Inheritance: extends Jose\Algorithm\JWAInterface
Ejemplo n.º 1
0
 /**
  * @param \Jose\Object\JWEInterface                           $jwe
  * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm
  * @param string                                              $key_management_mode
  * @param array                                               $additional_headers
  *
  * @return string
  */
 private function determineCEK(Object\JWEInterface $jwe, Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm, $key_management_mode, array &$additional_headers)
 {
     switch ($key_management_mode) {
         case Algorithm\KeyEncryption\KeyEncryptionInterface::MODE_ENCRYPT:
         case Algorithm\KeyEncryption\KeyEncryptionInterface::MODE_WRAP:
             return $this->createCEK($content_encryption_algorithm->getCEKSize());
         case Algorithm\KeyEncryption\KeyEncryptionInterface::MODE_AGREEMENT:
             Assertion::eq(1, $jwe->countRecipients(), 'Unable to encrypt for multiple recipients using key agreement algorithms.');
             $complete_headers = array_merge($jwe->getSharedProtectedHeaders(), $jwe->getSharedHeaders(), $jwe->getRecipient(0)->getHeaders());
             $algorithm = $this->findKeyEncryptionAlgorithm($complete_headers);
             return $algorithm->getAgreementKey($content_encryption_algorithm->getCEKSize(), $content_encryption_algorithm->getAlgorithmName(), $jwe->getRecipient(0)->getRecipientKey(), $complete_headers, $additional_headers);
         case Algorithm\KeyEncryption\KeyEncryptionInterface::MODE_DIRECT:
             Assertion::eq(1, $jwe->countRecipients(), 'Unable to encrypt for multiple recipients using key agreement algorithms.');
             Assertion::eq($jwe->getRecipient(0)->getRecipientKey()->get('kty'), 'oct', 'Wrong key type.');
             Assertion::true($jwe->getRecipient(0)->getRecipientKey()->has('k'), 'The key parameter "k" is missing.');
             return Base64Url::decode($jwe->getRecipient(0)->getRecipientKey()->get('k'));
         default:
             throw new \InvalidArgumentException(sprintf('Unsupported key management mode "%s".', $key_management_mode));
     }
 }
Ejemplo n.º 2
0
 /**
  * @param \Jose\Object\JWEInterface                           $jwe
  * @param string                                              $cek
  * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm
  * @param array                                               $complete_headers
  *
  * @return bool
  */
 private function decryptPayload(Object\JWEInterface &$jwe, $cek, Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm, array $complete_headers)
 {
     $payload = $content_encryption_algorithm->decryptContent($jwe->getCiphertext(), $cek, $jwe->getIV(), null === $jwe->getAAD() ? null : Base64Url::encode($jwe->getAAD()), $jwe->getEncodedSharedProtectedHeaders(), $jwe->getTag());
     if (null === $payload) {
         return false;
     }
     $this->decompressIfNeeded($payload, $complete_headers);
     $decoded = json_decode($payload, true);
     $jwe = $jwe->withPayload(null === $decoded ? $payload : $decoded);
     return true;
 }
Ejemplo n.º 3
0
 /**
  * @param array                                                       $complete_headers
  * @param string                                                      $cek
  * @param \Jose\Algorithm\KeyEncryption\KeyAgreementWrappingInterface $key_encryption_algorithm
  * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface         $content_encryption_algorithm
  * @param array                                                       $additional_headers
  * @param \Jose\Object\JWKInterface                                   $recipient_key
  *
  * @return string
  */
 private function getEncryptedKeyFromKeyAgreementAndKeyWrappingAlgorithm(array $complete_headers, $cek, Algorithm\KeyEncryption\KeyAgreementWrappingInterface $key_encryption_algorithm, Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm, array &$additional_headers, Object\JWKInterface $recipient_key)
 {
     $jwt_cek = $key_encryption_algorithm->wrapAgreementKey($recipient_key, $cek, $content_encryption_algorithm->getCEKSize(), $complete_headers, $additional_headers);
     return $jwt_cek;
 }