Issues in JWE.php - All Issues - Inspection of "[smarcet]" - smarcet/JOSE4PHP - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 16bc05...356550 )

by sebastian

created 2016-04-05 20:35 UTC

src/jwe/impl/JWE.php (8 issues)

Labels

Severity

Informational 8

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Copyright 2015 OpenStack Foundation
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 **/

namespace jwe\impl;

use jwa\cryptographic_algorithms\ContentEncryptionAlgorithms_Registry;
use jwa\cryptographic_algorithms\EncryptionAlgorithm;
use jwa\cryptographic_algorithms\exceptions\InvalidKeyTypeAlgorithmException;
use jwa\cryptographic_algorithms\key_management\modes\DirectEncryption;
use jwa\cryptographic_algorithms\key_management\modes\DirectKeyAgreement;
use jwa\cryptographic_algorithms\key_management\modes\KeyAgreementWithKeyWrapping;
use jwa\cryptographic_algorithms\key_management\modes\KeyEncryption;
use jwa\cryptographic_algorithms\key_management\modes\KeyWrapping;
use jwa\cryptographic_algorithms\KeyManagementAlgorithms_Registry;
use jwe\exceptions\JWEInvalidCompactFormatException;
use jwe\exceptions\JWEInvalidRecipientKeyException;
use jwe\exceptions\JWEUnsupportedContentEncryptionAlgorithmException;
use jwe\exceptions\JWEUnsupportedKeyManagementAlgorithmException;
use jwe\compression_algorithms\CompressionAlgorithms_Registry;
use jwe\IJWEJOSEHeader;
use jwe\IJWE;
use jwe\KeyManagementModeValues;
use jwk\exceptions\InvalidJWKAlgorithm;
use jwk\IJWK;
use jwk\JSONWebKeyKeyOperationsValues;
use jws\IJWSPayloadRawSpec;
use jws\IJWSPayloadSpec;
use jws\payloads\JWSPayloadFactory;
use jwt\utils\JOSEHeaderSerializer;
use security\Key;

/**
 * Class JWE
 * @package jwe\impl
 * @access private
 */
final class JWE implements IJWE, IJWESnapshot
{

    /**
     * @var IJWK
     */
    private $jwk = null;

    /**
     * @var IJWSPayloadSpec
     */
    private $payload = null;

    /**
     * @var IJWEJOSEHeader
     */
    private $header;

    /**
     * @var Key
     */
    private $cek = null;

    /**
     * @var string
     */
    private $tag = null;

    /**
     * @var string
     */
    private $cipher_text = null;

    /**
     * @var string
     */
    private $iv;

    /**
     * @var string
     */
    private $enc_cek = null;

    private $should_decrypt = false;

    /**
     * @param IJWEJOSEHeader $header
     * @param IJWSPayloadSpec $payload
     */
    protected function __construct(IJWEJOSEHeader $header, IJWSPayloadSpec $payload = null)
    {
        $this->header = $header;
        if(!is_null($payload))
            $this->setPayload($payload);
    }

    /**
     * @param IJWK $recipient_key
     * @return $this
     */
    public function setRecipientKey(IJWK $recipient_key)
    {
        $this->jwk = $recipient_key;
        return $this;
    }

    /**
     * @param IJWSPayloadSpec $payload
     * @return $this
     */
    public function setPayload(IJWSPayloadSpec $payload)
    {
        $this->payload = $payload;
        return $this;
    }

    /**
     * @param int $size
     * @return String
     */
    protected function createIV($size)
    {
        return IVFactory::build($size);
    }

    /**
     * @throws JWEInvalidRecipientKeyException
     * @throws JWEUnsupportedContentEncryptionAlgorithmException
     * @throws JWEUnsupportedKeyManagementAlgorithmException
     * @return string
     */
    public function toCompactSerialization()
    {
        return JWESerializer::serialize($this->encrypt());
    }

    /**
     * @return mixed
     * @throws JWEInvalidRecipientKeyException
     * @throws JWEUnsupportedContentEncryptionAlgorithmException
     * @throws JWEUnsupportedKeyManagementAlgorithmException
     */
    public function getPlainText()
    {
        if ($this->should_decrypt)
        {
            $this->decrypt();
        }

        if (is_null($this->payload))
            $this->payload = JWSPayloadFactory::build('');

        return ($this->payload instanceof IJWSPayloadRawSpec) ? $this->payload->getRaw():'';
    }

    /**
     * @return IJWEJOSEHeader
     */
    public function getJOSEHeader()
    {
        return $this->header;
    }


