KeyId

common_access_token::header

Enum KeyId 

Source 
pub enum KeyId {
    Binary(Vec<u8>),
    String(String),
}
Expand description

Key identifier that can be either a binary or string value.

The key identifier (kid) is used to indicate which key was used to secure the token. This allows the recipient to select the appropriate key for verification without having to try each key.

§Examples

Creating a string key identifier:

use common_access_token::KeyId;

let string_kid = KeyId::string("my-key-2023");

Creating a binary key identifier:

use common_access_token::KeyId;

let binary_kid = KeyId::binary(vec![0x01, 0x02, 0x03, 0x04]);

Variants§

§

Binary(Vec<u8>)

Binary key identifier (for binary key identifiers like UUIDs or hashes)

§

String(String)

String key identifier (for human-readable key identifiers)

Implementations§

Source§

impl KeyId

Source

pub fn binary<T: Into<Vec<u8>>>(data: T) -> Self

Create a new binary key identifier

Examples found in repository?
examples/basic_usage.rs (line 73)
66fn create_token_with_binary_kid(key: &[u8]) -> common_access_token::Token {
67    let now = current_timestamp();
68    let binary_kid = vec![0x01, 0x02, 0x03, 0x04, 0x05];
69
70    // Create a token with binary key ID
71    TokenBuilder::new()
72        .algorithm(Algorithm::HmacSha256)
73        .protected_key_id(KeyId::binary(binary_kid))
74        .registered_claims(
75            RegisteredClaims::new()
76                .with_issuer("example-issuer")
77                .with_subject("example-subject")
78                .with_audience("example-audience")
79                .with_expiration(now + 3600) // 1 hour from now
80                .with_not_before(now)
81                .with_issued_at(now),
82        )
83        .sign(key)
84        .expect("Failed to sign token")
85}
Source

