sop / jwx

lib/JWX/JWS/Algorithm/HMACAlgorithm.php

Indentation +78 added lines, -78 removed lines

@@ -18,89 +18,89 @@
  */
 abstract class HMACAlgorithm extends SignatureAlgorithm
 {
-    /**
-     * Mapping from algorithm name to class name.
-     *
-     * @internal
-     *
-     * @var array
-     */
-    const MAP_ALGO_TO_CLASS = [
-        JWA::ALGO_HS256 => HS256Algorithm::class,
-        JWA::ALGO_HS384 => HS384Algorithm::class,
-        JWA::ALGO_HS512 => HS512Algorithm::class,
-    ];
+	/**
+	 * Mapping from algorithm name to class name.
+	 *
+	 * @internal
+	 *
+	 * @var array
+	 */
+	const MAP_ALGO_TO_CLASS = [
+		JWA::ALGO_HS256 => HS256Algorithm::class,
+		JWA::ALGO_HS384 => HS384Algorithm::class,
+		JWA::ALGO_HS512 => HS512Algorithm::class,
+	];
 
-    /**
-     * Shared secret key.
-     *
-     * @var string
-     */
-    protected $_key;
+	/**
+	 * Shared secret key.
+	 *
+	 * @var string
+	 */
+	protected $_key;
 
-    /**
-     * Constructor.
-     *
-     * @param string $key Shared secret key
-     */
-    public function __construct(string $key)
-    {
-        $this->_key = $key;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $key Shared secret key
+	 */
+	public function __construct(string $key)
+	{
+		$this->_key = $key;
+	}
 
-    /**
-     * {@inheritdoc}
-     *
-     * @return self
-     */
-    public static function fromJWK(JWK $jwk, Header $header): SignatureAlgorithm
-    {
-        $jwk = SymmetricKeyJWK::fromJWK($jwk);
-        $alg = JWA::deriveAlgorithmName($header, $jwk);
-        if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
-            throw new \UnexpectedValueException("Unsupported algorithm '{$alg}'.");
-        }
-        $cls = self::MAP_ALGO_TO_CLASS[$alg];
-        return new $cls($jwk->key());
-    }
+	/**
+	 * {@inheritdoc}
+	 *
+	 * @return self
+	 */
+	public static function fromJWK(JWK $jwk, Header $header): SignatureAlgorithm
+	{
+		$jwk = SymmetricKeyJWK::fromJWK($jwk);
+		$alg = JWA::deriveAlgorithmName($header, $jwk);
+		if (!array_key_exists($alg, self::MAP_ALGO_TO_CLASS)) {
+			throw new \UnexpectedValueException("Unsupported algorithm '{$alg}'.");
+		}
+		$cls = self::MAP_ALGO_TO_CLASS[$alg];
+		return new $cls($jwk->key());
+	}
 
-    /**
-     * {@inheritdoc}
-     *
-     * @throws \RuntimeException For generic errors
-     */
-    public function computeSignature(string $data): string
-    {
-        $result = @hash_hmac($this->_hashAlgo(), $data, $this->_key, true);
-        if (false === $result) {
-            $err = error_get_last();
-            $msg = isset($err) && __FILE__ === $err['file'] ? $err['message'] : null;
-            throw new \RuntimeException($msg ?? 'hash_hmac() failed.');
-        }
-        return $result;
-    }
+	/**
+	 * {@inheritdoc}
+	 *
+	 * @throws \RuntimeException For generic errors
+	 */
+	public function computeSignature(string $data): string
+	{
+		$result = @hash_hmac($this->_hashAlgo(), $data, $this->_key, true);
+		if (false === $result) {
+			$err = error_get_last();
+			$msg = isset($err) && __FILE__ === $err['file'] ? $err['message'] : null;
+			throw new \RuntimeException($msg ?? 'hash_hmac() failed.');
+		}
+		return $result;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    public function validateSignature(string $data, string $signature): bool
-    {
-        return $this->computeSignature($data) === $signature;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public function validateSignature(string $data, string $signature): bool
+	{
+		return $this->computeSignature($data) === $signature;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    public function headerParameters(): array
-    {
-        return array_merge(parent::headerParameters(),
-            [AlgorithmParameter::fromAlgorithm($this)]);
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public function headerParameters(): array
+	{
+		return array_merge(parent::headerParameters(),
+			[AlgorithmParameter::fromAlgorithm($this)]);
+	}
 
-    /**
-     * Get algorithm name recognized by the Hash extension.
-     *
-     * @return string
-     */
-    abstract protected function _hashAlgo(): string;
+	/**
+	 * Get algorithm name recognized by the Hash extension.
+	 *
+	 * @return string
+	 */
+	abstract protected function _hashAlgo(): string;
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\JWX\JWS\Algorithm;
 

lib/JWX/JWS/Algorithm/ES512Algorithm.php

Indentation +21 added lines, -21 removed lines

@@ -14,27 +14,27 @@
  */
 class ES512Algorithm extends ECDSAAlgorithm
 {
-    /**
-     * {@inheritdoc}
-     */
-    public function algorithmParamValue(): string
-    {
-        return JWA::ALGO_ES512;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public function algorithmParamValue(): string
+	{
+		return JWA::ALGO_ES512;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function _curveName(): string
-    {
-        return CurveParameter::CURVE_P521;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _curveName(): string
+	{
+		return CurveParameter::CURVE_P521;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function _mdMethod(): int
-    {
-        return OPENSSL_ALGO_SHA512;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _mdMethod(): int
+	{
+		return OPENSSL_ALGO_SHA512;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\JWX\JWS\Algorithm;
 

lib/JWX/JWS/Algorithm/HS256Algorithm.php

Indentation +14 added lines, -14 removed lines

@@ -13,19 +13,19 @@
  */
 class HS256Algorithm extends HMACAlgorithm
 {
-    /**
-     * {@inheritdoc}
-     */
-    public function algorithmParamValue(): string
-    {
-        return JWA::ALGO_HS256;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public function algorithmParamValue(): string
+	{
+		return JWA::ALGO_HS256;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function _hashAlgo(): string
-    {
-        return 'sha256';
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _hashAlgo(): string
+	{
+		return 'sha256';
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\JWX\JWS\Algorithm;
 

lib/JWX/JWS/Algorithm/RS256Algorithm.php

Indentation +14 added lines, -14 removed lines

@@ -13,19 +13,19 @@
  */
 class RS256Algorithm extends RSASSAPKCS1Algorithm
 {
-    /**
-     * {@inheritdoc}
-     */
-    public function algorithmParamValue(): string
-    {
-        return JWA::ALGO_RS256;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	public function algorithmParamValue(): string
+	{
+		return JWA::ALGO_RS256;
+	}
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function _mdMethod(): int
-    {
-        return OPENSSL_ALGO_SHA256;
-    }
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function _mdMethod(): int
+	{
+		return OPENSSL_ALGO_SHA256;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\JWX\JWS\Algorithm;
 

lib/JWX/Util/UUIDv4.php

Indentation +55 added lines, -55 removed lines

@@ -28,40 +28,40 @@ 
  */
 class UUIDv4
 {
-    /**
-     * UUID.
-     *
-     * @var string
-     */
-    protected $_uuid;
+	/**
+	 * UUID.
+	 *
+	 * @var string
+	 */
+	protected $_uuid;
 
