pub struct TokenBuilder { /* private fields */ }Expand description
Builder for creating tokens
Implementations§
Source§impl TokenBuilder
impl TokenBuilder
Sourcepub fn new() -> Self
pub fn new() -> Self
Create a new token builder
Examples found in repository?
examples/basic_usage.rs (line 45)
41fn create_token_with_string_kid(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a token with string key ID
45 TokenBuilder::new()
46 .algorithm(Algorithm::HmacSha256)
47 .protected_key_id(KeyId::string("string-key-example"))
48 .registered_claims(
49 RegisteredClaims::new()
50 .with_issuer("example-issuer")
51 .with_subject("example-subject")
52 .with_audience("example-audience")
53 .with_expiration(now + 3600) // 1 hour from now
54 .with_not_before(now)
55 .with_issued_at(now)
56 .with_cti(b"token-id-1234".to_vec()),
57 )
58 .custom_string(100, "custom-string-value")
59 .custom_binary(101, b"custom-binary-value".to_vec())
60 .custom_int(102, 12345)
61 .sign(key)
62 .expect("Failed to sign token")
63}
64
65/// Create a token with a binary key ID
66fn create_token_with_binary_kid(key: &[u8]) -> common_access_token::Token {
67 let now = current_timestamp();
68 let binary_kid = vec![0x01, 0x02, 0x03, 0x04, 0x05];
69
70 // Create a token with binary key ID
71 TokenBuilder::new()
72 .algorithm(Algorithm::HmacSha256)
73 .protected_key_id(KeyId::binary(binary_kid))
74 .registered_claims(
75 RegisteredClaims::new()
76 .with_issuer("example-issuer")
77 .with_subject("example-subject")
78 .with_audience("example-audience")
79 .with_expiration(now + 3600) // 1 hour from now
80 .with_not_before(now)
81 .with_issued_at(now),
82 )
83 .sign(key)
84 .expect("Failed to sign token")
85}
86
87/// Create a token with a nested map claim
88fn create_token_with_nested_map(key: &[u8]) -> common_access_token::Token {
89 let now = current_timestamp();
90
91 // Create a nested map for the token
92 let mut nested_map = BTreeMap::new();
93 nested_map.insert(1, CborValue::Text("nested-text-value".to_string()));
94 nested_map.insert(2, CborValue::Integer(42));
95 nested_map.insert(3, CborValue::Bytes(vec![1, 2, 3, 4, 5]));
96
97 // Create a second level nested map
98 let mut second_level_map = BTreeMap::new();
99 second_level_map.insert(1, CborValue::Text("second-level-text".to_string()));
100 second_level_map.insert(2, CborValue::Integer(99));
101
102 // Add the second level map to the first level
103 nested_map.insert(4, CborValue::Map(second_level_map));
104
105 // Create a token with a nested map claim
106 TokenBuilder::new()
107 .algorithm(Algorithm::HmacSha256)
108 .protected_key_id(KeyId::string("nested-map-example"))
109 .registered_claims(
110 RegisteredClaims::new()
111 .with_issuer("example-issuer")
112 .with_subject("example-subject")
113 .with_audience("example-audience")
114 .with_expiration(now + 3600) // 1 hour from now
115 .with_not_before(now)
116 .with_issued_at(now),
117 )
118 .custom_map(200, nested_map)
119 .sign(key)
120 .expect("Failed to sign token")
121}More examples
examples/cat_specific_claims.rs (line 66)
41fn create_token_with_cat_claims(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a CATU claim (Common Access Token URI)
45 let mut catu_components = BTreeMap::new();
46
47 // Restrict to https scheme
48 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
49
50 // Restrict to example.com host
51 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
52
53 // Restrict to paths starting with /content
54 catu_components.insert(uri_components::PATH, catu::prefix_match("/content"));
55
56 // Restrict to .m3u8 files
57 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".m3u8"));
58
59 // Create a CATM claim (Common Access Token Methods)
60 let allowed_methods = vec!["GET", "HEAD"];
61
62 // Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some((now + 3000) as i64));
64
65 // Build the token with CAT-specific claims
66 TokenBuilder::new()
67 .algorithm(Algorithm::HmacSha256)
68 .protected_key_id(KeyId::string("example-key-id"))
69 .registered_claims(
70 RegisteredClaims::new()
71 .with_issuer("example-issuer")
72 .with_subject("example-subject")
73 .with_audience("example-audience")
74 .with_expiration(now + 3600) // 1 hour from now
75 .with_not_before(now)
76 .with_issued_at(now)
77 .with_cti(b"token-id-1234".to_vec()),
78 )
79 // Add CAT-specific claims
80 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
81 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
82 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
83 .custom_int(cat_keys::CATV, 1) // Version 1
84 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
85 .sign(key)
86 .expect("Failed to sign token")
87}examples/cat_validation.rs (line 70)
38fn create_token_with_cat_claims(key: &[u8], now: i64) -> common_access_token::Token {
39 println!("Creating token with CAT-specific claims...");
40
41 // 1. Create a CATU claim (Common Access Token URI)
42 let mut catu_components = BTreeMap::new();
43
44 // Restrict to https scheme
45 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
46
47 // Restrict to example.com host
48 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
49
50 // Restrict to paths starting with /api
51 catu_components.insert(uri_components::PATH, catu::prefix_match("/api"));
52
53 // Restrict to .json extension
54 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".json"));
55
56 println!(" Added CATU claim with URI restrictions");
57
58 // 2. Create a CATM claim (Common Access Token Methods)
59 let allowed_methods = vec!["GET", "HEAD", "OPTIONS"];
60 println!(" Added CATM claim allowing methods: {:?}", allowed_methods);
61
62 // 3. Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some(now + 3000));
64 println!(" Added CATR claim with automatic renewal");
65
66 // 4. Create a CATREPLAY claim (prohibit token replay)
67 println!(" Added CATREPLAY claim prohibiting token replay");
68
69 // Build the token with all CAT-specific claims
70 TokenBuilder::new()
71 .algorithm(Algorithm::HmacSha256)
72 .protected_key_id(KeyId::string("example-key-id"))
73 .registered_claims(
74 RegisteredClaims::new()
75 .with_issuer("example-issuer")
76 .with_subject("example-subject")
77 .with_audience("example-audience")
78 .with_expiration(now as u64 + 3600) // 1 hour from now
79 .with_not_before(now as u64)
80 .with_issued_at(now as u64)
81 .with_cti(b"token-id-1234".to_vec()),
82 )
83 // Add CAT-specific claims
84 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
85 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
86 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
87 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
88 .sign(key)
89 .expect("Failed to sign token")
90}examples/extended_cat_claims.rs (line 28)
20fn main() {
21 let key = b"my-secret-key-for-hmac-sha256";
22 let now = current_timestamp();
23
24 println!("=== Extended CAT Claims Example ===\n");
25
26 // Example 1: Token with probability of rejection (CATPOR)
27 println!("1. Creating token with CATPOR (25% rejection probability)");
28 let token_with_catpor = TokenBuilder::new()
29 .algorithm(Algorithm::HmacSha256)
30 .protected_key_id(KeyId::string("key-1"))
31 .registered_claims(
32 RegisteredClaims::new()
33 .with_issuer("example-issuer")
34 .with_expiration(now + 3600),
35 )
36 .custom_cbor(cat_keys::CATPOR, catpor::create(25))
37 .sign(key)
38 .expect("Failed to sign token");
39
40 println!(" ✓ Token created with CATPOR: 25% rejection probability\n");
41
42 // Example 2: Token with network IP restrictions (CATNIP)
43 println!("2. Creating token with CATNIP (IP restrictions)");
44 let token_with_catnip = TokenBuilder::new()
45 .algorithm(Algorithm::HmacSha256)
46 .protected_key_id(KeyId::string("key-2"))
47 .registered_claims(
48 RegisteredClaims::new()
49 .with_issuer("example-issuer")
50 .with_expiration(now + 3600),
51 )
52 .custom_array(
53 cat_keys::CATNIP,
54 catnip::create(vec!["192.168.1.0/24", "10.0.0.0/8"]),
55 )
56 .sign(key)
57 .expect("Failed to sign token");
58
59 println!(" ✓ Token created with CATNIP: 192.168.1.0/24, 10.0.0.0/8\n");
60
61 // Example 3: Token with ALPN restrictions (CATALPN)
62 println!("3. Creating token with CATALPN (HTTP/2 only)");
63 let token_with_catalpn = TokenBuilder::new()
64 .algorithm(Algorithm::HmacSha256)
65 .protected_key_id(KeyId::string("key-3"))
66 .registered_claims(
67 RegisteredClaims::new()
68 .with_issuer("example-issuer")
69 .with_expiration(now + 3600),
70 )
71 .custom_array(cat_keys::CATALPN, catalpn::http2_only())
72 .sign(key)
73 .expect("Failed to sign token");
74
75 println!(" ✓ Token created with CATALPN: h2 only\n");
76
77 // Example 4: Token with HTTP header requirements (CATH)
78 println!("4. Creating token with CATH (custom headers)");
79 let mut headers = BTreeMap::new();
80 headers.insert("X-API-Key", "secret-api-key");
81 headers.insert("X-Client-Version", "1.0");
82
83 let token_with_cath = TokenBuilder::new()
84 .algorithm(Algorithm::HmacSha256)
85 .protected_key_id(KeyId::string("key-4"))
86 .registered_claims(
87 RegisteredClaims::new()
88 .with_issuer("example-issuer")
89 .with_expiration(now + 3600),
90 )
91 .custom_cbor(cat_keys::CATH, cath::create(headers))
92 .sign(key)
93 .expect("Failed to sign token");
94
95 println!(" ✓ Token created with CATH: X-API-Key, X-Client-Version\n");
96
97 // Example 5: Token with geographic restrictions (CATGEO*)
98 println!("5. Creating token with geographic restrictions");
99 let token_with_geo = TokenBuilder::new()
100 .algorithm(Algorithm::HmacSha256)
101 .protected_key_id(KeyId::string("key-5"))
102 .registered_claims(
103 RegisteredClaims::new()
104 .with_issuer("example-issuer")
105 .with_expiration(now + 3600),
106 )
107 // Country restriction
108 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
109 // Coordinate restriction (New York City with 5km radius)
110 .custom_cbor(
111 cat_keys::CATGEOCOORD,
112 catgeocoord::with_radius(40.7128, -74.0060, 5000),
113 )
114 // Altitude restriction (0-1000 meters)
115 .custom_cbor(cat_keys::CATGEOALT, catgeoalt::range(0, 1000))
116 .sign(key)
117 .expect("Failed to sign token");
118
119 println!(" ✓ Token created with CATGEOISO3166: US");
120 println!(" ✓ Token created with CATGEOCOORD: NYC (40.7128, -74.0060) ±5km");
121 println!(" ✓ Token created with CATGEOALT: 0-1000m\n");
122
123 // Example 6: Token with TLS public key pinning (CATTPK)
124 println!("6. Creating token with CATTPK (TLS key pinning)");
125 // In a real scenario, this would be the SHA-256 hash of a certificate's public key
126 let public_key_hash = vec![
127 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
128 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
129 0xcd, 0xef,
130 ];
131
132 let token_with_cattpk = TokenBuilder::new()
133 .algorithm(Algorithm::HmacSha256)
134 .protected_key_id(KeyId::string("key-6"))
135 .registered_claims(
136 RegisteredClaims::new()
137 .with_issuer("example-issuer")
138 .with_expiration(now + 3600),
139 )
140 .custom_cbor(cat_keys::CATTPK, cattpk::create(public_key_hash.clone()))
141 .sign(key)
142 .expect("Failed to sign token");
143
144 println!(" ✓ Token created with CATTPK: public key hash (32 bytes)\n");
145
146 // Example 7: Token with DPoP settings (CATDPOP)
147 println!("7. Creating token with CATDPOP (DPoP required)");
148 let token_with_catdpop = TokenBuilder::new()
149 .algorithm(Algorithm::HmacSha256)
150 .protected_key_id(KeyId::string("key-7"))
151 .registered_claims(
152 RegisteredClaims::new()
153 .with_issuer("example-issuer")
154 .with_expiration(now + 3600),
155 )
156 .custom_cbor(cat_keys::CATDPOP, catdpop::required())
157 .sign(key)
158 .expect("Failed to sign token");
159
160 println!(" ✓ Token created with CATDPOP: DPoP required\n");
161
162 // Example 8: Token with conditional logic (CATIF/CATIFDATA)
163 println!("8. Creating token with CATIF and CATIFDATA");
164 let mut condition = BTreeMap::new();
165 condition.insert(0, common_access_token::CborValue::Text("role".to_string()));
166 condition.insert(
167 1,
168 common_access_token::CborValue::Text("equals".to_string()),
169 );
170 condition.insert(2, common_access_token::CborValue::Text("admin".to_string()));
171
172 let mut if_data = BTreeMap::new();
173 if_data.insert(0, common_access_token::CborValue::Text("role".to_string()));
174 if_data.insert(1, common_access_token::CborValue::Text("admin".to_string()));
175
176 let token_with_catif = TokenBuilder::new()
177 .algorithm(Algorithm::HmacSha256)
178 .protected_key_id(KeyId::string("key-8"))
179 .registered_claims(
180 RegisteredClaims::new()
181 .with_issuer("example-issuer")
182 .with_expiration(now + 3600),
183 )
184 .custom_cbor(cat_keys::CATIF, catif::create(condition))
185 .custom_cbor(cat_keys::CATIFDATA, catifdata::create(if_data))
186 .sign(key)
187 .expect("Failed to sign token");
188
189 println!(" ✓ Token created with CATIF: conditional logic");
190 println!(" ✓ Token created with CATIFDATA: role=admin\n");
191
192 // Example 9: Comprehensive token with multiple CAT claims
193 println!("9. Creating comprehensive token with multiple CAT claims");
194 let comprehensive_token = TokenBuilder::new()
195 .algorithm(Algorithm::HmacSha256)
196 .protected_key_id(KeyId::string("comprehensive-key"))
197 .registered_claims(
198 RegisteredClaims::new()
199 .with_issuer("secure-service")
200 .with_subject("user-12345")
201 .with_audience("api.example.com")
202 .with_expiration(now + 7200),
203 )
204 .custom_cbor(cat_keys::CATV, catv::with_version(1))
205 .custom_cbor(cat_keys::CATPOR, catpor::create(10))
206 .custom_array(cat_keys::CATNIP, catnip::single("203.0.113.0/24"))
207 .custom_array(cat_keys::CATALPN, catalpn::create(vec!["h2", "http/1.1"]))
208 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
209 .sign(key)
210 .expect("Failed to sign token");
211
212 println!(" ✓ Comprehensive token created with:");
213 println!(" - CATV: version 1");
214 println!(" - CATPOR: 10% rejection probability");
215 println!(" - CATNIP: 203.0.113.0/24");
216 println!(" - CATALPN: h2, http/1.1");
217 println!(" - CATGEOISO3166: US");
218
219 // Verify all tokens can be encoded
220 println!("\n=== Verification ===");
221 let tokens = vec![
222 ("CATPOR", &token_with_catpor),
223 ("CATNIP", &token_with_catnip),
224 ("CATALPN", &token_with_catalpn),
225 ("CATH", &token_with_cath),
226 ("CATGEO*", &token_with_geo),
227 ("CATTPK", &token_with_cattpk),
228 ("CATDPOP", &token_with_catdpop),
229 ("CATIF", &token_with_catif),
230 ("Comprehensive", &comprehensive_token),
231 ];
232
233 for (name, token) in tokens {
234 let token_bytes = token.to_bytes().expect("Failed to encode token");
235 println!("✓ {} token encoded ({} bytes)", name, token_bytes.len());
236 }
237
238 println!("\n=== All Extended CAT Claims Examples Completed Successfully ===");
239}Sourcepub fn algorithm(self, alg: Algorithm) -> Self
pub fn algorithm(self, alg: Algorithm) -> Self
Set the algorithm
Examples found in repository?
