Function single

Source

pub fn single(ip_address: &str) -> Vec<CborValue>

Expand description

Creates a CATNIP claim with a single IP address

Examples found in repository ?

examples/extended_cat_claims.rs (line 206)

20fn main() {
21    let key = b"my-secret-key-for-hmac-sha256";
22    let now = current_timestamp();
23
24    println!("=== Extended CAT Claims Example ===\n");
25
26    // Example 1: Token with probability of rejection (CATPOR)
27    println!("1. Creating token with CATPOR (25% rejection probability)");
28    let token_with_catpor = TokenBuilder::new()
29        .algorithm(Algorithm::HmacSha256)
30        .protected_key_id(KeyId::string("key-1"))
31        .registered_claims(
32            RegisteredClaims::new()
33                .with_issuer("example-issuer")
34                .with_expiration(now + 3600),
35        )
36        .custom_cbor(cat_keys::CATPOR, catpor::create(25))
37        .sign(key)
38        .expect("Failed to sign token");
39
40    println!("   ✓ Token created with CATPOR: 25% rejection probability\n");
41
42    // Example 2: Token with network IP restrictions (CATNIP)
43    println!("2. Creating token with CATNIP (IP restrictions)");
44    let token_with_catnip = TokenBuilder::new()
45        .algorithm(Algorithm::HmacSha256)
46        .protected_key_id(KeyId::string("key-2"))
47        .registered_claims(
48            RegisteredClaims::new()
49                .with_issuer("example-issuer")
50                .with_expiration(now + 3600),
51        )
52        .custom_array(
53            cat_keys::CATNIP,
54            catnip::create(vec!["192.168.1.0/24", "10.0.0.0/8"]),
55        )
56        .sign(key)
57        .expect("Failed to sign token");
58
59    println!("   ✓ Token created with CATNIP: 192.168.1.0/24, 10.0.0.0/8\n");
60
61    // Example 3: Token with ALPN restrictions (CATALPN)
62    println!("3. Creating token with CATALPN (HTTP/2 only)");
63    let token_with_catalpn = TokenBuilder::new()
64        .algorithm(Algorithm::HmacSha256)
65        .protected_key_id(KeyId::string("key-3"))
66        .registered_claims(
67            RegisteredClaims::new()
68                .with_issuer("example-issuer")
69                .with_expiration(now + 3600),
70        )
71        .custom_array(cat_keys::CATALPN, catalpn::http2_only())
72        .sign(key)
73        .expect("Failed to sign token");
74
75    println!("   ✓ Token created with CATALPN: h2 only\n");
76
77    // Example 4: Token with HTTP header requirements (CATH)
78    println!("4. Creating token with CATH (custom headers)");
79    let mut headers = BTreeMap::new();
80    headers.insert("X-API-Key", "secret-api-key");
81    headers.insert("X-Client-Version", "1.0");
82
83    let token_with_cath = TokenBuilder::new()
84        .algorithm(Algorithm::HmacSha256)
85        .protected_key_id(KeyId::string("key-4"))
86        .registered_claims(
87            RegisteredClaims::new()
88                .with_issuer("example-issuer")
89                .with_expiration(now + 3600),
90        )
91        .custom_cbor(cat_keys::CATH, cath::create(headers))
92        .sign(key)
93        .expect("Failed to sign token");
94
95    println!("   ✓ Token created with CATH: X-API-Key, X-Client-Version\n");
96
97    // Example 5: Token with geographic restrictions (CATGEO*)
98    println!("5. Creating token with geographic restrictions");
99    let token_with_geo = TokenBuilder::new()
100        .algorithm(Algorithm::HmacSha256)
101        .protected_key_id(KeyId::string("key-5"))
102        .registered_claims(
103            RegisteredClaims::new()
104                .with_issuer("example-issuer")
105                .with_expiration(now + 3600),
106        )
107        // Country restriction
108        .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
109        // Coordinate restriction (New York City with 5km radius)
110        .custom_cbor(
111            cat_keys::CATGEOCOORD,
112            catgeocoord::with_radius(40.7128, -74.0060, 5000),
113        )
114        // Altitude restriction (0-1000 meters)
115        .custom_cbor(cat_keys::CATGEOALT, catgeoalt::range(0, 1000))
116        .sign(key)
117        .expect("Failed to sign token");
118
119    println!("   ✓ Token created with CATGEOISO3166: US");
120    println!("   ✓ Token created with CATGEOCOORD: NYC (40.7128, -74.0060) ±5km");
121    println!("   ✓ Token created with CATGEOALT: 0-1000m\n");
122
123    // Example 6: Token with TLS public key pinning (CATTPK)
124    println!("6. Creating token with CATTPK (TLS key pinning)");
125    // In a real scenario, this would be the SHA-256 hash of a certificate's public key
126    let public_key_hash = vec![
127        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
128        0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
129        0xcd, 0xef,
130    ];
131