pub fn string<T: Into<String>>(data: T) -> Self

Create a new string key identifier

Examples found in repository?
examples/basic_usage.rs (line 47)
41fn create_token_with_string_kid(key: &[u8]) -> common_access_token::Token {
42    let now = current_timestamp();
43
44    // Create a token with string key ID
45    TokenBuilder::new()
46        .algorithm(Algorithm::HmacSha256)
47        .protected_key_id(KeyId::string("string-key-example"))
48        .registered_claims(
49            RegisteredClaims::new()
50                .with_issuer("example-issuer")
51                .with_subject("example-subject")
52                .with_audience("example-audience")
53                .with_expiration(now + 3600) // 1 hour from now
54                .with_not_before(now)
55                .with_issued_at(now)
56                .with_cti(b"token-id-1234".to_vec()),
57        )
58        .custom_string(100, "custom-string-value")
59        .custom_binary(101, b"custom-binary-value".to_vec())
60        .custom_int(102, 12345)
61        .sign(key)
62        .expect("Failed to sign token")
63}
64
65/// Create a token with a binary key ID
66fn create_token_with_binary_kid(key: &[u8]) -> common_access_token::Token {
67    let now = current_timestamp();
68    let binary_kid = vec![0x01, 0x02, 0x03, 0x04, 0x05];
69
70    // Create a token with binary key ID
71    TokenBuilder::new()
72        .algorithm(Algorithm::HmacSha256)
73        .protected_key_id(KeyId::binary(binary_kid))
74        .registered_claims(
75            RegisteredClaims::new()
76                .with_issuer("example-issuer")
77                .with_subject("example-subject")
78                .with_audience("example-audience")
79                .with_expiration(now + 3600) // 1 hour from now
80                .with_not_before(now)
81                .with_issued_at(now),
82        )
83        .sign(key)
84        .expect("Failed to sign token")
85}
86
87/// Create a token with a nested map claim
88fn create_token_with_nested_map(key: &[u8]) -> common_access_token::Token {
89    let now = current_timestamp();
90
91    // Create a nested map for the token
92    let mut nested_map = BTreeMap::new();
93    nested_map.insert(1, CborValue::Text("nested-text-value".to_string()));
94    nested_map.insert(2, CborValue::Integer(42));
95    nested_map.insert(3, CborValue::Bytes(vec![1, 2, 3, 4, 5]));
96
97    // Create a second level nested map
98    let mut second_level_map = BTreeMap::new();
99    second_level_map.insert(1, CborValue::Text("second-level-text".to_string()));
100    second_level_map.insert(2, CborValue::Integer(99));
101
102    // Add the second level map to the first level
103    nested_map.insert(4, CborValue::Map(second_level_map));
104
105    // Create a token with a nested map claim
106    TokenBuilder::new()
107        .algorithm(Algorithm::HmacSha256)
108        .protected_key_id(KeyId::string("nested-map-example"))
109        .registered_claims(
110            RegisteredClaims::new()
111                .with_issuer("example-issuer")
112                .with_subject("example-subject")
113                .with_audience("example-audience")
114                .with_expiration(now + 3600) // 1 hour from now
115                .with_not_before(now)
116                .with_issued_at(now),
117        )
118        .custom_map(200, nested_map)
119        .sign(key)
120        .expect("Failed to sign token")
121}
More examples
Hide additional examples
examples/cat_specific_claims.rs (line 68)
41fn create_token_with_cat_claims(key: &[u8]) -> common_access_token::Token {
42    let now = current_timestamp();
43
44    // Create a CATU claim (Common Access Token URI)
45    let mut catu_components = BTreeMap::new();
46
47    // Restrict to https scheme
48    catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
49
50    // Restrict to example.com host
51    catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
52
53    // Restrict to paths starting with /content
54    catu_components.insert(uri_components::PATH, catu::prefix_match("/content"));
55
56    // Restrict to .m3u8 files
57    catu_components.insert(uri_components::EXTENSION, catu::exact_match(".m3u8"));
58
59    // Create a CATM claim (Common Access Token Methods)
60    let allowed_methods = vec!["GET", "HEAD"];
61
62    // Create a CATR claim (Common Access Token Renewal)
63    let renewal_params = catr::automatic_renewal(3600, Some((now + 3000) as i64));
64
65    // Build the token with CAT-specific claims
