyBase64)
  Create a new utility, using the specific key.
- Method Summary
  
  All Methods Static Methods Concrete Methods
  Modifier and Type Method Description
  
  static String generateRandomKey()
  Generate a random key for use with the XSRF library.
  - Methods inherited from class java.lang.Object
    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SignedToken
```
public SignedToken(int age,
                   String keyBase64)
            throws XsrfException
```
    Create a new utility, using the specific key.
    
    Parameters:
    
    age - the number of seconds a token may remain valid.
    
    keyBase64 - base 64 encoded representation of the key.
    
    Throws:
    
    XsrfException - the JVM doesn't support the necessary algorithms.
- Method Detail
  - generateRandomKey
```
public static String generateRandomKey()
```
    Generate a random key for use with the XSRF library.
    
    Returns:
    
    a new private key, base 64 encoded.