관리-도구
편집 파일: Decrypt.php
<?php declare(strict_types=1); /* * The MIT License (MIT) * * Copyright (c) 2014-2020 Spomky-Labs * * This software may be modified and distributed under the terms * of the MIT license. See the LICENSE file for details. */ namespace Jose\Easy; use function count; use InvalidArgumentException; use function is_string; use Jose\Component\Checker; use Jose\Component\Core\Algorithm; use Jose\Component\Core\AlgorithmManager; use Jose\Component\Core\Util\JsonConverter; use Jose\Component\Encryption\Algorithm\ContentEncryption; use Jose\Component\Encryption\Algorithm\KeyEncryption; use Jose\Component\Encryption\Compression\CompressionMethod; use Jose\Component\Encryption\Compression\CompressionMethodManager; use Jose\Component\Encryption\Compression\Deflate; use Jose\Component\Encryption\JWEDecrypter; use Jose\Component\Encryption\JWETokenSupport; use Jose\Component\Encryption\Serializer\CompactSerializer; class Decrypt extends AbstractLoader { /** * @var string[] */ protected $allowedContentEncryptionAlgorithms = []; /** * @var CompressionMethod[] */ private $compressionMethods; private function __construct(string $token) { parent::__construct($token); $this->compressionMethods = [ new Deflate(), ]; } public static function token(string $token): self { return new self($token); } /** * @param Algorithm|string $enc * * @throws InvalidArgumentException if the encryption algorithm is invalid */ public function enc($enc): self { $clone = clone $this; switch (true) { case is_string($enc): $clone->allowedContentEncryptionAlgorithms[] = $enc; return $clone; case $enc instanceof Algorithm: $clone->algorithms[$enc->name()] = $enc; $clone->allowedContentEncryptionAlgorithms[] = $enc->name(); return $clone; default: throw new InvalidArgumentException('Invalid parameter "enc". Shall be a string or an algorithm instance.'); } } /** * @param Algorithm[]|string[] $encs */ public function encs($encs): self { $clone = clone $this; foreach ($encs as $enc) { $clone = $clone->enc($enc); } return $clone; } public function run(): JWT { if (0 !== count($this->allowedAlgorithms)) { $this->headerCheckers[] = new Checker\AlgorithmChecker($this->allowedAlgorithms, true); } if (0 !== count($this->allowedContentEncryptionAlgorithms)) { $this->headerCheckers[] = new ContentEncryptionAlgorithmChecker($this->allowedContentEncryptionAlgorithms, true); } $jwe = (new CompactSerializer())->unserialize($this->token); $headerChecker = new Checker\HeaderCheckerManager($this->headerCheckers, [new JWETokenSupport()]); $headerChecker->check($jwe, 0); $verifier = new JWEDecrypter( new AlgorithmManager($this->algorithms), new AlgorithmManager($this->algorithms), new CompressionMethodManager($this->compressionMethods) ); $verifier->decryptUsingKeySet($jwe, $this->jwkset, 0); $jwt = new JWT(); $jwt->header->replace($jwe->getSharedProtectedHeader()); $jwt->claims->replace(JsonConverter::decode($jwe->getPayload())); $claimChecker = new Checker\ClaimCheckerManager($this->claimCheckers); $claimChecker->check($jwt->claims->all(), $this->mandatoryClaims); return $jwt; } protected function getAlgorithmMap(): array { return [ KeyEncryption\A128GCMKW::class, KeyEncryption\A192GCMKW::class, KeyEncryption\A256GCMKW::class, KeyEncryption\A128KW::class, KeyEncryption\A192KW::class, KeyEncryption\A256KW::class, KeyEncryption\Dir::class, KeyEncryption\ECDHES::class, KeyEncryption\ECDHESA128KW::class, KeyEncryption\ECDHESA192KW::class, KeyEncryption\ECDHESA256KW::class, KeyEncryption\PBES2HS256A128KW::class, KeyEncryption\PBES2HS384A192KW::class, KeyEncryption\PBES2HS512A256KW::class, KeyEncryption\RSA15::class, KeyEncryption\RSAOAEP::class, KeyEncryption\RSAOAEP256::class, ContentEncryption\A128GCM::class, ContentEncryption\A192GCM::class, ContentEncryption\A256GCM::class, ContentEncryption\A128CBCHS256::class, ContentEncryption\A192CBCHS384::class, ContentEncryption\A256CBCHS512::class, ]; } }