66    TokenBuilder::new()
67        .algorithm(Algorithm::HmacSha256)
68        .protected_key_id(KeyId::string("example-key-id"))
69        .registered_claims(
70            RegisteredClaims::new()
71                .with_issuer("example-issuer")
72                .with_subject("example-subject")
73                .with_audience("example-audience")
74                .with_expiration(now + 3600) // 1 hour from now
75                .with_not_before(now)
76                .with_issued_at(now)
77                .with_cti(b"token-id-1234".to_vec()),
78        )
79        // Add CAT-specific claims
80        .custom_cbor(cat_keys::CATU, catu::create(catu_components))
81        .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
82        .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
83        .custom_int(cat_keys::CATV, 1) // Version 1
84        .custom_array(cat_keys::CATM, catm::create(allowed_methods))
85        .sign(key)
86        .expect("Failed to sign token")
87}
examples/cat_validation.rs (line 72)
38fn create_token_with_cat_claims(key: &[u8], now: i64) -> common_access_token::Token {
39    println!("Creating token with CAT-specific claims...");
40
41    // 1. Create a CATU claim (Common Access Token URI)
42    let mut catu_components = BTreeMap::new();
43
44    // Restrict to https scheme
45    catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
46
47    // Restrict to example.com host
48    catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
49
50    // Restrict to paths starting with /api
51    catu_components.insert(uri_components::PATH, catu::prefix_match("/api"));
52
53    // Restrict to .json extension
54    catu_components.insert(uri_components::EXTENSION, catu::exact_match(".json"));
55
56    println!("  Added CATU claim with URI restrictions");
57
58    // 2. Create a CATM claim (Common Access Token Methods)
59    let allowed_methods = vec!["GET", "HEAD", "OPTIONS"];
60    println!("  Added CATM claim allowing methods: {:?}", allowed_methods);
61
62    // 3. Create a CATR claim (Common Access Token Renewal)
63    let renewal_params = catr::automatic_renewal(3600, Some(now + 3000));
64    println!("  Added CATR claim with automatic renewal");
65
66    // 4. Create a CATREPLAY claim (prohibit token replay)
67    println!("  Added CATREPLAY claim prohibiting token replay");
68
69    // Build the token with all CAT-specific claims
70    TokenBuilder::new()
71        .algorithm(Algorithm::HmacSha256)
72        .protected_key_id(KeyId::string("example-key-id"))
73        .registered_claims(
74            RegisteredClaims::new()
75                .with_issuer("example-issuer")
76                .with_subject("example-subject")
77                .with_audience("example-audience")
78                .with_expiration(now as u64 + 3600) // 1 hour from now
79                .with_not_before(now as u64)
80                .with_issued_at(now as u64)
81                .with_cti(b"token-id-1234".to_vec()),
82        )
83        // Add CAT-specific claims
84        .custom_cbor(cat_keys::CATU, catu::create(catu_components))
85        .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
86        .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
87        .custom_array(cat_keys::CATM, catm::create(allowed_methods))
88        .sign(key)
89        .expect("Failed to sign token")
90}
examples/extended_cat_claims.rs (line 30)
20fn main() {
21    let key = b"my-secret-key-for-hmac-sha256";
22    let now = current_timestamp();
23
24    println!("=== Extended CAT Claims Example ===\n");
25
26    // Example 1: Token with probability of rejection (CATPOR)
27    println!("1. Creating token with CATPOR (25% rejection probability)");
28    let token_with_catpor = TokenBuilder::new()
29        .algorithm(Algorithm::HmacSha256)
30        .protected_key_id(KeyId::string("key-1"))
31        .registered_claims(
32            RegisteredClaims::new()
33                .with_issuer("example-issuer")
34                .with_expiration(now + 3600),
35        )
36        .custom_cbor(cat_keys::CATPOR, catpor::create(25))
37        .sign(key)
38        .expect("Failed to sign token");
39
40    println!("   ✓ Token created with CATPOR: 25% rejection probability\n");
41
42    // Example 2: Token with network IP restrictions (CATNIP)
43    println!("2. Creating token with CATNIP (IP restrictions)");
44    let token_with_catnip = TokenBuilder::new()
45        .algorithm(Algorithm::HmacSha256)
46        .protected_key_id(KeyId::string("key-2"))
