Esempio n. 1
0
 /**
  * {@inheritdoc}
  */
 public function load($input, JWKSetInterface $jwk_set = null)
 {
     $json = Converter::convert($input, JSONSerializationModes::JSON_SERIALIZATION, false);
     if (is_array($json)) {
         if (array_key_exists('signatures', $json)) {
             return $this->loadSerializedJsonJWS($json);
         }
         if (array_key_exists('recipients', $json)) {
             return $this->loadSerializedJsonJWE($json, $jwk_set);
         }
     }
     throw new \InvalidArgumentException('Unable to load the input');
 }
Esempio n. 2
0
 /**
  * @param array|JWKInterface|JWKSetInterface|JWTInterface|string $input         The input to sign
  * @param array                                                  $instructions  Signature instructions
  * @param string                                                 $serialization Serialization Overview
  *
  * @return string
  */
 public function sign($input, array $instructions, $serialization = JSONSerializationModes::JSON_COMPACT_SERIALIZATION)
 {
     $this->checkInput($input);
     $this->checkInstructions($instructions, $serialization);
     $jwt_payload = Base64Url::encode($input->getPayload());
     $signatures = ['payload' => $jwt_payload, 'signatures' => []];
     foreach ($instructions as $instruction) {
         $signatures['signatures'][] = $this->computeSignature($instruction, $input, $jwt_payload);
     }
     $prepared = Converter::convert($signatures, $serialization);
     return is_array($prepared) ? current($prepared) : $prepared;
 }
Esempio n. 3
0
 /**
  * @param array|JWKInterface|JWKSetInterface|JWTInterface|string $input
  * @param array                                                  $instructions
  * @param array                                                  $shared_protected_header
  * @param array                                                  $shared_unprotected_header
  * @param string                                                 $serialization
  * @param null                                                   $aad
  *
  * @return string
  */
 public function encrypt($input, array $instructions, array $shared_protected_header = [], array $shared_unprotected_header = [], $serialization = JSONSerializationModes::JSON_COMPACT_SERIALIZATION, $aad = null)
 {
     $this->checkInput($input);
     $this->checkInstructions($instructions, $serialization);
     $protected_header = array_merge($input->getProtectedHeader(), $shared_protected_header);
     $unprotected_header = array_merge($input->getUnprotectedHeader(), $shared_unprotected_header);
     // We check if key management mode is OK
     $key_management_mode = $this->getKeyManagementMode($instructions, $protected_header, $unprotected_header);
     // We get the content encryption algorithm
     $content_encryption_algorithm = $this->getContentEncryptionAlgorithm($instructions, $protected_header, $unprotected_header);
     // CEK
     $cek = $this->determineCEK($key_management_mode, $instructions, $protected_header, $unprotected_header, $content_encryption_algorithm->getCEKSize());
     $recipients = ['recipients' => []];
     foreach ($instructions as $instruction) {
         $recipients['recipients'][] = $this->computeRecipient($instruction, $protected_header, $unprotected_header, $cek, $content_encryption_algorithm->getCEKSize(), $serialization);
     }
     // We prepare the payload and compress it if required
     $payload = $input->getPayload();
     $compression_method = $this->findCompressionMethod($instructions, $protected_header, $unprotected_header);
     $this->compressPayload($payload, $compression_method);
     // We compute the initialization vector
     $iv = null;
     if (!is_null($iv_size = $content_encryption_algorithm->getIVSize())) {
         $iv = $this->createIV($iv_size);
     }
     // JWT Shared protected header
     $jwt_shared_protected_header = Base64Url::encode(json_encode($protected_header));
     // We encrypt the payload and get the tag
     $tag = null;
     $ciphertext = $content_encryption_algorithm->encryptContent($payload, $cek, $iv, $aad, $jwt_shared_protected_header, $tag);
     // JWT Ciphertext
     $jwt_ciphertext = Base64Url::encode($ciphertext);
     // JWT AAD
     $jwt_aad = is_null($aad) ? null : Base64Url::encode($aad);
     // JWT Tag
     $jwt_tag = is_null($tag) ? null : Base64Url::encode($tag);
     // JWT IV
     $jwt_iv = is_null($iv) ? '' : Base64Url::encode($iv);
     $values = ['ciphertext' => $jwt_ciphertext, 'protected' => $jwt_shared_protected_header, 'unprotected' => $unprotected_header, 'iv' => $jwt_iv, 'tag' => $jwt_tag, 'aad' => $jwt_aad];
     foreach ($values as $key => $value) {
         if (!empty($value)) {
             $recipients[$key] = $value;
         }
     }
     $prepared = Converter::convert($recipients, $serialization);
     return is_array($prepared) ? current($prepared) : $prepared;
 }
Esempio n. 4
0
 public function testMergeEncrypted()
 {
     $result = Converter::merge(['ciphertext' => 'KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY', 'protected' => 'eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0', 'unprotected' => ['jku' => 'https://server.example.com/keys.jwks'], 'iv' => 'AxY8DCtDaGlsbGljb3RoZQ', 'tag' => 'Mz-VPPyU4RlcuYv1IwIvzw', 'header' => ['alg' => 'RSA1_5', 'kid' => '2011-04-29'], 'encrypted_key' => 'UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A'], ['ciphertext' => 'KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY', 'protected' => 'eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0', 'unprotected' => ['jku' => 'https://server.example.com/keys.jwks'], 'iv' => 'AxY8DCtDaGlsbGljb3RoZQ', 'tag' => 'Mz-VPPyU4RlcuYv1IwIvzw', 'header' => ['alg' => 'A128KW', 'kid' => '7'], 'encrypted_key' => '6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ']);
     $expected_result = json_encode(['ciphertext' => 'KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY', 'protected' => 'eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0', 'unprotected' => ['jku' => 'https://server.example.com/keys.jwks'], 'iv' => 'AxY8DCtDaGlsbGljb3RoZQ', 'tag' => 'Mz-VPPyU4RlcuYv1IwIvzw', 'recipients' => [['header' => ['alg' => 'RSA1_5', 'kid' => '2011-04-29'], 'encrypted_key' => 'UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A'], ['header' => ['alg' => 'A128KW', 'kid' => '7'], 'encrypted_key' => '6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ']]]);
     $this->assertEquals($expected_result, $result);
 }