    /***
     * @param EncryptionAlgorithm $alg
     * @param Key $recipient_public_key
     * @return string
     */
     private function getJWEEncryptedKey(EncryptionAlgorithm $alg, Key $recipient_public_key)
     {
        /**
         * When Key Wrapping, Key Encryption, or Key Agreement with Key
         * Wrapping are employed, encrypt the CEK to the recipient and let
         * the result be the JWE Encrypted Key.
         */
         $key_management_mode = $this->getKeyManagementMode($alg);
         switch($key_management_mode){
             case KeyManagementModeValues::KeyEncryption:
             case KeyManagementModeValues::KeyWrapping:
             case KeyManagementModeValues::KeyAgreementWithKeyWrapping:
switch ($expr) {
    case "A": { //wrong
        doSomething();
        break;
    }
    case "B": //right
        doSomething();
        break;
}
             {
                 return $alg->encrypt($recipient_public_key, $this->cek->getEncoded());
             }
             /**
              * When Direct Key Agreement or Direct Encryption are employed, let
              * the JWE Encrypted Key be the empty octet sequence.
              */
             default:
             return '';
         }
     }

    /**
     * Determine the Key Management Mode employed by the algorithm used
     * to determine the Content Encryption Key value.  (This is the
     * algorithm recorded in the "alg" (algorithm) Header Parameter of
     * the resulting JWE.)
     * @param EncryptionAlgorithm $alg
     * @return string
     */
    private function getKeyManagementMode(EncryptionAlgorithm $alg)
    {
        if($alg instanceof KeyEncryption)
            return KeyManagementModeValues::KeyEncryption;
        if($alg instanceof KeyWrapping)
            return KeyManagementModeValues::KeyWrapping;
        if($alg instanceof DirectKeyAgreement)
            return KeyManagementModeValues::DirectKeyAgreement;
        if($alg instanceof KeyAgreementWithKeyWrapping)
            return KeyManagementModeValues::KeyAgreementWithKeyWrapping;
        if($alg instanceof DirectEncryption)
            return KeyManagementModeValues::DirectEncryption;
    }

    /**
     * @return $this
     * @throws InvalidJWKAlgorithm
     * @throws InvalidKeyTypeAlgorithmException
     * @throws JWEInvalidRecipientKeyException
     * @throws JWEUnsupportedContentEncryptionAlgorithmException
     * @throws JWEUnsupportedKeyManagementAlgorithmException
     * @throws \Exception
     */
    private function encrypt()
    {

        if (is_null($this->jwk))
            throw new JWEInvalidRecipientKeyException;

        if($this->jwk->getAlgorithm()->getValue()!== $this->header->getAlgorithm()->getString())

            throw new InvalidJWKAlgorithm
            (
                sprintf
                (
                    'mismatch between algorithm intended for use with the key %s and the cryptographic algorithm used to encrypt or determine the value of the CEK %s',
                    $this->jwk->getAlgorithm()->getValue(),
                    $this->header->getAlgorithm()->getString()
                )
            );

        $recipient_public_key     = $this->jwk->getKey(JSONWebKeyKeyOperationsValues::EncryptContent);

        $key_management_algorithm = KeyManagementAlgorithms_Registry::getInstance()->get($this->header->getAlgorithm()->getString());

        if (is_null($key_management_algorithm))
            throw new JWEUnsupportedKeyManagementAlgorithmException(sprintf('alg %s', $this->header->getAlgorithm()->getString()));

        if($key_management_algorithm->getKeyType() !== $recipient_public_key->getAlgorithm())
            throw new InvalidKeyTypeAlgorithmException
            (
                sprintf
                (
                    'key should be for alg %s, %s instead.',
                    $key_management_algorithm->getKeyType(),
                    $recipient_public_key->getAlgorithm()
                )
            );

        $content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get
        (
            $this->header->getEncryptionAlgorithm()->getString()
        );

        if (is_null($content_encryption_algorithm))
            throw new JWEUnsupportedContentEncryptionAlgorithmException
            (
                sprintf
                (
                    'enc %s',
                    $this->header->getEncryptionAlgorithm()->getString()
                )
            );

        $key_management_mode = $this->getKeyManagementMode($key_management_algorithm);

        $this->cek     = ContentEncryptionKeyFactory::build
        (
            $recipient_public_key,
            $key_management_mode,
            $content_encryption_algorithm
        );

        $this->enc_cek = $this->getJWEEncryptedKey($key_management_algorithm, $recipient_public_key);

        /**
         * Generate a random JWE Initialization Vector of the correct size
         * for the content encryption algorithm (if required for the
         * algorithm); otherwise, let the JWE Initialization Vector be the
         * empty octet sequence.
         */
        $this->iv      = '';

        if (!is_null($iv_size = $content_encryption_algorithm->getIVSize()))
        {
            $this->iv = $this->createIV($iv_size);
        }
        // We encrypt the payload and get the tag
        $jwt_shared_protected_header = JOSEHeaderSerializer::serialize($this->header);

