drkthunder02/w4rpservices
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added predis and eseye back in.

Browse Source
This commit is contained in:
drkthunder02
2020-12-25 11:28:41 +00:00
parent 0ddd298350
commit 017f72b42e
670 changed files with 60992 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
vendor/web-token/jwt-encryption/.github/CONTRIBUTING.md vendored Normal file
View File

@@ -0,0 +1,4 @@
# Contributing
This repository is a sub repository of [the JWT Framework](https://github.com/web-token/jwt-framework) project and is READ ONLY.
Please do not submit any Pull Requests here. It will be automatically closed.

1
vendor/web-token/jwt-encryption/.github/FUNDING.yml vendored Normal file
View File

@@ -0,0 +1 @@
patreon: FlorentMorselli

3
vendor/web-token/jwt-encryption/.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@@ -0,0 +1,3 @@
Please do not submit any Pull Requests here. It will be automatically closed.
You should submit it here: https://github.com/web-token/jwt-framework/pulls

54
vendor/web-token/jwt-encryption/Algorithm/ContentEncryptionAlgorithm.php vendored Normal file
View File

@@ -0,0 +1,54 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Algorithm;
use Jose\Component\Core\Algorithm;
interface ContentEncryptionAlgorithm extends Algorithm
{
/**
* This method encrypts the data using the given CEK, IV, AAD and protected header.
* The variable $tag is populated on success.
*
* @param string $data The data to encrypt
* @param string $cek The content encryption key
* @param string $iv The Initialization Vector
* @param null|string $aad Additional Additional Authenticated Data
* @param string $encoded_protected_header The Protected Header encoded in Base64Url
* @param string $tag Tag
*/
public function encryptContent(string $data, string $cek, string $iv, ?string $aad, string $encoded_protected_header, ?string &$tag = null): string;
/**
* This method tries to decrypt the data using the given CEK, IV, AAD, protected header and tag.
*
* @param string $data The data to decrypt
* @param string $cek The content encryption key
* @param string $iv The Initialization Vector
* @param null|string $aad Additional Additional Authenticated Data
* @param string $encoded_protected_header The Protected Header encoded in Base64Url
* @param string $tag Tag
*/
public function decryptContent(string $data, string $cek, string $iv, ?string $aad, string $encoded_protected_header, string $tag): string;
/**
* Returns the size of the IV used by this encryption method.
*/
public function getIVSize(): int;
/**
* Returns the size of the CEK used by this encryption method.
*/
public function getCEKSize(): int;
}

27
vendor/web-token/jwt-encryption/Algorithm/KeyEncryption/DirectEncryption.php vendored Normal file
View File

@@ -0,0 +1,27 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Algorithm\KeyEncryption;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Algorithm\KeyEncryptionAlgorithm;
interface DirectEncryption extends KeyEncryptionAlgorithm
{
/**
* Returns the CEK.
*
* @param JWK $key The key used to get the CEK
*/
public function getCEK(JWK $key): string;
}

25
vendor/web-token/jwt-encryption/Algorithm/KeyEncryption/KeyAgreement.php vendored Normal file
View File

@@ -0,0 +1,25 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Algorithm\KeyEncryption;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Algorithm\KeyEncryptionAlgorithm;
interface KeyAgreement extends KeyEncryptionAlgorithm
{
/**
* Computes the agreement key.
*/
public function getAgreementKey(int $encryptionKeyLength, string $algorithm, JWK $recipientKey, ?JWK $senderKey, array $completeHeader = [], array &$additionalHeaderValues = []): string;
}

43
vendor/web-token/jwt-encryption/Algorithm/KeyEncryption/KeyAgreementWithKeyWrapping.php vendored Normal file
View File

@@ -0,0 +1,43 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Algorithm\KeyEncryption;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Algorithm\KeyEncryptionAlgorithm;
interface KeyAgreementWithKeyWrapping extends KeyEncryptionAlgorithm
{
/**
* Compute and wrap the agreement key.
*
* @param JWK $recipientKey The receiver's key
* @param string $cek The CEK to wrap
* @param int $encryption_key_length Size of the key expected for the algorithm used for data encryption
* @param array $complete_header The complete header of the JWT
* @param array $additional_header_values Set additional header values if needed
*/
public function wrapAgreementKey(JWK $recipientKey, ?JWK $senderKey, string $cek, int $encryption_key_length, array $complete_header, array &$additional_header_values): string;
/**
* Unwrap and compute the agreement key.
*
* @param JWK $recipientKey The receiver's key
* @param string $encrypted_cek The encrypted CEK
* @param int $encryption_key_length Size of the key expected for the algorithm used for data encryption
* @param array $complete_header The complete header of the JWT
*
* @return string The decrypted CEK
*/
public function unwrapAgreementKey(JWK $recipientKey, ?JWK $senderKey, string $encrypted_cek, int $encryption_key_length, array $complete_header): string;
}

39
vendor/web-token/jwt-encryption/Algorithm/KeyEncryption/KeyEncryption.php vendored Normal file
View File

@@ -0,0 +1,39 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Algorithm\KeyEncryption;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Algorithm\KeyEncryptionAlgorithm;
interface KeyEncryption extends KeyEncryptionAlgorithm
{
/**
* Encrypt the CEK.
*
* @param JWK $key The key used to wrap the CEK
* @param string $cek The CEK to encrypt
* @param array $completeHeader The complete header of the JWT
* @param array $additionalHeader Additional header
*/
public function encryptKey(JWK $key, string $cek, array $completeHeader, array &$additionalHeader): string;
/**
* Decrypt de CEK.
*
* @param JWK $key The key used to wrap the CEK
* @param string $encrypted_cek The CEK to decrypt
* @param array $header The complete header of the JWT
*/
public function decryptKey(JWK $key, string $encrypted_cek, array $header): string;
}

39
vendor/web-token/jwt-encryption/Algorithm/KeyEncryption/KeyWrapping.php vendored Normal file
View File

@@ -0,0 +1,39 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Algorithm\KeyEncryption;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Algorithm\KeyEncryptionAlgorithm;
interface KeyWrapping extends KeyEncryptionAlgorithm
{
/**
* Encrypt the CEK.
*
* @param \Jose\Component\Core\JWK $key The key used to wrap the CEK
* @param string $cek The CEK to encrypt
* @param array $completeHeader The complete header of the JWT
* @param array $additionalHeader The complete header of the JWT
*/
public function wrapKey(JWK $key, string $cek, array $completeHeader, array &$additionalHeader): string;
/**
* Decrypt de CEK.
*
* @param \Jose\Component\Core\JWK $key The key used to wrap the CEK
* @param string $encrypted_cek The CEK to decrypt
* @param array $completeHeader The complete header of the JWT
*/
public function unwrapKey(JWK $key, string $encrypted_cek, array $completeHeader): string;
}

32
vendor/web-token/jwt-encryption/Algorithm/KeyEncryptionAlgorithm.php vendored Normal file
View File

@@ -0,0 +1,32 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Algorithm;
use Jose\Component\Core\Algorithm;
interface KeyEncryptionAlgorithm extends Algorithm
{
public const MODE_DIRECT = 'dir';
public const MODE_ENCRYPT = 'enc';
public const MODE_WRAP = 'wrap';
public const MODE_AGREEMENT = 'agree';
/**
* Returns the key management mode used by the key encryption algorithm.
*/
public function getKeyManagementMode(): string;
}

38
vendor/web-token/jwt-encryption/Compression/CompressionMethod.php vendored Normal file
View File

@@ -0,0 +1,38 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Compression;
interface CompressionMethod
{
/**
* Returns the name of the method.
*/
public function name(): string;
/**
* Compress the data.
* Throws an exception in case of failure.
*
* @param string $data The data to compress
*/
public function compress(string $data): string;
/**
* Uncompress the data.
* Throws an exception in case of failure.
*
* @param string $data The data to uncompress
*/
public function uncompress(string $data): string;
}

76
vendor/web-token/jwt-encryption/Compression/CompressionMethodManager.php vendored Normal file
View File

@@ -0,0 +1,76 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Compression;
use function array_key_exists;
use InvalidArgumentException;
class CompressionMethodManager
{
/**
* @var CompressionMethod[]
*/
private $compressionMethods = [];
public function __construct(array $methods = [])
{
foreach ($methods as $method) {
$this->add($method);
}
}
/**
* Returns true if the givn compression method is supported.
*/
public function has(string $name): bool
{
return array_key_exists($name, $this->compressionMethods);
}
/**
* This method returns the compression method with the given name.
* Throws an exception if the method is not supported.
*
* @param string $name The name of the compression method
*
* @throws InvalidArgumentException if the compression method is not supported
*/
public function get(string $name): CompressionMethod
{
if (!$this->has($name)) {
throw new InvalidArgumentException(sprintf('The compression method "%s" is not supported.', $name));
}
return $this->compressionMethods[$name];
}
/**
* Returns the list of compression method names supported by the manager.
*
* @return string[]
*/
public function list(): array
{
return array_keys($this->compressionMethods);
}
/**
* Add the given compression method to the manager.
*/
protected function add(CompressionMethod $compressionMethod): void
{
$name = $compressionMethod->name();
$this->compressionMethods[$name] = $compressionMethod;
}
}

75
vendor/web-token/jwt-encryption/Compression/CompressionMethodManagerFactory.php vendored Normal file
View File

@@ -0,0 +1,75 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Compression;
use InvalidArgumentException;
class CompressionMethodManagerFactory
{
/**
* @var CompressionMethod[]
*/
private $compressionMethods = [];
/**
* This method adds a compression method to this factory.
* The method is uniquely identified by an alias. This allows the same method to be added twice (or more)
* using several configuration options.
*/
public function add(string $alias, CompressionMethod $compressionMethod): void
{
$this->compressionMethods[$alias] = $compressionMethod;
}
/**
* Returns the list of compression method aliases supported by the factory.
*
* @return string[]
*/
public function aliases(): array
{
return array_keys($this->compressionMethods);
}
/**
* Returns all compression methods supported by this factory.
*
* @return CompressionMethod[]
*/
public function all(): array
{
return $this->compressionMethods;
}
/**
* Creates a compression method manager using the compression methods identified by the given aliases.
* If one of the aliases does not exist, an exception is thrown.
*
* @param string[] $aliases
*
* @throws InvalidArgumentException if the compression method alias is not supported
*/
public function create(array $aliases): CompressionMethodManager
{
$compressionMethods = [];
foreach ($aliases as $alias) {
if (!isset($this->compressionMethods[$alias])) {
throw new InvalidArgumentException(sprintf('The compression method with the alias "%s" is not supported.', $alias));
}
$compressionMethods[] = $this->compressionMethods[$alias];
}
return new CompressionMethodManager($compressionMethods);
}
}

72
vendor/web-token/jwt-encryption/Compression/Deflate.php vendored Normal file
View File

@@ -0,0 +1,72 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Compression;
use InvalidArgumentException;
use Throwable;
final class Deflate implements CompressionMethod
{
/**
* @var int
*/
private $compressionLevel = -1;
/**
* Deflate constructor.
*
* @throws InvalidArgumentException if the compression level is invalid
*/
public function __construct(int $compressionLevel = -1)
{
if ($compressionLevel < -1 || $compressionLevel > 9) {
throw new InvalidArgumentException('The compression level can be given as 0 for no compression up to 9 for maximum compression. If -1 given, the default compression level will be the default compression level of the zlib library.');
}
$this->compressionLevel = $compressionLevel;
}
public function name(): string
{
return 'DEF';
}
/**
* @throws InvalidArgumentException if the compression failed
*/
public function compress(string $data): string
{
try {
return gzdeflate($data, $this->getCompressionLevel());
} catch (Throwable $throwable) {
throw new InvalidArgumentException('Unable to compress data.', $throwable->getCode(), $throwable);
}
}
/**
* @throws InvalidArgumentException if the decompression failed
*/
public function uncompress(string $data): string
{
try {
return gzinflate($data);
} catch (Throwable $throwable) {
throw new InvalidArgumentException('Unable to uncompress data.', $throwable->getCode(), $throwable);
}
}
private function getCompressionLevel(): int
{
return $this->compressionLevel;
}
}

279
vendor/web-token/jwt-encryption/JWE.php vendored Normal file
View File

@@ -0,0 +1,279 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption;
use function array_key_exists;
use function count;
use InvalidArgumentException;
use Jose\Component\Core\JWT;
class JWE implements JWT
{
/**
* @var Recipient[]
*/
private $recipients = [];
/**
* @var null|string
*/
private $ciphertext;
/**
* @var string
*/
private $iv;
/**
* @var null|string
*/
private $aad;
/**
* @var string
*/
private $tag;
/**
* @var array
*/
private $sharedHeader = [];
/**
* @var array
*/
private $sharedProtectedHeader = [];
/**
* @var null|string
*/
private $encodedSharedProtectedHeader;
/**
* @var null|string
*/
private $payload;
public function __construct(string $ciphertext, string $iv, string $tag, ?string $aad = null, array $sharedHeader = [], array $sharedProtectedHeader = [], ?string $encodedSharedProtectedHeader = null, array $recipients = [])
{
$this->ciphertext = $ciphertext;
$this->iv = $iv;
$this->aad = $aad;
$this->tag = $tag;
$this->sharedHeader = $sharedHeader;
$this->sharedProtectedHeader = $sharedProtectedHeader;
$this->encodedSharedProtectedHeader = $encodedSharedProtectedHeader;
$this->recipients = $recipients;
}
public function getPayload(): ?string
{
return $this->payload;
}
/**
* Set the payload.
* This method is immutable and a new object will be returned.
*
* @return JWE
*/
public function withPayload(string $payload): self
{
$clone = clone $this;
$clone->payload = $payload;
return $clone;
}
/**
* Returns the number of recipients associated with the JWS.
*/
public function countRecipients(): int
{
return count($this->recipients);
}
/**
* Returns true is the JWE has already been encrypted.
*/
public function isEncrypted(): bool
{
return null !== $this->getCiphertext();
}
/**
* Returns the recipients associated with the JWS.
*
* @return Recipient[]
*/
public function getRecipients(): array
{
return $this->recipients;
}
/**
* Returns the recipient object at the given index.
*
* @throws InvalidArgumentException if the recipient ID does not exist
*/
public function getRecipient(int $id): Recipient
{
if (!isset($this->recipients[$id])) {
throw new InvalidArgumentException('The recipient does not exist.');
}
return $this->recipients[$id];
}
/**
* Returns the ciphertext. This method will return null is the JWE has not yet been encrypted.
*
* @return null|string The cyphertext
*/
public function getCiphertext(): ?string
{
return $this->ciphertext;
}
/**
* Returns the Additional Authentication Data if available.
*/
public function getAAD(): ?string
{
return $this->aad;
}
/**
* Returns the Initialization Vector if available.
*/
public function getIV(): ?string
{
return $this->iv;
}
/**
* Returns the tag if available.
*/
public function getTag(): ?string
{
return $this->tag;
}
/**
* Returns the encoded shared protected header.
*/
public function getEncodedSharedProtectedHeader(): string
{
return $this->encodedSharedProtectedHeader ?? '';
}
/**
* Returns the shared protected header.
*/
public function getSharedProtectedHeader(): array
{
return $this->sharedProtectedHeader;
}
/**
* Returns the shared protected header parameter identified by the given key.
* Throws an exception is the the parameter is not available.
*
* @param string $key The key
*
* @throws InvalidArgumentException if the shared protected header parameter does not exist
*
* @return null|mixed
*/
public function getSharedProtectedHeaderParameter(string $key)
{
if (!$this->hasSharedProtectedHeaderParameter($key)) {
throw new InvalidArgumentException(sprintf('The shared protected header "%s" does not exist.', $key));
}
return $this->sharedProtectedHeader[$key];
}
/**
* Returns true if the shared protected header has the parameter identified by the given key.
*
* @param string $key The key
*/
public function hasSharedProtectedHeaderParameter(string $key): bool
{
return array_key_exists($key, $this->sharedProtectedHeader);
}
/**
* Returns the shared header.
*/
public function getSharedHeader(): array
{
return $this->sharedHeader;
}
/**
* Returns the shared header parameter identified by the given key.
* Throws an exception is the the parameter is not available.
*
* @param string $key The key
*
* @throws InvalidArgumentException if the shared header parameter does not exist
*
* @return null|mixed
*/
public function getSharedHeaderParameter(string $key)
{
if (!$this->hasSharedHeaderParameter($key)) {
throw new InvalidArgumentException(sprintf('The shared header "%s" does not exist.', $key));
}
return $this->sharedHeader[$key];
}
/**
* Returns true if the shared header has the parameter identified by the given key.
*
* @param string $key The key
*/
public function hasSharedHeaderParameter(string $key): bool
{
return array_key_exists($key, $this->sharedHeader);
}
/**
* This method splits the JWE into a list of JWEs.
* It is only useful when the JWE contains more than one recipient (JSON General Serialization).
*
* @return JWE[]
*/
public function split(): array
{
$result = [];
foreach ($this->recipients as $recipient) {
$result[] = new self(
$this->ciphertext,
$this->iv,
$this->tag,
$this->aad,
$this->sharedHeader,
$this->sharedProtectedHeader,
$this->encodedSharedProtectedHeader,
[$recipient]
);
}
return $result;
}
}

535
vendor/web-token/jwt-encryption/JWEBuilder.php vendored Normal file
View File

