smarcet /
JOSE4PHP
@@ -40,7 +40,9 @@ |
||
| 40 | 40 | $type = @RegisteredJWEJOSEHeaderNames::$registered_basic_headers_set_types[$header_name]; |
| 41 | 41 | if(!is_null($value)) |
| 42 | 42 | { |
| 43 | - if(is_null($type)) continue; |
|
| 43 | + if(is_null($type)) { |
|
| 44 | + continue; |
|
| 45 | + } |
|
| 44 | 46 | $class = new \ReflectionClass($type); |
| 45 | 47 | $value = $class->newInstanceArgs(array($value)); |
| 46 | 48 | } |
@@ -50,8 +50,9 @@ |
||
| 50 | 50 | |
| 51 | 51 | $this->set[RegisteredJWEJOSEHeaderNames::EncryptionAlgorithm] = $enc; |
| 52 | 52 | |
| 53 | - if(!is_null($zip) && CompressionAlgorithms_Registry::getInstance()->get($zip->getValue())) |
|
| 54 | - $this->set[RegisteredJWEJOSEHeaderNames::CompressionAlgorithm] = $zip; |
|
| 53 | + if(!is_null($zip) && CompressionAlgorithms_Registry::getInstance()->get($zip->getValue())) { |
|
| 54 | + $this->set[RegisteredJWEJOSEHeaderNames::CompressionAlgorithm] = $zip; |
|
| 55 | + } |
|
| 55 | 56 | } |
| 56 | 57 | |
| 57 | 58 | /** |
@@ -47,7 +47,9 @@ |
||
| 47 | 47 | |
| 48 | 48 | static public function deserialize($input){ |
| 49 | 49 | $parts = explode(IBasicJWT::SegmentSeparator, $input); |
| 50 | - if (count($parts) !== 5) throw new JWEInvalidCompactFormatException; |
|
| 50 | + if (count($parts) !== 5) { |
|
| 51 | + throw new JWEInvalidCompactFormatException; |
|
| 52 | + } |
|
| 51 | 53 | |
| 52 | 54 | $header = JWEJOSEHeaderSerializer::deserialize($parts[0]); |
| 53 | 55 | $enc_cek = JWTRawSerializer::deserialize($parts[1]); |
@@ -66,11 +66,13 @@ |
||
| 66 | 66 | public function __construct(IJWK $key, StringOrURI $alg, StringOrURI $enc, $payload, JsonValue $zip = null) |
| 67 | 67 | { |
| 68 | 68 | |
| 69 | - if(is_null($key)) |
|
| 70 | - throw new JWEInvalidRecipientKeyException(); |
|
| 69 | + if(is_null($key)) { |
|
| 70 | + throw new JWEInvalidRecipientKeyException(); |
|
| 71 | + } |
|
| 71 | 72 | |
| 72 | - if(is_null($payload)) |
|
| 73 | - throw new JWEInvalidPayloadException('missing payload'); |
|
| 73 | + if(is_null($payload)) { |
|
| 74 | + throw new JWEInvalidPayloadException('missing payload'); |
|
| 75 | + } |
|
| 74 | 76 | |
| 75 | 77 | $this->key = $key; |
| 76 | 78 | $this->alg = $alg; |
@@ -98,8 +98,9 @@ discard block |
||
| 98 | 98 | protected function __construct(IJWEJOSEHeader $header, IJWSPayloadSpec $payload = null) |
| 99 | 99 | { |
| 100 | 100 | $this->header = $header; |
| 101 | - if(!is_null($payload)) |
|
| 102 | - $this->setPayload($payload); |
|
| 101 | + if(!is_null($payload)) { |
|
| 102 | + $this->setPayload($payload); |
|
| 103 | + } |
|
| 103 | 104 | } |
| 104 | 105 | |
| 105 | 106 | /** |
@@ -155,8 +156,9 @@ discard block |
||
| 155 | 156 | $this->decrypt(); |
| 156 | 157 | } |
| 157 | 158 | |
| 158 | - if (is_null($this->payload)) |
|
| 159 | - $this->payload = JWSPayloadFactory::build(''); |
|
| 159 | + if (is_null($this->payload)) { |
|
| 160 | + $this->payload = JWSPayloadFactory::build(''); |
|
| 161 | + } |
|
| 160 | 162 | |
| 161 | 163 | return $this->payload->getRaw(); |
