Merge pull request #23 from talha-API/main

Adding Support for AES GCM 128 & 192 decryption
Mastercard · Mar 16, 2023 · 7e00caa · 7e00caa
2 parents 0dc447e + 998f8e9
commit 7e00caa
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 27 deletions.
diff --git a/src/Developer/Encryption/JWE/JweHeader.php b/src/Developer/Encryption/JWE/JweHeader.php
@@ -13,7 +13,7 @@ public function __construct($alg, $enc, $kid, $cty)
     {
         $this->alg = $alg;
         $this->enc = $enc;
-        $this->kid = $kid;
+        if(!is_null($kid)) $this->kid = $kid;
         if(!is_null($cty)) $this->cty = $cty;
     }
 
@@ -36,7 +36,7 @@ public static function parseJweHeader($encodedHeader)
 
         $alg = $headerObj["alg"];
         $enc = $headerObj["enc"];
-        $kid = $headerObj["kid"];
+        $kid = (isset($headerObj["kid"])) ? $headerObj["kid"] : null;
         $cty = (isset($headerObj["cty"])) ? $headerObj["cty"] : null;
         return new JweHeader($alg, $enc, $kid, $cty);
     }

diff --git a/src/Developer/Encryption/JWE/JweObject.php b/src/Developer/Encryption/JWE/JweObject.php
@@ -81,6 +81,22 @@ public function decrypt($config)
                     $this->getRawHeader(),
                     EncodingUtils::base64UrlDecode($this->getCipherText())
                 );
+            case "A128GCM":
+                return AESGCM::decrypt(
+                    EncodingUtils::base64UrlDecode($this->getIv()),
+                    $cek,
+                    EncodingUtils::base64UrlDecode($this->getAuthTag()),
+                    $this->getRawHeader(),
+                    EncodingUtils::base64UrlDecode($this->getCipherText())
+                );
+            case "A192GCM":
+                return AESGCM::decrypt(
+                    EncodingUtils::base64UrlDecode($this->getIv()),
+                    $cek,
+                    EncodingUtils::base64UrlDecode($this->getAuthTag()),
+                    $this->getRawHeader(),
+                    EncodingUtils::base64UrlDecode($this->getCipherText())
+                );
             case "A128CBC-HS256":
                 return AESCBC::decrypt(
                     EncodingUtils::base64UrlDecode($this->getIv()),

diff --git a/tests/Developer/Encryption/JWE/JweObjectTest.php b/tests/Developer/Encryption/JWE/JweObjectTest.php
@@ -13,7 +13,7 @@
 
 class JweObjectTest extends TestCase
 {
-    public function testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIsGcmEncrypted()
+    public function testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIs256GcmEncrypted()
     {
         $jweObject = JweObject::parse("eyJraWQiOiI3NjFiMDAzYzFlYWRlM2E1NDkwZTUwMDBkMzc4ODdiYWE1ZTZlYzBlMjI2YzA3NzA2ZTU5OTQ1MWZjMDMyYTc5IiwiY3R5IjoiYXBwbGljYXRpb25cL2pzb24iLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.8c6vxeZOUBS8A9SXYUSrRnfl1ht9xxciB7TAEv84etZhQQ2civQKso-htpa2DWFBSUm-UYlxb6XtXNXZxuWu-A0WXjwi1K5ZAACc8KUoYnqPldEtC9Q2bhbQgc_qZF_GxeKrOZfuXc9oi45xfVysF_db4RZ6VkLvY2YpPeDGEMX_nLEjzqKaDz_2m0Ae_nknr0p_Nu0m5UJgMzZGR4Sk1DJWa9x-WJLEyo4w_nRDThOjHJshOHaOU6qR5rdEAZr_dwqnTHrjX9Qm9N9gflPGMaJNVa4mvpsjz6LJzjaW3nJ2yCoirbaeJyCrful6cCiwMWMaDMuiBDPKa2ovVTy0Sw.w0Nkjxl0T9HHNu4R.suRZaYu6Ui05Z3-vsw.akknMr3Dl4L0VVTGPUszcA");
 
@@ -26,6 +26,34 @@ public function testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIsGcmEncrypt
 