@@ -0,0 +1,535 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption;
use function array_key_exists;
use Base64Url\Base64Url;
use function count;
use InvalidArgumentException;
use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\JsonConverter;
use Jose\Component\Core\Util\KeyChecker;
use Jose\Component\Encryption\Algorithm\ContentEncryptionAlgorithm;
use Jose\Component\Encryption\Algorithm\KeyEncryption\DirectEncryption;
use Jose\Component\Encryption\Algorithm\KeyEncryption\KeyAgreement;
use Jose\Component\Encryption\Algorithm\KeyEncryption\KeyAgreementWithKeyWrapping;
use Jose\Component\Encryption\Algorithm\KeyEncryption\KeyEncryption;
use Jose\Component\Encryption\Algorithm\KeyEncryption\KeyWrapping;
use Jose\Component\Encryption\Algorithm\KeyEncryptionAlgorithm;
use Jose\Component\Encryption\Compression\CompressionMethod;
use Jose\Component\Encryption\Compression\CompressionMethodManager;
use LogicException;
use RuntimeException;
class JWEBuilder
{
/**
* @var null|string
*/
protected $payload;
/**
* @var null|string
*/
protected $aad;
/**
* @var array
*/
protected $recipients = [];
/**
* @var array
*/
protected $sharedProtectedHeader = [];
/**
* @var array
*/
protected $sharedHeader = [];
/**
* @var AlgorithmManager
*/
private $keyEncryptionAlgorithmManager;
/**
* @var AlgorithmManager
*/
private $contentEncryptionAlgorithmManager;
/**
* @var CompressionMethodManager
*/
private $compressionManager;
/**
* @var null|CompressionMethod
*/
private $compressionMethod;
/**
* @var null|ContentEncryptionAlgorithm
*/
private $contentEncryptionAlgorithm;
/**
* @var null|string
*/
private $keyManagementMode;
public function __construct(AlgorithmManager $keyEncryptionAlgorithmManager, AlgorithmManager $contentEncryptionAlgorithmManager, CompressionMethodManager $compressionManager)
{
$this->keyEncryptionAlgorithmManager = $keyEncryptionAlgorithmManager;
$this->contentEncryptionAlgorithmManager = $contentEncryptionAlgorithmManager;
$this->compressionManager = $compressionManager;
}
/**
* Reset the current data.
*
* @return JWEBuilder
*/
public function create(): self
{
$this->payload = null;
$this->aad = null;
$this->recipients = [];
$this->sharedProtectedHeader = [];
$this->sharedHeader = [];
$this->compressionMethod = null;
$this->contentEncryptionAlgorithm = null;
$this->keyManagementMode = null;
return $this;
}
/**
* Returns the key encryption algorithm manager.
*/
public function getKeyEncryptionAlgorithmManager(): AlgorithmManager
{
return $this->keyEncryptionAlgorithmManager;
}
/**
* Returns the content encryption algorithm manager.
*/
public function getContentEncryptionAlgorithmManager(): AlgorithmManager
{
return $this->contentEncryptionAlgorithmManager;
}
/**
* Returns the compression method manager.
*/
public function getCompressionMethodManager(): CompressionMethodManager
{
return $this->compressionManager;
}
/**
* Set the payload of the JWE to build.
*
* @throws InvalidArgumentException if the payload is not encoded in UTF-8
*
* @return JWEBuilder
*/
public function withPayload(string $payload): self
{
if ('UTF-8' !== mb_detect_encoding($payload, 'UTF-8', true)) {
throw new InvalidArgumentException('The payload must be encoded in UTF-8');
}
$clone = clone $this;
$clone->payload = $payload;
return $clone;
}
/**
* Set the Additional Authenticated Data of the JWE to build.
*
* @return JWEBuilder
*/
public function withAAD(?string $aad): self
{
$clone = clone $this;
$clone->aad = $aad;
return $clone;
}
/**
* Set the shared protected header of the JWE to build.
*
* @return JWEBuilder
*/
public function withSharedProtectedHeader(array $sharedProtectedHeader): self
{
$this->checkDuplicatedHeaderParameters($sharedProtectedHeader, $this->sharedHeader);
foreach ($this->recipients as $recipient) {
$this->checkDuplicatedHeaderParameters($sharedProtectedHeader, $recipient->getHeader());
}
$clone = clone $this;
$clone->sharedProtectedHeader = $sharedProtectedHeader;
return $clone;
}
/**
* Set the shared header of the JWE to build.
*
* @return JWEBuilder
*/
public function withSharedHeader(array $sharedHeader): self
{
$this->checkDuplicatedHeaderParameters($this->sharedProtectedHeader, $sharedHeader);
foreach ($this->recipients as $recipient) {
$this->checkDuplicatedHeaderParameters($sharedHeader, $recipient->getHeader());
}
$clone = clone $this;
$clone->sharedHeader = $sharedHeader;
return $clone;
}
/**
* Adds a recipient to the JWE to build.
*
* @throws InvalidArgumentException if key management modes are incompatible
* @throws InvalidArgumentException if the compression method is invalid
*
* @return JWEBuilder
*/
public function addRecipient(JWK $recipientKey, array $recipientHeader = []): self
{
$this->checkDuplicatedHeaderParameters($this->sharedProtectedHeader, $recipientHeader);
$this->checkDuplicatedHeaderParameters($this->sharedHeader, $recipientHeader);
$clone = clone $this;
$completeHeader = array_merge($clone->sharedHeader, $recipientHeader, $clone->sharedProtectedHeader);
$clone->checkAndSetContentEncryptionAlgorithm($completeHeader);
$keyEncryptionAlgorithm = $clone->getKeyEncryptionAlgorithm($completeHeader);
if (null === $clone->keyManagementMode) {
$clone->keyManagementMode = $keyEncryptionAlgorithm->getKeyManagementMode();
} else {
if (!$clone->areKeyManagementModesCompatible($clone->keyManagementMode, $keyEncryptionAlgorithm->getKeyManagementMode())) {
throw new InvalidArgumentException('Foreign key management mode forbidden.');
}
}
$compressionMethod = $clone->getCompressionMethod($completeHeader);
if (null !== $compressionMethod) {
if (null === $clone->compressionMethod) {
$clone->compressionMethod = $compressionMethod;
} elseif ($clone->compressionMethod->name() !== $compressionMethod->name()) {
throw new InvalidArgumentException('Incompatible compression method.');
}
}
if (null === $compressionMethod && null !== $clone->compressionMethod) {
throw new InvalidArgumentException('Inconsistent compression method.');
}
$clone->checkKey($keyEncryptionAlgorithm, $recipientKey);
$clone->recipients[] = [
'key' => $recipientKey,
'header' => $recipientHeader,
'key_encryption_algorithm' => $keyEncryptionAlgorithm,
];
return $clone;
}
/**
* Builds the JWE.
*
* @throws LogicException if no payload is set
* @throws LogicException if there are no recipient
*/
public function build(): JWE
{
if (null === $this->payload) {
throw new LogicException('Payload not set.');
}
if (0 === count($this->recipients)) {
throw new LogicException('No recipient.');
}
$additionalHeader = [];
$cek = $this->determineCEK($additionalHeader);
$recipients = [];
foreach ($this->recipients as $recipient) {
$recipient = $this->processRecipient($recipient, $cek, $additionalHeader);
$recipients[] = $recipient;
}
if (0 !== count($additionalHeader) && 1 === count($this->recipients)) {
$sharedProtectedHeader = array_merge($additionalHeader, $this->sharedProtectedHeader);
} else {
$sharedProtectedHeader = $this->sharedProtectedHeader;
}
$encodedSharedProtectedHeader = 0 === count($sharedProtectedHeader) ? '' : Base64Url::encode(JsonConverter::encode($sharedProtectedHeader));
list($ciphertext, $iv, $tag) = $this->encryptJWE($cek, $encodedSharedProtectedHeader);
return new JWE($ciphertext, $iv, $tag, $this->aad, $this->sharedHeader, $sharedProtectedHeader, $encodedSharedProtectedHeader, $recipients);
}
/**
* @throws InvalidArgumentException if the content encryption algorithm is not valid
*/
private function checkAndSetContentEncryptionAlgorithm(array $completeHeader): void
{
$contentEncryptionAlgorithm = $this->getContentEncryptionAlgorithm($completeHeader);
if (null === $this->contentEncryptionAlgorithm) {
$this->contentEncryptionAlgorithm = $contentEncryptionAlgorithm;
} elseif ($contentEncryptionAlgorithm->name() !== $this->contentEncryptionAlgorithm->name()) {
throw new InvalidArgumentException('Inconsistent content encryption algorithm');
}
}
/**
* @throws InvalidArgumentException if the key encryption algorithm is not valid
*/
private function processRecipient(array $recipient, string $cek, array &$additionalHeader): Recipient
{
$completeHeader = array_merge($this->sharedHeader, $recipient['header'], $this->sharedProtectedHeader);
$keyEncryptionAlgorithm = $recipient['key_encryption_algorithm'];
if (!$keyEncryptionAlgorithm instanceof KeyEncryptionAlgorithm) {
throw new InvalidArgumentException('The key encryption algorithm is not valid');
}
$encryptedContentEncryptionKey = $this->getEncryptedKey($completeHeader, $cek, $keyEncryptionAlgorithm, $additionalHeader, $recipient['key'], $recipient['sender_key'] ?? null);
$recipientHeader = $recipient['header'];
if (0 !== count($additionalHeader) && 1 !== count($this->recipients)) {
$recipientHeader = array_merge($recipientHeader, $additionalHeader);
$additionalHeader = [];
}
return new Recipient($recipientHeader, $encryptedContentEncryptionKey);
}
/**
* @throws InvalidArgumentException if the content encryption algorithm is not valid
*/
private function encryptJWE(string $cek, string $encodedSharedProtectedHeader): array
{
if (!$this->contentEncryptionAlgorithm instanceof ContentEncryptionAlgorithm) {
throw new InvalidArgumentException('The content encryption algorithm is not valid');
}
$iv_size = $this->contentEncryptionAlgorithm->getIVSize();
$iv = $this->createIV($iv_size);
$payload = $this->preparePayload();
$tag = null;
$ciphertext = $this->contentEncryptionAlgorithm->encryptContent($payload, $cek, $iv, $this->aad, $encodedSharedProtectedHeader, $tag);
return [$ciphertext, $iv, $tag];
}
/**
* @return string
*/
private function preparePayload(): ?string
{
$prepared = $this->payload;
if (null === $this->compressionMethod) {
return $prepared;
}
return $this->compressionMethod->compress($prepared);
}
/**
* @throws InvalidArgumentException if the key encryption algorithm is not supported
*/
private function getEncryptedKey(array $completeHeader, string $cek, KeyEncryptionAlgorithm $keyEncryptionAlgorithm, array &$additionalHeader, JWK $recipientKey, ?JWK $senderKey): ?string
{
if ($keyEncryptionAlgorithm instanceof KeyEncryption) {
return $this->getEncryptedKeyFromKeyEncryptionAlgorithm($completeHeader, $cek, $keyEncryptionAlgorithm, $recipientKey, $additionalHeader);
}
if ($keyEncryptionAlgorithm instanceof KeyWrapping) {
return $this->getEncryptedKeyFromKeyWrappingAlgorithm($completeHeader, $cek, $keyEncryptionAlgorithm, $recipientKey, $additionalHeader);
}
if ($keyEncryptionAlgorithm instanceof KeyAgreementWithKeyWrapping) {
return $this->getEncryptedKeyFromKeyAgreementAndKeyWrappingAlgorithm($completeHeader, $cek, $keyEncryptionAlgorithm, $additionalHeader, $recipientKey, $senderKey);
}
if ($keyEncryptionAlgorithm instanceof KeyAgreement) {
return null;
}
if ($keyEncryptionAlgorithm instanceof DirectEncryption) {
return null;
}
throw new InvalidArgumentException('Unsupported key encryption algorithm.');
}
/**
* @throws InvalidArgumentException if the content encryption algorithm is invalid
*/
private function getEncryptedKeyFromKeyAgreementAndKeyWrappingAlgorithm(array $completeHeader, string $cek, KeyAgreementWithKeyWrapping $keyEncryptionAlgorithm, array &$additionalHeader, JWK $recipientKey, ?JWK $senderKey): string
{
if (null === $this->contentEncryptionAlgorithm) {
throw new InvalidArgumentException('Invalid content encryption algorithm');
}
return $keyEncryptionAlgorithm->wrapAgreementKey($recipientKey, $senderKey, $cek, $this->contentEncryptionAlgorithm->getCEKSize(), $completeHeader, $additionalHeader);
}
private function getEncryptedKeyFromKeyEncryptionAlgorithm(array $completeHeader, string $cek, KeyEncryption $keyEncryptionAlgorithm, JWK $recipientKey, array &$additionalHeader): string
{
return $keyEncryptionAlgorithm->encryptKey($recipientKey, $cek, $completeHeader, $additionalHeader);
}
private function getEncryptedKeyFromKeyWrappingAlgorithm(array $completeHeader, string $cek, KeyWrapping $keyEncryptionAlgorithm, JWK $recipientKey, array &$additionalHeader): string
{
return $keyEncryptionAlgorithm->wrapKey($recipientKey, $cek, $completeHeader, $additionalHeader);
}
/**
* @throws InvalidArgumentException if the content encryption algorithm is invalid
* @throws InvalidArgumentException if the key type is not valid
* @throws InvalidArgumentException if the key management mode is not supported
*/
private function checkKey(KeyEncryptionAlgorithm $keyEncryptionAlgorithm, JWK $recipientKey): void
{
if (null === $this->contentEncryptionAlgorithm) {
throw new InvalidArgumentException('Invalid content encryption algorithm');
}
KeyChecker::checkKeyUsage($recipientKey, 'encryption');
if ('dir' !== $keyEncryptionAlgorithm->name()) {
KeyChecker::checkKeyAlgorithm($recipientKey, $keyEncryptionAlgorithm->name());
} else {
KeyChecker::checkKeyAlgorithm($recipientKey, $this->contentEncryptionAlgorithm->name());
}
}
private function determineCEK(array &$additionalHeader): string
{
if (null === $this->contentEncryptionAlgorithm) {
throw new InvalidArgumentException('Invalid content encryption algorithm');
}
switch ($this->keyManagementMode) {
case KeyEncryption::MODE_ENCRYPT:
case KeyEncryption::MODE_WRAP:
return $this->createCEK($this->contentEncryptionAlgorithm->getCEKSize());
case KeyEncryption::MODE_AGREEMENT:
if (1 !== count($this->recipients)) {
throw new LogicException('Unable to encrypt for multiple recipients using key agreement algorithms.');
}
/** @var JWK $key */
$recipientKey = $this->recipients[0]['key'];
$senderKey = $this->recipients[0]['sender_key'] ?? null;
$algorithm = $this->recipients[0]['key_encryption_algorithm'];
if (!$algorithm instanceof KeyAgreement) {
throw new InvalidArgumentException('Invalid content encryption algorithm');
}
$completeHeader = array_merge($this->sharedHeader, $this->recipients[0]['header'], $this->sharedProtectedHeader);
return $algorithm->getAgreementKey($this->contentEncryptionAlgorithm->getCEKSize(), $this->contentEncryptionAlgorithm->name(), $recipientKey, $senderKey, $completeHeader, $additionalHeader);
case KeyEncryption::MODE_DIRECT:
if (1 !== count($this->recipients)) {
throw new LogicException('Unable to encrypt for multiple recipients using key agreement algorithms.');
}
/** @var JWK $key */
$key = $this->recipients[0]['key'];
if ('oct' !== $key->get('kty')) {
throw new RuntimeException('Wrong key type.');
}
return Base64Url::decode($key->get('k'));
default:
throw new InvalidArgumentException(sprintf('Unsupported key management mode "%s".', $this->keyManagementMode));
}
}
private function getCompressionMethod(array $completeHeader): ?CompressionMethod
{
if (!array_key_exists('zip', $completeHeader)) {
return null;
}
return $this->compressionManager->get($completeHeader['zip']);
}
private function areKeyManagementModesCompatible(string $current, string $new): bool
{
$agree = KeyEncryptionAlgorithm::MODE_AGREEMENT;
$dir = KeyEncryptionAlgorithm::MODE_DIRECT;
$enc = KeyEncryptionAlgorithm::MODE_ENCRYPT;
$wrap = KeyEncryptionAlgorithm::MODE_WRAP;
$supportedKeyManagementModeCombinations = [$enc.$enc => true, $enc.$wrap => true, $wrap.$enc => true, $wrap.$wrap => true, $agree.$agree => false, $agree.$dir => false, $agree.$enc => false, $agree.$wrap => false, $dir.$agree => false, $dir.$dir => false, $dir.$enc => false, $dir.$wrap => false, $enc.$agree => false, $enc.$dir => false, $wrap.$agree => false, $wrap.$dir => false];
if (array_key_exists($current.$new, $supportedKeyManagementModeCombinations)) {
return $supportedKeyManagementModeCombinations[$current.$new];
}
return false;
}
private function createCEK(int $size): string
{
return random_bytes($size / 8);
}
private function createIV(int $size): string
{
return random_bytes($size / 8);
}
/**
* @throws InvalidArgumentException if the header parameter "alg" is missing
* @throws InvalidArgumentException if the header parameter "alg" is not supported or not a key encryption algorithm
*/
private function getKeyEncryptionAlgorithm(array $completeHeader): KeyEncryptionAlgorithm
{
if (!isset($completeHeader['alg'])) {
throw new InvalidArgumentException('Parameter "alg" is missing.');
}
$keyEncryptionAlgorithm = $this->keyEncryptionAlgorithmManager->get($completeHeader['alg']);
if (!$keyEncryptionAlgorithm instanceof KeyEncryptionAlgorithm) {
throw new InvalidArgumentException(sprintf('The key encryption algorithm "%s" is not supported or not a key encryption algorithm instance.', $completeHeader['alg']));
}
return $keyEncryptionAlgorithm;
}
/**
* @throws InvalidArgumentException if the header parameter "enc" is missing
* @throws InvalidArgumentException if the header parameter "enc" is not supported or not a content encryption algorithm
*/
private function getContentEncryptionAlgorithm(array $completeHeader): ContentEncryptionAlgorithm
{
if (!isset($completeHeader['enc'])) {
throw new InvalidArgumentException('Parameter "enc" is missing.');
}
$contentEncryptionAlgorithm = $this->contentEncryptionAlgorithmManager->get($completeHeader['enc']);
if (!$contentEncryptionAlgorithm instanceof ContentEncryptionAlgorithm) {
throw new InvalidArgumentException(sprintf('The content encryption algorithm "%s" is not supported or not a content encryption algorithm instance.', $completeHeader['enc']));
}
return $contentEncryptionAlgorithm;
}
/**
* @throws InvalidArgumentException if the header contains duplicated entries
*/
private function checkDuplicatedHeaderParameters(array $header1, array $header2): void
{
$inter = array_intersect_key($header1, $header2);
if (0 !== count($inter)) {
throw new InvalidArgumentException(sprintf('The header contains duplicated entries: %s.', implode(', ', array_keys($inter))));
}
}
}

55
vendor/web-token/jwt-encryption/JWEBuilderFactory.php vendored Normal file
View File

@@ -0,0 +1,55 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption;
use Jose\Component\Core\AlgorithmManagerFactory;
use Jose\Component\Encryption\Compression\CompressionMethodManagerFactory;
class JWEBuilderFactory
{
/**
* @var AlgorithmManagerFactory
*/
private $algorithmManagerFactory;
/**
* @var CompressionMethodManagerFactory
*/
private $compressionMethodManagerFactory;
/**
* JWEBuilderFactory constructor.
*/
public function __construct(AlgorithmManagerFactory $algorithmManagerFactory, CompressionMethodManagerFactory $compressionMethodManagerFactory)
{
$this->algorithmManagerFactory = $algorithmManagerFactory;
$this->compressionMethodManagerFactory = $compressionMethodManagerFactory;
}
/**
* Creates a JWE Builder object using the given key encryption algorithms, content encryption algorithms and compression methods.
*
* @param string[] $keyEncryptionAlgorithms
* @param string[] $contentEncryptionAlgorithm
* @param string[] $compressionMethods
*/
public function create(array $keyEncryptionAlgorithms, array $contentEncryptionAlgorithm, array $compressionMethods): JWEBuilder
{
$keyEncryptionAlgorithmManager = $this->algorithmManagerFactory->create($keyEncryptionAlgorithms);
$contentEncryptionAlgorithmManager = $this->algorithmManagerFactory->create($contentEncryptionAlgorithm);
$compressionMethodManager = $this->compressionMethodManagerFactory->create($compressionMethods);
return new JWEBuilder($keyEncryptionAlgorithmManager, $contentEncryptionAlgorithmManager, $compressionMethodManager);
}
}

269
vendor/web-token/jwt-encryption/JWEDecrypter.php vendored Normal file
View File

@@ -0,0 +1,269 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption;
use function array_key_exists;
use InvalidArgumentException;
use function is_string;
use Jose\Component\Core\Algorithm;
use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Core\JWK;
use Jose\Component\Core\JWKSet;
use Jose\Component\Core\Util\KeyChecker;
use Jose\Component\Encryption\Algorithm\ContentEncryptionAlgorithm;
use Jose\Component\Encryption\Algorithm\KeyEncryption\DirectEncryption;
use Jose\Component\Encryption\Algorithm\KeyEncryption\KeyAgreement;
use Jose\Component\Encryption\Algorithm\KeyEncryption\KeyAgreementWithKeyWrapping;
use Jose\Component\Encryption\Algorithm\KeyEncryption\KeyEncryption;
use Jose\Component\Encryption\Algorithm\KeyEncryption\KeyWrapping;
use Jose\Component\Encryption\Algorithm\KeyEncryptionAlgorithm;
use Jose\Component\Encryption\Compression\CompressionMethodManager;
use Throwable;
class JWEDecrypter
{
/**
* @var AlgorithmManager
*/
private $keyEncryptionAlgorithmManager;
/**
* @var AlgorithmManager
*/
private $contentEncryptionAlgorithmManager;
/**
* @var CompressionMethodManager
*/
private $compressionMethodManager;
public function __construct(AlgorithmManager $keyEncryptionAlgorithmManager, AlgorithmManager $contentEncryptionAlgorithmManager, CompressionMethodManager $compressionMethodManager)
{
$this->keyEncryptionAlgorithmManager = $keyEncryptionAlgorithmManager;
$this->contentEncryptionAlgorithmManager = $contentEncryptionAlgorithmManager;
$this->compressionMethodManager = $compressionMethodManager;
}
/**
* Returns the key encryption algorithm manager.
*/
public function getKeyEncryptionAlgorithmManager(): AlgorithmManager
{
return $this->keyEncryptionAlgorithmManager;
}
/**
* Returns the content encryption algorithm manager.
*/
public function getContentEncryptionAlgorithmManager(): AlgorithmManager
{
return $this->contentEncryptionAlgorithmManager;
}
/**
* Returns the compression method manager.
*/
public function getCompressionMethodManager(): CompressionMethodManager
{
return $this->compressionMethodManager;
}
/**
* This method will try to decrypt the given JWE and recipient using a JWK.
*
* @param JWE $jwe A JWE object to decrypt
* @param JWK $jwk The key used to decrypt the input
* @param int $recipient The recipient used to decrypt the token
*/
public function decryptUsingKey(JWE &$jwe, JWK $jwk, int $recipient, ?JWK $senderKey = null): bool
{
$jwkset = new JWKSet([$jwk]);
return $this->decryptUsingKeySet($jwe, $jwkset, $recipient, $senderKey);
}
/**
* This method will try to decrypt the given JWE and recipient using a JWKSet.
*
* @param JWE $jwe A JWE object to decrypt
* @param JWKSet $jwkset The key set used to decrypt the input
* @param JWK $jwk The key used to decrypt the token in case of success
* @param int $recipient The recipient used to decrypt the token in case of success
*
* @throws InvalidArgumentException if no key is set is the keyset
* @throws InvalidArgumentException if the token has no recipients
*/
public function decryptUsingKeySet(JWE &$jwe, JWKSet $jwkset, int $recipient, JWK &$jwk = null, ?JWK $senderKey = null): bool
{
if (0 === $jwkset->count()) {
throw new InvalidArgumentException('No key in the key set.');
}
if (null !== $jwe->getPayload()) {
return true;
}
if (0 === $jwe->countRecipients()) {
throw new InvalidArgumentException('The JWE does not contain any recipient.');
}
$plaintext = $this->decryptRecipientKey($jwe, $jwkset, $recipient, $jwk, $senderKey);
if (null !== $plaintext) {
$jwe = $jwe->withPayload($plaintext);
return true;
}
return false;
}
private function decryptRecipientKey(JWE $jwe, JWKSet $jwkset, int $i, JWK &$successJwk = null, ?JWK $senderKey = null): ?string
{
$recipient = $jwe->getRecipient($i);
$completeHeader = array_merge($jwe->getSharedProtectedHeader(), $jwe->getSharedHeader(), $recipient->getHeader());
$this->checkCompleteHeader($completeHeader);
$key_encryption_algorithm = $this->getKeyEncryptionAlgorithm($completeHeader);
$content_encryption_algorithm = $this->getContentEncryptionAlgorithm($completeHeader);
$this->checkIvSize($jwe->getIV(), $content_encryption_algorithm->getIVSize());
foreach ($jwkset as $recipientKey) {
try {
KeyChecker::checkKeyUsage($recipientKey, 'decryption');
if ('dir' !== $key_encryption_algorithm->name()) {
KeyChecker::checkKeyAlgorithm($recipientKey, $key_encryption_algorithm->name());
} else {
KeyChecker::checkKeyAlgorithm($recipientKey, $content_encryption_algorithm->name());
}
$cek = $this->decryptCEK($key_encryption_algorithm, $content_encryption_algorithm, $recipientKey, $senderKey, $recipient, $completeHeader);
if (null !== $cek) {
$this->checkCekSize($cek, $key_encryption_algorithm, $content_encryption_algorithm);
$payload = $this->decryptPayload($jwe, $cek, $content_encryption_algorithm, $completeHeader);
$successJwk = $recipientKey;
return $payload;
}
} catch (Throwable $e) {
//We do nothing, we continue with other keys
continue;
}
}
return null;
}
/**
* @throws InvalidArgumentException if the Content Encryption Key size is invalid
*/
private function checkCekSize(string $cek, KeyEncryptionAlgorithm $keyEncryptionAlgorithm, ContentEncryptionAlgorithm $algorithm): void
{
if ($keyEncryptionAlgorithm instanceof DirectEncryption || $keyEncryptionAlgorithm instanceof KeyAgreement) {
return;
}
if (mb_strlen($cek, '8bit') * 8 !== $algorithm->getCEKSize()) {
throw new InvalidArgumentException('Invalid CEK size');
}
}
/**
* @throws InvalidArgumentException if the IV size is invalid
*/
private function checkIvSize(?string $iv, int $requiredIvSize): void
{
if (null === $iv && 0 !== $requiredIvSize) {
throw new InvalidArgumentException('Invalid IV size');
}
if (is_string($iv) && mb_strlen($iv, '8bit') !== $requiredIvSize / 8) {
throw new InvalidArgumentException('Invalid IV size');
}
}
/**
* @throws InvalidArgumentException if the CEK creation method is not supported
*/
private function decryptCEK(Algorithm $key_encryption_algorithm, ContentEncryptionAlgorithm $content_encryption_algorithm, JWK $recipientKey, ?JWK $senderKey, Recipient $recipient, array $completeHeader): ?string
{
if ($key_encryption_algorithm instanceof DirectEncryption) {
return $key_encryption_algorithm->getCEK($recipientKey);
}
if ($key_encryption_algorithm instanceof KeyAgreement) {
return $key_encryption_algorithm->getAgreementKey($content_encryption_algorithm->getCEKSize(), $content_encryption_algorithm->name(), $recipientKey, $senderKey, $completeHeader);
}
if ($key_encryption_algorithm instanceof KeyAgreementWithKeyWrapping) {
return $key_encryption_algorithm->unwrapAgreementKey($recipientKey, $senderKey, $recipient->getEncryptedKey(), $content_encryption_algorithm->getCEKSize(), $completeHeader);
}
if ($key_encryption_algorithm instanceof KeyEncryption) {
return $key_encryption_algorithm->decryptKey($recipientKey, $recipient->getEncryptedKey(), $completeHeader);
}
if ($key_encryption_algorithm instanceof KeyWrapping) {
return $key_encryption_algorithm->unwrapKey($recipientKey, $recipient->getEncryptedKey(), $completeHeader);
}
throw new InvalidArgumentException('Unsupported CEK generation');
}
private function decryptPayload(JWE $jwe, string $cek, ContentEncryptionAlgorithm $content_encryption_algorithm, array $completeHeader): string
{
$payload = $content_encryption_algorithm->decryptContent($jwe->getCiphertext(), $cek, $jwe->getIV(), $jwe->getAAD(), $jwe->getEncodedSharedProtectedHeader(), $jwe->getTag());
return $this->decompressIfNeeded($payload, $completeHeader);
}
private function decompressIfNeeded(string $payload, array $completeHeaders): string
{
if (array_key_exists('zip', $completeHeaders)) {
$compression_method = $this->compressionMethodManager->get($completeHeaders['zip']);
$payload = $compression_method->uncompress($payload);
}
return $payload;
}
/**
* @throws InvalidArgumentException if a header parameter is missing
*/
private function checkCompleteHeader(array $completeHeaders): void
{
foreach (['enc', 'alg'] as $key) {
if (!isset($completeHeaders[$key])) {
throw new InvalidArgumentException(sprintf("Parameter '%s' is missing.", $key));
}
}
}
/**
* @throws InvalidArgumentException if the key encryption algorithm is not supported or does not implement the KeyEncryptionAlgorithm interface
*/
private function getKeyEncryptionAlgorithm(array $completeHeaders): KeyEncryptionAlgorithm
{
$key_encryption_algorithm = $this->keyEncryptionAlgorithmManager->get($completeHeaders['alg']);
if (!$key_encryption_algorithm instanceof KeyEncryptionAlgorithm) {
throw new InvalidArgumentException(sprintf('The key encryption algorithm "%s" is not supported or does not implement KeyEncryptionAlgorithm interface.', $completeHeaders['alg']));
}
return $key_encryption_algorithm;
}
/**
* @throws InvalidArgumentException if the content encryption algorithm is not supported or does not implement the ContentEncryption interface
*/
private function getContentEncryptionAlgorithm(array $completeHeader): ContentEncryptionAlgorithm
{
$content_encryption_algorithm = $this->contentEncryptionAlgorithmManager->get($completeHeader['enc']);
if (!$content_encryption_algorithm instanceof ContentEncryptionAlgorithm) {
throw new InvalidArgumentException(sprintf('The key encryption algorithm "%s" is not supported or does not implement the ContentEncryption interface.', $completeHeader['enc']));
}
return $content_encryption_algorithm;
}
}

52
vendor/web-token/jwt-encryption/JWEDecrypterFactory.php vendored Normal file
View File

@@ -0,0 +1,52 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption;
use Jose\Component\Core\AlgorithmManagerFactory;
use Jose\Component\Encryption\Compression\CompressionMethodManagerFactory;
class JWEDecrypterFactory
{
/**
* @var AlgorithmManagerFactory
*/
private $algorithmManagerFactory;
/**
* @var CompressionMethodManagerFactory
*/
private $compressionMethodManagerFactory;
public function __construct(AlgorithmManagerFactory $algorithmManagerFactory, CompressionMethodManagerFactory $compressionMethodManagerFactory)
{
$this->algorithmManagerFactory = $algorithmManagerFactory;
$this->compressionMethodManagerFactory = $compressionMethodManagerFactory;
}
/**
* Creates a JWE Decrypter object using the given key encryption algorithms, content encryption algorithms and compression methods.
*
* @param string[] $keyEncryptionAlgorithms
* @param string[] $contentEncryptionAlgorithms
* @param string[] $compressionMethods
*/
public function create(array $keyEncryptionAlgorithms, array $contentEncryptionAlgorithms, array $compressionMethods): JWEDecrypter
{
$keyEncryptionAlgorithmManager = $this->algorithmManagerFactory->create($keyEncryptionAlgorithms);
$contentEncryptionAlgorithmManager = $this->algorithmManagerFactory->create($contentEncryptionAlgorithms);
$compressionMethodManager = $this->compressionMethodManagerFactory->create($compressionMethods);
return new JWEDecrypter($keyEncryptionAlgorithmManager, $contentEncryptionAlgorithmManager, $compressionMethodManager);
}
}

122
vendor/web-token/jwt-encryption/JWELoader.php vendored Normal file
View File

@@ -0,0 +1,122 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption;
use Jose\Component\Checker\HeaderCheckerManager;
use Jose\Component\Core\JWK;
use Jose\Component\Core\JWKSet;
use Jose\Component\Encryption\Serializer\JWESerializerManager;
use RuntimeException;
use Throwable;
class JWELoader
{
/**
* @var JWEDecrypter
*/
private $jweDecrypter;
/**
* @var null|HeaderCheckerManager
*/
private $headerCheckerManager;
/**
* @var JWESerializerManager
*/
private $serializerManager;
/**
* JWELoader constructor.
*/
public function __construct(JWESerializerManager $serializerManager, JWEDecrypter $jweDecrypter, ?HeaderCheckerManager $headerCheckerManager)
{
$this->serializerManager = $serializerManager;
$this->jweDecrypter = $jweDecrypter;
$this->headerCheckerManager = $headerCheckerManager;
}
/**
* Returns the JWE Decrypter object.
*/
public function getJweDecrypter(): JWEDecrypter
{
return $this->jweDecrypter;
}
/**
* Returns the header checker manager if set.
*/
public function getHeaderCheckerManager(): ?HeaderCheckerManager
{
return $this->headerCheckerManager;
}
/**
* Returns the serializer manager.
*/
public function getSerializerManager(): JWESerializerManager
{
return $this->serializerManager;
}
/**
* This method will try to load and decrypt the given token using a JWK.
* If succeeded, the methods will populate the $recipient variable and returns the JWE.
*/
public function loadAndDecryptWithKey(string $token, JWK $key, ?int &$recipient): JWE
{
$keyset = new JWKSet([$key]);
return $this->loadAndDecryptWithKeySet($token, $keyset, $recipient);
}
/**
* This method will try to load and decrypt the given token using a JWKSet.
* If succeeded, the methods will populate the $recipient variable and returns the JWE.
*
* @throws RuntimeException if the data cannot be loaded or decrypted
*/
public function loadAndDecryptWithKeySet(string $token, JWKSet $keyset, ?int &$recipient): JWE
{
try {
$jwe = $this->serializerManager->unserialize($token);
$nbRecipients = $jwe->countRecipients();
for ($i = 0; $i < $nbRecipients; ++$i) {
if ($this->processRecipient($jwe, $keyset, $i)) {
$recipient = $i;
return $jwe;
}
}
} catch (Throwable $e) {
// Nothing to do. Exception thrown just after
}
throw new RuntimeException('Unable to load and decrypt the token.');
}
private function processRecipient(JWE &$jwe, JWKSet $keyset, int $recipient): bool
{
try {
if (null !== $this->headerCheckerManager) {
$this->headerCheckerManager->check($jwe, $recipient);
}
return $this->jweDecrypter->decryptUsingKeySet($jwe, $keyset, $recipient);
} catch (Throwable $e) {
return false;
}
}
}