| 162 | 164 | } |
@@ -212,16 +214,21 @@ discard block |
||
| 212 | 214 | */ |
| 213 | 215 | private function getKeyManagementMode(EncryptionAlgorithm $alg) |
| 214 | 216 | { |
| 215 | - if($alg instanceof KeyEncryption) |
|
| 216 | - return KeyManagementModeValues::KeyEncryption; |
|
| 217 | - if($alg instanceof KeyWrapping) |
|
| 218 | - return KeyManagementModeValues::KeyWrapping; |
|
| 219 | - if($alg instanceof DirectKeyAgreement) |
|
| 220 | - return KeyManagementModeValues::DirectKeyAgreement; |
|
| 221 | - if($alg instanceof KeyAgreementWithKeyWrapping) |
|
| 222 | - return KeyManagementModeValues::KeyAgreementWithKeyWrapping; |
|
| 223 | - if($alg instanceof DirectEncryption) |
|
| 224 | - return KeyManagementModeValues::DirectEncryption; |
|
| 217 | + if($alg instanceof KeyEncryption) { |
|
| 218 | + return KeyManagementModeValues::KeyEncryption; |
|
| 219 | + } |
|
| 220 | + if($alg instanceof KeyWrapping) { |
|
| 221 | + return KeyManagementModeValues::KeyWrapping; |
|
| 222 | + } |
|
| 223 | + if($alg instanceof DirectKeyAgreement) { |
|
| 224 | + return KeyManagementModeValues::DirectKeyAgreement; |
|
| 225 | + } |
|
| 226 | + if($alg instanceof KeyAgreementWithKeyWrapping) { |
|
| 227 | + return KeyManagementModeValues::KeyAgreementWithKeyWrapping; |
|
| 228 | + } |
|
| 229 | + if($alg instanceof DirectEncryption) { |
|
| 230 | + return KeyManagementModeValues::DirectEncryption; |
|
| 231 | + } |
|
| 225 | 232 | } |
| 226 | 233 | |
| 227 | 234 | /** |
@@ -236,11 +243,12 @@ discard block |
||
| 236 | 243 | private function encrypt() |
| 237 | 244 | { |
| 238 | 245 | |
| 239 | - if (is_null($this->jwk)) |
|
| 240 | - throw new JWEInvalidRecipientKeyException; |
|
| 246 | + if (is_null($this->jwk)) { |
|
| 247 | + throw new JWEInvalidRecipientKeyException; |
|
| 248 | + } |
|
| 241 | 249 | |
| 242 | - if($this->jwk->getAlgorithm()->getValue()!== $this->header->getAlgorithm()->getString()) |
|
| 243 | - throw new InvalidJWKAlgorithm |
|
| 250 | + if($this->jwk->getAlgorithm()->getValue()!== $this->header->getAlgorithm()->getString()) { |
|
| 251 | + throw new InvalidJWKAlgorithm |
|
| 244 | 252 | ( |
| 245 | 253 | sprintf |
| 246 | 254 | ( |
@@ -249,16 +257,18 @@ discard block |
||
| 249 | 257 | $this->header->getAlgorithm()->getString() |
| 250 | 258 | ) |
| 251 | 259 | ); |
| 260 | + } |
|
| 252 | 261 | |
| 253 | 262 | $recipient_public_key = $this->jwk->getKey(JSONWebKeyKeyOperationsValues::EncryptContent); |
| 254 | 263 | |
| 255 | 264 | $key_management_algorithm = KeyManagementAlgorithms_Registry::getInstance()->get($this->header->getAlgorithm()->getString()); |
| 256 | 265 | |
| 257 | - if (is_null($key_management_algorithm)) |
|
| 258 | - throw new JWEUnsupportedKeyManagementAlgorithmException(sprintf('alg %s', $this->header->getAlgorithm()->getString())); |
|
| 266 | + if (is_null($key_management_algorithm)) { |
|
| 267 | + throw new JWEUnsupportedKeyManagementAlgorithmException(sprintf('alg %s', $this->header->getAlgorithm()->getString())); |
