pub fn current_timestamp() -> u64Expand description
Get current timestamp in seconds since Unix epoch
Examples found in repository?
examples/basic_usage.rs (line 42)
41fn create_token_with_string_kid(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a token with string key ID
45 TokenBuilder::new()
46 .algorithm(Algorithm::HmacSha256)
47 .protected_key_id(KeyId::string("string-key-example"))
48 .registered_claims(
49 RegisteredClaims::new()
50 .with_issuer("example-issuer")
51 .with_subject("example-subject")
52 .with_audience("example-audience")
53 .with_expiration(now + 3600) // 1 hour from now
54 .with_not_before(now)
55 .with_issued_at(now)
56 .with_cti(b"token-id-1234".to_vec()),
57 )
58 .custom_string(100, "custom-string-value")
59 .custom_binary(101, b"custom-binary-value".to_vec())
60 .custom_int(102, 12345)
61 .sign(key)
62 .expect("Failed to sign token")
63}
64
65/// Create a token with a binary key ID
66fn create_token_with_binary_kid(key: &[u8]) -> common_access_token::Token {
67 let now = current_timestamp();
68 let binary_kid = vec![0x01, 0x02, 0x03, 0x04, 0x05];
69
70 // Create a token with binary key ID
71 TokenBuilder::new()
72 .algorithm(Algorithm::HmacSha256)
73 .protected_key_id(KeyId::binary(binary_kid))
74 .registered_claims(
75 RegisteredClaims::new()
76 .with_issuer("example-issuer")
77 .with_subject("example-subject")
78 .with_audience("example-audience")
79 .with_expiration(now + 3600) // 1 hour from now
80 .with_not_before(now)
81 .with_issued_at(now),
82 )
83 .sign(key)
84 .expect("Failed to sign token")
85}
86
87/// Create a token with a nested map claim
88fn create_token_with_nested_map(key: &[u8]) -> common_access_token::Token {
89 let now = current_timestamp();
90
91 // Create a nested map for the token
92 let mut nested_map = BTreeMap::new();
93 nested_map.insert(1, CborValue::Text("nested-text-value".to_string()));
94 nested_map.insert(2, CborValue::Integer(42));
95 nested_map.insert(3, CborValue::Bytes(vec![1, 2, 3, 4, 5]));
96
97 // Create a second level nested map
98 let mut second_level_map = BTreeMap::new();
99 second_level_map.insert(1, CborValue::Text("second-level-text".to_string()));
100 second_level_map.insert(2, CborValue::Integer(99));
101
102 // Add the second level map to the first level
103 nested_map.insert(4, CborValue::Map(second_level_map));
104
105 // Create a token with a nested map claim
106 TokenBuilder::new()
107 .algorithm(Algorithm::HmacSha256)
108 .protected_key_id(KeyId::string("nested-map-example"))
109 .registered_claims(
110 RegisteredClaims::new()
111 .with_issuer("example-issuer")
112 .with_subject("example-subject")
113 .with_audience("example-audience")
114 .with_expiration(now + 3600) // 1 hour from now
115 .with_not_before(now)
116 .with_issued_at(now),
117 )
118 .custom_map(200, nested_map)
119 .sign(key)
120 .expect("Failed to sign token")
121}
122
123/// Verify a token
124fn verify_token(token_bytes: &[u8], key: &[u8], expected_token_type: &str) {
125 // Decode the token
126 let token = match common_access_token::Token::from_bytes(token_bytes) {
127 Ok(token) => token,
128 Err(err) => {
129 println!("Failed to decode {} token: {}", expected_token_type, err);
130 return;
131 }
132 };
133
134 // Verify the signature
135 if let Err(err) = token.verify(key) {
136 println!(
137 "Failed to verify {} token signature: {}",
138 expected_token_type, err
139 );
140 return;
141 }
142
143 // Verify the claims
144 let options = VerificationOptions::new()
145 .verify_exp(true)
146 .verify_nbf(true)
147 .expected_issuer("example-issuer")
148 .expected_audience("example-audience");
149
150 if let Err(err) = token.verify_claims(&options) {
151 println!(
152 "Failed to verify {} token claims: {}",
153 expected_token_type, err
154 );
155 return;
156 }
157
158 // Get the key ID
159 let kid = token.header.key_id().expect("No key ID in token");