62
vendor/web-token/jwt-encryption/JWELoaderFactory.php vendored Normal file
View File

@@ -0,0 +1,62 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption;
use Jose\Component\Checker\HeaderCheckerManagerFactory;
use Jose\Component\Encryption\Serializer\JWESerializerManagerFactory;
class JWELoaderFactory
{
/**
* @var JWEDecrypterFactory
*/
private $jweDecrypterFactory;
/**
* @var JWESerializerManagerFactory
*/
private $jweSerializerManagerFactory;
/**
* @var null|HeaderCheckerManagerFactory
*/
private $headerCheckerManagerFactory;
/**
* JWELoaderFactory constructor.
*/
public function __construct(JWESerializerManagerFactory $jweSerializerManagerFactory, JWEDecrypterFactory $jweDecrypterFactory, ?HeaderCheckerManagerFactory $headerCheckerManagerFactory)
{
$this->jweSerializerManagerFactory = $jweSerializerManagerFactory;
$this->jweDecrypterFactory = $jweDecrypterFactory;
$this->headerCheckerManagerFactory = $headerCheckerManagerFactory;
}
/**
* Creates a JWELoader using the given serializer aliases, encryption algorithm aliases, compression method aliases
* and header checker aliases.
*/
public function create(array $serializers, array $keyEncryptionAlgorithms, array $contentEncryptionAlgorithms, array $compressionMethods, array $headerCheckers = []): JWELoader
{
$serializerManager = $this->jweSerializerManagerFactory->create($serializers);
$jweDecrypter = $this->jweDecrypterFactory->create($keyEncryptionAlgorithms, $contentEncryptionAlgorithms, $compressionMethods);
if (null !== $this->headerCheckerManagerFactory) {
$headerCheckerManager = $this->headerCheckerManagerFactory->create($headerCheckers);
} else {
$headerCheckerManager = null;
}
return new JWELoader($serializerManager, $jweDecrypter, $headerCheckerManager);
}
}

40
vendor/web-token/jwt-encryption/JWETokenSupport.php vendored Normal file
View File

@@ -0,0 +1,40 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption;
use Jose\Component\Checker\TokenTypeSupport;
use Jose\Component\Core\JWT;
final class JWETokenSupport implements TokenTypeSupport
{
public function supports(JWT $jwt): bool
{
return $jwt instanceof JWE;
}
public function retrieveTokenHeaders(JWT $jwt, int $index, array &$protectedHeader, array &$unprotectedHeader): void
{
if (!$jwt instanceof JWE) {
return;
}
$protectedHeader = $jwt->getSharedProtectedHeader();
$unprotectedHeader = $jwt->getSharedHeader();
$recipient = $jwt->getRecipient($index)->getHeader();
$unprotectedHeader = array_merge(
$unprotectedHeader,
$recipient
);
}
}

21
vendor/web-token/jwt-encryption/LICENSE vendored Normal file
View File

@@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2014-2019 Spomky-Labs
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

15
vendor/web-token/jwt-encryption/README.md vendored Normal file
View File

@@ -0,0 +1,15 @@
PHP JWT Encryption Component
============================
This repository is a sub repository of [the JWT Framework](https://github.com/web-token/jwt-framework) project and is READ ONLY.
**Please do not submit any Pull Request here.**
You should go to [the main repository](https://github.com/web-token/jwt-framework) instead.
# Documentation
The official documentation is available as https://web-token.spomky-labs.com/
# Licence
This software is release under [MIT licence](LICENSE).

83
vendor/web-token/jwt-encryption/Recipient.php vendored Normal file
View File

@@ -0,0 +1,83 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption;
use function array_key_exists;
use InvalidArgumentException;
/**
* @internal
*/
class Recipient
{
/**
* @var array
*/
private $header = [];
/**
* @var null|string
*/
private $encryptedKey;
public function __construct(array $header, ?string $encryptedKey)
{
$this->header = $header;
$this->encryptedKey = $encryptedKey;
}
/**
* Returns the recipient header.
*/
public function getHeader(): array
{
return $this->header;
}
/**
* Returns the value of the recipient header parameter with the specified key.
*
* @param string $key The key
*
* @throws InvalidArgumentException if the header parameter does not exist
*
* @return null|mixed
*/
public function getHeaderParameter(string $key)
{
if (!$this->hasHeaderParameter($key)) {
throw new InvalidArgumentException(sprintf('The header "%s" does not exist.', $key));
}
return $this->header[$key];
}
/**
* Returns true if the recipient header contains the parameter with the specified key.
*
* @param string $key The key
*/
public function hasHeaderParameter(string $key): bool
{
return array_key_exists($key, $this->header);
}
/**
* Returns the encrypted key.
*/
public function getEncryptedKey(): ?string
{
return $this->encryptedKey;
}
}

122
vendor/web-token/jwt-encryption/Serializer/CompactSerializer.php vendored Normal file
View File

@@ -0,0 +1,122 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Serializer;
use Base64Url\Base64Url;
use function count;
use InvalidArgumentException;
use Jose\Component\Core\Util\JsonConverter;
use Jose\Component\Encryption\JWE;
use Jose\Component\Encryption\Recipient;
use LogicException;
use Throwable;
final class CompactSerializer implements JWESerializer
{
public const NAME = 'jwe_compact';
public function displayName(): string
{
return 'JWE Compact';
}
public function name(): string
{
return self::NAME;
}
public function serialize(JWE $jwe, ?int $recipientIndex = null): string
{
if (null === $recipientIndex) {
$recipientIndex = 0;
}
$recipient = $jwe->getRecipient($recipientIndex);
$this->checkHasNoAAD($jwe);
$this->checkHasSharedProtectedHeader($jwe);
$this->checkRecipientHasNoHeader($jwe, $recipientIndex);
return sprintf(
'%s.%s.%s.%s.%s',
$jwe->getEncodedSharedProtectedHeader(),
Base64Url::encode(null === $recipient->getEncryptedKey() ? '' : $recipient->getEncryptedKey()),
Base64Url::encode(null === $jwe->getIV() ? '' : $jwe->getIV()),
Base64Url::encode($jwe->getCiphertext()),
Base64Url::encode(null === $jwe->getTag() ? '' : $jwe->getTag())
);
}
/**
* @throws InvalidArgumentException if the input is not supported
*/
public function unserialize(string $input): JWE
{
$parts = explode('.', $input);
if (5 !== count($parts)) {
throw new InvalidArgumentException('Unsupported input');
}
try {
$encodedSharedProtectedHeader = $parts[0];
$sharedProtectedHeader = JsonConverter::decode(Base64Url::decode($encodedSharedProtectedHeader));
$encryptedKey = '' === $parts[1] ? null : Base64Url::decode($parts[1]);
$iv = Base64Url::decode($parts[2]);
$ciphertext = Base64Url::decode($parts[3]);
$tag = Base64Url::decode($parts[4]);
return new JWE(
$ciphertext,
$iv,
$tag,
null,
[],
$sharedProtectedHeader,
$encodedSharedProtectedHeader,
[new Recipient([], $encryptedKey)]
);
} catch (Throwable $throwable) {
throw new InvalidArgumentException('Unsupported input', $throwable->getCode(), $throwable);
}
}
/**
* @throws LogicException if the AAD is invalid
*/
private function checkHasNoAAD(JWE $jwe): void
{
if (null !== $jwe->getAAD()) {
throw new LogicException('This JWE has AAD and cannot be converted into Compact JSON.');
}
}
/**
* @throws LogicException if the JWE has a shared header or recipient header (invalid for compact JSON)
*/
private function checkRecipientHasNoHeader(JWE $jwe, int $id): void
{
if (0 !== count($jwe->getSharedHeader()) || 0 !== count($jwe->getRecipient($id)->getHeader())) {
throw new LogicException('This JWE has shared header parameters or recipient header parameters and cannot be converted into Compact JSON.');
}
}
/**
* @throws LogicException if the JWE has no shared protected header (invalid for compact JSON)
*/
private function checkHasSharedProtectedHeader(JWE $jwe): void
{
if (0 === count($jwe->getSharedProtectedHeader())) {
throw new LogicException('This JWE does not have shared protected header parameters and cannot be converted into Compact JSON.');
}
}
}

111
vendor/web-token/jwt-encryption/Serializer/JSONFlattenedSerializer.php vendored Normal file
View File

@@ -0,0 +1,111 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Serializer;
use function array_key_exists;
use Base64Url\Base64Url;
use function count;
use InvalidArgumentException;
use Jose\Component\Core\Util\JsonConverter;
use Jose\Component\Encryption\JWE;
use Jose\Component\Encryption\Recipient;
final class JSONFlattenedSerializer implements JWESerializer
{
public const NAME = 'jwe_json_flattened';
public function displayName(): string
{
return 'JWE JSON Flattened';
}
public function name(): string
{
return self::NAME;
}
public function serialize(JWE $jwe, ?int $recipientIndex = null): string
{
if (null === $recipientIndex) {
$recipientIndex = 0;
}
$recipient = $jwe->getRecipient($recipientIndex);
$data = [
'ciphertext' => Base64Url::encode($jwe->getCiphertext()),
'iv' => Base64Url::encode($jwe->getIV()),
'tag' => Base64Url::encode($jwe->getTag()),
];
if (null !== $jwe->getAAD()) {
$data['aad'] = Base64Url::encode($jwe->getAAD());
}
if (0 !== count($jwe->getSharedProtectedHeader())) {
$data['protected'] = $jwe->getEncodedSharedProtectedHeader();
}
if (0 !== count($jwe->getSharedHeader())) {
$data['unprotected'] = $jwe->getSharedHeader();
}
if (0 !== count($recipient->getHeader())) {
$data['header'] = $recipient->getHeader();
}
if (null !== $recipient->getEncryptedKey()) {
$data['encrypted_key'] = Base64Url::encode($recipient->getEncryptedKey());
}
return JsonConverter::encode($data);
}
public function unserialize(string $input): JWE
{
$data = JsonConverter::decode($input);
$this->checkData($data);
$ciphertext = Base64Url::decode($data['ciphertext']);
$iv = Base64Url::decode($data['iv']);
$tag = Base64Url::decode($data['tag']);
$aad = array_key_exists('aad', $data) ? Base64Url::decode($data['aad']) : null;
list($encodedSharedProtectedHeader, $sharedProtectedHeader, $sharedHeader) = $this->processHeaders($data);
$encryptedKey = array_key_exists('encrypted_key', $data) ? Base64Url::decode($data['encrypted_key']) : null;
$header = array_key_exists('header', $data) ? $data['header'] : [];
return new JWE(
$ciphertext,
$iv,
$tag,
$aad,
$sharedHeader,
$sharedProtectedHeader,
$encodedSharedProtectedHeader,
[new Recipient($header, $encryptedKey)]
);
}
/**
* @throws InvalidArgumentException if the payload cannot be encoded
*/
private function checkData(?array $data): void
{
if (null === $data || !isset($data['ciphertext']) || isset($data['recipients'])) {
throw new InvalidArgumentException('Unsupported input.');
}
}
private function processHeaders(array $data): array
{
$encodedSharedProtectedHeader = array_key_exists('protected', $data) ? $data['protected'] : null;
$sharedProtectedHeader = $encodedSharedProtectedHeader ? JsonConverter::decode(Base64Url::decode($encodedSharedProtectedHeader)) : [];
$sharedHeader = $data['unprotected'] ?? [];
return [$encodedSharedProtectedHeader, $sharedProtectedHeader, $sharedHeader];
}
}

131
vendor/web-token/jwt-encryption/Serializer/JSONGeneralSerializer.php vendored Normal file
View File

@@ -0,0 +1,131 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Serializer;
use function array_key_exists;
use Base64Url\Base64Url;
use function count;
use InvalidArgumentException;
use Jose\Component\Core\Util\JsonConverter;
use Jose\Component\Encryption\JWE;
use Jose\Component\Encryption\Recipient;
use LogicException;
final class JSONGeneralSerializer implements JWESerializer
{
public const NAME = 'jwe_json_general';
public function displayName(): string
{
return 'JWE JSON General';
}
public function name(): string
{
return self::NAME;
}
/**
* @throws LogicException if there is no recipient
*/
public function serialize(JWE $jwe, ?int $recipientIndex = null): string
{
if (0 === $jwe->countRecipients()) {
throw new LogicException('No recipient.');
}
$data = [
'ciphertext' => Base64Url::encode($jwe->getCiphertext()),
'iv' => Base64Url::encode($jwe->getIV()),
'tag' => Base64Url::encode($jwe->getTag()),
];
if (null !== $jwe->getAAD()) {
$data['aad'] = Base64Url::encode($jwe->getAAD());
}
if (0 !== count($jwe->getSharedProtectedHeader())) {
$data['protected'] = $jwe->getEncodedSharedProtectedHeader();
}
if (0 !== count($jwe->getSharedHeader())) {
$data['unprotected'] = $jwe->getSharedHeader();
}
$data['recipients'] = [];
foreach ($jwe->getRecipients() as $recipient) {
$temp = [];
if (0 !== count($recipient->getHeader())) {
$temp['header'] = $recipient->getHeader();
}
if (null !== $recipient->getEncryptedKey()) {
$temp['encrypted_key'] = Base64Url::encode($recipient->getEncryptedKey());
}
$data['recipients'][] = $temp;
}
return JsonConverter::encode($data);
}
public function unserialize(string $input): JWE
{
$data = JsonConverter::decode($input);
$this->checkData($data);
$ciphertext = Base64Url::decode($data['ciphertext']);
$iv = Base64Url::decode($data['iv']);
$tag = Base64Url::decode($data['tag']);
$aad = array_key_exists('aad', $data) ? Base64Url::decode($data['aad']) : null;
list($encodedSharedProtectedHeader, $sharedProtectedHeader, $sharedHeader) = $this->processHeaders($data);
$recipients = [];
foreach ($data['recipients'] as $recipient) {
list($encryptedKey, $header) = $this->processRecipient($recipient);
$recipients[] = new Recipient($header, $encryptedKey);
}
return new JWE(
$ciphertext,
$iv,
$tag,
$aad,
$sharedHeader,
$sharedProtectedHeader,
$encodedSharedProtectedHeader,
$recipients
);
}
/**
* @throws InvalidArgumentException if the input is not supported
*/
private function checkData(?array $data): void
{
if (null === $data || !isset($data['ciphertext']) || !isset($data['recipients'])) {
throw new InvalidArgumentException('Unsupported input.');
}
}
private function processRecipient(array $recipient): array
{
$encryptedKey = array_key_exists('encrypted_key', $recipient) ? Base64Url::decode($recipient['encrypted_key']) : null;
$header = array_key_exists('header', $recipient) ? $recipient['header'] : [];
return [$encryptedKey, $header];
}
private function processHeaders(array $data): array
{
$encodedSharedProtectedHeader = array_key_exists('protected', $data) ? $data['protected'] : null;
$sharedProtectedHeader = $encodedSharedProtectedHeader ? JsonConverter::decode(Base64Url::decode($encodedSharedProtectedHeader)) : [];
$sharedHeader = array_key_exists('unprotected', $data) ? $data['unprotected'] : [];
return [$encodedSharedProtectedHeader, $sharedProtectedHeader, $sharedHeader];
}
}

44
vendor/web-token/jwt-encryption/Serializer/JWESerializer.php vendored Normal file
View File

@@ -0,0 +1,44 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Serializer;
use Jose\Component\Encryption\JWE;
interface JWESerializer
{
/**
* The name of the serialization method.
*/
public function name(): string;
/**
* Display name of the serialization method.
*/
public function displayName(): string;
/**
* Converts a JWE into a string.
* If the JWE is designed for multiple recipients and the serializer only supports one recipient,
* the recipient index has to be set.
*/
public function serialize(JWE $jws, ?int $recipientIndex = null): string;
/**
* Loads data and return a JWE object.
* Throws an exception in case of failure.
*
* @param string $input A string that represents a JWE
*/
public function unserialize(string $input): JWE;
}

93
vendor/web-token/jwt-encryption/Serializer/JWESerializerManager.php vendored Normal file
View File

@@ -0,0 +1,93 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Serializer;
use InvalidArgumentException;
use Jose\Component\Encryption\JWE;
class JWESerializerManager
{
/**
* @var JWESerializer[]
*/
private $serializers = [];
/**
* @param JWESerializer[] $serializers
*/
public function __construct(array $serializers)
{
foreach ($serializers as $serializer) {
$this->add($serializer);
}
}
/**
* Return the serializer names supported by the manager.
*
* @return string[]
*/
public function names(): array
{
return array_keys($this->serializers);
}
/**
* Converts a JWE into a string.
* Throws an exception if none of the serializer was able to convert the input.
*
* @throws InvalidArgumentException if the serializer is not supported
*/
public function serialize(string $name, JWE $jws, ?int $recipientIndex = null): string
{
if (!isset($this->serializers[$name])) {
throw new InvalidArgumentException(sprintf('Unsupported serializer "%s".', $name));
}
return $this->serializers[$name]->serialize($jws, $recipientIndex);
}
/**
* Loads data and return a JWE object.
* Throws an exception if none of the serializer was able to convert the input.
*
* @param string $input A string that represents a JWE
* @param null|string $name the name of the serializer if the input is unserialized
*
* @throws InvalidArgumentException if the input cannot be loaded
*/
public function unserialize(string $input, ?string &$name = null): JWE
{
foreach ($this->serializers as $serializer) {
try {
$jws = $serializer->unserialize($input);
$name = $serializer->name();
return $jws;
} catch (InvalidArgumentException $e) {
continue;
}
}
throw new InvalidArgumentException('Unsupported input.');
}
/**
* Adds a serializer to the manager.
*/
private function add(JWESerializer $serializer): void
{
$this->serializers[$serializer->name()] = $serializer;
}
}

72
vendor/web-token/jwt-encryption/Serializer/JWESerializerManagerFactory.php vendored Normal file
View File

@@ -0,0 +1,72 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Serializer;
use InvalidArgumentException;
class JWESerializerManagerFactory
{
/**
* @var JWESerializer[]
*/
private $serializers = [];
/**
* Creates a serializer manager factory using the given serializers.
*
* @param string[] $names
*
* @throws InvalidArgumentException if the serializer is not supported
*/
public function create(array $names): JWESerializerManager
{
$serializers = [];
foreach ($names as $name) {
if (!isset($this->serializers[$name])) {
throw new InvalidArgumentException(sprintf('Unsupported serializer "%s".', $name));
}
$serializers[] = $this->serializers[$name];
}
return new JWESerializerManager($serializers);
}
/**
* Return the serializer names supported by the manager.
*
* @return string[]
*/
public function names(): array
{
return array_keys($this->serializers);
}
/**
* Returns all serializers supported by this factory.
*
* @return JWESerializer[]
*/
public function all(): array
{
return $this->serializers;
}
/**
* Adds a serializer to the manager.
*/
public function add(JWESerializer $serializer): void
{
$this->serializers[$serializer->name()] = $serializer;
}
}

83
vendor/web-token/jwt-encryption/Tests/CompressionTest.php vendored Normal file
View File

@@ -0,0 +1,83 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests;
use InvalidArgumentException;
use Jose\Component\Encryption\Compression\CompressionMethodManager;
use Jose\Component\Encryption\Compression\Deflate;
/**
* Class CompressionTest.
*
* @group unit
*
* @internal
*/
class CompressionTest extends EncryptionTest
{
/**
* @covers \Jose\Component\Encryption\Compression\CompressionMethodManager
* @test
*/
public function getValidCompressionAlgorithm(): void
{
$manager = new CompressionMethodManager([
new Deflate(),
]);
static::assertEquals(['DEF'], $manager->list());
$manager->get('DEF');
}
/**
* @covers \Jose\Component\Encryption\Compression\CompressionMethodManager
* @test
*/
public function getInvalidCompressionAlgorithm(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('The compression method "FOO" is not supported.');
$manager = new CompressionMethodManager([]);
static::assertFalse($manager->has('FOO'));
$manager->get('FOO');
}
/**
* @covers \Jose\Component\Encryption\Compression\Deflate
* @test
*/
public function deflate(): void
{
$compression = new Deflate(9);
$data = 'Live long and Prosper.';
$compressed = $compression->compress($data);
$uncompressed = $compression->uncompress($compressed);
static::assertNotNull($compressed);
static::assertSame($data, $uncompressed);
}
/**
* @covers \Jose\Component\Encryption\Compression\Deflate
* @test
*/
public function deflateInvalidCompressionLevel(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('The compression level can be given as 0 for no compression up to 9 for maximum compression. If -1 given, the default compression level will be the default compression level of the zlib library.');
new Deflate(100);
}
}

64
vendor/web-token/jwt-encryption/Tests/ECDHESWithX25519EncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,64 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests;
use Jose\Component\Core\JWK;
/**
* Class ECDHESWithX25519EncryptionTest.
*
* @group ECDHES
* @group unit
*
* @internal
*/
class ECDHESWithX25519EncryptionTest extends EncryptionTest
{
/**
* @see https://tools.ietf.org/html/rfc7516#appendix-B
*
* @test
*/
public function a128CBCHS256EncryptAndDecrypt(): void
{
$receiverKey = new JWK([
'kty' => 'OKP',
'crv' => 'X25519',
'x' => 'azBwhSxIIhQIri4QdT__5q7ybEhKItJlGeyuLNN5ZCQ',
'd' => 'aCaXuAvPEuLVqQSihzryIWaQqmXZxA-3ZrF6CEm180c',
]);
$input = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$protectedHeader = [
'alg' => 'ECDH-ES+A128KW',
'enc' => 'A128GCM',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['ECDH-ES+A128KW'], ['A128GCM'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['ECDH-ES+A128KW'], ['A128GCM'], ['DEF']);
$jwt = $jweBuilder
->create()->withPayload($input)
->withSharedProtectedHeader($protectedHeader)
->addRecipient($receiverKey)
->build()
;
$jwt = $this->getJWESerializerManager()->serialize('jwe_compact', $jwt, 0);
$jwe = $this->getJWESerializerManager()->unserialize($jwt);
static::assertTrue($jweDecrypter->decryptUsingKey($jwe, $receiverKey, 0));
static::assertTrue($jwe->hasSharedProtectedHeaderParameter('epk'));
static::assertEquals($input, $jwe->getPayload());
}
}

793
vendor/web-token/jwt-encryption/Tests/EncrypterTest.php vendored Normal file
View File

