smarcet /
JOSE4PHP
@@ -142,7 +142,7 @@ |
||
| 142 | 142 | } |
| 143 | 143 | |
| 144 | 144 | /** |
| 145 | - * @return mixed |
|
| 145 | + * @return string |
|
| 146 | 146 | * @throws JWEInvalidRecipientKeyException |
| 147 | 147 | * @throws JWEUnsupportedContentEncryptionAlgorithmException |
| 148 | 148 | * @throws JWEUnsupportedKeyManagementAlgorithmException |
@@ -97,7 +97,7 @@ discard block |
||
| 97 | 97 | protected function __construct(IJWEJOSEHeader $header, IJWSPayloadSpec $payload = null) |
| 98 | 98 | { |
| 99 | 99 | $this->header = $header; |
| 100 | - if(!is_null($payload)) |
|
| 100 | + if (!is_null($payload)) |
|
| 101 | 101 | $this->setPayload($payload); |
| 102 | 102 | } |
| 103 | 103 | |
@@ -157,7 +157,7 @@ discard block |
||
| 157 | 157 | if (is_null($this->payload)) |
| 158 | 158 | $this->payload = JWSPayloadFactory::build(''); |
| 159 | 159 | |
| 160 | - return ($this->payload instanceof IJWSPayloadRawSpec) ? $this->payload->getRaw():''; |
|
| 160 | + return ($this->payload instanceof IJWSPayloadRawSpec) ? $this->payload->getRaw() : ''; |
|
| 161 | 161 | } |
| 162 | 162 | |
| 163 | 163 | /** |
@@ -183,7 +183,7 @@ discard block |
||
| 183 | 183 | * the result be the JWE Encrypted Key. |
| 184 | 184 | */ |
| 185 | 185 | $key_management_mode = $this->getKeyManagementMode($alg); |
| 186 | - switch($key_management_mode){ |
|
| 186 | + switch ($key_management_mode) { |
|
| 187 | 187 | case KeyManagementModeValues::KeyEncryption: |
| 188 | 188 | case KeyManagementModeValues::KeyWrapping: |
| 189 | 189 | case KeyManagementModeValues::KeyAgreementWithKeyWrapping: |
@@ -211,15 +211,15 @@ discard block |
||
| 211 | 211 | */ |
| 212 | 212 | private function getKeyManagementMode(EncryptionAlgorithm $alg) |
| 213 | 213 | { |
| 214 | - if($alg instanceof KeyEncryption) |
|
| 214 | + if ($alg instanceof KeyEncryption) |
|
| 215 | 215 | return KeyManagementModeValues::KeyEncryption; |
| 216 | - if($alg instanceof KeyWrapping) |
|
| 216 | + if ($alg instanceof KeyWrapping) |
|
| 217 | 217 | return KeyManagementModeValues::KeyWrapping; |
| 218 | - if($alg instanceof DirectKeyAgreement) |
|
| 218 | + if ($alg instanceof DirectKeyAgreement) |
|
| 219 | 219 | return KeyManagementModeValues::DirectKeyAgreement; |
| 220 | - if($alg instanceof KeyAgreementWithKeyWrapping) |
|
| 220 | + if ($alg instanceof KeyAgreementWithKeyWrapping) |
|
| 221 | 221 | return KeyManagementModeValues::KeyAgreementWithKeyWrapping; |
| 222 | - if($alg instanceof DirectEncryption) |
|
| 222 | + if ($alg instanceof DirectEncryption) |
|
| 223 | 223 | return KeyManagementModeValues::DirectEncryption; |
| 224 | 224 | } |
| 225 | 225 | |
@@ -238,11 +238,9 @@ discard block |
||
| 238 | 238 | if (is_null($this->jwk)) |
| 239 | 239 | throw new JWEInvalidRecipientKeyException; |
| 240 | 240 | |
| 241 | - if($this->jwk->getAlgorithm()->getValue()!== $this->header->getAlgorithm()->getString()) |
|
| 242 | - throw new InvalidJWKAlgorithm |
|
| 243 | - ( |
|
| 244 | - sprintf |
|
| 245 | - ( |
|
| 241 | + if ($this->jwk->getAlgorithm()->getValue() !== $this->header->getAlgorithm()->getString()) |
