sop / jwx

lib/JWX/JWE/JWE.php

Indentation +328 added lines, -328 removed lines

@@ -20,354 +20,354 @@
  */
 class JWE
 {
-    /**
-     * Protected header.
-     *
-     * @var Header $_protectedHeader
-     */
-    protected $_protectedHeader;
+	/**
+	 * Protected header.
+	 *
+	 * @var Header $_protectedHeader
+	 */
+	protected $_protectedHeader;
     
-    /**
-     * Encrypted key.
-     *
-     * @var string $_encryptedKey
-     */
-    protected $_encryptedKey;
+	/**
+	 * Encrypted key.
+	 *
+	 * @var string $_encryptedKey
+	 */
+	protected $_encryptedKey;
     
-    /**
-     * Initialization vector.
-     *
-     * @var string
-     */
-    protected $_iv;
+	/**
+	 * Initialization vector.
+	 *
+	 * @var string
+	 */
+	protected $_iv;
     
-    /**
-     * Additional authenticated data.
-     *
-     * @var string|null $_aad
-     */
-    protected $_aad;
+	/**
+	 * Additional authenticated data.
+	 *
+	 * @var string|null $_aad
+	 */
+	protected $_aad;
     
-    /**
-     * Ciphertext.
-     *
-     * @var string $_ciphertext
-     */
-    protected $_ciphertext;
+	/**
+	 * Ciphertext.
+	 *
+	 * @var string $_ciphertext
+	 */
+	protected $_ciphertext;
     
-    /**
-     * Authentication tag.
-     *
-     * @var string $_authenticationTag
-     */
-    protected $_authenticationTag;
+	/**
+	 * Authentication tag.
+	 *
+	 * @var string $_authenticationTag
+	 */
+	protected $_authenticationTag;
     
-    /**
-     * Constructor.
-     *
-     * @param Header $protected_header JWE Protected Header
-     * @param string $encrypted_key Encrypted key
-     * @param string $iv Initialization vector
-     * @param string $ciphertext Ciphertext
-     * @param string $auth_tag Authentication tag
-     * @param string|null $aad Additional authenticated data
-     */
-    public function __construct(Header $protected_header, string $encrypted_key,
-        string $iv, string $ciphertext, string $auth_tag, $aad = null)
-    {
-        $this->_protectedHeader = $protected_header;
-        $this->_encryptedKey = $encrypted_key;
-        $this->_iv = $iv;
-        $this->_aad = $aad;
-        $this->_ciphertext = $ciphertext;
-        $this->_authenticationTag = $auth_tag;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Header $protected_header JWE Protected Header
+	 * @param string $encrypted_key Encrypted key
+	 * @param string $iv Initialization vector
+	 * @param string $ciphertext Ciphertext
+	 * @param string $auth_tag Authentication tag
+	 * @param string|null $aad Additional authenticated data
+	 */
+	public function __construct(Header $protected_header, string $encrypted_key,
+		string $iv, string $ciphertext, string $auth_tag, $aad = null)
+	{
+		$this->_protectedHeader = $protected_header;
+		$this->_encryptedKey = $encrypted_key;
+		$this->_iv = $iv;
+		$this->_aad = $aad;
+		$this->_ciphertext = $ciphertext;
+		$this->_authenticationTag = $auth_tag;
+	}
     
-    /**
-     * Initialize from compact serialization.
-     *
-     * @param string $data
-     * @return self
-     */
-    public static function fromCompact(string $data): self
-    {
-        return self::fromParts(explode(".", $data));
-    }
+	/**
+	 * Initialize from compact serialization.
+	 *
+	 * @param string $data
+	 * @return self
+	 */
+	public static function fromCompact(string $data): self
+	{
+		return self::fromParts(explode(".", $data));
+	}
     
-    /**
-     * Initialize from parts of compact serialization.
-     *
-     * @param array $parts
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromParts(array $parts): self
-    {
-        if (count($parts) != 5) {
-            throw new \UnexpectedValueException(
-                "Invalid JWE compact serialization.");
-        }
-        $header = Header::fromJSON(Base64::urlDecode($parts[0]));
-        $encrypted_key = Base64::urlDecode($parts[1]);
-        $iv = Base64::urlDecode($parts[2]);
-        $ciphertext = Base64::urlDecode($parts[3]);
-        $auth_tag = Base64::urlDecode($parts[4]);
-        return new self($header, $encrypted_key, $iv, $ciphertext, $auth_tag);
-    }
+	/**
+	 * Initialize from parts of compact serialization.
+	 *
+	 * @param array $parts
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromParts(array $parts): self
+	{
+		if (count($parts) != 5) {
+			throw new \UnexpectedValueException(
+				"Invalid JWE compact serialization.");
+		}
+		$header = Header::fromJSON(Base64::urlDecode($parts[0]));
+		$encrypted_key = Base64::urlDecode($parts[1]);
+		$iv = Base64::urlDecode($parts[2]);
+		$ciphertext = Base64::urlDecode($parts[3]);
+		$auth_tag = Base64::urlDecode($parts[4]);
+		return new self($header, $encrypted_key, $iv, $ciphertext, $auth_tag);
+	}
     
-    /**
-     * Initialize by encrypting the given payload.
-     *
-     * @param string $payload Payload
-     * @param KeyManagementAlgorithm $key_algo Key management algorithm
-     * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
-     * @param CompressionAlgorithm|null $zip_algo Optional compression algorithm
-     * @param Header|null $header Optional desired header. Algorithm specific
-     *        parameters are automatically added.
-     * @param string|null $cek Optional content encryption key. Randomly
-     *        generated if not set.
-     * @param string|null $iv Optional initialization vector. Randomly generated
-     *        if not set.
-     * @throws \RuntimeException If encrypt fails
-     * @return self
-     */
-    public static function encrypt(string $payload,
-        KeyManagementAlgorithm $key_algo, ContentEncryptionAlgorithm $enc_algo,
-        CompressionAlgorithm $zip_algo = null, Header $header = null, $cek = null, $iv = null): self
-    {
-        // if header was not given, initialize empty
-        if (!isset($header)) {
-            $header = new Header();
-        }
-        // generate random CEK
-        if (!isset($cek)) {
-            $cek = $key_algo->cekForEncryption($enc_algo->keySize());
-        }
-        // generate random IV
-        if (!isset($iv)) {
-            $iv = openssl_random_pseudo_bytes($enc_algo->ivSize());
-        }
-        // compress
-        if (isset($zip_algo)) {
-            $payload = $zip_algo->compress($payload);
-            $header = $header->withParameters(...$zip_algo->headerParameters());
-        }
-        return self::_encryptContent($payload, $cek, $iv, $key_algo, $enc_algo,
-            $header);
-    }
+	/**
+	 * Initialize by encrypting the given payload.
+	 *
+	 * @param string $payload Payload
+	 * @param KeyManagementAlgorithm $key_algo Key management algorithm
+	 * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
+	 * @param CompressionAlgorithm|null $zip_algo Optional compression algorithm
+	 * @param Header|null $header Optional desired header. Algorithm specific
+	 *        parameters are automatically added.
+	 * @param string|null $cek Optional content encryption key. Randomly
+	 *        generated if not set.
+	 * @param string|null $iv Optional initialization vector. Randomly generated
+	 *        if not set.
+	 * @throws \RuntimeException If encrypt fails
+	 * @return self
+	 */
+	public static function encrypt(string $payload,
+		KeyManagementAlgorithm $key_algo, ContentEncryptionAlgorithm $enc_algo,
+		CompressionAlgorithm $zip_algo = null, Header $header = null, $cek = null, $iv = null): self
+	{
+		// if header was not given, initialize empty
+		if (!isset($header)) {
+			$header = new Header();
+		}
+		// generate random CEK
+		if (!isset($cek)) {
+			$cek = $key_algo->cekForEncryption($enc_algo->keySize());
+		}
+		// generate random IV
+		if (!isset($iv)) {
+			$iv = openssl_random_pseudo_bytes($enc_algo->ivSize());
+		}
+		// compress
+		if (isset($zip_algo)) {
+			$payload = $zip_algo->compress($payload);
+			$header = $header->withParameters(...$zip_algo->headerParameters());
+		}
+		return self::_encryptContent($payload, $cek, $iv, $key_algo, $enc_algo,
+			$header);
+	}
     