47        .registered_claims(
48            RegisteredClaims::new()
49                .with_issuer("example-issuer")
50                .with_expiration(now + 3600),
51        )
52        .custom_array(
53            cat_keys::CATNIP,
54            catnip::create(vec!["192.168.1.0/24", "10.0.0.0/8"]),
55        )
56        .sign(key)
57        .expect("Failed to sign token");
58
59    println!("   ✓ Token created with CATNIP: 192.168.1.0/24, 10.0.0.0/8\n");
60
61    // Example 3: Token with ALPN restrictions (CATALPN)
62    println!("3. Creating token with CATALPN (HTTP/2 only)");
63    let token_with_catalpn = TokenBuilder::new()
64        .algorithm(Algorithm::HmacSha256)
65        .protected_key_id(KeyId::string("key-3"))
66        .registered_claims(
67            RegisteredClaims::new()
68                .with_issuer("example-issuer")
69                .with_expiration(now + 3600),
70        )
71        .custom_array(cat_keys::CATALPN, catalpn::http2_only())
72        .sign(key)
73        .expect("Failed to sign token");
74
75    println!("   ✓ Token created with CATALPN: h2 only\n");
76
77    // Example 4: Token with HTTP header requirements (CATH)
78    println!("4. Creating token with CATH (custom headers)");
79    let mut headers = BTreeMap::new();
80    headers.insert("X-API-Key", "secret-api-key");
81    headers.insert("X-Client-Version", "1.0");
82
83    let token_with_cath = TokenBuilder::new()
84        .algorithm(Algorithm::HmacSha256)
85        .protected_key_id(KeyId::string("key-4"))
86        .registered_claims(
87            RegisteredClaims::new()
88                .with_issuer("example-issuer")
89                .with_expiration(now + 3600),
90        )
91        .custom_cbor(cat_keys::CATH, cath::create(headers))
92        .sign(key)
93        .expect("Failed to sign token");
94
95    println!("   ✓ Token created with CATH: X-API-Key, X-Client-Version\n");
96
97    // Example 5: Token with geographic restrictions (CATGEO*)
98    println!("5. Creating token with geographic restrictions");
99    let token_with_geo = TokenBuilder::new()
100        .algorithm(Algorithm::HmacSha256)
101        .protected_key_id(KeyId::string("key-5"))
102        .registered_claims(
103            RegisteredClaims::new()
104                .with_issuer("example-issuer")
105                .with_expiration(now + 3600),
106        )
107        // Country restriction
108        .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
109        // Coordinate restriction (New York City with 5km radius)
110        .custom_cbor(
111            cat_keys::CATGEOCOORD,
112            catgeocoord::with_radius(40.7128, -74.0060, 5000),
113        )
114        // Altitude restriction (0-1000 meters)
115        .custom_cbor(cat_keys::CATGEOALT, catgeoalt::range(0, 1000))
116        .sign(key)
117        .expect("Failed to sign token");
118
119    println!("   ✓ Token created with CATGEOISO3166: US");
120    println!("   ✓ Token created with CATGEOCOORD: NYC (40.7128, -74.0060) ±5km");
121    println!("   ✓ Token created with CATGEOALT: 0-1000m\n");
122
123    // Example 6: Token with TLS public key pinning (CATTPK)
124    println!("6. Creating token with CATTPK (TLS key pinning)");
125    // In a real scenario, this would be the SHA-256 hash of a certificate's public key
126    let public_key_hash = vec![
127        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
128        0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
129        0xcd, 0xef,
130    ];
131
132    let token_with_cattpk = TokenBuilder::new()
133        .algorithm(Algorithm::HmacSha256)
134        .protected_key_id(KeyId::string("key-6"))
135        .registered_claims(
136            RegisteredClaims::new()
137                .with_issuer("example-issuer")
138                .with_expiration(now + 3600),
139        )
140        .custom_cbor(cat_keys::CATTPK, cattpk::create(public_key_hash.clone()))
141        .sign(key)
142        .expect("Failed to sign token");
143
144    println!("   ✓ Token created with CATTPK: public key hash (32 bytes)\n");
145
146    // Example 7: Token with DPoP settings (CATDPOP)
147    println!("7. Creating token with CATDPOP (DPoP required)");
148    let token_with_catdpop = TokenBuilder::new()
149        .algorithm(Algorithm::HmacSha256)
150        .protected_key_id(KeyId::string("key-7"))
151        .registered_claims(
152            RegisteredClaims::new()
153                .with_issuer("example-issuer")