        $payload = ($this->payload instanceof IJWSPayloadRawSpec) ? $this->payload->getRaw():'';
        $zip     = $this->header->getCompressionAlgorithm();
        /**
         * If a "zip" parameter was included, compress the plaintext using
         * the specified compression algorithm and let M be the octet
         * sequence representing the compressed plaintext; otherwise, let M
         * be the octet sequence representing the plaintext.
         */
        if(!is_null($zip))

        {
            $compression__algorithm = CompressionAlgorithms_Registry::getInstance()->get($zip->getValue());
            $payload  = $compression__algorithm->compress($payload);
        }

        /**
         * Encrypt M using the CEK, the JWE Initialization Vector, and the
         * Additional Authenticated Data value using the specified content
         * encryption algorithm to create the JWE Ciphertext value and the
         * JWE Authentication Tag (which is the Authentication Tag output
         * from the encryption operation).
         */
        list($this->cipher_text, $this->tag) = $content_encryption_algorithm->encrypt
        (
            $payload,
            $this->cek->getEncoded(),
            $this->iv,
            $jwt_shared_protected_header
        );

        return $this;
    }


    /**
     * @param EncryptionAlgorithm $alg
     * @return null|Key
     * @throws JWEInvalidCompactFormatException
     * @throws InvalidKeyTypeAlgorithmException
     * @throws \Exception
     */
    private function decryptJWEEncryptedKey(EncryptionAlgorithm $alg){

        $key_management_mode   = $this->getKeyManagementMode($alg);
        $recipient_private_key = $this->jwk->getKey(JSONWebKeyKeyOperationsValues::DecryptContentAndValidateDecryption);

        if($alg->getKeyType() !== $recipient_private_key->getAlgorithm())
            throw new InvalidKeyTypeAlgorithmException
            (
                sprintf
                (
                    'key should be for alg %s, %s instead.',
                    $alg->getKeyType(),
                    $recipient_private_key->getAlgorithm()
                )
            );

        switch($key_management_mode){
            /**
             * When Key Wrapping, Key Encryption, or Key Agreement with Key
             * Wrapping are employed, decrypt the JWE Encrypted Key to produce
             * the CEK.  The CEK MUST have a length equal to that required for
             * the content encryption algorithm
             */
            case KeyManagementModeValues::KeyEncryption:
            case KeyManagementModeValues::KeyWrapping:
            case KeyManagementModeValues::KeyAgreementWithKeyWrapping:
switch ($expr) {
    case "A": { //wrong
        doSomething();
        break;
    }
    case "B": //right
        doSomething();
        break;
}
            {

                return ContentEncryptionKeyFactory::fromRaw($alg->decrypt($recipient_private_key, $this->enc_cek), $alg);
            }
            /**
             * When Direct Key Agreement or Direct Encryption are employed,
             * verify that the JWE Encrypted Key value is an empty octetsequence.
             * When Direct Encryption is employed, let the CEK be the shared
             * symmetric key.
             */
            case KeyManagementModeValues::DirectEncryption:
switch ($expr) {
    case "A": { //wrong
        doSomething();
        break;
    }
    case "B": //right
        doSomething();
        break;
}
            {
                if (!empty($this->enc_cek))
                    throw new JWEInvalidCompactFormatException('JWE Encrypted Key value is not an empty octetsequence.');
                return $recipient_private_key;
            }
            case KeyManagementModeValues::DirectKeyAgreement:
switch ($expr) {
    case "A": { //wrong
        doSomething();
        break;
    }
    case "B": //right
        doSomething();
        break;
}
            {
                if (!empty($this->enc_cek))
                    throw new JWEInvalidCompactFormatException('JWE Encrypted Key value is not an empty octetsequence.');
                throw new \Exception('unsupported Key Management Mode!');
            }
        }
        return null;
    }

    /**
     * @return $this
     * @throws InvalidJWKAlgorithm
     * @throws InvalidKeyTypeAlgorithmException
     * @throws JWEInvalidCompactFormatException
     * @throws JWEInvalidRecipientKeyException
     * @throws JWEUnsupportedContentEncryptionAlgorithmException
     * @throws JWEUnsupportedKeyManagementAlgorithmException
     * @throws \Exception
     */
    private function decrypt()
    {
        if (is_null($this->jwk))
            throw new JWEInvalidRecipientKeyException();

        if (!$this->should_decrypt) return $this;

        if($this->jwk->getAlgorithm()->getValue()!== $this->header->getAlgorithm()->getString())

            throw new InvalidJWKAlgorithm
            (
                sprintf
                (
                    'mismatch between algorithm intended for use with the key %s and the cryptographic algorithm used to encrypt or determine the value of the CEK %s',
                    $this->jwk->getAlgorithm()->getValue(),
                    $this->header->getAlgorithm()->getString()
                )
            );

