Generate a JWE JSON Serialization (in fully general syntax). The JWE JSON Serialization represents encrypted content as a JSON object. This representation is neither optimized for compactness nor URL safe. The following members are defined for use in top-level JSON
(self, header_obj, payload, keys, sender_key=None)
| 170 | ) |
| 171 | |
| 172 | def serialize_json(self, header_obj, payload, keys, sender_key=None): # noqa: C901 |
| 173 | """Generate a JWE JSON Serialization (in fully general syntax). |
| 174 | |
| 175 | The JWE JSON Serialization represents encrypted content as a JSON |
| 176 | object. This representation is neither optimized for compactness nor |
| 177 | URL safe. |
| 178 | |
| 179 | The following members are defined for use in top-level JSON objects |
| 180 | used for the fully general JWE JSON Serialization syntax: |
| 181 | |
| 182 | protected |
| 183 | The "protected" member MUST be present and contain the value |
| 184 | BASE64URL(UTF8(JWE Protected Header)) when the JWE Protected |
| 185 | Header value is non-empty; otherwise, it MUST be absent. These |
| 186 | Header Parameter values are integrity protected. |
| 187 | |
| 188 | unprotected |
| 189 | The "unprotected" member MUST be present and contain the value JWE |
| 190 | Shared Unprotected Header when the JWE Shared Unprotected Header |
| 191 | value is non-empty; otherwise, it MUST be absent. This value is |
| 192 | represented as an unencoded JSON object, rather than as a string. |
| 193 | These Header Parameter values are not integrity protected. |
| 194 | |
| 195 | iv |
| 196 | The "iv" member MUST be present and contain the value |
| 197 | BASE64URL(JWE Initialization Vector) when the JWE Initialization |
| 198 | Vector value is non-empty; otherwise, it MUST be absent. |
| 199 | |
| 200 | aad |
| 201 | The "aad" member MUST be present and contain the value |
| 202 | BASE64URL(JWE AAD)) when the JWE AAD value is non-empty; |
| 203 | otherwise, it MUST be absent. A JWE AAD value can be included to |
| 204 | supply a base64url-encoded value to be integrity protected but not |
| 205 | encrypted. |
| 206 | |
| 207 | ciphertext |
| 208 | The "ciphertext" member MUST be present and contain the value |
| 209 | BASE64URL(JWE Ciphertext). |
| 210 | |
| 211 | tag |
| 212 | The "tag" member MUST be present and contain the value |
| 213 | BASE64URL(JWE Authentication Tag) when the JWE Authentication Tag |
| 214 | value is non-empty; otherwise, it MUST be absent. |
| 215 | |
| 216 | recipients |
| 217 | The "recipients" member value MUST be an array of JSON objects. |
| 218 | Each object contains information specific to a single recipient. |
| 219 | This member MUST be present with exactly one array element per |
| 220 | recipient, even if some or all of the array element values are the |
| 221 | empty JSON object "{}" (which can happen when all Header Parameter |
| 222 | values are shared between all recipients and when no encrypted key |
| 223 | is used, such as when doing Direct Encryption). |
| 224 | |
| 225 | The following members are defined for use in the JSON objects that |
| 226 | are elements of the "recipients" array: |
| 227 | |
| 228 | header |
| 229 | The "header" member MUST be present and contain the value JWE Per- |