From 5117b859041cc9460279692d67e1fceae25258c2 Mon Sep 17 00:00:00 2001 From: talha-API <123556329+talha-API@users.noreply.github.com> Date: Tue, 14 Mar 2023 16:31:17 +0000 Subject: [PATCH 1/4] Adding cases for A128/192GCM Decryption --- src/Developer/Encryption/JWE/JweObject.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/Developer/Encryption/JWE/JweObject.php b/src/Developer/Encryption/JWE/JweObject.php index 6fb1fc6..49556cc 100644 --- a/src/Developer/Encryption/JWE/JweObject.php +++ b/src/Developer/Encryption/JWE/JweObject.php @@ -81,6 +81,22 @@ public function decrypt($config) $this->getRawHeader(), EncodingUtils::base64UrlDecode($this->getCipherText()) ); + case "A128GCM": + return AESGCM::decrypt( + EncodingUtils::base64UrlDecode($this->getIv()), + $cek, + EncodingUtils::base64UrlDecode($this->getAuthTag()), + $this->getRawHeader(), + EncodingUtils::base64UrlDecode($this->getCipherText()) + ); + case "A192GCM": + return AESGCM::decrypt( + EncodingUtils::base64UrlDecode($this->getIv()), + $cek, + EncodingUtils::base64UrlDecode($this->getAuthTag()), + $this->getRawHeader(), + EncodingUtils::base64UrlDecode($this->getCipherText()) + ); case "A128CBC-HS256": return AESCBC::decrypt( EncodingUtils::base64UrlDecode($this->getIv()), From 54a9e340fc42d83b0193be89fcd22ceb9e5c92ea Mon Sep 17 00:00:00 2001 From: talha-API <123556329+talha-API@users.noreply.github.com> Date: Tue, 14 Mar 2023 16:32:57 +0000 Subject: [PATCH 2/4] Update JweHeader.php --- src/Developer/Encryption/JWE/JweHeader.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Developer/Encryption/JWE/JweHeader.php b/src/Developer/Encryption/JWE/JweHeader.php index e4d5c3b..87ad1cf 100644 --- a/src/Developer/Encryption/JWE/JweHeader.php +++ b/src/Developer/Encryption/JWE/JweHeader.php @@ -13,7 +13,7 @@ public function __construct($alg, $enc, $kid, $cty) { $this->alg = $alg; $this->enc = $enc; - $this->kid = $kid; + if(!is_null($kid)) $this->kid = $kid; if(!is_null($cty)) $this->cty = $cty; } @@ -36,7 +36,7 @@ public static function parseJweHeader($encodedHeader) $alg = $headerObj["alg"]; $enc = $headerObj["enc"]; - $kid = $headerObj["kid"]; + $kid = (isset($headerObj["kid"])) ? $headerObj["kid"] : null; $cty = (isset($headerObj["cty"])) ? $headerObj["cty"] : null; return new JweHeader($alg, $enc, $kid, $cty); } From 94433c925ad89f8b2feab7e00cfa01b6ca5742e9 Mon Sep 17 00:00:00 2001 From: talha-API <123556329+talha-API@users.noreply.github.com> Date: Tue, 14 Mar 2023 16:35:02 +0000 Subject: [PATCH 3/4] Adding test cases for A128/192GCM --- .../Encryption/JWE/JweObjectTest.php | 30 ++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/tests/Developer/Encryption/JWE/JweObjectTest.php b/tests/Developer/Encryption/JWE/JweObjectTest.php