public function testEncrypt()
{
$plaintext = 'Live long and prosper.';
$public_set = $this->getPublicKeySet();
$jwe = new JWE(array("alg" => "RSA1_5", "enc" => "A128CBC-HS256"), $plaintext);
$token = $jwe->encrypt($public_set);
$private_set = $this->getPrivateKeySet();
$test_jwe = JWE::decrypt($token, $private_set, 'RSA1_5');
$this->assertEquals($plaintext, $test_jwe->getPlaintext());
}
/**
* Returns a key set as a JSON web key set.
*
* If `$password` is null, an unencrypted JSON structure is returned.
*
* If `$password` is not null, a JWE is created using PBES2 key encryption.
*
* @param string $password the password
* @return string the key set
*/
function toJWKS($password = null)
{
$result = array_map(function ($key) {
return $key->getKeyData();
}, $this->keys);
$json = json_encode(array('keys' => $result));
if ($password == null) {
return $json;
}
$keys = KeySet::createFromSecret($password, 'bin');
$headers = array('alg' => 'PBES2-HS256+A128KW', 'enc' => 'A128CBC-HS256', 'cty' => 'jwk-set+json');
$jwe = new JWE($headers, $json);
return $jwe->encrypt($keys);
}
/**
* Builds the JOSE response. This will return one of the following:
*
* - A JSON encoded string, if {@link $signed_response_alg} and
* {@link $encrypted_response_alg} are both null
* - A signed JWT (JWS), if {@link $signed_response_alg} is set
* - A JWE containing a nested JWT, if both {@link $signed_response_alg}
* and {@link $encrypted_response_alg} are set
*
* @param SimpleJWT\Keys\KeySet $set the key set used to sign and/or
* encrypt the token. If set to null, the default set of keys
* configured for the client and the server are loaded
* @return string the response body
*/
function buildJOSE($set = null)
{
$rand = new Random();
$typ = $this->getType();
if ($typ == 'json') {
return json_encode($this->container);
}
if ($set == null) {
$builder = new KeySetBuilder($client);
$set = $builder->addClientSecret()->addClientPublicKeys()->addServerPrivateKeys()->toKeySet();
}
$headers = array_merge($this->headers, array('alg' => $this->signed_response_alg));
$claims = array_merge($this->container, array('iss' => $this->issuer, 'aud' => $this->client->getStoreID(), 'jti' => $rand->id()));
$jwt = new JWT($headers, $claims);
try {
$token = $jwt->encode($set);
} catch (CryptException $e) {
return null;
}
if ($typ == 'jwt') {
return $token;
}
$headers = array('alg' => $this->encrypted_response_alg, 'enc' => $this->encrypted_response_enc, 'cty' => 'JWT');
$jwe = new JWE($headers, $token);
try {
return $jwe->encrypt($set);
} catch (CryptException $e) {
return null;
}
}
/**
* Returns a key as a JSON web key.
*
* If `$password` is null or if the key is a public key, an unencrypted JSON
* structure is returned.
*
* If `$password` is not null and the key is a private key, a JWE is created
* using PBES2 key encryption.
*
* @param string $password the password
* @return string the key set
*/
public function toJWK($password = null)
{
$json = json_encode($this->data);
if ($password == null || $this->isPublic()) {
return $json;
}
$keys = KeySet::createFromSecret($password, 'bin');
$headers = array('alg' => 'PBES2-HS256+A128KW', 'enc' => 'A128CBC-HS256', 'cty' => 'jwk+json');
$jwe = new JWE($headers, $json);
return $jwe->encrypt($keys);
}
