/**
  * @param Key $management_key
  * @param $key_management_mode
  * @param ContentEncryptionAlgorithm $enc
  * @return Key
  * @throws \Exception
  */
 public static function build(Key $management_key, $key_management_mode, ContentEncryptionAlgorithm $enc)
 {
     $cek = null;
     switch ($key_management_mode) {
         /**
          * When Key Wrapping, Key Encryption, or Key Agreement with Key
          * Wrapping are employed, generate a random CEK value
          */
         case KeyManagementModeValues::KeyWrapping:
         case KeyManagementModeValues::KeyEncryption:
         case KeyManagementModeValues::KeyAgreementWithKeyWrapping:
             // calculate it
             $generator = Utils_Registry::getInstance()->get(Utils_Registry::RandomNumberGeneratorService);
             /**
              * The CEK MUST have a length equal to that required for the
              * content encryption algorithm.
              */
             $rnd = $generator->invoke($enc->getMinKeyLen() / 8);
             $cek = new _ContentEncryptionKey($enc->getName(), 'RAW', $rnd);
             break;
         case KeyManagementModeValues::DirectEncryption:
             $cek = $management_key;
             break;
         case KeyManagementModeValues::DirectKeyAgreement:
             throw new \Exception('unsupported KKM!');
             break;
         default:
             throw new \Exception('unsupported KKM!');
             break;
     }
     return $cek;
 }
Exemplo n.º 2
0
 /**
  * @param IJWKSpecification $spec
  * @return IJWK
  * @throws InvalidJWKAlgorithm
  * @throws JWKInvalidSpecException
  */
 public static function build(IJWKSpecification $spec)
 {
     if (is_null($spec)) {
         throw new \InvalidArgumentException('missing spec param');
     }
     $algorithm = DigitalSignatures_MACs_Registry::getInstance()->get($spec->getAlg());
     if (is_null($algorithm)) {
         $algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get($spec->getAlg());
     }
     if (is_null($algorithm)) {
         $algorithm = KeyManagementAlgorithms_Registry::getInstance()->get($spec->getAlg());
     }
     if (is_null($algorithm)) {
         throw new InvalidJWKAlgorithm(sprintf('alg %s not supported!', $spec->getAlg()));
     }
     if ($algorithm->getKeyType() !== JSONWebKeyTypes::OctetSequence) {
         throw new InvalidJWKAlgorithm(sprintf('key type %s not supported!', $algorithm->getKeyType()));
     }
     if (!$spec instanceof OctetSequenceJWKSpecification) {
         throw new JWKInvalidSpecException();
     }
     $shared_secret = $spec->getSharedSecret();
     $secret_len = strlen($shared_secret);
     if ($secret_len === 0) {
         $generator = Utils_Registry::getInstance()->get(Utils_Registry::RandomNumberGeneratorService);
         $shared_secret = $generator->invoke($algorithm->getMinKeyLen() / 8);
     }
     return OctetSequenceJWK::fromSecret(new SymmetricSharedKey($shared_secret), $spec->getAlg(), $spec->getUse());
 }
Exemplo n.º 3
0
 /**
  * @param $size
  * @return string
  */
 public static function build($size)
 {
     $generator = Utils_Registry::getInstance()->get(Utils_Registry::RandomNumberGeneratorService);
     return $generator->invoke($size / 8);
 }