pub fn encode_token(token_bytes: &[u8]) -> StringExpand description
Examples found in repository?
examples/token_attenuation.rs (line 27)
6fn main() -> Result<(), TokenError> {
7 // Generate an example token
8 let (token_base64, root_keypair) = generate_example_token()?;
9 println!("Original token: {}\n", token_base64);
10
11 // Create a service node keypair
12 let service_keypair = KeyPair::new();
13
14 // 1. First, we need the binary token data
15 let token_bytes = decode_token(&token_base64)?;
16
17 // 2. Add service node attenuation
18 println!("Adding service node attenuation...");
19 let attenuated_token = add_service_node_attenuation(
20 token_bytes,
21 root_keypair.public(),
22 "my-service",
23 &service_keypair,
24 )?;
25
26 // 3. Encode back to base64
27 let attenuated_token_base64 = encode_token(&attenuated_token);
28 println!("Attenuated token: {}\n", attenuated_token_base64);
29
30 // 4. Verify the attenuated token still works
31 println!("Verifying attenuated token...");
32 verify_token(
33 &attenuated_token_base64,
34 root_keypair.public(),
35 "alice",
36 "resource1",
37 )?;
38 println!("✅ Verification successful for attenuated token");
39
40 // 5. Generate a chain of attenuations
41 println!("\nCreating a chain of attenuations...");
42 let token_with_chain = create_attenuation_chain(&token_base64, &root_keypair)?;
43 println!("Token with attenuation chain: {}", token_with_chain);
44
45 // 6. Verify the chain token
46 println!("\nVerifying token with attenuation chain...");
47 verify_token(
48 &token_with_chain,
49 root_keypair.public(),
50 "alice",
51 "resource1",
52 )?;
53 println!("✅ Verification successful for token with attenuation chain");
54
55 Ok(())
56}
57
58/// Generate an example token for testing, returning both token and keypair
59fn generate_example_token() -> Result<(String, KeyPair), TokenError> {
60 // Create a test keypair
61 let keypair = KeyPair::new();
62
63 // Create a simple test biscuit with authorization rules
64 let biscuit_builder = biscuit!(
65 r#"
66 // Grant rights to alice for resource1
67 right("alice", "resource1", "read");
68 right("alice", "resource1", "write");
69 "#
70 );
71
72 // Build and serialize the token
73 let biscuit = biscuit_builder
74 .build(&keypair)
75 .map_err(TokenError::biscuit_error)?;
76
77 let token_bytes = biscuit.to_vec().map_err(TokenError::biscuit_error)?;
78
79 // Encode to base64 for transmission
80 Ok((encode_token(&token_bytes), keypair))
81}
82
83/// Create a chain of service attestations
84fn create_attenuation_chain(
85 token_base64: &str,
86 root_keypair: &KeyPair,
87) -> Result<String, TokenError> {
88 // Decode the original token
89 let mut token_bytes = decode_token(token_base64)?;
90
91 // Create service keypairs
92 let service_names = ["service-1", "service-2", "service-3"];
93
94 // Add multiple service attestations
95 for service_name in service_names.iter() {
96 println!(" Adding attestation for {}", service_name);
97
98 // Create a new keypair for this service
99 let service_keypair = KeyPair::new();
100
101 // Add an attestation
102 token_bytes = add_service_node_attenuation(
103 token_bytes,
104 root_keypair.public(),
105 service_name,
106 &service_keypair,
107 )?;
108 }
109
110 // Encode the final token
111 Ok(encode_token(&token_bytes))
112}More examples
examples/token_verification.rs (line 67)
7fn main() -> Result<(), TokenError> {
8 // Generate an example token
9 let root_keypair = Arc::new(KeyPair::new());
10 let token_base64 = generate_example_token(root_keypair.clone())?;
11 println!("Generated token: {}\n", token_base64);
12
13 // Example 1: Basic verification
14 println!("Example 1: Basic verification");
15 verify_token(&token_base64, root_keypair.public(), "alice", "resource1")?;
16 println!("✅ Basic verification successful\n");
17