@@ -0,0 +1,793 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests;
use Base64Url\Base64Url;
use InvalidArgumentException;
use function is_string;
use Jose\Component\Core\JWK;
use Jose\Component\Core\JWKSet;
/**
* @group Encrypter
* @group functional
*
* @internal
*/
class EncrypterTest extends EncryptionTest
{
/**
* @test
*/
public function encryptWithJWTInput(): void
{
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP-256'], ['A256CBC-HS512'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA-OAEP-256'], ['A256CBC-HS512'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload('FOO')
->withSharedProtectedHeader([
'enc' => 'A256CBC-HS512',
'alg' => 'RSA-OAEP-256',
'zip' => 'DEF',
])
->withAAD('foo,bar,baz')
->addRecipient($this->getRSARecipientKey())
->build()
;
$jwe = $this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0);
$loaded = $this->getJWESerializerManager()->unserialize($jwe);
static::assertEquals('RSA-OAEP-256', $loaded->getSharedProtectedHeaderParameter('alg'));
static::assertEquals('A256CBC-HS512', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertEquals('DEF', $loaded->getSharedProtectedHeaderParameter('zip'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertEquals('FOO', $loaded->getPayload());
}
/**
* @test
*/
public function duplicatedHeader(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('The header contains duplicated entries: zip.');
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP-256'], ['A256CBC-HS512'], ['DEF']);
$jweBuilder
->create()->withPayload('FOO')
->withSharedProtectedHeader([
'enc' => 'A256CBC-HS512',
'alg' => 'RSA-OAEP-256',
'zip' => 'DEF',
])
->addRecipient(
$this->getRSARecipientKey(),
['zip' => 'DEF']
)
;
}
/**
* @test
*/
public function createCompactJWEUsingFactory(): void
{
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP-256'], ['A256CBC-HS512'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA-OAEP-256'], ['A256CBC-HS512'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload('FOO')
->withSharedProtectedHeader([
'enc' => 'A256CBC-HS512',
'alg' => 'RSA-OAEP-256',
'zip' => 'DEF',
])
->addRecipient($this->getRSARecipientKey())
->build()
;
$jwe = $this->getJWESerializerManager()->serialize('jwe_compact', $jwe, 0);
$loaded = $this->getJWESerializerManager()->unserialize($jwe);
static::assertEquals('RSA-OAEP-256', $loaded->getSharedProtectedHeaderParameter('alg'));
static::assertEquals('A256CBC-HS512', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertEquals('DEF', $loaded->getSharedProtectedHeaderParameter('zip'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertEquals('FOO', $loaded->getPayload());
}
/**
* @test
*/
public function createFlattenedJWEUsingFactory(): void
{
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP-256'], ['A256CBC-HS512'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA-OAEP-256'], ['A256CBC-HS512'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload('FOO')
->withSharedProtectedHeader([
'enc' => 'A256CBC-HS512',
'alg' => 'RSA-OAEP-256',
'zip' => 'DEF',
])
->withSharedHeader([
'foo' => 'bar',
])
->addRecipient(
$this->getRSARecipientKey(),
[
'plic' => 'ploc',
]
)
->withAAD('A,B,C,D')
->build()
;
$jwe = $this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0);
$loaded = $this->getJWESerializerManager()->unserialize($jwe);
static::assertEquals('RSA-OAEP-256', $loaded->getSharedProtectedHeaderParameter('alg'));
static::assertEquals('A256CBC-HS512', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertEquals('DEF', $loaded->getSharedProtectedHeaderParameter('zip'));
static::assertEquals('bar', $loaded->getSharedHeaderParameter('foo'));
static::assertEquals('A,B,C,D', $loaded->getAAD());
static::assertEquals('ploc', $loaded->getRecipient(0)->getHeaderParameter('plic'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertEquals('FOO', $loaded->getPayload());
}
/**
* @test
*/
public function encryptAndLoadFlattenedWithAAD(): void
{
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP-256'], ['A256CBC-HS512'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA-OAEP-256'], ['A256CBC-HS512'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload(json_encode($this->getKeyToEncrypt()))
->withSharedProtectedHeader([
'enc' => 'A256CBC-HS512',
'alg' => 'RSA-OAEP-256',
'zip' => 'DEF',
])
->addRecipient($this->getRSARecipientKey())
->withAAD('foo,bar,baz')
->build()
;
$jwe = $this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0);
$loaded = $this->getJWESerializerManager()->unserialize($jwe);
static::assertEquals('RSA-OAEP-256', $loaded->getSharedProtectedHeaderParameter('alg'));
static::assertEquals('A256CBC-HS512', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertEquals('DEF', $loaded->getSharedProtectedHeaderParameter('zip'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertEquals($this->getKeyToEncrypt(), new JWK(json_decode($loaded->getPayload(), true)));
}
/**
* @test
*/
public function compressionAlgorithmNotSupported(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('The compression method "FIP" is not supported.');
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP-256'], ['A256CBC-HS512'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload(json_encode($this->getKeyToEncrypt()))
->withSharedProtectedHeader([
'enc' => 'A256CBC-HS512',
'alg' => 'RSA-OAEP-256',
'zip' => 'FIP',
])
->addRecipient($this->getRSARecipientKey())
->withAAD('foo,bar,baz')
->build()
;
$this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0);
}
/**
* @test
*/
public function foreignKeyManagementModeForbidden(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('Foreign key management mode forbidden.');
$jweBuilder = $this->getJWEBuilderFactory()->create(['dir', 'ECDH-ES+A256KW'], ['A256CBC-HS512'], ['DEF']);
$jweBuilder
->create()->withPayload('Live long and Prosper.')
->withSharedProtectedHeader([
'enc' => 'A256CBC-HS512',
])
->addRecipient($this->getECDHRecipientPublicKey(), ['kid' => 'e9bc097a-ce51-4036-9562-d2ade882db0d', 'alg' => 'ECDH-ES+A256KW'])
->addRecipient($this->getDirectKey(), ['kid' => 'DIR_1', 'alg' => 'dir'])
->build()
;
}
/**
* @test
*/
public function operationNotAllowedForTheKey(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('Key cannot be used to encrypt');
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP-256'], ['A256CBC-HS512'], ['DEF']);
$jweBuilder
->create()->withPayload('Live long and Prosper.')
->withSharedProtectedHeader([
'enc' => 'A256CBC-HS512',
'alg' => 'RSA-OAEP-256',
'zip' => 'DEF',
])
->addRecipient($this->getSigningKey())
->build()
;
}
/**
* @test
*/
public function algorithmNotAllowedForTheKey(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('Key is only allowed for algorithm "RSA-OAEP".');
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP-256'], ['A256CBC-HS512'], ['DEF']);
$jweBuilder
->create()->withPayload('Live long and Prosper.')
->withSharedProtectedHeader([
'enc' => 'A256CBC-HS512',
'alg' => 'RSA-OAEP-256',
'zip' => 'DEF',
])
->addRecipient($this->getRSARecipientKeyWithAlgorithm())
->build()
;
}
/**
* @test
*/
public function encryptAndLoadFlattenedWithDeflateCompression(): void
{
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP-256'], ['A128CBC-HS256'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA-OAEP-256'], ['A128CBC-HS256'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload(json_encode($this->getKeySetToEncrypt()))
->withSharedProtectedHeader([
'kid' => '123456789',
'enc' => 'A128CBC-HS256',
'alg' => 'RSA-OAEP-256',
'zip' => 'DEF',
])
->addRecipient($this->getRSARecipientKey())
->build()
;
$jwe = $this->getJWESerializerManager()->serialize('jwe_compact', $jwe, 0);
$loaded = $this->getJWESerializerManager()->unserialize($jwe);
static::assertEquals('RSA-OAEP-256', $loaded->getSharedProtectedHeaderParameter('alg'));
static::assertEquals('A128CBC-HS256', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertEquals('DEF', $loaded->getSharedProtectedHeaderParameter('zip'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertEquals($this->getKeySetToEncrypt(), JWKSet::createFromKeyData(json_decode($loaded->getPayload(), true)));
}
/**
* @test
*/
public function algParameterIsMissing(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('Parameter "alg" is missing.');
$jweBuilder = $this->getJWEBuilderFactory()->create([], ['A256CBC-HS512'], ['DEF']);
$jweBuilder
->create()->withPayload(json_encode($this->getKeyToEncrypt()))
->withSharedProtectedHeader([
'kid' => '123456789',
'enc' => 'A256CBC-HS512',
'zip' => 'DEF',
])
->addRecipient($this->getRSARecipientKey())
->build()
;
}
/**
* @test
*/
public function encParameterIsMissing(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('Parameter "enc" is missing.');
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP-256'], [], ['DEF']);
$jweBuilder
->create()->withPayload(json_encode($this->getKeyToEncrypt()))
->withSharedProtectedHeader([
'kid' => '123456789',
'alg' => 'RSA-OAEP-256',
'zip' => 'DEF',
])
->addRecipient($this->getRSARecipientKey())
->build()
;
}
/**
* @test
*/
public function notAKeyEncryptionAlgorithm(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('The key encryption algorithm "A256CBC-HS512" is not supported or not a key encryption algorithm instance.');
$jweBuilder = $this->getJWEBuilderFactory()->create(['A256CBC-HS512'], ['A256CBC-HS512'], ['DEF']);
$jweBuilder
->create()->withPayload(json_encode($this->getKeyToEncrypt()))
->withSharedProtectedHeader([
'kid' => '123456789',
'enc' => 'A256CBC-HS512',
'alg' => 'A256CBC-HS512',
'zip' => 'DEF',
])
->addRecipient($this->getRSARecipientKey())
->build()
;
}
/**
* @test
*/
public function notAContentEncryptionAlgorithm(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('The content encryption algorithm "RSA-OAEP-256" is not supported or not a content encryption algorithm instance.');
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP-256'], ['RSA-OAEP-256'], ['DEF']);
$jweBuilder
->create()->withPayload(json_encode($this->getKeyToEncrypt()))
->withSharedProtectedHeader([
'kid' => '123456789',
'enc' => 'RSA-OAEP-256',
'alg' => 'RSA-OAEP-256',
'zip' => 'DEF',
])
->addRecipient($this->getRSARecipientKey())
->build()
;
}
/**
* @test
*/
public function encryptAndLoadCompactWithDirectKeyEncryption(): void
{
$jweBuilder = $this->getJWEBuilderFactory()->create(['dir'], ['A192CBC-HS384'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['dir'], ['A192CBC-HS384'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload(json_encode($this->getKeyToEncrypt()))
->withSharedProtectedHeader([
'kid' => 'DIR_1',
'enc' => 'A192CBC-HS384',
'alg' => 'dir',
])
->addRecipient($this->getDirectKey())
->build()
;
$jwe = $this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0);
$loaded = $this->getJWESerializerManager()->unserialize($jwe);
static::assertEquals('dir', $loaded->getSharedProtectedHeaderParameter('alg'));
static::assertEquals('A192CBC-HS384', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertFalse($loaded->hasSharedHeaderParameter('zip'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getSymmetricKeySet(), 0));
static::assertEquals($this->getKeyToEncrypt(), new JWK(json_decode($loaded->getPayload(), true)));
}
/**
* @test
*/
public function encryptAndLoadCompactKeyAgreement(): void
{
$jweBuilder = $this->getJWEBuilderFactory()->create(['ECDH-ES'], ['A192CBC-HS384'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['ECDH-ES'], ['A192CBC-HS384'], ['DEF']);
$payload = json_encode(['user_id' => '1234', 'exp' => time() + 3600]);
$jwe = $jweBuilder
->create()->withPayload($payload)
->withSharedProtectedHeader([
'kid' => 'e9bc097a-ce51-4036-9562-d2ade882db0d',
'enc' => 'A192CBC-HS384',
'alg' => 'ECDH-ES',
])
->addRecipient($this->getECDHRecipientPublicKey())
->build()
;
$jwe = $this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0);
$loaded = $this->getJWESerializerManager()->unserialize($jwe);
static::assertEquals('ECDH-ES', $loaded->getSharedProtectedHeaderParameter('alg'));
static::assertEquals('A192CBC-HS384', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertFalse($loaded->hasSharedProtectedHeaderParameter('zip'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertEquals($payload, $loaded->getPayload());
}
/**
* @test
*/
public function encryptAndLoadCompactKeyAgreementWithWrappingCompact(): void
{
$jweBuilder = $this->getJWEBuilderFactory()->create(['ECDH-ES+A256KW'], ['A256CBC-HS512'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['ECDH-ES+A256KW'], ['A256CBC-HS512'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload('Live long and Prosper.')
->withSharedProtectedHeader([
'kid' => 'e9bc097a-ce51-4036-9562-d2ade882db0d',
'enc' => 'A256CBC-HS512',
'alg' => 'ECDH-ES+A256KW',
])
->addRecipient($this->getECDHRecipientPublicKey())
->build()
;
$jwe = $this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0);
$loaded = $this->getJWESerializerManager()->unserialize($jwe);
static::assertEquals('ECDH-ES+A256KW', $loaded->getSharedProtectedHeaderParameter('alg'));
static::assertEquals('A256CBC-HS512', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertFalse($loaded->hasSharedProtectedHeaderParameter('zip'));
static::assertFalse($loaded->hasSharedHeaderParameter('zip'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertTrue(is_string($loaded->getPayload()));
static::assertEquals('Live long and Prosper.', $loaded->getPayload());
}
/**
* @test
*/
public function encryptAndLoadWithGCMAndAAD(): void
{
$jweBuilder = $this->getJWEBuilderFactory()->create(['ECDH-ES+A256KW'], ['A256GCM'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['ECDH-ES+A256KW'], ['A256GCM'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload('Live long and Prosper.')
->withSharedProtectedHeader([
'kid' => 'e9bc097a-ce51-4036-9562-d2ade882db0d',
'enc' => 'A256GCM',
'alg' => 'ECDH-ES+A256KW',
])
->withAAD('foo,bar,baz')
->addRecipient($this->getECDHRecipientPublicKey())
->build()
;
$jwe = $this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0);
$loaded = $this->getJWESerializerManager()->unserialize($jwe);
static::assertEquals('ECDH-ES+A256KW', $loaded->getSharedProtectedHeaderParameter('alg'));
static::assertEquals('A256GCM', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertFalse($loaded->hasSharedProtectedHeaderParameter('zip'));
static::assertFalse($loaded->hasSharedHeaderParameter('zip'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertTrue(is_string($loaded->getPayload()));
static::assertEquals('Live long and Prosper.', $loaded->getPayload());
}
/**
* @test
*/
public function encryptAndLoadCompactKeyAgreementWithWrapping(): void
{
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP-256', 'ECDH-ES+A256KW'], ['A256CBC-HS512'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA-OAEP-256', 'ECDH-ES+A256KW'], ['A256CBC-HS512'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload('Live long and Prosper.')
->withSharedProtectedHeader([
'enc' => 'A256CBC-HS512',
])
->withAAD('foo,bar,baz')
->addRecipient($this->getECDHRecipientPublicKey(), ['kid' => 'e9bc097a-ce51-4036-9562-d2ade882db0d', 'alg' => 'ECDH-ES+A256KW'])
->addRecipient($this->getRSARecipientKey(), ['kid' => '123456789', 'alg' => 'RSA-OAEP-256'])
->build()
;
$jwe = $this->getJWESerializerManager()->serialize('jwe_json_general', $jwe);
$loaded = $this->getJWESerializerManager()->unserialize($jwe);
static::assertEquals(2, $loaded->countRecipients());
static::assertEquals('A256CBC-HS512', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertEquals('ECDH-ES+A256KW', $loaded->getRecipient(0)->getHeaderParameter('alg'));
static::assertEquals('RSA-OAEP-256', $loaded->getRecipient(1)->getHeaderParameter('alg'));
static::assertFalse($loaded->hasSharedHeaderParameter('zip'));
static::assertFalse($loaded->hasSharedProtectedHeaderParameter('zip'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertTrue(is_string($loaded->getPayload()));
static::assertEquals('Live long and Prosper.', $loaded->getPayload());
}
/**
* @return JWK
*/
private function getKeyToEncrypt()
{
return new JWK([
'kty' => 'EC',
'use' => 'enc',
'crv' => 'P-256',
'x' => 'f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU',
'y' => 'x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0',
'd' => 'jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI',
]);
}
/**
* @return JWKSet
*/
private function getKeySetToEncrypt()
{
$key = new JWK([
'kty' => 'EC',
'use' => 'enc',
'crv' => 'P-256',
'x' => 'f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU',
'y' => 'x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0',
'd' => 'jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI',
]);
return new JWKSet([$key]);
}
/**
* @return JWK
*/
private function getRSARecipientKey()
{
return new JWK([
'kty' => 'RSA',
'use' => 'enc',
'n' => 'tpS1ZmfVKVP5KofIhMBP0tSWc4qlh6fm2lrZSkuKxUjEaWjzZSzs72gEIGxraWusMdoRuV54xsWRyf5KeZT0S-I5Prle3Idi3gICiO4NwvMk6JwSBcJWwmSLFEKyUSnB2CtfiGc0_5rQCpcEt_Dn5iM-BNn7fqpoLIbks8rXKUIj8-qMVqkTXsEKeKinE23t1ykMldsNaaOH-hvGti5Jt2DMnH1JjoXdDXfxvSP_0gjUYb0ektudYFXoA6wekmQyJeImvgx4Myz1I4iHtkY_Cp7J4Mn1ejZ6HNmyvoTE_4OuY1uCeYv4UyXFc1s1uUyYtj4z57qsHGsS4dQ3A2MJsw',
'e' => 'AQAB',
]);
}
/**
* @return JWK
*/
private function getRSARecipientKeyWithAlgorithm()
{
return new JWK([
'kty' => 'RSA',
'use' => 'enc',
'alg' => 'RSA-OAEP',
'n' => 'tpS1ZmfVKVP5KofIhMBP0tSWc4qlh6fm2lrZSkuKxUjEaWjzZSzs72gEIGxraWusMdoRuV54xsWRyf5KeZT0S-I5Prle3Idi3gICiO4NwvMk6JwSBcJWwmSLFEKyUSnB2CtfiGc0_5rQCpcEt_Dn5iM-BNn7fqpoLIbks8rXKUIj8-qMVqkTXsEKeKinE23t1ykMldsNaaOH-hvGti5Jt2DMnH1JjoXdDXfxvSP_0gjUYb0ektudYFXoA6wekmQyJeImvgx4Myz1I4iHtkY_Cp7J4Mn1ejZ6HNmyvoTE_4OuY1uCeYv4UyXFc1s1uUyYtj4z57qsHGsS4dQ3A2MJsw',
'e' => 'AQAB',
]);
}
/**
* @return JWK
*/
private function getSigningKey()
{
return new JWK([
'kty' => 'EC',
'key_ops' => ['sign', 'verify'],
'crv' => 'P-256',
'x' => 'f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU',
'y' => 'x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0',
'd' => 'jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI',
]);
}
/**
* @return JWK
*/
private function getECDHRecipientPublicKey()
{
return new JWK([
'kty' => 'EC',
'key_ops' => ['encrypt', 'decrypt'],
'crv' => 'P-256',
'x' => 'f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU',
'y' => 'x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0',
]);
}
/**
* @return JWK
*/
private function getDirectKey()
{
return new JWK([
'kid' => 'DIR_1',
'key_ops' => ['encrypt', 'decrypt'],
'kty' => 'oct',
'k' => Base64Url::encode(hex2bin('00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F')),
]);
}
private function getPrivateKeySet(): JWKSet
{
$keys = ['keys' => [
[
'kty' => 'EC',
'crv' => 'P-256',
'x' => 'weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ',
'y' => 'e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck',
'd' => 'VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw',
],
[
'kty' => 'EC',
'crv' => 'P-256',
'x' => 'gI0GAILBdu7T53akrFmMyGcsF3n5dO7MmwNBHKW5SV0',
'y' => 'SLW_xSffzlPWrHEVI30DHM_4egVwt3NQqeUD7nMFpps',
'd' => '0_NxaRPUMQoAJt50Gz8YiTr8gRTwyEaCumd-MToTmIo',
],
[
'kid' => '2010-12-29',
'kty' => 'RSA',
'n' => 'ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ',
'e' => 'AQAB',
'd' => 'Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97IjlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYTCBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLhBOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ',
],
[
'kid' => 'e9bc097a-ce51-4036-9562-d2ade882db0d',
'kty' => 'EC',
'crv' => 'P-256',
'x' => 'f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU',
'y' => 'x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0',
'd' => 'jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI',
],
[
'kid' => '123456789',
'kty' => 'RSA',
'n' => 'tpS1ZmfVKVP5KofIhMBP0tSWc4qlh6fm2lrZSkuKxUjEaWjzZSzs72gEIGxraWusMdoRuV54xsWRyf5KeZT0S-I5Prle3Idi3gICiO4NwvMk6JwSBcJWwmSLFEKyUSnB2CtfiGc0_5rQCpcEt_Dn5iM-BNn7fqpoLIbks8rXKUIj8-qMVqkTXsEKeKinE23t1ykMldsNaaOH-hvGti5Jt2DMnH1JjoXdDXfxvSP_0gjUYb0ektudYFXoA6wekmQyJeImvgx4Myz1I4iHtkY_Cp7J4Mn1ejZ6HNmyvoTE_4OuY1uCeYv4UyXFc1s1uUyYtj4z57qsHGsS4dQ3A2MJsw',
'e' => 'AQAB',
'p' => '5BGU1c7af_5sFyfsa-onIJgo5BZu8uHvz3Uyb8OA0a-G9UPO1ShLYjX0wUfhZcFB7fwPtgmmYAN6wKGVce9eMAbX4PliPk3r-BcpZuPKkuLk_wFvgWAQ5Hqw2iEuwXLV0_e8c2gaUt_hyMC5-nFc4v0Bmv6NT6Pfry-UrK3BKWc',
'd' => 'Kp0KuZwCZGL1BLgsVM-N0edMNitl9wN5Hf2WOYDoIqOZNAEKzdJuenIMhITJjRFUX05GVL138uyp2js_pqDdY9ipA7rAKThwGuDdNphZHech9ih3DGEPXs-YpmHqvIbCd3GoGm38MKwxYkddEpFnjo8rKna1_BpJthrFxjDRhw9DxJBycOdH2yWTyp62ZENPvneK40H2a57W4QScTgfecZqD59m2fGUaWaX5uUmIxaEmtGoJnd9RE4oywKhgN7_TK7wXRlqA4UoRPiH2ACrdU-_cLQL9Jc0u0GqZJK31LDbOeN95QgtSCc72k3Vtzy3CrVpp5TAA67s1Gj9Skn-CAQ',
'q' => 'zPD-B-nrngwF-O99BHvb47XGKR7ON8JCI6JxavzIkusMXCB8rMyYW8zLs68L8JLAzWZ34oMq0FPUnysBxc5nTF8Nb4BZxTZ5-9cHfoKrYTI3YWsmVW2FpCJFEjMs4NXZ28PBkS9b4zjfS2KhNdkmCeOYU0tJpNfwmOTI90qeUdU',
'dp' => 'aJrzw_kjWK9uDlTeaES2e4muv6bWbopYfrPHVWG7NPGoGdhnBnd70-jhgMEiTZSNU8VXw2u7prAR3kZ-kAp1DdwlqedYOzFsOJcPA0UZhbORyrBy30kbll_7u6CanFm6X4VyJxCpejd7jKNw6cCTFP1sfhWg5NVJ5EUTkPwE66M',
'dq' => 'Swz1-m_vmTFN_pu1bK7vF7S5nNVrL4A0OFiEsGliCmuJWzOKdL14DiYxctvnw3H6qT2dKZZfV2tbse5N9-JecdldUjfuqAoLIe7dD7dKi42YOlTC9QXmqvTh1ohnJu8pmRFXEZQGUm_BVhoIb2_WPkjav6YSkguCUHt4HRd2YwE',
'qi' => 'BocuCOEOq-oyLDALwzMXU8gOf3IL1Q1_BWwsdoANoh6i179psxgE4JXToWcpXZQQqub8ngwE6uR9fpd3m6N_PL4T55vbDDyjPKmrL2ttC2gOtx9KrpPh-Z7LQRo4BE48nHJJrystKHfFlaH2G7JxHNgMBYVADyttN09qEoav8Os',
],
[
'kty' => 'RSA',
'n' => 'oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUWcJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3Spsk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2asbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMStPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2djYgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw',
'e' => 'AQAB',
'd' => 'kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5NWV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD93Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghkqDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vlt3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSndVTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ',
'p' => '1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lffNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0',
'q' => 'wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBmUDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aXIWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc',
'dp' => 'ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KLhMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE',
'dq' => 'Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCjywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDBUfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis',
'qi' => 'VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY',
],
[
'kty' => 'RSA',
'n' => 'sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1WlUzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDprecbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBIY2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw',
'e' => 'AQAB',
'd' => 'VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-rynq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-KyvjT1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ',
'p' => '9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEPkrdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM',
'q' => 'uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-yBhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0',
'dp' => 'w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuvngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcraHawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs',
'dq' => 'o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU',
'qi' => 'eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlCtUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZB9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo',
],
[
'kty' => 'RSA',
'n' => 'ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ',
'e' => 'AQAB',
'd' => 'Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97IjlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYTCBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLhBOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ',
'p' => '4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdiYrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPGBY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc',
'q' => 'uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxaewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc',
'dp' => 'BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3QCLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0',
'dq' => 'h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-kyNlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU',
'qi' => 'IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2oy26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLUW0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U',
],
[
'kty' => 'EC',
'crv' => 'P-521',
'x' => 'AekpBQ8ST8a8VcfVOTNl353vSrDCLLJXmPk06wTjxrrjcBpXp5EOnYG_NjFZ6OvLFV1jSfS9tsz4qUxcWceqwQGk',
'y' => 'ADSmRA43Z1DSNx_RvcLI87cdL07l6jQyyBXMoxVg_l2Th-x3S1WDhjDly79ajL4Kkd0AZMaZmh9ubmf63e3kyMj2',
'd' => 'AY5pb7A0UFiB3RELSD64fTLOSV_jazdF7fLYyuTw8lOfRhWg6Y6rUrPAxerEzgdRhajnu0ferB0d53vM9mE15j2C',
],
]];
return JWKSet::createFromKeyData($keys);
}
private function getSymmetricKeySet(): JWKSet
{
$keys = ['keys' => [
[
'kid' => 'DIR_1',
'kty' => 'oct',
'k' => Base64Url::encode(hex2bin('00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F')),
],
[
'kty' => 'oct',
'k' => 'f5aN5V6iihwQVqP-tPNNtkIJNCwUb9-JukCIKkF0rNfxqxA771RJynYAT2xtzAP0MYaR7U5fMP_wvbRQq5l38Q',
],
[
'kty' => 'oct',
'k' => 'GawgguFyGrWKav7AX4VKUg',
],
[
'kty' => 'oct',
'k' => 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow',
],
]];
return JWKSet::createFromKeyData($keys);
}
}