-    /**
-     * Encrypt content with explicit parameters.
-     *
-     * @param string $plaintext Plaintext content to encrypt
-     * @param string $cek Content encryption key
-     * @param string $iv Initialization vector
-     * @param KeyManagementAlgorithm $key_algo Key management algorithm
-     * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
-     * @param Header $header Header
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    private static function _encryptContent(string $plaintext, string $cek,
-        string $iv, KeyManagementAlgorithm $key_algo,
-        ContentEncryptionAlgorithm $enc_algo, Header $header): self
-    {
-        // check that content encryption key has correct size
-        if (strlen($cek) != $enc_algo->keySize()) {
-            throw new \UnexpectedValueException("Invalid key size.");
-        }
-        // check that initialization vector has correct size
-        if (strlen($iv) != $enc_algo->ivSize()) {
-            throw new \UnexpectedValueException("Invalid IV size.");
-        }
-        // add key and encryption algorithm parameters to the header
-        $header = $header->withParameters(...$key_algo->headerParameters())
-            ->withParameters(...$enc_algo->headerParameters());
-        // encrypt the content encryption key
-        $encrypted_key = $key_algo->encrypt($cek, $header);
-        // sanity check that header wasn't unset via reference
-        if (!$header instanceof Header) {
-            throw new \RuntimeException("Broken key algorithm.");
-        }
-        // additional authenticated data
-        $aad = Base64::urlEncode($header->toJSON());
-        // encrypt
-        list($ciphertext, $auth_tag) = $enc_algo->encrypt($plaintext, $cek, $iv,
-            $aad);
-        // TODO: should aad be passed
-        return new self($header, $encrypted_key, $iv, $ciphertext, $auth_tag);
-    }
+	/**
+	 * Encrypt content with explicit parameters.
+	 *
+	 * @param string $plaintext Plaintext content to encrypt
+	 * @param string $cek Content encryption key
+	 * @param string $iv Initialization vector
+	 * @param KeyManagementAlgorithm $key_algo Key management algorithm
+	 * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
+	 * @param Header $header Header
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	private static function _encryptContent(string $plaintext, string $cek,
+		string $iv, KeyManagementAlgorithm $key_algo,
+		ContentEncryptionAlgorithm $enc_algo, Header $header): self
+	{
+		// check that content encryption key has correct size
+		if (strlen($cek) != $enc_algo->keySize()) {
+			throw new \UnexpectedValueException("Invalid key size.");
+		}
+		// check that initialization vector has correct size
+		if (strlen($iv) != $enc_algo->ivSize()) {
+			throw new \UnexpectedValueException("Invalid IV size.");
+		}
+		// add key and encryption algorithm parameters to the header
+		$header = $header->withParameters(...$key_algo->headerParameters())
+			->withParameters(...$enc_algo->headerParameters());
+		// encrypt the content encryption key
+		$encrypted_key = $key_algo->encrypt($cek, $header);
+		// sanity check that header wasn't unset via reference
+		if (!$header instanceof Header) {
+			throw new \RuntimeException("Broken key algorithm.");
+		}
+		// additional authenticated data
+		$aad = Base64::urlEncode($header->toJSON());
+		// encrypt
+		list($ciphertext, $auth_tag) = $enc_algo->encrypt($plaintext, $cek, $iv,
+			$aad);
+		// TODO: should aad be passed
+		return new self($header, $encrypted_key, $iv, $ciphertext, $auth_tag);
+	}
     
-    /**
-     * Decrypt the content using explicit algorithms.
-     *
-     * @param KeyManagementAlgorithm $key_algo
-     * @param ContentEncryptionAlgorithm $enc_algo
-     * @throws \RuntimeException If decrypt fails
-     * @return string Plaintext payload
-     */
-    public function decrypt(KeyManagementAlgorithm $key_algo,
-        ContentEncryptionAlgorithm $enc_algo): string
-    {
-        // check that key management algorithm matches
-        if ($key_algo->algorithmParamValue() != $this->algorithmName()) {
-            throw new \UnexpectedValueException(
-                "Invalid key management algorithm.");
-        }
-        // check that encryption algorithm matches
-        if ($enc_algo->encryptionAlgorithmParamValue() !=
-             $this->encryptionAlgorithmName()) {
-            throw new \UnexpectedValueException("Invalid encryption algorithm.");
-        }
-        $header = $this->header();
-        // decrypt content encryption key
-        $cek = $key_algo->decrypt($this->_encryptedKey, $header);
-        // decrypt payload
-        $aad = Base64::urlEncode($this->_protectedHeader->toJSON());
-        $payload = $enc_algo->decrypt($this->_ciphertext, $cek, $this->_iv, $aad,
-            $this->_authenticationTag);
-        // decompress
-        if ($header->hasCompressionAlgorithm()) {
-            $payload = CompressionFactory::algoByHeader($header)->decompress(
-                $payload);
-        }
-        return $payload;
-    }
+	/**
+	 * Decrypt the content using explicit algorithms.
+	 *
+	 * @param KeyManagementAlgorithm $key_algo
+	 * @param ContentEncryptionAlgorithm $enc_algo
+	 * @throws \RuntimeException If decrypt fails
+	 * @return string Plaintext payload
+	 */
+	public function decrypt(KeyManagementAlgorithm $key_algo,
+		ContentEncryptionAlgorithm $enc_algo): string
+	{
+		// check that key management algorithm matches
+		if ($key_algo->algorithmParamValue() != $this->algorithmName()) {
+			throw new \UnexpectedValueException(
+				"Invalid key management algorithm.");
+		}
+		// check that encryption algorithm matches
+		if ($enc_algo->encryptionAlgorithmParamValue() !=
+			 $this->encryptionAlgorithmName()) {
+			throw new \UnexpectedValueException("Invalid encryption algorithm.");
+		}
+		$header = $this->header();
+		// decrypt content encryption key
+		$cek = $key_algo->decrypt($this->_encryptedKey, $header);
+		// decrypt payload
+		$aad = Base64::urlEncode($this->_protectedHeader->toJSON());
+		$payload = $enc_algo->decrypt($this->_ciphertext, $cek, $this->_iv, $aad,
+			$this->_authenticationTag);
+		// decompress
+		if ($header->hasCompressionAlgorithm()) {
+			$payload = CompressionFactory::algoByHeader($header)->decompress(
+				$payload);
+		}
+		return $payload;
+	}
     
