MCPcopy
hub / github.com/authlib/authlib / serialize_compact

Method serialize_compact

authlib/jose/rfc7516/jwe.py:66–170  ·  view source on GitHub ↗

Generate a JWE Compact Serialization. The JWE Compact Serialization represents encrypted content as a compact, URL-safe string. This string is:: BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE

(self, protected, payload, key, sender_key=None)

Source from the content-addressed store, hash-verified

64 cls.ZIP_REGISTRY[algorithm.name] = algorithm
65
66 def serialize_compact(self, protected, payload, key, sender_key=None):
67 """Generate a JWE Compact Serialization.
68
69 The JWE Compact Serialization represents encrypted content as a compact,
70 URL-safe string. This string is::
71
72 BASE64URL(UTF8(JWE Protected Header)) || '.' ||
73 BASE64URL(JWE Encrypted Key) || '.' ||
74 BASE64URL(JWE Initialization Vector) || '.' ||
75 BASE64URL(JWE Ciphertext) || '.' ||
76 BASE64URL(JWE Authentication Tag)
77
78 Only one recipient is supported by the JWE Compact Serialization and
79 it provides no syntax to represent JWE Shared Unprotected Header, JWE
80 Per-Recipient Unprotected Header, or JWE AAD values.
81
82 :param protected: A dict of protected header
83 :param payload: Payload (bytes or a value convertible to bytes)
84 :param key: Public key used to encrypt payload
85 :param sender_key: Sender's private key in case
86 JWEAlgorithmWithTagAwareKeyAgreement is used
87 :return: JWE compact serialization as bytes
88 """
89 # step 1: Prepare algorithms & key
90 alg = self.get_header_alg(protected)
91 enc = self.get_header_enc(protected)
92 zip_alg = self.get_header_zip(protected)
93
94 self._validate_sender_key(sender_key, alg)
95 self._validate_private_headers(protected, alg)
96
97 key = prepare_key(alg, protected, key)
98 if sender_key is not None:
99 sender_key = alg.prepare_key(sender_key)
100
101 # self._post_validate_header(protected, algorithm)
102
103 # step 2: Generate a random Content Encryption Key (CEK)
104 # use enc_alg.generate_cek() in scope of upcoming .wrap
105 # or .generate_keys_and_prepare_headers call
106
107 # step 3: Encrypt the CEK with the recipient's public key
108 if (
109 isinstance(alg, JWEAlgorithmWithTagAwareKeyAgreement)
110 and alg.key_size is not None
111 ):
112 # For a JWE algorithm with tag-aware key agreement in case key agreement
113 # with key wrapping mode is used:
114 # Defer key agreement with key wrapping until
115 # authentication tag is computed
116 prep = alg.generate_keys_and_prepare_headers(enc, key, sender_key)
117 epk = prep["epk"]
118 cek = prep["cek"]
119 protected.update(prep["header"])
120 else:
121 # In any other case:
122 # Keep the normal steps order defined by RFC 7516
123 if isinstance(alg, JWEAlgorithmWithTagAwareKeyAgreement):

Callers 15

serializeMethod · 0.95
test_dir_alg_c20pFunction · 0.95
test_dir_alg_xc20pFunction · 0.95
test_invalid_headerFunction · 0.95
test_not_supported_algFunction · 0.95
test_compact_rsaFunction · 0.95
test_with_zip_headerFunction · 0.95
test_aes_jweFunction · 0.95
test_aes_jwe_invalid_keyFunction · 0.95
test_aes_gcm_jweFunction · 0.95

Calls 15

get_header_algMethod · 0.95
get_header_encMethod · 0.95
get_header_zipMethod · 0.95
_validate_sender_keyMethod · 0.95
json_b64encodeFunction · 0.90
to_bytesFunction · 0.90
urlsafe_b64encodeFunction · 0.90
prepare_keyFunction · 0.85
generate_ivMethod · 0.80
prepare_keyMethod · 0.45

Tested by 15

test_dir_alg_c20pFunction · 0.76
test_dir_alg_xc20pFunction · 0.76
test_invalid_headerFunction · 0.76
test_not_supported_algFunction · 0.76
test_compact_rsaFunction · 0.76
test_with_zip_headerFunction · 0.76
test_aes_jweFunction · 0.76
test_aes_jwe_invalid_keyFunction · 0.76
test_aes_gcm_jweFunction · 0.76