/** * @param \Jose\Object\JWEInterface $jwe * @param string $cek * @param \Jose\Algorithm\ContentEncryption\ContentEncryptionInterface $content_encryption_algorithm * * @return bool */ private function decryptPayload(JWEInterface &$jwe, $cek, $content_encryption_algorithm) { $payload = $content_encryption_algorithm->decryptContent($jwe->getCiphertext(), $cek, $jwe->getIV(), $jwe->getAAD(), $jwe->getEncodedProtectedHeader(), $jwe->getTag()); if (null === $payload) { return false; } if ($jwe->hasHeader('zip')) { $compression_method = $this->getCompressionMethod($jwe->getHeader('zip')); $payload = $compression_method->uncompress($payload); if (!is_string($payload)) { throw new \RuntimeException('Decompression failed'); } } $payload = $this->getPayloadConverter()->convertStringToPayload($jwe->getHeaders(), $payload); $result = new JWE($jwe->getInput(), $jwe->getCiphertext(), $jwe->getEncryptedKey(), $jwe->getIV(), $jwe->getAAD(), $jwe->getTag(), $jwe->getEncodedProtectedHeader(), $jwe->getUnprotectedHeaders(), $payload); $jwe = $result; return true; }
/** * @param \Jose\Object\JWEInterface $jwe * * @throws \OAuth2\Exception\BaseExceptionInterface * * @return \Jose\Object\JWSInterface */ protected function decryptAssertion(JWEInterface $jwe) { if (!in_array($jwe->getHeader('alg'), $this->allowed_encryption_algorithms) || !in_array($jwe->getHeader('enc'), $this->allowed_encryption_algorithms)) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, sprintf('Algorithm not allowed. Authorized algorithms: %s.', json_encode($this->allowed_encryption_algorithms))); } $this->decrypter->decrypt($jwe, $this->key_set); if (null === $jwe->getPayload()) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Unable to decrypt the payload. Please verify keys used for encryption.'); } $jws = $this->loader->load($jwe->getPayload()); if (!$jws instanceof JWSInterface) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'The encrypted assertion does not contain a single JWS.'); } return $jws; }