/** * @param IJWK $key * @param StringOrURI $alg * @param mixed $payload * @param string $signature * @throws InvalidJWKType * @throws JWSInvalidPayloadException */ public function __construct(IJWK $key, StringOrURI $alg, $payload, $signature = '') { if (is_null($key)) { throw new InvalidJWKType(); } if (is_null($payload)) { throw new JWSInvalidPayloadException('missing payload'); } $this->key = $key; $this->alg = $alg; $this->payload = JWSPayloadFactory::build($payload); $this->signature = $signature; }
/** * @param IJWK $key * @param StringOrURI $alg * @param StringOrURI $enc * @param $payload * @param JsonValue $zip * @throws JWEInvalidPayloadException * @throws JWEInvalidRecipientKeyException */ public function __construct(IJWK $key, StringOrURI $alg, StringOrURI $enc, $payload, JsonValue $zip = null) { if (is_null($key)) { throw new JWEInvalidRecipientKeyException(); } if (is_null($payload)) { throw new JWEInvalidPayloadException('missing payload'); } $this->key = $key; $this->alg = $alg; $this->enc = $enc; $this->zip = $zip; $this->payload = JWSPayloadFactory::build($payload); }
/** * @return $this * @throws InvalidJWKAlgorithm * @throws InvalidKeyTypeAlgorithmException * @throws JWEInvalidCompactFormatException * @throws JWEInvalidRecipientKeyException * @throws JWEUnsupportedContentEncryptionAlgorithmException * @throws JWEUnsupportedKeyManagementAlgorithmException * @throws \Exception */ private function decrypt() { if (is_null($this->jwk)) { throw new JWEInvalidRecipientKeyException(); } if (!$this->should_decrypt) { return $this; } if ($this->jwk->getAlgorithm()->getValue() !== $this->header->getAlgorithm()->getString()) { throw new InvalidJWKAlgorithm(sprintf('mismatch between algorithm intended for use with the key %s and the cryptographic algorithm used to encrypt or determine the value of the CEK %s', $this->jwk->getAlgorithm()->getValue(), $this->header->getAlgorithm()->getString())); } $key_management_algorithm = KeyManagementAlgorithms_Registry::getInstance()->get($this->header->getAlgorithm()->getString()); if (is_null($key_management_algorithm)) { throw new JWEUnsupportedKeyManagementAlgorithmException(sprintf('alg %s', $this->header->getAlgorithm()->getString())); } $content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get($this->header->getEncryptionAlgorithm()->getString()); if (is_null($content_encryption_algorithm)) { throw new JWEUnsupportedContentEncryptionAlgorithmException(sprintf('enc %s', $this->header->getEncryptionAlgorithm()->getString())); } $this->cek = $this->decryptJWEEncryptedKey($key_management_algorithm); // We encrypt the payload and get the tag $jwt_shared_protected_header = JOSEHeaderSerializer::serialize($this->header); /** * Decrypt the JWE Cipher Text using the CEK, the JWE Initialization * Vector, the Additional Authenticated Data value, and the JWE * Authentication Tag (which is the Authentication Tag input to the * calculation) using the specified content encryption algorithm, * returning the decrypted plaintext and validating the JWE * Authentication Tag in the manner specified for the algorithm, * rejecting the input without emitting any decrypted output if the * JWE Authentication Tag is incorrect. */ $plain_text = $content_encryption_algorithm->decrypt($this->cipher_text, $this->cek->getEncoded(), $this->iv, $jwt_shared_protected_header, $this->tag); $zip = $this->header->getCompressionAlgorithm(); /** * If a "zip" parameter was included, uncompress the decrypted * plaintext using the specified compression algorithm. */ if (!is_null($zip)) { $compression__algorithm = CompressionAlgorithms_Registry::getInstance()->get($zip->getValue()); $plain_text = $compression__algorithm->uncompress($plain_text); } $this->setPayload(JWSPayloadFactory::build($plain_text)); $this->should_decrypt = false; return $this; }
/** * @param string $compact_serialization * @return IJWS * @access private */ public static function fromCompactSerialization($compact_serialization) { list($header, $payload, $signature) = JWTSerializer::deserialize($compact_serialization); return new JWS($header, JWSPayloadFactory::build($payload), $signature); }