-    /**
-     * Decrypt content using given JWK.
-     *
-     * Key management and content encryption algorithms are determined from the
-     * header.
-     *
-     * @param JWK $jwk JSON Web Key
-     * @throws \RuntimeException If algorithm initialization fails
-     * @return string Plaintext payload
-     */
-    public function decryptWithJWK(JWK $jwk): string
-    {
-        $header = $this->header();
-        $key_algo = KeyManagementAlgorithm::fromJWK($jwk, $header);
-        $enc_algo = EncryptionAlgorithmFactory::algoByHeader($header);
-        return $this->decrypt($key_algo, $enc_algo);
-    }
+	/**
+	 * Decrypt content using given JWK.
+	 *
+	 * Key management and content encryption algorithms are determined from the
+	 * header.
+	 *
+	 * @param JWK $jwk JSON Web Key
+	 * @throws \RuntimeException If algorithm initialization fails
+	 * @return string Plaintext payload
+	 */
+	public function decryptWithJWK(JWK $jwk): string
+	{
+		$header = $this->header();
+		$key_algo = KeyManagementAlgorithm::fromJWK($jwk, $header);
+		$enc_algo = EncryptionAlgorithmFactory::algoByHeader($header);
+		return $this->decrypt($key_algo, $enc_algo);
+	}
     
-    /**
-     * Decrypt content using a key from the given JWK set.
-     *
-     * Correct key shall be sought by the key ID indicated by the header.
-     *
-     * @param JWKSet $set Set of JSON Web Keys
-     * @throws \RuntimeException If algorithm initialization fails
-     * @return string Plaintext payload
-     */
-    public function decryptWithJWKSet(JWKSet $set): string
-    {
-        if (!count($set)) {
-            throw new \RuntimeException("No keys.");
-        }
-        $header = $this->header();
-        $factory = new KeyAlgorithmFactory($header);
-        $key_algo = $factory->algoByKeys($set);
-        $enc_algo = EncryptionAlgorithmFactory::algoByHeader($header);
-        return $this->decrypt($key_algo, $enc_algo);
-    }
+	/**
+	 * Decrypt content using a key from the given JWK set.
+	 *
+	 * Correct key shall be sought by the key ID indicated by the header.
+	 *
+	 * @param JWKSet $set Set of JSON Web Keys
+	 * @throws \RuntimeException If algorithm initialization fails
+	 * @return string Plaintext payload
+	 */
+	public function decryptWithJWKSet(JWKSet $set): string
+	{
+		if (!count($set)) {
+			throw new \RuntimeException("No keys.");
+		}
+		$header = $this->header();
+		$factory = new KeyAlgorithmFactory($header);
+		$key_algo = $factory->algoByKeys($set);
+		$enc_algo = EncryptionAlgorithmFactory::algoByHeader($header);
+		return $this->decrypt($key_algo, $enc_algo);
+	}
     
-    /**
-     * Get JOSE header.
-     *
-     * @return JOSE
-     */
-    public function header(): JOSE
-    {
-        return new JOSE($this->_protectedHeader);
-    }
+	/**
+	 * Get JOSE header.
+	 *
+	 * @return JOSE
+	 */
+	public function header(): JOSE
+	{
+		return new JOSE($this->_protectedHeader);
+	}
     
-    /**
-     * Get the name of the key management algorithm.
-     *
-     * @return string
-     */
-    public function algorithmName(): string
-    {
-        return $this->header()
-            ->algorithm()
-            ->value();
-    }
+	/**
+	 * Get the name of the key management algorithm.
+	 *
+	 * @return string
+	 */
+	public function algorithmName(): string
+	{
+		return $this->header()
+			->algorithm()
+			->value();
+	}
     
-    /**
-     * Get the name of the encryption algorithm.
-     *
-     * @return string
-     */
-    public function encryptionAlgorithmName(): string
-    {
-        return $this->header()
-            ->encryptionAlgorithm()
-            ->value();
-    }
+	/**
+	 * Get the name of the encryption algorithm.
+	 *
+	 * @return string
+	 */
+	public function encryptionAlgorithmName(): string
+	{
+		return $this->header()
+			->encryptionAlgorithm()
+			->value();
+	}
     
-    /**
-     * Get encrypted CEK.
-     *
-     * @return string
-     */
-    public function encryptedKey(): string
-    {
-        return $this->_encryptedKey;
-    }
+	/**
+	 * Get encrypted CEK.
+	 *
+	 * @return string
+	 */
+	public function encryptedKey(): string
+	{
+		return $this->_encryptedKey;
+	}
     
-    /**
-     * Get initialization vector.
-     *
-     * @return string
-     */
-    public function initializationVector(): string
-    {
-        return $this->_iv;
-    }
+	/**
+	 * Get initialization vector.
+	 *
+	 * @return string
+	 */
+	public function initializationVector(): string
+	{
+		return $this->_iv;
+	}
     
-    /**
-     * Get ciphertext.
-     *
-     * @return string
-     */
-    public function ciphertext(): string
-    {
-        return $this->_ciphertext;
-    }
+	/**
+	 * Get ciphertext.
+	 *
+	 * @return string
+	 */
+	public function ciphertext(): string
+	{
+		return $this->_ciphertext;
+	}
     
-    /**
-     * Get authentication tag.
-     *
-     * @return string
-     */
-    public function authenticationTag(): string
-    {
-        return $this->_authenticationTag;
-    }
+	/**
+	 * Get authentication tag.
+	 *
+	 * @return string
+	 */
+	public function authenticationTag(): string
+	{
+		return $this->_authenticationTag;
+	}
     
-    /**
-     * Convert to compact serialization.
-     *
-     * @return string
-     */
-    public function toCompact(): string
-    {
-        return Base64::urlEncode($this->_protectedHeader->toJSON()) . "." .
-             Base64::urlEncode($this->_encryptedKey) . "." .
-             Base64::urlEncode($this->_iv) . "." .
-             Base64::urlEncode($this->_ciphertext) . "." .
-             Base64::urlEncode($this->_authenticationTag);
-    }
+	/**
+	 * Convert to compact serialization.
+	 *
+	 * @return string
+	 */
+	public function toCompact(): string
+	{
+		return Base64::urlEncode($this->_protectedHeader->toJSON()) . "." .
+			 Base64::urlEncode($this->_encryptedKey) . "." .
+			 Base64::urlEncode($this->_iv) . "." .
+			 Base64::urlEncode($this->_ciphertext) . "." .
+			 Base64::urlEncode($this->_authenticationTag);
+	}
     
