def compute_mac_and_encode_with_kid(self, raw_jwt: _raw_jwt.RawJwt,
kid: Optional[Text]) -> Text:
"""Computes a MAC and encodes the token.
Args:
raw_jwt: The RawJwt token to be MACed and encoded.
kid: Optional "kid" header value. It is set by the wrapper for keys with
output prefix TINK, and it is None for output prefix RAW.
Returns:
The MACed token encoded in the JWS compact serialization format.
Raises:
tink.TinkError if the operation fails.
"""
if raw_jwt.has_type_header():
type_header = raw_jwt.type_header()
else:
type_header = None
if self._custom_kid is not None:
if kid is not None:
raise _jwt_error.JwtInvalidError(
'custom_kid must not be set for keys with output prefix type TINK'
)
kid = self._custom_kid
unsigned = _jwt_format.create_unsigned_compact(self._algorithm,
type_header, kid,
raw_jwt.json_payload())
return _jwt_format.create_signed_compact(unsigned,
self._compute_mac(unsigned))
def test_signed_compact_create_split_with_kid(self):
raw_jwt = _raw_jwt.raw_jwt_from_json(None, '{"iss":"joe"}')
signature = _jwt_format.decode_signature(
b'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk')
unsigned_compact = _jwt_format.create_unsigned_compact(
'RS256', 'AZxkm2U', raw_jwt)
signed_compact = _jwt_format.create_signed_compact(
unsigned_compact, signature)
un_comp, hdr, pay, sig = _jwt_format.split_signed_compact(
signed_compact)
self.assertEqual(
unsigned_compact,
b'eyJraWQiOiJBWnhrbTJVIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJqb2UifQ')
self.assertEqual(
signed_compact,
'eyJraWQiOiJBWnhrbTJVIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJqb2UifQ'
'.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk')
self.assertEqual(un_comp, unsigned_compact)
self.assertEqual(sig, signature)
self.assertEqual(hdr, '{"kid":"AZxkm2U","alg":"RS256"}')
header = _json_util.json_loads(hdr)
_jwt_format.validate_header(header, 'RS256')
self.assertEqual(pay, '{"iss":"joe"}')
self.assertIsNone(_jwt_format.get_type_header(header))
def sign_and_encode_with_kid(self, token: _raw_jwt.RawJwt,
kid: Optional[Text]) -> Text:
"""Computes a signature and encodes the token."""
type_header = token.type_header() if token.has_type_header() else None
# TODO(juerg): Add support for custom_kid.
unsigned = _jwt_format.create_unsigned_compact(self._algorithm,
type_header, kid,
token.json_payload())
return _jwt_format.create_signed_compact(unsigned,
self._sign(unsigned))
def compute_mac_and_encode(self, raw_jwt: _raw_jwt.RawJwt) -> Text:
"""Computes a MAC and encodes the token."""
if raw_jwt.has_type_header():
type_header = raw_jwt.type_header()
else:
type_header = None
unsigned = _jwt_format.create_unsigned_compact(self._algorithm,
type_header,
raw_jwt.json_payload())
return _jwt_format.create_signed_compact(unsigned,
self._compute_mac(unsigned))
def compute_mac_and_encode_with_kid(self, raw_jwt: _raw_jwt.RawJwt,
kid: Optional[Text]) -> Text:
"""Computes a MAC and encodes the token."""
if raw_jwt.has_type_header():
type_header = raw_jwt.type_header()
else:
type_header = None
# TODO(juerg): Add support for custom_kid.
unsigned = _jwt_format.create_unsigned_compact(self._algorithm, type_header,
kid, raw_jwt.json_payload())
return _jwt_format.create_signed_compact(unsigned,
self._compute_mac(unsigned))
def test_signed_compact_create_split(self):
payload = '{"iss":"joe"}'
signature = _jwt_format.decode_signature(
b'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk')
unsigned_compact = _jwt_format.create_unsigned_compact(
'RS256', payload)
signed_compact = _jwt_format.create_signed_compact(
unsigned_compact, signature)
un_comp, hdr, pay, sig = _jwt_format.split_signed_compact(
signed_compact)
self.assertEqual(unsigned_compact,
b'eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UifQ')
self.assertEqual(
signed_compact, 'eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UifQ.'
'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk')
self.assertEqual(un_comp, unsigned_compact)
self.assertEqual(sig, signature)
self.assertEqual(hdr, '{"alg":"RS256"}')
_jwt_format.validate_header(hdr, 'RS256')
self.assertEqual(pay, payload)
def test_signed_compact_create_split(self):
payload = '{"iss":"joe"}'
signature = _jwt_format.decode_signature(
b'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk')
unsigned_compact = _jwt_format.create_unsigned_compact(
'RS256', 'JWT', None, payload)
signed_compact = _jwt_format.create_signed_compact(unsigned_compact,
signature)
un_comp, hdr, pay, sig = _jwt_format.split_signed_compact(signed_compact)
self.assertEqual(
unsigned_compact,
b'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJqb2UifQ')
self.assertEqual(
signed_compact, 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.'
'eyJpc3MiOiJqb2UifQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk')
self.assertEqual(un_comp, unsigned_compact)
self.assertEqual(sig, signature)
self.assertEqual(hdr, '{"alg":"RS256","typ":"JWT"}')
header = _jwt_format.json_loads(hdr)
_jwt_format.validate_header(header, 'RS256')
self.assertEqual(pay, payload)
self.assertEqual(_jwt_format.get_type_header(header), 'JWT')
def sign_and_encode_with_kid(self, raw_jwt: _raw_jwt.RawJwt,
kid: Optional[str]) -> str:
"""Computes a signature and encodes the token.
Args:
raw_jwt: The RawJwt token to be MACed and encoded.
kid: Optional "kid" header value. It is set by the wrapper for keys with
output prefix TINK, and it is None for output prefix RAW.
Returns:
The MACed token encoded in the JWS compact serialization format.
Raises:
tink.TinkError if the operation fails.
"""
if self._custom_kid is not None:
if kid is not None:
raise _jwt_error.JwtInvalidError(
'custom_kid must not be set for keys with output prefix type TINK'
)
kid = self._custom_kid
unsigned = _jwt_format.create_unsigned_compact(self._algorithm, kid,
raw_jwt)
return _jwt_format.create_signed_compact(unsigned,
self._sign(unsigned))
def compute_mac_and_encode(self, raw_jwt: _raw_jwt.RawJwt) -> Text:
"""Computes a MAC and encodes the token."""
unsigned = _jwt_format.create_unsigned_compact(self._algorithm,
raw_jwt.json_payload())
return _jwt_format.create_signed_compact(unsigned,
self._compute_mac(unsigned))
def test_create_unsigned_compact_success(self):
raw_jwt = _raw_jwt.raw_jwt_from_json(None, '{"iss":"joe"}')
self.assertEqual(
_jwt_format.create_unsigned_compact('RS256', None, raw_jwt),
b'eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UifQ')
def test_create_unsigned_compact_success(self):
self.assertEqual(
_jwt_format.create_unsigned_compact('RS256', '{"iss":"joe"}'),
b'eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UifQ')
