Jwt split (#118)

Spomky · web-flow · commit 935d681763e3 · 2018-04-11T12:52:04.000+02:00
* JWS/JWE Split THis PR adds a `split` method for both JWS and JWE objects. It allows to explode a JWS/JWE that contains several signatures/recipients into a list of JWS/JWE with only one signature/recipient. It can be useful in certain cases e.g. where the verification of each signature is required or if a JWE has to be computed at once, but sent separetly to recipients. * Apply fixes from StyleCI (#117) [ci skip] [skip ci]
diff --git a/src/Component/Encryption/JWE.php b/src/Component/Encryption/JWE.php
@@ -302,4 +302,29 @@ public function hasSharedHeaderParameter(string $key): bool
     {
         return array_key_exists($key, $this->sharedHeader);
     }
+
+    /**
+     * This method splits the JWE into a list of JWEs.
+     * It is only useful when the JWE contains more than one recipient (JSON General Serialization).
+     *
+     * @return JWE[]
+     */
+    public function split(): array
+    {
+        $result = [];
+        foreach ($this->recipients as $recipient) {
+            $result[] = self::create(
+                $this->ciphertext,
+                $this->iv,
+                $this->tag,
+                $this->aad,
+                $this->sharedHeader,
+                $this->sharedProtectedHeader,
+                $this->encodedSharedProtectedHeader,
+                [$recipient]
+            );
+        }
+
+        return $result;
+    }
 }
diff --git a/src/Component/Encryption/Tests/JWESplitTest.php b/src/Component/Encryption/Tests/JWESplitTest.php
@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license.  See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Encryption\Tests;
+
+use Jose\Component\Core\Converter\StandardConverter;
+use Jose\Component\Encryption\Serializer\JSONGeneralSerializer;
+
+/**
+ * @group JWE
+ */
+class JWESplitTest extends EncryptionTest
+{
+    /**
+     * @test
+     */
+    public function aJweObjectWithMoreThanOneRecipientCanBeSplittedIntoSeveralJweObjects()
+    {
+        $input = '{"recipients":[{"encrypted_key":"dYOD28kab0Vvf4ODgxVAJXgHcSZICSOp8M51zjwj4w6Y5G4XJQsNNIBiqyvUUAOcpL7S7-cFe7Pio7gV_Q06WmCSa-vhW6me4bWrBf7cHwEQJdXihidAYWVajJIaKMXMvFRMV6iDlRr076DFthg2_AV0_tSiV6xSEIFqt1xnYPpmP91tc5WJDOGb-wqjw0-b-S1laS11QVbuP78dQ7Fa0zAVzzjHX-xvyM2wxj_otxr9clN1LnZMbeYSrRicJK5xodvWgkpIdkMHo4LvdhRRvzoKzlic89jFWPlnBq_V4n5trGuExtp_-dbHcGlihqc_wGgho9fLMK8JOArYLcMDNQ","header":{"alg":"RSA1_5","kid":"frodo.baggins@hobbiton.example"}},{"encrypted_key":"ExInT0io9BqBMYF6-maw5tZlgoZXThD1zWKsHixJuw_elY4gSSId_w","header":{"alg":"ECDH-ES+A256KW","kid":"peregrin.took@tuckborough.example","epk":{"kty":"EC","crv":"P-384","x":"Uzdvk3pi5wKCRc1izp5_r0OjeqT-I68i8g2b8mva8diRhsE2xAn2DtMRb25Ma2CX","y":"VDrRyFJh-Kwd1EjAgmj5Eo-CTHAZ53MC7PjjpLioy3ylEjI1pOMbw91fzZ84pbfm"}}},{"encrypted_key":"a7CclAejo_7JSuPB8zeagxXRam8dwCfmkt9-WyTpS1E","header":{"alg":"A256GCMKW","kid":"18ec08e1-bfa9-4d95-b205-2b4dd1d4321d","tag":"59Nqh1LlYtVIhfD3pgRGvw","iv":"AvpeoPZ9Ncn9mkBn"}}],"unprotected":{"cty":"text/plain"},"protected":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0","iv":"VgEIHY20EnzUtZFl2RpB1g","ciphertext":"ajm2Q-OpPXCr7-MHXicknb1lsxLdXxK_yLds0KuhJzfWK04SjdxQeSw2L9mu3a_k1C55kCQ_3xlkcVKC5yr__Is48VOoK0k63_QRM9tBURMFqLByJ8vOYQX0oJW4VUHJLmGhF-tVQWB7Kz8mr8zeE7txF0MSaP6ga7-siYxStR7_G07Thd1jh-zGT0wxM5g-VRORtq0K6AXpLlwEqRp7pkt2zRM0ZAXqSpe1O6FJ7FHLDyEFnD-zDIZukLpCbzhzMDLLw2-8I14FQrgi-iEuzHgIJFIJn2wh9Tj0cg_kOZy9BqMRZbmYXMY9YQjorZ_P_JYG3ARAIF3OjDNqpdYe-K_5Q5crGJSDNyij_ygEiItR5jssQVH2ofDQdLChtazE","tag":"BESYyFN7T09KY7i8zKs5_g"}';
+        $serializer = new JSONGeneralSerializer(new StandardConverter());
+        $jwe = $serializer->unserialize($input);
+        $split = $jwe->split();
+
+        self::assertEquals(3, $jwe->countRecipients());
+        self::assertEquals(3, count($split));
+
+        for ($i = 0; $i < $jwe->countRecipients(); $i++) {
+            $recipient1 = $jwe->getRecipient($i);
+            $tempJwe = $split[$i];
+            self::assertEquals(1, $tempJwe->countRecipients());
+            self::assertEquals($jwe->getAAD(), $tempJwe->getAAD());
+            self::assertEquals($jwe->getCiphertext(), $tempJwe->getCiphertext());
+            self::assertEquals($jwe->getEncodedSharedProtectedHeader(), $tempJwe->getEncodedSharedProtectedHeader());
+            self::assertEquals($jwe->getSharedProtectedHeader(), $tempJwe->getSharedProtectedHeader());
+            self::assertEquals($jwe->getSharedHeader(), $tempJwe->getSharedHeader());
+            self::assertEquals($jwe->getIV(), $tempJwe->getIV());
+            self::assertEquals($jwe->getTag(), $tempJwe->getTag());
+            self::assertEquals($jwe->isEncrypted(), $tempJwe->isEncrypted());
+
+            $recipient2 = $tempJwe->getRecipient(0);
+            self::assertEquals($recipient1->getHeader(), $recipient2->getHeader());
+            self::assertEquals($recipient1->getEncryptedKey(), $recipient2->getEncryptedKey());
+        }
+    }
+}
diff --git a/src/Component/Signature/JWS.php b/src/Component/Signature/JWS.php
@@ -154,4 +154,32 @@ public function countSignatures(): int
     {
         return count($this->signatures);
     }
+
+    /**
+     * This method splits the JWS into a list of JWSs.