examples/basic_usage.rs (line 46)
41fn create_token_with_string_kid(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a token with string key ID
45 TokenBuilder::new()
46 .algorithm(Algorithm::HmacSha256)
47 .protected_key_id(KeyId::string("string-key-example"))
48 .registered_claims(
49 RegisteredClaims::new()
50 .with_issuer("example-issuer")
51 .with_subject("example-subject")
52 .with_audience("example-audience")
53 .with_expiration(now + 3600) // 1 hour from now
54 .with_not_before(now)
55 .with_issued_at(now)
56 .with_cti(b"token-id-1234".to_vec()),
57 )
58 .custom_string(100, "custom-string-value")
59 .custom_binary(101, b"custom-binary-value".to_vec())
60 .custom_int(102, 12345)
61 .sign(key)
62 .expect("Failed to sign token")
63}
64
65/// Create a token with a binary key ID
66fn create_token_with_binary_kid(key: &[u8]) -> common_access_token::Token {
67 let now = current_timestamp();
68 let binary_kid = vec![0x01, 0x02, 0x03, 0x04, 0x05];
69
70 // Create a token with binary key ID
71 TokenBuilder::new()
72 .algorithm(Algorithm::HmacSha256)
73 .protected_key_id(KeyId::binary(binary_kid))
74 .registered_claims(
75 RegisteredClaims::new()
76 .with_issuer("example-issuer")
77 .with_subject("example-subject")
78 .with_audience("example-audience")
79 .with_expiration(now + 3600) // 1 hour from now
80 .with_not_before(now)
81 .with_issued_at(now),
82 )
83 .sign(key)
84 .expect("Failed to sign token")
85}
86
87/// Create a token with a nested map claim
88fn create_token_with_nested_map(key: &[u8]) -> common_access_token::Token {
89 let now = current_timestamp();
90
91 // Create a nested map for the token
92 let mut nested_map = BTreeMap::new();
93 nested_map.insert(1, CborValue::Text("nested-text-value".to_string()));
94 nested_map.insert(2, CborValue::Integer(42));
95 nested_map.insert(3, CborValue::Bytes(vec![1, 2, 3, 4, 5]));
96
97 // Create a second level nested map
98 let mut second_level_map = BTreeMap::new();
99 second_level_map.insert(1, CborValue::Text("second-level-text".to_string()));
100 second_level_map.insert(2, CborValue::Integer(99));
101
102 // Add the second level map to the first level
103 nested_map.insert(4, CborValue::Map(second_level_map));
104
105 // Create a token with a nested map claim
106 TokenBuilder::new()
107 .algorithm(Algorithm::HmacSha256)
108 .protected_key_id(KeyId::string("nested-map-example"))
109 .registered_claims(
110 RegisteredClaims::new()
111 .with_issuer("example-issuer")
112 .with_subject("example-subject")
113 .with_audience("example-audience")
114 .with_expiration(now + 3600) // 1 hour from now
115 .with_not_before(now)
116 .with_issued_at(now),
117 )
118 .custom_map(200, nested_map)
119 .sign(key)
120 .expect("Failed to sign token")
121}More examples
examples/cat_specific_claims.rs (line 67)
41fn create_token_with_cat_claims(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a CATU claim (Common Access Token URI)
45 let mut catu_components = BTreeMap::new();
46
47 // Restrict to https scheme
48 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
49
50 // Restrict to example.com host
51 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
52
53 // Restrict to paths starting with /content
54 catu_components.insert(uri_components::PATH, catu::prefix_match("/content"));
55
56 // Restrict to .m3u8 files
57 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".m3u8"));
58
59 // Create a CATM claim (Common Access Token Methods)
60 let allowed_methods = vec!["GET", "HEAD"];
61
62 // Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some((now + 3000) as i64));
64
65 // Build the token with CAT-specific claims
66 TokenBuilder::new()
67 .algorithm(Algorithm::HmacSha256)
68 .protected_key_id(KeyId::string("example-key-id"))
69 .registered_claims(
70 RegisteredClaims::new()
71 .with_issuer("example-issuer")
72 .with_subject("example-subject")
73 .with_audience("example-audience")
74 .with_expiration(now + 3600) // 1 hour from now
75 .with_not_before(now)
76 .with_issued_at(now)
77 .with_cti(b"token-id-1234".to_vec()),
78 )
79 // Add CAT-specific claims
80 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
81 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
82 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
83 .custom_int(cat_keys::CATV, 1) // Version 1
84 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
85 .sign(key)
86 .expect("Failed to sign token")
87}examples/cat_validation.rs (line 71)
38fn create_token_with_cat_claims(key: &[u8], now: i64) -> common_access_token::Token {
39 println!("Creating token with CAT-specific claims...");
40
41 // 1. Create a CATU claim (Common Access Token URI)
42 let mut catu_components = BTreeMap::new();
43
44 // Restrict to https scheme
45 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
46
47 // Restrict to example.com host
48 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
49
50 // Restrict to paths starting with /api
51 catu_components.insert(uri_components::PATH, catu::prefix_match("/api"));
52
53 // Restrict to .json extension
54 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".json"));
55
56 println!(" Added CATU claim with URI restrictions");
57
58 // 2. Create a CATM claim (Common Access Token Methods)
59 let allowed_methods = vec!["GET", "HEAD", "OPTIONS"];
60 println!(" Added CATM claim allowing methods: {:?}", allowed_methods);
61
62 // 3. Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some(now + 3000));
64 println!(" Added CATR claim with automatic renewal");
65
66 // 4. Create a CATREPLAY claim (prohibit token replay)
67 println!(" Added CATREPLAY claim prohibiting token replay");
68
69 // Build the token with all CAT-specific claims
70 TokenBuilder::new()
71 .algorithm(Algorithm::HmacSha256)
72 .protected_key_id(KeyId::string("example-key-id"))
73 .registered_claims(
74 RegisteredClaims::new()
75 .with_issuer("example-issuer")
76 .with_subject("example-subject")
77 .with_audience("example-audience")
78 .with_expiration(now as u64 + 3600) // 1 hour from now
79 .with_not_before(now as u64)
80 .with_issued_at(now as u64)
81 .with_cti(b"token-id-1234".to_vec()),
82 )
83 // Add CAT-specific claims
84 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
85 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
86 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
87 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
88 .sign(key)
89 .expect("Failed to sign token")
90}examples/extended_cat_claims.rs (line 29)
20fn main() {
21 let key = b"my-secret-key-for-hmac-sha256";
22 let now = current_timestamp();
23
24 println!("=== Extended CAT Claims Example ===\n");
25
26 // Example 1: Token with probability of rejection (CATPOR)
27 println!("1. Creating token with CATPOR (25% rejection probability)");
28 let token_with_catpor = TokenBuilder::new()
29 .algorithm(Algorithm::HmacSha256)
30 .protected_key_id(KeyId::string("key-1"))
31 .registered_claims(
32 RegisteredClaims::new()
33 .with_issuer("example-issuer")
34 .with_expiration(now + 3600),
35 )
36 .custom_cbor(cat_keys::CATPOR, catpor::create(25))
37 .sign(key)
38 .expect("Failed to sign token");
39
40 println!(" ✓ Token created with CATPOR: 25% rejection probability\n");
41
42 // Example 2: Token with network IP restrictions (CATNIP)
43 println!("2. Creating token with CATNIP (IP restrictions)");
44 let token_with_catnip = TokenBuilder::new()
45 .algorithm(Algorithm::HmacSha256)
46 .protected_key_id(KeyId::string("key-2"))
47 .registered_claims(
48 RegisteredClaims::new()
49 .with_issuer("example-issuer")
50 .with_expiration(now + 3600),
51 )
52 .custom_array(
53 cat_keys::CATNIP,
54 catnip::create(vec!["192.168.1.0/24", "10.0.0.0/8"]),
55 )
56 .sign(key)
57 .expect("Failed to sign token");
58
59 println!(" ✓ Token created with CATNIP: 192.168.1.0/24, 10.0.0.0/8\n");
60
61 // Example 3: Token with ALPN restrictions (CATALPN)
62 println!("3. Creating token with CATALPN (HTTP/2 only)");
63 let token_with_catalpn = TokenBuilder::new()
64 .algorithm(Algorithm::HmacSha256)
65 .protected_key_id(KeyId::string("key-3"))
66 .registered_claims(
67 RegisteredClaims::new()
68 .with_issuer("example-issuer")
69 .with_expiration(now + 3600),
70 )
71 .custom_array(cat_keys::CATALPN, catalpn::http2_only())
72 .sign(key)
73 .expect("Failed to sign token");
74
75 println!(" ✓ Token created with CATALPN: h2 only\n");
76
77 // Example 4: Token with HTTP header requirements (CATH)
78 println!("4. Creating token with CATH (custom headers)");
79 let mut headers = BTreeMap::new();
80 headers.insert("X-API-Key", "secret-api-key");
81 headers.insert("X-Client-Version", "1.0");
82
83 let token_with_cath = TokenBuilder::new()
84 .algorithm(Algorithm::HmacSha256)
85 .protected_key_id(KeyId::string("key-4"))
86 .registered_claims(
87 RegisteredClaims::new()
88 .with_issuer("example-issuer")
89 .with_expiration(now + 3600),
90 )
91 .custom_cbor(cat_keys::CATH, cath::create(headers))
92 .sign(key)
93 .expect("Failed to sign token");
94
95 println!(" ✓ Token created with CATH: X-API-Key, X-Client-Version\n");
96
97 // Example 5: Token with geographic restrictions (CATGEO*)
98 println!("5. Creating token with geographic restrictions");
99 let token_with_geo = TokenBuilder::new()
100 .algorithm(Algorithm::HmacSha256)
101 .protected_key_id(KeyId::string("key-5"))
102 .registered_claims(
103 RegisteredClaims::new()
104 .with_issuer("example-issuer")
105 .with_expiration(now + 3600),
106 )
107 // Country restriction
108 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
109 // Coordinate restriction (New York City with 5km radius)
110 .custom_cbor(
111 cat_keys::CATGEOCOORD,
112 catgeocoord::with_radius(40.7128, -74.0060, 5000),
113 )
114 // Altitude restriction (0-1000 meters)
115 .custom_cbor(cat_keys::CATGEOALT, catgeoalt::range(0, 1000))
116 .sign(key)
117 .expect("Failed to sign token");
118
119 println!(" ✓ Token created with CATGEOISO3166: US");
120 println!(" ✓ Token created with CATGEOCOORD: NYC (40.7128, -74.0060) ±5km");
121 println!(" ✓ Token created with CATGEOALT: 0-1000m\n");
122
123 // Example 6: Token with TLS public key pinning (CATTPK)
124 println!("6. Creating token with CATTPK (TLS key pinning)");
125 // In a real scenario, this would be the SHA-256 hash of a certificate's public key
126 let public_key_hash = vec![
127 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
128 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
129 0xcd, 0xef,
130 ];
131
132 let token_with_cattpk = TokenBuilder::new()
133 .algorithm(Algorithm::HmacSha256)
134 .protected_key_id(KeyId::string("key-6"))
135 .registered_claims(
136 RegisteredClaims::new()
137 .with_issuer("example-issuer")
138 .with_expiration(now + 3600),
139 )
140 .custom_cbor(cat_keys::CATTPK, cattpk::create(public_key_hash.clone()))
141 .sign(key)
142 .expect("Failed to sign token");
143
144 println!(" ✓ Token created with CATTPK: public key hash (32 bytes)\n");
145
146 // Example 7: Token with DPoP settings (CATDPOP)
147 println!("7. Creating token with CATDPOP (DPoP required)");
148 let token_with_catdpop = TokenBuilder::new()
149 .algorithm(Algorithm::HmacSha256)
150 .protected_key_id(KeyId::string("key-7"))
151 .registered_claims(
152 RegisteredClaims::new()
153 .with_issuer("example-issuer")
154 .with_expiration(now + 3600),
155 )
156 .custom_cbor(cat_keys::CATDPOP, catdpop::required())
157 .sign(key)
158 .expect("Failed to sign token");
159
160 println!(" ✓ Token created with CATDPOP: DPoP required\n");
161
162 // Example 8: Token with conditional logic (CATIF/CATIFDATA)
163 println!("8. Creating token with CATIF and CATIFDATA");
164 let mut condition = BTreeMap::new();
165 condition.insert(0, common_access_token::CborValue::Text("role".to_string()));
166 condition.insert(
167 1,
168 common_access_token::CborValue::Text("equals".to_string()),
169 );
170 condition.insert(2, common_access_token::CborValue::Text("admin".to_string()));
171
172 let mut if_data = BTreeMap::new();
173 if_data.insert(0, common_access_token::CborValue::Text("role".to_string()));
174 if_data.insert(1, common_access_token::CborValue::Text("admin".to_string()));
175
176 let token_with_catif = TokenBuilder::new()
177 .algorithm(Algorithm::HmacSha256)
178 .protected_key_id(KeyId::string("key-8"))
179 .registered_claims(
180 RegisteredClaims::new()
181 .with_issuer("example-issuer")
182 .with_expiration(now + 3600),
183 )
184 .custom_cbor(cat_keys::CATIF, catif::create(condition))
185 .custom_cbor(cat_keys::CATIFDATA, catifdata::create(if_data))
186 .sign(key)
187 .expect("Failed to sign token");
188
189 println!(" ✓ Token created with CATIF: conditional logic");
190 println!(" ✓ Token created with CATIFDATA: role=admin\n");
191
192 // Example 9: Comprehensive token with multiple CAT claims
193 println!("9. Creating comprehensive token with multiple CAT claims");
194 let comprehensive_token = TokenBuilder::new()
195 .algorithm(Algorithm::HmacSha256)
196 .protected_key_id(KeyId::string("comprehensive-key"))
197 .registered_claims(
198 RegisteredClaims::new()
199 .with_issuer("secure-service")
200 .with_subject("user-12345")
201 .with_audience("api.example.com")
202 .with_expiration(now + 7200),
203 )
204 .custom_cbor(cat_keys::CATV, catv::with_version(1))
205 .custom_cbor(cat_keys::CATPOR, catpor::create(10))
206 .custom_array(cat_keys::CATNIP, catnip::single("203.0.113.0/24"))
207 .custom_array(cat_keys::CATALPN, catalpn::create(vec!["h2", "http/1.1"]))
208 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
209 .sign(key)
210 .expect("Failed to sign token");
211
212 println!(" ✓ Comprehensive token created with:");
213 println!(" - CATV: version 1");
214 println!(" - CATPOR: 10% rejection probability");
215 println!(" - CATNIP: 203.0.113.0/24");
216 println!(" - CATALPN: h2, http/1.1");
217 println!(" - CATGEOISO3166: US");
218
219 // Verify all tokens can be encoded
220 println!("\n=== Verification ===");
221 let tokens = vec![
222 ("CATPOR", &token_with_catpor),
223 ("CATNIP", &token_with_catnip),
224 ("CATALPN", &token_with_catalpn),
225 ("CATH", &token_with_cath),
226 ("CATGEO*", &token_with_geo),
227 ("CATTPK", &token_with_cattpk),
228 ("CATDPOP", &token_with_catdpop),
229 ("CATIF", &token_with_catif),
230 ("Comprehensive", &comprehensive_token),
231 ];
232
233 for (name, token) in tokens {
234 let token_bytes = token.to_bytes().expect("Failed to encode token");
235 println!("✓ {} token encoded ({} bytes)", name, token_bytes.len());
236 }
237
238 println!("\n=== All Extended CAT Claims Examples Completed Successfully ===");
239}Sourcepub fn protected_key_id(self, kid: KeyId) -> Self
pub fn protected_key_id(self, kid: KeyId) -> Self
Set the key identifier in the protected header
Examples found in repository?