18 // Example 2: Service chain verification
19 println!("Example 2: Service chain verification");
20
21 // Create service node keypairs
22 let service1_keypair = KeyPair::new();
23 let service1_pk_hex = hex::encode(service1_keypair.public().to_bytes());
24 let service1_public_key = format!("ed25519/{}", service1_pk_hex);
25
26 let service2_keypair = KeyPair::new();
27 let service2_pk_hex = hex::encode(service2_keypair.public().to_bytes());
28 let service2_public_key = format!("ed25519/{}", service2_pk_hex);
29
30 // Define service nodes
31 let service_nodes = vec![
32 ServiceNode {
33 component: "node1".to_string(),
34 public_key: service1_public_key.clone(),
35 },
36 ServiceNode {
37 component: "node2".to_string(),
38 public_key: service2_public_key.clone(),
39 },
40 ];
41
42 // Generate a token with service chain
43 let chain_token = generate_service_chain_token(
44 root_keypair.clone(),
45 service1_public_key,
46 service2_public_key,
47 )?;
48
49 // attenuate the token for node1
50 let attenuated_token = add_service_node_attenuation(
51 decode_token(&chain_token)?,
52 root_keypair.public(),
53 "resource1",
54 &service1_keypair,
55 )?;
56
57 // attenuate the token for node2
58 let attenuated_token2 = add_service_node_attenuation(
59 attenuated_token,
60 root_keypair.public(),
61 "resource1",
62 &service2_keypair,
63 )?;
64
65 // Verify with service chain
66 verify_service_chain_token(
67 &encode_token(&attenuated_token2),
68 root_keypair.public(),
69 "alice",
70 "resource1",
71 service_nodes,
72 None,
73 )?;
74 println!("✅ Service chain verification successful\n");
75
76 // Example 3: Verification with key from string
77 println!("Example 3: Verification with key from string");
78
79 // Convert public key to string format and back
80 let pk_hex = hex::encode(root_keypair.public().to_bytes());
81 let pk_str = format!("ed25519/{}", pk_hex);
82 let parsed_pk = biscuit_key_from_string(pk_str)?;
83
84 // Verify with parsed key
85 verify_token(&token_base64, parsed_pk, "alice", "resource1")?;
86 println!("✅ Verification with key from string successful");
87
88 Ok(())
89}
90
91/// Generate an example token for testing
92fn generate_example_token(keypair: Arc<KeyPair>) -> Result<String, TokenError> {
93 // Create a simple test biscuit with authorization rules
94 let biscuit_builder = biscuit!(
95 r#"
96 // Grant rights to alice for resource1
97 right("alice", "resource1", "read");
98 right("alice", "resource1", "write");
99 "#
100 );
101
102 // Build and serialize the token
103 let biscuit = biscuit_builder
104 .build(&keypair)
105 .map_err(TokenError::biscuit_error)?;
106
107 let token_bytes = biscuit.to_vec().map_err(TokenError::biscuit_error)?;
108
109 // Encode to base64 for transmission
110 Ok(encode_token(&token_bytes))
111}
112
113/// Generate a token with service chain attestations
114fn generate_service_chain_token(
115 root_keypair: Arc<KeyPair>,
116 service1_public_key: String,
117 service2_public_key: String,
118) -> Result<String, TokenError> {
119 // Create a biscuit with service chain authorization
120 let biscuit_builder = biscuit!(
121 r#"
122 // Basic rights
123 right("alice", "resource1", "read");
124 right("alice", "resource1", "write");
125
126 // Service nodes
127 node($s, "node1") <- service($s) trusting authority, {node1_public_key};
128 node($s, "node2") <- service($s) trusting authority, {node2_public_key};
129 "#,
130 node1_public_key = biscuit_key_from_string(service1_public_key)?,
131 node2_public_key = biscuit_key_from_string(service2_public_key)?,
132 );
133
134 // Build and serialize the token
135 let biscuit = biscuit_builder
136 .build(&root_keypair)
137 .map_err(TokenError::biscuit_error)?;
138
139 let token_bytes = biscuit.to_vec().map_err(TokenError::biscuit_error)?;
140
141 // Encode to base64
142 Ok(encode_token(&token_bytes))
143}