-    /**
-     * Constructor.
-     *
-     * @param string $uuid UUIDv4 in canonical hexadecimal format
-     */
-    public function __construct(string $uuid)
-    {
-        // @todo Check that UUID is version 4
-        $this->_uuid = $uuid;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param string $uuid UUIDv4 in canonical hexadecimal format
+	 */
+	public function __construct(string $uuid)
+	{
+		// @todo Check that UUID is version 4
+		$this->_uuid = $uuid;
+	}
 
-    /**
-     * @return string
-     */
-    public function __toString(): string
-    {
-        return $this->canonical();
-    }
+	/**
+	 * @return string
+	 */
+	public function __toString(): string
+	{
+		return $this->canonical();
+	}
 
-    /**
-     * Create new random UUIDv4.
-     *
-     * @return self
-     */
-    public static function createRandom(): self
-    {
-        /*
+	/**
+	 * Create new random UUIDv4.
+	 *
+	 * @return self
+	 */
+	public static function createRandom(): self
+	{
+		/*
          1. Set the two most significant bits (bits 6 and 7) of
          the clock_seq_hi_and_reserved to zero and one, respectively.
 
@@ -72,29 +72,29 @@ 
          3. Set all the other bits to randomly (or pseudo-randomly)
          chosen values.
          */
-        $uuid = sprintf('%04x%04x-%04x-%04x-%02x%02x-%04x%04x%04x',
-            // time_low
-            mt_rand(0, 0xffff), mt_rand(0, 0xffff),
-            // time_mid
-            mt_rand(0, 0xffff),
-            // time_hi_and_version
-            mt_rand(0, 0x0fff) | 0x4000,
-            // clk_seq_hi_res
-            mt_rand(0, 0x3f) | 0x80,
-            // clk_seq_low
-            mt_rand(0, 0xff),
-            // node
-            mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff));
-        return new self($uuid);
-    }
+		$uuid = sprintf('%04x%04x-%04x-%04x-%02x%02x-%04x%04x%04x',
+			// time_low
+			mt_rand(0, 0xffff), mt_rand(0, 0xffff),
+			// time_mid
+			mt_rand(0, 0xffff),
+			// time_hi_and_version
+			mt_rand(0, 0x0fff) | 0x4000,
+			// clk_seq_hi_res
+			mt_rand(0, 0x3f) | 0x80,
+			// clk_seq_low
+			mt_rand(0, 0xff),
+			// node
+			mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff));
+		return new self($uuid);
+	}
 
-    /**
-     * Get UUIDv4 in canonical form.
-     *
-     * @return string
-     */
-    public function canonical(): string
-    {
-        return $this->_uuid;
-    }
+	/**
+	 * Get UUIDv4 in canonical form.
+	 *
+	 * @return string
+	 */
+	public function canonical(): string
+	{
+		return $this->_uuid;
+	}
 }

Spacing +3 added lines, -3 removed lines

@@ -1,6 +1,6 @@ 
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\JWX\Util;
 
@@ -78,9 +78,9 @@ 
             // time_mid
             mt_rand(0, 0xffff),
             // time_hi_and_version
-            mt_rand(0, 0x0fff) | 0x4000,
+            mt_rand(0, 0x0fff)|0x4000,
             // clk_seq_hi_res
-            mt_rand(0, 0x3f) | 0x80,
+            mt_rand(0, 0x3f)|0x80,
             // clk_seq_low
             mt_rand(0, 0xff),
             // node

lib/JWX/Util/BigInt.php

Indentation +76 added lines, -76 removed lines

@@ -9,87 +9,87 @@
  */
 class BigInt
 {
-    /**
-     * Number.
-     *
-     * @var \GMP
-     */
-    protected $_num;
+	/**
+	 * Number.
+	 *
+	 * @var \GMP
+	 */
+	protected $_num;
 
-    /**
-     * Constructor.
-     *
-     * @param \GMP $num GMP number
-     */
-    protected function __construct(\GMP $num)
-    {
-        $this->_num = $num;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param \GMP $num GMP number
+	 */
+	protected function __construct(\GMP $num)
+	{
+		$this->_num = $num;
+	}
 
-    /**
-     * @return string
-     */
-    public function __toString(): string
-    {
-        return $this->base10();
-    }
+	/**
+	 * @return string
+	 */
+	public function __toString(): string
+	{
+		return $this->base10();
+	}
 
-    /**
-     * Initialize from a base10 number.
-     *
-     * @param int|string $number
-     *
-     * @return self
-     */
-    public static function fromBase10($number): self
-    {
-        $num = gmp_init($number, 10);
-        return new self($num);
-    }
+	/**
+	 * Initialize from a base10 number.
+	 *
+	 * @param int|string $number
+	 *
+	 * @return self
+	 */
+	public static function fromBase10($number): self
+	{
+		$num = gmp_init($number, 10);
+		return new self($num);
+	}
 
-    /**
-     * Initialize from a base256 number.
-     *
-     * Base64 number is an octet string of big endian, most significant word
-     * first integer.
-     *
-     * @param string $octets
-     *
-     * @return self
-     */
-    public static function fromBase256(string $octets): self
-    {
-        $num = gmp_import($octets, 1, GMP_MSW_FIRST | GMP_BIG_ENDIAN);
-        return new self($num);
-    }
+	/**
+	 * Initialize from a base256 number.
+	 *
+	 * Base64 number is an octet string of big endian, most significant word
+	 * first integer.
+	 *
+	 * @param string $octets
+	 *
+	 * @return self
+	 */
+	public static function fromBase256(string $octets): self
+	{
+		$num = gmp_import($octets, 1, GMP_MSW_FIRST | GMP_BIG_ENDIAN);
+		return new self($num);
+	}
 
-    /**
-     * Convert to base10 string.
-     *
-     * @return string
-     */
-    public function base10(): string
-    {
-        return gmp_strval($this->_num, 10);
-    }
+	/**
+	 * Convert to base10 string.
+	 *
+	 * @return string
+	 */
+	public function base10(): string
+	{
+		return gmp_strval($this->_num, 10);
+	}
 
-    /**
-     * Convert to base16 string.
-     *
-     * @return string
-     */
-    public function base16(): string
-    {
-        return gmp_strval($this->_num, 16);
-    }
+	/**
+	 * Convert to base16 string.
+	 *
+	 * @return string
+	 */
+	public function base16(): string
+	{
+		return gmp_strval($this->_num, 16);
+	}
 
-    /**
-     * Convert to base256 string.
-     *
-     * @return string
-     */
-    public function base256(): string
-    {
-        return gmp_export($this->_num, 1, GMP_MSW_FIRST | GMP_BIG_ENDIAN);
-    }
+	/**
+	 * Convert to base256 string.
+	 *
+	 * @return string
+	 */
+	public function base256(): string
+	{
+		return gmp_export($this->_num, 1, GMP_MSW_FIRST | GMP_BIG_ENDIAN);
+	}
 }

Spacing +3 added lines, -3 removed lines

@@ -1,6 +1,6 @@ 
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\JWX\Util;
 