160 let kid_str = match &kid {
161 KeyId::Binary(data) => format!("Binary key ID: {:?}", data),
162 KeyId::String(data) => format!("String key ID: {}", data),
163 };
164
165 println!(
166 "Successfully verified {} token ({})",
167 expected_token_type, kid_str
168 );
169
170 // Print some claims
171 if let Some(iss) = &token.claims.registered.iss {
172 println!(" Issuer: {}", iss);
173 }
174 if let Some(sub) = &token.claims.registered.sub {
175 println!(" Subject: {}", sub);
176 }
177 if let Some(exp) = token.claims.registered.exp {
178 println!(
179 " Expires at: {} (in {} seconds)",
180 exp,
181 exp - current_timestamp()
182 );
183 }
184}More examples
examples/cat_validation.rs (line 10)
7fn main() {
8 // Create a key for signing and verification
9 let key = b"my-secret-key-for-hmac-sha256";
10 let now = current_timestamp() as i64;
11
12 // Create a token with multiple CAT-specific claims
13 let token = create_token_with_cat_claims(key, now);
14
15 // Encode token to bytes
16 let token_bytes = token.to_bytes().expect("Failed to encode token");
17 println!(
18 "Token with CAT claims encoded to {} bytes",
19 token_bytes.len()
20 );
21
22 // Decode the token
23 let decoded_token =
24 common_access_token::Token::from_bytes(&token_bytes).expect("Failed to decode token");
25
26 // Verify signature
27 decoded_token
28 .verify(key)
29 .expect("Failed to verify signature");
30
31 // Demonstrate different CAT-specific claim validations
32 validate_catu_claim(&decoded_token);
33 validate_catm_claim(&decoded_token);
34 validate_catreplay_claim(&decoded_token);
35}examples/cat_specific_claims.rs (line 42)
41fn create_token_with_cat_claims(key: &[u8]) -> common_access_token::Token {
42 let now = current_timestamp();
43
44 // Create a CATU claim (Common Access Token URI)
45 let mut catu_components = BTreeMap::new();
46
47 // Restrict to https scheme
48 catu_components.insert(uri_components::SCHEME, catu::exact_match("https"));
49
50 // Restrict to example.com host
51 catu_components.insert(uri_components::HOST, catu::suffix_match(".example.com"));
52
53 // Restrict to paths starting with /content
54 catu_components.insert(uri_components::PATH, catu::prefix_match("/content"));
55
56 // Restrict to .m3u8 files
57 catu_components.insert(uri_components::EXTENSION, catu::exact_match(".m3u8"));
58
59 // Create a CATM claim (Common Access Token Methods)
60 let allowed_methods = vec!["GET", "HEAD"];
61
62 // Create a CATR claim (Common Access Token Renewal)
63 let renewal_params = catr::automatic_renewal(3600, Some((now + 3000) as i64));
64
65 // Build the token with CAT-specific claims
66 TokenBuilder::new()
67 .algorithm(Algorithm::HmacSha256)
68 .protected_key_id(KeyId::string("example-key-id"))
69 .registered_claims(
70 RegisteredClaims::new()
71 .with_issuer("example-issuer")
72 .with_subject("example-subject")
73 .with_audience("example-audience")
74 .with_expiration(now + 3600) // 1 hour from now
75 .with_not_before(now)
76 .with_issued_at(now)
77 .with_cti(b"token-id-1234".to_vec()),
78 )
79 // Add CAT-specific claims
80 .custom_cbor(cat_keys::CATU, catu::create(catu_components))
81 .custom_cbor(cat_keys::CATR, catr::create(renewal_params))
82 .custom_cbor(cat_keys::CATREPLAY, catreplay::prohibited())
83 .custom_int(cat_keys::CATV, 1) // Version 1
84 .custom_array(cat_keys::CATM, catm::create(allowed_methods))
85 .sign(key)
86 .expect("Failed to sign token")
87}examples/extended_cat_claims.rs (line 22)
20fn main() {
21 let key = b"my-secret-key-for-hmac-sha256";
22 let now = current_timestamp();
23
24 println!("=== Extended CAT Claims Example ===\n");
25
26 // Example 1: Token with probability of rejection (CATPOR)
27 println!("1. Creating token with CATPOR (25% rejection probability)");
28 let token_with_catpor = TokenBuilder::new()
29 .algorithm(Algorithm::HmacSha256)