|
| 242 | + throw new InvalidJWKAlgorithm( |
|
| 243 | + sprintf( |
|
| 246 | 244 | 'mismatch between algorithm intended for use with the key %s and the cryptographic algorithm used to encrypt or determine the value of the CEK %s', |
| 247 | 245 | $this->jwk->getAlgorithm()->getValue(), |
| 248 | 246 | $this->header->getAlgorithm()->getString() |
@@ -256,27 +254,22 @@ discard block |
||
| 256 | 254 | if (is_null($key_management_algorithm)) |
| 257 | 255 | throw new JWEUnsupportedKeyManagementAlgorithmException(sprintf('alg %s', $this->header->getAlgorithm()->getString())); |
| 258 | 256 | |
| 259 | - if($key_management_algorithm->getKeyType() !== $recipient_public_key->getAlgorithm()) |
|
| 260 | - throw new InvalidKeyTypeAlgorithmException |
|
| 261 | - ( |
|
| 262 | - sprintf |
|
| 263 | - ( |
|
| 257 | + if ($key_management_algorithm->getKeyType() !== $recipient_public_key->getAlgorithm()) |
|
| 258 | + throw new InvalidKeyTypeAlgorithmException( |
|
| 259 | + sprintf( |
|
| 264 | 260 | 'key should be for alg %s, %s instead.', |
| 265 | 261 | $key_management_algorithm->getKeyType(), |
| 266 | 262 | $recipient_public_key->getAlgorithm() |
| 267 | 263 | ) |
| 268 | 264 | ); |
| 269 | 265 | |
| 270 | - $content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get |
|
| 271 | - ( |
|
| 266 | + $content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get( |
|
| 272 | 267 | $this->header->getEncryptionAlgorithm()->getString() |
| 273 | 268 | ); |
| 274 | 269 | |
| 275 | 270 | if (is_null($content_encryption_algorithm)) |
| 276 | - throw new JWEUnsupportedContentEncryptionAlgorithmException |
|
| 277 | - ( |
|
| 278 | - sprintf |
|
| 279 | - ( |
|
| 271 | + throw new JWEUnsupportedContentEncryptionAlgorithmException( |
|
| 272 | + sprintf( |
|
| 280 | 273 | 'enc %s', |
| 281 | 274 | $this->header->getEncryptionAlgorithm()->getString() |
| 282 | 275 | ) |
@@ -284,8 +277,7 @@ discard block |
||
| 284 | 277 | |
| 285 | 278 | $key_management_mode = $this->getKeyManagementMode($key_management_algorithm); |
| 286 | 279 | |
| 287 | - $this->cek = ContentEncryptionKeyFactory::build |
|
| 288 | - ( |
|
| 280 | + $this->cek = ContentEncryptionKeyFactory::build( |
|
| 289 | 281 | $recipient_public_key, |
| 290 | 282 | $key_management_mode, |
| 291 | 283 | $content_encryption_algorithm |
@@ -299,7 +291,7 @@ discard block |
||
| 299 | 291 | * algorithm); otherwise, let the JWE Initialization Vector be the |
| 300 | 292 | * empty octet sequence. |
| 301 | 293 | */ |
| 302 | - $this->iv = ''; |
|
| 294 | + $this->iv = ''; |
|
| 303 | 295 | |
| 304 | 296 | if (!is_null($iv_size = $content_encryption_algorithm->getIVSize())) |
| 305 | 297 | { |
@@ -308,7 +300,7 @@ discard block |
||
| 308 | 300 | // We encrypt the payload and get the tag |
| 309 | 301 | $jwt_shared_protected_header = JOSEHeaderSerializer::serialize($this->header); |
| 310 | 302 | |
| 311 | - $payload = ($this->payload instanceof IJWSPayloadRawSpec) ? $this->payload->getRaw():''; |
|
