/**
* @param Key $management_key
* @param $key_management_mode
* @param ContentEncryptionAlgorithm $enc
* @return Key
* @throws \Exception
*/
public static function build(Key $management_key, $key_management_mode, ContentEncryptionAlgorithm $enc)
{
$cek = null;
switch ($key_management_mode) {
/**
* When Key Wrapping, Key Encryption, or Key Agreement with Key
* Wrapping are employed, generate a random CEK value
*/
case KeyManagementModeValues::KeyWrapping:
case KeyManagementModeValues::KeyEncryption:
case KeyManagementModeValues::KeyAgreementWithKeyWrapping:
// calculate it
$generator = Utils_Registry::getInstance()->get(Utils_Registry::RandomNumberGeneratorService);
/**
* The CEK MUST have a length equal to that required for the
* content encryption algorithm.
*/
$rnd = $generator->invoke($enc->getMinKeyLen() / 8);
$cek = new _ContentEncryptionKey($enc->getName(), 'RAW', $rnd);
break;
case KeyManagementModeValues::DirectEncryption:
$cek = $management_key;
break;
case KeyManagementModeValues::DirectKeyAgreement:
throw new \Exception('unsupported KKM!');
break;
default:
throw new \Exception('unsupported KKM!');
break;
}
return $cek;
}
/**
* @param IJWKSpecification $spec
* @return IJWK
* @throws InvalidJWKAlgorithm
* @throws JWKInvalidSpecException
*/
public static function build(IJWKSpecification $spec)
{
if (is_null($spec)) {
throw new \InvalidArgumentException('missing spec param');
}
$algorithm = DigitalSignatures_MACs_Registry::getInstance()->get($spec->getAlg());
if (is_null($algorithm)) {
$algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get($spec->getAlg());
}
if (is_null($algorithm)) {
$algorithm = KeyManagementAlgorithms_Registry::getInstance()->get($spec->getAlg());
}
if (is_null($algorithm)) {
throw new InvalidJWKAlgorithm(sprintf('alg %s not supported!', $spec->getAlg()));
}
if ($algorithm->getKeyType() !== JSONWebKeyTypes::OctetSequence) {
throw new InvalidJWKAlgorithm(sprintf('key type %s not supported!', $algorithm->getKeyType()));
}
if (!$spec instanceof OctetSequenceJWKSpecification) {
throw new JWKInvalidSpecException();
}
$shared_secret = $spec->getSharedSecret();
$secret_len = strlen($shared_secret);
if ($secret_len === 0) {
$generator = Utils_Registry::getInstance()->get(Utils_Registry::RandomNumberGeneratorService);
$shared_secret = $generator->invoke($algorithm->getMinKeyLen() / 8);
}
return OctetSequenceJWK::fromSecret(new SymmetricSharedKey($shared_secret), $spec->getAlg(), $spec->getUse());
}
/**
* @param $size
* @return string
*/
public static function build($size)
{
$generator = Utils_Registry::getInstance()->get(Utils_Registry::RandomNumberGeneratorService);
return $generator->invoke($size / 8);
}