167
vendor/web-token/jwt-encryption/Tests/EncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,167 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests;
use Jose\Component\Core\AlgorithmManagerFactory;
use Jose\Component\Encryption\Algorithm\ContentEncryption;
use Jose\Component\Encryption\Algorithm\KeyEncryption;
use Jose\Component\Encryption\Compression;
use Jose\Component\Encryption\Compression\CompressionMethodManagerFactory;
use Jose\Component\Encryption\JWEBuilderFactory;
use Jose\Component\Encryption\JWEDecrypterFactory;
use Jose\Component\Encryption\JWELoaderFactory;
use Jose\Component\Encryption\Serializer;
use PHPUnit\Framework\TestCase;
abstract class EncryptionTest extends TestCase
{
/**
* @var AlgorithmManagerFactory
*/
private $algorithmManagerFactory;
/**
* @var CompressionMethodManagerFactory
*/
private $compressionMethodManagerFactory;
/**
* @var JWEBuilderFactory
*/
private $jweBuilderFactory;
/**
* @var JWEDecrypterFactory
*/
private $jweDecrypterFactory;
/**
* @var JWELoaderFactory
*/
private $jweLoaderFactory;
/**
* @var null|Serializer\JWESerializerManagerFactory
*/
private $jwsSerializerManagerFactory;
/**
* @var null|Serializer\JWESerializerManager
*/
private $jwsSerializerManager;
protected function getAlgorithmManagerFactory(): AlgorithmManagerFactory
{
if (null === $this->algorithmManagerFactory) {
$this->algorithmManagerFactory = new AlgorithmManagerFactory();
$this->algorithmManagerFactory->add('A128GCM', new ContentEncryption\A128GCM());
$this->algorithmManagerFactory->add('A192GCM', new ContentEncryption\A192GCM());
$this->algorithmManagerFactory->add('A256GCM', new ContentEncryption\A256GCM());
$this->algorithmManagerFactory->add('A128CBC-HS256', new ContentEncryption\A128CBCHS256());
$this->algorithmManagerFactory->add('A192CBC-HS384', new ContentEncryption\A192CBCHS384());
$this->algorithmManagerFactory->add('A256CBC-HS512', new ContentEncryption\A256CBCHS512());
$this->algorithmManagerFactory->add('A128GCMKW', new KeyEncryption\A128GCMKW());
$this->algorithmManagerFactory->add('A192GCMKW', new KeyEncryption\A192GCMKW());
$this->algorithmManagerFactory->add('A256GCMKW', new KeyEncryption\A256GCMKW());
$this->algorithmManagerFactory->add('A128KW', new KeyEncryption\A128KW());
$this->algorithmManagerFactory->add('A192KW', new KeyEncryption\A192KW());
$this->algorithmManagerFactory->add('A256KW', new KeyEncryption\A256KW());
$this->algorithmManagerFactory->add('dir', new KeyEncryption\Dir());
$this->algorithmManagerFactory->add('ECDH-ES', new KeyEncryption\ECDHES());
$this->algorithmManagerFactory->add('ECDH-ES+A128KW', new KeyEncryption\ECDHESA128KW());
$this->algorithmManagerFactory->add('ECDH-ES+A192KW', new KeyEncryption\ECDHESA192KW());
$this->algorithmManagerFactory->add('ECDH-ES+A256KW', new KeyEncryption\ECDHESA256KW());
$this->algorithmManagerFactory->add('PBES2-HS256+A128KW', new KeyEncryption\PBES2HS256A128KW());
$this->algorithmManagerFactory->add('PBES2-HS384+A192KW', new KeyEncryption\PBES2HS384A192KW());
$this->algorithmManagerFactory->add('PBES2-HS512+A256KW', new KeyEncryption\PBES2HS512A256KW());
$this->algorithmManagerFactory->add('RSA1_5', new KeyEncryption\RSA15());
$this->algorithmManagerFactory->add('RSA-OAEP', new KeyEncryption\RSAOAEP());
$this->algorithmManagerFactory->add('RSA-OAEP-256', new KeyEncryption\RSAOAEP256());
}
return $this->algorithmManagerFactory;
}
protected function getCompressionMethodManagerFactory(): CompressionMethodManagerFactory
{
if (null === $this->compressionMethodManagerFactory) {
$this->compressionMethodManagerFactory = new CompressionMethodManagerFactory();
$this->compressionMethodManagerFactory->add('DEF', new Compression\Deflate());
}
return $this->compressionMethodManagerFactory;
}
protected function getJWEBuilderFactory(): JWEBuilderFactory
{
if (null === $this->jweBuilderFactory) {
$this->jweBuilderFactory = new JWEBuilderFactory(
$this->getAlgorithmManagerFactory(),
$this->getCompressionMethodManagerFactory()
);
}
return $this->jweBuilderFactory;
}
protected function getJWEDecrypterFactory(): JWEDecrypterFactory
{
if (null === $this->jweDecrypterFactory) {
$this->jweDecrypterFactory = new JWEDecrypterFactory(
$this->getAlgorithmManagerFactory(),
$this->getCompressionMethodManagerFactory()
);
}
return $this->jweDecrypterFactory;
}
protected function getJWELoaderFactory(): JWELoaderFactory
{
if (null === $this->jweLoaderFactory) {
$this->jweLoaderFactory = new JWELoaderFactory(
$this->getJWESerializerManagerFactory(),
$this->getJWEDecrypterFactory(),
null
);
}
return $this->jweLoaderFactory;
}
protected function getJWESerializerManagerFactory(): Serializer\JWESerializerManagerFactory
{
if (null === $this->jwsSerializerManagerFactory) {
$this->jwsSerializerManagerFactory = new Serializer\JWESerializerManagerFactory();
$this->jwsSerializerManagerFactory->add(new Serializer\CompactSerializer());
$this->jwsSerializerManagerFactory->add(new Serializer\JSONFlattenedSerializer());
$this->jwsSerializerManagerFactory->add(new Serializer\JSONGeneralSerializer());
}
return $this->jwsSerializerManagerFactory;
}
protected function getJWESerializerManager(): Serializer\JWESerializerManager
{
if (null === $this->jwsSerializerManager) {
$this->jwsSerializerManager = new Serializer\JWESerializerManager([
new Serializer\CompactSerializer(),
new Serializer\JSONFlattenedSerializer(),
new Serializer\JSONGeneralSerializer(),
]);
}
return $this->jwsSerializerManager;
}
}

65
vendor/web-token/jwt-encryption/Tests/InvalidCurveAttackTest.php vendored Normal file
View File

@@ -0,0 +1,65 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests;
use Jose\Component\Core\JWK;
/**
* @group CVE
* @group functional
*
* @internal
*/
class InvalidCurveAttackTest extends EncryptionTest
{
/**
* @test
*/
public function curveCheckNegativeP256AttackPt1(): void
{
$maliciousJWE = 'eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJlcGsiOnsia3R5IjoiRUMiLCJ4IjoiZ1RsaTY1ZVRRN3otQmgxNDdmZjhLM203azJVaURpRzJMcFlrV0FhRkpDYyIsInkiOiJjTEFuakthNGJ6akQ3REpWUHdhOUVQclJ6TUc3ck9OZ3NpVUQta2YzMEZzIiwiY3J2IjoiUC0yNTYifX0.qGAdxtEnrV_3zbIxU2ZKrMWcejNltjA_dtefBFnRh9A2z9cNIqYRWg.pEA5kX304PMCOmFSKX_cEg.a9fwUrx2JXi1OnWEMOmZhXd94-bEGCH9xxRwqcGuG2AMo-AwHoljdsH5C_kcTqlXS5p51OB1tvgQcMwB5rpTxg.72CHiYFecyDvuUa43KKT6w';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['ECDH-ES+A128KW'], ['A128CBC-HS256'], ['DEF']);
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($maliciousJWE);
$privateKey = new JWK([
'kty' => 'EC',
'crv' => 'P-256',
'x' => 'weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ',
'y' => 'e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck',
'd' => 'VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw',
]);
static::assertFalse($jweDecrypter->decryptUsingKey($loaded_compact_json, $privateKey, 0));
}
/**
* @test
*/
public function curveCheckNegativeP256AttackPt2(): void
{
// The malicious JWE contains a public key with order 2447
$maliciousJWE = 'eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJlcGsiOnsia3R5IjoiRUMiLCJ4IjoiWE9YR1E5XzZRQ3ZCZzN1OHZDSS1VZEJ2SUNBRWNOTkJyZnFkN3RHN29RNCIsInkiOiJoUW9XTm90bk56S2x3aUNuZUprTElxRG5UTnc3SXNkQkM1M1ZVcVZqVkpjIiwiY3J2IjoiUC0yNTYifX0.UGb3hX3ePAvtFB9TCdWsNkFTv9QWxSr3MpYNiSBdW630uRXRBT3sxw.6VpU84oMob16DxOR98YTRw.y1UslvtkoWdl9HpugfP0rSAkTw1xhm_LbK1iRXzGdpYqNwIG5VU33UBpKAtKFBoA1Kk_sYtfnHYAvn-aes4FTg.UZPN8h7FcvA5MIOq-Pkj8A';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['ECDH-ES+A128KW'], ['A128CBC-HS256'], ['DEF']);
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($maliciousJWE);
$privateKey = new JWK([
'kty' => 'EC',
'crv' => 'P-256',
'x' => 'weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ',
'y' => 'e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck',
'd' => 'VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw',
]);
static::assertFalse($jweDecrypter->decryptUsingKey($loaded_compact_json, $privateKey, 0));
}
}

68
vendor/web-token/jwt-encryption/Tests/JWEFlattenedTest.php vendored Normal file
View File

@@ -0,0 +1,68 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests;
use Base64Url\Base64Url;
use Jose\Component\Core\JWKSet;
/**
* @group functional
*
* @internal
*/
class JWEFlattenedTest extends EncryptionTest
{
/**
* @see https://tools.ietf.org/html/rfc7516#appendix-A.5
*
* @test
*/
public function loadFlattenedJWE(): void
{
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A128KW'], ['A128CBC-HS256'], ['DEF']);
$loaded = $this->getJWESerializerManager()->unserialize('{"protected":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","unprotected":{"jku":"https://server.example.com/keys.jwks"},"header":{"alg":"A128KW","kid":"7"},"encrypted_key":"6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ","iv":"AxY8DCtDaGlsbGljb3RoZQ","ciphertext":"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY","tag":"Mz-VPPyU4RlcuYv1IwIvzw"}');
static::assertEquals('A128KW', $loaded->getRecipient(0)->getHeaderParameter('alg'));
static::assertEquals('A128CBC-HS256', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getSymmetricKeySet(), 0));
static::assertEquals('Live long and prosper.', $loaded->getPayload());
}
private function getSymmetricKeySet(): JWKSet
{
$keys = ['keys' => [
[
'kid' => 'DIR_1',
'kty' => 'oct',
'k' => Base64Url::encode(hex2bin('00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F')),
],
[
'kty' => 'oct',
'k' => 'f5aN5V6iihwQVqP-tPNNtkIJNCwUb9-JukCIKkF0rNfxqxA771RJynYAT2xtzAP0MYaR7U5fMP_wvbRQq5l38Q',
],
[
'kty' => 'oct',
'k' => 'GawgguFyGrWKav7AX4VKUg',
],
[
'kty' => 'oct',
'k' => 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow',
],
]];
return JWKSet::createFromKeyData($keys);
}
}

126
vendor/web-token/jwt-encryption/Tests/JWELoaderTest.php vendored Normal file
View File

@@ -0,0 +1,126 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests;
use Exception;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\JWELoader;
/**
* Class JWELoaderTest.
*
* @group JWELoader
* @group functional
*
* @internal
*/
class JWELoaderTest extends EncryptionTest
{
/**
* @var null|JWELoader
*/
private $jweLoader;
/**
* @test
*/
public function theFlattenedTokenCannotBeLoaded(): void
{
$this->expectException(Exception::class);
$this->expectExceptionMessage('Unable to load and decrypt the token.');
$token = '{"protected":"eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0","encrypted_key":"CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx","iv":"Qx0pmsDa8KnJc9Jo","ciphertext":"AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF","tag":"ER7MWJZ1FBI_NKvn7Zb1Lw"}';
$key = new JWK([
'kty' => 'EC',
'kid' => 'peregrin.took@tuckborough.example',
'use' => 'enc',
'crv' => 'P-384',
'x' => 'YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQLpe2FpxBmu2',
'y' => 'A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-SkgaFL1ETP',
]);
$this->getJWELoader()->loadAndDecryptWithKey($token, $key, $recipient);
}
/**
* @test
*/
public function theTokenCannotBeVerifiedBecauseOfAnUnsupportedAlgorithm(): void
{
$this->expectException(Exception::class);
$this->expectExceptionMessage('Unable to load and decrypt the token.');
$token = 'eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0.0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2.mH-G2zVqgztUtnW_.tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ.WuGzxmcreYjpHGJoa17EBg';
$key = new JWK([
'kty' => 'EC',
'kid' => 'peregrin.took@tuckborough.example',
'use' => 'enc',
'crv' => 'P-384',
'x' => 'YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQLpe2FpxBmu2',
'y' => 'A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-SkgaFL1ETP',
]);
$this->getJWELoader()->loadAndDecryptWithKey($token, $key, $recipient);
}
/**
* @test
*/
public function theTokenCannotBeVerifiedBecauseOfABadKey(): void
{
$this->expectException(Exception::class);
$this->expectExceptionMessage('Unable to load and decrypt the token.');
$token = 'eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0.CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx.Qx0pmsDa8KnJc9Jo.AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF.ER7MWJZ1FBI_NKvn7Zb1Lw';
$key = new JWK([
'kty' => 'EC',
'kid' => 'peregrin.took@tuckborough.example',
'use' => 'enc',
'crv' => 'P-384',
'x' => 'YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQLpe2FpxBmu2',
'y' => 'A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-SkgaFL1ETP',
]);
$this->getJWELoader()->loadAndDecryptWithKey($token, $key, $recipient);
}
/**
* @test
*/
public function theJweLoaderCanLoadAndDecryptAToken(): void
{
$token = 'eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0.CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx.Qx0pmsDa8KnJc9Jo.AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF.ER7MWJZ1FBI_NKvn7Zb1Lw';
$key = new JWK([
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
]);
$recipient = 0;
$jwe = $this->getJWELoader()->loadAndDecryptWithKey($token, $key, $recipient);
static::assertEquals('You can trust us to stick with you through thick and thinto the bitter end. And you can trust us to keep any secret of yourscloser than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.', $jwe->getPayload());
static::assertEquals(0, $recipient);
}
private function getJWELoader(): JWELoader
{
if (null === $this->jweLoader) {
$this->jweLoader = $this->getJWELoaderFactory()->create(['jwe_compact'], ['A128KW'], ['A128GCM'], ['DEF']);
}
return $this->jweLoader;
}
}

57
vendor/web-token/jwt-encryption/Tests/JWESplitTest.php vendored Normal file
View File

@@ -0,0 +1,57 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests;
use function count;
use Jose\Component\Encryption\Serializer\JSONGeneralSerializer;
/**
* @group JWE
*
* @internal
*/
class JWESplitTest extends EncryptionTest
{
/**
* @test
*/
public function aJweObjectWithMoreThanOneRecipientCanBeSplittedIntoSeveralJweObjects(): void
{
$input = '{"recipients":[{"encrypted_key":"dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4bWrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYSrRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-dbHcGlihqc_wGgho9fLMK8JOArYLcMDNQ","header":{"alg":"RSA1_5","kid":"frodo.baggins@hobbiton.example"}},{"encrypted_key":"ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw_elY4gSSId_w","header":{"alg":"ECDH-ES+A256KW","kid":"peregrin.took@tuckborough.example","epk":{"kty":"EC","crv":"P-384","x":"Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2DtMRb25Ma2CX","y":"VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMbw91fzZ84pbfm"}}},{"encrypted_key":"a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1E","header":{"alg":"A256GCMKW","kid":"18ec08e1-bfa9-4d95-b205-2b4dd1d4321d","tag":"59Nqh1LlYtVIhfD3pgRGvw","iv":"AvpeoPZ9Ncn9mkBn"}}],"unprotected":{"cty":"text/plain"},"protected":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","iv":"VgEIHY20EnzUtZFl2RpB1g","ciphertext":"ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK04SjdxQeSw2L9mu3a_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM9tBURMFqLByJ8vOYQX0oJW4VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSaP6ga7-siYxStR7_G07Thd1jh-zGT0wxM5g-VRORtq0K6AXpLlwEqRp7pkt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZukLpCbzhzMDLLw2-8I14FQrgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXMY9YQjorZ_P_JYG3ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2ofDQdLChtazE","tag":"BESYyFN7T09KY7i8zKs5_g"}';
$serializer = new JSONGeneralSerializer();
$jwe = $serializer->unserialize($input);
$split = $jwe->split();
static::assertEquals(3, $jwe->countRecipients());
static::assertEquals(3, count($split));
for ($i = 0; $i < $jwe->countRecipients(); ++$i) {
$recipient1 = $jwe->getRecipient($i);
$tempJwe = $split[$i];
static::assertEquals(1, $tempJwe->countRecipients());
static::assertEquals($jwe->getAAD(), $tempJwe->getAAD());
static::assertEquals($jwe->getCiphertext(), $tempJwe->getCiphertext());
static::assertEquals($jwe->getEncodedSharedProtectedHeader(), $tempJwe->getEncodedSharedProtectedHeader());
static::assertEquals($jwe->getSharedProtectedHeader(), $tempJwe->getSharedProtectedHeader());
static::assertEquals($jwe->getSharedHeader(), $tempJwe->getSharedHeader());
static::assertEquals($jwe->getIV(), $tempJwe->getIV());
static::assertEquals($jwe->getTag(), $tempJwe->getTag());
static::assertEquals($jwe->isEncrypted(), $tempJwe->isEncrypted());
$recipient2 = $tempJwe->getRecipient(0);
static::assertEquals($recipient1->getHeader(), $recipient2->getHeader());
static::assertEquals($recipient1->getEncryptedKey(), $recipient2->getEncryptedKey());
}
}
}

141
vendor/web-token/jwt-encryption/Tests/RFC7520/A128KWAndA128GCMEncryptionProtectedContentOnlyTest.php vendored Normal file
View File

@@ -0,0 +1,141 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.12
*
* @group RFC7520
*
* @internal
*/
class A128KWAndA128GCMEncryptionProtectedContentOnlyTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function a128KWAndA128GCMEncryptionProtectedContentOnly(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
]);
$protectedHeader = [
];
$header = [
'enc' => 'A128GCM',
'alg' => 'A128KW',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
];
$expected_flattened_json = '{"unprotected":{"alg":"A128KW","kid":"81b20965-8332-43d9-a468-82160ad91ac8","enc":"A128GCM"},"encrypted_key":"244YHfO_W7RMpQW81UjQrZcq5LSyqiPv","iv":"YihBoVOGsR1l7jCD","ciphertext":"qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF","tag":"e2m0Vm7JvjK2VpCKXS-kyg"}';
$expected_json = '{"recipients":[{"encrypted_key":"244YHfO_W7RMpQW81UjQrZcq5LSyqiPv"}],"unprotected":{"alg":"A128KW","kid":"81b20965-8332-43d9-a468-82160ad91ac8","enc":"A128GCM"},"iv":"YihBoVOGsR1l7jCD","ciphertext":"qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF","tag":"e2m0Vm7JvjK2VpCKXS-kyg"}';
$expected_iv = 'YihBoVOGsR1l7jCD';
$expected_encrypted_key = '244YHfO_W7RMpQW81UjQrZcq5LSyqiPv';
$expected_ciphertext = 'qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF';
$expected_tag = 'e2m0Vm7JvjK2VpCKXS-kyg';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($expected_flattened_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_flattened_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_flattened_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_flattened_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($header, $loaded_flattened_json->getSharedHeader());
static::assertEquals($expected_tag, Base64Url::encode($loaded_flattened_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($header, $loaded_json->getSharedHeader());
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function a128KWAndA128GCMEncryptionProtectedContentOnlyBis(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
]);
$protectedHeader = [
];
$header = [
'enc' => 'A128GCM',
'alg' => 'A128KW',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->withSharedHeader($header)
->addRecipient($private_key)
->build()
;
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($header, $loaded_flattened_json->getSharedHeader());
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($header, $loaded_json->getSharedHeader());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
}

147
vendor/web-token/jwt-encryption/Tests/RFC7520/A128KWAndA128GCMEncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,147 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.8
*
* @group RFC7520
*
* @internal
*/
class A128KWAndA128GCMEncryptionTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function a128KWAndA128GCMEncryption(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
]);
$protectedHeader = [
'alg' => 'A128KW',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'enc' => 'A128GCM',
];
$expected_compact_json = 'eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0.CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx.Qx0pmsDa8KnJc9Jo.AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF.ER7MWJZ1FBI_NKvn7Zb1Lw';
$expected_flattened_json = '{"protected":"eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0","encrypted_key":"CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx","iv":"Qx0pmsDa8KnJc9Jo","ciphertext":"AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF","tag":"ER7MWJZ1FBI_NKvn7Zb1Lw"}';
$expected_json = '{"recipients":[{"encrypted_key":"CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx"}],"protected":"eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0","iv":"Qx0pmsDa8KnJc9Jo","ciphertext":"AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF","tag":"ER7MWJZ1FBI_NKvn7Zb1Lw"}';
$expected_iv = 'Qx0pmsDa8KnJc9Jo';
$expected_encrypted_key = 'CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx';
$expected_ciphertext = 'AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF';
$expected_tag = 'ER7MWJZ1FBI_NKvn7Zb1Lw';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($expected_compact_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($expected_flattened_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_compact_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_compact_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_compact_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_compact_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_flattened_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_flattened_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_flattened_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_flattened_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function a128KWAndA128GCMEncryptionBis(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
]);
$protectedHeader = [
'alg' => 'A128KW',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'enc' => 'A128GCM',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->addRecipient($private_key)
->build()
;
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_compact', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
}

133
vendor/web-token/jwt-encryption/Tests/RFC7520/A128KWAndA128GCMEncryptionWithAdditionalAuthenticatedDataTest.php vendored Normal file
View File

@@ -0,0 +1,133 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.10
*
* @group RFC7520
*
* @internal
*/
class A128KWAndA128GCMEncryptionWithAdditionalAuthenticatedDataTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function a128KWAndA128GCMEncryptionWithAdditionalAuthenticatedData(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
]);
$protectedHeader = [
'alg' => 'A128KW',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'enc' => 'A128GCM',
];
$expected_flattened_json = '{"protected":"eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0","encrypted_key":"4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X","aad":"WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d","iv":"veCx9ece2orS7c_N","ciphertext":"Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV","tag":"vOaH_Rajnpy_3hOtqvZHRA"}';
$expected_json = '{"recipients":[{"encrypted_key":"4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X"}],"protected":"eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0","iv":"veCx9ece2orS7c_N","aad":"WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d","ciphertext":"Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV","tag":"vOaH_Rajnpy_3hOtqvZHRA"}';
$expected_iv = 'veCx9ece2orS7c_N';
$expected_aad = '["vcard",[["version",{},"text","4.0"],["fn",{},"text","Meriadoc Brandybuck"],["n",{},"text",["Brandybuck","Meriadoc","Mr.",""]],["bday",{},"text","TA 2982"],["gender",{},"text","M"]]]';
$expected_encrypted_key = '4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X';
$expected_ciphertext = 'Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV';
$expected_tag = 'vOaH_Rajnpy_3hOtqvZHRA';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($expected_flattened_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_flattened_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_flattened_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_flattened_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_flattened_json->getTag()));
static::assertEquals($expected_aad, $loaded_flattened_json->getAAD());
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertEquals($expected_aad, $loaded_json->getAAD());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function a128KWAndA128GCMEncryptionWithAdditionalAuthenticatedDataBis(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
]);
$protectedHeader = [
'alg' => 'A128KW',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'enc' => 'A128GCM',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->addRecipient($private_key)
->build()
;
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
}

149
vendor/web-token/jwt-encryption/Tests/RFC7520/A128KWAndA128GCMEncryptionWithCompressionTest.php vendored Normal file
View File

@@ -0,0 +1,149 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.9
*
* @group RFC7520
*
* @internal
*/
class A128KWAndA128GCMEncryptionWithCompressionTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function a128KWAndA128GCMEncryptionWithCompression(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
]);
$protectedHeader = [
'alg' => 'A128KW',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'enc' => 'A128GCM',
'zip' => 'DEF',
];
$expected_compact_json = 'eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0.5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi.p9pUq6XHY0jfEZIl.HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw.VILuUwuIxaLVmh5X-T7kmA';
$expected_flattened_json = '{"protected":"eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0","encrypted_key":"5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi","iv":"p9pUq6XHY0jfEZIl","ciphertext":"HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw","tag":"VILuUwuIxaLVmh5X-T7kmA"}';
$expected_json = '{"recipients":[{"encrypted_key":"5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi"}],"protected":"eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0","iv":"p9pUq6XHY0jfEZIl","ciphertext":"HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw","tag":"VILuUwuIxaLVmh5X-T7kmA"}';
$expected_iv = 'p9pUq6XHY0jfEZIl';
$expected_encrypted_key = '5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi';
$expected_ciphertext = 'HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw';
$expected_tag = 'VILuUwuIxaLVmh5X-T7kmA';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($expected_compact_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($expected_flattened_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_compact_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_compact_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_compact_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_compact_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_flattened_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_flattened_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_flattened_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_flattened_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function a128KWAndA128GCMEncryptionWithCompressionBis(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
]);
$protectedHeader = [
'alg' => 'A128KW',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'enc' => 'A128GCM',
'zip' => 'DEF',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->addRecipient($private_key)
->build()
;
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_compact', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
}

141
vendor/web-token/jwt-encryption/Tests/RFC7520/A128KWAndA128GCMEncryptionWithSpecificProtectedHeaderValuesTest.php vendored Normal file
View File

@@ -0,0 +1,141 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.11
*
* @group RFC7520
*
* @internal
*/
class A128KWAndA128GCMEncryptionWithSpecificProtectedHeaderValuesTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function a128KWAndA128GCMEncryptionWithSpecificProtectedHeaderValues(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
]);
$protectedHeader = [
'enc' => 'A128GCM',
];
$header = [
'alg' => 'A128KW',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
];
$expected_flattened_json = '{"protected":"eyJlbmMiOiJBMTI4R0NNIn0","unprotected":{"alg":"A128KW","kid":"81b20965-8332-43d9-a468-82160ad91ac8"},"encrypted_key":"jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H","iv":"WgEJsDS9bkoXQ3nR","ciphertext":"lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2DM3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9OCCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf","tag":"fNYLqpUe84KD45lvDiaBAQ"}';
$expected_json = '{"recipients":[{"encrypted_key":"jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H"}],"unprotected":{"alg":"A128KW","kid":"81b20965-8332-43d9-a468-82160ad91ac8"},"protected":"eyJlbmMiOiJBMTI4R0NNIn0","iv":"WgEJsDS9bkoXQ3nR","ciphertext":"lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2DM3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9OCCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf","tag":"fNYLqpUe84KD45lvDiaBAQ"}';
$expected_iv = 'WgEJsDS9bkoXQ3nR';
$expected_encrypted_key = 'jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H';
$expected_ciphertext = 'lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2DM3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9OCCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf';
$expected_tag = 'fNYLqpUe84KD45lvDiaBAQ';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($expected_flattened_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_flattened_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_flattened_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_flattened_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($header, $loaded_flattened_json->getSharedHeader());
static::assertEquals($expected_tag, Base64Url::encode($loaded_flattened_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($header, $loaded_json->getSharedHeader());
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function a128KWAndA128GCMEncryptionWithSpecificProtectedHeaderValuesBis(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
]);
$protectedHeader = [
'enc' => 'A128GCM',
];
$header = [
'alg' => 'A128KW',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A128KW'], ['A128GCM'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->withSharedHeader($header)
->addRecipient($private_key)
->build()
;
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($header, $loaded_flattened_json->getSharedHeader());
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($header, $loaded_json->getSharedHeader());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
}

