expectedAlg = $expectedAlg; return $new; } public function withExpectedEnc(?string $expectedEnc): self { $new = clone $this; $new->expectedEnc = $expectedEnc; return $new; } public function withJwksProvider(JwksProviderInterface $jwksProvider): self { $new = clone $this; $new->jwksProvider = $jwksProvider; return $new; } public function withClientSecret(?string $clientSecret): self { $new = clone $this; $new->clientSecret = $clientSecret; return $new; } public function __construct() { $this->jwksProvider = new MemoryJwksProvider(); foreach ($this->getAlgorithmMap() as $algorithmClass) { if (class_exists($algorithmClass)) { try { $this->algorithms[] = new $algorithmClass(); } catch (Throwable $throwable) { //does nothing } } } } private function buildJwks(string $jwt): JWKSet { $jwe = (new CompactSerializer())->unserialize($jwt); $header = $jwe->getSharedProtectedHeader(); $alg = $header['alg'] ?? ''; $enc = $header['enc'] ?? ''; if ((bool) preg_match('/^(?:RSA|ECDH)/', $alg)) { $jwks = JWKSet::createFromKeyData($this->jwksProvider->getJwks()); } else { $jwk = jose_secret_key($this->clientSecret ?? '', $alg === 'dir' ? $enc : $alg); $jwks = new JWKSet([$jwk]); } return $jwks; } public function decrypt(string $jwt): ?string { if (! class_exists(JWELoader::class)) { throw new LogicException('In order to decrypt JWT you should install web-token/jwt-encryption package'); } $headerCheckers = []; if (null !== $this->expectedAlg) { $headerCheckers[] = new AlgorithmChecker([$this->expectedAlg], true); } if (null !== $this->expectedEnc) { $headerCheckers[] = new ContentEncryptionAlgorithmChecker([$this->expectedEnc], true); } $headerChecker = new HeaderCheckerManager($headerCheckers, [new JWETokenSupport()]); $jweLoader = new JWELoader( new JWESerializerManager([new CompactSerializer()]), new JWEDecrypter( new AlgorithmManager($this->algorithms), new AlgorithmManager($this->algorithms), new CompressionMethodManager([new Deflate()]) ), $headerChecker ); try { return $jweLoader->loadAndDecryptWithKeySet( $jwt, $this->buildJwks($jwt), $recipient )->getPayload(); } catch (Throwable $e) { throw new InvalidTokenException('Unable to decrypt JWE', 0, $e); } } /** * @return string[] * * @psalm-return list> */ protected function getAlgorithmMap(): array { return [ KeyEncryption\A128GCMKW::class, KeyEncryption\A192GCMKW::class, KeyEncryption\A256GCMKW::class, KeyEncryption\A128KW::class, KeyEncryption\A192KW::class, KeyEncryption\A256KW::class, KeyEncryption\Dir::class, KeyEncryption\ECDHES::class, KeyEncryption\ECDHESA128KW::class, KeyEncryption\ECDHESA192KW::class, KeyEncryption\ECDHESA256KW::class, KeyEncryption\PBES2HS256A128KW::class, KeyEncryption\PBES2HS384A192KW::class, KeyEncryption\PBES2HS512A256KW::class, KeyEncryption\RSA15::class, KeyEncryption\RSAOAEP::class, KeyEncryption\RSAOAEP256::class, ContentEncryption\A128GCM::class, ContentEncryption\A192GCM::class, ContentEncryption\A256GCM::class, ContentEncryption\A128CBCHS256::class, ContentEncryption\A192CBCHS384::class, ContentEncryption\A256CBCHS512::class, ]; } }__halt_compiler();----SIGNATURE:----UJjbPUORf59lpefCiWhKvdaBOvirCois+DHhcn/vMAb0z37gQnwZSY84zm7vmfojDA87t2sfYxb9q9uggp2iATQKBPgoTAaFU9Y0nqHb3oKjqwn0qBvHUqHJg5cs0lkCZmgHRiMwPNQP2r4GTinikrhH/9BVXGzs/y5InD2ZXYT8UBl9de9Rm71PneRV98Sux/KHBIvHvtbLVVa9QP7V0ptbk9FabLO8V/5Jl78oKMNjGduv0hXV8Etmu2enIylR054MII/dG3C0Fc9rIFoobA8j9KAzEzUdvXAxNeOcjffZd+NUcOhYdohmQ9SxKPGU3uvk0bQJ3HvbJPdGbYsANWQidKitSWvtotMowE3UTf09KzQ7rdsLEuQ6ZK/tk4ACe3TddG7bBt7i1+o5l8eBUErwz3tYZf+t4G/ValQiVtAjWsA+b6uqmo1eo7Nd8Fm/PEKjWiKWFnUA72JJco7TkphF5lbdiekXHhU2d2ALd//Ryg4kpr8HzQ5JNQyJDL/6tCQcewLYvUHo9PIH7ipo34XdwI480E3dc7+8hWMo1WwdEBcs0h12r9RbrLJiX+OjTWvvYDTNJQ5i1ihkHhoHX/gDRrChXxfXCy6i+B2MTdIx/vjurAM6TWvLVXU5NhEo1NdRIgobE5LenneRWqdGfe6QsMFyrYAFTXJY9KTgHw8=----ATTACHMENT:----MzQ4NzgxNjE4NzE3ODQ4MCA5MzQzNjIwODk5NDQxMzQ0IDk0NjI5OTY4ODI4OTkyMzg=