web-token
diff --git a/‎.github/dependabot.yml‎
Lines changed: 17 additions & 6 deletions b/‎.github/dependabot.yml‎
Lines changed: 17 additions & 6 deletions
diff --git a/‎src/Bundle/JoseFramework/DataCollector/AlgorithmCollector.php‎
Lines changed: 1 addition & 24 deletions b/‎src/Bundle/JoseFramework/DataCollector/AlgorithmCollector.php‎
Lines changed: 1 addition & 24 deletions
diff --git a/‎src/Bundle/JoseFramework/Resources/config/Algorithms/encryption_ecdhes.php‎
Lines changed: 24 additions & 0 deletions b/‎src/Bundle/JoseFramework/Resources/config/Algorithms/encryption_ecdhes.php‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎src/Component/Encryption/JWEBuilder.php‎
Lines changed: 29 additions & 1 deletion b/‎src/Component/Encryption/JWEBuilder.php‎
Lines changed: 29 additions & 1 deletion
@@ -1,8 +1,19 @@
 version: 2
 updates:
-- package-ecosystem: composer
-  directory: "/"
-  schedule:
-    interval: daily
-    time: "11:00"
-  open-pull-requests-limit: 10
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "friday"
+    versioning-strategy: "increase"
+    open-pull-requests-limit: 20
+    allow:
+      - dependency-type: all
+    labels: ["Dependencies"]
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 20
+    labels: ["Dependencies"]
@@ -5,7 +5,6 @@
 namespace Jose\Bundle\JoseFramework\DataCollector;
 
 use function array_key_exists;
-use function function_exists;
 use Jose\Component\Core\Algorithm;
 use Jose\Component\Core\AlgorithmManagerFactory;
 use Jose\Component\Encryption\Algorithm\ContentEncryptionAlgorithm;
@@ -93,7 +92,7 @@ private function getAlgorithmType(
 
     private function getAlgorithmMessages(): array
     {
-        $messages = [
+        return [
             'none' => [
                 'severity' => 'severity-low',
                 'message' => 'This algorithm is not secured. Please use with caution.',
@@ -195,27 +194,5 @@ private function getAlgorithmMessages(): array
                 'message' => 'This algorithm is not secured (known attacks). See <a target="_blank" href="https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-5">https://tools.ietf.org/html/draft-irtf-cfrg-webcrypto-algorithms-00#section-5</a>.',
             ],
         ];
-        if (! function_exists('openssl_pkey_derive')) {
-            $messages += [
-                'ECDH-ES' => [
-                    'severity' => 'severity-medium',
-                    'message' => 'This algorithm is very slow when used with curves P-256, P-384, P-521 with php 7.2 and below.',
-                ],
-                'ECDH-ES+A128KW' => [
-                    'severity' => 'severity-medium',
-                    'message' => 'This algorithm is very slow when used with curves P-256, P-384, P-521 with php 7.2 and below.',
-                ],
-                'ECDH-ES+A192KW' => [
-                    'severity' => 'severity-medium',
-                    'message' => 'This algorithm is very slow when used with curves P-256, P-384, P-521 with php 7.2 and below.',
-                ],
-                'ECDH-ES+A256KW' => [
-                    'severity' => 'severity-medium',
-                    'message' => 'This algorithm is very slow when used with curves P-256, P-384, P-521 with php 7.2 and below.',
-                ],
-            ];
-        }
-
-        return $messages;
     }
 }
@@ -6,6 +6,10 @@
 use Jose\Component\Encryption\Algorithm\KeyEncryption\ECDHESA128KW;
 use Jose\Component\Encryption\Algorithm\KeyEncryption\ECDHESA192KW;
 use Jose\Component\Encryption\Algorithm\KeyEncryption\ECDHESA256KW;
+use Jose\Component\Encryption\Algorithm\KeyEncryption\ECDHSS;
+use Jose\Component\Encryption\Algorithm\KeyEncryption\ECDHSSA128KW;
+use Jose\Component\Encryption\Algorithm\KeyEncryption\ECDHSSA192KW;
+use Jose\Component\Encryption\Algorithm\KeyEncryption\ECDHSSA256KW;
 
 /*
  * The MIT License (MIT)
@@ -44,4 +48,24 @@
         ->tag('jose.algorithm', [
             'alias' => 'ECDH-ES+A256KW',
         ]);
+
+    $container->set(ECDHSS::class)
+        ->tag('jose.algorithm', [
+            'alias' => 'ECDH-SS',
+        ]);
+
+    $container->set(ECDHSSA128KW::class)
+        ->tag('jose.algorithm', [
+            'alias' => 'ECDH-SS+A128KW',
+        ]);
+
+    $container->set(ECDHSSA192KW::class)
+        ->tag('jose.algorithm', [
+            'alias' => 'ECDH-SS+A192KW',
+        ]);
+
+    $container->set(ECDHSSA256KW::class)
+        ->tag('jose.algorithm', [
+            'alias' => 'ECDH-SS+A256KW',
+        ]);
 };
@@ -27,6 +27,8 @@
 
 class JWEBuilder
 {
+    protected ?JWK $senderKey = null;
+
     protected ?string $payload = null;
 
     protected ?string $aad = null;
@@ -55,6 +57,7 @@ public function __construct(
      */
     public function create(): self
     {
+        $this->senderKey = null;
         $this->payload = null;
         $this->aad = null;
         $this->recipients = [];
@@ -188,6 +191,31 @@ public function addRecipient(JWK $recipientKey, array $recipientHeader = []): se
         return $clone;
     }
 
+    //TODO: Verify if the key is compatible with the key encrytion algorithm like is done to the ECDH-ES
+    /**
+     * Set the sender JWK to be used instead of the internal generated JWK
+     */
+    public function withSenderKey(JWK $senderKey): self
+    {
+        $clone = clone $this;
+        $completeHeader = array_merge($clone->sharedHeader, $clone->sharedProtectedHeader);
+        $keyEncryptionAlgorithm = $clone->getKeyEncryptionAlgorithm($completeHeader);
+        if ($clone->keyManagementMode === null) {
+            $clone->keyManagementMode = $keyEncryptionAlgorithm->getKeyManagementMode();
+        } else {
+            if (! $clone->areKeyManagementModesCompatible(
+                $clone->keyManagementMode,
+                $keyEncryptionAlgorithm->getKeyManagementMode()
+            )) {
+                throw new InvalidArgumentException('Foreign key management mode forbidden.');
+            }
+        }
+        $clone->checkKey($keyEncryptionAlgorithm, $senderKey);
+        $clone->senderKey = $senderKey;
+
+        return $clone;
+    }
+
     /**
      * Builds the JWE.
      */
@@ -255,7 +283,7 @@ private function processRecipient(array $recipient, string $cek, array &$additio
             $keyEncryptionAlgorithm,
             $additionalHeader,
             $recipient['key'],
-            $recipient['sender_key'] ?? null
+            $recipient['sender_key'] ?? $this->senderKey ?? null
         );
         $recipientHeader = $recipient['header'];
         if ((is_countable($additionalHeader) ? count($additionalHeader) : 0) !== 0 && count($this->recipients) !== 1) {