// Copyright 2021 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // /////////////////////////////////////////////////////////////////////////////// #include "tink/jwt/internal/jwt_public_key_sign_impl.h" #include #include "absl/status/status.h" #include "absl/strings/escaping.h" #include "absl/strings/str_split.h" #include "tink/jwt/internal/jwt_format.h" namespace crypto { namespace tink { namespace jwt_internal { util::StatusOr JwtPublicKeySignImpl::SignAndEncodeWithKid( const RawJwt& token, absl::optional kid) const { absl::optional type_header; if (token.HasTypeHeader()) { util::StatusOr type = token.GetTypeHeader(); if (!type.ok()) { return type.status(); } type_header = *type; } if (custom_kid_.has_value()) { if (kid.has_value()) { return util::Status(absl::StatusCode::kInvalidArgument, "TINK keys are not allowed to have a kid value set."); } kid = *custom_kid_; } util::StatusOr encoded_header = CreateHeader(algorithm_, type_header, kid); if (!encoded_header.ok()) { return encoded_header.status(); } util::StatusOr payload = token.GetJsonPayload(); if (!payload.ok()) { return payload.status(); } std::string encoded_payload = EncodePayload(*payload); std::string unsigned_token = absl::StrCat(*encoded_header, ".", encoded_payload); util::StatusOr tag = sign_->Sign(unsigned_token); if (!tag.ok()) { return tag.status(); } std::string encoded_tag = EncodeSignature(*tag); return absl::StrCat(unsigned_token, ".", encoded_tag); } } // namespace jwt_internal } // namespace tink } // namespace crypto