examples/basic_usage.rs (line 47)
41fn create_token_with_string_kid(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a token with string key ID
45 TokenBuilder::new()
46 .algorithm(Algorithm::HmacSha256)
47 .protected_key_id(KeyId::string("string-key-example"))
48 .registered_claims(
49 RegisteredClaims::new()
50 .with_issuer("example-issuer")
51 .with_subject("example-subject")
52 .with_audience("example-audience")
53 .with_expiration(now + 3600) // 1 hour from now
54 .with_not_before(now)
55 .with_issued_at(now)
56 .with_cti(b"token-id-1234".to_vec()),
57 )
58 .custom_string(100, "custom-string-value")
59 .custom_binary(101, b"custom-binary-value".to_vec())
60 .custom_int(102, 12345)
61 .sign(key)
62 .expect("Failed to sign token")
63}
64
65/// Create a token with a binary key ID
66fn create_token_with_binary_kid(key: &[u8]) -> common_access_token::Token {
67 let now = current_timestamp();
68 let binary_kid = vec![0x01, 0x02, 0x03, 0x04, 0x05];
69
70 // Create a token with binary key ID
71 TokenBuilder::new()
72 .algorithm(Algorithm::HmacSha256)
73 .protected_key_id(KeyId::binary(binary_kid))
74 .registered_claims(
75 RegisteredClaims::new()
76 .with_issuer("example-issuer")
77 .with_subject("example-subject")
78 .with_audience("example-audience")
79 .with_expiration(now + 3600) // 1 hour from now
80 .with_not_before(now)
81 .with_issued_at(now),
82 )
83 .sign(key)
84 .expect("Failed to sign token")
85}
86
87/// Create a token with a nested map claim
88fn create_token_with_nested_map(key: &[u8]) -> common_access_token::Token {
89 let now = current_timestamp();
90
91 // Create a nested map for the token
92 let mut nested_map = BTreeMap::new();
93 nested_map.insert(1, CborValue::Text("nested-text-value".to_string()));
94 nested_map.insert(2, CborValue::Integer(42));
95 nested_map.insert(3, CborValue::Bytes(vec![1, 2, 3, 4, 5]));
96
97 // Create a second level nested map
98 let mut second_level_map = BTreeMap::new();
99 second_level_map.insert(1, CborValue::Text("second-level-text".to_string()));
100 second_level_map.insert(2, CborValue::Integer(99));
101
102 // Add the second level map to the first level
103 nested_map.insert(4, CborValue::Map(second_level_map));
104
105 // Create a token with a nested map claim
106 TokenBuilder::new()
107 .algorithm(Algorithm::HmacSha256)
108 .protected_key_id(KeyId::string("nested-map-example"))
109 .registered_claims(
110 RegisteredClaims::new()
111 .with_issuer("example-issuer")
112 .with_subject("example-subject")
113 .with_audience("example-audience")
114 .with_expiration(now + 3600) // 1 hour from now
115 .with_not_before(now)
116 .with_issued_at(now),
117 )
118 .custom_map(200, nested_map)
119 .sign(key)
120 .expect("Failed to sign token")
121}More examples
examples/cat_specific_claims.rs (line 68)
41fn create_token_with_cat_claims(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a CATU claim (Common Access Token URI)
45 let mut catu_components = BTreeMap::new();
46
47 // Restrict to https scheme
48 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
49
50 // Restrict to example.com host
51 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
52
53 // Restrict to paths starting with /content
54 catu_components.insert(uri_components::PATH, catu::prefix_match("/content"));
55
56 // Restrict to .m3u8 files
57 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".m3u8"));
58
59 // Create a CATM claim (Common Access Token Methods)
60 let allowed_methods = vec!["GET", "HEAD"];
61
62 // Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some((now + 3000) as i64));
64
65 // Build the token with CAT-specific claims
66 TokenBuilder::new()
67 .algorithm(Algorithm::HmacSha256)
68 .protected_key_id(KeyId::string("example-key-id"))
69 .registered_claims(
70 RegisteredClaims::new()
71 .with_issuer("example-issuer")
72 .with_subject("example-subject")
73 .with_audience("example-audience")
74 .with_expiration(now + 3600) // 1 hour from now
75 .with_not_before(now)
76 .with_issued_at(now)
77 .with_cti(b"token-id-1234".to_vec()),
78 )
79 // Add CAT-specific claims
80 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
81 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
82 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
83 .custom_int(cat_keys::CATV, 1) // Version 1
84 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
85 .sign(key)
86 .expect("Failed to sign token")
87}examples/cat_validation.rs (line 72)
38fn create_token_with_cat_claims(key: &[u8], now: i64) -> common_access_token::Token {
39 println!("Creating token with CAT-specific claims...");
40
41 // 1. Create a CATU claim (Common Access Token URI)
42 let mut catu_components = BTreeMap::new();
43
44 // Restrict to https scheme
45 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
46
47 // Restrict to example.com host
48 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
49
50 // Restrict to paths starting with /api
51 catu_components.insert(uri_components::PATH, catu::prefix_match("/api"));
52
53 // Restrict to .json extension
54 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".json"));
55
56 println!(" Added CATU claim with URI restrictions");
57
58 // 2. Create a CATM claim (Common Access Token Methods)
59 let allowed_methods = vec!["GET", "HEAD", "OPTIONS"];
60 println!(" Added CATM claim allowing methods: {:?}", allowed_methods);
61
62 // 3. Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some(now + 3000));
64 println!(" Added CATR claim with automatic renewal");
65
66 // 4. Create a CATREPLAY claim (prohibit token replay)
67 println!(" Added CATREPLAY claim prohibiting token replay");
68
69 // Build the token with all CAT-specific claims
70 TokenBuilder::new()
71 .algorithm(Algorithm::HmacSha256)
72 .protected_key_id(KeyId::string("example-key-id"))
73 .registered_claims(
74 RegisteredClaims::new()
75 .with_issuer("example-issuer")
76 .with_subject("example-subject")
77 .with_audience("example-audience")
78 .with_expiration(now as u64 + 3600) // 1 hour from now
79 .with_not_before(now as u64)
80 .with_issued_at(now as u64)
81 .with_cti(b"token-id-1234".to_vec()),
82 )
83 // Add CAT-specific claims
84 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
85 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
86 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
87 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
88 .sign(key)
89 .expect("Failed to sign token")
90}examples/extended_cat_claims.rs (line 30)
20fn main() {
21 let key = b"my-secret-key-for-hmac-sha256";
22 let now = current_timestamp();
23
24 println!("=== Extended CAT Claims Example ===\n");
25
26 // Example 1: Token with probability of rejection (CATPOR)
27 println!("1. Creating token with CATPOR (25% rejection probability)");
28 let token_with_catpor = TokenBuilder::new()
29 .algorithm(Algorithm::HmacSha256)
30 .protected_key_id(KeyId::string("key-1"))
31 .registered_claims(
32 RegisteredClaims::new()
33 .with_issuer("example-issuer")
34 .with_expiration(now + 3600),
35 )
36 .custom_cbor(cat_keys::CATPOR, catpor::create(25))
37 .sign(key)
38 .expect("Failed to sign token");
39
40 println!(" ✓ Token created with CATPOR: 25% rejection probability\n");
41
42 // Example 2: Token with network IP restrictions (CATNIP)
43 println!("2. Creating token with CATNIP (IP restrictions)");
44 let token_with_catnip = TokenBuilder::new()
45 .algorithm(Algorithm::HmacSha256)
46 .protected_key_id(KeyId::string("key-2"))
47 .registered_claims(
48 RegisteredClaims::new()
49 .with_issuer("example-issuer")
50 .with_expiration(now + 3600),
51 )
52 .custom_array(
53 cat_keys::CATNIP,
54 catnip::create(vec!["192.168.1.0/24", "10.0.0.0/8"]),
55 )
56 .sign(key)
57 .expect("Failed to sign token");
58
59 println!(" ✓ Token created with CATNIP: 192.168.1.0/24, 10.0.0.0/8\n");
60
61 // Example 3: Token with ALPN restrictions (CATALPN)
62 println!("3. Creating token with CATALPN (HTTP/2 only)");
63 let token_with_catalpn = TokenBuilder::new()
64 .algorithm(Algorithm::HmacSha256)
65 .protected_key_id(KeyId::string("key-3"))
66 .registered_claims(
67 RegisteredClaims::new()
68 .with_issuer("example-issuer")
69 .with_expiration(now + 3600),
70 )
71 .custom_array(cat_keys::CATALPN, catalpn::http2_only())
72 .sign(key)
73 .expect("Failed to sign token");
74
75 println!(" ✓ Token created with CATALPN: h2 only\n");
76
77 // Example 4: Token with HTTP header requirements (CATH)
78 println!("4. Creating token with CATH (custom headers)");
79 let mut headers = BTreeMap::new();
80 headers.insert("X-API-Key", "secret-api-key");
81 headers.insert("X-Client-Version", "1.0");
82
83 let token_with_cath = TokenBuilder::new()
84 .algorithm(Algorithm::HmacSha256)
85 .protected_key_id(KeyId::string("key-4"))
86 .registered_claims(
87 RegisteredClaims::new()
88 .with_issuer("example-issuer")
89 .with_expiration(now + 3600),
90 )
91 .custom_cbor(cat_keys::CATH, cath::create(headers))
92 .sign(key)
93 .expect("Failed to sign token");
94
95 println!(" ✓ Token created with CATH: X-API-Key, X-Client-Version\n");
96
97 // Example 5: Token with geographic restrictions (CATGEO*)
98 println!("5. Creating token with geographic restrictions");
99 let token_with_geo = TokenBuilder::new()
100 .algorithm(Algorithm::HmacSha256)
101 .protected_key_id(KeyId::string("key-5"))
102 .registered_claims(
103 RegisteredClaims::new()
104 .with_issuer("example-issuer")
105 .with_expiration(now + 3600),
106 )
107 // Country restriction
108 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
109 // Coordinate restriction (New York City with 5km radius)
110 .custom_cbor(
111 cat_keys::CATGEOCOORD,
112 catgeocoord::with_radius(40.7128, -74.0060, 5000),
113 )
114 // Altitude restriction (0-1000 meters)
115 .custom_cbor(cat_keys::CATGEOALT, catgeoalt::range(0, 1000))
116 .sign(key)
117 .expect("Failed to sign token");
118
119 println!(" ✓ Token created with CATGEOISO3166: US");
120 println!(" ✓ Token created with CATGEOCOORD: NYC (40.7128, -74.0060) ±5km");
121 println!(" ✓ Token created with CATGEOALT: 0-1000m\n");
122
123 // Example 6: Token with TLS public key pinning (CATTPK)
124 println!("6. Creating token with CATTPK (TLS key pinning)");
125 // In a real scenario, this would be the SHA-256 hash of a certificate's public key
126 let public_key_hash = vec![
127 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
128 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
129 0xcd, 0xef,
130 ];
131
132 let token_with_cattpk = TokenBuilder::new()
133 .algorithm(Algorithm::HmacSha256)
134 .protected_key_id(KeyId::string("key-6"))
135 .registered_claims(
136 RegisteredClaims::new()
137 .with_issuer("example-issuer")
138 .with_expiration(now + 3600),
139 )
140 .custom_cbor(cat_keys::CATTPK, cattpk::create(public_key_hash.clone()))
141 .sign(key)
142 .expect("Failed to sign token");
143
144 println!(" ✓ Token created with CATTPK: public key hash (32 bytes)\n");
145
146 // Example 7: Token with DPoP settings (CATDPOP)
147 println!("7. Creating token with CATDPOP (DPoP required)");
148 let token_with_catdpop = TokenBuilder::new()
149 .algorithm(Algorithm::HmacSha256)
150 .protected_key_id(KeyId::string("key-7"))
151 .registered_claims(
152 RegisteredClaims::new()
153 .with_issuer("example-issuer")
154 .with_expiration(now + 3600),
155 )
156 .custom_cbor(cat_keys::CATDPOP, catdpop::required())
157 .sign(key)
158 .expect("Failed to sign token");
159
160 println!(" ✓ Token created with CATDPOP: DPoP required\n");
161
162 // Example 8: Token with conditional logic (CATIF/CATIFDATA)
163 println!("8. Creating token with CATIF and CATIFDATA");
164 let mut condition = BTreeMap::new();
165 condition.insert(0, common_access_token::CborValue::Text("role".to_string()));
166 condition.insert(
167 1,
168 common_access_token::CborValue::Text("equals".to_string()),
169 );
170 condition.insert(2, common_access_token::CborValue::Text("admin".to_string()));