@@ -59,7 +59,7 @@ 
      */
     public static function fromBase256(string $octets): self
     {
-        $num = gmp_import($octets, 1, GMP_MSW_FIRST | GMP_BIG_ENDIAN);
+        $num = gmp_import($octets, 1, GMP_MSW_FIRST|GMP_BIG_ENDIAN);
         return new self($num);
     }
 
@@ -90,6 +90,6 @@ 
      */
     public function base256(): string
     {
-        return gmp_export($this->_num, 1, GMP_MSW_FIRST | GMP_BIG_ENDIAN);
+        return gmp_export($this->_num, 1, GMP_MSW_FIRST|GMP_BIG_ENDIAN);
     }
 }

lib/JWX/Util/Base64.php

Indentation +102 added lines, -102 removed lines

@@ -9,111 +9,111 @@
  */
 class Base64
 {
-    /**
-     * Encode a string using base64url variant.
-     *
-     * @see https://en.wikipedia.org/wiki/Base64#URL_applications
-     *
-     * @param string $data
-     *
-     * @return string
-     */
-    public static function urlEncode(string $data): string
-    {
-        return strtr(rtrim(self::encode($data), '='), '+/', '-_');
-    }
+	/**
+	 * Encode a string using base64url variant.
+	 *
+	 * @see https://en.wikipedia.org/wiki/Base64#URL_applications
+	 *
+	 * @param string $data
+	 *
+	 * @return string
+	 */
+	public static function urlEncode(string $data): string
+	{
+		return strtr(rtrim(self::encode($data), '='), '+/', '-_');
+	}
 
-    /**
-     * Decode a string using base64url variant.
-     *
-     * @see https://en.wikipedia.org/wiki/Base64#URL_applications
-     *
-     * @param string $data
-     *
-     * @throws \UnexpectedValueException
-     *
-     * @return string
-     */
-    public static function urlDecode(string $data): string
-    {
-        $data = strtr($data, '-_', '+/');
-        switch (strlen($data) % 4) {
-            case 0:
-                break;
-            case 2:
-                $data .= '==';
-                break;
-            case 3:
-                $data .= '=';
-                break;
-            default:
-                throw new \UnexpectedValueException(
-                    'Malformed base64url encoding.');
-        }
-        return self::decode($data);
-    }
+	/**
+	 * Decode a string using base64url variant.
+	 *
+	 * @see https://en.wikipedia.org/wiki/Base64#URL_applications
+	 *
+	 * @param string $data
+	 *
+	 * @throws \UnexpectedValueException
+	 *
+	 * @return string
+	 */
+	public static function urlDecode(string $data): string
+	{
+		$data = strtr($data, '-_', '+/');
+		switch (strlen($data) % 4) {
+			case 0:
+				break;
+			case 2:
+				$data .= '==';
+				break;
+			case 3:
+				$data .= '=';
+				break;
+			default:
+				throw new \UnexpectedValueException(
+					'Malformed base64url encoding.');
+		}
+		return self::decode($data);
+	}
 
-    /**
-     * Check whether string is validly base64url encoded.
-     *
-     * @see https://en.wikipedia.org/wiki/Base64#URL_applications
-     *
-     * @param string $data
-     *
-     * @return bool
-     */
-    public static function isValidURLEncoding(string $data): bool
-    {
-        return 1 === preg_match('#^[A-Za-z0-9\-_]*$#', $data);
-    }
+	/**
+	 * Check whether string is validly base64url encoded.
+	 *
+	 * @see https://en.wikipedia.org/wiki/Base64#URL_applications
+	 *
+	 * @param string $data
+	 *
+	 * @return bool
+	 */
+	public static function isValidURLEncoding(string $data): bool
+	{
+		return 1 === preg_match('#^[A-Za-z0-9\-_]*$#', $data);
+	}
 
-    /**
-     * Encode a string in base64.
-     *
-     * @see https://tools.ietf.org/html/rfc4648#section-4
-     *
-     * @param string $data
-     *
-     * @return string
-     */
-    public static function encode(string $data): string
-    {
-        return base64_encode($data);
-    }
+	/**
+	 * Encode a string in base64.
+	 *
+	 * @see https://tools.ietf.org/html/rfc4648#section-4
+	 *
+	 * @param string $data
+	 *
+	 * @return string
+	 */
+	public static function encode(string $data): string
+	{
+		return base64_encode($data);
+	}
 
-    /**
-     * Decode a string from base64 encoding.
-     *
-     * @see https://tools.ietf.org/html/rfc4648#section-4
-     *
-     * @param string $data
-     *
-     * @throws \RuntimeException If decoding fails
-     *
-     * @return string
-     */
-    public static function decode(string $data): string
-    {
-        $ret = base64_decode($data, true);
-        if (!is_string($ret)) {
-            $err = error_get_last();
-            $msg = isset($err) && __FILE__ === $err['file'] ? $err['message'] : null;
-            throw new \RuntimeException($msg ?? 'base64_decode() failed.');
-        }
-        return $ret;
-    }
+	/**
+	 * Decode a string from base64 encoding.
+	 *
+	 * @see https://tools.ietf.org/html/rfc4648#section-4
+	 *
+	 * @param string $data
+	 *
+	 * @throws \RuntimeException If decoding fails
+	 *
+	 * @return string
+	 */
+	public static function decode(string $data): string
+	{
+		$ret = base64_decode($data, true);
+		if (!is_string($ret)) {
+			$err = error_get_last();
+			$msg = isset($err) && __FILE__ === $err['file'] ? $err['message'] : null;
+			throw new \RuntimeException($msg ?? 'base64_decode() failed.');
+		}
+		return $ret;
+	}
 
-    /**
-     * Check whether string is validly base64 encoded.
-     *
-     * @see https://tools.ietf.org/html/rfc4648#section-4
-     *
-     * @param string $data
-     *
-     * @return bool
-     */
-    public static function isValid(string $data): bool
-    {
-        return 1 === preg_match('#^[A-Za-z0-9+/]*={0,2}$#', $data);
-    }
+	/**
+	 * Check whether string is validly base64 encoded.
+	 *
+	 * @see https://tools.ietf.org/html/rfc4648#section-4
+	 *
+	 * @param string $data
+	 *
+	 * @return bool
+	 */
+	public static function isValid(string $data): bool
+	{
+		return 1 === preg_match('#^[A-Za-z0-9+/]*={0,2}$#', $data);
+	}
 }

