2727
2828class JweService {
2929
30+ public const CONTENT_ENCRYPTION_ALGORITHM = 'A192CBC-HS384 ' ;
31+
3032 public function __construct (
3133 private JwkService $ jwkService ,
3234 ) {
3335 }
3436
35- public function createSerializedJwe (array $ payloadArray , array $ encryptionJwk ): string {
36- // encrypt a JWT payload with the enc key => JWE
37-
37+ /**
38+ * @param array $payloadArray the content of the JWE
39+ * @param array $encryptionJwk the public key in JWK format
40+ * @param string $keyEncryptionAlg the algorithm to use for the key encryption
41+ * @param string $contentEncryptionAlg the algorithm to use for the content encryption
42+ * @return string
43+ */
44+ public function createSerializedJwe (
45+ array $ payloadArray , array $ encryptionJwk ,
46+ string $ keyEncryptionAlg = JwkService::PEM_ENC_KEY_ALGORITHM ,
47+ string $ contentEncryptionAlg = self ::CONTENT_ENCRYPTION_ALGORITHM ,
48+ ): string {
3849 $ algorithmManager = new AlgorithmManager ([
3950 new A256KW (),
4051 new A256CBCHS512 (),
@@ -64,10 +75,10 @@ public function createSerializedJwe(array $payloadArray, array $encryptionJwk):
6475 ->withSharedProtectedHeader ([
6576 // Key Encryption Algorithm
6677 // 'alg' => 'A256KW',
67- 'alg ' => ' ECDH-ES+A192KW ' ,
78+ 'alg ' => $ keyEncryptionAlg ,
6879 // Content Encryption Algorithm
6980 // 'enc' => 'A256CBC-HS512',
70- 'enc ' => ' A192CBC-HS384 ' ,
81+ 'enc ' => $ contentEncryptionAlg ,
7182 //'zip' => 'DEF' // Not recommended.
7283 ])
7384 ->addRecipient ($ jwk ) // We add a recipient (a shared key or public key).
@@ -77,6 +88,12 @@ public function createSerializedJwe(array $payloadArray, array $encryptionJwk):
7788 return $ serializer ->serialize ($ jwe , 0 ); // We serialize the recipient at index 0 (we only have one recipient).
7889 }
7990
91+ /**
92+ * @param string $serializedJwe the JWE token
93+ * @param array $jwkArray the private key in JWK format (with the 'd' attribute)
94+ * @return string
95+ * @throws \Exception
96+ */
8097 public function decryptSerializedJwe (string $ serializedJwe , array $ jwkArray ): string {
8198 $ algorithmManager = new AlgorithmManager ([
8299 new A256KW (),
@@ -119,8 +136,8 @@ public function decryptSerializedJwe(string $serializedJwe, array $jwkArray): st
119136 [
120137 new AlgorithmChecker (
121138 // $keyEncryptionAlgorithmManager->list()
122- $ algorithmManager ->list ()
123- )
139+ $ algorithmManager ->list (),
140+ ),
124141 ],
125142 // Provide the appropriate TokenTypeSupport[].
126143 [
0 commit comments