8000 Remove RSA algorithm support · symfony/symfony@aa228fc · GitHub
[go: up one dir, main page]
Skip to content

Commit aa228fc

Browse files
louismariegaboritlouismariegaborit
committed
Remove RSA algorithm support
1 parent 615b64e commit aa228fc

File tree

6 files changed

+9
-23
lines changed

6 files changed

+9
-23
lines changed

composer.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -157,8 +157,7 @@
157157
"twig/inky-extra": "^2.12|^3",
158158
"twig/markdown-extra": "^2.12|^3",
159159
"web-token/jwt-checker": "^3.1",
160-
"web-token/jwt-signature-algorithm-ecdsa": "^3.1",
161-
"web-token/jwt-signature-algorithm-rsa": "^3.1"
160+
"web-token/jwt-signature-algorithm-ecdsa": "^3.1"
162161
},
163162
"conflict": {
164163
"ext-psr": "<1.1|>=2",

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@ CHANGELOG
66

77
* Mark class `ExpressionCacheWarmer` as `final`
88
* Add `jwks_url` option in oidc token handler configuration
9-
* Support RS256 algorithm for oidc token signature
109

1110
7.0
1211
---

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ public function create(ContainerBuilder $container, string $id, array|string $co
3838

3939
// @see Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SignatureAlgorithmFactory
4040
// for supported algorithms
41-
if (\in_array($config['algorithm'], ['ES256', 'ES384', 'ES512', 'RS256'], true)) {
41+
if (\in_array($config['algorithm'], ['ES256', 'ES384', 'ES512'], true)) {
4242
$tokenHandlerDefinition->replaceArgument(0, new Reference('security.access_token_handler.oidc.signature.'.$config['algorithm']));
4343
} else {
4444
$tokenHandlerDefinition->replaceArgument(0, (new ChildDefinition('security.access_token_handler.oidc.signature'))

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/SignatureAlgorithmFactory.php

Lines changed: 6 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -25,25 +25,19 @@ final class SignatureAlgorithmFactory
2525
{
2626
public static function create(string $algorithm): AlgorithmInterface
2727
{
28-
$algorithmFqcn = Algorithm::class.'\\'.$algorithm;
29-
3028
switch ($algorithm) {
3129
case 'ES256':
3230
case 'ES384':
3331
case 'ES512':
34-
if (!class_exists($algorithmFqcn)) {
32+
if (!class_exists(Algorithm::class.'\\'.$algorithm)) {
3533
throw new \LogicException(sprintf('You cannot use the "%s" signature algorithm since "web-token/jwt-signature-algorithm-ecdsa" is not installed. Try running "composer require web-token/jwt-signature-algorithm-ecdsa".', $algorithm));
3634
}
37-
break;
38-
case 'RS256':
39-
if (!class_exists($algorithmFqcn)) {
40-
throw new \LogicException(sprintf('You cannot use the "%s" signature algorithm since "web-token/jwt-signature-algorithm-rsa" is not installed. Try running "composer require web-token/jwt-signature-algorithm-rsa".', $algorithm));
41-
}
42-
break;
43-
default:
44-
throw new InvalidArgumentException(sprintf('Unsupported signature algorithm "%s". Only ES* and RS256 algorithms are supported. If you want to use another algorithm, create your TokenHandler as a service.', $algorithm));
35+
36+
$algorithm = Algorithm::class.'\\'.$algorithm;
37+
38+
return new $algorithm();
4539
}
4640

47-
return new $algorithmFqcn();
41+
throw new InvalidArgumentException(sprintf('Unsupported signature algorithm "%s". Only ES* algorithms are supported. If you want to use another algorithm, create your TokenHandler as a service.', $algorithm));
4842
}
4943
}

src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_access_token.php

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@
1717
use Jose\Component\Signature\Algorithm\ES256;
1818
use Jose\Component\Signature\Algorithm\ES384;
1919
use Jose\Component\Signature\Algorithm\ES512;
20-
use Jose\Component\Signature\Algorithm\RS256;
2120
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SignatureAlgorithmFactory;
2221
use Symfony\Component\Security\Http\AccessToken\ChainAccessTokenExtractor;
2322
use Symfony\Component\Security\Http\AccessToken\FormEncodedBodyExtractor;
@@ -109,9 +108,5 @@
109108
->set('security.access_token_handler.oidc.signature.ES512', ES512::class)
110109
->parent('security.access_token_handler.oidc.signature')
111110
->args(['index_0' => 'ES512'])
112-
113-
->set('security.access_token_handler.oidc.signature.RS256', RS256::class)
114-
->parent('security.access_token_handler.oidc.signature')
115-
->args(['index_0' => 'RS256'])
116111
;
117112
};

src/Symfony/Component/Security/Http/composer.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,7 @@
3535
"symfony/translation": "^6.4|^7.0",
3636
"psr/log": "^1|^2|^3",
3737
"web-token/jwt-checker": "^3.1",
38-
"web-token/jwt-signature-algorithm-ecdsa": "^3.1",
39-
"web-token/jwt-signature-algorithm-rsa": "^3.1"
38+
"web-token/jwt-signature-algorithm-ecdsa": "^3.1"
4039
},
4140
"conflict": {
4241
"symfony/clock": "<6.4",

0 commit comments

Comments
 (0)
0