Switch Indentation +11 added lines, -11 removed lines

@@ -38,17 +38,17 @@
     {
         $data = strtr($data, '-_', '+/');
         switch (strlen($data) % 4) {
-            case 0:
-                break;
-            case 2:
-                $data .= '==';
-                break;
-            case 3:
-                $data .= '=';
-                break;
-            default:
-                throw new \UnexpectedValueException(
-                    'Malformed base64url encoding.');
+        case 0:
+            break;
+        case 2:
+            $data .= '==';
+            break;
+        case 3:
+            $data .= '=';
+            break;
+        default:
+            throw new \UnexpectedValueException(
+                'Malformed base64url encoding.');
         }
         return self::decode($data);
     }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\JWX\Util;
 

lib/JWX/JWA/JWA.php

Indentation +217 added lines, -217 removed lines

@@ -15,221 +15,221 @@
  */
 abstract class JWA
 {
-    /**
-     * HMAC using SHA-256.
-     */
-    const ALGO_HS256 = 'HS256';
-
-    /**
-     * HMAC using SHA-384.
-     */
-    const ALGO_HS384 = 'HS384';
-
-    /**
-     * HMAC using SHA-512.
-     */
-    const ALGO_HS512 = 'HS512';
-
-    /**
-     * RSASSA-PKCS1-v1_5 using SHA-256.
-     */
-    const ALGO_RS256 = 'RS256';
-
-    /**
-     * RSASSA-PKCS1-v1_5 using SHA-384.
-     */
-    const ALGO_RS384 = 'RS384';
-
-    /**
-     * RSASSA-PKCS1-v1_5 using SHA-512.
-     */
-    const ALGO_RS512 = 'RS512';
-
-    /**
-     * ECDSA using P-256 and SHA-256.
-     */
-    const ALGO_ES256 = 'ES256';
-
-    /**
-     * ECDSA using P-384 and SHA-384.
-     */
-    const ALGO_ES384 = 'ES384';
-
-    /**
-     * ECDSA using P-521 and SHA-512.
-     */
-    const ALGO_ES512 = 'ES512';
-
-    /**
-     * RSASSA-PSS using SHA-256 and MGF1 with SHA-256.
-     */
-    const ALGO_PS256 = 'PS256';
-
-    /**
-     * RSASSA-PSS using SHA-384 and MGF1 with SHA-384.
-     */
-    const ALGO_PS384 = 'PS384';
-
-    /**
-     * RSASSA-PSS using SHA-512 and MGF1 with SHA-512.
-     */
-    const ALGO_PS512 = 'PS512';
-
-    /**
-     * No digital signature or MAC performed.
-     */
-    const ALGO_NONE = 'none';
-
-    /**
-     * RSAES-PKCS1-v1_5.
-     */
-    const ALGO_RSA1_5 = 'RSA1_5';
-
-    /**
-     * RSAES OAEP using default parameters.
-     */
-    const ALGO_RSA_OAEP = 'RSA-OAEP';
-
-    /**
-     * RSAES OAEP using SHA-256 and MGF1 with SHA-256.
-     */
-    const ALGO_RSA_OAEP256 = 'RSA-OAEP-256';
-
-    /**
-     * AES Key Wrap using 128-bit key.
-     */
-    const ALGO_A128KW = 'A128KW';
-
-    /**
-     * AES Key Wrap using 192-bit key.
-     */
-    const ALGO_A192KW = 'A192KW';
-
-    /**
-     * AES Key Wrap using 256-bit key.
-     */
-    const ALGO_A256KW = 'A256KW';
-
-    /**
-     * Direct use of a shared symmetric key.
-     */
-    const ALGO_DIR = 'dir';
-
-    /**
-     * ECDH-ES using Concat KDF.
-     */
-    const ALGO_ECDH_ES = 'ECDH-ES';
-
-    /**
-     * ECDH-ES using Concat KDF and "A128KW" wrapping.
-     */
-    const ALGO_ECDH_ES_A128KW = 'ECDH-ES+A128KW';
-
-    /**
-     * ECDH-ES using Concat KDF and "A192KW" wrapping.
-     */
-    const ALGO_ECDH_ES_A192KW = 'ECDH-ES+A192KW';
-
-    /**
-     * ECDH-ES using Concat KDF and "A256KW" wrapping.
-     */
-    const ALGO_ECDH_ES_A256KW = 'ECDH-ES+A256KW';
-
-    /**
-     * Key wrapping with AES GCM using 128-bit key.
-     */
-    const ALGO_A128GCMKW = 'A128GCMKW';
-
-    /**
-     * Key wrapping with AES GCM using 192-bit key.
-     */
-    const ALGO_A192GCMKW = 'A192GCMKW';
-
-    /**
-     * Key wrapping with AES GCM using 256-bit key.
-     */
-    const ALGO_A256GCMKW = 'A256GCMKW';
-
-    /**
-     * PBES2 with HMAC SHA-256 and "A128KW" wrapping.
-     */
-    const ALGO_PBES2_HS256_A128KW = 'PBES2-HS256+A128KW';
-
-    /**
-     * PBES2 with HMAC SHA-384 and "A192KW" wrapping.
-     */
-    const ALGO_PBES2_HS384_A192KW = 'PBES2-HS384+A192KW';
-
-    /**
-     * PBES2 with HMAC SHA-512 and "A256KW" wrapping.
-     */
-    const ALGO_PBES2_HS512_A256KW = 'PBES2-HS512+A256KW';
-
-    /**
-     * AES_128_CBC_HMAC_SHA_256 authenticated encryption algorithm.
-     */
-    const ALGO_A128CBC_HS256 = 'A128CBC-HS256';
-
-    /**
-     * AES_192_CBC_HMAC_SHA_384 authenticated encryption algorithm.
-     */
-    const ALGO_A192CBC_HS384 = 'A192CBC-HS384';
-
-    /**
-     * AES_256_CBC_HMAC_SHA_512 authenticated encryption algorithm.
-     */
-    const ALGO_A256CBC_HS512 = 'A256CBC-HS512';
-
-    /**
-     * AES GCM using 128-bit key.
-     */
-    const ALGO_A128GCM = 'A128GCM';
-
-    /**
-     * AES GCM using 192-bit key.
-     */
-    const ALGO_A192GCM = 'A192GCM';
-
-    /**
-     * AES GCM using 256-bit key.
-     */
-    const ALGO_A256GCM = 'A256GCM';
-
-    /**
-     * DEFLATE compression.
-     */
-    const ALGO_DEFLATE = 'DEF';
-
-    /**
-     * Derive algorithm name from the header and optionally from the given JWK.
-     *
-     * @param Header $header Header
-     * @param JWK    $jwk    Optional JWK
-     *
-     * @throws \UnexpectedValueException if algorithm parameter is not present
-     *                                   or header and JWK algorithms differ
-     *
-     * @return string Algorithm name
-     */
-    public static function deriveAlgorithmName(Header $header, ?JWK $jwk = null): string
