/** * {@inheritdoc} */ public function encrypt(Object\JWEInterface &$jwe) { Assertion::false($jwe->isEncrypted(), 'The JWE is already encrypted.'); Assertion::greaterThan($jwe->countRecipients(), 0, 'The JWE does not contain recipient.'); $additional_headers = []; $nb_recipients = $jwe->countRecipients(); $content_encryption_algorithm = $this->getContentEncryptionAlgorithm($jwe); $compression_method = $this->getCompressionMethod($jwe); $key_management_mode = $this->getKeyManagementMode($jwe); $cek = $this->determineCEK($jwe, $content_encryption_algorithm, $key_management_mode, $additional_headers); for ($i = 0; $i < $nb_recipients; $i++) { $this->processRecipient($jwe, $jwe->getRecipient($i), $cek, $content_encryption_algorithm, $additional_headers); } if (!empty($additional_headers) && 1 === $jwe->countRecipients()) { $jwe = $jwe->withSharedProtectedHeaders(array_merge($jwe->getSharedProtectedHeaders(), $additional_headers)); } $iv_size = $content_encryption_algorithm->getIVSize(); $iv = $this->createIV($iv_size); $this->encryptJWE($jwe, $content_encryption_algorithm, $cek, $iv, $compression_method); }