/**
* Decrypt the content using explicit algorithms.
*
* @param KeyManagementAlgorithm $key_algo
* @param ContentEncryptionAlgorithm $enc_algo
* @throws \RuntimeException If decrypt fails
* @return string Plaintext payload
*/
public function decrypt(KeyManagementAlgorithm $key_algo, ContentEncryptionAlgorithm $enc_algo)
{
// check that key management algorithm matches
if ($key_algo->algorithmParamValue() != $this->algorithmName()) {
throw new \UnexpectedValueException("Invalid key management algorithm.");
}
// check that encryption algorithm matches
if ($enc_algo->encryptionAlgorithmParamValue() != $this->encryptionAlgorithmName()) {
throw new \UnexpectedValueException("Invalid encryption algorithm.");
}
$header = $this->header();
// decrypt content encryption key
$cek = $key_algo->decrypt($this->_encryptedKey, $header);
// decrypt payload
$aad = Base64::urlEncode($this->_protectedHeader->toJSON());
$payload = $enc_algo->decrypt($this->_ciphertext, $cek, $this->_iv, $aad, $this->_authenticationTag);
// decompress
if ($header->hasCompressionAlgorithm()) {
$payload = CompressionFactory::algoByHeader($header)->decompress($payload);
}
return $payload;
}
