Enum KeyId

Source

pub enum KeyId {
    Binary(Vec<u8>),
    String(String),
}

Expand description

Key identifier that can be either a binary or string value.

The key identifier (kid) is used to indicate which key was used to secure the token. This allows the recipient to select the appropriate key for verification without having to try each key.

§Examples

Creating a string key identifier:

use common_access_token::KeyId;

let string_kid = KeyId::string("my-key-2023");

Creating a binary key identifier:

use common_access_token::KeyId;

let binary_kid = KeyId::binary(vec![0x01, 0x02, 0x03, 0x04]);

Variants§

§

Binary(Vec<u8>)

Binary key identifier (for binary key identifiers like UUIDs or hashes)

§

String(String)

String key identifier (for human-readable key identifiers)

Implementations§

Source §

impl KeyId

Source

pub fn binary<T: Into<Vec<u8>>>(data: T) -> Self

Create a new binary key identifier

Examples found in repository ?

examples/basic_usage.rs (line 73)

66fn create_token_with_binary_kid(key: &[u8]) -> common_access_token::Token {
67    let now = current_timestamp();
68    let binary_kid = vec![0x01, 0x02, 0x03, 0x04, 0x05];
69
70    // Create a token with binary key ID
71    TokenBuilder::new()
72        .algorithm(Algorithm::HmacSha256)
73        .protected_key_id(KeyId::binary(binary_kid))
74        .registered_claims(
75            RegisteredClaims::new()
76                .with_issuer("example-issuer")
77                .with_subject("example-subject")
78                .with_audience("example-audience")
79                .with_expiration(now + 3600) // 1 hour from now
80                .with_not_before(now)
81                .with_issued_at(now),
82        )
83        .sign(key)
84        .expect("Failed to sign token")
85}

Source

pub fn string<T: Into<String>>(data: T) -> Self

Create a new string key identifier

Examples found in repository ?

examples/basic_usage.rs (line 47)

41fn create_token_with_string_kid(key: &[u8]) -> common_access_token::Token {
42    let now = current_timestamp();
43
44    // Create a token with string key ID
45    TokenBuilder::new()
46        .algorithm(Algorithm::HmacSha256)
47        .protected_key_id(KeyId::string("string-key-example"))
48        .registered_claims(
49            RegisteredClaims::new()
50                .with_issuer("example-issuer")
51                .with_subject("example-subject")
52                .with_audience("example-audience")
53                .with_expiration(now + 3600) // 1 hour from now
54                .with_not_before(now)
55                .with_issued_at(now)
56                .with_cti(b"token-id-1234".to_vec()),
57        )
58        .custom_string(100, "custom-string-value")
59        .custom_binary(101, b"custom-binary-value".to_vec())
60        .custom_int(102, 12345)
61        .sign(key)
62        .expect("Failed to sign token")
63}
64
65/// Create a token with a binary key ID
66fn create_token_with_binary_kid(key: &[u8]) -> common_access_token::Token {
67    let now = current_timestamp();
68    let binary_kid = vec![0x01, 0x02, 0x03, 0x04, 0x05];
69
70    // Create a token with binary key ID
71    TokenBuilder::new()
72        .algorithm(Algorithm::HmacSha256)
73        .protected_key_id(KeyId::binary(binary_kid))
74        .registered_claims(
75            RegisteredClaims::new()
76                .with_issuer("example-issuer")
77                .with_subject("example-subject")
78                .with_audience("example-audience")
79                .with_expiration(now + 3600) // 1 hour from now
80                .with_not_before(now)
81                .with_issued_at(now),
82        )
83        .sign(key)
84        .expect("Failed to sign token")
85}
86
87/// Create a token with a nested map claim
88fn create_token_with_nested_map(key: &[u8]) -> common_access_token::Token {
89    let now = current_timestamp();
90
91    // Create a nested map for the token
92    let mut nested_map = BTreeMap::new();
93    nested_map.insert(1, CborValue::Text("nested-text-value".to_string()));
94    nested_map.insert(2, CborValue::Integer(42));
95    nested_map.insert(3, CborValue::Bytes(vec![1, 2, 3, 4, 5]));
96
97    // Create a second level nested map
98    let mut second_level_map = BTreeMap::new();
99    second_level_map.insert(1, CborValue::Text("second-level-text".to_string()));
100    second_level_map.insert(2, CborValue::Integer(99));
101
102    // Add the second level map to the first level
103    nested_map.insert(4, CborValue::Map(second_level_map));
104
105    // Create a token with a nested map claim
106    TokenBuilder::new()
107        .algorithm(Algorithm::HmacSha256)
108        .protected_key_id(KeyId::string("nested-map-example"))
109        .registered_claims(
110            RegisteredClaims::new()
111                .with_issuer("example-issuer")
112                .with_subject("example-subject")
113                .with_audience("example-audience")
114                .with_expiration(now + 3600) // 1 hour from now
115                .with_not_before(now)
116                .with_issued_at(now),
117        )
118        .custom_map(200, nested_map)
119        .sign(key)
120        .expect("Failed to sign token")
121}