132    let token_with_cattpk = TokenBuilder::new()
133        .algorithm(Algorithm::HmacSha256)
134        .protected_key_id(KeyId::string("key-6"))
135        .registered_claims(
136            RegisteredClaims::new()
137                .with_issuer("example-issuer")
138                .with_expiration(now + 3600),
139        )
140        .custom_cbor(cat_keys::CATTPK, cattpk::create(public_key_hash.clone()))
141        .sign(key)
142        .expect("Failed to sign token");
143
144    println!("   ✓ Token created with CATTPK: public key hash (32 bytes)\n");
145
146    // Example 7: Token with DPoP settings (CATDPOP)
147    println!("7. Creating token with CATDPOP (DPoP required)");
148    let token_with_catdpop = TokenBuilder::new()
149        .algorithm(Algorithm::HmacSha256)
150        .protected_key_id(KeyId::string("key-7"))
151        .registered_claims(
152            RegisteredClaims::new()
153                .with_issuer("example-issuer")
154                .with_expiration(now + 3600),
155        )
156        .custom_cbor(cat_keys::CATDPOP, catdpop::required())
157        .sign(key)
158        .expect("Failed to sign token");
159
160    println!("   ✓ Token created with CATDPOP: DPoP required\n");
161
162    // Example 8: Token with conditional logic (CATIF/CATIFDATA)
163    println!("8. Creating token with CATIF and CATIFDATA");
164    let mut condition = BTreeMap::new();
165    condition.insert(0, common_access_token::CborValue::Text("role".to_string()));
166    condition.insert(
167        1,
168        common_access_token::CborValue::Text("equals".to_string()),
169    );
170    condition.insert(2, common_access_token::CborValue::Text("admin".to_string()));
171
172    let mut if_data = BTreeMap::new();
173    if_data.insert(0, common_access_token::CborValue::Text("role".to_string()));
174    if_data.insert(1, common_access_token::CborValue::Text("admin".to_string()));
175
176    let token_with_catif = TokenBuilder::new()
177        .algorithm(Algorithm::HmacSha256)
178        .protected_key_id(KeyId::string("key-8"))
179        .registered_claims(
180            RegisteredClaims::new()
181                .with_issuer("example-issuer")
182                .with_expiration(now + 3600),
183        )
184        .custom_cbor(cat_keys::CATIF, catif::create(condition))
185        .custom_cbor(cat_keys::CATIFDATA, catifdata::create(if_data))
186        .sign(key)
187        .expect("Failed to sign token");
188
189    println!("   ✓ Token created with CATIF: conditional logic");
190    println!("   ✓ Token created with CATIFDATA: role=admin\n");
191
192    // Example 9: Comprehensive token with multiple CAT claims
193    println!("9. Creating comprehensive token with multiple CAT claims");
194    let comprehensive_token = TokenBuilder::new()
195        .algorithm(Algorithm::HmacSha256)
196        .protected_key_id(KeyId::string("comprehensive-key"))
197        .registered_claims(
198            RegisteredClaims::new()
199                .with_issuer("secure-service")
200                .with_subject("user-12345")
201                .with_audience("api.example.com")
202                .with_expiration(now + 7200),
203        )
204        .custom_cbor(cat_keys::CATV, catv::with_version(1))
205        .custom_cbor(cat_keys::CATPOR, catpor::create(10))
206        .custom_array(cat_keys::CATNIP, catnip::single("203.0.113.0/24"))
207        .custom_array(cat_keys::CATALPN, catalpn::create(vec!["h2", "http/1.1"]))
208        .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
209        .sign(key)
210        .expect("Failed to sign token");
211
212    println!("   ✓ Comprehensive token created with:");
213    println!("     - CATV: version 1");
214    println!("     - CATPOR: 10% rejection probability");
215    println!("     - CATNIP: 203.0.113.0/24");
216    println!("     - CATALPN: h2, http/1.1");
217    println!("     - CATGEOISO3166: US");
218
219    // Verify all tokens can be encoded
220    println!("\n=== Verification ===");
221    let tokens = vec![
222        ("CATPOR", &token_with_catpor),
223        ("CATNIP", &token_with_catnip),
224        ("CATALPN", &token_with_catalpn),
225        ("CATH", &token_with_cath),
226        ("CATGEO*", &token_with_geo),
227        ("CATTPK", &token_with_cattpk),
228        ("CATDPOP", &token_with_catdpop),
229        ("CATIF", &token_with_catif),
230        ("Comprehensive", &comprehensive_token),
231    ];
232
233    for (name, token) in tokens {
234        let token_bytes = token.to_bytes().expect("Failed to encode token");
235        println!("✓ {} token encoded ({} bytes)", name, token_bytes.len());
236    }
237
238    println!("\n=== All Extended CAT Claims Examples Completed Successfully ===");
239}

single

Function single Copy item path

Examples found in repository?

Function single

Examples found in repository ?