-    /**
-     * Convert JWE to string.
-     *
-     * @return string
-     */
-    public function __toString()
-    {
-        return $this->toCompact();
-    }
+	/**
+	 * Convert JWE to string.
+	 *
+	 * @return string
+	 */
+	public function __toString()
+	{
+		return $this->toCompact();
+	}
 }

lib/JWX/JWE/ContentEncryptionAlgorithm.php

Indentation +37 added lines, -37 removed lines

@@ -11,45 +11,45 @@
  * Interface for algorithms that may be used to encrypt and decrypt JWE payload.
  */
 interface ContentEncryptionAlgorithm extends 
-    EncryptionAlgorithmParameterValue,
-    HeaderParameters
+	EncryptionAlgorithmParameterValue,
+	HeaderParameters
 {
-    /**
-     * Encrypt plaintext.
-     *
-     * @param string $plaintext Data to encrypt
-     * @param string $key Encryption key
-     * @param string $iv Initialization vector
-     * @param string $aad Additional authenticated data
-     * @return array Tuple of ciphertext and authentication tag
-     */
-    public function encrypt(string $plaintext, string $key, string $iv,
-        string $aad);
+	/**
+	 * Encrypt plaintext.
+	 *
+	 * @param string $plaintext Data to encrypt
+	 * @param string $key Encryption key
+	 * @param string $iv Initialization vector
+	 * @param string $aad Additional authenticated data
+	 * @return array Tuple of ciphertext and authentication tag
+	 */
+	public function encrypt(string $plaintext, string $key, string $iv,
+		string $aad);
     
-    /**
-     * Decrypt ciphertext.
-     *
-     * @param string $ciphertext Data to decrypt
-     * @param string $key Encryption key
-     * @param string $iv Initialization vector
-     * @param string $aad Additional authenticated data
-     * @param string $auth_tag Authentication tag to compare
-     * @return string Plaintext
-     */
-    public function decrypt(string $ciphertext, string $key, string $iv,
-        string $aad, string $auth_tag);
+	/**
+	 * Decrypt ciphertext.
+	 *
+	 * @param string $ciphertext Data to decrypt
+	 * @param string $key Encryption key
+	 * @param string $iv Initialization vector
+	 * @param string $aad Additional authenticated data
+	 * @param string $auth_tag Authentication tag to compare
+	 * @return string Plaintext
+	 */
+	public function decrypt(string $ciphertext, string $key, string $iv,
+		string $aad, string $auth_tag);
     
-    /**
-     * Get the required key size in bytes.
-     *
-     * @return int
-     */
-    public function keySize(): int;
+	/**
+	 * Get the required key size in bytes.
+	 *
+	 * @return int
+	 */
+	public function keySize(): int;
     
-    /**
-     * Get the required IV size in bytes.
-     *
-     * @return int
-     */
-    public function ivSize(): int;
+	/**
+	 * Get the required IV size in bytes.
+	 *
+	 * @return int
+	 */
+	public function ivSize(): int;
 }

lib/JWX/JWE/KeyAlgorithm/PBES2HS256A128KWAlgorithm.php

Indentation +32 added lines, -32 removed lines

@@ -15,39 +15,39 @@
  */
 class PBES2HS256A128KWAlgorithm extends PBES2Algorithm
 {
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _hashAlgo(): string
-    {
-        return "sha256";
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _hashAlgo(): string
+	{
+		return "sha256";
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _keyLength(): int
-    {
-        return 16;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _keyLength(): int
+	{
+		return 16;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _kwAlgo(): AESKeyWrapAlgorithm
-    {
-        return new AESKW128();
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _kwAlgo(): AESKeyWrapAlgorithm
+	{
+		return new AESKW128();
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function algorithmParamValue(): string
-    {
-        return JWA::ALGO_PBES2_HS256_A128KW;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function algorithmParamValue(): string
+	{
+		return JWA::ALGO_PBES2_HS256_A128KW;
+	}
 }

lib/JWX/JWE/KeyAlgorithm/RSAESKeyAlgorithm.php

Indentation +187 added lines, -187 removed lines

@@ -21,206 +21,206 @@
  */
 abstract class RSAESKeyAlgorithm extends KeyManagementAlgorithm
 {
-    use RandomCEK;
+	use RandomCEK;
     
-    /**
-     * Public key.
-     *
-     * @var RSAPublicKeyJWK $_publicKey
-     */
-    protected $_publicKey;
+	/**
+	 * Public key.
+	 *
+	 * @var RSAPublicKeyJWK $_publicKey
+	 */
+	protected $_publicKey;
     
-    /**
-     * Private key.
-     *
-     * @var RSAPrivateKeyJWK|null $_privateKey
-     */
-    protected $_privateKey;
+	/**
+	 * Private key.
+	 *
+	 * @var RSAPrivateKeyJWK|null $_privateKey
+	 */
+	protected $_privateKey;
     
-    /**
-     * Mapping from algorithm name to class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_ALGO_TO_CLASS = array(
-        /* @formatter:off */
-        JWA::ALGO_RSA1_5 => RSAESPKCS1Algorithm::class,
-        JWA::ALGO_RSA_OAEP => RSAESOAEPAlgorithm::class
-        /* @formatter:on */
-    );
+	/**
+	 * Mapping from algorithm name to class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_ALGO_TO_CLASS = array(
+		/* @formatter:off */
+		JWA::ALGO_RSA1_5 => RSAESPKCS1Algorithm::class,
+		JWA::ALGO_RSA_OAEP => RSAESOAEPAlgorithm::class
+		/* @formatter:on */
+	);
     
-    /**
-     * Get the padding scheme.
-     *
-     * @return int
-     */
-    abstract protected function _paddingScheme(): int;
+	/**
+	 * Get the padding scheme.
+	 *
+	 * @return int
+	 */
+	abstract protected function _paddingScheme(): int;
     
-    /**
-     * Constructor.
-     *
-     * Use <code>fromPublicKey</code> or <code>fromPrivateKey</code> instead!
-     *
-     * @param RSAPublicKeyJWK $pub_key RSA public key
-     * @param RSAPrivateKeyJWK $priv_key Optional RSA private key
-     */
-    protected function __construct(RSAPublicKeyJWK $pub_key,
-        RSAPrivateKeyJWK $priv_key = null)
-    {
-        $this->_publicKey = $pub_key;
-        $this->_privateKey = $priv_key;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * Use <code>fromPublicKey</code> or <code>fromPrivateKey</code> instead!
+	 *
+	 * @param RSAPublicKeyJWK $pub_key RSA public key
+	 * @param RSAPrivateKeyJWK $priv_key Optional RSA private key
+	 */
+	protected function __construct(RSAPublicKeyJWK $pub_key,
+		RSAPrivateKeyJWK $priv_key = null)
+	{
+		$this->_publicKey = $pub_key;
+		$this->_privateKey = $priv_key;
+	}
     