171
172 let mut if_data = BTreeMap::new();
173 if_data.insert(0, common_access_token::CborValue::Text("role".to_string()));
174 if_data.insert(1, common_access_token::CborValue::Text("admin".to_string()));
175
176 let token_with_catif = TokenBuilder::new()
177 .algorithm(Algorithm::HmacSha256)
178 .protected_key_id(KeyId::string("key-8"))
179 .registered_claims(
180 RegisteredClaims::new()
181 .with_issuer("example-issuer")
182 .with_expiration(now + 3600),
183 )
184 .custom_cbor(cat_keys::CATIF, catif::create(condition))
185 .custom_cbor(cat_keys::CATIFDATA, catifdata::create(if_data))
186 .sign(key)
187 .expect("Failed to sign token");
188
189 println!(" ✓ Token created with CATIF: conditional logic");
190 println!(" ✓ Token created with CATIFDATA: role=admin\n");
191
192 // Example 9: Comprehensive token with multiple CAT claims
193 println!("9. Creating comprehensive token with multiple CAT claims");
194 let comprehensive_token = TokenBuilder::new()
195 .algorithm(Algorithm::HmacSha256)
196 .protected_key_id(KeyId::string("comprehensive-key"))
197 .registered_claims(
198 RegisteredClaims::new()
199 .with_issuer("secure-service")
200 .with_subject("user-12345")
201 .with_audience("api.example.com")
202 .with_expiration(now + 7200),
203 )
204 .custom_cbor(cat_keys::CATV, catv::with_version(1))
205 .custom_cbor(cat_keys::CATPOR, catpor::create(10))
206 .custom_array(cat_keys::CATNIP, catnip::single("203.0.113.0/24"))
207 .custom_array(cat_keys::CATALPN, catalpn::create(vec!["h2", "http/1.1"]))
208 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
209 .sign(key)
210 .expect("Failed to sign token");
211
212 println!(" ✓ Comprehensive token created with:");
213 println!(" - CATV: version 1");
214 println!(" - CATPOR: 10% rejection probability");
215 println!(" - CATNIP: 203.0.113.0/24");
216 println!(" - CATALPN: h2, http/1.1");
217 println!(" - CATGEOISO3166: US");
218
219 // Verify all tokens can be encoded
220 println!("\n=== Verification ===");
221 let tokens = vec![
222 ("CATPOR", &token_with_catpor),
223 ("CATNIP", &token_with_catnip),
224 ("CATALPN", &token_with_catalpn),
225 ("CATH", &token_with_cath),
226 ("CATGEO*", &token_with_geo),
227 ("CATTPK", &token_with_cattpk),
228 ("CATDPOP", &token_with_catdpop),
229 ("CATIF", &token_with_catif),
230 ("Comprehensive", &comprehensive_token),
231 ];
232
233 for (name, token) in tokens {
234 let token_bytes = token.to_bytes().expect("Failed to encode token");
235 println!("✓ {} token encoded ({} bytes)", name, token_bytes.len());
236 }
237
238 println!("\n=== All Extended CAT Claims Examples Completed Successfully ===");
239}Sourcepub fn unprotected_key_id(self, kid: KeyId) -> Self
pub fn unprotected_key_id(self, kid: KeyId) -> Self
Set the key identifier in the unprotected header
Sourcepub fn registered_claims(self, claims: RegisteredClaims) -> Self
pub fn registered_claims(self, claims: RegisteredClaims) -> Self
Set the registered claims
Examples found in repository?
examples/basic_usage.rs (lines 48-57)
41fn create_token_with_string_kid(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a token with string key ID
45 TokenBuilder::new()
46 .algorithm(Algorithm::HmacSha256)
47 .protected_key_id(KeyId::string("string-key-example"))
48 .registered_claims(
49 RegisteredClaims::new()
50 .with_issuer("example-issuer")
51 .with_subject("example-subject")
52 .with_audience("example-audience")
53 .with_expiration(now + 3600) // 1 hour from now
54 .with_not_before(now)
55 .with_issued_at(now)
56 .with_cti(b"token-id-1234".to_vec()),
57 )
58 .custom_string(100, "custom-string-value")
59 .custom_binary(101, b"custom-binary-value".to_vec())
60 .custom_int(102, 12345)
61 .sign(key)
62 .expect("Failed to sign token")
63}
64
65/// Create a token with a binary key ID
66fn create_token_with_binary_kid(key: &[u8]) -> common_access_token::Token {
67 let now = current_timestamp();
68 let binary_kid = vec![0x01, 0x02, 0x03, 0x04, 0x05];
69
70 // Create a token with binary key ID
71 TokenBuilder::new()
72 .algorithm(Algorithm::HmacSha256)
73 .protected_key_id(KeyId::binary(binary_kid))
74 .registered_claims(
75 RegisteredClaims::new()
76 .with_issuer("example-issuer")
77 .with_subject("example-subject")
78 .with_audience("example-audience")
79 .with_expiration(now + 3600) // 1 hour from now
80 .with_not_before(now)
81 .with_issued_at(now),
82 )
83 .sign(key)
84 .expect("Failed to sign token")
85}
86
87/// Create a token with a nested map claim
88fn create_token_with_nested_map(key: &[u8]) -> common_access_token::Token {
89 let now = current_timestamp();
90
91 // Create a nested map for the token
92 let mut nested_map = BTreeMap::new();
93 nested_map.insert(1, CborValue::Text("nested-text-value".to_string()));
94 nested_map.insert(2, CborValue::Integer(42));
95 nested_map.insert(3, CborValue::Bytes(vec![1, 2, 3, 4, 5]));
96
97 // Create a second level nested map
98 let mut second_level_map = BTreeMap::new();
99 second_level_map.insert(1, CborValue::Text("second-level-text".to_string()));
100 second_level_map.insert(2, CborValue::Integer(99));
101
102 // Add the second level map to the first level
103 nested_map.insert(4, CborValue::Map(second_level_map));
104
105 // Create a token with a nested map claim
106 TokenBuilder::new()
107 .algorithm(Algorithm::HmacSha256)
108 .protected_key_id(KeyId::string("nested-map-example"))
109 .registered_claims(
110 RegisteredClaims::new()
111 .with_issuer("example-issuer")
112 .with_subject("example-subject")
113 .with_audience("example-audience")
114 .with_expiration(now + 3600) // 1 hour from now
115 .with_not_before(now)
116 .with_issued_at(now),
117 )
118 .custom_map(200, nested_map)
119 .sign(key)
120 .expect("Failed to sign token")
121}More examples
examples/cat_specific_claims.rs (lines 69-78)
41fn create_token_with_cat_claims(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a CATU claim (Common Access Token URI)
45 let mut catu_components = BTreeMap::new();
46
47 // Restrict to https scheme
48 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
49
50 // Restrict to example.com host
51 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
52
53 // Restrict to paths starting with /content
54 catu_components.insert(uri_components::PATH, catu::prefix_match("/content"));
55
56 // Restrict to .m3u8 files
57 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".m3u8"));
58
59 // Create a CATM claim (Common Access Token Methods)
60 let allowed_methods = vec!["GET", "HEAD"];
61
62 // Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some((now + 3000) as i64));
64
65 // Build the token with CAT-specific claims
66 TokenBuilder::new()
67 .algorithm(Algorithm::HmacSha256)
68 .protected_key_id(KeyId::string("example-key-id"))
69 .registered_claims(
70 RegisteredClaims::new()
71 .with_issuer("example-issuer")
72 .with_subject("example-subject")
73 .with_audience("example-audience")
74 .with_expiration(now + 3600) // 1 hour from now
75 .with_not_before(now)
76 .with_issued_at(now)
77 .with_cti(b"token-id-1234".to_vec()),
78 )
79 // Add CAT-specific claims
80 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
81 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
82 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
83 .custom_int(cat_keys::CATV, 1) // Version 1
84 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
85 .sign(key)
86 .expect("Failed to sign token")
87}examples/cat_validation.rs (lines 73-82)
38fn create_token_with_cat_claims(key: &[u8], now: i64) -> common_access_token::Token {
39 println!("Creating token with CAT-specific claims...");
40
41 // 1. Create a CATU claim (Common Access Token URI)
42 let mut catu_components = BTreeMap::new();
43
44 // Restrict to https scheme
45 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
46
47 // Restrict to example.com host
48 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
49
50 // Restrict to paths starting with /api
51 catu_components.insert(uri_components::PATH, catu::prefix_match("/api"));
52
53 // Restrict to .json extension
54 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".json"));
55
56 println!(" Added CATU claim with URI restrictions");
57
58 // 2. Create a CATM claim (Common Access Token Methods)
59 let allowed_methods = vec!["GET", "HEAD", "OPTIONS"];
60 println!(" Added CATM claim allowing methods: {:?}", allowed_methods);
61
62 // 3. Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some(now + 3000));
64 println!(" Added CATR claim with automatic renewal");
65
66 // 4. Create a CATREPLAY claim (prohibit token replay)
67 println!(" Added CATREPLAY claim prohibiting token replay");
68
69 // Build the token with all CAT-specific claims
70 TokenBuilder::new()
71 .algorithm(Algorithm::HmacSha256)
72 .protected_key_id(KeyId::string("example-key-id"))
73 .registered_claims(
74 RegisteredClaims::new()
75 .with_issuer("example-issuer")
76 .with_subject("example-subject")
77 .with_audience("example-audience")
78 .with_expiration(now as u64 + 3600) // 1 hour from now
79 .with_not_before(now as u64)
80 .with_issued_at(now as u64)
81 .with_cti(b"token-id-1234".to_vec()),
82 )
83 // Add CAT-specific claims
84 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
85 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
86 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
87 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
88 .sign(key)
89 .expect("Failed to sign token")
90}examples/extended_cat_claims.rs (lines 31-35)
20fn main() {
21 let key = b"my-secret-key-for-hmac-sha256";
22 let now = current_timestamp();
23
24 println!("=== Extended CAT Claims Example ===\n");
25
26 // Example 1: Token with probability of rejection (CATPOR)
27 println!("1. Creating token with CATPOR (25% rejection probability)");
28 let token_with_catpor = TokenBuilder::new()
29 .algorithm(Algorithm::HmacSha256)
30 .protected_key_id(KeyId::string("key-1"))
31 .registered_claims(
32 RegisteredClaims::new()
33 .with_issuer("example-issuer")
34 .with_expiration(now + 3600),
35 )
36 .custom_cbor(cat_keys::CATPOR, catpor::create(25))
37 .sign(key)
38 .expect("Failed to sign token");
39
40 println!(" ✓ Token created with CATPOR: 25% rejection probability\n");
41
42 // Example 2: Token with network IP restrictions (CATNIP)
43 println!("2. Creating token with CATNIP (IP restrictions)");
44 let token_with_catnip = TokenBuilder::new()
45 .algorithm(Algorithm::HmacSha256)
46 .protected_key_id(KeyId::string("key-2"))
47 .registered_claims(
48 RegisteredClaims::new()
49 .with_issuer("example-issuer")
50 .with_expiration(now + 3600),
51 )
52 .custom_array(
53 cat_keys::CATNIP,
54 catnip::create(vec!["192.168.1.0/24", "10.0.0.0/8"]),
55 )
56 .sign(key)
57 .expect("Failed to sign token");
58
59 println!(" ✓ Token created with CATNIP: 192.168.1.0/24, 10.0.0.0/8\n");
60
61 // Example 3: Token with ALPN restrictions (CATALPN)
62 println!("3. Creating token with CATALPN (HTTP/2 only)");
63 let token_with_catalpn = TokenBuilder::new()
64 .algorithm(Algorithm::HmacSha256)
65 .protected_key_id(KeyId::string("key-3"))
66 .registered_claims(
67 RegisteredClaims::new()
68 .with_issuer("example-issuer")
69 .with_expiration(now + 3600),
70 )
71 .custom_array(cat_keys::CATALPN, catalpn::http2_only())
72 .sign(key)
73 .expect("Failed to sign token");
74
75 println!(" ✓ Token created with CATALPN: h2 only\n");
76
77 // Example 4: Token with HTTP header requirements (CATH)
78 println!("4. Creating token with CATH (custom headers)");
79 let mut headers = BTreeMap::new();
80 headers.insert("X-API-Key", "secret-api-key");
81 headers.insert("X-Client-Version", "1.0");
82
83 let token_with_cath = TokenBuilder::new()
84 .algorithm(Algorithm::HmacSha256)
85 .protected_key_id(KeyId::string("key-4"))
86 .registered_claims(
87 RegisteredClaims::new()
88 .with_issuer("example-issuer")
89 .with_expiration(now + 3600),
90 )
91 .custom_cbor(cat_keys::CATH, cath::create(headers))