index cbcd1e4..2f69ce9 100644 --- a/tests/Developer/Encryption/JWE/JweObjectTest.php +++ b/tests/Developer/Encryption/JWE/JweObjectTest.php @@ -13,7 +13,7 @@ class JweObjectTest extends TestCase { - public function testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIsGcmEncrypted() + public function testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIs256GcmEncrypted() { $jweObject = JweObject::parse("eyJraWQiOiI3NjFiMDAzYzFlYWRlM2E1NDkwZTUwMDBkMzc4ODdiYWE1ZTZlYzBlMjI2YzA3NzA2ZTU5OTQ1MWZjMDMyYTc5IiwiY3R5IjoiYXBwbGljYXRpb25cL2pzb24iLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.8c6vxeZOUBS8A9SXYUSrRnfl1ht9xxciB7TAEv84etZhQQ2civQKso-htpa2DWFBSUm-UYlxb6XtXNXZxuWu-A0WXjwi1K5ZAACc8KUoYnqPldEtC9Q2bhbQgc_qZF_GxeKrOZfuXc9oi45xfVysF_db4RZ6VkLvY2YpPeDGEMX_nLEjzqKaDz_2m0Ae_nknr0p_Nu0m5UJgMzZGR4Sk1DJWa9x-WJLEyo4w_nRDThOjHJshOHaOU6qR5rdEAZr_dwqnTHrjX9Qm9N9gflPGMaJNVa4mvpsjz6LJzjaW3nJ2yCoirbaeJyCrful6cCiwMWMaDMuiBDPKa2ovVTy0Sw.w0Nkjxl0T9HHNu4R.suRZaYu6Ui05Z3-vsw.akknMr3Dl4L0VVTGPUszcA"); @@ -26,6 +26,34 @@ public function testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIsGcmEncrypt $this->assertEquals("{\"foo\":\"bar\"}", $decryptedPayload); } + + public function testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIs192GcmEncrypted() + { + $jweObject = JweObject::parse("eyJlbmMiOiJBMTkyR0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.FWC8PVaZoR2TRKwKO4syhSJReezVIvtkxU_yKh4qODNvlVr8t8ttvySJ-AjM8xdI6vNyIg9jBMWASG4cE49jT9FYuQ72fP4R-Td4vX8wpB8GonQj40yLqZyfRLDrMgPR20RcQDW2ThzLXsgI55B5l5fpwQ9Nhmx8irGifrFWOcJ_k1dUSBdlsHsYxkjRKMENu5x4H6h12gGZ21aZSPtwAj9msMYnKLdiUbdGmGG_P8a6gPzc9ih20McxZk8fHzXKujjukr_1p5OO4o1N4d3qa-YI8Sns2fPtf7xPHnwi1wipmCC6ThFLU80r3173RXcpyZkF8Y3UacOS9y1f8eUfVQ.JRE7kZLN4Im1Rtdb.eW_lJ-U330n0QHqZnQ._r5xYVvMCrvICwLz4chjdw"); + + $mockConfig = Phake::mock(JweConfig::class); + + Phake::when($mockConfig)->getDecryptionKey() + ->thenReturn(DecryptionKey::load("./resources/Keys/Pkcs8/test_key_pkcs8-2048.pem")); + + $decryptedPayload = $jweObject->decrypt($mockConfig); + + $this->assertEquals("{\"foo\":\"bar\"}", $decryptedPayload); + } + + public function testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIs128GcmEncrypted() + { + $jweObject = JweObject::parse("eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.WtvYljbsjdEv-Ttxx1p6PgyIrOsLpj1FMF9NQNhJUAHlKchAo5QImgEgIdgJE7HC2KfpNcHiQVqKKZq_y201FVzpicDkNzlPJr5kIH4Lq-oC5iP0agWeou9yK5vIxFRP__F_B8HSuojBJ3gDYT_KdYffUIHkm_UysNj4PW2RIRlafJ6RKYanVzk74EoKZRG7MIr3pTU6LIkeQUW41qYG8hz6DbGBOh79Nkmq7Oceg0ZwCn1_MruerP-b15SGFkuvOshStT5JJp7OOq82gNAOkMl4fylEj2-vADjP7VSK8GlqrA7u9Tn-a4Q28oy0GOKr1Z-HJgn_CElknwkUTYsWbg.PKl6_kvZ4_4MjmjW.AH6pGFkn7J49hBQcwg.zdyD73TcuveImOy4CRnVpw"); + + $mockConfig = Phake::mock(JweConfig::class); + + Phake::when($mockConfig)->getDecryptionKey() + ->thenReturn(DecryptionKey::load("./resources/Keys/Pkcs8/test_key_pkcs8-2048.pem")); + + $decryptedPayload = $jweObject->decrypt($mockConfig); + + $this->assertEquals("{\"foo\":\"bar\"}", $decryptedPayload); + } public function testDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIsCbcEncrypted() { From 998f8e998118e658b7c7b81c939b921f4bb559bc Mon Sep 17 00:00:00 2001 From: talha-API <123556329+talha-API@users.noreply.github.com> Date: Tue, 14 Mar 2023 16:36:43 +0000 Subject: [PATCH 4/4] Removing exception for A192GCM not being supported --- .../PsrHttpMessageJweInterceptorTest.php | 24 ------------------- 1 file changed, 24 deletions(-) diff --git a/tests/Developer/Interceptors/PsrHttpMessageJweInterceptorTest.php b/tests/Developer/Interceptors/PsrHttpMessageJweInterceptorTest.php index 8fa06fa..799f027 100644 --- a/tests/Developer/Interceptors/PsrHttpMessageJweInterceptorTest.php +++ b/tests/Developer/Interceptors/PsrHttpMessageJweInterceptorTest.php @@ -142,30 +142,6 @@ public function testInterceptResponse_ShouldDoNothing_WhenNoPayload() $this->assertEquals(0, sizeof($response->getHeaders())); } - public function testInterceptResponse_ShouldThrowAnExceptionWhenEncryptionNotSupported() - { - $this->expectException(EncryptionException::class); - $this->expectExceptionMessage('Encryption method A192GCM not supported'); - - // GIVEN - $encryptedPayload = "{" . - "\"encryptedPayload\":\"eyJraWQiOiI3NjFiMDAzYzFlYWRlM2E1NDkwZTUwMDBkMzc4ODdiYWE1ZTZlYzBlMjI2YzA3NzA2ZTU5OTQ1MWZjMDMyYTc5IiwiY3R5IjoiYXBwbGljYXRpb25cL2pzb24iLCJlbmMiOiJBMTkyR0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.peSgTt_lPbcNStWh-gI3yMzhOGtFCwExFwLxKeHwjzsXvHB0Fml5XnG0jRbJSfOHzKx02d0NVBzoDDRSAnafuabbbMKcoaUK-jZNHSg4BHdyBZpCO82kzvWeEm3TTNHIMBTfM00EmdFB03z_a0PaWsT-FIOzu4Sd5Z_nsNLhP9941CtVS-YtZ9WkgDezGipxA7ejQ3X5gFVy2RH1gL8OTbzIYCwBcrfSjAiCQgunNbLxPPlfZHB_6prPK7_50NS6FvuMnAhiqUiiAka8DHMdeGBWOie2Q0FV_bsRDHx_6CY8kQA3F_NXz1dELIclJhdZFfRt1y-TEfwOIj4nDi2JnA.8BYMB5MkH2ZNyFGS._xb3uDsUQcPT5fQyZw.O0MzJ5OvNyj_QMuqaloTWA\"}"; - - $decryptionKey = DecryptionKey::load("./resources/Keys/Pkcs8/test_key_pkcs8-2048.pem"); - - $config = JweConfigBuilder::aJweEncryptionConfig() - ->withDecryptionKey($decryptionKey) - ->withDecryptionPath("$.encryptedPayload", "$.foo") - ->build(); - - $headers = ['Content-Type' => 'application/json']; - $response = new Response(200, $headers, $encryptedPayload); - - // WHEN - $instanceUnderTest = new PsrHttpMessageJweInterceptor($config); - $instanceUnderTest->interceptResponse($response); - } - public function testInterceptResponse_ShouldThrowEncryptionException_WhenDecryptionFails() { $this->expectException(EncryptionException::class);