/** * @param Key $management_key * @param $key_management_mode * @param ContentEncryptionAlgorithm $enc * @return Key * @throws \Exception */ public static function build(Key $management_key, $key_management_mode, ContentEncryptionAlgorithm $enc) { $cek = null; switch ($key_management_mode) { /** * When Key Wrapping, Key Encryption, or Key Agreement with Key * Wrapping are employed, generate a random CEK value */ case KeyManagementModeValues::KeyWrapping: case KeyManagementModeValues::KeyEncryption: case KeyManagementModeValues::KeyAgreementWithKeyWrapping: // calculate it $generator = Utils_Registry::getInstance()->get(Utils_Registry::RandomNumberGeneratorService); /** * The CEK MUST have a length equal to that required for the * content encryption algorithm. */ $rnd = $generator->invoke($enc->getMinKeyLen() / 8); $cek = new _ContentEncryptionKey($enc->getName(), 'RAW', $rnd); break; case KeyManagementModeValues::DirectEncryption: $cek = $management_key; break; case KeyManagementModeValues::DirectKeyAgreement: throw new \Exception('unsupported KKM!'); break; default: throw new \Exception('unsupported KKM!'); break; } return $cek; }
/** * @param IJWKSpecification $spec * @return IJWK * @throws InvalidJWKAlgorithm * @throws JWKInvalidSpecException */ public static function build(IJWKSpecification $spec) { if (is_null($spec)) { throw new \InvalidArgumentException('missing spec param'); } $algorithm = DigitalSignatures_MACs_Registry::getInstance()->get($spec->getAlg()); if (is_null($algorithm)) { $algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get($spec->getAlg()); } if (is_null($algorithm)) { $algorithm = KeyManagementAlgorithms_Registry::getInstance()->get($spec->getAlg()); } if (is_null($algorithm)) { throw new InvalidJWKAlgorithm(sprintf('alg %s not supported!', $spec->getAlg())); } if ($algorithm->getKeyType() !== JSONWebKeyTypes::OctetSequence) { throw new InvalidJWKAlgorithm(sprintf('key type %s not supported!', $algorithm->getKeyType())); } if (!$spec instanceof OctetSequenceJWKSpecification) { throw new JWKInvalidSpecException(); } $shared_secret = $spec->getSharedSecret(); $secret_len = strlen($shared_secret); if ($secret_len === 0) { $generator = Utils_Registry::getInstance()->get(Utils_Registry::RandomNumberGeneratorService); $shared_secret = $generator->invoke($algorithm->getMinKeyLen() / 8); } return OctetSequenceJWK::fromSecret(new SymmetricSharedKey($shared_secret), $spec->getAlg(), $spec->getUse()); }
/** * @param $size * @return string */ public static function build($size) { $generator = Utils_Registry::getInstance()->get(Utils_Registry::RandomNumberGeneratorService); return $generator->invoke($size / 8); }