-    /**
-     *
-     * @param JWK $jwk
-     * @param Header $header
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromJWK(JWK $jwk, Header $header)
-    {
-        $alg = JWA::deriveAlgorithmName($header, $jwk);
-        if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
-            throw new \UnexpectedValueException("Unsupported algorithm '$alg'.");
-        }
-        $cls = self::MAP_ALGO_TO_CLASS[$alg];
-        if ($jwk->has(...RSAPrivateKeyJWK::MANAGED_PARAMS)) {
-            return $cls::fromPrivateKey(RSAPrivateKeyJWK::fromJWK($jwk));
-        }
-        return $cls::fromPublicKey(RSAPublicKeyJWK::fromJWK($jwk));
-    }
+	/**
+	 *
+	 * @param JWK $jwk
+	 * @param Header $header
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromJWK(JWK $jwk, Header $header)
+	{
+		$alg = JWA::deriveAlgorithmName($header, $jwk);
+		if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
+			throw new \UnexpectedValueException("Unsupported algorithm '$alg'.");
+		}
+		$cls = self::MAP_ALGO_TO_CLASS[$alg];
+		if ($jwk->has(...RSAPrivateKeyJWK::MANAGED_PARAMS)) {
+			return $cls::fromPrivateKey(RSAPrivateKeyJWK::fromJWK($jwk));
+		}
+		return $cls::fromPublicKey(RSAPublicKeyJWK::fromJWK($jwk));
+	}
     
-    /**
-     * Initialize from a public key.
-     *
-     * @param RSAPublicKeyJWK $jwk
-     * @return self
-     */
-    public static function fromPublicKey(RSAPublicKeyJWK $jwk): self
-    {
-        return new static($jwk);
-    }
+	/**
+	 * Initialize from a public key.
+	 *
+	 * @param RSAPublicKeyJWK $jwk
+	 * @return self
+	 */
+	public static function fromPublicKey(RSAPublicKeyJWK $jwk): self
+	{
+		return new static($jwk);
+	}
     
-    /**
-     * Initialize from a private key.
-     *
-     * @param RSAPrivateKeyJWK $jwk
-     * @return self
-     */
-    public static function fromPrivateKey(RSAPrivateKeyJWK $jwk): self
-    {
-        return new static($jwk->publicKey(), $jwk);
-    }
+	/**
+	 * Initialize from a private key.
+	 *
+	 * @param RSAPrivateKeyJWK $jwk
+	 * @return self
+	 */
+	public static function fromPrivateKey(RSAPrivateKeyJWK $jwk): self
+	{
+		return new static($jwk->publicKey(), $jwk);
+	}
     
-    /**
-     * Get the public key.
-     *
-     * @return RSAPublicKeyJWK
-     */
-    public function publicKey(): RSAPublicKeyJWK
-    {
-        return $this->_publicKey;
-    }
+	/**
+	 * Get the public key.
+	 *
+	 * @return RSAPublicKeyJWK
+	 */
+	public function publicKey(): RSAPublicKeyJWK
+	{
+		return $this->_publicKey;
+	}
     
-    /**
-     * Check whether the private key is present.
-     *
-     * @return bool
-     */
-    public function hasPrivateKey(): bool
-    {
-        return isset($this->_privateKey);
-    }
+	/**
+	 * Check whether the private key is present.
+	 *
+	 * @return bool
+	 */
+	public function hasPrivateKey(): bool
+	{
+		return isset($this->_privateKey);
+	}
     
-    /**
-     * Get the private key.
-     *
-     * @throws \LogicException
-     * @return RSAPrivateKeyJWK
-     */
-    public function privateKey(): RSAPrivateKeyJWK
-    {
-        if (!$this->hasPrivateKey()) {
-            throw new \LogicException("Private key not set.");
-        }
-        return $this->_privateKey;
-    }
+	/**
+	 * Get the private key.
+	 *
+	 * @throws \LogicException
+	 * @return RSAPrivateKeyJWK
+	 */
+	public function privateKey(): RSAPrivateKeyJWK
+	{
+		if (!$this->hasPrivateKey()) {
+			throw new \LogicException("Private key not set.");
+		}
+		return $this->_privateKey;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _encryptKey(string $key, Header &$header): string
-    {
-        $pubkey = openssl_pkey_get_public(
-            $this->publicKey()
-                ->toPEM()
-                ->string());
-        if (false === $pubkey) {
-            throw new \RuntimeException(
-                "openssl_pkey_get_public() failed: " .
-                     $this->_getLastOpenSSLError());
-        }
-        $result = openssl_public_encrypt($key, $crypted, $pubkey,
-            $this->_paddingScheme());
-        if (!$result) {
-            throw new \RuntimeException(
-                "openssl_public_encrypt() failed: " .
-                     $this->_getLastOpenSSLError());
-        }
-        return $crypted;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _encryptKey(string $key, Header &$header): string
+	{
+		$pubkey = openssl_pkey_get_public(
+			$this->publicKey()
+				->toPEM()
+				->string());
+		if (false === $pubkey) {
+			throw new \RuntimeException(
+				"openssl_pkey_get_public() failed: " .
+					 $this->_getLastOpenSSLError());
+		}
+		$result = openssl_public_encrypt($key, $crypted, $pubkey,
+			$this->_paddingScheme());
+		if (!$result) {
+			throw new \RuntimeException(
+				"openssl_public_encrypt() failed: " .
+					 $this->_getLastOpenSSLError());
+		}
+		return $crypted;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _decryptKey(string $ciphertext, Header $header): string
-    {
-        $privkey = openssl_pkey_get_private(
-            $this->privateKey()
-                ->toPEM()
-                ->string());
-        if (!$privkey) {
-            throw new \RuntimeException(
-                "openssl_pkey_get_private() failed: " .
-                     $this->_getLastOpenSSLError());
-        }
-        $result = openssl_private_decrypt($ciphertext, $cek, $privkey,
-            $this->_paddingScheme());
-        if (!$result) {
-            throw new \RuntimeException(
-                "openssl_private_decrypt() failed: " .
-                     $this->_getLastOpenSSLError());
-        }
-        return $cek;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _decryptKey(string $ciphertext, Header $header): string
+	{
+		$privkey = openssl_pkey_get_private(
+			$this->privateKey()
+				->toPEM()
+				->string());
+		if (!$privkey) {
+			throw new \RuntimeException(
+				"openssl_pkey_get_private() failed: " .
+					 $this->_getLastOpenSSLError());
+		}
+		$result = openssl_private_decrypt($ciphertext, $cek, $privkey,
+			$this->_paddingScheme());
+		if (!$result) {
+			throw new \RuntimeException(
+				"openssl_private_decrypt() failed: " .
+					 $this->_getLastOpenSSLError());
+		}
+		return $cek;
+	}
     