        $key_management_algorithm = KeyManagementAlgorithms_Registry::getInstance()->get
        (
            $this->header->getAlgorithm()->getString()
        );

        if (is_null($key_management_algorithm))
            throw new JWEUnsupportedKeyManagementAlgorithmException
            (
                sprintf
                (
                    'alg %s',
                    $this->header->getAlgorithm()->getString()
                )
            );

        $content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get
        (
            $this->header->getEncryptionAlgorithm()->getString()
        );

        if (is_null($content_encryption_algorithm))
            throw new JWEUnsupportedContentEncryptionAlgorithmException
            (
                sprintf
                (
                    'enc %s',
                    $this->header->getEncryptionAlgorithm()->getString()
                )
            );

        $this->cek = $this->decryptJWEEncryptedKey($key_management_algorithm);

        // We encrypt the payload and get the tag
        $jwt_shared_protected_header = JOSEHeaderSerializer::serialize($this->header);

        /**
         * Decrypt the JWE Cipher Text using the CEK, the JWE Initialization
         * Vector, the Additional Authenticated Data value, and the JWE
         * Authentication Tag (which is the Authentication Tag input to the
         * calculation) using the specified content encryption algorithm,
         * returning the decrypted plaintext and validating the JWE
         * Authentication Tag in the manner specified for the algorithm,
         * rejecting the input without emitting any decrypted output if the
         * JWE Authentication Tag is incorrect.
         */
        $plain_text = $content_encryption_algorithm->decrypt
        (
            $this->cipher_text,
            $this->cek->getEncoded(),
            $this->iv,
            $jwt_shared_protected_header,
            $this->tag
        );

        $zip     = $this->header->getCompressionAlgorithm();
        /**
         * If a "zip" parameter was included, uncompress the decrypted
         * plaintext using the specified compression algorithm.
         */
        if(!is_null($zip))

        {
            $compression__algorithm = CompressionAlgorithms_Registry::getInstance()->get($zip->getValue());
            $plain_text = $compression__algorithm->uncompress($plain_text);
        }

        $this->setPayload(JWSPayloadFactory::build($plain_text));
        $this->should_decrypt = false;

        return $this;
    }

    /**
     * @return array
     */
    public function take()
    {
        return array(
            $this->header,
            $this->enc_cek,
            $this->iv,
            $this->cipher_text,
            $this->tag);
    }

    /**
     * @param IJWEJOSEHeader $header
     * @param IJWSPayloadSpec $payload
     * @return IJWE
     */
    public static function fromHeaderAndPayload(IJWEJOSEHeader $header, IJWSPayloadSpec $payload)
    {
        return new JWE($header, $payload);
    }

    /**
     * @param string $compact_serialization
     * @return IJWE
     * @throws JWEInvalidCompactFormatException
     * @access private
     */
    public static function fromCompactSerialization($compact_serialization)
    {

        list($header, $enc_cek, $iv, $cipher_text, $tag) = JWESerializer::deserialize($compact_serialization);
        $jwe     = new JWE($header);
        $jwe->iv = $iv;
        $jwe->tag = $tag;
        $jwe->enc_cek = $enc_cek;
        $jwe->cipher_text = $cipher_text;
        $jwe->should_decrypt = true;
        return $jwe;
    }
}

