def compute_mac_and_encode_with_kid(self, raw_jwt: _raw_jwt.RawJwt, kid: Optional[Text]) -> Text: """Computes a MAC and encodes the token. Args: raw_jwt: The RawJwt token to be MACed and encoded. kid: Optional "kid" header value. It is set by the wrapper for keys with output prefix TINK, and it is None for output prefix RAW. Returns: The MACed token encoded in the JWS compact serialization format. Raises: tink.TinkError if the operation fails. """ if raw_jwt.has_type_header(): type_header = raw_jwt.type_header() else: type_header = None if self._custom_kid is not None: if kid is not None: raise _jwt_error.JwtInvalidError( 'custom_kid must not be set for keys with output prefix type TINK' ) kid = self._custom_kid unsigned = _jwt_format.create_unsigned_compact(self._algorithm, type_header, kid, raw_jwt.json_payload()) return _jwt_format.create_signed_compact(unsigned, self._compute_mac(unsigned))
def test_signed_compact_create_split_with_kid(self): raw_jwt = _raw_jwt.raw_jwt_from_json(None, '{"iss":"joe"}') signature = _jwt_format.decode_signature( b'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk') unsigned_compact = _jwt_format.create_unsigned_compact( 'RS256', 'AZxkm2U', raw_jwt) signed_compact = _jwt_format.create_signed_compact( unsigned_compact, signature) un_comp, hdr, pay, sig = _jwt_format.split_signed_compact( signed_compact) self.assertEqual( unsigned_compact, b'eyJraWQiOiJBWnhrbTJVIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJqb2UifQ') self.assertEqual( signed_compact, 'eyJraWQiOiJBWnhrbTJVIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJqb2UifQ' '.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk') self.assertEqual(un_comp, unsigned_compact) self.assertEqual(sig, signature) self.assertEqual(hdr, '{"kid":"AZxkm2U","alg":"RS256"}') header = _json_util.json_loads(hdr) _jwt_format.validate_header(header, 'RS256') self.assertEqual(pay, '{"iss":"joe"}') self.assertIsNone(_jwt_format.get_type_header(header))
def sign_and_encode_with_kid(self, token: _raw_jwt.RawJwt, kid: Optional[Text]) -> Text: """Computes a signature and encodes the token.""" type_header = token.type_header() if token.has_type_header() else None # TODO(juerg): Add support for custom_kid. unsigned = _jwt_format.create_unsigned_compact(self._algorithm, type_header, kid, token.json_payload()) return _jwt_format.create_signed_compact(unsigned, self._sign(unsigned))
def compute_mac_and_encode(self, raw_jwt: _raw_jwt.RawJwt) -> Text: """Computes a MAC and encodes the token.""" if raw_jwt.has_type_header(): type_header = raw_jwt.type_header() else: type_header = None unsigned = _jwt_format.create_unsigned_compact(self._algorithm, type_header, raw_jwt.json_payload()) return _jwt_format.create_signed_compact(unsigned, self._compute_mac(unsigned))
def compute_mac_and_encode_with_kid(self, raw_jwt: _raw_jwt.RawJwt, kid: Optional[Text]) -> Text: """Computes a MAC and encodes the token.""" if raw_jwt.has_type_header(): type_header = raw_jwt.type_header() else: type_header = None # TODO(juerg): Add support for custom_kid. unsigned = _jwt_format.create_unsigned_compact(self._algorithm, type_header, kid, raw_jwt.json_payload()) return _jwt_format.create_signed_compact(unsigned, self._compute_mac(unsigned))
def test_signed_compact_create_split(self): payload = '{"iss":"joe"}' signature = _jwt_format.decode_signature( b'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk') unsigned_compact = _jwt_format.create_unsigned_compact( 'RS256', payload) signed_compact = _jwt_format.create_signed_compact( unsigned_compact, signature) un_comp, hdr, pay, sig = _jwt_format.split_signed_compact( signed_compact) self.assertEqual(unsigned_compact, b'eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UifQ') self.assertEqual( signed_compact, 'eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UifQ.' 'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk') self.assertEqual(un_comp, unsigned_compact) self.assertEqual(sig, signature) self.assertEqual(hdr, '{"alg":"RS256"}') _jwt_format.validate_header(hdr, 'RS256') self.assertEqual(pay, payload)
def test_signed_compact_create_split(self): payload = '{"iss":"joe"}' signature = _jwt_format.decode_signature( b'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk') unsigned_compact = _jwt_format.create_unsigned_compact( 'RS256', 'JWT', None, payload) signed_compact = _jwt_format.create_signed_compact(unsigned_compact, signature) un_comp, hdr, pay, sig = _jwt_format.split_signed_compact(signed_compact) self.assertEqual( unsigned_compact, b'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJqb2UifQ') self.assertEqual( signed_compact, 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.' 'eyJpc3MiOiJqb2UifQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk') self.assertEqual(un_comp, unsigned_compact) self.assertEqual(sig, signature) self.assertEqual(hdr, '{"alg":"RS256","typ":"JWT"}') header = _jwt_format.json_loads(hdr) _jwt_format.validate_header(header, 'RS256') self.assertEqual(pay, payload) self.assertEqual(_jwt_format.get_type_header(header), 'JWT')
def sign_and_encode_with_kid(self, raw_jwt: _raw_jwt.RawJwt, kid: Optional[str]) -> str: """Computes a signature and encodes the token. Args: raw_jwt: The RawJwt token to be MACed and encoded. kid: Optional "kid" header value. It is set by the wrapper for keys with output prefix TINK, and it is None for output prefix RAW. Returns: The MACed token encoded in the JWS compact serialization format. Raises: tink.TinkError if the operation fails. """ if self._custom_kid is not None: if kid is not None: raise _jwt_error.JwtInvalidError( 'custom_kid must not be set for keys with output prefix type TINK' ) kid = self._custom_kid unsigned = _jwt_format.create_unsigned_compact(self._algorithm, kid, raw_jwt) return _jwt_format.create_signed_compact(unsigned, self._sign(unsigned))
def compute_mac_and_encode(self, raw_jwt: _raw_jwt.RawJwt) -> Text: """Computes a MAC and encodes the token.""" unsigned = _jwt_format.create_unsigned_compact(self._algorithm, raw_jwt.json_payload()) return _jwt_format.create_signed_compact(unsigned, self._compute_mac(unsigned))
def test_create_unsigned_compact_success(self): raw_jwt = _raw_jwt.raw_jwt_from_json(None, '{"iss":"joe"}') self.assertEqual( _jwt_format.create_unsigned_compact('RS256', None, raw_jwt), b'eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UifQ')
def test_create_unsigned_compact_success(self): self.assertEqual( _jwt_format.create_unsigned_compact('RS256', '{"iss":"joe"}'), b'eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UifQ')