Skip to content

Commit 6d08fc0

Browse files
julien-ncjulien-nc
committed
polish
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
1 parent e74928e commit 6d08fc0

File tree

2 files changed

+25
-7
lines changed

2 files changed

+25
-7
lines changed

appinfo/info.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
<bugs>https://github.com/nextcloud/user_oidc/issues</bugs>
2424
<repository>https://github.com/nextcloud/user_oidc</repository>
2525
<dependencies>
26+
<php min-version="8.2"/>
2627
<nextcloud min-version="29" max-version="33"/>
2728
</dependencies>
2829
<settings>

lib/Service/JweService.php

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -27,14 +27,25 @@
2727

2828
class JweService {
2929

30+
public const CONTENT_ENCRYPTION_ALGORITHM = 'A192CBC-HS384';
31+
3032
public function __construct(
3133
private JwkService $jwkService,
3234
) {
3335
}
3436

35-
public function createSerializedJwe(array $payloadArray, array $encryptionJwk): string {
36-
// encrypt a JWT payload with the enc key => JWE
37-
37+
/**
38+
* @param array $payloadArray the content of the JWE
39+
* @param array $encryptionJwk the public key in JWK format
40+
* @param string $keyEncryptionAlg the algorithm to use for the key encryption
41+
* @param string $contentEncryptionAlg the algorithm to use for the content encryption
42+
* @return string
43+
*/
44+
public function createSerializedJwe(
45+
array $payloadArray, array $encryptionJwk,
46+
string $keyEncryptionAlg = JwkService::PEM_ENC_KEY_ALGORITHM,
47+
string $contentEncryptionAlg = self::CONTENT_ENCRYPTION_ALGORITHM,
48+
): string {
3849
$algorithmManager = new AlgorithmManager([
3950
new A256KW(),
4051
new A256CBCHS512(),
@@ -64,10 +75,10 @@ public function createSerializedJwe(array $payloadArray, array $encryptionJwk):
6475
->withSharedProtectedHeader([
6576
// Key Encryption Algorithm
6677
// 'alg' => 'A256KW',
67-
'alg' => 'ECDH-ES+A192KW',
78+
'alg' => $keyEncryptionAlg,
6879
// Content Encryption Algorithm
6980
// 'enc' => 'A256CBC-HS512',
70-
'enc' => 'A192CBC-HS384',
81+
'enc' => $contentEncryptionAlg,
7182
//'zip' => 'DEF' // Not recommended.
7283
])
7384
->addRecipient($jwk) // We add a recipient (a shared key or public key).
@@ -77,6 +88,12 @@ public function createSerializedJwe(array $payloadArray, array $encryptionJwk):
7788
return $serializer->serialize($jwe, 0); // We serialize the recipient at index 0 (we only have one recipient).
7889
}
7990

91+
/**
92+
* @param string $serializedJwe the JWE token
93+
* @param array $jwkArray the private key in JWK format (with the 'd' attribute)
94+
* @return string
95+
* @throws \Exception
96+
*/
8097
public function decryptSerializedJwe(string $serializedJwe, array $jwkArray): string {
8198
$algorithmManager = new AlgorithmManager([
8299
new A256KW(),
@@ -119,8 +136,8 @@ public function decryptSerializedJwe(string $serializedJwe, array $jwkArray): st
119136
[
120137
new AlgorithmChecker(
121138
// $keyEncryptionAlgorithmManager->list()
122-
$algorithmManager->list()
123-
)
139+
$algorithmManager->list(),
140+
),
124141
],
125142
// Provide the appropriate TokenTypeSupport[].
126143
[

0 commit comments

Comments
 (0)