1		<?php
2		/**
3		* Copyright 2015 OpenStack Foundation
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		* http://www.apache.org/licenses/LICENSE-2.0
8		* Unless required by applicable law or agreed to in writing, software
9		* distributed under the License is distributed on an "AS IS" BASIS,
10		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11		* See the License for the specific language governing permissions and
12		* limitations under the License.
13		**/
14
15		namespace jwe\impl;
16
17		use jwa\cryptographic_algorithms\ContentEncryptionAlgorithms_Registry;
18		use jwa\cryptographic_algorithms\EncryptionAlgorithm;
19		use jwa\cryptographic_algorithms\exceptions\InvalidKeyTypeAlgorithmException;
20		use jwa\cryptographic_algorithms\key_management\modes\DirectEncryption;
21		use jwa\cryptographic_algorithms\key_management\modes\DirectKeyAgreement;
22		use jwa\cryptographic_algorithms\key_management\modes\KeyAgreementWithKeyWrapping;
23		use jwa\cryptographic_algorithms\key_management\modes\KeyEncryption;
24		use jwa\cryptographic_algorithms\key_management\modes\KeyWrapping;
25		use jwa\cryptographic_algorithms\KeyManagementAlgorithms_Registry;
26		use jwe\exceptions\JWEInvalidCompactFormatException;
27		use jwe\exceptions\JWEInvalidRecipientKeyException;
28		use jwe\exceptions\JWEUnsupportedContentEncryptionAlgorithmException;
29		use jwe\exceptions\JWEUnsupportedKeyManagementAlgorithmException;
30		use jwe\compression_algorithms\CompressionAlgorithms_Registry;
31		use jwe\IJWEJOSEHeader;
32		use jwe\IJWE;
33		use jwe\KeyManagementModeValues;
34		use jwk\exceptions\InvalidJWKAlgorithm;
35		use jwk\IJWK;
36		use jwk\JSONWebKeyKeyOperationsValues;
37		use jws\IJWSPayloadRawSpec;
38		use jws\IJWSPayloadSpec;
39		use jws\payloads\JWSPayloadFactory;
40		use jwt\utils\JOSEHeaderSerializer;
41		use security\Key;
42
43		/**
44		* Class JWE
45		* @package jwe\impl
46		* @access private
47		*/
48		final class JWE implements IJWE, IJWESnapshot
49		{
50
51		/**
52		* @var IJWK
53		*/
54		private $jwk = null;
55
56		/**
57		* @var IJWSPayloadSpec
58		*/
59		private $payload = null;
60
61		/**
62		* @var IJWEJOSEHeader
63		*/
64		private $header;
65
66		/**
67		* @var Key
68		*/
69		private $cek = null;
70
71		/**
72		* @var string
73		*/
74		private $tag = null;
75
76		/**
77		* @var string
78		*/
79		private $cipher_text = null;
80
81		/**
82		* @var string
83		*/
84		private $iv;
85
86		/**
87		* @var string
88		*/
89		private $enc_cek = null;
90
91		private $should_decrypt = false;
92
93		/**
94		* @param IJWEJOSEHeader $header
95		* @param IJWSPayloadSpec $payload
96		*/
97		protected function __construct(IJWEJOSEHeader $header, IJWSPayloadSpec $payload = null)
98		{
99		$this->header = $header;
100		if(!is_null($payload))
101		$this->setPayload($payload);
102		}
103
104		/**
105		* @param IJWK $recipient_key
106		* @return $this
107		*/
108		public function setRecipientKey(IJWK $recipient_key)
109		{
110		$this->jwk = $recipient_key;
111		return $this;
112		}
113
114		/**
115		* @param IJWSPayloadSpec $payload
116		* @return $this
117		*/
118		public function setPayload(IJWSPayloadSpec $payload)
119		{
120		$this->payload = $payload;
121		return $this;
122		}
123
124		/**
125		* @param int $size
126		* @return String
127		*/
128		protected function createIV($size)
129		{
130		return IVFactory::build($size);
131		}
132
133		/**
134		* @throws JWEInvalidRecipientKeyException
135		* @throws JWEUnsupportedContentEncryptionAlgorithmException
136		* @throws JWEUnsupportedKeyManagementAlgorithmException
137		* @return string
138		*/
139		public function toCompactSerialization()
140		{
141		return JWESerializer::serialize($this->encrypt());
142		}
143
144		/**
145		* @return mixed
146		* @throws JWEInvalidRecipientKeyException
147		* @throws JWEUnsupportedContentEncryptionAlgorithmException
148		* @throws JWEUnsupportedKeyManagementAlgorithmException
149		*/
150		public function getPlainText()
151		{
152		if ($this->should_decrypt)
153		{
154		$this->decrypt();
155		}
156
157		if (is_null($this->payload))
158		$this->payload = JWSPayloadFactory::build('');
159
160		return ($this->payload instanceof IJWSPayloadRawSpec) ? $this->payload->getRaw():'';
161		}
162
163		/**
164		* @return IJWEJOSEHeader
165		*/
166		public function getJOSEHeader()
167		{
168		return $this->header;
169		}
170
171
172		/***
173		* @param EncryptionAlgorithm $alg
174		* @param Key $recipient_public_key
175		* @return string
176		*/
177		private function getJWEEncryptedKey(EncryptionAlgorithm $alg, Key $recipient_public_key)
178		{
179		/**
180		* When Key Wrapping, Key Encryption, or Key Agreement with Key
181		* Wrapping are employed, encrypt the CEK to the recipient and let
182		* the result be the JWE Encrypted Key.
183		*/
