/** * @param \Jose\Object\JWEInterface $jwe * @param \Jose\Object\RecipientInterface $recipient * @param string $cek * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm * @param array $additional_headers */ private function processRecipient(Object\JWEInterface $jwe, Object\RecipientInterface &$recipient, $cek, Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm, array &$additional_headers) { if (null === $recipient->getRecipientKey()) { return; } $complete_headers = array_merge($jwe->getSharedProtectedHeaders(), $jwe->getSharedHeaders(), $recipient->getHeaders()); $key_encryption_algorithm = $this->findKeyEncryptionAlgorithm($complete_headers); $this->checkKeys($key_encryption_algorithm, $content_encryption_algorithm, $recipient->getRecipientKey()); $encrypted_content_encryption_key = $this->getEncryptedKey($complete_headers, $cek, $key_encryption_algorithm, $content_encryption_algorithm, $additional_headers, $recipient->getRecipientKey()); $recipient_headers = $recipient->getHeaders(); if (!empty($additional_headers) && 1 !== $jwe->countRecipients()) { $recipient_headers = array_merge($recipient_headers, $additional_headers); $additional_headers = []; } $recipient = Object\Recipient::createRecipientFromLoadedJWE($recipient_headers, $encrypted_content_encryption_key); }
/** * @param \Jose\Algorithm\JWAInterface $key_encryption_algorithm * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm * @param \Jose\Object\JWKInterface $key * @param \Jose\Object\RecipientInterface $recipient * @param array $complete_headers * * @return null|string */ private function decryptCEK(Algorithm\JWAInterface $key_encryption_algorithm, Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm, Object\JWKInterface $key, Object\RecipientInterface $recipient, array $complete_headers) { if ($key_encryption_algorithm instanceof Algorithm\KeyEncryption\DirectEncryptionInterface) { return $key_encryption_algorithm->getCEK($key); } elseif ($key_encryption_algorithm instanceof Algorithm\KeyEncryption\KeyAgreementInterface) { return $key_encryption_algorithm->getAgreementKey($content_encryption_algorithm->getCEKSize(), $content_encryption_algorithm->getAlgorithmName(), $key, $complete_headers); } elseif ($key_encryption_algorithm instanceof Algorithm\KeyEncryption\KeyAgreementWrappingInterface) { return $key_encryption_algorithm->unwrapAgreementKey($key, $recipient->getEncryptedKey(), $content_encryption_algorithm->getCEKSize(), $complete_headers); } elseif ($key_encryption_algorithm instanceof Algorithm\KeyEncryption\KeyEncryptionInterface) { return $key_encryption_algorithm->decryptKey($key, $recipient->getEncryptedKey(), $complete_headers); } elseif ($key_encryption_algorithm instanceof Algorithm\KeyEncryption\KeyWrappingInterface) { return $key_encryption_algorithm->unwrapKey($key, $recipient->getEncryptedKey(), $complete_headers); } else { throw new \InvalidArgumentException('Unsupported CEK generation'); } }