-    /**
-     * Get last OpenSSL error message.
-     *
-     * @return string|null
-     */
-    protected function _getLastOpenSSLError()
-    {
-        $msg = null;
-        while (false !== ($err = openssl_error_string())) {
-            $msg = $err;
-        }
-        return $msg;
-    }
+	/**
+	 * Get last OpenSSL error message.
+	 *
+	 * @return string|null
+	 */
+	protected function _getLastOpenSSLError()
+	{
+		$msg = null;
+		while (false !== ($err = openssl_error_string())) {
+			$msg = $err;
+		}
+		return $msg;
+	}
     
-    /**
-     *
-     * @see \JWX\JWE\KeyManagementAlgorithm::headerParameters()
-     * @return \JWX\JWT\Parameter\JWTParameter[]
-     */
-    public function headerParameters(): array
-    {
-        return array_merge(parent::headerParameters(),
-            array(AlgorithmParameter::fromAlgorithm($this)));
-    }
+	/**
+	 *
+	 * @see \JWX\JWE\KeyManagementAlgorithm::headerParameters()
+	 * @return \JWX\JWT\Parameter\JWTParameter[]
+	 */
+	public function headerParameters(): array
+	{
+		return array_merge(parent::headerParameters(),
+			array(AlgorithmParameter::fromAlgorithm($this)));
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -153,7 +153,7 @@
      *
      * {@inheritdoc}
      */
-    protected function _encryptKey(string $key, Header &$header): string
+    protected function _encryptKey(string $key, Header&$header): string
     {
         $pubkey = openssl_pkey_get_public(
             $this->publicKey()

lib/JWX/JWE/KeyAlgorithm/A192KWAlgorithm.php

Indentation +24 added lines, -24 removed lines

@@ -15,30 +15,30 @@
  */
 class A192KWAlgorithm extends AESKWAlgorithm
 {
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _kekSize(): int
-    {
-        return 24;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _kekSize(): int
+	{
+		return 24;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _AESKWAlgo(): AESKeyWrapAlgorithm
-    {
-        return new AESKW192();
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _AESKWAlgo(): AESKeyWrapAlgorithm
+	{
+		return new AESKW192();
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function algorithmParamValue(): string
-    {
-        return JWA::ALGO_A192KW;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function algorithmParamValue(): string
+	{
+		return JWA::ALGO_A192KW;
+	}
 }

lib/JWX/JWE/KeyAlgorithm/KeyAlgorithmFactory.php

Indentation +83 added lines, -83 removed lines

@@ -15,92 +15,92 @@
  */
 class KeyAlgorithmFactory
 {
-    /**
-     * Header.
-     *
-     * @var Header $_header
-     */
-    protected $_header;
+	/**
+	 * Header.
+	 *
+	 * @var Header $_header
+	 */
+	protected $_header;
     
-    /**
-     * Mapping from algorithm name to class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_ALGO_TO_CLASS = array(
-        /* @formatter:off */
-        JWA::ALGO_A128KW => A128KWAlgorithm::class,
-        JWA::ALGO_A192KW => A192KWAlgorithm::class,
-        JWA::ALGO_A128KW => A256KWAlgorithm::class,
-        JWA::ALGO_A128GCMKW => A128GCMKWAlgorithm::class,
-        JWA::ALGO_A192GCMKW => A192GCMKWAlgorithm::class,
-        JWA::ALGO_A256GCMKW => A256GCMKWAlgorithm::class,
-        JWA::ALGO_PBES2_HS256_A128KW => PBES2HS256A128KWAlgorithm::class,
-        JWA::ALGO_PBES2_HS384_A192KW => PBES2HS384A192KWAlgorithm::class,
-        JWA::ALGO_PBES2_HS512_A256KW => PBES2HS512A256KWAlgorithm::class,
-        JWA::ALGO_DIR => DirectCEKAlgorithm::class,
-        JWA::ALGO_RSA1_5 => RSAESPKCS1Algorithm::class,
-        JWA::ALGO_RSA_OAEP => RSAESOAEPAlgorithm::class
-        /* @formatter:on */
-    );
+	/**
+	 * Mapping from algorithm name to class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_ALGO_TO_CLASS = array(
+		/* @formatter:off */
+		JWA::ALGO_A128KW => A128KWAlgorithm::class,
+		JWA::ALGO_A192KW => A192KWAlgorithm::class,
+		JWA::ALGO_A128KW => A256KWAlgorithm::class,
+		JWA::ALGO_A128GCMKW => A128GCMKWAlgorithm::class,
+		JWA::ALGO_A192GCMKW => A192GCMKWAlgorithm::class,
+		JWA::ALGO_A256GCMKW => A256GCMKWAlgorithm::class,
+		JWA::ALGO_PBES2_HS256_A128KW => PBES2HS256A128KWAlgorithm::class,
+		JWA::ALGO_PBES2_HS384_A192KW => PBES2HS384A192KWAlgorithm::class,
+		JWA::ALGO_PBES2_HS512_A256KW => PBES2HS512A256KWAlgorithm::class,
+		JWA::ALGO_DIR => DirectCEKAlgorithm::class,
+		JWA::ALGO_RSA1_5 => RSAESPKCS1Algorithm::class,
+		JWA::ALGO_RSA_OAEP => RSAESOAEPAlgorithm::class
+		/* @formatter:on */
+	);
     
-    /**
-     * Constructor.
-     *
-     * @param Header $header
-     */
-    public function __construct(Header $header)
-    {
-        $this->_header = $header;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Header $header
+	 */
+	public function __construct(Header $header)
+	{
+		$this->_header = $header;
+	}
     
-    /**
-     * Get key management algorithm by given JWK.
-     *
-     * @param JWK $jwk
-     * @return KeyManagementAlgorithm
-     */
-    public function algoByKey(JWK $jwk): KeyManagementAlgorithm
-    {
-        $alg = JWA::deriveAlgorithmName($this->_header, $jwk);
-        $cls = self::_algoClassByName($alg);
-        return $cls::fromJWK($jwk, $this->_header);
-    }
+	/**
+	 * Get key management algorithm by given JWK.
+	 *
+	 * @param JWK $jwk
+	 * @return KeyManagementAlgorithm
+	 */
+	public function algoByKey(JWK $jwk): KeyManagementAlgorithm
+	{
+		$alg = JWA::deriveAlgorithmName($this->_header, $jwk);
+		$cls = self::_algoClassByName($alg);
+		return $cls::fromJWK($jwk, $this->_header);
+	}
     