-    {
-        if ($header->hasAlgorithm()) {
-            $alg = $header->algorithm()->value();
-        }
-        // if JWK is set, and has an algorithm parameter
-        if (isset($jwk) && $jwk->hasAlgorithmParameter()) {
-            $jwk_alg = $jwk->algorithmParameter()->value();
-            // check that algorithms match
-            if (isset($alg) && $alg !== $jwk_alg) {
-                throw new \UnexpectedValueException(
-                    "JWK algorithm '{$jwk_alg}' doesn't match" .
-                         " the header's algorithm '{$alg}'.");
-            }
-            $alg = $jwk_alg;
-        }
-        if (!isset($alg)) {
-            throw new \UnexpectedValueException('No algorithm parameter.');
-        }
-        return $alg;
-    }
+	/**
+	 * HMAC using SHA-256.
+	 */
+	const ALGO_HS256 = 'HS256';
+
+	/**
+	 * HMAC using SHA-384.
+	 */
+	const ALGO_HS384 = 'HS384';
+
+	/**
+	 * HMAC using SHA-512.
+	 */
+	const ALGO_HS512 = 'HS512';
+
+	/**
+	 * RSASSA-PKCS1-v1_5 using SHA-256.
+	 */
+	const ALGO_RS256 = 'RS256';
+
+	/**
+	 * RSASSA-PKCS1-v1_5 using SHA-384.
+	 */
+	const ALGO_RS384 = 'RS384';
+
+	/**
+	 * RSASSA-PKCS1-v1_5 using SHA-512.
+	 */
+	const ALGO_RS512 = 'RS512';
+
+	/**
+	 * ECDSA using P-256 and SHA-256.
+	 */
+	const ALGO_ES256 = 'ES256';
+
+	/**
+	 * ECDSA using P-384 and SHA-384.
+	 */
+	const ALGO_ES384 = 'ES384';
+
+	/**
+	 * ECDSA using P-521 and SHA-512.
+	 */
+	const ALGO_ES512 = 'ES512';
+
+	/**
+	 * RSASSA-PSS using SHA-256 and MGF1 with SHA-256.
+	 */
+	const ALGO_PS256 = 'PS256';
+
+	/**
+	 * RSASSA-PSS using SHA-384 and MGF1 with SHA-384.
+	 */
+	const ALGO_PS384 = 'PS384';
+
+	/**
+	 * RSASSA-PSS using SHA-512 and MGF1 with SHA-512.
+	 */
+	const ALGO_PS512 = 'PS512';
+
+	/**
+	 * No digital signature or MAC performed.
+	 */
+	const ALGO_NONE = 'none';
+
+	/**
+	 * RSAES-PKCS1-v1_5.
+	 */
+	const ALGO_RSA1_5 = 'RSA1_5';
+
+	/**
+	 * RSAES OAEP using default parameters.
+	 */
+	const ALGO_RSA_OAEP = 'RSA-OAEP';
+
+	/**
+	 * RSAES OAEP using SHA-256 and MGF1 with SHA-256.
+	 */
+	const ALGO_RSA_OAEP256 = 'RSA-OAEP-256';
+
+	/**
+	 * AES Key Wrap using 128-bit key.
+	 */
+	const ALGO_A128KW = 'A128KW';
+
+	/**
+	 * AES Key Wrap using 192-bit key.
+	 */
+	const ALGO_A192KW = 'A192KW';
+
+	/**
+	 * AES Key Wrap using 256-bit key.
+	 */
+	const ALGO_A256KW = 'A256KW';
+
+	/**
+	 * Direct use of a shared symmetric key.
+	 */
+	const ALGO_DIR = 'dir';
+
+	/**
+	 * ECDH-ES using Concat KDF.
+	 */
+	const ALGO_ECDH_ES = 'ECDH-ES';
+
+	/**
+	 * ECDH-ES using Concat KDF and "A128KW" wrapping.
+	 */
+	const ALGO_ECDH_ES_A128KW = 'ECDH-ES+A128KW';
+
+	/**
+	 * ECDH-ES using Concat KDF and "A192KW" wrapping.
+	 */
+	const ALGO_ECDH_ES_A192KW = 'ECDH-ES+A192KW';
+
+	/**
+	 * ECDH-ES using Concat KDF and "A256KW" wrapping.
+	 */
+	const ALGO_ECDH_ES_A256KW = 'ECDH-ES+A256KW';
+
+	/**
+	 * Key wrapping with AES GCM using 128-bit key.
+	 */
+	const ALGO_A128GCMKW = 'A128GCMKW';
+
+	/**
+	 * Key wrapping with AES GCM using 192-bit key.
+	 */
+	const ALGO_A192GCMKW = 'A192GCMKW';
+
+	/**
+	 * Key wrapping with AES GCM using 256-bit key.
+	 */
+	const ALGO_A256GCMKW = 'A256GCMKW';
+
+	/**
+	 * PBES2 with HMAC SHA-256 and "A128KW" wrapping.
+	 */
+	const ALGO_PBES2_HS256_A128KW = 'PBES2-HS256+A128KW';
+
+	/**
+	 * PBES2 with HMAC SHA-384 and "A192KW" wrapping.
+	 */
+	const ALGO_PBES2_HS384_A192KW = 'PBES2-HS384+A192KW';
+
+	/**
+	 * PBES2 with HMAC SHA-512 and "A256KW" wrapping.
+	 */
+	const ALGO_PBES2_HS512_A256KW = 'PBES2-HS512+A256KW';
+
+	/**
+	 * AES_128_CBC_HMAC_SHA_256 authenticated encryption algorithm.
+	 */
+	const ALGO_A128CBC_HS256 = 'A128CBC-HS256';
+
+	/**
+	 * AES_192_CBC_HMAC_SHA_384 authenticated encryption algorithm.
+	 */
+	const ALGO_A192CBC_HS384 = 'A192CBC-HS384';
+
+	/**
+	 * AES_256_CBC_HMAC_SHA_512 authenticated encryption algorithm.
+	 */
+	const ALGO_A256CBC_HS512 = 'A256CBC-HS512';
+
+	/**
+	 * AES GCM using 128-bit key.
+	 */
+	const ALGO_A128GCM = 'A128GCM';
+
+	/**
+	 * AES GCM using 192-bit key.
+	 */
+	const ALGO_A192GCM = 'A192GCM';
+
+	/**
+	 * AES GCM using 256-bit key.
+	 */
+	const ALGO_A256GCM = 'A256GCM';
+
+	/**
+	 * DEFLATE compression.
+	 */
+	const ALGO_DEFLATE = 'DEF';
+
+	/**
+	 * Derive algorithm name from the header and optionally from the given JWK.
+	 *
+	 * @param Header $header Header
+	 * @param JWK    $jwk    Optional JWK
+	 *
+	 * @throws \UnexpectedValueException if algorithm parameter is not present
+	 *                                   or header and JWK algorithms differ
+	 *
+	 * @return string Algorithm name
+	 */
+	public static function deriveAlgorithmName(Header $header, ?JWK $jwk = null): string
+	{
+		if ($header->hasAlgorithm()) {
+			$alg = $header->algorithm()->value();
+		}
+		// if JWK is set, and has an algorithm parameter
+		if (isset($jwk) && $jwk->hasAlgorithmParameter()) {
+			$jwk_alg = $jwk->algorithmParameter()->value();
+			// check that algorithms match
+			if (isset($alg) && $alg !== $jwk_alg) {
+				throw new \UnexpectedValueException(
+					"JWK algorithm '{$jwk_alg}' doesn't match" .
+						 " the header's algorithm '{$alg}'.");
+			}
+			$alg = $jwk_alg;
+		}
+		if (!isset($alg)) {
+			throw new \UnexpectedValueException('No algorithm parameter.');
+		}
+		return $alg;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\JWX\JWA;
 