92 .sign(key)
93 .expect("Failed to sign token");
94
95 println!(" ✓ Token created with CATH: X-API-Key, X-Client-Version\n");
96
97 // Example 5: Token with geographic restrictions (CATGEO*)
98 println!("5. Creating token with geographic restrictions");
99 let token_with_geo = TokenBuilder::new()
100 .algorithm(Algorithm::HmacSha256)
101 .protected_key_id(KeyId::string("key-5"))
102 .registered_claims(
103 RegisteredClaims::new()
104 .with_issuer("example-issuer")
105 .with_expiration(now + 3600),
106 )
107 // Country restriction
108 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
109 // Coordinate restriction (New York City with 5km radius)
110 .custom_cbor(
111 cat_keys::CATGEOCOORD,
112 catgeocoord::with_radius(40.7128, -74.0060, 5000),
113 )
114 // Altitude restriction (0-1000 meters)
115 .custom_cbor(cat_keys::CATGEOALT, catgeoalt::range(0, 1000))
116 .sign(key)
117 .expect("Failed to sign token");
118
119 println!(" ✓ Token created with CATGEOISO3166: US");
120 println!(" ✓ Token created with CATGEOCOORD: NYC (40.7128, -74.0060) ±5km");
121 println!(" ✓ Token created with CATGEOALT: 0-1000m\n");
122
123 // Example 6: Token with TLS public key pinning (CATTPK)
124 println!("6. Creating token with CATTPK (TLS key pinning)");
125 // In a real scenario, this would be the SHA-256 hash of a certificate's public key
126 let public_key_hash = vec![
127 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
128 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
129 0xcd, 0xef,
130 ];
131
132 let token_with_cattpk = TokenBuilder::new()
133 .algorithm(Algorithm::HmacSha256)
134 .protected_key_id(KeyId::string("key-6"))
135 .registered_claims(
136 RegisteredClaims::new()
137 .with_issuer("example-issuer")
138 .with_expiration(now + 3600),
139 )
140 .custom_cbor(cat_keys::CATTPK, cattpk::create(public_key_hash.clone()))
141 .sign(key)
142 .expect("Failed to sign token");
143
144 println!(" ✓ Token created with CATTPK: public key hash (32 bytes)\n");
145
146 // Example 7: Token with DPoP settings (CATDPOP)
147 println!("7. Creating token with CATDPOP (DPoP required)");
148 let token_with_catdpop = TokenBuilder::new()
149 .algorithm(Algorithm::HmacSha256)
150 .protected_key_id(KeyId::string("key-7"))
151 .registered_claims(
152 RegisteredClaims::new()
153 .with_issuer("example-issuer")
154 .with_expiration(now + 3600),
155 )
156 .custom_cbor(cat_keys::CATDPOP, catdpop::required())
157 .sign(key)
158 .expect("Failed to sign token");
159
160 println!(" ✓ Token created with CATDPOP: DPoP required\n");
161
162 // Example 8: Token with conditional logic (CATIF/CATIFDATA)
163 println!("8. Creating token with CATIF and CATIFDATA");
164 let mut condition = BTreeMap::new();
165 condition.insert(0, common_access_token::CborValue::Text("role".to_string()));
166 condition.insert(
167 1,
168 common_access_token::CborValue::Text("equals".to_string()),
169 );
170 condition.insert(2, common_access_token::CborValue::Text("admin".to_string()));
171
172 let mut if_data = BTreeMap::new();
173 if_data.insert(0, common_access_token::CborValue::Text("role".to_string()));
174 if_data.insert(1, common_access_token::CborValue::Text("admin".to_string()));
175
176 let token_with_catif = TokenBuilder::new()
177 .algorithm(Algorithm::HmacSha256)
178 .protected_key_id(KeyId::string("key-8"))
179 .registered_claims(
180 RegisteredClaims::new()
181 .with_issuer("example-issuer")
182 .with_expiration(now + 3600),
183 )
184 .custom_cbor(cat_keys::CATIF, catif::create(condition))
185 .custom_cbor(cat_keys::CATIFDATA, catifdata::create(if_data))
186 .sign(key)
187 .expect("Failed to sign token");
188
189 println!(" ✓ Token created with CATIF: conditional logic");
190 println!(" ✓ Token created with CATIFDATA: role=admin\n");
191
192 // Example 9: Comprehensive token with multiple CAT claims
193 println!("9. Creating comprehensive token with multiple CAT claims");
194 let comprehensive_token = TokenBuilder::new()
195 .algorithm(Algorithm::HmacSha256)
196 .protected_key_id(KeyId::string("comprehensive-key"))
197 .registered_claims(
198 RegisteredClaims::new()
199 .with_issuer("secure-service")
200 .with_subject("user-12345")
201 .with_audience("api.example.com")
202 .with_expiration(now + 7200),
203 )
204 .custom_cbor(cat_keys::CATV, catv::with_version(1))
205 .custom_cbor(cat_keys::CATPOR, catpor::create(10))
206 .custom_array(cat_keys::CATNIP, catnip::single("203.0.113.0/24"))
207 .custom_array(cat_keys::CATALPN, catalpn::create(vec!["h2", "http/1.1"]))
208 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
209 .sign(key)
210 .expect("Failed to sign token");
211
212 println!(" ✓ Comprehensive token created with:");
213 println!(" - CATV: version 1");
214 println!(" - CATPOR: 10% rejection probability");
215 println!(" - CATNIP: 203.0.113.0/24");
216 println!(" - CATALPN: h2, http/1.1");
217 println!(" - CATGEOISO3166: US");
218
219 // Verify all tokens can be encoded
220 println!("\n=== Verification ===");
221 let tokens = vec![
222 ("CATPOR", &token_with_catpor),
223 ("CATNIP", &token_with_catnip),
224 ("CATALPN", &token_with_catalpn),
225 ("CATH", &token_with_cath),
226 ("CATGEO*", &token_with_geo),
227 ("CATTPK", &token_with_cattpk),
228 ("CATDPOP", &token_with_catdpop),
229 ("CATIF", &token_with_catif),
230 ("Comprehensive", &comprehensive_token),
231 ];
232
233 for (name, token) in tokens {
234 let token_bytes = token.to_bytes().expect("Failed to encode token");
235 println!("✓ {} token encoded ({} bytes)", name, token_bytes.len());
236 }
237
238 println!("\n=== All Extended CAT Claims Examples Completed Successfully ===");
239}Sourcepub fn custom_string<S: Into<String>>(self, key: i32, value: S) -> Self
pub fn custom_string<S: Into<String>>(self, key: i32, value: S) -> Self
Add a custom claim with a string value
Examples found in repository?
examples/basic_usage.rs (line 58)
41fn create_token_with_string_kid(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a token with string key ID
45 TokenBuilder::new()
46 .algorithm(Algorithm::HmacSha256)
47 .protected_key_id(KeyId::string("string-key-example"))
48 .registered_claims(
49 RegisteredClaims::new()
50 .with_issuer("example-issuer")
51 .with_subject("example-subject")
52 .with_audience("example-audience")
53 .with_expiration(now + 3600) // 1 hour from now
54 .with_not_before(now)
55 .with_issued_at(now)
56 .with_cti(b"token-id-1234".to_vec()),
57 )
58 .custom_string(100, "custom-string-value")
59 .custom_binary(101, b"custom-binary-value".to_vec())
60 .custom_int(102, 12345)
61 .sign(key)
62 .expect("Failed to sign token")
63}Sourcepub fn custom_binary<B: Into<Vec<u8>>>(self, key: i32, value: B) -> Self
pub fn custom_binary<B: Into<Vec<u8>>>(self, key: i32, value: B) -> Self
Add a custom claim with a binary value
Examples found in repository?
examples/basic_usage.rs (line 59)
41fn create_token_with_string_kid(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a token with string key ID
45 TokenBuilder::new()
46 .algorithm(Algorithm::HmacSha256)
47 .protected_key_id(KeyId::string("string-key-example"))
48 .registered_claims(
49 RegisteredClaims::new()
50 .with_issuer("example-issuer")
51 .with_subject("example-subject")
52 .with_audience("example-audience")
53 .with_expiration(now + 3600) // 1 hour from now
54 .with_not_before(now)
55 .with_issued_at(now)
56 .with_cti(b"token-id-1234".to_vec()),
57 )
58 .custom_string(100, "custom-string-value")
59 .custom_binary(101, b"custom-binary-value".to_vec())
60 .custom_int(102, 12345)
61 .sign(key)
62 .expect("Failed to sign token")
63}Sourcepub fn custom_int(self, key: i32, value: i64) -> Self
pub fn custom_int(self, key: i32, value: i64) -> Self
Add a custom claim with an integer value
Examples found in repository?
examples/basic_usage.rs (line 60)
41fn create_token_with_string_kid(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a token with string key ID
45 TokenBuilder::new()
46 .algorithm(Algorithm::HmacSha256)
47 .protected_key_id(KeyId::string("string-key-example"))
48 .registered_claims(
49 RegisteredClaims::new()
50 .with_issuer("example-issuer")
51 .with_subject("example-subject")
52 .with_audience("example-audience")
53 .with_expiration(now + 3600) // 1 hour from now
54 .with_not_before(now)
55 .with_issued_at(now)
56 .with_cti(b"token-id-1234".to_vec()),
57 )
58 .custom_string(100, "custom-string-value")
59 .custom_binary(101, b"custom-binary-value".to_vec())
60 .custom_int(102, 12345)
61 .sign(key)
62 .expect("Failed to sign token")
63}More examples
examples/cat_specific_claims.rs (line 83)
41fn create_token_with_cat_claims(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a CATU claim (Common Access Token URI)
45 let mut catu_components = BTreeMap::new();
46
47 // Restrict to https scheme
48 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
49
50 // Restrict to example.com host
51 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
52
53 // Restrict to paths starting with /content
54 catu_components.insert(uri_components::PATH, catu::prefix_match("/content"));
55
56 // Restrict to .m3u8 files
57 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".m3u8"));
58
59 // Create a CATM claim (Common Access Token Methods)
60 let allowed_methods = vec!["GET", "HEAD"];
61
62 // Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some((now + 3000) as i64));
64
65 // Build the token with CAT-specific claims
66 TokenBuilder::new()
67 .algorithm(Algorithm::HmacSha256)
68 .protected_key_id(KeyId::string("example-key-id"))
69 .registered_claims(
70 RegisteredClaims::new()
71 .with_issuer("example-issuer")
72 .with_subject("example-subject")
73 .with_audience("example-audience")
74 .with_expiration(now + 3600) // 1 hour from now
75 .with_not_before(now)
76 .with_issued_at(now)
77 .with_cti(b"token-id-1234".to_vec()),
78 )
79 // Add CAT-specific claims
80 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
81 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
82 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
83 .custom_int(cat_keys::CATV, 1) // Version 1
84 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
85 .sign(key)
86 .expect("Failed to sign token")
87}Sourcepub fn custom_map(self, key: i32, value: BTreeMap<i32, CborValue>) -> Self
pub fn custom_map(self, key: i32, value: BTreeMap<i32, CborValue>) -> Self
Add a custom claim with a nested map value
Examples found in repository?
examples/basic_usage.rs (line 118)
88fn create_token_with_nested_map(key: &[u8]) -> common_access_token::Token {
89 let now = current_timestamp();
90
91 // Create a nested map for the token
92 let mut nested_map = BTreeMap::new();
93 nested_map.insert(1, CborValue::Text("nested-text-value".to_string()));
94 nested_map.insert(2, CborValue::Integer(42));
95 nested_map.insert(3, CborValue::Bytes(vec![1, 2, 3, 4, 5]));
96
97 // Create a second level nested map
98 let mut second_level_map = BTreeMap::new();
99 second_level_map.insert(1, CborValue::Text("second-level-text".to_string()));
100 second_level_map.insert(2, CborValue::Integer(99));
101
102 // Add the second level map to the first level
103 nested_map.insert(4, CborValue::Map(second_level_map));
104
105 // Create a token with a nested map claim
106 TokenBuilder::new()
107 .algorithm(Algorithm::HmacSha256)
108 .protected_key_id(KeyId::string("nested-map-example"))
109 .registered_claims(
110 RegisteredClaims::new()
111 .with_issuer("example-issuer")
112 .with_subject("example-subject")
113 .with_audience("example-audience")
114 .with_expiration(now + 3600) // 1 hour from now
115 .with_not_before(now)
116 .with_issued_at(now),
117 )
118 .custom_map(200, nested_map)
119 .sign(key)
120 .expect("Failed to sign token")
121}Sourcepub fn custom_cbor(self, key: i32, value: CborValue) -> Self
pub fn custom_cbor(self, key: i32, value: CborValue) -> Self
Add a custom claim with a CborValue directly
Examples found in repository?