| 303 | + $payload = ($this->payload instanceof IJWSPayloadRawSpec) ? $this->payload->getRaw() : ''; |
|
| 312 | 304 | $zip = $this->header->getCompressionAlgorithm(); |
| 313 | 305 | /** |
| 314 | 306 | * If a "zip" parameter was included, compress the plaintext using |
@@ -316,10 +308,10 @@ discard block |
||
| 316 | 308 | * sequence representing the compressed plaintext; otherwise, let M |
| 317 | 309 | * be the octet sequence representing the plaintext. |
| 318 | 310 | */ |
| 319 | - if(!is_null($zip)) |
|
| 311 | + if (!is_null($zip)) |
|
| 320 | 312 | { |
| 321 | 313 | $compression__algorithm = CompressionAlgorithms_Registry::getInstance()->get($zip->getValue()); |
| 322 | - $payload = $compression__algorithm->compress($payload); |
|
| 314 | + $payload = $compression__algorithm->compress($payload); |
|
| 323 | 315 | } |
| 324 | 316 | |
| 325 | 317 | /** |
@@ -329,8 +321,7 @@ discard block |
||
| 329 | 321 | * JWE Authentication Tag (which is the Authentication Tag output |
| 330 | 322 | * from the encryption operation). |
| 331 | 323 | */ |
| 332 | - list($this->cipher_text, $this->tag) = $content_encryption_algorithm->encrypt |
|
| 333 | - ( |
|
| 324 | + list($this->cipher_text, $this->tag) = $content_encryption_algorithm->encrypt( |
|
| 334 | 325 | $payload, |
| 335 | 326 | $this->cek->getEncoded(), |
| 336 | 327 | $this->iv, |
@@ -348,23 +339,21 @@ discard block |
||
| 348 | 339 | * @throws InvalidKeyTypeAlgorithmException |
| 349 | 340 | * @throws \Exception |
| 350 | 341 | */ |
| 351 | - private function decryptJWEEncryptedKey(EncryptionAlgorithm $alg){ |
|
| 342 | + private function decryptJWEEncryptedKey(EncryptionAlgorithm $alg) { |
|
| 352 | 343 | |
| 353 | 344 | $key_management_mode = $this->getKeyManagementMode($alg); |
| 354 | 345 | $recipient_private_key = $this->jwk->getKey(JSONWebKeyKeyOperationsValues::DecryptContentAndValidateDecryption); |
| 355 | 346 | |
| 356 | - if($alg->getKeyType() !== $recipient_private_key->getAlgorithm()) |
|
| 357 | - throw new InvalidKeyTypeAlgorithmException |
|
| 358 | - ( |
|
| 359 | - sprintf |
|
| 360 | - ( |
|
| 347 | + if ($alg->getKeyType() !== $recipient_private_key->getAlgorithm()) |
|
| 348 | + throw new InvalidKeyTypeAlgorithmException( |
|
| 349 | + sprintf( |
|
| 361 | 350 | 'key should be for alg %s, %s instead.', |
| 362 | 351 | $alg->getKeyType(), |
| 363 | 352 | $recipient_private_key->getAlgorithm() |
| 364 | 353 | ) |
| 365 | 354 | ); |
| 366 | 355 | |
| 367 | - switch($key_management_mode){ |
|
| 356 | + switch ($key_management_mode) { |
|
| 368 | 357 | /** |
| 369 | 358 | * When Key Wrapping, Key Encryption, or Key Agreement with Key |
| 370 | 359 | * Wrapping are employed, decrypt the JWE Encrypted Key to produce |
@@ -386,12 +375,12 @@ discard block |
||
| 386 | 375 | * symmetric key. |
| 387 | 376 | */ |
| 388 | 377 | case KeyManagementModeValues::DirectEncryption: |
| 389 | - if(!empty($this->enc_cek)) |
|
| 378 | + if (!empty($this->enc_cek)) |
|
| 390 | 379 | throw new JWEInvalidCompactFormatException('JWE Encrypted Key value is not an empty octetsequence.'); |