|
| 268 | + } |
|
| 259 | 269 | |
| 260 | - if($key_management_algorithm->getKeyType() !== $recipient_public_key->getAlgorithm()) |
|
| 261 | - throw new InvalidKeyTypeAlgorithmException |
|
| 270 | + if($key_management_algorithm->getKeyType() !== $recipient_public_key->getAlgorithm()) { |
|
| 271 | + throw new InvalidKeyTypeAlgorithmException |
|
| 262 | 272 | ( |
| 263 | 273 | sprintf |
| 264 | 274 | ( |
@@ -267,14 +277,15 @@ discard block |
||
| 267 | 277 | $recipient_public_key->getAlgorithm() |
| 268 | 278 | ) |
| 269 | 279 | ); |
| 280 | + } |
|
| 270 | 281 | |
| 271 | 282 | $content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get |
| 272 | 283 | ( |
| 273 | 284 | $this->header->getEncryptionAlgorithm()->getString() |
| 274 | 285 | ); |
| 275 | 286 | |
| 276 | - if (is_null($content_encryption_algorithm)) |
|
| 277 | - throw new JWEUnsupportedContentEncryptionAlgorithmException |
|
| 287 | + if (is_null($content_encryption_algorithm)) { |
|
| 288 | + throw new JWEUnsupportedContentEncryptionAlgorithmException |
|
| 278 | 289 | ( |
| 279 | 290 | sprintf |
| 280 | 291 | ( |
@@ -282,6 +293,7 @@ discard block |
||
| 282 | 293 | $this->header->getEncryptionAlgorithm()->getString() |
| 283 | 294 | ) |
| 284 | 295 | ); |
| 296 | + } |
|
| 285 | 297 | |
| 286 | 298 | $key_management_mode = $this->getKeyManagementMode($key_management_algorithm); |
| 287 | 299 | |
@@ -354,8 +366,8 @@ discard block |
||
| 354 | 366 | $key_management_mode = $this->getKeyManagementMode($alg); |
| 355 | 367 | $recipient_private_key = $this->jwk->getKey(JSONWebKeyKeyOperationsValues::DecryptContentAndValidateDecryption); |
| 356 | 368 | |
| 357 | - if($alg->getKeyType() !== $recipient_private_key->getAlgorithm()) |
|
| 358 | - throw new InvalidKeyTypeAlgorithmException |
|
| 369 | + if($alg->getKeyType() !== $recipient_private_key->getAlgorithm()) { |
|
| 370 | + throw new InvalidKeyTypeAlgorithmException |
|
| 359 | 371 | ( |
| 360 | 372 | sprintf |
| 361 | 373 | ( |
@@ -364,6 +376,7 @@ discard block |
||
| 364 | 376 | $recipient_private_key->getAlgorithm() |
| 365 | 377 | ) |
| 366 | 378 | ); |
| 379 | + } |
|
| 367 | 380 | |
| 368 | 381 | switch($key_management_mode){ |
| 369 | 382 | /** |
@@ -387,13 +400,15 @@ discard block |
||
| 387 | 400 | * symmetric key. |
| 388 | 401 | */ |
| 389 | 402 | case KeyManagementModeValues::DirectEncryption: |
| 390 | - if(!empty($this->enc_cek)) |
|
| 391 | - throw new JWEInvalidCompactFormatException('JWE Encrypted Key value is not an empty octetsequence.'); |
|
| 403 | + if(!empty($this->enc_cek)) { |
|
| 404 | + throw new JWEInvalidCompactFormatException('JWE Encrypted Key value is not an empty octetsequence.'); |
|
| 405 | + } |
|
| 392 | 406 | return $recipient_private_key; |
| 393 | 407 | break; |
| 394 | 408 | case KeyManagementModeValues::DirectKeyAgreement: |
| 395 | - if(!empty($this->enc_cek)) |
|
| 396 | - throw new JWEInvalidCompactFormatException('JWE Encrypted Key value is not an empty octetsequence.'); |
|
| 409 | + if(!empty($this->enc_cek)) { |
