/** * @param \Jose\Object\JWEInterface $jwe * @param \Jose\Object\JWKSetInterface $jwk_set * @param int $i * * @return int|null */ private function decryptRecipientKey(Object\JWEInterface &$jwe, Object\JWKSetInterface $jwk_set, $i) { $recipient = $jwe->getRecipient($i); $complete_headers = array_merge($jwe->getSharedProtectedHeaders(), $jwe->getSharedHeaders(), $recipient->getHeaders()); $this->checkCompleteHeader($complete_headers); $key_encryption_algorithm = $this->getKeyEncryptionAlgorithm($complete_headers); $content_encryption_algorithm = $this->getContentEncryptionAlgorithm($complete_headers); foreach ($jwk_set as $jwk) { try { $this->checkKeyUsage($jwk, 'decryption'); if ('dir' !== $key_encryption_algorithm->getAlgorithmName()) { $this->checkKeyAlgorithm($jwk, $key_encryption_algorithm->getAlgorithmName()); } else { $this->checkKeyAlgorithm($jwk, $content_encryption_algorithm->getAlgorithmName()); } $cek = $this->decryptCEK($key_encryption_algorithm, $content_encryption_algorithm, $jwk, $recipient, $complete_headers); if (null !== $cek) { if (true === $this->decryptPayload($jwe, $cek, $content_encryption_algorithm, $complete_headers)) { return $i; } } } catch (\Exception $e) { //We do nothing, we continue with other keys continue; } } }
/** * @param \Jose\Object\JWEInterface $jwe * * @return \Jose\Compression\CompressionInterface|null */ private function getCompressionMethod(Object\JWEInterface $jwe) { $method = null; $nb_recipients = $jwe->countRecipients(); for ($i = 0; $i < $nb_recipients; $i++) { $complete_headers = array_merge($jwe->getSharedProtectedHeaders(), $jwe->getSharedHeaders(), $jwe->getRecipient($i)->getHeaders()); if (array_key_exists('zip', $complete_headers)) { if (null === $method) { if (0 === $i) { $method = $complete_headers['zip']; } else { throw new \InvalidArgumentException('Inconsistent "zip" parameter.'); } } else { Assertion::eq($method, $complete_headers['zip'], 'Inconsistent "zip" parameter.'); } } else { Assertion::eq(null, $method, 'Inconsistent "zip" parameter.'); } } if (null === $method) { return; } $compression_method = $this->getCompressionManager()->getCompressionAlgorithm($method); Assertion::isInstanceOf($compression_method, Compression\CompressionInterface::class, sprintf('Compression method "%s" not supported.', $method)); return $compression_method; }