8000 Support RSA algorithm signature · symfony/symfony@9c46285 · GitHub
[go: up one dir, main page]
Skip to content

Commit 9c46285

Browse files
louismariegaboritlouismariegaborit
committed
Support RSA algorithm signature
1 parent e172491 commit 9c46285

File tree

5 files changed

+34
-9
lines changed

5 files changed

+34
-9
lines changed

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ CHANGELOG
55
---
66

77
* Mark class `ExpressionCacheWarmer` as `final`
8+
* Support RSA algorithm for oidc token signature
89

910
7.0
1011
---

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ public function create(ContainerBuilder $container, string $id, array|string $co
3737

3838
// @see Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SignatureAlgorithmFactory
3939
// for supported algorithms
40-
if (\in_array($config['algorithm'], ['ES256', 'ES384', 'ES512'], true)) {
40+
if (\in_array($config['algorithm'], ['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'], true)) {
4141
$tokenHandlerDefinition->replaceArgument(0, new Reference('security.access_token_handler.oidc.signature.'.$config['algorithm']));
4242
} else {
4343
$tokenHandlerDefinition->replaceArgument(0, (new ChildDefinition('security.access_token_handler.oidc.signature'))

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SignatureAlgorithmFactory.php

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -25,19 +25,27 @@ final class SignatureAlgorithmFactory
2525
{
2626
public static function create(string $algorithm): AlgorithmInterface
2727
{
28+
$algorithmFqcn = Algorithm::class.'\\'.$algorithm;
29+
2830
switch ($algorithm) {
2931
case 'ES256':
3032
case 'ES384':
3133
case 'ES512':
32-
if (!class_exists(Algorithm::class.'\\'.$algorithm)) {
34+
if (!class_exists($algorithmFqcn)) {
3335
throw new \LogicException(sprintf('You cannot use the "%s" signature algorithm since "web-token/jwt-signature-algorithm-ecdsa" is not installed. Try running "composer require web-token/jwt-signature-algorithm-ecdsa".', $algorithm));
3436
}
35-
36-
$algorithm = Algorithm::class.'\\'.$algorithm;
37-
38-
return new $algorithm();
37+
break;
38+
case 'RS256':
39+
case 'RS384':
40+
case 'RS512':
41+
if (!class_exists($algorithmFqcn)) {
42+
throw new \LogicException(sprintf('You cannot use the "%s" signature algorithm since "web-token/jwt-signature-algor 10000 ithm-rsa" is not installed. Try running "composer require web-token/jwt-signature-algorithm-rsa".', $algorithm));
43+
}
44+
break;
45+
default:
46+
throw new InvalidArgumentException(sprintf('Unsupported signature algorithm "%s". Only ES* and RS256 algorithms are supported. If you want to use another algorithm, create your TokenHandler as a service.', $algorithm));
3947
}
40-
41-
throw new InvalidArgumentException(sprintf('Unsupported signature algorithm "%s". Only ES* algorithms are supported. If you want to use another algorithm, create your TokenHandler as a service.', $algorithm));
48+
49+
return new $algorithmFqcn();
4250
}
4351
}

src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_access_token.php

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@
1616
use Jose\Component\Signature\Algorithm\ES256;
1717
use Jose\Component\Signature\Algorithm\ES384;
1818
use Jose\Component\Signature\Algorithm\ES512;
19+
use Jose\Component\Signature\Algorithm\RS256;
20+
use Jose\Component\Signature\Algorithm\RS384;
21+
use Jose\Component\Signature\Algorithm\RS512;
1922
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SignatureAlgorithmFactory;
2023
use Symfony\Component\Security\Http\AccessToken\ChainAccessTokenExtractor;
2124
use Symfony\Component\Security\Http\AccessToken\FormEncodedBodyExtractor;
@@ -100,5 +103,17 @@
100103
->set('security.access_token_handler.oidc.signature.ES512', ES512::class)
101104
->parent('security.access_token_handler.oidc.signature')
102105
->args(['index_0' => 'ES512'])
106+
107+
->set('security.access_token_handler.oidc.signature.RS256', RS256::class)
108+
->parent('security.access_token_handler.oidc.signature')
109+
->args(['index_0' => 'RS256'])
110+
111+
->set('security.access_token_handler.oidc.signature.RS384', RS384::class)
112+
->parent('security.access_token_handler.oidc.signature')
113+
->args(['index_0' => 'RS384'])
114+
115+
->set('security.access_token_handler.oidc.signature.RS512', RS512::class)
116+
->parent('security.access_token_handler.oidc.signature')
117+
->args(['index_0' => 'RS512'])
103118
;
104119
};

src/Symfony/Component/Security/Http/composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,8 @@
3535
"symfony/translation": "^6.4|^7.0",
3636
"psr/log": "^1|^2|^3",
3737
"web-token/jwt-checker": "^3.1",
38-
"web-token/jwt-signature-algorithm-ecdsa": "^3.1"
38+
"web-token/jwt-signature-algorithm-ecdsa": "^3.1",
39+
"web-token/jwt-signature-algorithm-rsa": "^3.1",
3940
},
4041
"conflict": {
4142
"symfony/clock": "<6.4",

0 commit comments

Comments
 (0)
0