184		$key_management_mode = $this->getKeyManagementMode($alg);
185		switch($key_management_mode){
186		case KeyManagementModeValues::KeyEncryption:
187		case KeyManagementModeValues::KeyWrapping:
188		case KeyManagementModeValues::KeyAgreementWithKeyWrapping:
		0 ignored issues – show Coding Style introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this CASE statements must be defined using a colon As per the PSR-2 coding standard, case statements should not be wrapped in curly braces. There is no need for braces, since each case is terminated by the next `break`. switch ($expr) { case "A": { //wrong doSomething(); break; } case "B": //right doSomething(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
189		{
190		return $alg->encrypt($recipient_public_key, $this->cek->getEncoded());
191		}
192		/**
193		* When Direct Key Agreement or Direct Encryption are employed, let
194		* the JWE Encrypted Key be the empty octet sequence.
195		*/
196		default:
197		return '';
198		}
199		}
200
201		/**
202		* Determine the Key Management Mode employed by the algorithm used
203		* to determine the Content Encryption Key value. (This is the
204		* algorithm recorded in the "alg" (algorithm) Header Parameter of
205		* the resulting JWE.)
206		* @param EncryptionAlgorithm $alg
207		* @return string
208		*/
209		private function getKeyManagementMode(EncryptionAlgorithm $alg)
210		{
211		if($alg instanceof KeyEncryption)
212		return KeyManagementModeValues::KeyEncryption;
213		if($alg instanceof KeyWrapping)
214		return KeyManagementModeValues::KeyWrapping;
215		if($alg instanceof DirectKeyAgreement)
216		return KeyManagementModeValues::DirectKeyAgreement;
217		if($alg instanceof KeyAgreementWithKeyWrapping)
218		return KeyManagementModeValues::KeyAgreementWithKeyWrapping;
219		if($alg instanceof DirectEncryption)
220		return KeyManagementModeValues::DirectEncryption;
221		}
222
223		/**
224		* @return $this
225		* @throws InvalidJWKAlgorithm
226		* @throws InvalidKeyTypeAlgorithmException
227		* @throws JWEInvalidRecipientKeyException
228		* @throws JWEUnsupportedContentEncryptionAlgorithmException
229		* @throws JWEUnsupportedKeyManagementAlgorithmException
230		* @throws \Exception
231		*/
232		private function encrypt()
233		{
234
235		if (is_null($this->jwk))
236		throw new JWEInvalidRecipientKeyException;
237
238	View Code Duplication	if($this->jwk->getAlgorithm()->getValue()!== $this->header->getAlgorithm()->getString())
		0 ignored issues – show Duplication introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
239		throw new InvalidJWKAlgorithm
240		(
241		sprintf
242		(
243		'mismatch between algorithm intended for use with the key %s and the cryptographic algorithm used to encrypt or determine the value of the CEK %s',
244		$this->jwk->getAlgorithm()->getValue(),
245		$this->header->getAlgorithm()->getString()
246		)
247		);
248
249		$recipient_public_key = $this->jwk->getKey(JSONWebKeyKeyOperationsValues::EncryptContent);
250
251		$key_management_algorithm = KeyManagementAlgorithms_Registry::getInstance()->get($this->header->getAlgorithm()->getString());
252
253		if (is_null($key_management_algorithm))
254		throw new JWEUnsupportedKeyManagementAlgorithmException(sprintf('alg %s', $this->header->getAlgorithm()->getString()));
255
256		if($key_management_algorithm->getKeyType() !== $recipient_public_key->getAlgorithm())
257		throw new InvalidKeyTypeAlgorithmException
258		(
259		sprintf
260		(
261		'key should be for alg %s, %s instead.',
262		$key_management_algorithm->getKeyType(),
263		$recipient_public_key->getAlgorithm()
264		)
265		);
266
267		$content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get
268		(
269		$this->header->getEncryptionAlgorithm()->getString()
270		);
271
272		if (is_null($content_encryption_algorithm))
273		throw new JWEUnsupportedContentEncryptionAlgorithmException
274		(
275		sprintf
276		(
277		'enc %s',
278		$this->header->getEncryptionAlgorithm()->getString()
279		)
280		);
281
282		$key_management_mode = $this->getKeyManagementMode($key_management_algorithm);
283
284		$this->cek = ContentEncryptionKeyFactory::build
285		(
286		$recipient_public_key,
287		$key_management_mode,
288		$content_encryption_algorithm
289		);
290
291		$this->enc_cek = $this->getJWEEncryptedKey($key_management_algorithm, $recipient_public_key);
292
293		/**
294		* Generate a random JWE Initialization Vector of the correct size
295		* for the content encryption algorithm (if required for the
296		* algorithm); otherwise, let the JWE Initialization Vector be the
297		* empty octet sequence.
298		*/
299		$this->iv = '';
300
301		if (!is_null($iv_size = $content_encryption_algorithm->getIVSize()))
302		{
303		$this->iv = $this->createIV($iv_size);
304		}
305		// We encrypt the payload and get the tag