examples/cat_specific_claims.rs (line 80)
41fn create_token_with_cat_claims(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a CATU claim (Common Access Token URI)
45 let mut catu_components = BTreeMap::new();
46
47 // Restrict to https scheme
48 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
49
50 // Restrict to example.com host
51 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
52
53 // Restrict to paths starting with /content
54 catu_components.insert(uri_components::PATH, catu::prefix_match("/content"));
55
56 // Restrict to .m3u8 files
57 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".m3u8"));
58
59 // Create a CATM claim (Common Access Token Methods)
60 let allowed_methods = vec!["GET", "HEAD"];
61
62 // Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some((now + 3000) as i64));
64
65 // Build the token with CAT-specific claims
66 TokenBuilder::new()
67 .algorithm(Algorithm::HmacSha256)
68 .protected_key_id(KeyId::string("example-key-id"))
69 .registered_claims(
70 RegisteredClaims::new()
71 .with_issuer("example-issuer")
72 .with_subject("example-subject")
73 .with_audience("example-audience")
74 .with_expiration(now + 3600) // 1 hour from now
75 .with_not_before(now)
76 .with_issued_at(now)
77 .with_cti(b"token-id-1234".to_vec()),
78 )
79 // Add CAT-specific claims
80 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
81 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
82 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
83 .custom_int(cat_keys::CATV, 1) // Version 1
84 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
85 .sign(key)
86 .expect("Failed to sign token")
87}More examples
examples/cat_validation.rs (line 84)
38fn create_token_with_cat_claims(key: &[u8], now: i64) -> common_access_token::Token {
39 println!("Creating token with CAT-specific claims...");
40
41 // 1. Create a CATU claim (Common Access Token URI)
42 let mut catu_components = BTreeMap::new();
43
44 // Restrict to https scheme
45 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
46
47 // Restrict to example.com host
48 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
49
50 // Restrict to paths starting with /api
51 catu_components.insert(uri_components::PATH, catu::prefix_match("/api"));
52
53 // Restrict to .json extension
54 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".json"));
55
56 println!(" Added CATU claim with URI restrictions");
57
58 // 2. Create a CATM claim (Common Access Token Methods)
59 let allowed_methods = vec!["GET", "HEAD", "OPTIONS"];
60 println!(" Added CATM claim allowing methods: {:?}", allowed_methods);
61
62 // 3. Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some(now + 3000));
64 println!(" Added CATR claim with automatic renewal");
65
66 // 4. Create a CATREPLAY claim (prohibit token replay)
67 println!(" Added CATREPLAY claim prohibiting token replay");
68
69 // Build the token with all CAT-specific claims
70 TokenBuilder::new()
71 .algorithm(Algorithm::HmacSha256)
72 .protected_key_id(KeyId::string("example-key-id"))
73 .registered_claims(
74 RegisteredClaims::new()
75 .with_issuer("example-issuer")
76 .with_subject("example-subject")
77 .with_audience("example-audience")
78 .with_expiration(now as u64 + 3600) // 1 hour from now
79 .with_not_before(now as u64)
80 .with_issued_at(now as u64)
81 .with_cti(b"token-id-1234".to_vec()),
82 )
83 // Add CAT-specific claims
84 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
85 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
86 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
87 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
88 .sign(key)
89 .expect("Failed to sign token")
90}examples/extended_cat_claims.rs (line 36)
20fn main() {
21 let key = b"my-secret-key-for-hmac-sha256";
22 let now = current_timestamp();
23
24 println!("=== Extended CAT Claims Example ===\n");
25
26 // Example 1: Token with probability of rejection (CATPOR)
27 println!("1. Creating token with CATPOR (25% rejection probability)");
28 let token_with_catpor = TokenBuilder::new()
29 .algorithm(Algorithm::HmacSha256)
30 .protected_key_id(KeyId::string("key-1"))
31 .registered_claims(
32 RegisteredClaims::new()
33 .with_issuer("example-issuer")
34 .with_expiration(now + 3600),
35 )
36 .custom_cbor(cat_keys::CATPOR, catpor::create(25))
37 .sign(key)
38 .expect("Failed to sign token");
39
40 println!(" ✓ Token created with CATPOR: 25% rejection probability\n");
41
42 // Example 2: Token with network IP restrictions (CATNIP)
43 println!("2. Creating token with CATNIP (IP restrictions)");
44 let token_with_catnip = TokenBuilder::new()
45 .algorithm(Algorithm::HmacSha256)
46 .protected_key_id(KeyId::string("key-2"))
47 .registered_claims(
48 RegisteredClaims::new()
49 .with_issuer("example-issuer")
50 .with_expiration(now + 3600),
51 )
52 .custom_array(
53 cat_keys::CATNIP,
54 catnip::create(vec!["192.168.1.0/24", "10.0.0.0/8"]),
55 )
56 .sign(key)
57 .expect("Failed to sign token");
58
59 println!(" ✓ Token created with CATNIP: 192.168.1.0/24, 10.0.0.0/8\n");
60
61 // Example 3: Token with ALPN restrictions (CATALPN)
62 println!("3. Creating token with CATALPN (HTTP/2 only)");
63 let token_with_catalpn = TokenBuilder::new()
64 .algorithm(Algorithm::HmacSha256)
65 .protected_key_id(KeyId::string("key-3"))
66 .registered_claims(
67 RegisteredClaims::new()
68 .with_issuer("example-issuer")
69 .with_expiration(now + 3600),
70 )
71 .custom_array(cat_keys::CATALPN, catalpn::http2_only())
72 .sign(key)
73 .expect("Failed to sign token");
74
75 println!(" ✓ Token created with CATALPN: h2 only\n");
76
77 // Example 4: Token with HTTP header requirements (CATH)
78 println!("4. Creating token with CATH (custom headers)");
79 let mut headers = BTreeMap::new();
80 headers.insert("X-API-Key", "secret-api-key");
81 headers.insert("X-Client-Version", "1.0");
82
83 let token_with_cath = TokenBuilder::new()
84 .algorithm(Algorithm::HmacSha256)
85 .protected_key_id(KeyId::string("key-4"))
86 .registered_claims(
87 RegisteredClaims::new()
88 .with_issuer("example-issuer")
89 .with_expiration(now + 3600),
90 )
91 .custom_cbor(cat_keys::CATH, cath::create(headers))
92 .sign(key)
93 .expect("Failed to sign token");
94
95 println!(" ✓ Token created with CATH: X-API-Key, X-Client-Version\n");
96
97 // Example 5: Token with geographic restrictions (CATGEO*)
98 println!("5. Creating token with geographic restrictions");
99 let token_with_geo = TokenBuilder::new()
100 .algorithm(Algorithm::HmacSha256)
101 .protected_key_id(KeyId::string("key-5"))
102 .registered_claims(
103 RegisteredClaims::new()
104 .with_issuer("example-issuer")
105 .with_expiration(now + 3600),
106 )
107 // Country restriction
108 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
109 // Coordinate restriction (New York City with 5km radius)
110 .custom_cbor(
111 cat_keys::CATGEOCOORD,
112 catgeocoord::with_radius(40.7128, -74.0060, 5000),
113 )
114 // Altitude restriction (0-1000 meters)
115 .custom_cbor(cat_keys::CATGEOALT, catgeoalt::range(0, 1000))
116 .sign(key)
117 .expect("Failed to sign token");
118
119 println!(" ✓ Token created with CATGEOISO3166: US");
120 println!(" ✓ Token created with CATGEOCOORD: NYC (40.7128, -74.0060) ±5km");
121 println!(" ✓ Token created with CATGEOALT: 0-1000m\n");
122
123 // Example 6: Token with TLS public key pinning (CATTPK)
124 println!("6. Creating token with CATTPK (TLS key pinning)");
125 // In a real scenario, this would be the SHA-256 hash of a certificate's public key
126 let public_key_hash = vec![
127 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
128 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
129 0xcd, 0xef,
130 ];
131
132 let token_with_cattpk = TokenBuilder::new()
133 .algorithm(Algorithm::HmacSha256)
134 .protected_key_id(KeyId::string("key-6"))
135 .registered_claims(
136 RegisteredClaims::new()
137 .with_issuer("example-issuer")
138 .with_expiration(now + 3600),
139 )
140 .custom_cbor(cat_keys::CATTPK, cattpk::create(public_key_hash.clone()))
141 .sign(key)
142 .expect("Failed to sign token");
143
144 println!(" ✓ Token created with CATTPK: public key hash (32 bytes)\n");
145
146 // Example 7: Token with DPoP settings (CATDPOP)
147 println!("7. Creating token with CATDPOP (DPoP required)");
148 let token_with_catdpop = TokenBuilder::new()
149 .algorithm(Algorithm::HmacSha256)
150 .protected_key_id(KeyId::string("key-7"))
151 .registered_claims(
152 RegisteredClaims::new()
153 .with_issuer("example-issuer")
154 .with_expiration(now + 3600),
155 )
156 .custom_cbor(cat_keys::CATDPOP, catdpop::required())
157 .sign(key)
158 .expect("Failed to sign token");
159
160 println!(" ✓ Token created with CATDPOP: DPoP required\n");
161
162 // Example 8: Token with conditional logic (CATIF/CATIFDATA)
163 println!("8. Creating token with CATIF and CATIFDATA");
164 let mut condition = BTreeMap::new();
165 condition.insert(0, common_access_token::CborValue::Text("role".to_string()));
166 condition.insert(
167 1,
168 common_access_token::CborValue::Text("equals".to_string()),
169 );
170 condition.insert(2, common_access_token::CborValue::Text("admin".to_string()));
171
172 let mut if_data = BTreeMap::new();
173 if_data.insert(0, common_access_token::CborValue::Text("role".to_string()));
174 if_data.insert(1, common_access_token::CborValue::Text("admin".to_string()));
175
176 let token_with_catif = TokenBuilder::new()
177 .algorithm(Algorithm::HmacSha256)
178 .protected_key_id(KeyId::string("key-8"))
179 .registered_claims(
180 RegisteredClaims::new()
181 .with_issuer("example-issuer")
182 .with_expiration(now + 3600),
183 )
184 .custom_cbor(cat_keys::CATIF, catif::create(condition))
185 .custom_cbor(cat_keys::CATIFDATA, catifdata::create(if_data))
186 .sign(key)
187 .expect("Failed to sign token");
188
189 println!(" ✓ Token created with CATIF: conditional logic");
190 println!(" ✓ Token created with CATIFDATA: role=admin\n");
191
192 // Example 9: Comprehensive token with multiple CAT claims
193 println!("9. Creating comprehensive token with multiple CAT claims");
194 let comprehensive_token = TokenBuilder::new()
195 .algorithm(Algorithm::HmacSha256)
196 .protected_key_id(KeyId::string("comprehensive-key"))
197 .registered_claims(
198 RegisteredClaims::new()
199 .with_issuer("secure-service")
200 .with_subject("user-12345")
201 .with_audience("api.example.com")
202 .with_expiration(now + 7200),
203 )
204 .custom_cbor(cat_keys::CATV, catv::with_version(1))
205 .custom_cbor(cat_keys::CATPOR, catpor::create(10))
206 .custom_array(cat_keys::CATNIP, catnip::single("203.0.113.0/24"))
207 .custom_array(cat_keys::CATALPN, catalpn::create(vec!["h2", "http/1.1"]))
208 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
209 .sign(key)
210 .expect("Failed to sign token");
211
212 println!(" ✓ Comprehensive token created with:");
213 println!(" - CATV: version 1");
214 println!(" - CATPOR: 10% rejection probability");
215 println!(" - CATNIP: 203.0.113.0/24");
216 println!(" - CATALPN: h2, http/1.1");
217 println!(" - CATGEOISO3166: US");
218
219 // Verify all tokens can be encoded
220 println!("\n=== Verification ===");
221 let tokens = vec![
222 ("CATPOR", &token_with_catpor),
223 ("CATNIP", &token_with_catnip),
224 ("CATALPN", &token_with_catalpn),
225 ("CATH", &token_with_cath),
226 ("CATGEO*", &token_with_geo),
227 ("CATTPK", &token_with_cattpk),
228 ("CATDPOP", &token_with_catdpop),
229 ("CATIF", &token_with_catif),
230 ("Comprehensive", &comprehensive_token),
231 ];
232
233 for (name, token) in tokens {
234 let token_bytes = token.to_bytes().expect("Failed to encode token");
235 println!("✓ {} token encoded ({} bytes)", name, token_bytes.len());
236 }
237
238 println!("\n=== All Extended CAT Claims Examples Completed Successfully ===");
239}Sourcepub fn custom_array(self, key: i32, value: Vec<CborValue>) -> Self
pub fn custom_array(self, key: i32, value: Vec<CborValue>) -> Self
Add a custom claim with an array value
Examples found in repository?