30 .protected_key_id(KeyId::string("key-1"))
31 .registered_claims(
32 RegisteredClaims::new()
33 .with_issuer("example-issuer")
34 .with_expiration(now + 3600),
35 )
36 .custom_cbor(cat_keys::CATPOR, catpor::create(25))
37 .sign(key)
38 .expect("Failed to sign token");
39
40 println!(" ✓ Token created with CATPOR: 25% rejection probability\n");
41
42 // Example 2: Token with network IP restrictions (CATNIP)
43 println!("2. Creating token with CATNIP (IP restrictions)");
44 let token_with_catnip = TokenBuilder::new()
45 .algorithm(Algorithm::HmacSha256)
46 .protected_key_id(KeyId::string("key-2"))
47 .registered_claims(
48 RegisteredClaims::new()
49 .with_issuer("example-issuer")
50 .with_expiration(now + 3600),
51 )
52 .custom_array(
53 cat_keys::CATNIP,
54 catnip::create(vec!["192.168.1.0/24", "10.0.0.0/8"]),
55 )
56 .sign(key)
57 .expect("Failed to sign token");
58
59 println!(" ✓ Token created with CATNIP: 192.168.1.0/24, 10.0.0.0/8\n");
60
61 // Example 3: Token with ALPN restrictions (CATALPN)
62 println!("3. Creating token with CATALPN (HTTP/2 only)");
63 let token_with_catalpn = TokenBuilder::new()
64 .algorithm(Algorithm::HmacSha256)
65 .protected_key_id(KeyId::string("key-3"))
66 .registered_claims(
67 RegisteredClaims::new()
68 .with_issuer("example-issuer")
69 .with_expiration(now + 3600),
70 )
71 .custom_array(cat_keys::CATALPN, catalpn::http2_only())
72 .sign(key)
73 .expect("Failed to sign token");
74
75 println!(" ✓ Token created with CATALPN: h2 only\n");
76
77 // Example 4: Token with HTTP header requirements (CATH)
78 println!("4. Creating token with CATH (custom headers)");
79 let mut headers = BTreeMap::new();
80 headers.insert("X-API-Key", "secret-api-key");
81 headers.insert("X-Client-Version", "1.0");
82
83 let token_with_cath = TokenBuilder::new()
84 .algorithm(Algorithm::HmacSha256)
85 .protected_key_id(KeyId::string("key-4"))
86 .registered_claims(
87 RegisteredClaims::new()
88 .with_issuer("example-issuer")
89 .with_expiration(now + 3600),
90 )
91 .custom_cbor(cat_keys::CATH, cath::create(headers))
92 .sign(key)
93 .expect("Failed to sign token");
94
95 println!(" ✓ Token created with CATH: X-API-Key, X-Client-Version\n");
96
97 // Example 5: Token with geographic restrictions (CATGEO*)
98 println!("5. Creating token with geographic restrictions");
99 let token_with_geo = TokenBuilder::new()
100 .algorithm(Algorithm::HmacSha256)
101 .protected_key_id(KeyId::string("key-5"))
102 .registered_claims(
103 RegisteredClaims::new()
104 .with_issuer("example-issuer")
105 .with_expiration(now + 3600),
106 )
107 // Country restriction
108 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
109 // Coordinate restriction (New York City with 5km radius)
110 .custom_cbor(
111 cat_keys::CATGEOCOORD,
112 catgeocoord::with_radius(40.7128, -74.0060, 5000),
113 )
114 // Altitude restriction (0-1000 meters)
115 .custom_cbor(cat_keys::CATGEOALT, catgeoalt::range(0, 1000))
116 .sign(key)
117 .expect("Failed to sign token");
118
119 println!(" ✓ Token created with CATGEOISO3166: US");
120 println!(" ✓ Token created with CATGEOCOORD: NYC (40.7128, -74.0060) ±5km");
121 println!(" ✓ Token created with CATGEOALT: 0-1000m\n");
122
123 // Example 6: Token with TLS public key pinning (CATTPK)
124 println!("6. Creating token with CATTPK (TLS key pinning)");
125 // In a real scenario, this would be the SHA-256 hash of a certificate's public key
126 let public_key_hash = vec![
127 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd,
128 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
129 0xcd, 0xef,
130 ];
131
132 let token_with_cattpk = TokenBuilder::new()
133 .algorithm(Algorithm::HmacSha256)
134 .protected_key_id(KeyId::string("key-6"))
135 .registered_claims(
136 RegisteredClaims::new()
137 .with_issuer("example-issuer")
138 .with_expiration(now + 3600),
139 )