306		$jwt_shared_protected_header = JOSEHeaderSerializer::serialize($this->header);
307
308		$payload = ($this->payload instanceof IJWSPayloadRawSpec) ? $this->payload->getRaw():'';
309		$zip = $this->header->getCompressionAlgorithm();
310		/**
311		* If a "zip" parameter was included, compress the plaintext using
312		* the specified compression algorithm and let M be the octet
313		* sequence representing the compressed plaintext; otherwise, let M
314		* be the octet sequence representing the plaintext.
315		*/
316	View Code Duplication	if(!is_null($zip))
		0 ignored issues – show Duplication introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
317		{
318		$compression__algorithm = CompressionAlgorithms_Registry::getInstance()->get($zip->getValue());
319		$payload = $compression__algorithm->compress($payload);
320		}
321
322		/**
323		* Encrypt M using the CEK, the JWE Initialization Vector, and the
324		* Additional Authenticated Data value using the specified content
325		* encryption algorithm to create the JWE Ciphertext value and the
326		* JWE Authentication Tag (which is the Authentication Tag output
327		* from the encryption operation).
328		*/
329		list($this->cipher_text, $this->tag) = $content_encryption_algorithm->encrypt
330		(
331		$payload,
332		$this->cek->getEncoded(),
333		$this->iv,
334		$jwt_shared_protected_header
335		);
336
337		return $this;
338		}
339
340
341		/**
342		* @param EncryptionAlgorithm $alg
343		* @return null\|Key
344		* @throws JWEInvalidCompactFormatException
345		* @throws InvalidKeyTypeAlgorithmException
346		* @throws \Exception
347		*/
348		private function decryptJWEEncryptedKey(EncryptionAlgorithm $alg){
349
350		$key_management_mode = $this->getKeyManagementMode($alg);
351		$recipient_private_key = $this->jwk->getKey(JSONWebKeyKeyOperationsValues::DecryptContentAndValidateDecryption);
352
353		if($alg->getKeyType() !== $recipient_private_key->getAlgorithm())
354		throw new InvalidKeyTypeAlgorithmException
355		(
356		sprintf
357		(
358		'key should be for alg %s, %s instead.',
359		$alg->getKeyType(),
360		$recipient_private_key->getAlgorithm()
361		)
362		);
363
364		switch($key_management_mode){
365		/**
366		* When Key Wrapping, Key Encryption, or Key Agreement with Key
367		* Wrapping are employed, decrypt the JWE Encrypted Key to produce
368		* the CEK. The CEK MUST have a length equal to that required for
369		* the content encryption algorithm
370		*/
371		case KeyManagementModeValues::KeyEncryption:
372		case KeyManagementModeValues::KeyWrapping:
373		case KeyManagementModeValues::KeyAgreementWithKeyWrapping:
		0 ignored issues – show Coding Style introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this CASE statements must be defined using a colon As per the PSR-2 coding standard, case statements should not be wrapped in curly braces. There is no need for braces, since each case is terminated by the next `break`. switch ($expr) { case "A": { //wrong doSomething(); break; } case "B": //right doSomething(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
374		{
375
376		return ContentEncryptionKeyFactory::fromRaw($alg->decrypt($recipient_private_key, $this->enc_cek), $alg);
377		}
378		/**
379		* When Direct Key Agreement or Direct Encryption are employed,
380		* verify that the JWE Encrypted Key value is an empty octetsequence.
381		* When Direct Encryption is employed, let the CEK be the shared
382		* symmetric key.
383		*/
384		case KeyManagementModeValues::DirectEncryption:
		0 ignored issues – show Coding Style introduced 2016-04-05 20:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this CASE statements must be defined using a colon As per the PSR-2 coding standard, case statements should not be wrapped in curly braces. There is no need for braces, since each case is terminated by the next `break`. switch ($expr) { case "A": { //wrong doSomething(); break; } case "B": //right doSomething(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
385		{
386		if (!empty($this->enc_cek))
387		throw new JWEInvalidCompactFormatException('JWE Encrypted Key value is not an empty octetsequence.');
388		return $recipient_private_key;
389		}
390		case KeyManagementModeValues::DirectKeyAgreement:
		0 ignored issues – show Coding Style introduced 2016-04-05 20:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this CASE statements must be defined using a colon As per the PSR-2 coding standard, case statements should not be wrapped in curly braces. There is no need for braces, since each case is terminated by the next `break`. switch ($expr) { case "A": { //wrong doSomething(); break; } case "B": //right doSomething(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
391		{
392		if (!empty($this->enc_cek))
393		throw new JWEInvalidCompactFormatException('JWE Encrypted Key value is not an empty octetsequence.');
