Exemple #1
0
 /**
  * @param StringOrURI $alg
  * @param StringOrURI $enc
  * @param JsonValue|null $kid
  * @param JsonValue|null $zip
  * @param StringOrURI|null $type
  * @param StringOrURI|null $cty
  */
 public function __construct(StringOrURI $alg, StringOrURI $enc, JsonValue $kid = null, JsonValue $zip = null, StringOrURI $type = null, StringOrURI $cty = null)
 {
     parent::__construct($alg, $type, $kid, $cty);
     $this->set[RegisteredJWEJOSEHeaderNames::EncryptionAlgorithm] = $enc;
     if (!is_null($zip) && CompressionAlgorithms_Registry::getInstance()->get($zip->getValue())) {
         $this->set[RegisteredJWEJOSEHeaderNames::CompressionAlgorithm] = $zip;
     }
 }
Exemple #2
0
 /**
  * @return $this
  * @throws InvalidJWKAlgorithm
  * @throws InvalidKeyTypeAlgorithmException
  * @throws JWEInvalidCompactFormatException
  * @throws JWEInvalidRecipientKeyException
  * @throws JWEUnsupportedContentEncryptionAlgorithmException
  * @throws JWEUnsupportedKeyManagementAlgorithmException
  * @throws \Exception
  */
 private function decrypt()
 {
     if (is_null($this->jwk)) {
         throw new JWEInvalidRecipientKeyException();
     }
     if (!$this->should_decrypt) {
         return $this;
     }
     if ($this->jwk->getAlgorithm()->getValue() !== $this->header->getAlgorithm()->getString()) {
         throw new InvalidJWKAlgorithm(sprintf('mismatch between algorithm intended for use with the key %s and the cryptographic algorithm used to encrypt or determine the value of the CEK %s', $this->jwk->getAlgorithm()->getValue(), $this->header->getAlgorithm()->getString()));
     }
     $key_management_algorithm = KeyManagementAlgorithms_Registry::getInstance()->get($this->header->getAlgorithm()->getString());
     if (is_null($key_management_algorithm)) {
         throw new JWEUnsupportedKeyManagementAlgorithmException(sprintf('alg %s', $this->header->getAlgorithm()->getString()));
     }
     $content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get($this->header->getEncryptionAlgorithm()->getString());
     if (is_null($content_encryption_algorithm)) {
         throw new JWEUnsupportedContentEncryptionAlgorithmException(sprintf('enc %s', $this->header->getEncryptionAlgorithm()->getString()));
     }
     $this->cek = $this->decryptJWEEncryptedKey($key_management_algorithm);
     // We encrypt the payload and get the tag
     $jwt_shared_protected_header = JOSEHeaderSerializer::serialize($this->header);
     /**
      * Decrypt the JWE Cipher Text using the CEK, the JWE Initialization
      * Vector, the Additional Authenticated Data value, and the JWE
      * Authentication Tag (which is the Authentication Tag input to the
      * calculation) using the specified content encryption algorithm,
      * returning the decrypted plaintext and validating the JWE
      * Authentication Tag in the manner specified for the algorithm,
      * rejecting the input without emitting any decrypted output if the
      * JWE Authentication Tag is incorrect.
      */
     $plain_text = $content_encryption_algorithm->decrypt($this->cipher_text, $this->cek->getEncoded(), $this->iv, $jwt_shared_protected_header, $this->tag);
     $zip = $this->header->getCompressionAlgorithm();
     /**
      * If a "zip" parameter was included, uncompress the decrypted
      * plaintext using the specified compression algorithm.
      */
     if (!is_null($zip)) {
         $compression__algorithm = CompressionAlgorithms_Registry::getInstance()->get($zip->getValue());
         $plain_text = $compression__algorithm->uncompress($plain_text);
     }
     $this->setPayload(JWSPayloadFactory::build($plain_text));
     $this->should_decrypt = false;
     return $this;
 }