|
| 410 | + throw new JWEInvalidCompactFormatException('JWE Encrypted Key value is not an empty octetsequence.'); |
|
| 411 | + } |
|
| 397 | 412 | throw new \Exception('unsupported Key Management Mode!'); |
| 398 | 413 | break; |
| 399 | 414 | } |
@@ -412,13 +427,16 @@ discard block |
||
| 412 | 427 | */ |
| 413 | 428 | private function decrypt() |
| 414 | 429 | { |
| 415 | - if (is_null($this->jwk)) |
|
| 416 | - throw new JWEInvalidRecipientKeyException(); |
|
| 430 | + if (is_null($this->jwk)) { |
|
| 431 | + throw new JWEInvalidRecipientKeyException(); |
|
| 432 | + } |
|
| 417 | 433 | |
| 418 | - if (!$this->should_decrypt) return $this; |
|
| 434 | + if (!$this->should_decrypt) { |
|
| 435 | + return $this; |
|
| 436 | + } |
|
| 419 | 437 | |
| 420 | - if($this->jwk->getAlgorithm()->getValue()!== $this->header->getAlgorithm()->getString()) |
|
| 421 | - throw new InvalidJWKAlgorithm |
|
| 438 | + if($this->jwk->getAlgorithm()->getValue()!== $this->header->getAlgorithm()->getString()) { |
|
| 439 | + throw new InvalidJWKAlgorithm |
|
| 422 | 440 | ( |
| 423 | 441 | sprintf |
| 424 | 442 | ( |
@@ -427,14 +445,15 @@ discard block |
||
| 427 | 445 | $this->header->getAlgorithm()->getString() |
| 428 | 446 | ) |
| 429 | 447 | ); |
| 448 | + } |
|
| 430 | 449 | |
| 431 | 450 | $key_management_algorithm = KeyManagementAlgorithms_Registry::getInstance()->get |
| 432 | 451 | ( |
| 433 | 452 | $this->header->getAlgorithm()->getString() |
| 434 | 453 | ); |
| 435 | 454 | |
| 436 | - if (is_null($key_management_algorithm)) |
|
| 437 | - throw new JWEUnsupportedKeyManagementAlgorithmException |
|
| 455 | + if (is_null($key_management_algorithm)) { |
|
| 456 | + throw new JWEUnsupportedKeyManagementAlgorithmException |
|
| 438 | 457 | ( |
| 439 | 458 | sprintf |
| 440 | 459 | ( |
@@ -442,14 +461,15 @@ discard block |
||
| 442 | 461 | $this->header->getAlgorithm()->getString() |
| 443 | 462 | ) |
| 444 | 463 | ); |
| 464 | + } |
|
| 445 | 465 | |
| 446 | 466 | $content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get |
| 447 | 467 | ( |
| 448 | 468 | $this->header->getEncryptionAlgorithm()->getString() |
| 449 | 469 | ); |
| 450 | 470 | |
| 451 | - if (is_null($content_encryption_algorithm)) |
|
| 452 | - throw new JWEUnsupportedContentEncryptionAlgorithmException |
|
| 471 | + if (is_null($content_encryption_algorithm)) { |
|
| 472 | + throw new JWEUnsupportedContentEncryptionAlgorithmException |
|
| 453 | 473 | ( |
| 454 | 474 | sprintf |
| 455 | 475 | ( |
@@ -457,6 +477,7 @@ discard block |
||
| 457 | 477 | $this->header->getEncryptionAlgorithm()->getString() |
| 458 | 478 | ) |
| 459 | 479 | ); |
| 480 | + } |
|
| 460 | 481 | |
| 461 | 482 | $this->cek = $this->decryptJWEEncryptedKey($key_management_algorithm); |
| 462 | 483 | |
@@ -40,8 +40,8 @@ discard block |
||
| 40 | 40 | if($spec instanceof IJWE_ParamsSpecification) |
| 41 | 41 | { |
| 42 | 42 | |
| 43 | - if($spec->getRecipientKey()->getKeyUse()->getString() !== JSONWebKeyPublicKeyUseValues::Encryption) |
|