154                .with_expiration(now + 3600),
155        )
156        .custom_cbor(cat_keys::CATDPOP, catdpop::required())
157        .sign(key)
158        .expect("Failed to sign token");
159
160    println!("   ✓ Token created with CATDPOP: DPoP required\n");
161
162    // Example 8: Token with conditional logic (CATIF/CATIFDATA)
163    println!("8. Creating token with CATIF and CATIFDATA");
164    let mut condition = BTreeMap::new();
165    condition.insert(0, common_access_token::CborValue::Text("role".to_string()));
166    condition.insert(
167        1,
168        common_access_token::CborValue::Text("equals".to_string()),
169    );
170    condition.insert(2, common_access_token::CborValue::Text("admin".to_string()));
171
172    let mut if_data = BTreeMap::new();
173    if_data.insert(0, common_access_token::CborValue::Text("role".to_string()));
174    if_data.insert(1, common_access_token::CborValue::Text("admin".to_string()));
175
176    let token_with_catif = TokenBuilder::new()
177        .algorithm(Algorithm::HmacSha256)
178        .protected_key_id(KeyId::string("key-8"))
179        .registered_claims(
180            RegisteredClaims::new()
181                .with_issuer("example-issuer")
182                .with_expiration(now + 3600),
183        )
184        .custom_cbor(cat_keys::CATIF, catif::create(condition))
185        .custom_cbor(cat_keys::CATIFDATA, catifdata::create(if_data))
186        .sign(key)
187        .expect("Failed to sign token");
188
189    println!("   ✓ Token created with CATIF: conditional logic");
190    println!("   ✓ Token created with CATIFDATA: role=admin\n");
191
192    // Example 9: Comprehensive token with multiple CAT claims
193    println!("9. Creating comprehensive token with multiple CAT claims");
194    let comprehensive_token = TokenBuilder::new()
195        .algorithm(Algorithm::HmacSha256)
196        .protected_key_id(KeyId::string("comprehensive-key"))
197        .registered_claims(
198            RegisteredClaims::new()
199                .with_issuer("secure-service")
200                .with_subject("user-12345")
201                .with_audience("api.example.com")
202                .with_expiration(now + 7200),
203        )
204        .custom_cbor(cat_keys::CATV, catv::with_version(1))
205        .custom_cbor(cat_keys::CATPOR, catpor::create(10))
206        .custom_array(cat_keys::CATNIP, catnip::single("203.0.113.0/24"))
207        .custom_array(cat_keys::CATALPN, catalpn::create(vec!["h2", "http/1.1"]))
208        .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
209        .sign(key)
210        .expect("Failed to sign token");
211
212    println!("   ✓ Comprehensive token created with:");
213    println!("     - CATV: version 1");
214    println!("     - CATPOR: 10% rejection probability");
215    println!("     - CATNIP: 203.0.113.0/24");
216    println!("     - CATALPN: h2, http/1.1");
217    println!("     - CATGEOISO3166: US");
218
219    // Verify all tokens can be encoded
220    println!("\n=== Verification ===");
221    let tokens = vec![
222        ("CATPOR", &token_with_catpor),
223        ("CATNIP", &token_with_catnip),
224        ("CATALPN", &token_with_catalpn),
225        ("CATH", &token_with_cath),
226        ("CATGEO*", &token_with_geo),
227        ("CATTPK", &token_with_cattpk),
228        ("CATDPOP", &token_with_catdpop),
229        ("CATIF", &token_with_catif),
230        ("Comprehensive", &comprehensive_token),
231    ];
232
233    for (name, token) in tokens {
234        let token_bytes = token.to_bytes().expect("Failed to encode token");
235        println!("✓ {} token encoded ({} bytes)", name, token_bytes.len());
236    }
237
238    println!("\n=== All Extended CAT Claims Examples Completed Successfully ===");
239}
Source

pub fn as_bytes(&self) -> &[u8]

Get the key identifier as bytes

Trait Implementations§

Source§

impl Clone for KeyId

Source§

fn clone(&self) -> KeyId

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for KeyId

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl PartialEq for KeyId

Source§

fn eq(&self, other: &KeyId) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Eq for KeyId

Source§

impl StructuralPartialEq for KeyId

Auto Trait Implementations§

§

impl Freeze for KeyId

§

impl RefUnwindSafe for KeyId

§

impl Send for KeyId

§

impl Sync for KeyId

§

impl Unpin for KeyId

§

impl UnwindSafe for KeyId

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> ErasedDestructor for T
where T: 'static,