-    /**
-     * Get key management algorithm using a matching key from given JWK set.
-     *
-     * @param JWKSet $set
-     * @throws \UnexpectedValueException If a key cannot be found
-     * @return KeyManagementAlgorithm
-     */
-    public function algoByKeys(JWKSet $set): KeyManagementAlgorithm
-    {
-        if (!$this->_header->hasKeyID()) {
-            throw new \UnexpectedValueException("No key ID paremeter.");
-        }
-        $id = $this->_header->keyID()->value();
-        if (!$set->hasKeyID($id)) {
-            throw new \UnexpectedValueException("No key for ID '$id'.");
-        }
-        return $this->algoByKey($set->keyByID($id));
-    }
+	/**
+	 * Get key management algorithm using a matching key from given JWK set.
+	 *
+	 * @param JWKSet $set
+	 * @throws \UnexpectedValueException If a key cannot be found
+	 * @return KeyManagementAlgorithm
+	 */
+	public function algoByKeys(JWKSet $set): KeyManagementAlgorithm
+	{
+		if (!$this->_header->hasKeyID()) {
+			throw new \UnexpectedValueException("No key ID paremeter.");
+		}
+		$id = $this->_header->keyID()->value();
+		if (!$set->hasKeyID($id)) {
+			throw new \UnexpectedValueException("No key for ID '$id'.");
+		}
+		return $this->algoByKey($set->keyByID($id));
+	}
     
-    /**
-     * Get the algorithm implementation class name by an algorithm name.
-     *
-     * @param string $alg Algorithm name
-     * @throws \UnexpectedValueException
-     * @return string Class name
-     */
-    private static function _algoClassByName(string $alg): string
-    {
-        if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
-            throw new \UnexpectedValueException(
-                "Algorithm '$alg' not supported.");
-        }
-        return self::MAP_ALGO_TO_CLASS[$alg];
-    }
+	/**
+	 * Get the algorithm implementation class name by an algorithm name.
+	 *
+	 * @param string $alg Algorithm name
+	 * @throws \UnexpectedValueException
+	 * @return string Class name
+	 */
+	private static function _algoClassByName(string $alg): string
+	{
+		if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
+			throw new \UnexpectedValueException(
+				"Algorithm '$alg' not supported.");
+		}
+		return self::MAP_ALGO_TO_CLASS[$alg];
+	}
 }

lib/JWX/JWE/KeyAlgorithm/A256GCMKWAlgorithm.php

Indentation +24 added lines, -24 removed lines

@@ -15,30 +15,30 @@
  */
 class A256GCMKWAlgorithm extends AESGCMKWAlgorithm
 {
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _getGCMCipher(): Cipher
-    {
-        return new AES256Cipher();
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _getGCMCipher(): Cipher
+	{
+		return new AES256Cipher();
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _keySize(): int
-    {
-        return 32;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _keySize(): int
+	{
+		return 32;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function algorithmParamValue(): string
-    {
-        return JWA::ALGO_A256GCMKW;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function algorithmParamValue(): string
+	{
+		return JWA::ALGO_A256GCMKW;
+	}
 }

lib/JWX/JWE/KeyAlgorithm/AESGCMKWAlgorithm.php

Indentation +153 added lines, -153 removed lines

@@ -23,171 +23,171 @@
  */
 abstract class AESGCMKWAlgorithm extends KeyManagementAlgorithm
 {
-    use RandomCEK;
+	use RandomCEK;
     
-    /**
-     * Key encryption key.
-     *
-     * @var string $_kek
-     */
-    protected $_kek;
+	/**
+	 * Key encryption key.
+	 *
+	 * @var string $_kek
+	 */
+	protected $_kek;
     
-    /**
-     * Initialization vector.
-     *
-     * @var string $_iv
-     */
-    protected $_iv;
+	/**
+	 * Initialization vector.
+	 *
+	 * @var string $_iv
+	 */
+	protected $_iv;
     
-    /**
-     * Mapping from algorithm name to class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_ALGO_TO_CLASS = array(
-        /* @formatter:off */
-        JWA::ALGO_A128GCMKW => A128GCMKWAlgorithm::class, 
-        JWA::ALGO_A192GCMKW => A192GCMKWAlgorithm::class, 
-        JWA::ALGO_A256GCMKW => A256GCMKWAlgorithm::class
-        /* @formatter:on */
-    );
+	/**
+	 * Mapping from algorithm name to class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_ALGO_TO_CLASS = array(
+		/* @formatter:off */
+		JWA::ALGO_A128GCMKW => A128GCMKWAlgorithm::class, 
+		JWA::ALGO_A192GCMKW => A192GCMKWAlgorithm::class, 
+		JWA::ALGO_A256GCMKW => A256GCMKWAlgorithm::class
+		/* @formatter:on */
+	);
     
-    /**
-     * Required IV size in bytes.
-     *
-     * @var int
-     */
-    const IV_SIZE = 12;
+	/**
+	 * Required IV size in bytes.
+	 *
+	 * @var int
+	 */
+	const IV_SIZE = 12;
     
-    /**
-     * Authentication tag size in bytes.
-     *
-     * @var int
-     */
-    const AUTH_TAG_SIZE = 16;
+	/**
+	 * Authentication tag size in bytes.
+	 *
+	 * @var int
+	 */
+	const AUTH_TAG_SIZE = 16;
     
-    /**
-     * Get GCM Cipher instance.
-     *
-     * @return Cipher
-     */
-    abstract protected function _getGCMCipher(): Cipher;
+	/**
+	 * Get GCM Cipher instance.
+	 *
+	 * @return Cipher
+	 */
+	abstract protected function _getGCMCipher(): Cipher;
     
-    /**
-     * Get the required key size.
-     *
-     * @return int
-     */
-    abstract protected function _keySize(): int;
+	/**
+	 * Get the required key size.
+	 *
+	 * @return int
+	 */
+	abstract protected function _keySize(): int;
     
-    /**
-     * Get GCM instance.
-     *
-     * @return GCM
-     */
-    final protected function _getGCM(): GCM
-    {
-        return new GCM($this->_getGCMCipher(), self::AUTH_TAG_SIZE);
-    }
+	/**
+	 * Get GCM instance.
+	 *
+	 * @return GCM
+	 */
+	final protected function _getGCM(): GCM
+	{
+		return new GCM($this->_getGCMCipher(), self::AUTH_TAG_SIZE);
+	}
     
-    /**
-     * Constructor.
-     *
-     * @param string $kek Key encryption key
-     * @param string $iv Initialization vector
-     */
-    public function __construct(string $kek, string $iv)
-    {
-        if (strlen($kek) != $this->_keySize()) {
-            throw new \LengthException("Invalid key size.");
-        }
-        if (strlen($iv) != self::IV_SIZE) {
-            throw new \LengthException("Initialization vector must be 96 bits.");
-        }
-        $this->_kek = $kek;
-        $this->_iv = $iv;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $kek Key encryption key
+	 * @param string $iv Initialization vector
+	 */
+	public function __construct(string $kek, string $iv)
+	{
+		if (strlen($kek) != $this->_keySize()) {
+			throw new \LengthException("Invalid key size.");
+		}
+		if (strlen($iv) != self::IV_SIZE) {
+			throw new \LengthException("Initialization vector must be 96 bits.");
+		}
+		$this->_kek = $kek;
+		$this->_iv = $iv;
+	}
     