| 44 | - throw new InvalidJWKType |
|
| 43 | + if($spec->getRecipientKey()->getKeyUse()->getString() !== JSONWebKeyPublicKeyUseValues::Encryption) { |
|
| 44 | + throw new InvalidJWKType |
|
| 45 | 45 | ( |
| 46 | 46 | sprintf |
| 47 | 47 | ( |
@@ -49,9 +49,10 @@ discard block |
||
| 49 | 49 | $spec->getRecipientKey()->getKeyUse()->getString() |
| 50 | 50 | ) |
| 51 | 51 | ); |
| 52 | + } |
|
| 52 | 53 | |
| 53 | - if($spec->getAlg()->getString() !== $spec->getRecipientKey()->getAlgorithm()->getString()) |
|
| 54 | - throw new InvalidJWKAlgorithm |
|
| 54 | + if($spec->getAlg()->getString() !== $spec->getRecipientKey()->getAlgorithm()->getString()) { |
|
| 55 | + throw new InvalidJWKAlgorithm |
|
| 55 | 56 | ( |
| 56 | 57 | sprintf |
| 57 | 58 | ( |
@@ -60,6 +61,7 @@ discard block |
||
| 60 | 61 | $spec->getRecipientKey()->getAlgorithm()->getString() |
| 61 | 62 | ) |
| 62 | 63 | ); |
| 64 | + } |
|
| 63 | 65 | |
| 64 | 66 | $header = new JWEJOSEHeader |
| 65 | 67 | ( |
@@ -71,8 +73,9 @@ discard block |
||
| 71 | 73 | //set zip alg |
| 72 | 74 | $zip = $spec->getZip(); |
| 73 | 75 | |
| 74 | - if(!is_null($zip)) |
|
| 75 | - $header->setCompressionAlgorithm($zip); |
|
| 76 | + if(!is_null($zip)) { |
|
| 77 | + $header->setCompressionAlgorithm($zip); |
|
| 78 | + } |
|
| 76 | 79 | |
| 77 | 80 | $jwe = JWE::fromHeaderAndPayload($header, $spec->getPayload()); |
| 78 | 81 | |
@@ -64,7 +64,9 @@ |
||
| 64 | 64 | * @return null|CompressionAlgorithm |
| 65 | 65 | */ |
| 66 | 66 | public function get($alg){ |
| 67 | - if(!$this->isSupported($alg)) return null; |
|
| 67 | + if(!$this->isSupported($alg)) { |
|
| 68 | + return null; |
|
| 69 | + } |
|
| 68 | 70 | return $this->algorithms[$alg]; |
| 69 | 71 | } |
| 70 | 72 | } |
| 71 | 73 | \ No newline at end of file |
@@ -37,8 +37,9 @@ |
||
| 37 | 37 | |
| 38 | 38 | parent::__construct($pem_format, $password); |
| 39 | 39 | $this->d = $this->rsa_imp->exponent; |
| 40 | - if($this->d->toString() === $this->e->toString()) |
|
| 41 | - throw new RSABadPEMFormat(sprintf('pem %s is a public key!', $pem_format)); |
|
| 40 | + if($this->d->toString() === $this->e->toString()) { |
|
| 41 | + throw new RSABadPEMFormat(sprintf('pem %s is a public key!', $pem_format)); |
|
| 42 | + } |
|
| 42 | 43 | } |
| 43 | 44 | |
| 44 | 45 | /** |
@@ -48,12 +48,15 @@ |
||
| 48 | 48 | $this->pem_format = $pem_format; |
| 49 | 49 | $this->rsa_imp = new \Crypt_RSA(); |
| 50 | 50 | |
| 51 | - if(!empty($password)) |
|
| 52 | - $this->rsa_imp->setPassword($password); |
|
| 51 | + if(!empty($password)) { |
|
| 52 | + $this->rsa_imp->setPassword($password); |
|
| 53 | + } |
|
| 53 | 54 | |
| 54 | 55 | $res = $this->rsa_imp->loadKey($this->pem_format, CRYPT_RSA_PRIVATE_FORMAT_PKCS1); |
| 55 | 56 | |
| 56 | - if(!$res) throw new RSABadPEMFormat(sprintf('pem %s',$pem_format )); |
|
| 57 | + if(!$res) { |
|
| 58 | + throw new RSABadPEMFormat(sprintf('pem %s',$pem_format )); |
|
| 59 | + } |
|
| 57 | 60 | |
| 58 | 61 | $this->n = $this->rsa_imp->modulus; |
| 59 | 62 | } |
