pub fn current_timestamp() -> u64Expand description
Get current timestamp in seconds since Unix epoch
Examples found in repository?
examples/basic_usage.rs (line 42)
41fn create_token_with_string_kid(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a token with string key ID
45 TokenBuilder::new()
46 .algorithm(Algorithm::HmacSha256)
47 .protected_key_id(KeyId::string("string-key-example"))
48 .registered_claims(
49 RegisteredClaims::new()
50 .with_issuer("example-issuer")
51 .with_subject("example-subject")
52 .with_audience("example-audience")
53 .with_expiration(now + 3600) // 1 hour from now
54 .with_not_before(now)
55 .with_issued_at(now)
56 .with_cti(b"token-id-1234".to_vec()),
57 )
58 .custom_string(100, "custom-string-value")
59 .custom_binary(101, b"custom-binary-value".to_vec())
60 .custom_int(102, 12345)
61 .sign(key)
62 .expect("Failed to sign token")
63}
64
65/// Create a token with a binary key ID
66fn create_token_with_binary_kid(key: &[u8]) -> common_access_token::Token {
67 let now = current_timestamp();
68 let binary_kid = vec![0x01, 0x02, 0x03, 0x04, 0x05];
69
70 // Create a token with binary key ID
71 TokenBuilder::new()
72 .algorithm(Algorithm::HmacSha256)
73 .protected_key_id(KeyId::binary(binary_kid))
74 .registered_claims(
75 RegisteredClaims::new()
76 .with_issuer("example-issuer")
77 .with_subject("example-subject")
78 .with_audience("example-audience")
79 .with_expiration(now + 3600) // 1 hour from now
80 .with_not_before(now)
81 .with_issued_at(now),
82 )
83 .sign(key)
84 .expect("Failed to sign token")
85}
86
87/// Create a token with a nested map claim
88fn create_token_with_nested_map(key: &[u8]) -> common_access_token::Token {
89 let now = current_timestamp();
90
91 // Create a nested map for the token
92 let mut nested_map = BTreeMap::new();
93 nested_map.insert(1, CborValue::Text("nested-text-value".to_string()));
94 nested_map.insert(2, CborValue::Integer(42));
95 nested_map.insert(3, CborValue::Bytes(vec![1, 2, 3, 4, 5]));
96
97 // Create a second level nested map
98 let mut second_level_map = BTreeMap::new();
99 second_level_map.insert(1, CborValue::Text("second-level-text".to_string()));
100 second_level_map.insert(2, CborValue::Integer(99));
101
102 // Add the second level map to the first level
103 nested_map.insert(4, CborValue::Map(second_level_map));
104
105 // Create a token with a nested map claim
106 TokenBuilder::new()
107 .algorithm(Algorithm::HmacSha256)
108 .protected_key_id(KeyId::string("nested-map-example"))
109 .registered_claims(
110 RegisteredClaims::new()
111 .with_issuer("example-issuer")
112 .with_subject("example-subject")
113 .with_audience("example-audience")
114 .with_expiration(now + 3600) // 1 hour from now
115 .with_not_before(now)
116 .with_issued_at(now),
117 )
118 .custom_map(200, nested_map)
119 .sign(key)
120 .expect("Failed to sign token")
121}
122
123/// Verify a token
124fn verify_token(token_bytes: &[u8], key: &[u8], expected_token_type: &str) {
125 // Decode the token
126 let token = match common_access_token::Token::from_bytes(token_bytes) {
127 Ok(token) => token,
128 Err(err) => {
129 println!("Failed to decode {} token: {}", expected_token_type, err);
130 return;
131 }
132 };
133
134 // Verify the signature
135 if let Err(err) = token.verify(key) {
136 println!(
137 "Failed to verify {} token signature: {}",
138 expected_token_type, err
139 );
140 return;
141 }
142
143 // Verify the claims
144 let options = VerificationOptions::new()
145 .verify_exp(true)
146 .verify_nbf(true)
147 .expected_issuer("example-issuer")
148 .expected_audience("example-audience");
149
150 if let Err(err) = token.verify_claims(&options) {
151 println!(
152 "Failed to verify {} token claims: {}",
153 expected_token_type, err
154 );
155 return;
156 }
157
158 // Get the key ID
159 let kid = token.header.key_id().expect("No key ID in token");
160 let kid_str = match &kid {
161 KeyId::Binary(data) => format!("Binary key ID: {:?}", data),
162 KeyId::String(data) => format!("String key ID: {}", data),
163 };
164
165 println!(
166 "Successfully verified {} token ({})",
167 expected_token_type, kid_str
168 );
169
170 // Print some claims
171 if let Some(iss) = &token.claims.registered.iss {
172 println!(" Issuer: {}", iss);
173 }
174 if let Some(sub) = &token.claims.registered.sub {
175 println!(" Subject: {}", sub);
176 }
177 if let Some(exp) = token.claims.registered.exp {
178 println!(
179 " Expires at: {} (in {} seconds)",
180 exp,
181 exp - current_timestamp()
182 );
183 }
184}More examples
examples/cat_validation.rs (line 10)
7fn main() {
8 // Create a key for signing and verification
9 let key = b"my-secret-key-for-hmac-sha256";
10 let now = current_timestamp() as i64;
11
12 // Create a token with multiple CAT-specific claims
13 let token = create_token_with_cat_claims(key, now);
14
15 // Encode token to bytes
16 let token_bytes = token.to_bytes().expect("Failed to encode token");
17 println!(
18 "Token with CAT claims encoded to {} bytes",
19 token_bytes.len()
20 );
21
22 // Decode the token
23 let decoded_token =
24 common_access_token::Token::from_bytes(&token_bytes).expect("Failed to decode token");
25
26 // Verify signature
27 decoded_token
28 .verify(key)
29 .expect("Failed to verify signature");
30
31 // Demonstrate different CAT-specific claim validations
32 validate_catu_claim(&decoded_token);
33 validate_catm_claim(&decoded_token);
34 validate_catreplay_claim(&decoded_token);
35}examples/cat_specific_claims.rs (line 42)
41fn create_token_with_cat_claims(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a CATU claim (Common Access Token URI)
45 let mut catu_components = BTreeMap::new();
46
47 // Restrict to https scheme
48 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
49
50 // Restrict to example.com host
51 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
52
53 // Restrict to paths starting with /content
54 catu_components.insert(uri_components::PATH, catu::prefix_match("/content"));
55
56 // Restrict to .m3u8 files
57 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".m3u8"));
58
59 // Create a CATM claim (Common Access Token Methods)
60 let allowed_methods = vec!["GET", "HEAD"];
61
62 // Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some((now + 3000) as i64));
64
65 // Build the token with CAT-specific claims
66 TokenBuilder::new()
67 .algorithm(Algorithm::HmacSha256)
68 .protected_key_id(KeyId::string("example-key-id"))
69 .registered_claims(
70 RegisteredClaims::new()
71 .with_issuer("example-issuer")
72 .with_subject("example-subject")
73 .with_audience("example-audience")
74 .with_expiration(now + 3600) // 1 hour from now
75 .with_not_before(now)
76 .with_issued_at(now)
77 .with_cti(b"token-id-1234".to_vec()),
78 )
79 // Add CAT-specific claims
80 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
81 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
82 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
83 .custom_int(cat_keys::CATV, 1) // Version 1
84 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
85 .sign(key)
86 .expect("Failed to sign token")
87}