/**
* @return $this
* @throws InvalidJWKAlgorithm
* @throws InvalidKeyTypeAlgorithmException
* @throws JWEInvalidRecipientKeyException
* @throws JWEUnsupportedContentEncryptionAlgorithmException
* @throws JWEUnsupportedKeyManagementAlgorithmException
* @throws \Exception
*/
private function encrypt()
{
if (is_null($this->jwk)) {
throw new JWEInvalidRecipientKeyException();
}
if ($this->jwk->getAlgorithm()->getValue() !== $this->header->getAlgorithm()->getString()) {
throw new InvalidJWKAlgorithm(sprintf('mismatch between algorithm intended for use with the key %s and the cryptographic algorithm used to encrypt or determine the value of the CEK %s', $this->jwk->getAlgorithm()->getValue(), $this->header->getAlgorithm()->getString()));
}
$recipient_public_key = $this->jwk->getKey(JSONWebKeyKeyOperationsValues::EncryptContent);
$key_management_algorithm = KeyManagementAlgorithms_Registry::getInstance()->get($this->header->getAlgorithm()->getString());
if (is_null($key_management_algorithm)) {
throw new JWEUnsupportedKeyManagementAlgorithmException(sprintf('alg %s', $this->header->getAlgorithm()->getString()));
}
if ($key_management_algorithm->getKeyType() !== $recipient_public_key->getAlgorithm()) {
throw new InvalidKeyTypeAlgorithmException(sprintf('key should be for alg %s, %s instead.', $key_management_algorithm->getKeyType(), $recipient_public_key->getAlgorithm()));
}
$content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get($this->header->getEncryptionAlgorithm()->getString());
if (is_null($content_encryption_algorithm)) {
throw new JWEUnsupportedContentEncryptionAlgorithmException(sprintf('enc %s', $this->header->getEncryptionAlgorithm()->getString()));
}
$key_management_mode = $this->getKeyManagementMode($key_management_algorithm);
$this->cek = ContentEncryptionKeyFactory::build($recipient_public_key, $key_management_mode, $content_encryption_algorithm);
$this->enc_cek = $this->getJWEEncryptedKey($key_management_algorithm, $recipient_public_key);
/**
* Generate a random JWE Initialization Vector of the correct size
* for the content encryption algorithm (if required for the
* algorithm); otherwise, let the JWE Initialization Vector be the
* empty octet sequence.
*/
$this->iv = '';
if (!is_null($iv_size = $content_encryption_algorithm->getIVSize())) {
$this->iv = $this->createIV($iv_size);
}
// We encrypt the payload and get the tag
$jwt_shared_protected_header = JOSEHeaderSerializer::serialize($this->header);
$payload = $this->payload instanceof IJWSPayloadRawSpec ? $this->payload->getRaw() : '';
$zip = $this->header->getCompressionAlgorithm();
/**
* If a "zip" parameter was included, compress the plaintext using
* the specified compression algorithm and let M be the octet
* sequence representing the compressed plaintext; otherwise, let M
* be the octet sequence representing the plaintext.
*/
if (!is_null($zip)) {
$compression__algorithm = CompressionAlgorithms_Registry::getInstance()->get($zip->getValue());
$payload = $compression__algorithm->compress($payload);
}
/**
* Encrypt M using the CEK, the JWE Initialization Vector, and the
* Additional Authenticated Data value using the specified content
* encryption algorithm to create the JWE Ciphertext value and the
* JWE Authentication Tag (which is the Authentication Tag output
* from the encryption operation).
*/
list($this->cipher_text, $this->tag) = $content_encryption_algorithm->encrypt($payload, $this->cek->getEncoded(), $this->iv, $jwt_shared_protected_header);
return $this;
}
/**
* @return array
*/
public function take()
{
$payload = $this->payload->isClaimSet() ? $this->claim_set : $this->payload->getRaw();
return array($this->header, $payload, $this->signature);
}
/**
* @return array
*/
public function take()
{
$payload = $this->payload instanceof IJWSPayloadRawSpec ? $this->payload->getRaw() : $this->claim_set;
return array($this->header, $payload, $this->signature);
}