159
vendor/web-token/jwt-encryption/Tests/RFC7520/A256GCMKWAndA128CBC_HS256EncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,159 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use function array_key_exists;
use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.7
*
* @group RFC7520
*
* @internal
*/
class A256GCMKWAndA128CBC_HS256EncryptionTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function a256GCMKWAndA128CBCHS256Encryption(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d',
'use' => 'enc',
'alg' => 'A256GCMKW',
'k' => 'qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8',
]);
$protectedHeader = [
'alg' => 'A256GCMKW',
'kid' => '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d',
'tag' => 'kfPduVQ3T3H6vnewt--ksw',
'iv' => 'KkYT0GX_2jHlfqN_',
'enc' => 'A128CBC-HS256',
];
$expected_compact_json = 'eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok.gz6NjyEFNm_vm8Gj6FwoFQ.Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3xWU.DKW7jrb4WaRSNfbXVPlT5g';
/*
* There is an error in this vector
* In the RFC7520, the tag is 'DKW7jrb4WaRSNfbXVPlT5g' (see figure 147), but the tag from the flattened representation is 'NvBveHr_vonkvflfnUrmBQ'
* Same goes for the protected header. The values are good, but as the order is different, the protected header value is different and the tag is not validated.
*/
$expected_flattened_json = '{"protected":"eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1NiJ9","encrypted_key":"lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok","iv":"gz6NjyEFNm_vm8Gj6FwoFQ","ciphertext":"Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3xWU","tag":"DKW7jrb4WaRSNfbXVPlT5g"}';
$expected_json = '{"recipients":[{"encrypted_key":"lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok"}],"protected":"eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1NiJ9","iv":"gz6NjyEFNm_vm8Gj6FwoFQ","ciphertext":"Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3xWU","tag":"DKW7jrb4WaRSNfbXVPlT5g"}';
$expected_iv = 'gz6NjyEFNm_vm8Gj6FwoFQ';
$expected_encrypted_key = 'lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok';
$expected_ciphertext = 'Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3xWU';
$expected_tag = 'DKW7jrb4WaRSNfbXVPlT5g';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A256GCMKW'], ['A128CBC-HS256'], ['DEF']);
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($expected_compact_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($expected_flattened_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_compact_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_compact_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_compact_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_compact_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_flattened_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_flattened_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_flattened_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_flattened_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function a256GCMKWAndA128CBCHS256EncryptionBis(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d',
'use' => 'enc',
'alg' => 'A256GCMKW',
'k' => 'qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8',
]);
$protectedHeader = [
'alg' => 'A256GCMKW',
'kid' => '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d',
'enc' => 'A128CBC-HS256',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['A256GCMKW'], ['A128CBC-HS256'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A256GCMKW'], ['A128CBC-HS256'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->addRecipient($private_key)
->build()
;
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_compact', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertTrue(array_key_exists('iv', $loaded_compact_json->getSharedProtectedHeader()));
static::assertTrue(array_key_exists('tag', $loaded_compact_json->getSharedProtectedHeader()));
static::assertTrue(array_key_exists('iv', $loaded_flattened_json->getSharedProtectedHeader()));
static::assertTrue(array_key_exists('tag', $loaded_flattened_json->getSharedProtectedHeader()));
static::assertTrue(array_key_exists('iv', $loaded_json->getSharedProtectedHeader()));
static::assertTrue(array_key_exists('tag', $loaded_json->getSharedProtectedHeader()));
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
}

127
vendor/web-token/jwt-encryption/Tests/RFC7520/DirAndA128GCMEncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,127 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.6
*
* @group RFC7520
*
* @internal
*/
class DirAndA128GCMEncryptionTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function dirAndA128GCMEncryption(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '77c7e2b8-6e13-45cf-8672-617b5b45243a',
'use' => 'enc',
'alg' => 'A128GCM',
'k' => 'XctOhJAkA-pD9Lh7ZgW_2A',
]);
$protectedHeader = [
'alg' => 'dir',
'kid' => '77c7e2b8-6e13-45cf-8672-617b5b45243a',
'enc' => 'A128GCM',
];
$expected_compact_json = 'eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0..refa467QzzKx6QAB.JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp.vbb32Xvllea2OtmHAdccRQ';
$expected_json = '{"protected":"eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0","iv":"refa467QzzKx6QAB","ciphertext":"JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp","tag":"vbb32Xvllea2OtmHAdccRQ"}';
$expected_iv = 'refa467QzzKx6QAB';
$expected_ciphertext = 'JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp';
$expected_tag = 'vbb32Xvllea2OtmHAdccRQ';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['dir'], ['A128GCM'], ['DEF']);
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($expected_compact_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_compact_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_compact_json->getIV()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_compact_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function dirAndA128GCMEncryptionBis(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'oct',
'kid' => '77c7e2b8-6e13-45cf-8672-617b5b45243a',
'use' => 'enc',
'alg' => 'A128GCM',
'k' => 'XctOhJAkA-pD9Lh7ZgW_2A',
]);
$protectedHeader = [
'alg' => 'dir',
'kid' => '77c7e2b8-6e13-45cf-8672-617b5b45243a',
'enc' => 'A128GCM',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['dir'], ['A128GCM'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['dir'], ['A128GCM'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->addRecipient($private_key)
->build()
;
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_compact', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
}

161
vendor/web-token/jwt-encryption/Tests/RFC7520/ECDH_ES_A128KWAndA128GCMEncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,161 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use function array_key_exists;
use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.4
*
* @group RFC7520
*
* @internal
*/
class ECDH_ES_A128KWAndA128GCMEncryptionTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function eCDHESA128KWAndA128GCMEncryption(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'EC',
'kid' => 'peregrin.took@tuckborough.example',
'use' => 'enc',
'crv' => 'P-384',
'x' => 'YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQLpe2FpxBmu2',
'y' => 'A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-SkgaFL1ETP',
'd' => 'iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0IdnYK2xDlZh-j',
]);
$protectedHeader = [
'alg' => 'ECDH-ES+A128KW',
'kid' => 'peregrin.took@tuckborough.example',
'epk' => [
'kty' => 'EC',
'crv' => 'P-384',
'x' => 'uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6iuEDsQ6wNdNg3',
'y' => 'sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQTA-JdaY8tb7E0',
],
'enc' => 'A128GCM',
];
$expected_compact_json = 'eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0.0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2.mH-G2zVqgztUtnW_.tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ.WuGzxmcreYjpHGJoa17EBg';
$expected_flattened_json = '{"protected":"eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0","encrypted_key":"0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2","iv":"mH-G2zVqgztUtnW_","ciphertext":"tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ","tag":"WuGzxmcreYjpHGJoa17EBg"}';
$expected_json = '{"recipients":[{"encrypted_key":"0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2"}],"protected":"eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0","iv":"mH-G2zVqgztUtnW_","ciphertext":"tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ","tag":"WuGzxmcreYjpHGJoa17EBg"}';
$expected_iv = 'mH-G2zVqgztUtnW_';
$expected_encrypted_key = '0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2';
$expected_ciphertext = 'tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ';
$expected_tag = 'WuGzxmcreYjpHGJoa17EBg';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['ECDH-ES+A128KW'], ['A128GCM'], ['DEF']);
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($expected_compact_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($expected_flattened_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_compact_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_compact_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_compact_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_compact_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_flattened_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_flattened_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_flattened_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_flattened_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function eCDHESA128KWAndA128GCMEncryptionBis(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$public_key = new JWK([
'kty' => 'EC',
'kid' => 'peregrin.took@tuckborough.example',
'use' => 'enc',
'crv' => 'P-384',
'x' => 'YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQLpe2FpxBmu2',
'y' => 'A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-SkgaFL1ETP',
]);
$private_key = new JWK([
'kty' => 'EC',
'kid' => 'peregrin.took@tuckborough.example',
'use' => 'enc',
'crv' => 'P-384',
'x' => 'YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQLpe2FpxBmu2',
'y' => 'A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-SkgaFL1ETP',
'd' => 'iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0IdnYK2xDlZh-j',
]);
$protectedHeader = [
'alg' => 'ECDH-ES+A128KW',
'kid' => 'peregrin.took@tuckborough.example',
'enc' => 'A128GCM',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['ECDH-ES+A128KW'], ['A128GCM'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['ECDH-ES+A128KW'], ['A128GCM'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->addRecipient($public_key)
->build()
;
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertTrue(array_key_exists('epk', $loaded_flattened_json->getSharedProtectedHeader()));
static::assertTrue(array_key_exists('epk', $loaded_json->getSharedProtectedHeader()));
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
}

142
vendor/web-token/jwt-encryption/Tests/RFC7520/ECDH_ES_AndA128CBC_HS256EncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,142 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use function array_key_exists;
use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.5
*
* @group RFC7520
*
* @internal
*/
class ECDH_ES_AndA128CBC_HS256EncryptionTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function eCDHESAndA128CBCHS256Encryption(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'EC',
'kid' => 'meriadoc.brandybuck@buckland.example',
'use' => 'enc',
'crv' => 'P-256',
'x' => 'Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0',
'y' => 'HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw',
'd' => 'r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8',
]);
$protectedHeader = [
'alg' => 'ECDH-ES',
'kid' => 'meriadoc.brandybuck@buckland.example',
'epk' => [
'kty' => 'EC',
'crv' => 'P-256',
'x' => 'mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA',
'y' => '8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs',
],
'enc' => 'A128CBC-HS256',
];
$expected_compact_json = 'eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ..yc9N8v5sYyv3iGQT926IUg.BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9Csg.WCCkNa-x4BeB9hIDIfFuhg';
$expected_json = '{"protected":"eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ","iv":"yc9N8v5sYyv3iGQT926IUg","ciphertext":"BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9Csg","tag":"WCCkNa-x4BeB9hIDIfFuhg"}';
$expected_iv = 'yc9N8v5sYyv3iGQT926IUg';
$expected_ciphertext = 'BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9Csg';
$expected_tag = 'WCCkNa-x4BeB9hIDIfFuhg';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['ECDH-ES'], ['A128CBC-HS256'], ['DEF']);
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($expected_compact_json);
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_compact_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_compact_json->getIV()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_compact_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function eCDHESAndA128CBCHS256EncryptionBis(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$public_key = new JWK([
'kty' => 'EC',
'kid' => 'meriadoc.brandybuck@buckland.example',
'use' => 'enc',
'crv' => 'P-256',
'x' => 'Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0',
'y' => 'HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw',
]);
$private_key = new JWK([
'kty' => 'EC',
'kid' => 'meriadoc.brandybuck@buckland.example',
'use' => 'enc',
'crv' => 'P-256',
'x' => 'Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0',
'y' => 'HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw',
'd' => 'r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8',
]);
$protectedHeader = [
'alg' => 'ECDH-ES',
'kid' => 'meriadoc.brandybuck@buckland.example',
'enc' => 'A128CBC-HS256',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['ECDH-ES'], ['A128CBC-HS256'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['ECDH-ES'], ['A128CBC-HS256'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->addRecipient($public_key)
->build()
;
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertTrue(array_key_exists('epk', $loaded_json->getSharedProtectedHeader()));
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
}

304
vendor/web-token/jwt-encryption/Tests/RFC7520/MultipleRecipientEncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,304 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use function array_key_exists;
use Base64Url\Base64Url;
use InvalidArgumentException;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.13
*
* @group RFC7520
*
* @internal
*/
class MultipleRecipientEncryptionTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function multipleRecipientEncryption(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$recipient_1_private_key = new JWK([
'kty' => 'RSA',
'kid' => 'frodo.baggins@hobbiton.example',
'use' => 'enc',
'n' => 'maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegTHVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5UNwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4cR5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oypBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYAVotGlvMQ',
'e' => 'AQAB',
'd' => 'Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wybQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PNmiuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2vpzj85bQQ',
'p' => '2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaEoekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ2VFmU',
'q' => 'te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_VF099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8d6Et0',
'dp' => 'UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTHQmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JVRDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsflo0rYU',
'dq' => 'iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9MbpFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87ACfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14TkXlHE',
'qi' => 'kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZlXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx2bQ_mM',
]);
$recipient_2_private_key = new JWK([
'kty' => 'EC',
'kid' => 'peregrin.took@tuckborough.example',
'use' => 'enc',
'crv' => 'P-384',
'x' => 'YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQLpe2FpxBmu2',
'y' => 'A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-SkgaFL1ETP',
'd' => 'iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0IdnYK2xDlZh-j',
]);
$recipient_3_private_key = new JWK([
'kty' => 'oct',
'kid' => '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d',
'use' => 'enc',
'alg' => 'A256GCMKW',
'k' => 'qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8',
]);
$protectedHeader = [
'enc' => 'A128CBC-HS256',
];
$header = [
'cty' => 'text/plain',
];
$recipient_1Header = [
'alg' => 'RSA1_5',
'kid' => 'frodo.baggins@hobbiton.example',
];
$recipient_2Header = [
'alg' => 'ECDH-ES+A256KW',
'kid' => 'peregrin.took@tuckborough.example',
'epk' => [
'kty' => 'EC',
'crv' => 'P-384',
'x' => 'Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2DtMRb25Ma2CX',
'y' => 'VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMbw91fzZ84pbfm',
], ];
$recipient_3Header = [
'alg' => 'A256GCMKW',
'kid' => '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d',
'tag' => '59Nqh1LlYtVIhfD3pgRGvw',
'iv' => 'AvpeoPZ9Ncn9mkBn',
];
$expected_json = '{"recipients":[{"encrypted_key":"dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4bWrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYSrRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-dbHcGlihqc_wGgho9fLMK8JOArYLcMDNQ","header":{"alg":"RSA1_5","kid":"frodo.baggins@hobbiton.example"}},{"encrypted_key":"ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw_elY4gSSId_w","header":{"alg":"ECDH-ES+A256KW","kid":"peregrin.took@tuckborough.example","epk":{"kty":"EC","crv":"P-384","x":"Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2DtMRb25Ma2CX","y":"VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMbw91fzZ84pbfm"}}},{"encrypted_key":"a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1E","header":{"alg":"A256GCMKW","kid":"18ec08e1-bfa9-4d95-b205-2b4dd1d4321d","tag":"59Nqh1LlYtVIhfD3pgRGvw","iv":"AvpeoPZ9Ncn9mkBn"}}],"unprotected":{"cty":"text/plain"},"protected":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","iv":"VgEIHY20EnzUtZFl2RpB1g","ciphertext":"ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK04SjdxQeSw2L9mu3a_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM9tBURMFqLByJ8vOYQX0oJW4VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSaP6ga7-siYxStR7_G07Thd1jh-zGT0wxM5g-VRORtq0K6AXpLlwEqRp7pkt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZukLpCbzhzMDLLw2-8I14FQrgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXMY9YQjorZ_P_JYG3ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2ofDQdLChtazE","tag":"BESYyFN7T09KY7i8zKs5_g"}';
$expected_iv = 'VgEIHY20EnzUtZFl2RpB1g';
$expected_recipient_1_encrypted_key = 'dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4bWrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYSrRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-dbHcGlihqc_wGgho9fLMK8JOArYLcMDNQ';
$expected_recipient_2_encrypted_key = 'ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw_elY4gSSId_w';
$expected_recipient_3_encrypted_key = 'a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1E';
$expected_ciphertext = 'ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK04SjdxQeSw2L9mu3a_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM9tBURMFqLByJ8vOYQX0oJW4VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSaP6ga7-siYxStR7_G07Thd1jh-zGT0wxM5g-VRORtq0K6AXpLlwEqRp7pkt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZukLpCbzhzMDLLw2-8I14FQrgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXMY9YQjorZ_P_JYG3ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2ofDQdLChtazE';
$expected_tag = 'BESYyFN7T09KY7i8zKs5_g';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA1_5', 'ECDH-ES+A256KW', 'A256GCMKW'], ['A128CBC-HS256'], ['DEF']);
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $recipient_1_private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $recipient_2_private_key, 1));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $recipient_3_private_key, 2));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_recipient_1_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_recipient_2_encrypted_key, Base64Url::encode($loaded_json->getRecipient(1)->getEncryptedKey()));
static::assertEquals($expected_recipient_3_encrypted_key, Base64Url::encode($loaded_json->getRecipient(2)->getEncryptedKey()));
static::assertEquals($recipient_1Header, $loaded_json->getRecipient(0)->getHeader());
static::assertEquals($recipient_2Header, $loaded_json->getRecipient(1)->getHeader());
static::assertEquals($recipient_3Header, $loaded_json->getRecipient(2)->getHeader());
static::assertEquals($header, $loaded_json->getSharedHeader());
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function multipleRecipientEncryptionBis(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$recipient_1_private_key = new JWK([
'kty' => 'RSA',
'kid' => 'frodo.baggins@hobbiton.example',
'use' => 'enc',
'n' => 'maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegTHVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5UNwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4cR5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oypBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYAVotGlvMQ',
'e' => 'AQAB',
'd' => 'Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wybQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PNmiuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2vpzj85bQQ',
'p' => '2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaEoekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ2VFmU',
'q' => 'te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_VF099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8d6Et0',
'dp' => 'UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTHQmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JVRDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsflo0rYU',
'dq' => 'iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9MbpFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87ACfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14TkXlHE',
'qi' => 'kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZlXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx2bQ_mM',
]);
$recipient_2_public_key = new JWK([
'kty' => 'EC',
'kid' => 'peregrin.took@tuckborough.example',
'use' => 'enc',
'crv' => 'P-384',
'x' => 'YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQLpe2FpxBmu2',
'y' => 'A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-SkgaFL1ETP',
]);
$recipient_2_private_key = new JWK([
'kty' => 'EC',
'kid' => 'peregrin.took@tuckborough.example',
'use' => 'enc',
'crv' => 'P-384',
'x' => 'YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQLpe2FpxBmu2',
'y' => 'A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-SkgaFL1ETP',
'd' => 'iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0IdnYK2xDlZh-j',
]);
$recipient_3_private_key = new JWK([
'kty' => 'oct',
'kid' => '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d',
'use' => 'enc',
'alg' => 'A256GCMKW',
'k' => 'qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8',
]);
$protectedHeader = [
'enc' => 'A128CBC-HS256',
];
$header = [
'cty' => 'text/plain',
];
$recipient_1Header = [
'alg' => 'RSA1_5',
'kid' => 'frodo.baggins@hobbiton.example',
];
$recipient_2Header = [
'alg' => 'ECDH-ES+A256KW',
'kid' => 'peregrin.took@tuckborough.example',
];
$recipient_3Header = [
'alg' => 'A256GCMKW',
'kid' => '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA1_5', 'ECDH-ES+A256KW', 'A256GCMKW'], ['A128CBC-HS256'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA1_5', 'ECDH-ES+A256KW', 'A256GCMKW'], ['A128CBC-HS256'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->withSharedHeader($header)
->addRecipient($recipient_1_private_key, $recipient_1Header)
->addRecipient($recipient_2_public_key, $recipient_2Header)
->addRecipient($recipient_3_private_key, $recipient_3Header)
->build()
;
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $recipient_1_private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $recipient_2_private_key, 1));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $recipient_3_private_key, 2));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($recipient_1Header, $loaded_json->getRecipient(0)->getHeader());
static::assertTrue(array_key_exists('epk', $loaded_json->getRecipient(1)->getHeader()));
static::assertTrue(array_key_exists('iv', $loaded_json->getRecipient(2)->getHeader()));
static::assertTrue(array_key_exists('tag', $loaded_json->getRecipient(2)->getHeader()));
static::assertEquals($header, $loaded_json->getSharedHeader());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* @test
*/
public function multipleRecipientEncryptionWithDifferentContentEncryptionAlgorithm(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('Inconsistent content encryption algorithm');
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$recipient_1_private_key = new JWK([
'kty' => 'RSA',
'kid' => 'frodo.baggins@hobbiton.example',
'use' => 'enc',
'n' => 'maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegTHVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5UNwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4cR5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oypBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYAVotGlvMQ',
'e' => 'AQAB',
'd' => 'Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wybQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PNmiuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2vpzj85bQQ',
'p' => '2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaEoekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ2VFmU',
'q' => 'te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_VF099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8d6Et0',
'dp' => 'UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTHQmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JVRDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsflo0rYU',
'dq' => 'iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9MbpFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87ACfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14TkXlHE',
'qi' => 'kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZlXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx2bQ_mM',
]);
$recipient_2_public_key = new JWK([
'kty' => 'EC',
'kid' => 'peregrin.took@tuckborough.example',
'use' => 'enc',
'crv' => 'P-384',
'x' => 'YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQLpe2FpxBmu2',
'y' => 'A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-SkgaFL1ETP',
]);
$protectedHeader = [];
$header = [
'cty' => 'text/plain',
];
$recipient_1Header = [
'alg' => 'RSA1_5',
'enc' => 'A128GCM',
'kid' => 'frodo.baggins@hobbiton.example',
];
$recipient_2Header = [
'alg' => 'ECDH-ES+A256KW',
'enc' => 'A128CBC-HS256',
'kid' => 'peregrin.took@tuckborough.example',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA1_5', 'A256GCMKW'], ['A128CBC-HS256', 'A128GCM'], ['DEF']);
$jweBuilder
->create()
->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->withSharedHeader($header)
->addRecipient($recipient_1_private_key, $recipient_1Header)
->addRecipient($recipient_2_public_key, $recipient_2Header)
->build()
;
}
}

182
vendor/web-token/jwt-encryption/Tests/RFC7520/PBES2_HS512_A256KWAndA128CBC_HS256EncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,182 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use function array_key_exists;
use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.3
*
* @group RFC7520
*
* @internal
*/
class PBES2_HS512_A256KWAndA128CBC_HS256EncryptionTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function pBES2HS512A256KWAndA128CBCHS256Encryption(): void
{
$expected_payload = ['keys' => [
[
'kty' => 'oct',
'kid' => '77c7e2b8-6e13-45cf-8672-617b5b45243a',
'use' => 'enc',
'alg' => 'A128GCM',
'k' => 'XctOhJAkA-pD9Lh7ZgW_2A',
], [
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
], [
'kty' => 'oct',
'kid' => '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d',
'use' => 'enc',
'alg' => 'A256GCMKW',
'k' => 'qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8',
],
]];
$private_key = new JWK([
'kty' => 'oct',
'use' => 'enc',
'k' => Base64Url::encode("entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun"),
]);
$protectedHeader = [
'alg' => 'PBES2-HS512+A256KW',
'p2s' => '8Q1SzinasR3xchYz6ZZcHA',
'p2c' => 8192,
'cty' => 'jwk-set+json',
'enc' => 'A128CBC-HS256',
];
$expected_compact_json = 'eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g.VBiCzVHNoLiR3F4V82uoTQ.23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V3kobXZ77ulMwDs4p.0HlwodAhOCILG5SQ2LQ9dg';
$expected_flattened_json = '{"protected":"eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","encrypted_key":"d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g","iv":"VBiCzVHNoLiR3F4V82uoTQ","ciphertext":"23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V3kobXZ77ulMwDs4p","tag":"0HlwodAhOCILG5SQ2LQ9dg"}';
$expected_json = '{"recipients":[{"encrypted_key":"d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g"}],"protected":"eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","iv":"VBiCzVHNoLiR3F4V82uoTQ","ciphertext":"23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V3kobXZ77ulMwDs4p","tag":"0HlwodAhOCILG5SQ2LQ9dg"}';
$expected_iv = 'VBiCzVHNoLiR3F4V82uoTQ';
$expected_encrypted_key = 'd3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g';
$expected_ciphertext = '23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V3kobXZ77ulMwDs4p';
$expected_tag = '0HlwodAhOCILG5SQ2LQ9dg';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['PBES2-HS512+A256KW'], ['A128CBC-HS256'], ['DEF']);
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($expected_compact_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($expected_flattened_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_compact_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_compact_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_compact_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_compact_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_flattened_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_flattened_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_flattened_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_flattened_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertEquals($expected_payload, json_decode($loaded_compact_json->getPayload(), true));
static::assertEquals($expected_payload, json_decode($loaded_flattened_json->getPayload(), true));
static::assertEquals($expected_payload, json_decode($loaded_json->getPayload(), true));
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function pBES2HS512A256KWAndA128CBCHS256EncryptionBis(): void
{
$expected_payload = json_encode(['keys' => [
[
'kty' => 'oct',
'kid' => '77c7e2b8-6e13-45cf-8672-617b5b45243a',
'use' => 'enc',
'alg' => 'A128GCM',
'k' => 'XctOhJAkA-pD9Lh7ZgW_2A',
], [
'kty' => 'oct',
'kid' => '81b20965-8332-43d9-a468-82160ad91ac8',
'use' => 'enc',
'alg' => 'A128KW',
'k' => 'GZy6sIZ6wl9NJOKB-jnmVQ',
], [
'kty' => 'oct',
'kid' => '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d',
'use' => 'enc',
'alg' => 'A256GCMKW',
'k' => 'qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8',
],
]]);
$private_key = new JWK([
'kty' => 'oct',
'use' => 'enc',
'k' => Base64Url::encode("entrap_o\xe2\x80\x93peter_long\xe2\x80\x93credit_tun"),
]);
$protectedHeader = [
'alg' => 'PBES2-HS512+A256KW',
'cty' => 'jwk-set+json',
'enc' => 'A128CBC-HS256',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['PBES2-HS512+A256KW'], ['A128CBC-HS256'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['PBES2-HS512+A256KW'], ['A128CBC-HS256'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->addRecipient($private_key)
->build()
;
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertTrue(array_key_exists('p2s', $loaded_flattened_json->getSharedProtectedHeader()));
static::assertTrue(array_key_exists('p2c', $loaded_flattened_json->getSharedProtectedHeader()));
static::assertTrue(array_key_exists('p2s', $loaded_json->getSharedProtectedHeader()));
static::assertTrue(array_key_exists('p2c', $loaded_json->getSharedProtectedHeader()));
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
}

