/** * @param \Jose\Object\JWEInterface $jwe * * @throws \OAuth2\Exception\BaseExceptionInterface * * @return \Jose\Object\JWSInterface */ protected function decryptAssertion(JWEInterface $jwe) { if (!in_array($jwe->getHeader('alg'), $this->allowed_encryption_algorithms) || !in_array($jwe->getHeader('enc'), $this->allowed_encryption_algorithms)) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, sprintf('Algorithm not allowed. Authorized algorithms: %s.', json_encode($this->allowed_encryption_algorithms))); } $this->decrypter->decrypt($jwe, $this->key_set); if (null === $jwe->getPayload()) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Unable to decrypt the payload. Please verify keys used for encryption.'); } $jws = $this->loader->load($jwe->getPayload()); if (!$jws instanceof JWSInterface) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'The encrypted assertion does not contain a single JWS.'); } return $jws; }