lib/JWX/JWE/JWE.php

Indentation +336 added lines, -336 removed lines

@@ -20,362 +20,362 @@
  */
 class JWE
 {
-    /**
-     * Protected header.
-     *
-     * @var Header
-     */
-    protected $_protectedHeader;
+	/**
+	 * Protected header.
+	 *
+	 * @var Header
+	 */
+	protected $_protectedHeader;
 
-    /**
-     * Encrypted key.
-     *
-     * @var string
-     */
-    protected $_encryptedKey;
+	/**
+	 * Encrypted key.
+	 *
+	 * @var string
+	 */
+	protected $_encryptedKey;
 
-    /**
-     * Initialization vector.
-     *
-     * @var string
-     */
-    protected $_iv;
+	/**
+	 * Initialization vector.
+	 *
+	 * @var string
+	 */
+	protected $_iv;
 
-    /**
-     * Additional authenticated data.
-     *
-     * @var null|string
-     */
-    protected $_aad;
+	/**
+	 * Additional authenticated data.
+	 *
+	 * @var null|string
+	 */
+	protected $_aad;
 
-    /**
-     * Ciphertext.
-     *
-     * @var string
-     */
-    protected $_ciphertext;
+	/**
+	 * Ciphertext.
+	 *
+	 * @var string
+	 */
+	protected $_ciphertext;
 
-    /**
-     * Authentication tag.
-     *
-     * @var string
-     */
-    protected $_authenticationTag;
+	/**
+	 * Authentication tag.
+	 *
+	 * @var string
+	 */
+	protected $_authenticationTag;
 
-    /**
-     * Constructor.
-     *
-     * @param Header      $protected_header JWE Protected Header
-     * @param string      $encrypted_key    Encrypted key
-     * @param string      $iv               Initialization vector
-     * @param string      $ciphertext       Ciphertext
-     * @param string      $auth_tag         Authentication tag
-     * @param null|string $aad              Additional authenticated data
-     */
-    public function __construct(Header $protected_header, string $encrypted_key,
-        string $iv, string $ciphertext, string $auth_tag, ?string $aad = null)
-    {
-        $this->_protectedHeader = $protected_header;
-        $this->_encryptedKey = $encrypted_key;
-        $this->_iv = $iv;
-        $this->_aad = $aad;
-        $this->_ciphertext = $ciphertext;
-        $this->_authenticationTag = $auth_tag;
-    }
+	/**
+	 * Constructor.
+	 *
+	 * @param Header      $protected_header JWE Protected Header
+	 * @param string      $encrypted_key    Encrypted key
+	 * @param string      $iv               Initialization vector
+	 * @param string      $ciphertext       Ciphertext
+	 * @param string      $auth_tag         Authentication tag
+	 * @param null|string $aad              Additional authenticated data
+	 */
+	public function __construct(Header $protected_header, string $encrypted_key,
+		string $iv, string $ciphertext, string $auth_tag, ?string $aad = null)
+	{
+		$this->_protectedHeader = $protected_header;
+		$this->_encryptedKey = $encrypted_key;
+		$this->_iv = $iv;
+		$this->_aad = $aad;
+		$this->_ciphertext = $ciphertext;
+		$this->_authenticationTag = $auth_tag;
+	}
 
-    /**
-     * Convert JWE to string.
-     *
-     * @return string
-     */
-    public function __toString(): string
-    {
-        return $this->toCompact();
-    }
+	/**
+	 * Convert JWE to string.
+	 *
+	 * @return string
+	 */
+	public function __toString(): string
+	{
+		return $this->toCompact();
+	}
 
-    /**
-     * Initialize from compact serialization.
-     *
-     * @param string $data
-     *
-     * @return self
-     */
-    public static function fromCompact(string $data): self
-    {
-        return self::fromParts(explode('.', $data));
-    }
+	/**
+	 * Initialize from compact serialization.
+	 *
+	 * @param string $data
+	 *
+	 * @return self
+	 */
+	public static function fromCompact(string $data): self
+	{
+		return self::fromParts(explode('.', $data));
+	}
 
-    /**
-     * Initialize from parts of compact serialization.
-     *
-     * @param array $parts
-     *
-     * @throws \UnexpectedValueException
-     *
-     * @return self
-     */
-    public static function fromParts(array $parts): self
-    {
-        if (5 !== count($parts)) {
-            throw new \UnexpectedValueException(
-                'Invalid JWE compact serialization.');
-        }
-        $header = Header::fromJSON(Base64::urlDecode($parts[0]));
-        $encrypted_key = Base64::urlDecode($parts[1]);
-        $iv = Base64::urlDecode($parts[2]);
-        $ciphertext = Base64::urlDecode($parts[3]);
-        $auth_tag = Base64::urlDecode($parts[4]);
-        return new self($header, $encrypted_key, $iv, $ciphertext, $auth_tag);
-    }
+	/**
+	 * Initialize from parts of compact serialization.
+	 *
+	 * @param array $parts
+	 *
+	 * @throws \UnexpectedValueException
+	 *
+	 * @return self
+	 */
+	public static function fromParts(array $parts): self
+	{
+		if (5 !== count($parts)) {
+			throw new \UnexpectedValueException(
+				'Invalid JWE compact serialization.');
+		}
+		$header = Header::fromJSON(Base64::urlDecode($parts[0]));
+		$encrypted_key = Base64::urlDecode($parts[1]);
+		$iv = Base64::urlDecode($parts[2]);
+		$ciphertext = Base64::urlDecode($parts[3]);
+		$auth_tag = Base64::urlDecode($parts[4]);
+		return new self($header, $encrypted_key, $iv, $ciphertext, $auth_tag);
+	}
 
-    /**
-     * Initialize by encrypting the given payload.
-     *
-     * @param string                     $payload  Payload
-     * @param KeyManagementAlgorithm     $key_algo Key management algorithm
-     * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
-     * @param null|CompressionAlgorithm  $zip_algo Optional compression algorithm
-     * @param null|Header                $header   Optional desired header.
-     *                                             Algorithm specific parameters are
-     *                                             automatically added.
-     * @param null|string                $cek      Optional content encryption key.
-     *                                             Randomly enerated if not set.
-     * @param null|string                $iv       Optional initialization vector.
-     *                                             Randomly generated if not set.
-     *
-     * @throws \RuntimeException If encrypt fails
-     *
-     * @return self
-     */
-    public static function encrypt(string $payload,
-        KeyManagementAlgorithm $key_algo, ContentEncryptionAlgorithm $enc_algo,
-        ?CompressionAlgorithm $zip_algo = null, ?Header $header = null,
-        ?string $cek = null, ?string $iv = null): self
-    {
-        // if header was not given, initialize empty
-        if (!isset($header)) {
-            $header = new Header();
-        }
-        // generate random CEK
-        if (!isset($cek)) {
-            $cek = $key_algo->cekForEncryption($enc_algo->keySize());
-        }
-        // generate random IV
-        if (!isset($iv)) {
-            $iv = openssl_random_pseudo_bytes($enc_algo->ivSize());
-        }
-        // compress
-        if (isset($zip_algo)) {
-            $payload = $zip_algo->compress($payload);
-            $header = $header->withParameters(...$zip_algo->headerParameters());
-        }
-        return self::_encryptContent($payload, $cek, $iv,
-            $key_algo, $enc_algo, $header);
-    }
+	/**
+	 * Initialize by encrypting the given payload.
+	 *
+	 * @param string                     $payload  Payload
+	 * @param KeyManagementAlgorithm     $key_algo Key management algorithm
+	 * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
+	 * @param null|CompressionAlgorithm  $zip_algo Optional compression algorithm
+	 * @param null|Header                $header   Optional desired header.
+	 *                                             Algorithm specific parameters are
+	 *                                             automatically added.
+	 * @param null|string                $cek      Optional content encryption key.
+	 *                                             Randomly enerated if not set.
+	 * @param null|string                $iv       Optional initialization vector.
+	 *                                             Randomly generated if not set.
+	 *
+	 * @throws \RuntimeException If encrypt fails
+	 *
+	 * @return self
+	 */
+	public static function encrypt(string $payload,
+		KeyManagementAlgorithm $key_algo, ContentEncryptionAlgorithm $enc_algo,
+		?CompressionAlgorithm $zip_algo = null, ?Header $header = null,
+		?string $cek = null, ?string $iv = null): self
+	{
+		// if header was not given, initialize empty
+		if (!isset($header)) {
+			$header = new Header();
+		}
+		// generate random CEK
+		if (!isset($cek)) {
+			$cek = $key_algo->cekForEncryption($enc_algo->keySize());
+		}
+		// generate random IV
+		if (!isset($iv)) {
+			$iv = openssl_random_pseudo_bytes($enc_algo->ivSize());
+		}
+		// compress
+		if (isset($zip_algo)) {
+			$payload = $zip_algo->compress($payload);
+			$header = $header->withParameters(...$zip_algo->headerParameters());
+		}
+		return self::_encryptContent($payload, $cek, $iv,
+			$key_algo, $enc_algo, $header);
+	}
 