| 391 | 380 | return $recipient_private_key; |
| 392 | 381 | break; |
| 393 | 382 | case KeyManagementModeValues::DirectKeyAgreement: |
| 394 | - if(!empty($this->enc_cek)) |
|
| 383 | + if (!empty($this->enc_cek)) |
|
| 395 | 384 | throw new JWEInvalidCompactFormatException('JWE Encrypted Key value is not an empty octetsequence.'); |
| 396 | 385 | throw new \Exception('unsupported Key Management Mode!'); |
| 397 | 386 | break; |
@@ -416,42 +405,34 @@ discard block |
||
| 416 | 405 | |
| 417 | 406 | if (!$this->should_decrypt) return $this; |
| 418 | 407 | |
| 419 | - if($this->jwk->getAlgorithm()->getValue()!== $this->header->getAlgorithm()->getString()) |
|
| 420 | - throw new InvalidJWKAlgorithm |
|
| 421 | - ( |
|
| 422 | - sprintf |
|
| 423 | - ( |
|
| 408 | + if ($this->jwk->getAlgorithm()->getValue() !== $this->header->getAlgorithm()->getString()) |
|
| 409 | + throw new InvalidJWKAlgorithm( |
|
| 410 | + sprintf( |
|
| 424 | 411 | 'mismatch between algorithm intended for use with the key %s and the cryptographic algorithm used to encrypt or determine the value of the CEK %s', |
| 425 | 412 | $this->jwk->getAlgorithm()->getValue(), |
| 426 | 413 | $this->header->getAlgorithm()->getString() |
| 427 | 414 | ) |
| 428 | 415 | ); |
| 429 | 416 | |
| 430 | - $key_management_algorithm = KeyManagementAlgorithms_Registry::getInstance()->get |
|
| 431 | - ( |
|
| 417 | + $key_management_algorithm = KeyManagementAlgorithms_Registry::getInstance()->get( |
|
| 432 | 418 | $this->header->getAlgorithm()->getString() |
| 433 | 419 | ); |
| 434 | 420 | |
| 435 | 421 | if (is_null($key_management_algorithm)) |
| 436 | - throw new JWEUnsupportedKeyManagementAlgorithmException |
|
| 437 | - ( |
|
| 438 | - sprintf |
|
| 439 | - ( |
|
| 422 | + throw new JWEUnsupportedKeyManagementAlgorithmException( |
|
| 423 | + sprintf( |
|
| 440 | 424 | 'alg %s', |
| 441 | 425 | $this->header->getAlgorithm()->getString() |
| 442 | 426 | ) |
| 443 | 427 | ); |
| 444 | 428 | |
| 445 | - $content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get |
|
| 446 | - ( |
|
| 429 | + $content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get( |
|
| 447 | 430 | $this->header->getEncryptionAlgorithm()->getString() |
| 448 | 431 | ); |
| 449 | 432 | |
| 450 | 433 | if (is_null($content_encryption_algorithm)) |
| 451 | - throw new JWEUnsupportedContentEncryptionAlgorithmException |
|
| 452 | - ( |
|
| 453 | - sprintf |
|
| 454 | - ( |
|
| 434 | + throw new JWEUnsupportedContentEncryptionAlgorithmException( |
|
| 435 | + sprintf( |
|
| 455 | 436 | 'enc %s', |
| 456 | 437 | $this->header->getEncryptionAlgorithm()->getString() |
| 457 | 438 | ) |
@@ -472,8 +453,7 @@ discard block |
||
| 472 | 453 | * rejecting the input without emitting any decrypted output if the |
| 473 | 454 | * JWE Authentication Tag is incorrect. |
| 474 | 455 | */ |
| 475 | - $plain_text = $content_encryption_algorithm->decrypt |
|
| 476 | - ( |
|
| 456 | + $plain_text = $content_encryption_algorithm->decrypt( |
|
| 477 | 457 | $this->cipher_text, |