         $this->assertEquals("{\"foo\":\"bar\"}", $decryptedPayload);
     }
+
+        public function testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIs192GcmEncrypted()
+    {
+        $jweObject = JweObject::parse("eyJlbmMiOiJBMTkyR0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.FWC8PVaZoR2TRKwKO4syhSJReezVIvtkxU_yKh4qODNvlVr8t8ttvySJ-AjM8xdI6vNyIg9jBMWASG4cE49jT9FYuQ72fP4R-Td4vX8wpB8GonQj40yLqZyfRLDrMgPR20RcQDW2ThzLXsgI55B5l5fpwQ9Nhmx8irGifrFWOcJ_k1dUSBdlsHsYxkjRKMENu5x4H6h12gGZ21aZSPtwAj9msMYnKLdiUbdGmGG_P8a6gPzc9ih20McxZk8fHzXKujjukr_1p5OO4o1N4d3qa-YI8Sns2fPtf7xPHnwi1wipmCC6ThFLU80r3173RXcpyZkF8Y3UacOS9y1f8eUfVQ.JRE7kZLN4Im1Rtdb.eW_lJ-U330n0QHqZnQ._r5xYVvMCrvICwLz4chjdw");
+
+        $mockConfig = Phake::mock(JweConfig::class);
+
+        Phake::when($mockConfig)->getDecryptionKey()
+            ->thenReturn(DecryptionKey::load("./resources/Keys/Pkcs8/test_key_pkcs8-2048.pem"));
+
+        $decryptedPayload = $jweObject->decrypt($mockConfig);
+
+        $this->assertEquals("{\"foo\":\"bar\"}", $decryptedPayload);  
+    }
+
+    public function testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIs128GcmEncrypted()
+    {
+        $jweObject = JweObject::parse("eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.WtvYljbsjdEv-Ttxx1p6PgyIrOsLpj1FMF9NQNhJUAHlKchAo5QImgEgIdgJE7HC2KfpNcHiQVqKKZq_y201FVzpicDkNzlPJr5kIH4Lq-oC5iP0agWeou9yK5vIxFRP__F_B8HSuojBJ3gDYT_KdYffUIHkm_UysNj4PW2RIRlafJ6RKYanVzk74EoKZRG7MIr3pTU6LIkeQUW41qYG8hz6DbGBOh79Nkmq7Oceg0ZwCn1_MruerP-b15SGFkuvOshStT5JJp7OOq82gNAOkMl4fylEj2-vADjP7VSK8GlqrA7u9Tn-a4Q28oy0GOKr1Z-HJgn_CElknwkUTYsWbg.PKl6_kvZ4_4MjmjW.AH6pGFkn7J49hBQcwg.zdyD73TcuveImOy4CRnVpw");
+
+        $mockConfig = Phake::mock(JweConfig::class);
+
+        Phake::when($mockConfig)->getDecryptionKey()
+            ->thenReturn(DecryptionKey::load("./resources/Keys/Pkcs8/test_key_pkcs8-2048.pem"));
+
+        $decryptedPayload = $jweObject->decrypt($mockConfig);
+
+        $this->assertEquals("{\"foo\":\"bar\"}", $decryptedPayload);  
+    }
 
     public function  testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIsCbcEncrypted()
     {

diff --git a/tests/Developer/Interceptors/PsrHttpMessageJweInterceptorTest.php b/tests/Developer/Interceptors/PsrHttpMessageJweInterceptorTest.php
@@ -142,30 +142,6 @@ public function testInterceptResponse_ShouldDoNothing_WhenNoPayload()
         $this->assertEquals(0, sizeof($response->getHeaders()));
     }
 
-    public function testInterceptResponse_ShouldThrowAnExceptionWhenEncryptionNotSupported()
-    {
-        $this->expectException(EncryptionException::class);
-        $this->expectExceptionMessage('Encryption method A192GCM not supported');
-
-        // GIVEN
-        $encryptedPayload = "{" .
-            "\"encryptedPayload\":\"eyJraWQiOiI3NjFiMDAzYzFlYWRlM2E1NDkwZTUwMDBkMzc4ODdiYWE1ZTZlYzBlMjI2YzA3NzA2ZTU5OTQ1MWZjMDMyYTc5IiwiY3R5IjoiYXBwbGljYXRpb25cL2pzb24iLCJlbmMiOiJBMTkyR0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.peSgTt_lPbcNStWh-gI3yMzhOGtFCwExFwLxKeHwjzsXvHB0Fml5XnG0jRbJSfOHzKx02d0NVBzoDDRSAnafuabbbMKcoaUK-jZNHSg4BHdyBZpCO82kzvWeEm3TTNHIMBTfM00EmdFB03z_a0PaWsT-FIOzu4Sd5Z_nsNLhP9941CtVS-YtZ9WkgDezGipxA7ejQ3X5gFVy2RH1gL8OTbzIYCwBcrfSjAiCQgunNbLxPPlfZHB_6prPK7_50NS6FvuMnAhiqUiiAka8DHMdeGBWOie2Q0FV_bsRDHx_6CY8kQA3F_NXz1dELIclJhdZFfRt1y-TEfwOIj4nDi2JnA.8BYMB5MkH2ZNyFGS._xb3uDsUQcPT5fQyZw.O0MzJ5OvNyj_QMuqaloTWA\"}";
-
-        $decryptionKey = DecryptionKey::load("./resources/Keys/Pkcs8/test_key_pkcs8-2048.pem");
-
-        $config = JweConfigBuilder::aJweEncryptionConfig()
-            ->withDecryptionKey($decryptionKey)
-            ->withDecryptionPath("$.encryptedPayload", "$.foo")
-            ->build();
-
-        $headers = ['Content-Type' => 'application/json'];
-        $response = new Response(200, $headers, $encryptedPayload);
-
-        // WHEN
-        $instanceUnderTest = new PsrHttpMessageJweInterceptor($config);
-        $instanceUnderTest->interceptResponse($response);
-    }
-
     public function testInterceptResponse_ShouldThrowEncryptionException_WhenDecryptionFails()
     {
         $this->expectException(EncryptionException::class);