Crate wascap

source ·
Expand description

A library for managing signed JWT (JSON Web Tokens) in WebAssembly modules. These are designed to be used with the wasmCloud host, but can be used for any WebAssembly module, as the embedding technique used is compliant with the WebAssembly standard.

This library can be used for embedding, extracting, and validating capabilities claims in WebAssembly modules. While there are some standard, well-known claims already defined for use with wasmCloud, you can add custom claims in your own namespaces if you like.

The following example illustrates embedding a new set of claims into a WebAssembly module, then extracting, validating, and examining those claims.

use wascap::prelude::*;

let unsigned = read_unsigned_wasm(); // Read a Wasm file into a byte vector
let issuer = KeyPair::new_account(); // Create an Ed25519 key pair to sign the module
let module = KeyPair::new_module(); // Create a key pair for the module itself

// Set the name on the component
let claims = ClaimsBuilder::<Component>::new()
    .issuer(&issuer.public_key())
    .subject(&module.public_key())
    .with_metadata(Component{
        name: Some("test".to_string()),
        .. Default::default()
     })
    .build();

// Sign the JWT and embed it into the WebAssembly module, returning the signed bytes
let embedded = wasm::embed_claims(&unsigned, &claims, &issuer)?;

// Extract a signed JWT from a WebAssembly module's bytes (performs a check on
// the signed module hash)
let extracted = wasm::extract_claims(&embedded)?.unwrap();

// Validate dates, signature, JWT structure, etc.
let v = validate_token::<Component>(&extracted.jwt)?;

assert_eq!(v.expired, false);
assert_eq!(v.cannot_use_yet, false);
assert_eq!(v.expires_human, "never");
assert_eq!(v.not_before_human, "immediately");
assert_eq!(extracted.claims.issuer, issuer.public_key());

The Ed25519 key functionality is provided by the nkeys crate.

Modules§

  • Claims encoding, decoding, and validation for JSON Web Tokens (JWT)
  • Public re-exports of the most commonly used wascap types
  • Functions for extracting and embedding claims within a WebAssembly module

Structs§

  • An error that can contain wascap-specific context

Type Aliases§

  • Wascap-specific result type