+     * It is only useful when the JWS contains more than one signature (JSON General Serialization).
+     *
+     * @return JWS[]
+     */
+    public function split(): array
+    {
+        $result = [];
+        foreach ($this->signatures as $signature) {
+            $jws = self::create(
+                $this->payload,
+                $this->encodedPayload,
+                $this->isPayloadDetached
+            );
+            $jws = $jws->addSignature(
+                 $signature->getSignature(),
+                 $signature->getProtectedHeader(),
+                 $signature->getEncodedProtectedHeader(),
+                 $signature->getHeader()
+             );
+
+            $result[] = $jws;
+        }
+
+        return $result;
+    }
 }
diff --git a/src/Component/Signature/Tests/JWSSplitTest.php b/src/Component/Signature/Tests/JWSSplitTest.php
@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 Spomky-Labs
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license.  See the LICENSE file for details.
+ */
+
+namespace Jose\Component\Signature\Tests;
+
+use Jose\Component\Core\Converter\StandardConverter;
+use Jose\Component\Signature\JWS;
+use Jose\Component\Signature\Serializer\JSONGeneralSerializer;
+
+/**
+ * @group JWS
+ */
+class JWSSplitTest extends SignatureTest
+{
+    /**
+     * @test
+     */
+    public function aJwsObjectWithMoreThanOneRecipientCanBeSplittedIntoSeveralJwsObjects()
+    {
+        $input = '{"payload":"SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4","signatures":[{"protected":"eyJhbGciOiJSUzI1NiJ9","header":{"kid":"bilbo.baggins@hobbiton.example"},"signature":"MIsjqtVlOpa71KE-Mss8_Nq2YH4FGhiocsqrgi5NvyG53uoimic1tcMdSg-qptrzZc7CG6Svw2Y13TDIqHzTUrL_lR2ZFcryNFiHkSw129EghGpwkpxaTn_THJTCglNbADko1MZBCdwzJxwqZc-1RlpO2HibUYyXSwO97BSe0_evZKdjvvKSgsIqjytKSeAMbhMBdMma622_BG5t4sdbuCHtFjp9iJmkio47AIwqkZV1aIZsv33uPUqBBCXbYoQJwt7mxPftHmNlGoOSMxR_3thmXTCm4US-xiNOyhbm8afKK64jU6_TPtQHiJeQJxz9G3Tx-083B745_AfYOnlC9w"},{"header":{"alg":"ES512","kid":"bilbo.baggins@hobbiton.example"},"signature":"ARcVLnaJJaUWG8fG-8t5BREVAuTY8n8YHjwDO1muhcdCoFZFFjfISu0Cdkn9Ybdlmi54ho0x924DUz8sK7ZXkhc7AFM8ObLfTvNCrqcI3Jkl2U5IX3utNhODH6v7xgy1Qahsn0fyb4zSAkje8bAWz4vIfj5pCMYxxm4fgV3q7ZYhm5eD"},{"protected":"eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9","signature":"s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"}]}';
+        $serializer = new JSONGeneralSerializer(new StandardConverter());
+        $jws = $serializer->unserialize($input);
+        $split = $jws->split();
+
+        self::assertEquals(3, $jws->countSignatures());
+        self::assertEquals(3, count($jws->split()));
+
+        for ($i = 0; $i < $jws->countSignatures(); $i++) {
+            $signature1 = $jws->getSignature($i);
+            $tempJws = $split[$i];
+            self::assertEquals(1, $tempJws->countSignatures());
+            self::assertEquals($jws->isPayloadDetached(), $tempJws->isPayloadDetached());
+            self::assertEquals($jws->getEncodedPayload(), $tempJws->getEncodedPayload());
+            self::assertEquals($jws->getPayload(), $tempJws->getPayload());
+
+            $signature2 = $tempJws->getSignature(0);
+            self::assertEquals($signature1->getSignature(), $signature2->getSignature());
+            self::assertEquals($signature1->getHeader(), $signature2->getHeader());
+            self::assertEquals($signature1->getEncodedProtectedHeader(), $signature2->getEncodedProtectedHeader());
+            self::assertEquals($signature1->getProtectedHeader(), $signature2->getProtectedHeader());
+        }
+    }
+}
