/** * @return $this * @throws InvalidJWKAlgorithm * @throws InvalidKeyTypeAlgorithmException * @throws JWEInvalidRecipientKeyException * @throws JWEUnsupportedContentEncryptionAlgorithmException * @throws JWEUnsupportedKeyManagementAlgorithmException * @throws \Exception */ private function encrypt() { if (is_null($this->jwk)) { throw new JWEInvalidRecipientKeyException(); } if ($this->jwk->getAlgorithm()->getValue() !== $this->header->getAlgorithm()->getString()) { throw new InvalidJWKAlgorithm(sprintf('mismatch between algorithm intended for use with the key %s and the cryptographic algorithm used to encrypt or determine the value of the CEK %s', $this->jwk->getAlgorithm()->getValue(), $this->header->getAlgorithm()->getString())); } $recipient_public_key = $this->jwk->getKey(JSONWebKeyKeyOperationsValues::EncryptContent); $key_management_algorithm = KeyManagementAlgorithms_Registry::getInstance()->get($this->header->getAlgorithm()->getString()); if (is_null($key_management_algorithm)) { throw new JWEUnsupportedKeyManagementAlgorithmException(sprintf('alg %s', $this->header->getAlgorithm()->getString())); } if ($key_management_algorithm->getKeyType() !== $recipient_public_key->getAlgorithm()) { throw new InvalidKeyTypeAlgorithmException(sprintf('key should be for alg %s, %s instead.', $key_management_algorithm->getKeyType(), $recipient_public_key->getAlgorithm())); } $content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get($this->header->getEncryptionAlgorithm()->getString()); if (is_null($content_encryption_algorithm)) { throw new JWEUnsupportedContentEncryptionAlgorithmException(sprintf('enc %s', $this->header->getEncryptionAlgorithm()->getString())); } $key_management_mode = $this->getKeyManagementMode($key_management_algorithm); $this->cek = ContentEncryptionKeyFactory::build($recipient_public_key, $key_management_mode, $content_encryption_algorithm); $this->enc_cek = $this->getJWEEncryptedKey($key_management_algorithm, $recipient_public_key); /** * Generate a random JWE Initialization Vector of the correct size * for the content encryption algorithm (if required for the * algorithm); otherwise, let the JWE Initialization Vector be the * empty octet sequence. */ $this->iv = ''; if (!is_null($iv_size = $content_encryption_algorithm->getIVSize())) { $this->iv = $this->createIV($iv_size); } // We encrypt the payload and get the tag $jwt_shared_protected_header = JOSEHeaderSerializer::serialize($this->header); $payload = $this->payload instanceof IJWSPayloadRawSpec ? $this->payload->getRaw() : ''; $zip = $this->header->getCompressionAlgorithm(); /** * If a "zip" parameter was included, compress the plaintext using * the specified compression algorithm and let M be the octet * sequence representing the compressed plaintext; otherwise, let M * be the octet sequence representing the plaintext. */ if (!is_null($zip)) { $compression__algorithm = CompressionAlgorithms_Registry::getInstance()->get($zip->getValue()); $payload = $compression__algorithm->compress($payload); } /** * Encrypt M using the CEK, the JWE Initialization Vector, and the * Additional Authenticated Data value using the specified content * encryption algorithm to create the JWE Ciphertext value and the * JWE Authentication Tag (which is the Authentication Tag output * from the encryption operation). */ list($this->cipher_text, $this->tag) = $content_encryption_algorithm->encrypt($payload, $this->cek->getEncoded(), $this->iv, $jwt_shared_protected_header); return $this; }
/** * @return array */ public function take() { $payload = $this->payload->isClaimSet() ? $this->claim_set : $this->payload->getRaw(); return array($this->header, $payload, $this->signature); }
/** * @return array */ public function take() { $payload = $this->payload instanceof IJWSPayloadRawSpec ? $this->payload->getRaw() : $this->claim_set; return array($this->header, $payload, $this->signature); }