MC-38539: Introduce JWT wrapper

Author: ogorkun

app/code/Magento/JwtFrameworkAdapter/Model/JweManager.php

@@ -78,6 +78,9 @@ public function build(JweInterface $jwe, EncryptionSettingsInterface $encryption
 
         $sharedProtected = $this->extractHeaderData($jwe->getProtectedHeader());
         $sharedProtected['enc'] = $encryptionSettings->getContentEncryptionAlgorithm();
+        if ($payload->getContentType()) {
+            $sharedProtected['cty'] = $payload->getContentType();
+        }
         if (!$jwe->getPerRecipientUnprotectedHeaders()) {
             $sharedProtected['alg'] = $encryptionSettings->getAlgorithmName();
         }

dev/tests/integration/testsuite/Magento/Framework/Jwt/JwtManagerTest.php

@@ -546,6 +546,136 @@ public function getTokenVariants(): array
                         JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128_HS256
                     )
                 ]
+            ],
+            'jwe-ECDH-ES-with-EC' => [
+                $flatJwe,
+                new JweEncryptionJwks(
+                    $jwkFactory->createEncryptEcdhEsWithEc($ecKeys[256][1]),
+                    JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128_HS256
+                ),
+                [
+                    new JweEncryptionJwks(
+                        $jwkFactory->createDecryptEcdhEsWithEc($ecKeys[256][0], 'pass'),
+                        JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128_HS256
+                    )
+                ]
+            ],
+            'jwe-ECDH-ES-A128-with-EC' => [
+                $flatJwe,
+                new JweEncryptionJwks(
+                    $jwkFactory->createEncryptEcdhEsA128kwWithEc($ecKeys[256][1]),
+                    JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128_HS256
+                ),
+                [
+                    new JweEncryptionJwks(
+                        $jwkFactory->createDecryptEcdhEsA128kwWithEc($ecKeys[256][0], 'pass'),
+                        JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128_HS256
+                    )
+                ]
+            ],
+            'jwe-ECDH-ES-A192-with-EC' => [
+                $flatJwe,
+                new JweEncryptionJwks(
+                    $jwkFactory->createEncryptEcdhEsA192kwWithEc($ecKeys[256][1]),
+                    JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128_HS256
+                ),
+                [
+                    new JweEncryptionJwks(
+                        $jwkFactory->createDecryptEcdhEsA192kwWithEc($ecKeys[256][0], 'pass'),
+                        JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128_HS256
+                    )
+                ]
+            ],
+            'jwe-ECDH-ES-A256-with-EC' => [
+                $flatJwe,
+                new JweEncryptionJwks(
+                    $jwkFactory->createEncryptEcdhEsA256kwWithEc($ecKeys[256][1]),
+                    JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128_HS256
+                ),
+                [
+                    new JweEncryptionJwks(
+                        $jwkFactory->createDecryptEcdhEsA256kwWithEc($ecKeys[256][0], 'pass'),
+                        JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128_HS256
+                    )
+                ]
+            ],
+            'jwe-A128GCMKW' => [
+                $flatJwe,
+                new JweEncryptionJwks(
+                    $jwkFactory->createA128Gcmkw($sharedSecret),
+                    JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128GCM
+                ),
+                [
+                    new JweEncryptionJwks(
+                        $jwkFactory->createA128Gcmkw($sharedSecret),
+                        JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128GCM
+                    )
+                ]
+            ],
+            'jwe-A192GCMKW' => [
+                $flatJwe,
+                new JweEncryptionJwks(
+                    $jwkFactory->createA192Gcmkw($sharedSecret),
+                    JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128GCM
+                ),
+                [
+                    new JweEncryptionJwks(
+                        $jwkFactory->createA192Gcmkw($sharedSecret),
+                        JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128GCM
+                    )
+                ]
+            ],
+            'jwe-A256GCMKW' => [
+                $flatJwe,
+                new JweEncryptionJwks(
+                    $jwkFactory->createA256Gcmkw($sharedSecret),
+                    JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128GCM
+                ),
+                [
+                    new JweEncryptionJwks(
+                        $jwkFactory->createA256Gcmkw($sharedSecret),
+                        JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128GCM
+                    )
+                ]
+            ],
+            'jwe-PBES2-HS256+A128KW' => [
+                $flatJwe,
+                new JweEncryptionJwks(
+                    $jwkFactory->createPbes2Hs256A128kw($sharedSecret),
+                    JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128GCM
+                ),
+                [
+                    new JweEncryptionJwks(
+                        $jwkFactory->createPbes2Hs256A128kw($sharedSecret),
+                        JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128GCM
+                    )
+                ]
+            ],
+            'jwe-PBES2-HS384+A192KW' => [
+                $flatJwe,
+                new JweEncryptionJwks(
+                    $jwkFactory->createPbes2Hs384A192kw($sharedSecret),
+                    JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128GCM
+                ),
+                [
+                    new JweEncryptionJwks(
+                        $jwkFactory->createPbes2Hs384A192kw($sharedSecret),
+                        JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128GCM
+                    )
+                ]
+            ],
+            'jwe-PBES2-HS512+A256KW' => [
+                $flatJwe,
+                new JweEncryptionJwks(
+                    $jwkFactory->createPbes2Hs512A256kw($sharedSecret),
+                    JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128GCM
+                ),
+                [
+                    new JweEncryptionJwks(
+                        $jwkFactory->createPbes2Hs512A256kw($sharedSecret),
+                        JweEncryptionSettingsInterface::CONTENT_ENCRYPTION_ALGO_A128GCM
+                    )
+                ]
             ]
         ];
     }