examples/cat_specific_claims.rs (line 84)
41fn create_token_with_cat_claims(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a CATU claim (Common Access Token URI)
45 let mut catu_components = BTreeMap::new();
46
47 // Restrict to https scheme
48 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
49
50 // Restrict to example.com host
51 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
52
53 // Restrict to paths starting with /content
54 catu_components.insert(uri_components::PATH, catu::prefix_match("/content"));
55
56 // Restrict to .m3u8 files
57 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".m3u8"));
58
59 // Create a CATM claim (Common Access Token Methods)
60 let allowed_methods = vec!["GET", "HEAD"];
61
62 // Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some((now + 3000) as i64));
64
65 // Build the token with CAT-specific claims
66 TokenBuilder::new()
67 .algorithm(Algorithm::HmacSha256)
68 .protected_key_id(KeyId::string("example-key-id"))
69 .registered_claims(
70 RegisteredClaims::new()
71 .with_issuer("example-issuer")
72 .with_subject("example-subject")
73 .with_audience("example-audience")
74 .with_expiration(now + 3600) // 1 hour from now
75 .with_not_before(now)
76 .with_issued_at(now)
77 .with_cti(b"token-id-1234".to_vec()),
78 )
79 // Add CAT-specific claims
80 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
81 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
82 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
83 .custom_int(cat_keys::CATV, 1) // Version 1
84 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
85 .sign(key)
86 .expect("Failed to sign token")
87}More examples
examples/cat_validation.rs (line 87)
38fn create_token_with_cat_claims(key: &[u8], now: i64) -> common_access_token::Token {
39 println!("Creating token with CAT-specific claims...");
40
41 // 1. Create a CATU claim (Common Access Token URI)
42 let mut catu_components = BTreeMap::new();
43
44 // Restrict to https scheme
45 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
46
47 // Restrict to example.com host
48 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
49
50 // Restrict to paths starting with /api
51 catu_components.insert(uri_components::PATH, catu::prefix_match("/api"));
52
53 // Restrict to .json extension
54 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".json"));
55
56 println!(" Added CATU claim with URI restrictions");
57
58 // 2. Create a CATM claim (Common Access Token Methods)
59 let allowed_methods = vec!["GET", "HEAD", "OPTIONS"];
60 println!(" Added CATM claim allowing methods: {:?}", allowed_methods);
61
62 // 3. Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some(now + 3000));
64 println!(" Added CATR claim with automatic renewal");
65
66 // 4. Create a CATREPLAY claim (prohibit token replay)
67 println!(" Added CATREPLAY claim prohibiting token replay");
68
69 // Build the token with all CAT-specific claims
70 TokenBuilder::new()
71 .algorithm(Algorithm::HmacSha256)
72 .protected_key_id(KeyId::string("example-key-id"))
73 .registered_claims(
74 RegisteredClaims::new()
75 .with_issuer("example-issuer")
76 .with_subject("example-subject")
77 .with_audience("example-audience")
78 .with_expiration(now as u64 + 3600) // 1 hour from now
79 .with_not_before(now as u64)
80 .with_issued_at(now as u64)
81 .with_cti(b"token-id-1234".to_vec()),
82 )
83 // Add CAT-specific claims
84 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
85 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
86 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
87 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
88 .sign(key)
89 .expect("Failed to sign token")
90}examples/extended_cat_claims.rs (lines 52-55)
20fn main() {
21 let key = b"my-secret-key-for-hmac-sha256";
22 let now = current_timestamp();
23
24 println!("=== Extended CAT Claims Example ===\n");
25
26 // Example 1: Token with probability of rejection (CATPOR)
27 println!("1. Creating token with CATPOR (25% rejection probability)");
28 let token_with_catpor = TokenBuilder::new()
29 .algorithm(Algorithm::HmacSha256)
30 .protected_key_id(KeyId::string("key-1"))
31 .registered_claims(
32 RegisteredClaims::new()
33 .with_issuer("example-issuer")
34 .with_expiration(now + 3600),
35 )
36 .custom_cbor(cat_keys::CATPOR, catpor::create(25))
37 .sign(key)
38 .expect("Failed to sign token");
39
40 println!(" ✓ Token created with CATPOR: 25% rejection probability\n");
41
42 // Example 2: Token with network IP restrictions (CATNIP)
43 println!("2. Creating token with CATNIP (IP restrictions)");
44 let token_with_catnip = TokenBuilder::new()
45 .algorithm(Algorithm::HmacSha256)
46 .protected_key_id(KeyId::string("key-2"))
47 .registered_claims(
48 RegisteredClaims::new()
49 .with_issuer("example-issuer")
50 .with_expiration(now + 3600),
51 )
52 .custom_array(
53 cat_keys::CATNIP,
54 catnip::create(vec!["192.168.1.0/24", "10.0.0.0/8"]),
55 )
56 .sign(key)
57 .expect("Failed to sign token");
58
59 println!(" ✓ Token created with CATNIP: 192.168.1.0/24, 10.0.0.0/8\n");
60
61 // Example 3: Token with ALPN restrictions (CATALPN)
62 println!("3. Creating token with CATALPN (HTTP/2 only)");
63 let token_with_catalpn = TokenBuilder::new()
64 .algorithm(Algorithm::HmacSha256)
65 .protected_key_id(KeyId::string("key-3"))
66 .registered_claims(
67 RegisteredClaims::new()
68 .with_issuer("example-issuer")
69 .with_expiration(now + 3600),
70 )
71 .custom_array(cat_keys::CATALPN, catalpn::http2_only())
72 .sign(key)
73 .expect("Failed to sign token");
74
75 println!(" ✓ Token created with CATALPN: h2 only\n");
76
77 // Example 4: Token with HTTP header requirements (CATH)
78 println!("4. Creating token with CATH (custom headers)");
79 let mut headers = BTreeMap::new();
80 headers.insert("X-API-Key", "secret-api-key");
81 headers.insert("X-Client-Version", "1.0");
82
83 let token_with_cath = TokenBuilder::new()
84 .algorithm(Algorithm::HmacSha256)
85 .protected_key_id(KeyId::string("key-4"))
86 .registered_claims(
87 RegisteredClaims::new()
88 .with_issuer("example-issuer")
89 .with_expiration(now + 3600),
90 )
91 .custom_cbor(cat_keys::CATH, cath::create(headers))
92 .sign(key)
93 .expect("Failed to sign token");
94
95 println!(" ✓ Token created with CATH: X-API-Key, X-Client-Version\n");
96
97 // Example 5: Token with geographic restrictions (CATGEO*)
98 println!("5. Creating token with geographic restrictions");
99 let token_with_geo = TokenBuilder::new()
100 .algorithm(Algorithm::HmacSha256)
101 .protected_key_id(KeyId::string("key-5"))
102 .registered_claims(
103 RegisteredClaims::new()
104 .with_issuer("example-issuer")
105 .with_expiration(now + 3600),
106 )
107 // Country restriction
108 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
109 // Coordinate restriction (New York City with 5km radius)
110 .custom_cbor(
111 cat_keys::CATGEOCOORD,
112 catgeocoord::with_radius(40.7128, -74.0060, 5000),
113 )
114 // Altitude restriction (0-1000 meters)
115 .custom_cbor(cat_keys::CATGEOALT, catgeoalt::range(0, 1000))
116 .sign(key)
117 .expect("Failed to sign token");
118
119 println!(" ✓ Token created with CATGEOISO3166: US");
120 println!(" ✓ Token created with CATGEOCOORD: NYC (40.7128, -74.0060) ±5km");
121 println!(" ✓ Token created with CATGEOALT: 0-1000m\n");
122
123 // Example 6: Token with TLS public key pinning (CATTPK)
124 println!("6. Creating token with CATTPK (TLS key pinning)");
125 // In a real scenario, this would be the SHA-256 hash of a certificate's public key
126 let public_key_hash = vec![
127 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
128 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
129 0xcd, 0xef,
130 ];
131
132 let token_with_cattpk = TokenBuilder::new()
133 .algorithm(Algorithm::HmacSha256)
134 .protected_key_id(KeyId::string("key-6"))
135 .registered_claims(
136 RegisteredClaims::new()
137 .with_issuer("example-issuer")
138 .with_expiration(now + 3600),
139 )
140 .custom_cbor(cat_keys::CATTPK, cattpk::create(public_key_hash.clone()))
141 .sign(key)
142 .expect("Failed to sign token");
143
144 println!(" ✓ Token created with CATTPK: public key hash (32 bytes)\n");
145
146 // Example 7: Token with DPoP settings (CATDPOP)
147 println!("7. Creating token with CATDPOP (DPoP required)");
148 let token_with_catdpop = TokenBuilder::new()
149 .algorithm(Algorithm::HmacSha256)
150 .protected_key_id(KeyId::string("key-7"))
151 .registered_claims(
152 RegisteredClaims::new()
153 .with_issuer("example-issuer")
154 .with_expiration(now + 3600),
155 )
156 .custom_cbor(cat_keys::CATDPOP, catdpop::required())
157 .sign(key)
158 .expect("Failed to sign token");
159
160 println!(" ✓ Token created with CATDPOP: DPoP required\n");
161
162 // Example 8: Token with conditional logic (CATIF/CATIFDATA)
163 println!("8. Creating token with CATIF and CATIFDATA");
164 let mut condition = BTreeMap::new();
165 condition.insert(0, common_access_token::CborValue::Text("role".to_string()));
166 condition.insert(
167 1,
168 common_access_token::CborValue::Text("equals".to_string()),
169 );
170 condition.insert(2, common_access_token::CborValue::Text("admin".to_string()));
171
172 let mut if_data = BTreeMap::new();
173 if_data.insert(0, common_access_token::CborValue::Text("role".to_string()));
174 if_data.insert(1, common_access_token::CborValue::Text("admin".to_string()));
175
176 let token_with_catif = TokenBuilder::new()
177 .algorithm(Algorithm::HmacSha256)
178 .protected_key_id(KeyId::string("key-8"))
179 .registered_claims(
180 RegisteredClaims::new()
181 .with_issuer("example-issuer")
182 .with_expiration(now + 3600),
183 )
184 .custom_cbor(cat_keys::CATIF, catif::create(condition))
185 .custom_cbor(cat_keys::CATIFDATA, catifdata::create(if_data))
186 .sign(key)
187 .expect("Failed to sign token");
188
189 println!(" ✓ Token created with CATIF: conditional logic");
190 println!(" ✓ Token created with CATIFDATA: role=admin\n");
191
192 // Example 9: Comprehensive token with multiple CAT claims
193 println!("9. Creating comprehensive token with multiple CAT claims");
194 let comprehensive_token = TokenBuilder::new()
195 .algorithm(Algorithm::HmacSha256)
196 .protected_key_id(KeyId::string("comprehensive-key"))
197 .registered_claims(
198 RegisteredClaims::new()
199 .with_issuer("secure-service")
200 .with_subject("user-12345")
201 .with_audience("api.example.com")
202 .with_expiration(now + 7200),
203 )
204 .custom_cbor(cat_keys::CATV, catv::with_version(1))
205 .custom_cbor(cat_keys::CATPOR, catpor::create(10))
206 .custom_array(cat_keys::CATNIP, catnip::single("203.0.113.0/24"))
207 .custom_array(cat_keys::CATALPN, catalpn::create(vec!["h2", "http/1.1"]))
208 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
209 .sign(key)
210 .expect("Failed to sign token");
211
212 println!(" ✓ Comprehensive token created with:");
213 println!(" - CATV: version 1");
214 println!(" - CATPOR: 10% rejection probability");
215 println!(" - CATNIP: 203.0.113.0/24");
216 println!(" - CATALPN: h2, http/1.1");
217 println!(" - CATGEOISO3166: US");
218
219 // Verify all tokens can be encoded
220 println!("\n=== Verification ===");
221 let tokens = vec![
222 ("CATPOR", &token_with_catpor),
223 ("CATNIP", &token_with_catnip),
224 ("CATALPN", &token_with_catalpn),
225 ("CATH", &token_with_cath),
226 ("CATGEO*", &token_with_geo),
227 ("CATTPK", &token_with_cattpk),
228 ("CATDPOP", &token_with_catdpop),
229 ("CATIF", &token_with_catif),
230 ("Comprehensive", &comprehensive_token),
231 ];
232
233 for (name, token) in tokens {
234 let token_bytes = token.to_bytes().expect("Failed to encode token");
235 println!("✓ {} token encoded ({} bytes)", name, token_bytes.len());
236 }
237
238 println!("\n=== All Extended CAT Claims Examples Completed Successfully ===");
239}Sourcepub fn expires_in_secs(self, seconds: u64) -> Self
pub fn expires_in_secs(self, seconds: u64) -> Self
Set expiration time relative to now (in seconds)
This is a convenience method that sets the expiration claim to the current time plus the specified number of seconds.
§Example
use common_access_token::{TokenBuilder, Algorithm, current_timestamp};
let key = b"my-secret-key";
// Token expires in 1 hour
let token = TokenBuilder::new()
.algorithm(Algorithm::HmacSha256)
.expires_in_secs(3600)
.sign(key)
.unwrap();
assert!(!token.is_expired());Sourcepub fn expires_in(self, duration: Duration) -> Self
pub fn expires_in(self, duration: Duration) -> Self
Set expiration time relative to now using a Duration
This is a convenience method that sets the expiration claim to the current time plus the specified duration.
§Example
use common_access_token::{TokenBuilder, Algorithm};
use std::time::Duration;
let key = b"my-secret-key";
// Token expires in 1 hour
let token = TokenBuilder::new()
.algorithm(Algorithm::HmacSha256)
.expires_in(Duration::from_secs(3600))
.sign(key)
.unwrap();
assert!(!token.is_expired());Sourcepub fn valid_for_secs(self, seconds: u64) -> Self
pub fn valid_for_secs(self, seconds: u64) -> Self
Set token lifetime with issued-at and expiration claims
This convenience method sets both the iat (issued at) and exp (expiration) claims.
The issued-at is set to the current time, and expiration is set to current time plus the specified seconds.
§Example
use common_access_token::{TokenBuilder, Algorithm};
let key = b"my-secret-key";
// Token valid for 1 hour
let token = TokenBuilder::new()
.algorithm(Algorithm::HmacSha256)
.valid_for_secs(3600)
.sign(key)
.unwrap();
assert!(token.issued_at().is_some());
assert!(token.expiration().is_some());Sourcepub fn valid_for(self, duration: Duration) -> Self
pub fn valid_for(self, duration: Duration) -> Self
Set token lifetime with issued-at and expiration claims using a Duration
This convenience method sets both the iat (issued at) and exp (expiration) claims.
The issued-at is set to the current time, and expiration is set to current time plus the specified duration.
§Example
use common_access_token::{TokenBuilder, Algorithm};
use std::time::Duration;
let key = b"my-secret-key";
// Token valid for 1 hour
let token = TokenBuilder::new()
.algorithm(Algorithm::HmacSha256)
.valid_for(Duration::from_secs(3600))
.sign(key)
.unwrap();
assert!(token.issued_at().is_some());
assert!(token.expiration().is_some());Sourcepub fn sign(self, key: &[u8]) -> Result<Token, Error>
pub fn sign(self, key: &[u8]) -> Result<Token, Error>
Build and sign the token
Examples found in repository?