140 .custom_cbor(cat_keys::CATTPK, cattpk::create(public_key_hash.clone()))
141 .sign(key)
142 .expect("Failed to sign token");
143
144 println!(" ✓ Token created with CATTPK: public key hash (32 bytes)\n");
145
146 // Example 7: Token with DPoP settings (CATDPOP)
147 println!("7. Creating token with CATDPOP (DPoP required)");
148 let token_with_catdpop = TokenBuilder::new()
149 .algorithm(Algorithm::HmacSha256)
150 .protected_key_id(KeyId::string("key-7"))
151 .registered_claims(
152 RegisteredClaims::new()
153 .with_issuer("example-issuer")
154 .with_expiration(now + 3600),
155 )
156 .custom_cbor(cat_keys::CATDPOP, catdpop::required())
157 .sign(key)
158 .expect("Failed to sign token");
159
160 println!(" ✓ Token created with CATDPOP: DPoP required\n");
161
162 // Example 8: Token with conditional logic (CATIF/CATIFDATA)
163 println!("8. Creating token with CATIF and CATIFDATA");
164 let mut condition = BTreeMap::new();
165 condition.insert(0, common_access_token::CborValue::Text("role".to_string()));
166 condition.insert(
167 1,
168 common_access_token::CborValue::Text("equals".to_string()),
169 );
170 condition.insert(2, common_access_token::CborValue::Text("admin".to_string()));
171
172 let mut if_data = BTreeMap::new();
173 if_data.insert(0, common_access_token::CborValue::Text("role".to_string()));
174 if_data.insert(1, common_access_token::CborValue::Text("admin".to_string()));
175
176 let token_with_catif = TokenBuilder::new()
177 .algorithm(Algorithm::HmacSha256)
178 .protected_key_id(KeyId::string("key-8"))
179 .registered_claims(
180 RegisteredClaims::new()
181 .with_issuer("example-issuer")
182 .with_expiration(now + 3600),
183 )
184 .custom_cbor(cat_keys::CATIF, catif::create(condition))
185 .custom_cbor(cat_keys::CATIFDATA, catifdata::create(if_data))
186 .sign(key)
187 .expect("Failed to sign token");
188
189 println!(" ✓ Token created with CATIF: conditional logic");
190 println!(" ✓ Token created with CATIFDATA: role=admin\n");
191
192 // Example 9: Comprehensive token with multiple CAT claims
193 println!("9. Creating comprehensive token with multiple CAT claims");
194 let comprehensive_token = TokenBuilder::new()
195 .algorithm(Algorithm::HmacSha256)
196 .protected_key_id(KeyId::string("comprehensive-key"))
197 .registered_claims(
198 RegisteredClaims::new()
199 .with_issuer("secure-service")
200 .with_subject("user-12345")
201 .with_audience("api.example.com")
202 .with_expiration(now + 7200),
203 )
204 .custom_cbor(cat_keys::CATV, catv::with_version(1))
205 .custom_cbor(cat_keys::CATPOR, catpor::create(10))
206 .custom_array(cat_keys::CATNIP, catnip::single("203.0.113.0/24"))
207 .custom_array(cat_keys::CATALPN, catalpn::create(vec!["h2", "http/1.1"]))
208 .custom_array(cat_keys::CATGEOISO3166, catgeoiso3166::create(vec!["US"]))
209 .sign(key)
210 .expect("Failed to sign token");
211
212 println!(" ✓ Comprehensive token created with:");
213 println!(" - CATV: version 1");
214 println!(" - CATPOR: 10% rejection probability");
215 println!(" - CATNIP: 203.0.113.0/24");
216 println!(" - CATALPN: h2, http/1.1");
217 println!(" - CATGEOISO3166: US");
218
219 // Verify all tokens can be encoded
220 println!("\n=== Verification ===");
221 let tokens = vec![
222 ("CATPOR", &token_with_catpor),
223 ("CATNIP", &token_with_catnip),
224 ("CATALPN", &token_with_catalpn),
225 ("CATH", &token_with_cath),
226 ("CATGEO*", &token_with_geo),
227 ("CATTPK", &token_with_cattpk),
228 ("CATDPOP", &token_with_catdpop),
229 ("CATIF", &token_with_catif),
230 ("Comprehensive", &comprehensive_token),
231 ];
232
233 for (name, token) in tokens {
234 let token_bytes = token.to_bytes().expect("Failed to encode token");
235 println!("✓ {} token encoded ({} bytes)", name, token_bytes.len());
236 }
237
238 println!("\n=== All Extended CAT Claims Examples Completed Successfully ===");
239}