WASCAP
A WebAssembly Standard Capabilities Library for Rust
If you just want the CLI that signs and examines capabilities claims, then you can install it with cargo:
$ cargo install wascap --features "cli"
This library can be used for embedding, extracting, and validating capabilities claims in WebAssembly modules. While there are some standard, well-known claims already defined, you can add custom claims in your own namespaces if you like.
The following example illustrates embedding a new set of claims into a WebAssembly module, then extracting, validating, and examining those claims:
use *;
let unsigned = read_unsigned_wasm; // Read a Wasm file into a byte vector
let issuer = new_account; // Create an Ed25519 key pair to sign the module
let module = new_module; // Create a key pair for the module itself
// Grant the module some basic capabilities, with no date limits
let claims = new
.with_capability
.with_capability
.issuer
.subject
.build;
// Sign the JWT and embed it into the WebAssembly module, returning the signed bytes
let embedded = embed_claims?;
// Extract a signed JWT from a WebAssembly module's bytes (performs a check on
// the signed module hash)
let extracted = extract_claims?.unwrap;
// Validate dates, signature, JWT structure, etc.
let v = validate_token?;
assert_eq!;
assert_eq!;
assert_eq!;
assert_eq!;
assert_eq!;
The Ed25519
key functionality is provided by the nkeys crate.
The wascap
CLI allows you to examine and sign WebAssembly files from a terminal prompt:
$ wascap caps examples/signed_loop.wasm
╔════════════════════════════════════════════════════════════════════════════╗
║ WASCAP Module ║
╠═══════════════╦════════════════════════════════════════════════════════════╣
║ Account ║ ACP6T7SH5R6JL3WV3LMNRS5V2SLB4LAMZR7CQPS6IAPYDW3OSBCTYM2J ║
╠═══════════════╬════════════════════════════════════════════════════════════╣
║ Module ║ MABXCIBU2N2FORNPKRUINQEGES2V2NE4EVD6ZRE7DFIOIX6JE7SLR3U4 ║
╠═══════════════╬════════════════════════════════════════════════════════════╣
║ Expires ║ Never ║
╠═══════════════╬════════════════════════════════════════════════════════════╣
║ Can Be Used ║ Immediately ║
╠═══════════════╩════════════════════════════════════════════════════════════╣
║ Capabilities ║
╠════════════════════════════════════════════════════════════════════════════╣
║ K/V Store ║
║ Messaging ║
║ HTTP Client ║
║ HTTP Server ║
╠════════════════════════════════════════════════════════════════════════════╣
║ Tags ║
╠════════════════════════════════════════════════════════════════════════════╣
║ None ║
╚════════════════════════════════════════════════════════════════════════════╝