examples/basic_usage.rs (line 61)
41fn create_token_with_string_kid(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a token with string key ID
45 TokenBuilder::new()
46 .algorithm(Algorithm::HmacSha256)
47 .protected_key_id(KeyId::string("string-key-example"))
48 .registered_claims(
49 RegisteredClaims::new()
50 .with_issuer("example-issuer")
51 .with_subject("example-subject")
52 .with_audience("example-audience")
53 .with_expiration(now + 3600) // 1 hour from now
54 .with_not_before(now)
55 .with_issued_at(now)
56 .with_cti(b"token-id-1234".to_vec()),
57 )
58 .custom_string(100, "custom-string-value")
59 .custom_binary(101, b"custom-binary-value".to_vec())
60 .custom_int(102, 12345)
61 .sign(key)
62 .expect("Failed to sign token")
63}
64
65/// Create a token with a binary key ID
66fn create_token_with_binary_kid(key: &[u8]) -> common_access_token::Token {
67 let now = current_timestamp();
68 let binary_kid = vec![0x01, 0x02, 0x03, 0x04, 0x05];
69
70 // Create a token with binary key ID
71 TokenBuilder::new()
72 .algorithm(Algorithm::HmacSha256)
73 .protected_key_id(KeyId::binary(binary_kid))
74 .registered_claims(
75 RegisteredClaims::new()
76 .with_issuer("example-issuer")
77 .with_subject("example-subject")
78 .with_audience("example-audience")
79 .with_expiration(now + 3600) // 1 hour from now
80 .with_not_before(now)
81 .with_issued_at(now),
82 )
83 .sign(key)
84 .expect("Failed to sign token")
85}
86
87/// Create a token with a nested map claim
88fn create_token_with_nested_map(key: &[u8]) -> common_access_token::Token {
89 let now = current_timestamp();
90
91 // Create a nested map for the token
92 let mut nested_map = BTreeMap::new();
93 nested_map.insert(1, CborValue::Text("nested-text-value".to_string()));
94 nested_map.insert(2, CborValue::Integer(42));
95 nested_map.insert(3, CborValue::Bytes(vec![1, 2, 3, 4, 5]));
96
97 // Create a second level nested map
98 let mut second_level_map = BTreeMap::new();
99 second_level_map.insert(1, CborValue::Text("second-level-text".to_string()));
100 second_level_map.insert(2, CborValue::Integer(99));
101
102 // Add the second level map to the first level
103 nested_map.insert(4, CborValue::Map(second_level_map));
104
105 // Create a token with a nested map claim
106 TokenBuilder::new()
107 .algorithm(Algorithm::HmacSha256)
108 .protected_key_id(KeyId::string("nested-map-example"))
109 .registered_claims(
110 RegisteredClaims::new()
111 .with_issuer("example-issuer")
112 .with_subject("example-subject")
113 .with_audience("example-audience")
114 .with_expiration(now + 3600) // 1 hour from now
115 .with_not_before(now)
116 .with_issued_at(now),
117 )
118 .custom_map(200, nested_map)
119 .sign(key)
120 .expect("Failed to sign token")
121}More examples
examples/cat_specific_claims.rs (line 85)
41fn create_token_with_cat_claims(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a CATU claim (Common Access Token URI)
45 let mut catu_components = BTreeMap::new();
46
47 // Restrict to https scheme
48 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
49
50 // Restrict to example.com host
51 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
52
53 // Restrict to paths starting with /content
54 catu_components.insert(uri_components::PATH, catu::prefix_match("/content"));
55
56 // Restrict to .m3u8 files
57 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".m3u8"));
58
59 // Create a CATM claim (Common Access Token Methods)
60 let allowed_methods = vec!["GET", "HEAD"];
61
62 // Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some((now + 3000) as i64));
64
65 // Build the token with CAT-specific claims
66 TokenBuilder::new()
67 .algorithm(Algorithm::HmacSha256)
68 .protected_key_id(KeyId::string("example-key-id"))
69 .registered_claims(
70 RegisteredClaims::new()
71 .with_issuer("example-issuer")
72 .with_subject("example-subject")
73 .with_audience("example-audience")
74 .with_expiration(now + 3600) // 1 hour from now
75 .with_not_before(now)
76 .with_issued_at(now)
77 .with_cti(b"token-id-1234".to_vec()),
78 )
79 // Add CAT-specific claims
80 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
81 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
82 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
83 .custom_int(cat_keys::CATV, 1) // Version 1
84 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
85 .sign(key)
86 .expect("Failed to sign token")
87}examples/cat_validation.rs (line 88)
38fn create_token_with_cat_claims(key: &[u8], now: i64) -> common_access_token::Token {
39 println!("Creating token with CAT-specific claims...");
40
41 // 1. Create a CATU claim (Common Access Token URI)
42 let mut catu_components = BTreeMap::new();
43
44 // Restrict to https scheme
45 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
46
47 // Restrict to example.com host
48 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
49
50 // Restrict to paths starting with /api
51 catu_components.insert(uri_components::PATH, catu::prefix_match("/api"));
52
53 // Restrict to .json extension
54 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".json"));
55
56 println!(" Added CATU claim with URI restrictions");
57
58 // 2. Create a CATM claim (Common Access Token Methods)
59 let allowed_methods = vec!["GET", "HEAD", "OPTIONS"];
60 println!(" Added CATM claim allowing methods: {:?}", allowed_methods);
61
62 // 3. Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some(now + 3000));
64 println!(" Added CATR claim with automatic renewal");
65
66 // 4. Create a CATREPLAY claim (prohibit token replay)
67 println!(" Added CATREPLAY claim prohibiting token replay");
68
69 // Build the token with all CAT-specific claims
70 TokenBuilder::new()
71 .algorithm(Algorithm::HmacSha256)
72 .protected_key_id(KeyId::string("example-key-id"))
73 .registered_claims(
74 RegisteredClaims::new()
75 .with_issuer("example-issuer")
76 .with_subject("example-subject")
77 .with_audience("example-audience")
78 .with_expiration(now as u64 + 3600) // 1 hour from now
79 .with_not_before(now as u64)
80 .with_issued_at(now as u64)
81 .with_cti(b"token-id-1234".to_vec()),
82 )
83 // Add CAT-specific claims
84 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
85 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
86 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
87 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
88 .sign(key)
89 .expect("Failed to sign token")
90}examples/extended_cat_claims.rs (line 37)
20fn main() {
21 let key = b"my-secret-key-for-hmac-sha256";
22 let now = current_timestamp();
23
24 println!("=== Extended CAT Claims Example ===\n");
25
26 // Example 1: Token with probability of rejection (CATPOR)
27 println!("1. Creating token with CATPOR (25% rejection probability)");
28 let token_with_catpor = TokenBuilder::new()
29 .algorithm(Algorithm::HmacSha256)
30 .protected_key_id(KeyId::string("key-1"))
31 .registered_claims(
32 RegisteredClaims::new()
33 .with_issuer("example-issuer")
34 .with_expiration(now + 3600),
35 )
36 .custom_cbor(cat_keys::CATPOR, catpor::create(25))
37 .sign(key)
38 .expect("Failed to sign token");
39
40 println!(" ✓ Token created with CATPOR: 25% rejection probability\n");
41
42 // Example 2: Token with network IP restrictions (CATNIP)
43 println!("2. Creating token with CATNIP (IP restrictions)");
44 let token_with_catnip = TokenBuilder::new()
45 .algorithm(Algorithm::HmacSha256)
46 .protected_key_id(KeyId::string("key-2"))
47 .registered_claims(
48 RegisteredClaims::new()
49 .with_issuer("example-issuer")
50 .with_expiration(now + 3600),
51 )
52 .custom_array(
53 cat_keys::CATNIP,
54 catnip::create(vec!["192.168.1.0/24", "10.0.0.0/8"]),
55 )
56 .sign(key)
57 .expect("Failed to sign token");
58
59 println!(" ✓ Token created with CATNIP: 192.168.1.0/24, 10.0.0.0/8\n");
60
61 // Example 3: Token with ALPN restrictions (CATALPN)
62 println!("3. Creating token with CATALPN (HTTP/2 only)");
63 let token_with_catalpn = TokenBuilder::new()
64 .algorithm(Algorithm::HmacSha256)
65 .protected_key_id(KeyId::string("key-3"))
66 .registered_claims(
67 RegisteredClaims::new()
68 .with_issuer("example-issuer")
69 .with_expiration(now + 3600),
70 )
71 .custom_array(cat_keys::CATALPN, catalpn::http2_only())
72 .sign(key)
73 .expect("Failed to sign token");
74
75 println!(" ✓ Token created with CATALPN: h2 only\n");
76
77 // Example 4: Token with HTTP header requirements (CATH)
78 println!("4. Creating token with CATH (custom headers)");
79 let mut headers = BTreeMap::new();
80 headers.insert("X-API-Key", "secret-api-key");
81 headers.insert("X-Client-Version", "1.0");
82
83 let token_with_cath = TokenBuilder::new()
84 .algorithm(Algorithm::HmacSha256)
85 .protected_key_id(KeyId::string("key-4"))
86 .registered_claims(
87 RegisteredClaims::new()
88 .with_issuer("example-issuer")
89 .with_expiration(now + 3600),
90 )
91 .custom_cbor(cat_keys::CATH, cath::create(headers))
92 .sign(key)
93 .expect("Failed to sign token");
94
95 println!(" ✓ Token created with CATH: X-API-Key, X-Client-Version\n");
96
97 // Example 5: Token with geographic restrictions (CATGEO*)
98 println!("5. Creating token with geographic restrictions");
99 let token_with_geo = TokenBuilder::new()
100 .algorithm(Algorithm::HmacSha256)
101 .protected_key_id(KeyId::string("key-5"))
102 .registered_claims(
103 RegisteredClaims::new()
104 .with_issuer("example-issuer")
105 .with_expiration(now + 3600),
106 )
107 // Country restriction
108 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
109 // Coordinate restriction (New York City with 5km radius)
110 .custom_cbor(
111 cat_keys::CATGEOCOORD,
112 catgeocoord::with_radius(40.7128, -74.0060, 5000),
113 )
114 // Altitude restriction (0-1000 meters)
115 .custom_cbor(cat_keys::CATGEOALT, catgeoalt::range(0, 1000))
116 .sign(key)
117 .expect("Failed to sign token");
118
119 println!(" ✓ Token created with CATGEOISO3166: US");
120 println!(" ✓ Token created with CATGEOCOORD: NYC (40.7128, -74.0060) ±5km");
121 println!(" ✓ Token created with CATGEOALT: 0-1000m\n");
122
123 // Example 6: Token with TLS public key pinning (CATTPK)
124 println!("6. Creating token with CATTPK (TLS key pinning)");
125 // In a real scenario, this would be the SHA-256 hash of a certificate's public key
126 let public_key_hash = vec![
127 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
128 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
129 0xcd, 0xef,
130 ];
131
132 let token_with_cattpk = TokenBuilder::new()
133 .algorithm(Algorithm::HmacSha256)
134 .protected_key_id(KeyId::string("key-6"))
135 .registered_claims(
136 RegisteredClaims::new()
137 .with_issuer("example-issuer")
138 .with_expiration(now + 3600),
139 )
140 .custom_cbor(cat_keys::CATTPK, cattpk::create(public_key_hash.clone()))
141 .sign(key)
142 .expect("Failed to sign token");
143
144 println!(" ✓ Token created with CATTPK: public key hash (32 bytes)\n");
145
146 // Example 7: Token with DPoP settings (CATDPOP)
147 println!("7. Creating token with CATDPOP (DPoP required)");
148 let token_with_catdpop = TokenBuilder::new()
149 .algorithm(Algorithm::HmacSha256)
150 .protected_key_id(KeyId::string("key-7"))
151 .registered_claims(
152 RegisteredClaims::new()
153 .with_issuer("example-issuer")
154 .with_expiration(now + 3600),
155 )
156 .custom_cbor(cat_keys::CATDPOP, catdpop::required())
157 .sign(key)
158 .expect("Failed to sign token");
159
160 println!(" ✓ Token created with CATDPOP: DPoP required\n");
161
162 // Example 8: Token with conditional logic (CATIF/CATIFDATA)
163 println!("8. Creating token with CATIF and CATIFDATA");
164 let mut condition = BTreeMap::new();
165 condition.insert(0, common_access_token::CborValue::Text("role".to_string()));
166 condition.insert(
167 1,
168 common_access_token::CborValue::Text("equals".to_string()),
169 );
170 condition.insert(2, common_access_token::CborValue::Text("admin".to_string()));
171
172 let mut if_data = BTreeMap::new();
173 if_data.insert(0, common_access_token::CborValue::Text("role".to_string()));
174 if_data.insert(1, common_access_token::CborValue::Text("admin".to_string()));
175
176 let token_with_catif = TokenBuilder::new()
177 .algorithm(Algorithm::HmacSha256)
178 .protected_key_id(KeyId::string("key-8"))
179 .registered_claims(
180 RegisteredClaims::new()
181 .with_issuer("example-issuer")
182 .with_expiration(now + 3600),
183 )
184 .custom_cbor(cat_keys::CATIF, catif::create(condition))
185 .custom_cbor(cat_keys::CATIFDATA, catifdata::create(if_data))
186 .sign(key)
187 .expect("Failed to sign token");
188
189 println!(" ✓ Token created with CATIF: conditional logic");
190 println!(" ✓ Token created with CATIFDATA: role=admin\n");
191
192 // Example 9: Comprehensive token with multiple CAT claims
193 println!("9. Creating comprehensive token with multiple CAT claims");
194 let comprehensive_token = TokenBuilder::new()
195 .algorithm(Algorithm::HmacSha256)
196 .protected_key_id(KeyId::string("comprehensive-key"))
197 .registered_claims(
198 RegisteredClaims::new()
199 .with_issuer("secure-service")
200 .with_subject("user-12345")
201 .with_audience("api.example.com")
202 .with_expiration(now + 7200),
203 )
204 .custom_cbor(cat_keys::CATV, catv::with_version(1))
205 .custom_cbor(cat_keys::CATPOR, catpor::create(10))
206 .custom_array(cat_keys::CATNIP, catnip::single("203.0.113.0/24"))
207 .custom_array(cat_keys::CATALPN, catalpn::create(vec!["h2", "http/1.1"]))
208 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
209 .sign(key)
210 .expect("Failed to sign token");
211
212 println!(" ✓ Comprehensive token created with:");
213 println!(" - CATV: version 1");
214 println!(" - CATPOR: 10% rejection probability");
215 println!(" - CATNIP: 203.0.113.0/24");
216 println!(" - CATALPN: h2, http/1.1");
217 println!(" - CATGEOISO3166: US");
218
219 // Verify all tokens can be encoded
220 println!("\n=== Verification ===");
221 let tokens = vec![
222 ("CATPOR", &token_with_catpor),
223 ("CATNIP", &token_with_catnip),
224 ("CATALPN", &token_with_catalpn),
225 ("CATH", &token_with_cath),
226 ("CATGEO*", &token_with_geo),
227 ("CATTPK", &token_with_cattpk),
228 ("CATDPOP", &token_with_catdpop),
229 ("CATIF", &token_with_catif),
230 ("Comprehensive", &comprehensive_token),
231 ];
232
233 for (name, token) in tokens {
234 let token_bytes = token.to_bytes().expect("Failed to encode token");
235 println!("✓ {} token encoded ({} bytes)", name, token_bytes.len());
236 }
237
238 println!("\n=== All Extended CAT Claims Examples Completed Successfully ===");
239}Trait Implementations§
Source§impl Clone for TokenBuilder
impl Clone for TokenBuilder
Source§fn clone(&self) -> TokenBuilder
fn clone(&self) -> TokenBuilder
Returns a duplicate of the value. Read more
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from
source. Read moreSource§impl Debug for TokenBuilder
impl Debug for TokenBuilder
Source§impl Default for TokenBuilder
impl Default for TokenBuilder
Source§fn default() -> TokenBuilder
fn default() -> TokenBuilder
Returns the “default value” for a type. Read more
Auto Trait Implementations§
impl Freeze for TokenBuilder
impl RefUnwindSafe for TokenBuilder
impl Send for TokenBuilder
impl Sync for TokenBuilder
impl Unpin for TokenBuilder
impl UnwindSafe for TokenBuilder
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more