コード例 #1
0
ファイル: EncrypterTrait.php プロジェクト: spomky-labs/jose
 /**
  * @param \Jose\Object\JWEInterface                           $jwe
  * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm
  * @param string                                              $key_management_mode
  * @param array                                               $additional_headers
  *
  * @return string
  */
 private function determineCEK(Object\JWEInterface $jwe, Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm, $key_management_mode, array &$additional_headers)
 {
     switch ($key_management_mode) {
         case Algorithm\KeyEncryption\KeyEncryptionInterface::MODE_ENCRYPT:
         case Algorithm\KeyEncryption\KeyEncryptionInterface::MODE_WRAP:
             return $this->createCEK($content_encryption_algorithm->getCEKSize());
         case Algorithm\KeyEncryption\KeyEncryptionInterface::MODE_AGREEMENT:
             Assertion::eq(1, $jwe->countRecipients(), 'Unable to encrypt for multiple recipients using key agreement algorithms.');
             $complete_headers = array_merge($jwe->getSharedProtectedHeaders(), $jwe->getSharedHeaders(), $jwe->getRecipient(0)->getHeaders());
             $algorithm = $this->findKeyEncryptionAlgorithm($complete_headers);
             return $algorithm->getAgreementKey($content_encryption_algorithm->getCEKSize(), $content_encryption_algorithm->getAlgorithmName(), $jwe->getRecipient(0)->getRecipientKey(), $complete_headers, $additional_headers);
         case Algorithm\KeyEncryption\KeyEncryptionInterface::MODE_DIRECT:
             Assertion::eq(1, $jwe->countRecipients(), 'Unable to encrypt for multiple recipients using key agreement algorithms.');
             Assertion::eq($jwe->getRecipient(0)->getRecipientKey()->get('kty'), 'oct', 'Wrong key type.');
             Assertion::true($jwe->getRecipient(0)->getRecipientKey()->has('k'), 'The key parameter "k" is missing.');
             return Base64Url::decode($jwe->getRecipient(0)->getRecipientKey()->get('k'));
         default:
             throw new \InvalidArgumentException(sprintf('Unsupported key management mode "%s".', $key_management_mode));
     }
 }
コード例 #2
0
ファイル: Decrypter.php プロジェクト: spomky-labs/jose
 /**
  * @param \Jose\Algorithm\JWAInterface                        $key_encryption_algorithm
  * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm
  * @param \Jose\Object\JWKInterface                           $key
  * @param \Jose\Object\RecipientInterface                     $recipient
  * @param array                                               $complete_headers
  *
  * @return null|string
  */
 private function decryptCEK(Algorithm\JWAInterface $key_encryption_algorithm, Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm, Object\JWKInterface $key, Object\RecipientInterface $recipient, array $complete_headers)
 {
     if ($key_encryption_algorithm instanceof Algorithm\KeyEncryption\DirectEncryptionInterface) {
         return $key_encryption_algorithm->getCEK($key);
     } elseif ($key_encryption_algorithm instanceof Algorithm\KeyEncryption\KeyAgreementInterface) {
         return $key_encryption_algorithm->getAgreementKey($content_encryption_algorithm->getCEKSize(), $content_encryption_algorithm->getAlgorithmName(), $key, $complete_headers);
     } elseif ($key_encryption_algorithm instanceof Algorithm\KeyEncryption\KeyAgreementWrappingInterface) {
         return $key_encryption_algorithm->unwrapAgreementKey($key, $recipient->getEncryptedKey(), $content_encryption_algorithm->getCEKSize(), $complete_headers);
     } elseif ($key_encryption_algorithm instanceof Algorithm\KeyEncryption\KeyEncryptionInterface) {
         return $key_encryption_algorithm->decryptKey($key, $recipient->getEncryptedKey(), $complete_headers);
     } elseif ($key_encryption_algorithm instanceof Algorithm\KeyEncryption\KeyWrappingInterface) {
         return $key_encryption_algorithm->unwrapKey($key, $recipient->getEncryptedKey(), $complete_headers);
     } else {
         throw new \InvalidArgumentException('Unsupported CEK generation');
     }
 }
コード例 #3
0
ファイル: Encrypter.php プロジェクト: spomky-labs/jose
 /**
  * @param array                                                       $complete_headers
  * @param string                                                      $cek
  * @param \Jose\Algorithm\KeyEncryption\KeyAgreementWrappingInterface $key_encryption_algorithm
  * @param \Jose\Algorithm\ContentEncryptionAlgorithmInterface         $content_encryption_algorithm
  * @param array                                                       $additional_headers
  * @param \Jose\Object\JWKInterface                                   $recipient_key
  *
  * @return string
  */
 private function getEncryptedKeyFromKeyAgreementAndKeyWrappingAlgorithm(array $complete_headers, $cek, Algorithm\KeyEncryption\KeyAgreementWrappingInterface $key_encryption_algorithm, Algorithm\ContentEncryptionAlgorithmInterface $content_encryption_algorithm, array &$additional_headers, Object\JWKInterface $recipient_key)
 {
     $jwt_cek = $key_encryption_algorithm->wrapAgreementKey($recipient_key, $cek, $content_encryption_algorithm->getCEKSize(), $complete_headers, $additional_headers);
     return $jwt_cek;
 }