Struct CapabilityToken 

pub struct CapabilityToken {
    pub id: String,
    pub issuer: PublicKey,
    pub subject: PublicKey,
    pub scope: ChioScope,
    pub issued_at: u64,
    pub expires_at: u64,
    pub delegation_chain: Vec<DelegationLink>,
    pub algorithm: Option<SigningAlgorithm>,
    pub signature: Signature,
}

A Chio capability token. Scoped, time-bounded, cryptographically signed.

The signature field covers the canonical JSON of all other fields. Verification re-serializes the token (excluding the signature), computes the canonical form, and checks the signature against issuer using the algorithm declared by the algorithm field (defaulting to Ed25519 when absent, which preserves backward compatibility with tokens issued prior to the introduction of SigningAlgorithm).

Fields

id: String

Unique token ID (UUIDv7 recommended, used for revocation).

issuer: PublicKey

Capability Authority (or delegating agent) that issued this token.

subject: PublicKey

Agent this capability is bound to (DPoP sender constraint).

scope: ChioScope

What this token authorizes.

issued_at: u64

Unix timestamp (seconds) when the token was issued.

expires_at: u64

Unix timestamp (seconds) when the token expires.

delegation_chain: Vec<DelegationLink>

Ordered list of delegation links from the root CA to this token.

algorithm: Option<SigningAlgorithm>

Signing algorithm. Absent means Ed25519 for backward compatibility.

signature: Signature

Signature over canonical JSON of all fields above.

Implementations

impl CapabilityToken

pub fn body(&self) -> CapabilityTokenBody

Extract the body (everything except the signature) for re-verification.

pub fn sign( body: CapabilityTokenBody, keypair: &Keypair, ) -> Result<CapabilityToken, Error>

Sign a capability token body with the given Ed25519 keypair.

This is the historical signing entry point and produces a byte-identical artifact to pre-SigningBackend Chio releases: the algorithm envelope field is omitted from the serialized output.

pub fn sign_with_backend( body: CapabilityTokenBody, backend: &dyn SigningBackend, ) -> Result<CapabilityToken, Error>

Sign a capability token body with an arbitrary SigningBackend.

Use this entry point to produce FIPS-algorithm (P-256 / P-384) tokens when operating under the fips feature. The body.issuer field must equal backend.public_key(); otherwise verification will fail.

The resulting token’s algorithm envelope field is populated with the backend’s algorithm. It is informational only – verification dispatches off the signature hex prefix, not this field.

pub fn verify_signature(&self) -> Result<bool, Error>

Verify the token’s signature against its issuer key.

Dispatches off the algorithm carried by signature and issuer. For FIPS algorithms, the fips feature must be enabled at the crate level or verification returns Ok(false).

pub fn is_expired_at(&self, now: u64) -> bool

Check whether this token is expired at the given unix timestamp.

pub fn is_valid_at(&self, now: u64) -> bool

Check whether this token is valid at the given unix timestamp (issued_at <= now < expires_at).

pub fn validate_time(&self, now: u64) -> Result<(), Error>

Validate time bounds, returning an error on failure.

Trait Implementations

impl Clone for CapabilityToken

fn clone(&self) -> CapabilityToken

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for CapabilityToken

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for CapabilityToken

fn deserialize<__D>( __deserializer: __D, ) -> Result<CapabilityToken, <__D as Deserializer<'de>>::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for CapabilityToken

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.