1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
//! A library for managing signed JWT (JSON Web Tokens) in WebAssembly modules. These
//! are designed to be used with the [wasmCloud](https://github.com/wasmCloud) host, but can be
//! used for any WebAssembly module, as the embedding technique used is compliant with
//! the WebAssembly standard.
//!
//! This library can be used for embedding, extracting, and validating capabilities claims
//! in WebAssembly modules. While there are some standard, well-known claims already defined
//! for use with *wasmCloud*, you can add custom claims in your own namespaces if you like.
//!
//! The following example illustrates embedding a new set of claims
//! into a WebAssembly module, then extracting, validating, and examining those claims.
//! ```rust
//!use wascap::prelude::*;
//!
//!# fn read_unsigned_wasm() -> Vec<u8> {
//!#   include_bytes!("../examples/loop.wasm").to_vec()
//!# }
//!# fn main() -> std::result::Result<(), Box<dyn std::error::Error>> {
//! let unsigned = read_unsigned_wasm(); // Read a Wasm file into a byte vector
//! let issuer = KeyPair::new_account(); // Create an Ed25519 key pair to sign the module
//! let module = KeyPair::new_module(); // Create a key pair for the module itself
//!
//! // Set the name on the component
//! let claims = ClaimsBuilder::<Component>::new()
//!     .issuer(&issuer.public_key())
//!     .subject(&module.public_key())
//!     .with_metadata(Component{
//!         name: Some("test".to_string()),
//!         .. Default::default()
//!      })
//!     .build();
//!
//! // Sign the JWT and embed it into the WebAssembly module, returning the signed bytes
//! let embedded = wasm::embed_claims(&unsigned, &claims, &issuer)?;
//!
//! // Extract a signed JWT from a WebAssembly module's bytes (performs a check on
//! // the signed module hash)
//! let extracted = wasm::extract_claims(&embedded)?.unwrap();
//!
//! // Validate dates, signature, JWT structure, etc.
//! let v = validate_token::<Component>(&extracted.jwt)?;
//!
//! assert_eq!(v.expired, false);
//! assert_eq!(v.cannot_use_yet, false);
//! assert_eq!(v.expires_human, "never");
//! assert_eq!(v.not_before_human, "immediately");
//! assert_eq!(extracted.claims.issuer, issuer.public_key());
//!
//!# Ok(())
//!# }
//! ```
//!
//! The `Ed25519` key functionality is provided by the [nkeys](https://docs.rs/nkeys) crate.

/// Wascap-specific result type
pub type Result<T> = std::result::Result<T, errors::Error>;
pub use errors::Error;

mod errors;
pub mod jwt;
pub mod wasm;

pub mod prelude {
    //! Public re-exports of the most commonly used wascap types
    pub use super::{Error as WascapError, Result as WascapResult};
    pub use crate::{
        jwt::{validate_token, Account, Claims, ClaimsBuilder, Component, Invocation, Operator},
        wasm,
    };
    pub use nkeys::KeyPair;
}