123 lines
3.8 KiB
PHP
123 lines
3.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/*
|
|
* The MIT License (MIT)
|
|
*
|
|
* Copyright (c) 2014-2020 Spomky-Labs
|
|
*
|
|
* This software may be modified and distributed under the terms
|
|
* of the MIT license. See the LICENSE file for details.
|
|
*/
|
|
|
|
namespace Jose\Component\Encryption\Serializer;
|
|
|
|
use Base64Url\Base64Url;
|
|
use function count;
|
|
use InvalidArgumentException;
|
|
use Jose\Component\Core\Util\JsonConverter;
|
|
use Jose\Component\Encryption\JWE;
|
|
use Jose\Component\Encryption\Recipient;
|
|
use LogicException;
|
|
use Throwable;
|
|
|
|
final class CompactSerializer implements JWESerializer
|
|
{
|
|
public const NAME = 'jwe_compact';
|
|
|
|
public function displayName(): string
|
|
{
|
|
return 'JWE Compact';
|
|
}
|
|
|
|
public function name(): string
|
|
{
|
|
return self::NAME;
|
|
}
|
|
|
|
public function serialize(JWE $jwe, ?int $recipientIndex = null): string
|
|
{
|
|
if (null === $recipientIndex) {
|
|
$recipientIndex = 0;
|
|
}
|
|
$recipient = $jwe->getRecipient($recipientIndex);
|
|
|
|
$this->checkHasNoAAD($jwe);
|
|
$this->checkHasSharedProtectedHeader($jwe);
|
|
$this->checkRecipientHasNoHeader($jwe, $recipientIndex);
|
|
|
|
return sprintf(
|
|
'%s.%s.%s.%s.%s',
|
|
$jwe->getEncodedSharedProtectedHeader(),
|
|
Base64Url::encode(null === $recipient->getEncryptedKey() ? '' : $recipient->getEncryptedKey()),
|
|
Base64Url::encode(null === $jwe->getIV() ? '' : $jwe->getIV()),
|
|
Base64Url::encode($jwe->getCiphertext()),
|
|
Base64Url::encode(null === $jwe->getTag() ? '' : $jwe->getTag())
|
|
);
|
|
}
|
|
|
|
/**
|
|
* @throws InvalidArgumentException if the input is not supported
|
|
*/
|
|
public function unserialize(string $input): JWE
|
|
{
|
|
$parts = explode('.', $input);
|
|
if (5 !== count($parts)) {
|
|
throw new InvalidArgumentException('Unsupported input');
|
|
}
|
|
|
|
try {
|
|
$encodedSharedProtectedHeader = $parts[0];
|
|
$sharedProtectedHeader = JsonConverter::decode(Base64Url::decode($encodedSharedProtectedHeader));
|
|
$encryptedKey = '' === $parts[1] ? null : Base64Url::decode($parts[1]);
|
|
$iv = Base64Url::decode($parts[2]);
|
|
$ciphertext = Base64Url::decode($parts[3]);
|
|
$tag = Base64Url::decode($parts[4]);
|
|
|
|
return new JWE(
|
|
$ciphertext,
|
|
$iv,
|
|
$tag,
|
|
null,
|
|
[],
|
|
$sharedProtectedHeader,
|
|
$encodedSharedProtectedHeader,
|
|
[new Recipient([], $encryptedKey)]
|
|
);
|
|
} catch (Throwable $throwable) {
|
|
throw new InvalidArgumentException('Unsupported input', $throwable->getCode(), $throwable);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws LogicException if the AAD is invalid
|
|
*/
|
|
private function checkHasNoAAD(JWE $jwe): void
|
|
{
|
|
if (null !== $jwe->getAAD()) {
|
|
throw new LogicException('This JWE has AAD and cannot be converted into Compact JSON.');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws LogicException if the JWE has a shared header or recipient header (invalid for compact JSON)
|
|
*/
|
|
private function checkRecipientHasNoHeader(JWE $jwe, int $id): void
|
|
{
|
|
if (0 !== count($jwe->getSharedHeader()) || 0 !== count($jwe->getRecipient($id)->getHeader())) {
|
|
throw new LogicException('This JWE has shared header parameters or recipient header parameters and cannot be converted into Compact JSON.');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws LogicException if the JWE has no shared protected header (invalid for compact JSON)
|
|
*/
|
|
private function checkHasSharedProtectedHeader(JWE $jwe): void
|
|
{
|
|
if (0 === count($jwe->getSharedProtectedHeader())) {
|
|
throw new LogicException('This JWE does not have shared protected header parameters and cannot be converted into Compact JSON.');
|
|
}
|
|
}
|
|
}
|