-    /**
-     * Decrypt the content using explicit algorithms.
-     *
-     * @param KeyManagementAlgorithm     $key_algo Key management algorithm
-     * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
-     *
-     * @throws \RuntimeException If decrypt fails
-     *
-     * @return string Plaintext payload
-     */
-    public function decrypt(KeyManagementAlgorithm $key_algo,
-        ContentEncryptionAlgorithm $enc_algo): string
-    {
-        // check that key management algorithm matches
-        if ($key_algo->algorithmParamValue() !== $this->algorithmName()) {
-            throw new \UnexpectedValueException(
-                'Invalid key management algorithm.');
-        }
-        // check that encryption algorithm matches
-        if ($enc_algo->encryptionAlgorithmParamValue() !== $this->encryptionAlgorithmName()) {
-            throw new \UnexpectedValueException('Invalid encryption algorithm.');
-        }
-        $header = $this->header();
-        // decrypt content encryption key
-        $cek = $key_algo->decrypt($this->_encryptedKey, $header);
-        // decrypt payload
-        $aad = Base64::urlEncode($this->_protectedHeader->toJSON());
-        $payload = $enc_algo->decrypt($this->_ciphertext, $cek,
-            $this->_iv, $aad, $this->_authenticationTag);
-        // decompress
-        if ($header->hasCompressionAlgorithm()) {
-            $payload = CompressionFactory::algoByHeader($header)->decompress($payload);
-        }
-        return $payload;
-    }
+	/**
+	 * Decrypt the content using explicit algorithms.
+	 *
+	 * @param KeyManagementAlgorithm     $key_algo Key management algorithm
+	 * @param ContentEncryptionAlgorithm $enc_algo Content encryption algorithm
+	 *
+	 * @throws \RuntimeException If decrypt fails
+	 *
+	 * @return string Plaintext payload
+	 */
+	public function decrypt(KeyManagementAlgorithm $key_algo,
+		ContentEncryptionAlgorithm $enc_algo): string
+	{
+		// check that key management algorithm matches
+		if ($key_algo->algorithmParamValue() !== $this->algorithmName()) {
+			throw new \UnexpectedValueException(
+				'Invalid key management algorithm.');
+		}
+		// check that encryption algorithm matches
+		if ($enc_algo->encryptionAlgorithmParamValue() !== $this->encryptionAlgorithmName()) {
+			throw new \UnexpectedValueException('Invalid encryption algorithm.');
+		}
+		$header = $this->header();
+		// decrypt content encryption key
+		$cek = $key_algo->decrypt($this->_encryptedKey, $header);
+		// decrypt payload
+		$aad = Base64::urlEncode($this->_protectedHeader->toJSON());
+		$payload = $enc_algo->decrypt($this->_ciphertext, $cek,
+			$this->_iv, $aad, $this->_authenticationTag);
+		// decompress
+		if ($header->hasCompressionAlgorithm()) {
+			$payload = CompressionFactory::algoByHeader($header)->decompress($payload);
+		}
+		return $payload;
+	}
 
-    /**
-     * Decrypt content using given JWK.
-     *
-     * Key management and content encryption algorithms are determined from the
-     * header.
-     *
-     * @param JWK $jwk JSON Web Key
-     *
-     * @throws \RuntimeException If algorithm initialization fails
-     *
-     * @return string Plaintext payload
-     */
-    public function decryptWithJWK(JWK $jwk): string
-    {
-        $header = $this->header();
-        $key_algo = KeyManagementAlgorithm::fromJWK($jwk, $header);
-        $enc_algo = EncryptionAlgorithmFactory::algoByHeader($header);
-        return $this->decrypt($key_algo, $enc_algo);
-    }
+	/**
+	 * Decrypt content using given JWK.
+	 *
+	 * Key management and content encryption algorithms are determined from the
+	 * header.
+	 *
+	 * @param JWK $jwk JSON Web Key
+	 *
+	 * @throws \RuntimeException If algorithm initialization fails
+	 *
+	 * @return string Plaintext payload
+	 */
+	public function decryptWithJWK(JWK $jwk): string
+	{
+		$header = $this->header();
+		$key_algo = KeyManagementAlgorithm::fromJWK($jwk, $header);
+		$enc_algo = EncryptionAlgorithmFactory::algoByHeader($header);
+		return $this->decrypt($key_algo, $enc_algo);
+	}
 
-    /**
-     * Decrypt content using a key from the given JWK set.
-     *
-     * Correct key shall be sought by the key ID indicated by the header.
-     *
-     * @param JWKSet $set Set of JSON Web Keys
-     *
-     * @throws \RuntimeException If algorithm initialization fails
-     *
-     * @return string Plaintext payload
-     */
-    public function decryptWithJWKSet(JWKSet $set): string
-    {
-        if (!count($set)) {
-            throw new \RuntimeException('No keys.');
-        }
-        $header = $this->header();
-        $factory = new KeyAlgorithmFactory($header);
-        $key_algo = $factory->algoByKeys($set);
-        $enc_algo = EncryptionAlgorithmFactory::algoByHeader($header);
-        return $this->decrypt($key_algo, $enc_algo);
-    }
+	/**
+	 * Decrypt content using a key from the given JWK set.
+	 *
+	 * Correct key shall be sought by the key ID indicated by the header.
+	 *
+	 * @param JWKSet $set Set of JSON Web Keys
+	 *
+	 * @throws \RuntimeException If algorithm initialization fails
+	 *
+	 * @return string Plaintext payload
+	 */
+	public function decryptWithJWKSet(JWKSet $set): string
+	{
+		if (!count($set)) {
+			throw new \RuntimeException('No keys.');
+		}
+		$header = $this->header();
+		$factory = new KeyAlgorithmFactory($header);
+		$key_algo = $factory->algoByKeys($set);
+		$enc_algo = EncryptionAlgorithmFactory::algoByHeader($header);
+		return $this->decrypt($key_algo, $enc_algo);
+	}
 
-    /**
-     * Get JOSE header.
-     *
-     * @return JOSE
-     */
-    public function header(): JOSE
-    {
-        return new JOSE($this->_protectedHeader);
-    }
+	/**
+	 * Get JOSE header.
+	 *
+	 * @return JOSE
+	 */
+	public function header(): JOSE
+	{
+		return new JOSE($this->_protectedHeader);
+	}
 
