/**
* @param string $signature
* @param string $securedInput
* @param string $key
*
* @return bool
*/
public function verify($signature, $securedInput, $key)
{
if (null != $key) {
throw new JoseJwtException('Plaintext algorithm expects key to be null');
}
return StringUtils::length($signature) === 0;
}
/**
* @param string $encryptedCek
* @param string $kek
* @param int $cekSizeBits
* @param array $header
*
* @return string
*/
public function unwrap($encryptedCek, $kek, $cekSizeBits, array $header)
{
$kekLen = StringUtils::length($kek);
if ($kekLen * 8 != $this->kekLengthBits) {
throw new JoseJwtException(sprintf('AesKeyWrap management algorithm expected key of size %s bits, but was given %s bits', $this->kekLengthBits, $kekLen * 8));
}
return $this->aesUnwrap($kek, $encryptedCek);
}
/**
* @param Context $context
* @param array|object $payload
* @param string|resource $key
* @param string $jwsAlgorithm
* @param array $extraHeaders
*
* @return string
*/
public static function encode(Context $context, $payload, $key, $jwsAlgorithm, $extraHeaders = [])
{
$header = array_merge(['alg' => '', 'typ' => 'JWT'], $extraHeaders);
$hashAlgorithm = $context->jwsAlgorithms()->get($jwsAlgorithm);
if (null == $hashAlgorithm) {
throw new JoseJwtException(sprintf('Unknown algorithm "%s"', $jwsAlgorithm));
}
$header['alg'] = $jwsAlgorithm;
$payloadString = StringUtils::payload2string($payload, $context->jsonMapper());
$signingInput = implode('.', [UrlSafeB64Encoder::encode(json_encode($header)), UrlSafeB64Encoder::encode($payloadString)]);
$signature = $hashAlgorithm->sign($signingInput, $key);
$signature = UrlSafeB64Encoder::encode($signature);
return $signingInput . '.' . $signature;
}
/**
* @param Context $context
* @param $payload
* @param $key
* @param $jweAlgorithm
* @param $jweEncryption
* @param array $extraHeaders
*
* @return string
*/
public static function encode(Context $context, $payload, $key, $jweAlgorithm, $jweEncryption, array $extraHeaders = [])
{
if (empty($payload) || is_string($payload) && trim($payload) == '') {
throw new JoseJwtException('Payload can not be empty');
}
$algorithm = $context->jweAlgorithms()->get($jweAlgorithm);
if (null === $algorithm) {
throw new JoseJwtException(sprintf('Invalid or unsupported algorithm "%s"', $jweAlgorithm));
}
$encryption = $context->jweEncryptions()->get($jweEncryption);
if (null === $encryption) {
throw new JoseJwtException(sprintf('Invalid or unsupported encryption "%s"', $jweEncryption));
}
$header = array_merge(['alg' => $jweAlgorithm, 'enc' => $jweEncryption, 'typ' => 'JWT'], $extraHeaders);
list($cek, $encryptedCek) = $algorithm->wrapNewKey($encryption->getKeySize(), $key, $header);
$payloadString = StringUtils::payload2string($payload, $context->jsonMapper());
$headerString = json_encode($header);
$aad = UrlSafeB64Encoder::encode($headerString);
$parts = $encryption->encrypt($aad, $payloadString, $cek);
return implode('.', [UrlSafeB64Encoder::encode($headerString), UrlSafeB64Encoder::encode($encryptedCek), UrlSafeB64Encoder::encode($parts[0]), UrlSafeB64Encoder::encode($parts[1]), UrlSafeB64Encoder::encode($parts[2])]);
}
/**
* @expectedException \JoseJwt\Error\JoseJwtException
* @expectedExceptionMessage Unable to serialize payload
*/
public function test_throws_when_unable_to_serialize()
{
StringUtils::payload2string(new \stdClass());
}
/**
* @param $aad
* @param $iv
* @param $cipherText
* @param $hmacKey
*
* @return string
*/
private function computeAuthTag($aad, $iv, $cipherText, $hmacKey)
{
$aadLen = StringUtils::length($aad);
$max32bit = 2147483647;
$hmacInput = implode('', [$aad, $iv, $cipherText, pack('N2', $aadLen / $max32bit * 8, $aadLen % $max32bit * 8)]);
$authTag = $this->hashAlgorithm->sign($hmacInput, $hmacKey);
$authTagLen = StringUtils::length($authTag);
$authTag = StringUtils::substring($authTag, 0, $authTagLen / 2);
return $authTag;
}