More examples

Hide additional examples

examples/cat_specific_claims.rs (line 68)

41fn create_token_with_cat_claims(key: &[u8]) -> common_access_token::Token {
42    let now = current_timestamp();
43
44    // Create a CATU claim (Common Access Token URI)
45    let mut catu_components = BTreeMap::new();
46
47    // Restrict to https scheme
48    catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
49
50    // Restrict to example.com host
51    catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
52
53    // Restrict to paths starting with /content
54    catu_components.insert(uri_components::PATH, catu::prefix_match("/content"));
55
56    // Restrict to .m3u8 files
57    catu_components.insert(uri_components::EXTENSION, catu::exact_match(".m3u8"));
58
59    // Create a CATM claim (Common Access Token Methods)
60    let allowed_methods = vec!["GET", "HEAD"];
61
62    // Create a CATR claim (Common Access Token Renewal)
63    let renewal_params = catr::automatic_renewal(3600, Some((now + 3000) as i64));
64
65    // Build the token with CAT-specific claims
66    TokenBuilder::new()
67        .algorithm(Algorithm::HmacSha256)
68        .protected_key_id(KeyId::string("example-key-id"))
69        .registered_claims(
70            RegisteredClaims::new()
71                .with_issuer("example-issuer")
72                .with_subject("example-subject")
73                .with_audience("example-audience")
74                .with_expiration(now + 3600) // 1 hour from now
75                .with_not_before(now)
76                .with_issued_at(now)
77                .with_cti(b"token-id-1234".to_vec()),
78        )
79        // Add CAT-specific claims
80        .custom_cbor(cat_keys::CATU, catu::create(catu_components))
81        .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
82        .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
83        .custom_int(cat_keys::CATV, 1) // Version 1
84        .custom_array(cat_keys::CATM, catm::create(allowed_methods))
85        .sign(key)
86        .expect("Failed to sign token")
87}

examples/cat_validation.rs (line 72)

38fn create_token_with_cat_claims(key: &[u8], now: i64) -> common_access_token::Token {
39    println!("Creating token with CAT-specific claims...");
40
41    // 1. Create a CATU claim (Common Access Token URI)
42    let mut catu_components = BTreeMap::new();
43
44    // Restrict to https scheme
45    catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
46
47    // Restrict to example.com host
48    catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
49
50    // Restrict to paths starting with /api
51    catu_components.insert(uri_components::PATH, catu::prefix_match("/api"));
52
53    // Restrict to .json extension
54    catu_components.insert(uri_components::EXTENSION, catu::exact_match(".json"));
55
56    println!("  Added CATU claim with URI restrictions");
57
58    // 2. Create a CATM claim (Common Access Token Methods)
59    let allowed_methods = vec!["GET", "HEAD", "OPTIONS"];
60    println!("  Added CATM claim allowing methods: {:?}", allowed_methods);
61
62    // 3. Create a CATR claim (Common Access Token Renewal)
63    let renewal_params = catr::automatic_renewal(3600, Some(now + 3000));
64    println!("  Added CATR claim with automatic renewal");
65
66    // 4. Create a CATREPLAY claim (prohibit token replay)
67    println!("  Added CATREPLAY claim prohibiting token replay");
68
69    // Build the token with all CAT-specific claims
70    TokenBuilder::new()
71        .algorithm(Algorithm::HmacSha256)
72        .protected_key_id(KeyId::string("example-key-id"))
73        .registered_claims(
74            RegisteredClaims::new()
75                .with_issuer("example-issuer")
76                .with_subject("example-subject")
77                .with_audience("example-audience")
78                .with_expiration(now as u64 + 3600) // 1 hour from now
79                .with_not_before(now as u64)
80                .with_issued_at(now as u64)
81                .with_cti(b"token-id-1234".to_vec()),
82        )
83        // Add CAT-specific claims
84        .custom_cbor(cat_keys::CATU, catu::create(catu_components))
85        .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
86        .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
87        .custom_array(cat_keys::CATM, catm::create(allowed_methods))
88        .sign(key)
89        .expect("Failed to sign token")
90}