| 478 | 458 | $this->cek->getEncoded(), |
| 479 | 459 | $this->iv, |
@@ -481,12 +461,12 @@ discard block |
||
| 481 | 461 | $this->tag |
| 482 | 462 | ); |
| 483 | 463 | |
| 484 | - $zip = $this->header->getCompressionAlgorithm(); |
|
| 464 | + $zip = $this->header->getCompressionAlgorithm(); |
|
| 485 | 465 | /** |
| 486 | 466 | * If a "zip" parameter was included, uncompress the decrypted |
| 487 | 467 | * plaintext using the specified compression algorithm. |
| 488 | 468 | */ |
| 489 | - if(!is_null($zip)) |
|
| 469 | + if (!is_null($zip)) |
|
| 490 | 470 | { |
| 491 | 471 | $compression__algorithm = CompressionAlgorithms_Registry::getInstance()->get($zip->getValue()); |
| 492 | 472 | $plain_text = $compression__algorithm->uncompress($plain_text); |
@@ -1,16 +1,16 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | /** |
| 3 | - * Copyright 2015 OpenStack Foundation |
|
| 4 | - * Licensed under the Apache License, Version 2.0 (the "License"); |
|
| 5 | - * you may not use this file except in compliance with the License. |
|
| 6 | - * You may obtain a copy of the License at |
|
| 7 | - * http://www.apache.org/licenses/LICENSE-2.0 |
|
| 8 | - * Unless required by applicable law or agreed to in writing, software |
|
| 9 | - * distributed under the License is distributed on an "AS IS" BASIS, |
|
| 10 | - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
| 11 | - * See the License for the specific language governing permissions and |
|
| 12 | - * limitations under the License. |
|
| 13 | - **/ |
|
| 3 | + * Copyright 2015 OpenStack Foundation |
|
| 4 | + * Licensed under the Apache License, Version 2.0 (the "License"); |
|
| 5 | + * you may not use this file except in compliance with the License. |
|
| 6 | + * You may obtain a copy of the License at |
|
| 7 | + * http://www.apache.org/licenses/LICENSE-2.0 |
|
| 8 | + * Unless required by applicable law or agreed to in writing, software |
|
| 9 | + * distributed under the License is distributed on an "AS IS" BASIS, |
|
| 10 | + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
| 11 | + * See the License for the specific language governing permissions and |
|
| 12 | + * limitations under the License. |
|
| 13 | + **/ |
|
| 14 | 14 | |
| 15 | 15 | namespace jwk; |
| 16 | 16 | |
@@ -26,7 +26,7 @@ discard block |
||
| 26 | 26 | /** |
| 27 | 27 | * @return \Math_BigInteger |
| 28 | 28 | */ |
| 29 | - public function toBigInt(){ |
|
| 29 | + public function toBigInt() { |
|
| 30 | 30 | $b64 = new Base64UrlRepresentation(); |
| 31 | 31 | $hex = bin2hex($b64->decode($this->value)); |
| 32 | 32 | return new \Math_BigInteger('0x'.$hex, 16); |
@@ -36,7 +36,7 @@ discard block |
||
| 36 | 36 | * @param \Math_BigInteger $big_int |
| 37 | 37 | * @return Base64urlUInt |
| 38 | 38 | */ |
| 39 | - public static function fromBigInt(\Math_BigInteger $big_int){ |
|
| 39 | + public static function fromBigInt(\Math_BigInteger $big_int) { |
|
| 40 | 40 | $b64 = new Base64UrlRepresentation(); |
| 41 | 41 | $input = $big_int->toBytes(); |
| 42 | 42 | return new Base64urlUInt($b64->encode($input)); |