159
vendor/web-token/jwt-encryption/Tests/RFC7520/RSA1_5AndA128CBC_HS256EncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,159 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.1
*
* @group RFC7520
*
* @internal
*/
class RSA1_5AndA128CBC_HS256EncryptionTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function rSA15AndA128CBCHS256Encryption(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'RSA',
'kid' => 'frodo.baggins@hobbiton.example',
'use' => 'enc',
'n' => 'maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegTHVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5UNwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4cR5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oypBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYAVotGlvMQ',
'e' => 'AQAB',
'd' => 'Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wybQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PNmiuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2vpzj85bQQ',
'p' => '2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaEoekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ2VFmU',
'q' => 'te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_VF099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8d6Et0',
'dp' => 'UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTHQmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JVRDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsflo0rYU',
'dq' => 'iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9MbpFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87ACfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14TkXlHE',
'qi' => 'kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZlXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx2bQ_mM',
]);
$protectedHeader = [
'alg' => 'RSA1_5',
'kid' => 'frodo.baggins@hobbiton.example',
'enc' => 'A128CBC-HS256',
];
$expected_compact_json = 'eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw.bbd5sTkYwhAIqfHsx8DayA.0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP430m.kvKuFBXHe5mQr4lqgobAUg';
$expected_flattened_json = '{"protected":"eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","encrypted_key":"laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw","iv":"bbd5sTkYwhAIqfHsx8DayA","ciphertext":"0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP430m","tag":"kvKuFBXHe5mQr4lqgobAUg"}';
$expected_json = '{"recipients":[{"encrypted_key":"laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw"}],"protected":"eyJhbGciOiJSU0ExXzUiLCJraWQiOiJmcm9kby5iYWdnaW5zQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","iv":"bbd5sTkYwhAIqfHsx8DayA","ciphertext":"0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP430m","tag":"kvKuFBXHe5mQr4lqgobAUg"}';
$expected_iv = 'bbd5sTkYwhAIqfHsx8DayA';
$expected_encrypted_key = 'laLxI0j-nLH-_BgLOXMozKxmy9gffy2gTdvqzfTihJBuuzxg0V7yk1WClnQePFvG2K-pvSlWc9BRIazDrn50RcRai__3TDON395H3c62tIouJJ4XaRvYHFjZTZ2GXfz8YAImcc91Tfk0WXC2F5Xbb71ClQ1DDH151tlpH77f2ff7xiSxh9oSewYrcGTSLUeeCt36r1Kt3OSj7EyBQXoZlN7IxbyhMAfgIe7Mv1rOTOI5I8NQqeXXW8VlzNmoxaGMny3YnGir5Wf6Qt2nBq4qDaPdnaAuuGUGEecelIO1wx1BpyIfgvfjOhMBs9M8XL223Fg47xlGsMXdfuY-4jaqVw';
$expected_ciphertext = '0fys_TY_na7f8dwSfXLiYdHaA2DxUjD67ieF7fcVbIR62JhJvGZ4_FNVSiGc_raa0HnLQ6s1P2sv3Xzl1p1l_o5wR_RsSzrS8Z-wnI3Jvo0mkpEEnlDmZvDu_k8OWzJv7eZVEqiWKdyVzFhPpiyQU28GLOpRc2VbVbK4dQKPdNTjPPEmRqcaGeTWZVyeSUvf5k59yJZxRuSvWFf6KrNtmRdZ8R4mDOjHSrM_s8uwIFcqt4r5GX8TKaI0zT5CbL5Qlw3sRc7u_hg0yKVOiRytEAEs3vZkcfLkP6nbXdC_PkMdNS-ohP78T2O6_7uInMGhFeX4ctHG7VelHGiT93JfWDEQi5_V9UN1rhXNrYu-0fVMkZAKX3VWi7lzA6BP430m';
$expected_tag = 'kvKuFBXHe5mQr4lqgobAUg';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA1_5'], ['A128CBC-HS256'], ['DEF']);
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($expected_compact_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($expected_flattened_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_compact_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_compact_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_compact_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_compact_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_flattened_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_flattened_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_flattened_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_flattened_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function rSA15AndA128CBCHS256EncryptionBis(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'RSA',
'kid' => 'frodo.baggins@hobbiton.example',
'use' => 'enc',
'n' => 'maxhbsmBtdQ3CNrKvprUE6n9lYcregDMLYNeTAWcLj8NnPU9XIYegTHVHQjxKDSHP2l-F5jS7sppG1wgdAqZyhnWvXhYNvcM7RfgKxqNx_xAHx6f3yy7s-M9PSNCwPC2lh6UAkR4I00EhV9lrypM9Pi4lBUop9t5fS9W5UNwaAllhrd-osQGPjIeI1deHTwx-ZTHu3C60Pu_LJIl6hKn9wbwaUmA4cR5Bd2pgbaY7ASgsjCUbtYJaNIHSoHXprUdJZKUMAzV0WOKPfA6OPI4oypBadjvMZ4ZAj3BnXaSYsEZhaueTXvZB4eZOAjIyh2e_VOIKVMsnDrJYAVotGlvMQ',
'e' => 'AQAB',
'd' => 'Kn9tgoHfiTVi8uPu5b9TnwyHwG5dK6RE0uFdlpCGnJN7ZEi963R7wybQ1PLAHmpIbNTztfrheoAniRV1NCIqXaW_qS461xiDTp4ntEPnqcKsyO5jMAji7-CL8vhpYYowNFvIesgMoVaPRYMYT9TW63hNM0aWs7USZ_hLg6Oe1mY0vHTI3FucjSM86Nff4oIENt43r2fspgEPGRrdE6fpLc9Oaq-qeP1GFULimrRdndm-P8q8kvN3KHlNAtEgrQAgTTgz80S-3VD0FgWfgnb1PNmiuPUxO8OpI9KDIfu_acc6fg14nsNaJqXe6RESvhGPH2afjHqSy_Fd2vpzj85bQQ',
'p' => '2DwQmZ43FoTnQ8IkUj3BmKRf5Eh2mizZA5xEJ2MinUE3sdTYKSLtaEoekX9vbBZuWxHdVhM6UnKCJ_2iNk8Z0ayLYHL0_G21aXf9-unynEpUsH7HHTklLpYAzOOx1ZgVljoxAdWNn3hiEFrjZLZGS7lOH-a3QQlDDQoJOJ2VFmU',
'q' => 'te8LY4-W7IyaqH1ExujjMqkTAlTeRbv0VLQnfLY2xINnrWdwiQ93_VF099aP1ESeLja2nw-6iKIe-qT7mtCPozKfVtUYfz5HrJ_XY2kfexJINb9lhZHMv5p1skZpeIS-GPHCC6gRlKo1q-idn_qxyusfWv7WAxlSVfQfk8d6Et0',
'dp' => 'UfYKcL_or492vVc0PzwLSplbg4L3-Z5wL48mwiswbpzOyIgd2xHTHQmjJpFAIZ8q-zf9RmgJXkDrFs9rkdxPtAsL1WYdeCT5c125Fkdg317JVRDo1inX7x2Kdh8ERCreW8_4zXItuTl_KiXZNU5lvMQjWbIw2eTx1lpsflo0rYU',
'dq' => 'iEgcO-QfpepdH8FWd7mUFyrXdnOkXJBCogChY6YKuIHGc_p8Le9MbpFKESzEaLlN1Ehf3B6oGBl5Iz_ayUlZj2IoQZ82znoUrpa9fVYNot87ACfzIG7q9Mv7RiPAderZi03tkVXAdaBau_9vs5rS-7HMtxkVrxSUvJY14TkXlHE',
'qi' => 'kC-lzZOqoFaZCr5l0tOVtREKoVqaAYhQiqIRGL-MzS4sCmRkxm5vZlXYx6RtE1n_AagjqajlkjieGlxTTThHD8Iga6foGBMaAr5uR1hGQpSc7Gl7CF1DZkBJMTQN6EshYzZfxW08mIO8M6Rzuh0beL6fG9mkDcIyPrBXx2bQ_mM',
]);
$protectedHeader = [
'alg' => 'RSA1_5',
'kid' => 'frodo.baggins@hobbiton.example',
'enc' => 'A128CBC-HS256',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA1_5'], ['A128CBC-HS256'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA1_5'], ['A128CBC-HS256'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->addRecipient($private_key)
->build()
;
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_compact', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
}

161
vendor/web-token/jwt-encryption/Tests/RFC7520/RSA_OAEPAndA256GCMEncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,161 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests\RFC7520;
use Base64Url\Base64Url;
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Tests\EncryptionTest;
/**
* @see https://tools.ietf.org/html/rfc7520#section-5.2
*
* @group RFC7520
*
* @internal
*/
class RSA_OAEPAndA256GCMEncryptionTest extends EncryptionTest
{
/**
* Please note that we cannot the encryption and get the same result as the example (IV, TAG and other data are always different).
* The output given in the RFC is used and only decrypted.
*
* @test
*/
public function rSAOAEPAndA256GCMEncryption(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'RSA',
'kid' => 'samwise.gamgee@hobbiton.example',
'use' => 'enc',
'n' => 'wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prHRrI4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2e-C-FyXJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZLarohiWCPnkNrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeStsqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmmnJiwA7sXRItBCivR4M5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIUe7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBODFskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqBSAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhOOnzW6HSSzD1c9WrCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDaiCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnTyC0xhWBlsolZE',
'e' => 'AQAB',
'alg' => 'RSA-OAEP',
'd' => 'n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bxcc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk7gCAWq-B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiewfmmrfveEogLx9EA-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIjh1fL0gdNfihLxnclWtW7pCztLnImZAyeCWAG7ZIfv-Rn9fLIv9jZ6r7r-MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yDF-1LiQnqUYSepPf6X3a2SOdkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1LoomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W_IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c9WsWgRzI-K8gE',
'p' => '7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etKghvM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsYa_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHWFE1zD_AC3mY46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma-RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9sfbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwIy85fc6BRgBJomt8QdQvIgPgWCv5HoQ',
'q' => 'zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6ZyKQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDcqssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYGRuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n41UlbJ7TCqewzVJaPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS1ImnfPevSJQBE79-EXe2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZzMs7hkkHtw1z0jHV90epQJJlXXnH8Q',
'dp' => '19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-xnx5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO8XAxQJ_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpGo1IZuG72FZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFlFfrTDAMUFpC3iXjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0LIeIQAeEgT_yXcrKGmpKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9LcnwwT0jvoQ',
'dq' => 'S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_1VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fgdyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25cfc10wZ9hQNOrIChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODSz9zwJcSUvODlXBPc2AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iznBNCeOUIQ',
'qi' => 'FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCciRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMwQqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89QZI1seJiGDizHRUP4UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8eoI4KX6SNMNVcyVS9IWjlq8EzqZEKIA',
]);
$protectedHeader = [
'alg' => 'RSA-OAEP',
'kid' => 'samwise.gamgee@hobbiton.example',
'enc' => 'A256GCM',
];
$expected_compact_json = 'eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0.rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDRs.-nBoKLH0YkLZPSI9.o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw.UCGiqJxhBI3IFVdPalHHvA';
$expected_flattened_json = '{"protected":"eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0","encrypted_key":"rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDRs","iv":"-nBoKLH0YkLZPSI9","ciphertext":"o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw","tag":"UCGiqJxhBI3IFVdPalHHvA"}';
$expected_json = '{"recipients": [{"encrypted_key":"rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDRs"}],"protected":"eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0","iv":"-nBoKLH0YkLZPSI9","ciphertext":"o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw","tag":"UCGiqJxhBI3IFVdPalHHvA"}';
$expected_iv = '-nBoKLH0YkLZPSI9';
$expected_encrypted_key = 'rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDRs';
$expected_ciphertext = 'o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw';
$expected_tag = 'UCGiqJxhBI3IFVdPalHHvA';
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA-OAEP'], ['A256GCM'], ['DEF']);
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($expected_compact_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($expected_flattened_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($expected_json);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_compact_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_compact_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_compact_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_compact_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_flattened_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_flattened_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_flattened_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_flattened_json->getTag()));
static::assertEquals($expected_ciphertext, Base64Url::encode($loaded_json->getCiphertext()));
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_iv, Base64Url::encode($loaded_json->getIV()));
static::assertEquals($expected_encrypted_key, Base64Url::encode($loaded_json->getRecipient(0)->getEncryptedKey()));
static::assertEquals($expected_tag, Base64Url::encode($loaded_json->getTag()));
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
/**
* Same input as before, but we perform the encryption first.
*
* @test
*/
public function rSAOAEPAndA256GCMEncryptionBis(): void
{
$expected_payload = "You can trust us to stick with you through thick and thin\xe2\x80\x93to the bitter end. And you can trust us to keep any secret of yours\xe2\x80\x93closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.";
$private_key = new JWK([
'kty' => 'RSA',
'kid' => 'samwise.gamgee@hobbiton.example',
'use' => 'enc',
'n' => 'wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prHRrI4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2e-C-FyXJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZLarohiWCPnkNrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeStsqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmmnJiwA7sXRItBCivR4M5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIUe7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBODFskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqBSAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhOOnzW6HSSzD1c9WrCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDaiCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnTyC0xhWBlsolZE',
'e' => 'AQAB',
'alg' => 'RSA-OAEP',
'd' => 'n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bxcc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk7gCAWq-B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiewfmmrfveEogLx9EA-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIjh1fL0gdNfihLxnclWtW7pCztLnImZAyeCWAG7ZIfv-Rn9fLIv9jZ6r7r-MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yDF-1LiQnqUYSepPf6X3a2SOdkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1LoomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W_IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c9WsWgRzI-K8gE',
'p' => '7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etKghvM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsYa_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHWFE1zD_AC3mY46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma-RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9sfbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwIy85fc6BRgBJomt8QdQvIgPgWCv5HoQ',
'q' => 'zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6ZyKQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDcqssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYGRuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n41UlbJ7TCqewzVJaPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS1ImnfPevSJQBE79-EXe2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZzMs7hkkHtw1z0jHV90epQJJlXXnH8Q',
'dp' => '19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-xnx5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO8XAxQJ_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpGo1IZuG72FZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFlFfrTDAMUFpC3iXjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0LIeIQAeEgT_yXcrKGmpKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9LcnwwT0jvoQ',
'dq' => 'S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_1VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fgdyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25cfc10wZ9hQNOrIChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODSz9zwJcSUvODlXBPc2AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iznBNCeOUIQ',
'qi' => 'FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCciRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMwQqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89QZI1seJiGDizHRUP4UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8eoI4KX6SNMNVcyVS9IWjlq8EzqZEKIA',
]);
$protectedHeader = [
'alg' => 'RSA-OAEP',
'kid' => 'samwise.gamgee@hobbiton.example',
'enc' => 'A256GCM',
];
$jweBuilder = $this->getJWEBuilderFactory()->create(['RSA-OAEP'], ['A256GCM'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA-OAEP'], ['A256GCM'], ['DEF']);
$jwe = $jweBuilder
->create()->withPayload($expected_payload)
->withSharedProtectedHeader($protectedHeader)
->addRecipient($private_key)
->build()
;
$loaded_compact_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_compact', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_compact_json, $private_key, 0));
$loaded_flattened_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_flattened', $jwe, 0));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_flattened_json, $private_key, 0));
$loaded_json = $this->getJWESerializerManager()->unserialize($this->getJWESerializerManager()->serialize('jwe_json_general', $jwe));
static::assertTrue($jweDecrypter->decryptUsingKey($loaded_json, $private_key, 0));
static::assertEquals($protectedHeader, $loaded_compact_json->getSharedProtectedHeader());
static::assertEquals($protectedHeader, $loaded_flattened_json->getSharedProtectedHeader());
static::assertEquals($protectedHeader, $loaded_json->getSharedProtectedHeader());
static::assertEquals($expected_payload, $loaded_compact_json->getPayload());
static::assertEquals($expected_payload, $loaded_flattened_json->getPayload());
static::assertEquals($expected_payload, $loaded_json->getPayload());
}
}

152
vendor/web-token/jwt-encryption/Tests/RSAEncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,152 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests;
use Jose\Component\Core\JWKSet;
/**
* @group RSA
* @group unit
*
* @internal
*/
class RSAEncryptionTest extends EncryptionTest
{
/**
* @see https://tools.ietf.org/html/rfc7516
*
* @test
*/
public function loadJWEFromRFC7516(): void
{
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA1_5'], ['A128CBC-HS256'], ['DEF']);
$loaded = $this->getJWESerializerManager()->unserialize('eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A.AxY8DCtDaGlsbGljb3RoZQ.KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.9hH0vgRfYgPnAHOd8stkvw');
static::assertEquals('RSA1_5', $loaded->getSharedProtectedHeaderParameter('alg'));
static::assertEquals('A128CBC-HS256', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertEquals('Live long and prosper.', $loaded->getPayload());
}
/**
* @see https://tools.ietf.org/html/rfc7516#appendix-A.4
*
* @test
*/
public function loadJWEJSONSerialization(): void
{
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA1_5', 'A128KW'], ['A128CBC-HS256'], ['DEF']);
$loaded = $this->getJWESerializerManager()->unserialize('{"protected":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","unprotected":{"jku":"https://server.example.com/keys.jwks"},"recipients":[{"header":{"alg":"RSA1_5","kid":"2011-04-29"},"encrypted_key":"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A"},{"header":{"alg":"A128KW","kid":"7"},"encrypted_key":"6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ"}],"iv":"AxY8DCtDaGlsbGljb3RoZQ","ciphertext":"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY","tag":"Mz-VPPyU4RlcuYv1IwIvzw"}');
static::assertEquals(2, $loaded->countRecipients());
static::assertEquals('A128CBC-HS256', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertEquals('RSA1_5', $loaded->getRecipient(0)->getHeaderParameter('alg'));
static::assertEquals('A128KW', $loaded->getRecipient(1)->getHeaderParameter('alg'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertEquals('Live long and prosper.', $loaded->getPayload());
}
private function getPrivateKeySet(): JWKSet
{
$keys = ['keys' => [
[
'kty' => 'EC',
'crv' => 'P-256',
'x' => 'weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ',
'y' => 'e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck',
'd' => 'VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw',
],
[
'kty' => 'EC',
'crv' => 'P-256',
'x' => 'gI0GAILBdu7T53akrFmMyGcsF3n5dO7MmwNBHKW5SV0',
'y' => 'SLW_xSffzlPWrHEVI30DHM_4egVwt3NQqeUD7nMFpps',
'd' => '0_NxaRPUMQoAJt50Gz8YiTr8gRTwyEaCumd-MToTmIo',
],
[
'kid' => '2010-12-29',
'kty' => 'RSA',
'n' => 'ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ',
'e' => 'AQAB',
'd' => 'Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97IjlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYTCBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLhBOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ',
],
[
'kid' => 'e9bc097a-ce51-4036-9562-d2ade882db0d',
'kty' => 'EC',
'crv' => 'P-256',
'x' => 'f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU',
'y' => 'x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0',
'd' => 'jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI',
],
[
'kid' => '123456789',
'kty' => 'RSA',
'n' => 'tpS1ZmfVKVP5KofIhMBP0tSWc4qlh6fm2lrZSkuKxUjEaWjzZSzs72gEIGxraWusMdoRuV54xsWRyf5KeZT0S-I5Prle3Idi3gICiO4NwvMk6JwSBcJWwmSLFEKyUSnB2CtfiGc0_5rQCpcEt_Dn5iM-BNn7fqpoLIbks8rXKUIj8-qMVqkTXsEKeKinE23t1ykMldsNaaOH-hvGti5Jt2DMnH1JjoXdDXfxvSP_0gjUYb0ektudYFXoA6wekmQyJeImvgx4Myz1I4iHtkY_Cp7J4Mn1ejZ6HNmyvoTE_4OuY1uCeYv4UyXFc1s1uUyYtj4z57qsHGsS4dQ3A2MJsw',
'e' => 'AQAB',
'p' => '5BGU1c7af_5sFyfsa-onIJgo5BZu8uHvz3Uyb8OA0a-G9UPO1ShLYjX0wUfhZcFB7fwPtgmmYAN6wKGVce9eMAbX4PliPk3r-BcpZuPKkuLk_wFvgWAQ5Hqw2iEuwXLV0_e8c2gaUt_hyMC5-nFc4v0Bmv6NT6Pfry-UrK3BKWc',
'd' => 'Kp0KuZwCZGL1BLgsVM-N0edMNitl9wN5Hf2WOYDoIqOZNAEKzdJuenIMhITJjRFUX05GVL138uyp2js_pqDdY9ipA7rAKThwGuDdNphZHech9ih3DGEPXs-YpmHqvIbCd3GoGm38MKwxYkddEpFnjo8rKna1_BpJthrFxjDRhw9DxJBycOdH2yWTyp62ZENPvneK40H2a57W4QScTgfecZqD59m2fGUaWaX5uUmIxaEmtGoJnd9RE4oywKhgN7_TK7wXRlqA4UoRPiH2ACrdU-_cLQL9Jc0u0GqZJK31LDbOeN95QgtSCc72k3Vtzy3CrVpp5TAA67s1Gj9Skn-CAQ',
'q' => 'zPD-B-nrngwF-O99BHvb47XGKR7ON8JCI6JxavzIkusMXCB8rMyYW8zLs68L8JLAzWZ34oMq0FPUnysBxc5nTF8Nb4BZxTZ5-9cHfoKrYTI3YWsmVW2FpCJFEjMs4NXZ28PBkS9b4zjfS2KhNdkmCeOYU0tJpNfwmOTI90qeUdU',
'dp' => 'aJrzw_kjWK9uDlTeaES2e4muv6bWbopYfrPHVWG7NPGoGdhnBnd70-jhgMEiTZSNU8VXw2u7prAR3kZ-kAp1DdwlqedYOzFsOJcPA0UZhbORyrBy30kbll_7u6CanFm6X4VyJxCpejd7jKNw6cCTFP1sfhWg5NVJ5EUTkPwE66M',
'dq' => 'Swz1-m_vmTFN_pu1bK7vF7S5nNVrL4A0OFiEsGliCmuJWzOKdL14DiYxctvnw3H6qT2dKZZfV2tbse5N9-JecdldUjfuqAoLIe7dD7dKi42YOlTC9QXmqvTh1ohnJu8pmRFXEZQGUm_BVhoIb2_WPkjav6YSkguCUHt4HRd2YwE',
'qi' => 'BocuCOEOq-oyLDALwzMXU8gOf3IL1Q1_BWwsdoANoh6i179psxgE4JXToWcpXZQQqub8ngwE6uR9fpd3m6N_PL4T55vbDDyjPKmrL2ttC2gOtx9KrpPh-Z7LQRo4BE48nHJJrystKHfFlaH2G7JxHNgMBYVADyttN09qEoav8Os',
],
[
'kty' => 'RSA',
'n' => 'oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUWcJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3Spsk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2asbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMStPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2djYgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw',
'e' => 'AQAB',
'd' => 'kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5NWV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD93Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghkqDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vlt3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSndVTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ',
'p' => '1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lffNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0',
'q' => 'wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBmUDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aXIWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc',
'dp' => 'ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KLhMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE',
'dq' => 'Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCjywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDBUfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis',
'qi' => 'VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY',
],
[
'kty' => 'RSA',
'n' => 'sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1WlUzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDprecbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBIY2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw',
'e' => 'AQAB',
'd' => 'VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-rynq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-KyvjT1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ',
'p' => '9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEPkrdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM',
'q' => 'uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-yBhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0',
'dp' => 'w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuvngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcraHawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs',
'dq' => 'o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU',
'qi' => 'eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlCtUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZB9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo',
],
[
'kty' => 'RSA',
'n' => 'ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ',
'e' => 'AQAB',
'd' => 'Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97IjlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYTCBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLhBOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ',
'p' => '4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdiYrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPGBY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc',
'q' => 'uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxaewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc',
'dp' => 'BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3QCLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0',
'dq' => 'h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-kyNlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU',
'qi' => 'IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2oy26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLUW0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U',
],
[
'kty' => 'EC',
'crv' => 'P-521',
'x' => 'AekpBQ8ST8a8VcfVOTNl353vSrDCLLJXmPk06wTjxrrjcBpXp5EOnYG_NjFZ6OvLFV1jSfS9tsz4qUxcWceqwQGk',
'y' => 'ADSmRA43Z1DSNx_RvcLI87cdL07l6jQyyBXMoxVg_l2Th-x3S1WDhjDly79ajL4Kkd0AZMaZmh9ubmf63e3kyMj2',
'd' => 'AY5pb7A0UFiB3RELSD64fTLOSV_jazdF7fLYyuTw8lOfRhWg6Y6rUrPAxerEzgdRhajnu0ferB0d53vM9mE15j2C',
],
]];
return JWKSet::createFromKeyData($keys);
}
}

324
vendor/web-token/jwt-encryption/Tests/RSAKeyEncryptionTest.php vendored Normal file
View File

