1# Copyright 2021 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14"""Interface for JwtPublicKeySign.""" 15 16import abc 17from typing import Optional 18 19from tink.jwt import _raw_jwt 20 21 22class JwtPublicKeySign(metaclass=abc.ABCMeta): 23 """Interface for creating a signed JWT. 24 25 Sees RFC 7519 and RFC 7515. Security guarantees: similar to PublicKeySign. 26 """ 27 28 @abc.abstractmethod 29 def sign_and_encode(self, raw_jwt: _raw_jwt.RawJwt) -> str: 30 """Computes a signature and encodes the token. 31 32 Args: 33 raw_jwt: The RawJwt token to be signed and encoded. 34 35 Returns: 36 The signed token encoded in the JWS compact serialization format. 37 Raises: 38 tink.TinkError if the operation fails. 39 """ 40 raise NotImplementedError() 41 42 43class JwtPublicKeySignInternal(metaclass=abc.ABCMeta): 44 """Internal interface for creating a signed JWT. 45 46 "kid" is an optional value that is set by the wrapper for keys with output 47 prefix TINK, and it is set to None for output prefix RAW. 48 """ 49 50 @abc.abstractmethod 51 def sign_and_encode_with_kid(self, token: _raw_jwt.RawJwt, 52 kid: Optional[str]) -> str: 53 raise NotImplementedError() 54