-    /**
-     * Get the name of the key management algorithm.
-     *
-     * @return string
-     */
-    public function algorithmName(): string
-    {
-        return $this->header()->algorithm()->value();
-    }
+	/**
+	 * Get the name of the key management algorithm.
+	 *
+	 * @return string
+	 */
+	public function algorithmName(): string
+	{
+		return $this->header()->algorithm()->value();
+	}
 
-    /**
-     * Get the name of the encryption algorithm.
-     *
-     * @return string
-     */
-    public function encryptionAlgorithmName(): string
-    {
-        return $this->header()->encryptionAlgorithm()->value();
-    }
+	/**
+	 * Get the name of the encryption algorithm.
+	 *
+	 * @return string
+	 */
+	public function encryptionAlgorithmName(): string
+	{
+		return $this->header()->encryptionAlgorithm()->value();
+	}
 
-    /**
-     * Get encrypted CEK.
-     *
-     * @return string
-     */
-    public function encryptedKey(): string
-    {
-        return $this->_encryptedKey;
-    }
+	/**
+	 * Get encrypted CEK.
+	 *
+	 * @return string
+	 */
+	public function encryptedKey(): string
+	{
+		return $this->_encryptedKey;
+	}
 
-    /**
-     * Get initialization vector.
-     *
-     * @return string
-     */
-    public function initializationVector(): string
-    {
-        return $this->_iv;
-    }
+	/**
+	 * Get initialization vector.
+	 *
+	 * @return string
+	 */
+	public function initializationVector(): string
+	{
+		return $this->_iv;
+	}
 
-    /**
-     * Get ciphertext.
-     *
-     * @return string
-     */
-    public function ciphertext(): string
-    {
-        return $this->_ciphertext;
-    }
+	/**
+	 * Get ciphertext.
+	 *
+	 * @return string
+	 */
+	public function ciphertext(): string
+	{
+		return $this->_ciphertext;
+	}
 
-    /**
-     * Get authentication tag.
-     *
-     * @return string
-     */
-    public function authenticationTag(): string
-    {
-        return $this->_authenticationTag;
-    }
+	/**
+	 * Get authentication tag.
+	 *
+	 * @return string
+	 */
+	public function authenticationTag(): string
+	{
+		return $this->_authenticationTag;
+	}
 
-    /**
-     * Convert to compact serialization.
-     *
-     * @return string
-     */
-    public function toCompact(): string
-    {
-        return Base64::urlEncode($this->_protectedHeader->toJSON()) . '.' .
-             Base64::urlEncode($this->_encryptedKey) . '.' .
-             Base64::urlEncode($this->_iv) . '.' .
-             Base64::urlEncode($this->_ciphertext) . '.' .
-             Base64::urlEncode($this->_authenticationTag);
-    }
+	/**
+	 * Convert to compact serialization.
+	 *
+	 * @return string
+	 */
+	public function toCompact(): string
+	{
+		return Base64::urlEncode($this->_protectedHeader->toJSON()) . '.' .
+			 Base64::urlEncode($this->_encryptedKey) . '.' .
+			 Base64::urlEncode($this->_iv) . '.' .
+			 Base64::urlEncode($this->_ciphertext) . '.' .
+			 Base64::urlEncode($this->_authenticationTag);
+	}
 
-    /**
-     * Encrypt content with explicit parameters.
-     *
-     * @param string                     $plaintext Plaintext content to encrypt
-     * @param string                     $cek       Content encryption key
-     * @param string                     $iv        Initialization vector
-     * @param KeyManagementAlgorithm     $key_algo  Key management algorithm
-     * @param ContentEncryptionAlgorithm $enc_algo  Content encryption algorithm
-     * @param Header                     $header    Header
-     *
-     * @throws \UnexpectedValueException
-     *
-     * @return self
-     */
-    private static function _encryptContent(string $plaintext, string $cek,
-        string $iv, KeyManagementAlgorithm $key_algo,
-        ContentEncryptionAlgorithm $enc_algo, Header $header): self
-    {
-        // check that content encryption key has correct size
-        if (strlen($cek) !== $enc_algo->keySize()) {
-            throw new \UnexpectedValueException('Invalid key size.');
-        }
-        // check that initialization vector has correct size
-        if (strlen($iv) !== $enc_algo->ivSize()) {
-            throw new \UnexpectedValueException('Invalid IV size.');
-        }
-        // add key and encryption algorithm parameters to the header
-        $header = $header->withParameters(...$key_algo->headerParameters())
-            ->withParameters(...$enc_algo->headerParameters());
-        // encrypt the content encryption key
-        $encrypted_key = $key_algo->encrypt($cek, $header);
-        // sanity check that header wasn't unset via reference
-        if (!$header instanceof Header) {
-            throw new \RuntimeException('Broken key algorithm.');
-        }
-        // additional authenticated data
-        $aad = Base64::urlEncode($header->toJSON());
-        // encrypt
-        [$ciphertext, $auth_tag] = $enc_algo->encrypt($plaintext, $cek, $iv, $aad);
-        // TODO: should aad be passed
-        return new self($header, $encrypted_key, $iv, $ciphertext, $auth_tag);
-    }
+	/**
+	 * Encrypt content with explicit parameters.
+	 *
+	 * @param string                     $plaintext Plaintext content to encrypt
+	 * @param string                     $cek       Content encryption key
+	 * @param string                     $iv        Initialization vector
+	 * @param KeyManagementAlgorithm     $key_algo  Key management algorithm
+	 * @param ContentEncryptionAlgorithm $enc_algo  Content encryption algorithm
+	 * @param Header                     $header    Header
+	 *
+	 * @throws \UnexpectedValueException
+	 *
+	 * @return self
+	 */
+	private static function _encryptContent(string $plaintext, string $cek,
+		string $iv, KeyManagementAlgorithm $key_algo,
+		ContentEncryptionAlgorithm $enc_algo, Header $header): self
+	{
+		// check that content encryption key has correct size
+		if (strlen($cek) !== $enc_algo->keySize()) {
+			throw new \UnexpectedValueException('Invalid key size.');
+		}
+		// check that initialization vector has correct size
+		if (strlen($iv) !== $enc_algo->ivSize()) {
+			throw new \UnexpectedValueException('Invalid IV size.');
+		}
+		// add key and encryption algorithm parameters to the header
+		$header = $header->withParameters(...$key_algo->headerParameters())
+			->withParameters(...$enc_algo->headerParameters());
+		// encrypt the content encryption key
+		$encrypted_key = $key_algo->encrypt($cek, $header);
+		// sanity check that header wasn't unset via reference
+		if (!$header instanceof Header) {
+			throw new \RuntimeException('Broken key algorithm.');
+		}
+		// additional authenticated data
+		$aad = Base64::urlEncode($header->toJSON());
+		// encrypt
+		[$ciphertext, $auth_tag] = $enc_algo->encrypt($plaintext, $cek, $iv, $aad);
+		// TODO: should aad be passed
+		return new self($header, $encrypted_key, $iv, $ciphertext, $auth_tag);
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace Sop\JWX\JWE;