Struct apple_codesign::app_store_connect::api_token::ConnectTokenEncoder

pub struct ConnectTokenEncoder { /* private fields */ }

Represents a private key used to create JWT tokens for use with App Store Connect.

See https://developer.apple.com/documentation/appstoreconnectapi/creating_api_keys_for_app_store_connect_api and https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests for more details.

This entity holds the necessary metadata to issue new JWT tokens.

App Store Connect API tokens/JWTs are derived from:

• A key identifier. This is a short alphanumeric string like DEADBEEF42.
• An issuer ID. This is likely a UUID.
• A private key. Likely ECDSA.

All these are issued by Apple. You can log in to App Store Connect and see/manage your keys at https://appstoreconnect.apple.com/access/api.

Implementations

impl ConnectTokenEncoder

pub fn from_jwt_encoding_key(
    key_id: String,
    issuer_id: String,
    encoding_key: EncodingKey
) -> Self

Construct an instance from an EncodingKey instance.

This is the lowest level API and ultimately what all constructors use.

Examples found in repository

src/app_store_connect/api_token.rs (line 72)

    pub fn from_ecdsa_der(
        key_id: String,
        issuer_id: String,
        der_data: &[u8],
    ) -> Result<Self, AppleCodesignError> {
        let encoding_key = EncodingKey::from_ec_der(der_data);

        Ok(Self::from_jwt_encoding_key(key_id, issuer_id, encoding_key))
    }

    /// Create a token from a PEM encoded ECDSA private key.
    pub fn from_ecdsa_pem(
        key_id: String,
        issuer_id: String,
        pem_data: &[u8],
    ) -> Result<Self, AppleCodesignError> {
        let encoding_key = EncodingKey::from_ec_pem(pem_data)?;

        Ok(Self::from_jwt_encoding_key(key_id, issuer_id, encoding_key))
    }

pub fn from_ecdsa_der(
    key_id: String,
    issuer_id: String,
    der_data: &[u8]
) -> Result<Self, AppleCodesignError>

Construct an instance from a DER encoded ECDSA private key.

Examples found in repository

src/app_store_connect/mod.rs (line 137)

    fn try_from(value: UnifiedApiKey) -> Result<Self, Self::Error> {
        let der = base64::decode(value.private_key).map_err(|e| {
            AppleCodesignError::AppStoreConnectApiKey(format!(
                "failed to base64 decode private key: {}",
                e
            ))
        })?;

        Self::from_ecdsa_der(value.key_id, value.issuer_id, &der)
    }

pub fn from_ecdsa_pem(
    key_id: String,
    issuer_id: String,
    pem_data: &[u8]
) -> Result<Self, AppleCodesignError>

Create a token from a PEM encoded ECDSA private key.

Examples found in repository

src/app_store_connect/api_token.rs (line 94)

    pub fn from_ecdsa_pem_path(
        key_id: String,
        issuer_id: String,
        path: impl AsRef<Path>,
    ) -> Result<Self, AppleCodesignError> {
        let data = std::fs::read(path.as_ref())?;

        Self::from_ecdsa_pem(key_id, issuer_id, &data)
    }

pub fn from_ecdsa_pem_path(
    key_id: String,
    issuer_id: String,
    path: impl AsRef<Path>
) -> Result<Self, AppleCodesignError>

Create a token from a PEM encoded ECDSA private key in a filesystem path.

Examples found in repository

src/app_store_connect/api_token.rs (line 119)

    pub fn from_api_key_id(key_id: String, issuer_id: String) -> Result<Self, AppleCodesignError> {
        let mut search_paths = vec![std::env::current_dir()?.join("private_keys")];

        if let Some(home) = dirs::home_dir() {
            search_paths.extend([
                home.join("private_keys"),
                home.join(".private_keys"),
                home.join(".appstoreconnect").join("private_keys"),
            ]);
        }

        // AuthKey_<apiKey>.p8
        let filename = format!("AuthKey_{}.p8", key_id);

        for path in search_paths {
            let candidate = path.join(filename.as_str());

            if candidate.exists() {
                return Self::from_ecdsa_pem_path(key_id, issuer_id, candidate);
            }
        }

        Err(AppleCodesignError::AppStoreConnectApiKeyNotFound)
    }

pub fn from_api_key_id(
    key_id: String,
    issuer_id: String
) -> Result<Self, AppleCodesignError>

Attempt to construct in instance from an API Key ID.

e.g. DEADBEEF42. This looks for an AuthKey_<id>.p8 file in default search locations like ~/.appstoreconnect/private_keys.

Examples found in repository

src/notarization.rs (line 183)

    pub fn set_api_key(
        &mut self,
        api_issuer: impl ToString,
        api_key: impl ToString,
    ) -> Result<(), AppleCodesignError> {
        let api_key = api_key.to_string();
        let api_issuer = api_issuer.to_string();

        let encoder = ConnectTokenEncoder::from_api_key_id(api_key, api_issuer)?;

        self.set_token_encoder(encoder);

        Ok(())
    }

pub fn new_token(
    &self,
    duration: u64
) -> Result<AppStoreConnectToken, AppleCodesignError>

Mint a new JWT token.

Using the private key and key metadata bound to this instance, we issue a new JWT for the requested duration.

Examples found in repository

src/app_store_connect/mod.rs (line 165)

    fn get_token(&self) -> Result<String, AppleCodesignError> {
        let mut token = self.token.lock().unwrap();

        // TODO need to handle token expiration.
        if token.is_none() {
            token.replace(self.connect_token.new_token(300)?);
        }

        Ok(token.as_ref().unwrap().clone())
    }

Trait Implementations

impl Clone for ConnectTokenEncoder

fn clone(&self) -> ConnectTokenEncoder

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl TryFrom<UnifiedApiKey> for ConnectTokenEncoder

type Error = AppleCodesignError

The type returned in the event of a conversion error.

fn try_from(value: UnifiedApiKey) -> Result<Self, Self::Error>

Performs the conversion.