-    /**
-     *
-     * @param JWK $jwk
-     * @param Header $header
-     * @throws \UnexpectedValueException
-     * @return self
-     */
-    public static function fromJWK(JWK $jwk, Header $header)
-    {
-        $jwk = SymmetricKeyJWK::fromJWK($jwk);
-        if (!$header->hasInitializationVector()) {
-            throw new \UnexpectedValueException("No initialization vector.");
-        }
-        $iv = $header->initializationVector()->initializationVector();
-        $alg = JWA::deriveAlgorithmName($header, $jwk);
-        if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
-            throw new \UnexpectedValueException("Unsupported algorithm '$alg'.");
-        }
-        $cls = self::MAP_ALGO_TO_CLASS[$alg];
-        return new $cls($jwk->key(), $iv);
-    }
+	/**
+	 *
+	 * @param JWK $jwk
+	 * @param Header $header
+	 * @throws \UnexpectedValueException
+	 * @return self
+	 */
+	public static function fromJWK(JWK $jwk, Header $header)
+	{
+		$jwk = SymmetricKeyJWK::fromJWK($jwk);
+		if (!$header->hasInitializationVector()) {
+			throw new \UnexpectedValueException("No initialization vector.");
+		}
+		$iv = $header->initializationVector()->initializationVector();
+		$alg = JWA::deriveAlgorithmName($header, $jwk);
+		if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
+			throw new \UnexpectedValueException("Unsupported algorithm '$alg'.");
+		}
+		$cls = self::MAP_ALGO_TO_CLASS[$alg];
+		return new $cls($jwk->key(), $iv);
+	}
     
-    /**
-     * Initialize from key encryption key with random IV.
-     *
-     * Key size must match the underlying cipher.
-     *
-     * @param string $key Key encryption key
-     * @return self
-     */
-    public static function fromKey(string $key): self
-    {
-        $iv = openssl_random_pseudo_bytes(self::IV_SIZE);
-        return new static($key, $iv);
-    }
+	/**
+	 * Initialize from key encryption key with random IV.
+	 *
+	 * Key size must match the underlying cipher.
+	 *
+	 * @param string $key Key encryption key
+	 * @return self
+	 */
+	public static function fromKey(string $key): self
+	{
+		$iv = openssl_random_pseudo_bytes(self::IV_SIZE);
+		return new static($key, $iv);
+	}
     
-    /**
-     *
-     * @see \JWX\JWE\KeyManagementAlgorithm::_encryptKey()
-     * @return string
-     */
-    protected function _encryptKey(string $key, Header &$header): string
-    {
-        list($ciphertext, $auth_tag) = $this->_getGCM()->encrypt($key, "",
-            $this->_kek, $this->_iv);
-        // insert authentication tag to the header
-        $header = $header->withParameters(
-            AuthenticationTagParameter::fromString($auth_tag));
-        return $ciphertext;
-    }
+	/**
+	 *
+	 * @see \JWX\JWE\KeyManagementAlgorithm::_encryptKey()
+	 * @return string
+	 */
+	protected function _encryptKey(string $key, Header &$header): string
+	{
+		list($ciphertext, $auth_tag) = $this->_getGCM()->encrypt($key, "",
+			$this->_kek, $this->_iv);
+		// insert authentication tag to the header
+		$header = $header->withParameters(
+			AuthenticationTagParameter::fromString($auth_tag));
+		return $ciphertext;
+	}
     
-    /**
-     *
-     * @see \JWX\JWE\KeyManagementAlgorithm::_decryptKey()
-     * @throws \RuntimeException For generic errors
-     * @return string
-     */
-    protected function _decryptKey(string $ciphertext, Header $header): string
-    {
-        if (!$header->hasAuthenticationTag()) {
-            throw new \RuntimeException(
-                "Header doesn't contain authentication tag.");
-        }
-        $auth_tag = $header->authenticationTag()->authenticationTag();
-        $cek = $this->_getGCM()->decrypt($ciphertext, $auth_tag, "", $this->_kek,
-            $this->_iv);
-        return $cek;
-    }
+	/**
+	 *
+	 * @see \JWX\JWE\KeyManagementAlgorithm::_decryptKey()
+	 * @throws \RuntimeException For generic errors
+	 * @return string
+	 */
+	protected function _decryptKey(string $ciphertext, Header $header): string
+	{
+		if (!$header->hasAuthenticationTag()) {
+			throw new \RuntimeException(
+				"Header doesn't contain authentication tag.");
+		}
+		$auth_tag = $header->authenticationTag()->authenticationTag();
+		$cek = $this->_getGCM()->decrypt($ciphertext, $auth_tag, "", $this->_kek,
+			$this->_iv);
+		return $cek;
+	}
     
-    /**
-     *
-     * @see \JWX\JWE\KeyManagementAlgorithm::headerParameters()
-     * @return \JWX\JWT\Parameter\JWTParameter[]
-     */
-    public function headerParameters(): array
-    {
-        return array_merge(parent::headerParameters(),
-            array(AlgorithmParameter::fromAlgorithm($this),
-                InitializationVectorParameter::fromString($this->_iv)));
-    }
+	/**
+	 *
+	 * @see \JWX\JWE\KeyManagementAlgorithm::headerParameters()
+	 * @return \JWX\JWT\Parameter\JWTParameter[]
+	 */
+	public function headerParameters(): array
+	{
+		return array_merge(parent::headerParameters(),
+			array(AlgorithmParameter::fromAlgorithm($this),
+				InitializationVectorParameter::fromString($this->_iv)));
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -151,7 +151,7 @@
      * @see \JWX\JWE\KeyManagementAlgorithm::_encryptKey()
      * @return string
      */
-    protected function _encryptKey(string $key, Header &$header): string
+    protected function _encryptKey(string $key, Header&$header): string
     {
         list($ciphertext, $auth_tag) = $this->_getGCM()->encrypt($key, "",
             $this->_kek, $this->_iv);

lib/JWX/JWE/KeyAlgorithm/RSAESPKCS1Algorithm.php

Indentation +16 added lines, -16 removed lines

@@ -13,21 +13,21 @@
  */
 class RSAESPKCS1Algorithm extends RSAESKeyAlgorithm
 {
-    /**
-     *
-     * {@inheritdoc}
-     */
-    protected function _paddingScheme(): int
-    {
-        return OPENSSL_PKCS1_PADDING;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	protected function _paddingScheme(): int
+	{
+		return OPENSSL_PKCS1_PADDING;
+	}
     
-    /**
-     *
-     * {@inheritdoc}
-     */
-    public function algorithmParamValue(): string
-    {
-        return JWA::ALGO_RSA1_5;
-    }
+	/**
+	 *
+	 * {@inheritdoc}
+	 */
+	public function algorithmParamValue(): string
+	{
+		return JWA::ALGO_RSA1_5;
+	}
 }