/**
* @param \Jose\Object\JWEInterface $jwe
* @param \Jose\Object\JWKSetInterface $encryption_key_set
*
* @return \Jose\Object\JWSInterface
*/
private function decryptAssertion(Object\JWEInterface $jwe, Object\JWKSetInterface $encryption_key_set)
{
$this->decrypter->decryptUsingKeySet($jwe, $encryption_key_set);
$jws = $this->loader->load($jwe->getPayload());
Assertion::isInstanceOf($jws, Object\JWSInterface::class, 'The encrypted assertion does not contain a JWS.');
return $jws;
}
/**
* @param \Jose\Object\JWEInterface $jwe
*
* @throws \OAuth2\Exception\BaseExceptionInterface
*
* @return \Jose\Object\JWSInterface
*/
protected function decryptAssertion(JWEInterface $jwe)
{
if (!in_array($jwe->getHeader('alg'), $this->allowed_encryption_algorithms) || !in_array($jwe->getHeader('enc'), $this->allowed_encryption_algorithms)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, sprintf('Algorithm not allowed. Authorized algorithms: %s.', json_encode($this->allowed_encryption_algorithms)));
}
$this->decrypter->decrypt($jwe, $this->key_set);
if (null === $jwe->getPayload()) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Unable to decrypt the payload. Please verify keys used for encryption.');
}
$jws = $this->loader->load($jwe->getPayload());
if (!$jws instanceof JWSInterface) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'The encrypted assertion does not contain a single JWS.');
}
return $jws;
}