/**
  * @Given I have a valid client assertion for client :client in the body request
  */
 public function IHaveAValidClientAssertionForClientInTheBodyRequest($client)
 {
     /*
      * @var \Jose\JWKManagerInterface
      */
     $key_manager = $this->getContainer()->get('jose.jwk_manager');
     $jwk1 = $key_manager->createJWK(['kid' => 'JWK1', 'kty' => 'oct', 'use' => 'enc', 'k' => 'ABEiM0RVZneImaq7zN3u_wABAgMEBQYHCAkKCwwNDg8']);
     $jwk2 = $key_manager->createJWK(['kid' => 'JWK2', 'kty' => 'oct', 'use' => 'sig', 'k' => 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow']);
     $jose = $this->getContainer()->get('jose');
     $input = ['exp' => time() + 3600, 'aud' => 'My Authorization Server', 'iss' => 'My JWT issuer', 'sub' => $client];
     $signature_instruction = new SignatureInstruction();
     $signature_instruction->setKey($jwk2)->setProtectedHeader(['cty' => 'JWT', 'alg' => 'HS512'])->setUnprotectedHeader([]);
     $encryption_instruction = new EncryptionInstruction();
     $encryption_instruction->setRecipientKey($jwk1);
     $jws = $jose->sign($input, [$signature_instruction]);
     $jwe = $jose->encrypt($jws, [$encryption_instruction], ['cty' => 'JWT', 'alg' => 'A256KW', 'enc' => 'A256CBC-HS512', 'exp' => time() + 3600, 'aud' => 'My Authorization Server', 'iss' => 'My JWT issuer', 'sub' => $client]);
     $this->iAddKeyWithValueInTheBodyRequest('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');
     $this->iAddKeyWithValueInTheBodyRequest('client_assertion', $jwe);
 }
示例#2
0
 /**
  * @param string $kid
  * @param mixed  $payload
  * @param array  $protected_header
  * @param array  $shared_unprotected_header
  * @param string $mode
  * @param null   $aad
  *
  * @throws \Exception
  *
  * @return string
  */
 public function encrypt($kid, $payload, array $protected_header, array $shared_unprotected_header = [], $mode = JSONSerializationModes::JSON_COMPACT_SERIALIZATION, $aad = null)
 {
     $key = $this->getKeysetManager()->getKeyByKid($kid);
     if (!$key instanceof JWKInterface) {
         throw new \Exception('Unable to determine the key used to encrypt the payload.');
     }
     if (!array_key_exists('kid', $protected_header)) {
         $protected_header['kid'] = $kid;
     }
     $instruction = new EncryptionInstruction();
     $instruction->setRecipientKey($key);
     return $this->getEncrypter()->encrypt($payload, [$instruction], $protected_header, $shared_unprotected_header, $mode, $aad);
 }
示例#3
0
 /**
  *
  */
 public function testEncryptAndLoadCompactKeyAgreementWithWrapping()
 {
     $encrypter = $this->getEncrypter();
     $loader = $this->getLoader();
     $instruction1 = new EncryptionInstruction();
     $instruction1->setRecipientKey($this->getECDHRecipientPublicKey());
     $instruction1->setSenderKey($this->getECDHSenderPrivateKey());
     $instruction1->setRecipientUnprotectedHeader(['kid' => 'e9bc097a-ce51-4036-9562-d2ade882db0d', 'alg' => 'ECDH-ES+A256KW']);
     $instruction2 = new EncryptionInstruction();
     $instruction2->setRecipientKey($this->getRSARecipientKey());
     $instruction2->setRecipientUnprotectedHeader(['kid' => '123456789', 'alg' => 'RSA-OAEP-256']);
     $encrypted = $encrypter->encrypt('Je suis Charlie', [$instruction1, $instruction2], ['enc' => 'A256CBC-HS512'], [], JSONSerializationModes::JSON_SERIALIZATION);
     $loaded = $loader->load($encrypted);
     /*
      * @var \Jose\JWEInterface[] $loaded
      */
     $this->assertEquals(2, count($loaded));
     $this->assertInstanceOf('Jose\\JWEInterface', $loaded[0]);
     $this->assertTrue(is_string($loaded[0]->getPayload()));
     $this->assertEquals('ECDH-ES+A256KW', $loaded[0]->getAlgorithm());
     $this->assertEquals('A256CBC-HS512', $loaded[0]->getEncryptionAlgorithm());
     $this->assertNull($loaded[0]->getZip());
     $this->assertEquals('Je suis Charlie', $loaded[0]->getPayload());
     $this->assertInstanceOf('Jose\\JWEInterface', $loaded[1]);
     $this->assertTrue(is_string($loaded[1]->getPayload()));
     $this->assertEquals('RSA-OAEP-256', $loaded[1]->getAlgorithm());
     $this->assertEquals('A256CBC-HS512', $loaded[1]->getEncryptionAlgorithm());
     $this->assertNull($loaded[1]->getZip());
     $this->assertEquals('Je suis Charlie', $loaded[1]->getPayload());
 }