A WebAssembly Standard Capabilities Library for Rust
If you just want the CLI that signs and examines capabilities claims, then you can install it with cargo:
$ cargo install wascap --features "cli"
This library can be used for embedding, extracting, and validating capabilities claims in WebAssembly modules. While there are some standard, well-known claims already defined, you can add custom claims in your own namespaces if you like.
The following example illustrates embedding a new set of claims into a WebAssembly module, then extracting, validating, and examining those claims:
```rust use wascap::prelude::*;
let unsigned = readunsignedwasm(); // Read a Wasm file into a byte vector let issuer = KeyPair::newaccount(); // Create an Ed25519 key pair to sign the module let module = KeyPair::newmodule(); // Create a key pair for the module itself
// Grant the module some basic capabilities, with no date limits let claims = ClaimsBuilder::new() .withcapability(caps::MESSAGING) .withcapability(caps::KEYVALUE) .issuer(&issuer.publickey()) .subject(&module.public_key()) .build();
// Sign the JWT and embed it into the WebAssembly module, returning the signed bytes let embedded = wasm::embed_claims(&unsigned, &claims, &issuer)?;
// Extract a signed JWT from a WebAssembly module's bytes (performs a check on // the signed module hash) let extracted = wasm::extract_claims(&embedded)?.unwrap();
// Validate dates, signature, JWT structure, etc. let v = validate_token(&extracted.jwt)?;
asserteq!(v.expired, false); asserteq!(v.cannotuseyet, false); asserteq!(v.expireshuman, "never"); asserteq!(v.notbeforehuman, "immediately"); asserteq!(extracted.claims.issuer, issuer.public_key()); ```
The Ed25519 key functionality is provided by the nkeys crate.
The wascap CLI allows you to examine and sign WebAssembly files from a terminal prompt:
terminal
$ wascap caps examples/signed_loop.wasm
╔════════════════════════════════════════════════════════════════════════════╗
║ WASCAP Module ║
╠═══════════════╦════════════════════════════════════════════════════════════╣
║ Account ║ ACP6T7SH5R6JL3WV3LMNRS5V2SLB4LAMZR7CQPS6IAPYDW3OSBCTYM2J ║
╠═══════════════╬════════════════════════════════════════════════════════════╣
║ Module ║ MABXCIBU2N2FORNPKRUINQEGES2V2NE4EVD6ZRE7DFIOIX6JE7SLR3U4 ║
╠═══════════════╬════════════════════════════════════════════════════════════╣
║ Expires ║ Never ║
╠═══════════════╬════════════════════════════════════════════════════════════╣
║ Can Be Used ║ Immediately ║
╠═══════════════╩════════════════════════════════════════════════════════════╣
║ Capabilities ║
╠════════════════════════════════════════════════════════════════════════════╣
║ K/V Store ║
║ Messaging ║
║ HTTP Client ║
║ HTTP Server ║
╠════════════════════════════════════════════════════════════════════════════╣
║ Tags ║
╠════════════════════════════════════════════════════════════════════════════╣
║ None ║
╚════════════════════════════════════════════════════════════════════════════╝