Extract JWE JSON Serialization. :param obj: JWE JSON Serialization as dict or str :param key: Private key used to decrypt payload (optionally can be a tuple of kid and essentially key) :param decode: Function to decode payload data :param sender_key: Send
(self, obj, key, decode=None, sender_key=None)
| 511 | return {"header": protected, "payload": payload} |
| 512 | |
| 513 | def deserialize_json(self, obj, key, decode=None, sender_key=None): # noqa: C901 |
| 514 | """Extract JWE JSON Serialization. |
| 515 | |
| 516 | :param obj: JWE JSON Serialization as dict or str |
| 517 | :param key: Private key used to decrypt payload |
| 518 | (optionally can be a tuple of kid and essentially key) |
| 519 | :param decode: Function to decode payload data |
| 520 | :param sender_key: Sender's public key in case |
| 521 | JWEAlgorithmWithTagAwareKeyAgreement is used |
| 522 | :return: dict with `header` and `payload` keys where `header` value is |
| 523 | a dict containing `protected`, `unprotected`, `recipients` and/or |
| 524 | `aad` keys |
| 525 | """ |
| 526 | obj = ensure_dict(obj, "JWE") |
| 527 | obj = deepcopy(obj) |
| 528 | |
| 529 | if "protected" in obj: |
| 530 | protected = extract_header(to_bytes(obj["protected"]), DecodeError) |
| 531 | else: |
| 532 | protected = None |
| 533 | |
| 534 | unprotected = obj.get("unprotected") |
| 535 | |
| 536 | recipients = obj["recipients"] |
| 537 | for recipient in recipients: |
| 538 | if "header" not in recipient: |
| 539 | recipient["header"] = {} |
| 540 | recipient["encrypted_key"] = extract_segment( |
| 541 | to_bytes(recipient["encrypted_key"]), DecodeError, "encrypted key" |
| 542 | ) |
| 543 | |
| 544 | if "aad" in obj: |
| 545 | jwe_aad = extract_segment(to_bytes(obj["aad"]), DecodeError, "JWE AAD") |
| 546 | else: |
| 547 | jwe_aad = None |
| 548 | |
| 549 | iv = extract_segment(to_bytes(obj["iv"]), DecodeError, "initialization vector") |
| 550 | |
| 551 | ciphertext = extract_segment( |
| 552 | to_bytes(obj["ciphertext"]), DecodeError, "ciphertext" |
| 553 | ) |
| 554 | |
| 555 | tag = extract_segment(to_bytes(obj["tag"]), DecodeError, "authentication tag") |
| 556 | |
| 557 | shared_header = JWESharedHeader(protected, unprotected) |
| 558 | |
| 559 | alg = self.get_header_alg(shared_header) |
| 560 | enc = self.get_header_enc(shared_header) |
| 561 | zip_alg = self.get_header_zip(shared_header) |
| 562 | |
| 563 | self._validate_sender_key(sender_key, alg) |
| 564 | self._validate_private_headers(shared_header, alg) |
| 565 | for recipient in recipients: |
| 566 | self._validate_private_headers(recipient["header"], alg) |
| 567 | |
| 568 | kid = None |
| 569 | if isinstance(key, tuple) and len(key) == 2: |
| 570 | # Extract separately provided kid and essentially key |