/** * {@inheritdoc} */ public function load($input) { $json = json_decode(Converter::convert($input, JSONSerializationModes::JSON_SERIALIZATION), true); if (is_array($json)) { if (array_key_exists('signatures', $json)) { return $this->loadSerializedJsonJWS($json, $input); } if (array_key_exists('recipients', $json)) { return $this->loadSerializedJsonJWE($json, $input); } } throw new \InvalidArgumentException('Unable to load the input'); }
/** * {@inheritdoc} */ public function sign($input, array $instructions, $serialization, $detached_signature = false, &$detached_payload = null) { $additional_header = []; $this->checkSerializationMode($serialization); $input = $this->getPayloadConverter()->convertPayloadToString($additional_header, $input); $this->checkInstructions($instructions, $serialization); $jwt_payload = Base64Url::encode($input); $signatures = ['payload' => $jwt_payload, 'signatures' => []]; foreach ($instructions as $instruction) { $signatures['signatures'][] = $this->computeSignature($instruction, $jwt_payload, $additional_header); } if (true === $detached_signature) { $detached_payload = $signatures['payload']; unset($signatures['payload']); } return Converter::convert($signatures, $serialization); }
/** * @param array|\Jose\Object\JWKInterface|\Jose\Object\JWKSetInterface|\Jose\Object\JWTInterface|string $input * @param array $instructions * @param array $shared_protected_header * @param array $shared_unprotected_header * @param string $serialization * @param null $aad * * @return string */ public function encrypt($input, array $instructions, $serialization, array $shared_protected_header = [], array $shared_unprotected_header = [], $aad = null) { $additional_header = []; $this->checkSerializationMode($serialization); $input = $this->getPayloadConverter()->convertPayloadToString($additional_header, $input); $this->checkInstructions($instructions, $serialization); if (!empty($shared_unprotected_header) && JSONSerializationModes::JSON_COMPACT_SERIALIZATION === $serialization) { throw new \InvalidArgumentException('Cannot create Compact Json Serialization representation: shared unprotected header cannot be kept'); } if (!empty($aad) && JSONSerializationModes::JSON_COMPACT_SERIALIZATION === $serialization) { throw new \InvalidArgumentException('Cannot create Compact Json Serialization representation: AAD cannot be kept'); } $protected_header = array_merge($shared_protected_header, $additional_header); // We check if key management mode is OK $key_management_mode = $this->getKeyManagementMode($instructions, $protected_header, $shared_unprotected_header); // We get the content encryption algorithm $content_encryption_algorithm = $this->getContentEncryptionAlgorithm($instructions, $protected_header, $shared_unprotected_header); // CEK $cek = $this->determineCEK($key_management_mode, $instructions, $protected_header, $shared_unprotected_header, $content_encryption_algorithm->getCEKSize()); $recipients = ['recipients' => []]; foreach ($instructions as $instruction) { $recipients['recipients'][] = $this->computeRecipient($instruction, $protected_header, $shared_unprotected_header, $cek, $content_encryption_algorithm->getCEKSize(), $serialization); } // We prepare the payload and compress it if required $compression_method = $this->findCompressionMethod($instructions, $protected_header, $shared_unprotected_header); $this->compressPayload($input, $compression_method); // We compute the initialization vector $iv = null; if (null !== ($iv_size = $content_encryption_algorithm->getIVSize())) { $iv = $this->createIV($iv_size); } // JWT Shared protected header $jwt_shared_protected_header = Base64Url::encode(json_encode($protected_header)); // We encrypt the payload and get the tag $tag = null; $ciphertext = $content_encryption_algorithm->encryptContent($input, $cek, $iv, $aad, $jwt_shared_protected_header, $tag); // JWT Ciphertext $jwt_ciphertext = Base64Url::encode($ciphertext); // JWT AAD $jwt_aad = null === $aad ? null : Base64Url::encode($aad); // JWT Tag $jwt_tag = null === $tag ? null : Base64Url::encode($tag); // JWT IV $jwt_iv = null === $iv ? '' : Base64Url::encode($iv); $values = ['ciphertext' => $jwt_ciphertext, 'protected' => $jwt_shared_protected_header, 'unprotected' => $shared_unprotected_header, 'iv' => $jwt_iv, 'tag' => $jwt_tag, 'aad' => $jwt_aad]; foreach ($values as $key => $value) { if (!empty($value)) { $recipients[$key] = $value; } } return Converter::convert($recipients, $serialization); }