python/examples/jwt/jwt_sign.py - platform/external/tink - Git at Google

 # Copyright 2021 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS-IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 # [START python-jwt-sign-example]
 """A utility for creating and signing JSON Web Tokens (JWT).

 It loads cleartext keys from disk - this is not recommended!
 """

 import datetime

 from absl import app
 from absl import flags
 from absl import logging
 import tink
 from tink import cleartext_keyset_handle
 from tink import jwt


 _PRIVATE_KEYSET_PATH = flags.DEFINE_string(
     'private_keyset_path', None,
     'Path to the keyset used for the JWT signature operation.')
 _AUDIENCE = flags.DEFINE_string('audience', None,
                                 'Audience to be used in the token')
 _TOKEN_PATH = flags.DEFINE_string('token_path', None, 'Path to the token file.')


 def main(argv):
   del argv  # Unused.

   # Initialise Tink
   jwt.register_jwt_signature()

   # Read the keyset into a KeysetHandle
   with open(_PRIVATE_KEYSET_PATH.value, 'rt') as keyset_file:
     try:
       text = keyset_file.read()
       keyset_handle = cleartext_keyset_handle.read(tink.JsonKeysetReader(text))
     except tink.TinkError as e:
       logging.exception('Error reading keyset: %s', e)
       return 1

   now = datetime.datetime.now(tz=datetime.timezone.utc)

   # Get the JwtPublicKeySign primitive
   try:
     jwt_sign = keyset_handle.primitive(jwt.JwtPublicKeySign)
   except tink.TinkError as e:
     logging.exception('Error creating JwtPublicKeySign: %s', e)
     return 1

   # Create token
   raw_jwt = jwt.new_raw_jwt(
       audiences=[_AUDIENCE.value],
       expiration=now + datetime.timedelta(seconds=100))
   token = jwt_sign.sign_and_encode(raw_jwt)
   with open(_TOKEN_PATH.value, 'wt') as token_file:
     token_file.write(token)
   logging.info('Token has been written to %s', _TOKEN_PATH.value)


 if __name__ == '__main__':
   flags.mark_flags_as_required(
       ['private_keyset_path', 'audience', 'token_path'])
   app.run(main)

 # [END python-jwt-sign-example]
	# Copyright 2021 Google LLC
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS-IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	# [START python-jwt-sign-example]
	"""A utility for creating and signing JSON Web Tokens (JWT).

	It loads cleartext keys from disk - this is not recommended!
	"""

	import datetime

	from absl import app
	from absl import flags
	from absl import logging
	import tink
	from tink import cleartext_keyset_handle
	from tink import jwt


	_PRIVATE_KEYSET_PATH = flags.DEFINE_string(
	'private_keyset_path', None,
	'Path to the keyset used for the JWT signature operation.')
	_AUDIENCE = flags.DEFINE_string('audience', None,
	'Audience to be used in the token')
	_TOKEN_PATH = flags.DEFINE_string('token_path', None, 'Path to the token file.')


	def main(argv):
	del argv # Unused.

	# Initialise Tink
	jwt.register_jwt_signature()

	# Read the keyset into a KeysetHandle
	with open(_PRIVATE_KEYSET_PATH.value, 'rt') as keyset_file:
	try:
	text = keyset_file.read()
	keyset_handle = cleartext_keyset_handle.read(tink.JsonKeysetReader(text))
	except tink.TinkError as e:
	logging.exception('Error reading keyset: %s', e)
	return 1

	now = datetime.datetime.now(tz=datetime.timezone.utc)

	# Get the JwtPublicKeySign primitive
	try:
	jwt_sign = keyset_handle.primitive(jwt.JwtPublicKeySign)
	except tink.TinkError as e:
	logging.exception('Error creating JwtPublicKeySign: %s', e)
	return 1

	# Create token
	raw_jwt = jwt.new_raw_jwt(
	audiences=[_AUDIENCE.value],
	expiration=now + datetime.timedelta(seconds=100))
	token = jwt_sign.sign_and_encode(raw_jwt)
	with open(_TOKEN_PATH.value, 'wt') as token_file:
	token_file.write(token)
	logging.info('Token has been written to %s', _TOKEN_PATH.value)


	if __name__ == '__main__':
	flags.mark_flags_as_required(
	['private_keyset_path', 'audience', 'token_path'])
	app.run(main)

	# [END python-jwt-sign-example]