394		throw new \Exception('unsupported Key Management Mode!');
395		}
396		}
397		return null;
398		}
399
400		/**
401		* @return $this
402		* @throws InvalidJWKAlgorithm
403		* @throws InvalidKeyTypeAlgorithmException
404		* @throws JWEInvalidCompactFormatException
405		* @throws JWEInvalidRecipientKeyException
406		* @throws JWEUnsupportedContentEncryptionAlgorithmException
407		* @throws JWEUnsupportedKeyManagementAlgorithmException
408		* @throws \Exception
409		*/
410		private function decrypt()
411		{
412		if (is_null($this->jwk))
413		throw new JWEInvalidRecipientKeyException();
414
415		if (!$this->should_decrypt) return $this;
416
417	View Code Duplication	if($this->jwk->getAlgorithm()->getValue()!== $this->header->getAlgorithm()->getString())
		0 ignored issues – show Duplication introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
418		throw new InvalidJWKAlgorithm
419		(
420		sprintf
421		(
422		'mismatch between algorithm intended for use with the key %s and the cryptographic algorithm used to encrypt or determine the value of the CEK %s',
423		$this->jwk->getAlgorithm()->getValue(),
424		$this->header->getAlgorithm()->getString()
425		)
426		);
427
428		$key_management_algorithm = KeyManagementAlgorithms_Registry::getInstance()->get
429		(
430		$this->header->getAlgorithm()->getString()
431		);
432
433		if (is_null($key_management_algorithm))
434		throw new JWEUnsupportedKeyManagementAlgorithmException
435		(
436		sprintf
437		(
438		'alg %s',
439		$this->header->getAlgorithm()->getString()
440		)
441		);
442
443		$content_encryption_algorithm = ContentEncryptionAlgorithms_Registry::getInstance()->get
444		(
445		$this->header->getEncryptionAlgorithm()->getString()
446		);
447
448		if (is_null($content_encryption_algorithm))
449		throw new JWEUnsupportedContentEncryptionAlgorithmException
450		(
451		sprintf
452		(
453		'enc %s',
454		$this->header->getEncryptionAlgorithm()->getString()
455		)
456		);
457
458		$this->cek = $this->decryptJWEEncryptedKey($key_management_algorithm);
459
460		// We encrypt the payload and get the tag
461		$jwt_shared_protected_header = JOSEHeaderSerializer::serialize($this->header);
462
463		/**
464		* Decrypt the JWE Cipher Text using the CEK, the JWE Initialization
465		* Vector, the Additional Authenticated Data value, and the JWE
466		* Authentication Tag (which is the Authentication Tag input to the
467		* calculation) using the specified content encryption algorithm,
468		* returning the decrypted plaintext and validating the JWE
469		* Authentication Tag in the manner specified for the algorithm,
470		* rejecting the input without emitting any decrypted output if the
471		* JWE Authentication Tag is incorrect.
472		*/
473		$plain_text = $content_encryption_algorithm->decrypt
474		(
475		$this->cipher_text,
476		$this->cek->getEncoded(),
477		$this->iv,
478		$jwt_shared_protected_header,
479		$this->tag
480		);
481
482		$zip = $this->header->getCompressionAlgorithm();
483		/**
484		* If a "zip" parameter was included, uncompress the decrypted
485		* plaintext using the specified compression algorithm.
486		*/
487	View Code Duplication	if(!is_null($zip))
		0 ignored issues – show Duplication introduced 2016-04-05 19:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
488		{
489		$compression__algorithm = CompressionAlgorithms_Registry::getInstance()->get($zip->getValue());
490		$plain_text = $compression__algorithm->uncompress($plain_text);
491		}
492
493		$this->setPayload(JWSPayloadFactory::build($plain_text));
494		$this->should_decrypt = false;
495
496		return $this;
497		}
498
499		/**
500		* @return array
501		*/
502		public function take()
503		{
504		return array(
505		$this->header,
506		$this->enc_cek,
507		$this->iv,
508		$this->cipher_text,
509		$this->tag);
510		}
511
512		/**
513		* @param IJWEJOSEHeader $header
514		* @param IJWSPayloadSpec $payload
515		* @return IJWE
516		*/
517		public static function fromHeaderAndPayload(IJWEJOSEHeader $header, IJWSPayloadSpec $payload)
518		{
519		return new JWE($header, $payload);
520		}
521
522		/**
523		* @param string $compact_serialization
524		* @return IJWE
525		* @throws JWEInvalidCompactFormatException
526		* @access private
527		*/
528		public static function fromCompactSerialization($compact_serialization)
529		{
530
531		list($header, $enc_cek, $iv, $cipher_text, $tag) = JWESerializer::deserialize($compact_serialization);
532		$jwe = new JWE($header);
533		$jwe->iv = $iv;
534		$jwe->tag = $tag;
535		$jwe->enc_cek = $enc_cek;
536		$jwe->cipher_text = $cipher_text;
537		$jwe->should_decrypt = true;
538		return $jwe;
539		}
540		}

smarcet / JOSE4PHP

Push — master ( 16bc05...356550 )

src/jwe/impl/JWE.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like