/**
* @Given I have a valid client assertion for client :client in the body request
*/
public function IHaveAValidClientAssertionForClientInTheBodyRequest($client)
{
/*
* @var \Jose\JWKManagerInterface
*/
$key_manager = $this->getContainer()->get('jose.jwk_manager');
$jwk1 = $key_manager->createJWK(['kid' => 'JWK1', 'kty' => 'oct', 'use' => 'enc', 'k' => 'ABEiM0RVZneImaq7zN3u_wABAgMEBQYHCAkKCwwNDg8']);
$jwk2 = $key_manager->createJWK(['kid' => 'JWK2', 'kty' => 'oct', 'use' => 'sig', 'k' => 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow']);
$jose = $this->getContainer()->get('jose');
$input = ['exp' => time() + 3600, 'aud' => 'My Authorization Server', 'iss' => 'My JWT issuer', 'sub' => $client];
$signature_instruction = new SignatureInstruction();
$signature_instruction->setKey($jwk2)->setProtectedHeader(['cty' => 'JWT', 'alg' => 'HS512'])->setUnprotectedHeader([]);
$encryption_instruction = new EncryptionInstruction();
$encryption_instruction->setRecipientKey($jwk1);
$jws = $jose->sign($input, [$signature_instruction]);
$jwe = $jose->encrypt($jws, [$encryption_instruction], ['cty' => 'JWT', 'alg' => 'A256KW', 'enc' => 'A256CBC-HS512', 'exp' => time() + 3600, 'aud' => 'My Authorization Server', 'iss' => 'My JWT issuer', 'sub' => $client]);
$this->iAddKeyWithValueInTheBodyRequest('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');
$this->iAddKeyWithValueInTheBodyRequest('client_assertion', $jwe);
}
/**
* @param string $kid
* @param mixed $payload
* @param array $protected_header
* @param array $shared_unprotected_header
* @param string $mode
* @param null $aad
*
* @throws \Exception
*
* @return string
*/
public function encrypt($kid, $payload, array $protected_header, array $shared_unprotected_header = [], $mode = JSONSerializationModes::JSON_COMPACT_SERIALIZATION, $aad = null)
{
$key = $this->getKeysetManager()->getKeyByKid($kid);
if (!$key instanceof JWKInterface) {
throw new \Exception('Unable to determine the key used to encrypt the payload.');
}
if (!array_key_exists('kid', $protected_header)) {
$protected_header['kid'] = $kid;
}
$instruction = new EncryptionInstruction();
$instruction->setRecipientKey($key);
return $this->getEncrypter()->encrypt($payload, [$instruction], $protected_header, $shared_unprotected_header, $mode, $aad);
}
/**
*
*/
public function testEncryptAndLoadCompactKeyAgreementWithWrapping()
{
$encrypter = $this->getEncrypter();
$loader = $this->getLoader();
$instruction1 = new EncryptionInstruction();
$instruction1->setRecipientKey($this->getECDHRecipientPublicKey());
$instruction1->setSenderKey($this->getECDHSenderPrivateKey());
$instruction1->setRecipientUnprotectedHeader(['kid' => 'e9bc097a-ce51-4036-9562-d2ade882db0d', 'alg' => 'ECDH-ES+A256KW']);
$instruction2 = new EncryptionInstruction();
$instruction2->setRecipientKey($this->getRSARecipientKey());
$instruction2->setRecipientUnprotectedHeader(['kid' => '123456789', 'alg' => 'RSA-OAEP-256']);
$encrypted = $encrypter->encrypt('Je suis Charlie', [$instruction1, $instruction2], ['enc' => 'A256CBC-HS512'], [], JSONSerializationModes::JSON_SERIALIZATION);
$loaded = $loader->load($encrypted);
/*
* @var \Jose\JWEInterface[] $loaded
*/
$this->assertEquals(2, count($loaded));
$this->assertInstanceOf('Jose\\JWEInterface', $loaded[0]);
$this->assertTrue(is_string($loaded[0]->getPayload()));
$this->assertEquals('ECDH-ES+A256KW', $loaded[0]->getAlgorithm());
$this->assertEquals('A256CBC-HS512', $loaded[0]->getEncryptionAlgorithm());
$this->assertNull($loaded[0]->getZip());
$this->assertEquals('Je suis Charlie', $loaded[0]->getPayload());
$this->assertInstanceOf('Jose\\JWEInterface', $loaded[1]);
$this->assertTrue(is_string($loaded[1]->getPayload()));
$this->assertEquals('RSA-OAEP-256', $loaded[1]->getAlgorithm());
$this->assertEquals('A256CBC-HS512', $loaded[1]->getEncryptionAlgorithm());
$this->assertNull($loaded[1]->getZip());
$this->assertEquals('Je suis Charlie', $loaded[1]->getPayload());
}