@@ -0,0 +1,324 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests;
use Base64Url\Base64Url;
use InvalidArgumentException;
use Jose\Component\Core\JWK;
use Jose\Component\Core\JWKSet;
use Jose\Component\Encryption\Algorithm\KeyEncryption\RSA15;
use Jose\Component\Encryption\Algorithm\KeyEncryption\RSAOAEP;
use Jose\Component\Encryption\Algorithm\KeyEncryption\RSAOAEP256;
/**
* Class RSAKeyEncryptionTest.
*
* @group unit
*
* @internal
*/
class RSAKeyEncryptionTest extends EncryptionTest
{
/**
* @test
*/
public function invalidKey(): void
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('Wrong key type.');
$key = new JWK([
'kty' => 'EC',
]);
$rsa1_5 = new RSA15();
$header = [];
$data = 'Live long and Prosper.';
$additionalHeader = [];
$rsa1_5->encryptKey($key, $data, $header, $additionalHeader);
}
/**
* @see https://tools.ietf.org/html/rfc7516#appendix-A.2
*
* @test
*/
public function rSA15EncryptionAndDecryption(): void
{
$header = [];
$jwk = new JWK([
'kty' => 'RSA',
'n' => 'sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1WlUzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDprecbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBIY2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw',
'e' => 'AQAB',
'd' => 'VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-rynq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-KyvjT1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ',
'p' => '9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEPkrdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM',
'q' => 'uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-yBhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0',
'dp' => 'w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuvngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcraHawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs',
'dq' => 'o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU',
'qi' => 'eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlCtUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZB9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo',
]);
$cek = [4, 211, 31, 197, 84, 157, 252, 254, 11, 100, 157, 250, 63, 170, 106, 206, 107, 124, 212, 45, 111, 107, 9, 219, 200, 177, 0, 240, 143, 156, 44, 207];
foreach ($cek as $key => $value) {
$cek[$key] = str_pad(dechex($value), 2, '0', STR_PAD_LEFT);
}
$cek = hex2bin(implode('', $cek));
$from_specification = Base64Url::decode('UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A');
$rsa1_5 = new RSA15();
$additionalHeader = [];
$encrypted = $rsa1_5->encryptKey($jwk, $cek, $header, $additionalHeader);
static::assertEquals($cek, $rsa1_5->decryptKey($jwk, $encrypted, $header));
static::assertEquals($cek, $rsa1_5->decryptKey($jwk, $from_specification, $header));
}
/**
* @see https://tools.ietf.org/html/rfc7516#appendix-A.1
*
* @test
*/
public function rSAOAEPEncryptionAndDecryption(): void
{
$header = [];
$jwk = new JWK([
'kty' => 'RSA',
'n' => 'oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUWcJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3Spsk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2asbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMStPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2djYgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw',
'e' => 'AQAB',
'd' => 'kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5NWV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD93Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghkqDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vlt3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSndVTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ',
'p' => '1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lffNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0',
'q' => 'wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBmUDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aXIWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc',
'dp' => 'ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KLhMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE',
'dq' => 'Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCjywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDBUfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis',
'qi' => 'VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY',
]);
$cek = [177, 161, 244, 128, 84, 143, 225, 115, 63, 180, 3, 255, 107, 154, 212, 246, 138, 7, 110, 91, 112, 46, 34, 105, 47, 130, 203, 46, 122, 234, 64, 252];
foreach ($cek as $key => $value) {
$cek[$key] = str_pad(dechex($value), 2, '0', STR_PAD_LEFT);
}
$cek = hex2bin(implode('', $cek));
$from_specification = Base64Url::decode('OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGeipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDbSv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaVmqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je81860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi6UklfCpIMfIjf7iGdXKHzg');
$rsa_oaep = new RSAOAEP();
$additionalHeader = [];
$encrypted = $rsa_oaep->encryptKey($jwk, $cek, $header, $additionalHeader);
static::assertEquals($cek, $rsa_oaep->decryptKey($jwk, $encrypted, $header));
static::assertEquals($cek, $rsa_oaep->decryptKey($jwk, $from_specification, $header));
}
/**
* @see https://tools.ietf.org/html/rfc7516#appendix-A.1
*
* @test
*/
public function rSAOAEP256EncryptionAndDecryption(): void
{
$header = [];
$jwk = new JWK([
'kty' => 'RSA',
'n' => 'oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUWcJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3Spsk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2asbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMStPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2djYgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw',
'e' => 'AQAB',
'd' => 'kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5NWV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD93Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghkqDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vlt3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSndVTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ',
'p' => '1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lffNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0',
'q' => 'wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBmUDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aXIWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc',
'dp' => 'ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KLhMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE',
'dq' => 'Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCjywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDBUfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis',
'qi' => 'VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY',
]);
$cek = [177, 161, 244, 128, 84, 143, 225, 115, 63, 180, 3, 255, 107, 154, 212, 246, 138, 7, 110, 91, 112, 46, 34, 105, 47, 130, 203, 46, 122, 234, 64, 252];
foreach ($cek as $key => $value) {
$cek[$key] = str_pad(dechex($value), 2, '0', STR_PAD_LEFT);
}
$cek = hex2bin(implode('', $cek));
$rsa_oaep_256 = new RSAOAEP256();
$additionalHeader = [];
$encrypted = $rsa_oaep_256->encryptKey($jwk, $cek, $header, $additionalHeader);
static::assertEquals($cek, $rsa_oaep_256->decryptKey($jwk, $encrypted, $header));
}
/**
* @see https://tools.ietf.org/html/rfc7516#appendix-A.1
*
* @test
*/
public function loadJWK1(): void
{
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA-OAEP'], ['A256GCM'], ['DEF']);
$loaded = $this->getJWESerializerManager()->unserialize('eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGeipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDbSv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaVmqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je81860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi6UklfCpIMfIjf7iGdXKHzg.48V1_ALb6US04U3b.5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A.XFBoMYUZodetZdvTiFvSkQ');
static::assertEquals('RSA-OAEP', $loaded->getSharedProtectedHeaderParameter('alg'));
static::assertEquals('A256GCM', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertEquals('The true sign of intelligence is not knowledge but imagination.', $loaded->getPayload());
}
/**
* @see https://tools.ietf.org/html/rfc7516#appendix-A.2
*
* @test
*/
public function loadJWK2(): void
{
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['RSA1_5'], ['A128CBC-HS256'], ['DEF']);
$loaded = $this->getJWESerializerManager()->unserialize('eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A.AxY8DCtDaGlsbGljb3RoZQ.KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.9hH0vgRfYgPnAHOd8stkvw');
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getPrivateKeySet(), 0));
static::assertEquals('Live long and prosper.', $loaded->getPayload());
}
/**
* @see https://tools.ietf.org/html/rfc7516#appendix-A.3
*
* @test
*/
public function loadJWK3(): void
{
$jweDecrypter = $this->getJWEDecrypterFactory()->create(['A128KW'], ['A128CBC-HS256'], ['DEF']);
$loaded = $this->getJWESerializerManager()->unserialize('eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ.AxY8DCtDaGlsbGljb3RoZQ.KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.U0m_YmjN04DJvceFICbCVQ');
static::assertEquals('A128KW', $loaded->getSharedProtectedHeaderParameter('alg'));
static::assertEquals('A128CBC-HS256', $loaded->getSharedProtectedHeaderParameter('enc'));
static::assertNull($loaded->getPayload());
static::assertTrue($jweDecrypter->decryptUsingKeySet($loaded, $this->getSymmetricKeySet(), 0));
static::assertEquals('Live long and prosper.', $loaded->getPayload());
}
private function getPrivateKeySet(): JWKSet
{
$keys = ['keys' => [
[
'kty' => 'EC',
'crv' => 'P-256',
'x' => 'weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ',
'y' => 'e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck',
'd' => 'VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw',
],
[
'kty' => 'EC',
'crv' => 'P-256',
'x' => 'gI0GAILBdu7T53akrFmMyGcsF3n5dO7MmwNBHKW5SV0',
'y' => 'SLW_xSffzlPWrHEVI30DHM_4egVwt3NQqeUD7nMFpps',
'd' => '0_NxaRPUMQoAJt50Gz8YiTr8gRTwyEaCumd-MToTmIo',
],
[
'kid' => '2010-12-29',
'kty' => 'RSA',
'n' => 'ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ',
'e' => 'AQAB',
'd' => 'Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97IjlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYTCBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLhBOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ',
],
[
'kid' => 'e9bc097a-ce51-4036-9562-d2ade882db0d',
'kty' => 'EC',
'crv' => 'P-256',
'x' => 'f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU',
'y' => 'x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0',
'd' => 'jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI',
],
[
'kid' => '123456789',
'kty' => 'RSA',
'n' => 'tpS1ZmfVKVP5KofIhMBP0tSWc4qlh6fm2lrZSkuKxUjEaWjzZSzs72gEIGxraWusMdoRuV54xsWRyf5KeZT0S-I5Prle3Idi3gICiO4NwvMk6JwSBcJWwmSLFEKyUSnB2CtfiGc0_5rQCpcEt_Dn5iM-BNn7fqpoLIbks8rXKUIj8-qMVqkTXsEKeKinE23t1ykMldsNaaOH-hvGti5Jt2DMnH1JjoXdDXfxvSP_0gjUYb0ektudYFXoA6wekmQyJeImvgx4Myz1I4iHtkY_Cp7J4Mn1ejZ6HNmyvoTE_4OuY1uCeYv4UyXFc1s1uUyYtj4z57qsHGsS4dQ3A2MJsw',
'e' => 'AQAB',
'p' => '5BGU1c7af_5sFyfsa-onIJgo5BZu8uHvz3Uyb8OA0a-G9UPO1ShLYjX0wUfhZcFB7fwPtgmmYAN6wKGVce9eMAbX4PliPk3r-BcpZuPKkuLk_wFvgWAQ5Hqw2iEuwXLV0_e8c2gaUt_hyMC5-nFc4v0Bmv6NT6Pfry-UrK3BKWc',
'd' => 'Kp0KuZwCZGL1BLgsVM-N0edMNitl9wN5Hf2WOYDoIqOZNAEKzdJuenIMhITJjRFUX05GVL138uyp2js_pqDdY9ipA7rAKThwGuDdNphZHech9ih3DGEPXs-YpmHqvIbCd3GoGm38MKwxYkddEpFnjo8rKna1_BpJthrFxjDRhw9DxJBycOdH2yWTyp62ZENPvneK40H2a57W4QScTgfecZqD59m2fGUaWaX5uUmIxaEmtGoJnd9RE4oywKhgN7_TK7wXRlqA4UoRPiH2ACrdU-_cLQL9Jc0u0GqZJK31LDbOeN95QgtSCc72k3Vtzy3CrVpp5TAA67s1Gj9Skn-CAQ',
'q' => 'zPD-B-nrngwF-O99BHvb47XGKR7ON8JCI6JxavzIkusMXCB8rMyYW8zLs68L8JLAzWZ34oMq0FPUnysBxc5nTF8Nb4BZxTZ5-9cHfoKrYTI3YWsmVW2FpCJFEjMs4NXZ28PBkS9b4zjfS2KhNdkmCeOYU0tJpNfwmOTI90qeUdU',
'dp' => 'aJrzw_kjWK9uDlTeaES2e4muv6bWbopYfrPHVWG7NPGoGdhnBnd70-jhgMEiTZSNU8VXw2u7prAR3kZ-kAp1DdwlqedYOzFsOJcPA0UZhbORyrBy30kbll_7u6CanFm6X4VyJxCpejd7jKNw6cCTFP1sfhWg5NVJ5EUTkPwE66M',
'dq' => 'Swz1-m_vmTFN_pu1bK7vF7S5nNVrL4A0OFiEsGliCmuJWzOKdL14DiYxctvnw3H6qT2dKZZfV2tbse5N9-JecdldUjfuqAoLIe7dD7dKi42YOlTC9QXmqvTh1ohnJu8pmRFXEZQGUm_BVhoIb2_WPkjav6YSkguCUHt4HRd2YwE',
'qi' => 'BocuCOEOq-oyLDALwzMXU8gOf3IL1Q1_BWwsdoANoh6i179psxgE4JXToWcpXZQQqub8ngwE6uR9fpd3m6N_PL4T55vbDDyjPKmrL2ttC2gOtx9KrpPh-Z7LQRo4BE48nHJJrystKHfFlaH2G7JxHNgMBYVADyttN09qEoav8Os',
],
[
'kty' => 'RSA',
'n' => 'oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUWcJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3Spsk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2asbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMStPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2djYgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw',
'e' => 'AQAB',
'd' => 'kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5NWV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD93Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghkqDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vlt3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSndVTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ',
'p' => '1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lffNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0',
'q' => 'wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBmUDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aXIWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc',
'dp' => 'ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KLhMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE',
'dq' => 'Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCjywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDBUfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis',
'qi' => 'VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY',
],
[
'kty' => 'RSA',
'n' => 'sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1WlUzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDprecbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBIY2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw',
'e' => 'AQAB',
'd' => 'VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-rynq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-KyvjT1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ',
'p' => '9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEPkrdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM',
'q' => 'uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-yBhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0',
'dp' => 'w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuvngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcraHawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs',
'dq' => 'o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU',
'qi' => 'eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlCtUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZB9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo',
],
[
'kty' => 'RSA',
'n' => 'ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ',
'e' => 'AQAB',
'd' => 'Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97IjlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYTCBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLhBOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ',
'p' => '4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdiYrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPGBY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc',
'q' => 'uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxaewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc',
'dp' => 'BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3QCLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0',
'dq' => 'h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-kyNlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU',
'qi' => 'IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2oy26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLUW0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U',
],
[
'kty' => 'EC',
'crv' => 'P-521',
'x' => 'AekpBQ8ST8a8VcfVOTNl353vSrDCLLJXmPk06wTjxrrjcBpXp5EOnYG_NjFZ6OvLFV1jSfS9tsz4qUxcWceqwQGk',
'y' => 'ADSmRA43Z1DSNx_RvcLI87cdL07l6jQyyBXMoxVg_l2Th-x3S1WDhjDly79ajL4Kkd0AZMaZmh9ubmf63e3kyMj2',
'd' => 'AY5pb7A0UFiB3RELSD64fTLOSV_jazdF7fLYyuTw8lOfRhWg6Y6rUrPAxerEzgdRhajnu0ferB0d53vM9mE15j2C',
],
]];
return JWKSet::createFromKeyData($keys);
}
private function getSymmetricKeySet(): JWKSet
{
$keys = ['keys' => [
[
'kid' => 'DIR_1',
'kty' => 'oct',
'k' => Base64Url::encode(hex2bin('00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F')),
],
[
'kty' => 'oct',
'k' => 'f5aN5V6iihwQVqP-tPNNtkIJNCwUb9-JukCIKkF0rNfxqxA771RJynYAT2xtzAP0MYaR7U5fMP_wvbRQq5l38Q',
],
[
'kty' => 'oct',
'k' => 'GawgguFyGrWKav7AX4VKUg',
],
[
'kty' => 'oct',
'k' => 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow',
],
]];
return JWKSet::createFromKeyData($keys);
}
}

127
vendor/web-token/jwt-encryption/Tests/RSAKeyWithoutAllPrimesTest.php vendored Normal file
View File

@@ -0,0 +1,127 @@
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2020 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace Jose\Component\Encryption\Tests;
use Jose\Component\Core\JWK;
use Jose\Component\Core\Util\JsonConverter;
/**
* Class RSAKeyWithoutAllPrimesTest.
*
* @group RSA2
* @group unit
*
* @internal
*/
class RSAKeyWithoutAllPrimesTest extends EncryptionTest
{
/**
* @dataProvider dataEncryptionAlgorithms
*
* @test
*/
public function encryptionAlgorithms(string $encryption_algorithm): void
{
$key = $this->getPrivateKey();
$claims = JsonConverter::encode(['foo' => 'bar']);
$jweBuilder = $this->getJWEBuilderFactory()->create([$encryption_algorithm], ['A256GCM'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create([$encryption_algorithm], ['A256GCM'], ['DEF']);
$jwt = $jweBuilder
->create()->withPayload($claims)
->withSharedProtectedHeader(['alg' => $encryption_algorithm, 'enc' => 'A256GCM'])
->addRecipient($key)
->build()
;
$jwt = $this->getJWESerializerManager()->serialize('jwe_compact', $jwt, 0);
$loaded = $this->getJWESerializerManager()->unserialize($jwt);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded, $key, 0));
}
/**
* @dataProvider dataEncryptionAlgorithms
*
* @test
*/
public function encryptionAlgorithmsWithMinimalRsaKey(string $encryption_algorithm): void
{
$key = $this->getMinimalPrivateKey();
$claims = JsonConverter::encode(['foo' => 'bar']);
$jweBuilder = $this->getJWEBuilderFactory()->create([$encryption_algorithm], ['A256GCM'], ['DEF']);
$jweDecrypter = $this->getJWEDecrypterFactory()->create([$encryption_algorithm], ['A256GCM'], ['DEF']);
$jwt = $jweBuilder
->create()->withPayload($claims)
->withSharedProtectedHeader(['alg' => $encryption_algorithm, 'enc' => 'A256GCM'])
->addRecipient($key)
->build()
;
$jwt = $this->getJWESerializerManager()->serialize('jwe_compact', $jwt, 0);
$loaded = $this->getJWESerializerManager()->unserialize($jwt);
static::assertTrue($jweDecrypter->decryptUsingKey($loaded, $key, 0));
}
public function dataEncryptionAlgorithms(): array
{
return [
['RSA1_5'],
['RSA-OAEP'],
['RSA-OAEP-256'],
];
}
public function dataEncryptionAlgorithmsWithSimpleKey(): array
{
return [
['RSA-OAEP'],
['RSA-OAEP-256'],
];
}
private function getPrivateKey(): JWK
{
return new JWK(
[
'kty' => 'RSA',
'kid' => 'private',
'n' => '2NRPORHXd7wPU6atHqmSfWgEPvsP8HVUkY2AwQQAc8x1J509X5HFxeSXnQym9eAnZHl0JCPbvHoPH4QHlvITYoh0MSgFm2aOPyqOD-XcNdKWtnNX2JIurUCyVlwSwtlmy2ZbCz8YuUmFO0iacahfK1wbWT5QoY-pU3UxnMzDhlBslZN5uL7nRE8Sh_8BthsrMdYeGIMY55kh-P7xTs3MHzpOKhFSrOhdN6aO3HWYUuMAdoMNB-hJvckb2PbCy0_K1Wm3SBHtXn-cuMIUF00W9AR3amp3u3hLa2rcz29jEFXTr2FxKyLH4SdlnFFMJl2vaXuxM4PXgLN33Kj34PfKgc8ljDJ7oaSI9bKt7gunXOLv_o4XWYDq91cvUkOIDAsvqxzzHPZBt0Hru7roW3btkUOiqR6RWy-Cw272yiSEC5QA93m_vklD1KajoFeWN0BW2lWGlfGieZldvKX0sumk1TZuLhlHPHSKYcpeCfahT-jLr1yAeHql6qRN_a0BiHu-SSSjts6InmF1pAELznZ3Jn9-QXX78LsY3xaqOlYqHbCohxXorlYRi4so6eMGILtXjqHOoISb13Ez4YNOQmV4ygmyABRkE0AQG5KLy5cZB7LZn7zqw869UjXxWrmiOaBeDqOkxww6qiWIEDwPIouRLwOfPFtC4LGlb9LmG9Hlhp8',
'e' => 'AQAB',
'd' => 'PsMls2VAsz3SSepjDg8Tgg1LvVc6w-WSdxc4f6ZC40H5X2AaVcGCN8f1QtZYta8Od_zX62Ydwq6qFftHnx-vEMRirZ_iD5td7VbKDDwCw-mTCnjUorGdpTSm6mx4WcJICPQ1wkmfRHLNh916JxAPjCN7Hxf0iu9kme3AUJzMs-IvrBQmFZ3cn18sBAWCX0358NEDoSDBYrhmpwZUnvTe8uMToQWmoroX0XX6wEGht8xRY_yHFxTb032U-_ZhaCxOj_uru8bEqKfTm39CBYSg8j0gu8LZqYAmhI9IHxsk16OgRJG2CkBlDv0yYk799dUEY0oUfs7Y4D4SoeKe7ZWMHgKMEqa7ONz18ORznxqKSQhi4hfNVgwMzaM0IoYP4KOfHuaK263zhJU0hMzURJ8KifECeOsDHBR6BhLJ9TYzUe4c9UU55nFNgRBwknKHFFrRAsgVETEzmZWHzWwGQIFtKIAVZ1cjkdMEL3BlbzzXVofXfbbCrPQqcABYx2BZ-J_P8-UFjeMo83VLrR5IHj0_8IhQZUmxZYJcpTIwrf-1A4JGlN2_eLqRymF8tZI6zIPJyo1C0M1CIB3EeHzi-70SbF8xFtGUB7hR234yo_SM-KqVdIk2Sjjta2bQ1KXjSEcvrS_358AMiP0-9JT_fHxTCyzra-SNYoZhdnrEFzoVwQE',
'p' => '6fWvnj34kJtfMnO1j-qbPjFnaTevREBGAypMvUBU3Fx1Xx0nE7zdc7lln2Qq5-yTQtOQ2lpiE69HkQLR4pMU6V44SjFgVzcTzbFCnNgknEV54S5dyp4KojSWxBi6bt5GwaACkiElDEw9wgc-8JgaEkv4F7e-w44HBwPDECTjE_N0vIawpbD_y6zpifB8ziaAI3xTG4ssA1dt8WZuyQW8SR4FRsYnfkqy0twwHn02gs7XSl4NepkhSO7CY5-YC3U6LazAEZi2NTiUuZSw7F6KaRhsA8CnXTDE5JqFks_fXfLNCbtClON2JtrB1zY-l-2bHyh2a6unDtGn9ZN-Ec7BXw',
'q' => '7UF_NblAyTxmj7Z2Jz1sZmz-Q3YHOcta00DjmHBhR9ItYRMQFMj-SUGPAtwvN-sk3_ThugaQt46SLT_I3Gy8433cHdW7o3So6HiMYVunyfhqnWznSWs6SvIoEh8rJOXkkIZ-DlRP8XyW5OOvi0cbWEQ1f1jbFyistMmnBClPvf2TKKPvShUl9qmvLxuU87j-_bgQmjVmtwZadnPOyPAxQ4_qqSfIiTOvMSxSycr58rTyu3khHQapGHkS5-2Y_w40GUSfVJ3XP48delYpK-PZP71hn89MJTnnfPOtvJAk1wbEev5wQFTJd-PGOudkGkuEIXryF4TGxRPltl5UeF0CwQ',
]
);
}
private function getMinimalPrivateKey(): JWK
{
return new JWK(
[
'd' => 'JSqz6ijkk3dfdSEA_0iMT_1HeIJ1ft4msZ6qw7_1JSCGQAALeZ1yM0QHO3uX-Jr7HC7v1rGVcwsonAhei2qu3rk-w_iCnRL6QkkMNBnDQycwaWpwGsMBFF-UqstOJNggE4AHX-aDnbd4wbKVvdX7ieehPngbPkHcJFdg_iSZCQNoajz6XfEruyIi7_IFXYEGmH_UyEbQkgNtriZysutgYdolUjo9flUlh20HbuV3NwsPjGyDG4dUMpNpdBpSuRHYKLX6h3FjeLhItBmhBfuL7d-G3EXwKlwfNXXYivqY5NQAkFNrRbvFlc_ARIws3zAfykPDIWGWFiPiN3H-hXMgAQ',
'e' => 'AQAB',
'n' => 'gVf-iyhwLn2J2Up4EKjwdLYmk5n24gjGk4oQkCHVcE7j8wkS1iSzcu0ApVcMPLklEp_PWycZE12vL90gPeVjF2IPL_MKFL0b6Wy7A1f4kCDkKv7TDDjt1IIwbS-Jdp-2pG7bPb3tWjJUu6QZBLoXfRtW3cMDkQjXaVGixENORLAZs6qdu2MMKV94jetCiFd0JYCjxGVC0HW2OKnM21B_2R1NubOvMlWA7gypdpvmBYDGpkw4mjV3walWlCZObG7IH84Ovl7wOP8XLzqi2un4e6fNzy3rdp4OUSPYItF4ZX5qThWYY2R47Z5sbrZxHjNeDECKUeio0KPQNrgr6FSKSw',
'kty' => 'RSA',
'kid' => 'test-key',
]
);
}
}

52
vendor/web-token/jwt-encryption/composer.json vendored Normal file
View File

@@ -0,0 +1,52 @@
{
"name": "web-token/jwt-encryption",
"description": "Encryption component of the JWT Framework.",
"type": "library",
"license": "MIT",
"keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"],
"homepage": "https://github.com/web-token",
"authors": [
{
"name": "Florent Morselli",
"homepage": "https://github.com/Spomky"
},{
"name": "All contributors",
"homepage": "https://github.com/web-token/jwt-encryption/contributors"
}
],
"autoload": {
"psr-4": {
"Jose\\Component\\Encryption\\": ""
}
},
"require": {
"web-token/jwt-core": "^2.1"
},
"require-dev": {
"phpunit/phpunit": "^8.0"
},
"suggest": {
"web-token/jwt-encryption-algorithm-aescbc": "AES CBC Based Content Encryption Algorithms",
"web-token/jwt-encryption-algorithm-aesgcm": "AES GCM Based Content Encryption Algorithms",
"web-token/jwt-encryption-algorithm-aesgcmkw": "AES GCM Key Wrapping Based Key Encryption Algorithms",
"web-token/jwt-encryption-algorithm-aeskw": "AES Key Wrapping Based Key Encryption Algorithms",
"web-token/jwt-encryption-algorithm-dir": "Direct Key Encryption Algorithms",
"web-token/jwt-encryption-algorithm-ecdh-es": "ECDH-ES Based Key Encryption Algorithms",
"web-token/jwt-encryption-algorithm-pbes2": "PBES2 Based Key Encryption Algorithms",
"web-token/jwt-encryption-algorithm-rsa": "RSA Based Key Encryption Algorithms",
"web-token/jwt-encryption-algorithm-experimental": "Experimental Key and Signature Algorithms"
},
"extra": {
"branch-alias": {
"v1.0": "1.0.x-dev",
"v1.1": "1.1.x-dev",
"v1.2": "1.2.x-dev",
"v1.3": "1.3.x-dev",
"v2.0": "2.0.x-dev",
"v2.1": "2.1.x-dev"
}
},
"config": {
"sort-packages": true
}
}

29
vendor/web-token/jwt-encryption/phpunit.xml.dist vendored Normal file
View File

@@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit
backupGlobals="false"
backupStaticAttributes="false"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
processIsolation="false"
stopOnFailure="false"
syntaxCheck="true"
bootstrap="vendor/autoload.php"
colors="true">
<testsuites>
<testsuite name="Test Suite">
<directory>./Tests/</directory>
</testsuite>
</testsuites>
<filter>
<whitelist>
<directory suffix=".php">./</directory>
<exclude>
<directory>./vendor</directory>
<directory>./Tests</directory>
<directory suffix="Test.php">./src</directory>
</exclude>
</whitelist>
</filter>
</phpunit>