opa-wasm 0.2.0

A crate to use OPA policies compiled to WASM.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

// Copyright 2022-2024 The Matrix.org Foundation C.I.C.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//! Builtins related to JWTs

/// Builtins related to JWT encode/decode and verification/signature
pub mod jwt {
    use std::collections::HashMap;

    use anyhow::{bail, Result};

    /// The headers part of a JWT
    type Headers = serde_json::Value;

    /// The payload part of a JWT
    type Payload = serde_json::Value;

    /// A JSON Web Key
    type Jwk = serde_json::Value;

    /// Decodes a JSON Web Token and outputs it as an object.
    #[tracing::instrument(name = "io.jwt.decode", err)]
    pub fn decode(jwt: String) -> Result<(Headers, Payload, String)> {
        bail!("not implemented");
    }

    /// Verifies a JWT signature under parameterized constraints and decodes the
    /// claims if it is valid.
    ///
    /// Supports the following algorithms: HS256, HS384, HS512, RS256, RS384,
    /// RS512, ES256, ES384, ES512, PS256, PS384 and PS512.
    #[tracing::instrument(name = "io.jwt.decode_verify", err)]
    pub fn decode_verify(
        jwt: String,
        constraints: HashMap<String, serde_json::Value>,
    ) -> Result<(bool, Headers, Payload)> {
        bail!("not implemented");
    }

    /// Encodes and optionally signs a JSON Web Token. Inputs are taken as
    /// objects, not encoded strings (see `io.jwt.encode_sign_raw`).
    #[tracing::instrument(name = "io.jwt.encode_sign", err)]
    pub fn encode_sign(
        headers: Headers,
        payload: Payload,
        key: Jwk,
    ) -> Result<(bool, Headers, Payload)> {
        bail!("not implemented");
    }

    /// Encodes and optionally signs a JSON Web Token.
    #[tracing::instrument(name = "io.jwt.encode_sign_raw", err)]
    pub fn encode_sign_raw(headers: String, payload: String, key: String) -> Result<String> {
        bail!("not implemented");
    }

    /// Verifies if a ES256 JWT signature is valid.
    #[tracing::instrument(name = "io.jwt.verify_es256", err)]
    pub fn verify_es256(jwt: String, certificate: String) -> Result<bool> {
        bail!("not implemented");
    }

    /// Verifies if a ES384 JWT signature is valid.
    #[tracing::instrument(name = "io.jwt.verify_es384", err)]
    pub fn verify_es384(jwt: String, certificate: String) -> Result<bool> {
        bail!("not implemented");
    }

    /// Verifies if a ES512 JWT signature is valid.
    #[tracing::instrument(name = "io.jwt.verify_es512", err)]
    pub fn verify_es512(jwt: String, certificate: String) -> Result<bool> {
        bail!("not implemented");
    }

    /// Verifies if a HS256 (secret) JWT signature is valid.
    #[tracing::instrument(name = "io.jwt.verify_hs256", err)]
    pub fn verify_hs256(jwt: String, secret: String) -> Result<bool> {
        bail!("not implemented");
    }

    /// Verifies if a HS384 (secret) JWT signature is valid.
    #[tracing::instrument(name = "io.jwt.verify_hs384", err)]
    pub fn verify_hs384(jwt: String, secret: String) -> Result<bool> {
        bail!("not implemented");
    }

    /// Verifies if a HS512 (secret) JWT signature is valid.
    #[tracing::instrument(name = "io.jwt.verify_hs512", err)]
    pub fn verify_hs512(jwt: String, secret: String) -> Result<bool> {
        bail!("not implemented");
    }

    /// Verifies if a PS256 JWT signature is valid.
    #[tracing::instrument(name = "io.jwt.verify_ps256", err)]
    pub fn verify_ps256(jwt: String, certificate: String) -> Result<bool> {
        bail!("not implemented");
    }

    /// Verifies if a PS384 JWT signature is valid.
    #[tracing::instrument(name = "io.jwt.verify_ps384", err)]
    pub fn verify_ps384(jwt: String, certificate: String) -> Result<bool> {
        bail!("not implemented");
    }

    /// Verifies if a PS512 JWT signature is valid.
    #[tracing::instrument(name = "io.jwt.verify_ps512", err)]
    pub fn verify_ps512(jwt: String, certificate: String) -> Result<bool> {
        bail!("not implemented");
    }

    /// Verifies if a RS256 JWT signature is valid.
    #[tracing::instrument(name = "io.jwt.verify_rs256", err)]
    pub fn verify_rs256(jwt: String, certificate: String) -> Result<bool> {
        bail!("not implemented");
    }

    /// Verifies if a RS384 JWT signature is valid.
    #[tracing::instrument(name = "io.jwt.verify_rs384", err)]
    pub fn verify_rs384(jwt: String, certificate: String) -> Result<bool> {
        bail!("not implemented");
    }

    /// Verifies if a RS512 JWT signature is valid.
    #[tracing::instrument(name = "io.jwt.verify_rs512", err)]
    pub fn verify_rs512(jwt: String, certificate: String) -> Result<bool> {
        bail!("not implemented");
    }
}