xref: /aosp_15_r20/external/tink/python/tink/jwt/_verified_jwt.py (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1# Copyright 2021 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13"""The verified JSON Web Token (JWT)."""
14
15import datetime
16
17from typing import List, Set
18
19from tink import core
20from tink.jwt import _raw_jwt
21
22
23class VerifiedJwt:
24  """A decoded and verified JSON Web Token (JWT).
25
26  A new instance of this class is returned as the result of a sucessfully
27  verification of a MACed or signed compact JWT.
28
29  It gives read-only access all payload claims and a subset of the headers. It
30  does not contain any headers that depend on the key, such as "alg" or "kid".
31  These headers are checked when the signature is verified and should not be
32  read by the user. This ensures that the key can be changed without any changes
33  to the user code.
34  """
35
36  def __new__(cls):
37    raise core.TinkError('VerifiedJwt cannot be instantiated directly.')
38
39  @classmethod
40  def _create(cls, raw_jwt: _raw_jwt.RawJwt):
41    o = object.__new__(cls)
42    o.__init__(raw_jwt)
43    return o
44
45  def __init__(self, raw_jwt: _raw_jwt.RawJwt) -> None:
46    self._raw_jwt = raw_jwt
47
48  def has_type_header(self) -> bool:
49    return self._raw_jwt.has_type_header()
50
51  def type_header(self) -> str:
52    return self._raw_jwt.type_header()
53
54  def has_issuer(self) -> bool:
55    return self._raw_jwt.has_issuer()
56
57  def issuer(self) -> str:
58    return self._raw_jwt.issuer()
59
60  def has_subject(self) -> bool:
61    return self._raw_jwt.has_subject()
62
63  def subject(self) -> str:
64    return self._raw_jwt.subject()
65
66  def has_audiences(self) -> bool:
67    return self._raw_jwt.has_audiences()
68
69  def audiences(self) -> List[str]:
70    return self._raw_jwt.audiences()
71
72  def has_jwt_id(self) -> bool:
73    return self._raw_jwt.has_jwt_id()
74
75  def jwt_id(self) -> str:
76    return self._raw_jwt.jwt_id()
77
78  def has_expiration(self) -> bool:
79    return self._raw_jwt.has_expiration()
80
81  def expiration(self) -> datetime.datetime:
82    return self._raw_jwt.expiration()
83
84  def has_not_before(self) -> bool:
85    return self._raw_jwt.has_not_before()
86
87  def not_before(self) -> datetime.datetime:
88    return self._raw_jwt.not_before()
89
90  def has_issued_at(self) -> bool:
91    return self._raw_jwt.has_issued_at()
92
93  def issued_at(self) -> datetime.datetime:
94    return self._raw_jwt.issued_at()
95
96  def custom_claim_names(self) -> Set[str]:
97    return self._raw_jwt.custom_claim_names()
98
99  def custom_claim(self, name: str) -> _raw_jwt.Claim:
100    return self._raw_jwt.custom_claim(name)
101