Failed Conditions
Push — master ( 3f1a05...a3cbe3 )
by Florent
07:53
created

IdTokenSource::load()   A

Complexity

Conditions 2
Paths 2

Size

Total Lines 15
Code Lines 12

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
dl 0
loc 15
rs 9.4285
c 0
b 0
f 0
cc 2
eloc 12
nc 2
nop 2
1
<?php
2
3
declare(strict_types=1);
4
5
/*
6
 * The MIT License (MIT)
7
 *
8
 * Copyright (c) 2014-2018 Spomky-Labs
9
 *
10
 * This software may be modified and distributed under the terms
11
 * of the MIT license.  See the LICENSE file for details.
12
 */
13
14
namespace OAuth2Framework\ServerBundle\Component\OpenIdConnect;
15
16
use Jose\Bundle\JoseFramework\Helper\ConfigurationHelper;
17
use OAuth2Framework\ServerBundle\Component\Component;
18
use OAuth2Framework\ServerBundle\Component\OpenIdConnect\Compiler\ClaimSourceCompilerPass;
19
use OAuth2Framework\ServerBundle\Component\OpenIdConnect\Compiler\IdTokenMetadataCompilerPass;
20
use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
21
use Symfony\Component\DependencyInjection\ContainerBuilder;
22
23
class IdTokenSource implements Component
24
{
25
    /**
26
     * {@inheritdoc}
27
     */
28
    public function name(): string
29
    {
30
        return 'id_token';
31
    }
32
33
    /**
34
     * {@inheritdoc}
35
     */
36
    public function load(array $configs, ContainerBuilder $container)
37
    {
38
        $config = $configs['openid_connect'][$this->name()];
39
        $container->setParameter('oauth2_server.openid_connect.id_token.lifetime', $config['lifetime']);
40
        $container->setParameter('oauth2_server.openid_connect.id_token.default_signature_algorithm', $config['default_signature_algorithm']);
41
        $container->setParameter('oauth2_server.openid_connect.id_token.signature_algorithms', $config['signature_algorithms']);
42
        $container->setParameter('oauth2_server.openid_connect.id_token.signature_keys', $config['signature_keys']);
43
        $container->setParameter('oauth2_server.openid_connect.id_token.claim_checkers', $config['claim_checkers']);
44
        $container->setParameter('oauth2_server.openid_connect.id_token.header_checkers', $config['header_checkers']);
45
        $container->setParameter('oauth2_server.openid_connect.id_token.encryption.enabled', $config['encryption']['enabled']);
46
        if ($config['encryption']['enabled']) {
47
            $container->setParameter('oauth2_server.openid_connect.id_token.encryption.key_encryption_algorithms', $config['encryption']['key_encryption_algorithms']);
48
            $container->setParameter('oauth2_server.openid_connect.id_token.encryption.content_encryption_algorithms', $config['encryption']['content_encryption_algorithms']);
49
        }
50
    }
51
52
    /**
53
     * {@inheritdoc}
54
     */
55
    public function getNodeDefinition(ArrayNodeDefinition $node, ArrayNodeDefinition $rootNode)
56
    {
57
        $node->children()
58
            ->arrayNode($this->name())
59
                ->addDefaultsIfNotSet()
60
                ->validate()
61
                    ->ifTrue(function ($config) {
62
                        return empty($config['default_signature_algorithm']);
63
                    })
64
                    ->thenInvalid('The option "default_signature_algorithm" must be set.')
65
                ->end()
66
                ->validate()
67
                    ->ifTrue(function ($config) {
68
                        return empty($config['signature_algorithms']);
69
                    })
70
                    ->thenInvalid('The option "signature_algorithm" must contain at least one signature algorithm.')
71
                ->end()
72
                ->validate()
73
                    ->ifTrue(function ($config) {
74
                        return !in_array($config['default_signature_algorithm'], $config['signature_algorithms']);
75
                    })
76
                    ->thenInvalid('The default signature algorithm must be in the supported signature algorithms.')
77
                ->end()
78
                ->children()
79
                    ->scalarNode('default_signature_algorithm')
80
                    ->info('Signature algorithm used if the client has not defined a preferred one. Recommended value is "RS256".')
81
                ->end()
82
                ->arrayNode('signature_algorithms')
83
                    ->info('Signature algorithm used to sign the ID Tokens.')
84
                    ->useAttributeAsKey('name')
85
                    ->scalarPrototype()->end()
86
                    ->treatNullLike([])
87
                    ->treatFalseLike([])
88
                ->end()
89
                ->scalarNode('signature_keys')
90
                    ->info('Signature keys used to sign the ID tokens.')
91
                ->end()
92
                ->arrayNode('claim_checkers')
93
                    ->info('Checkers will verify the JWT claims.')
94
                    ->useAttributeAsKey('name')
95
                    ->scalarPrototype()->end()
96
                    ->treatNullLike(['exp', 'iat', 'nbf'])
97
                ->end()
98
                ->arrayNode('header_checkers')
99
                    ->info('Checkers will verify the JWT headers.')
100
                    ->useAttributeAsKey('name')
101
                    ->scalarPrototype()->end()
102
                    ->treatNullLike([])
103
                    ->treatFalseLike([])
104
                ->end()
105
                ->integerNode('lifetime')
106
                    ->info('Lifetime of the ID Tokens (in seconds). If an access token is issued with the ID Token, the lifetime of the access token is used instead of this value.')
107
                    ->defaultValue(3600)
108
                    ->min(1)
109
                ->end()
110
                ->arrayNode('encryption')
111
                    ->canBeEnabled()
112
                    ->children()
113
                        ->arrayNode('key_encryption_algorithms')
114
                            ->info('Supported key encryption algorithms.')
115
                            ->useAttributeAsKey('name')
116
                            ->scalarPrototype()->end()
117
                            ->treatNullLike([])
118
                            ->treatFalseLike([])
119
                        ->end()
120
                        ->arrayNode('content_encryption_algorithms')
121
                            ->info('Supported content encryption algorithms.')
122
                            ->useAttributeAsKey('name')
123
                            ->scalarPrototype()->end()
124
                            ->treatNullLike([])
125
                            ->treatFalseLike([])
126
                        ->end()
127
                    ->end()
128
                ->end()
129
            ->end()
130
        ->end();
131
    }
132
133
    /**
134
     * {@inheritdoc}
135
     */
136
    public function build(ContainerBuilder $container)
137
    {
138
        $container->addCompilerPass(new ClaimSourceCompilerPass());
139
        $container->addCompilerPass(new IdTokenMetadataCompilerPass());
140
    }
141
142
    /**
143
     * {@inheritdoc}
144
     */
145
    public function prepend(ContainerBuilder $container, array $config): array
146
    {
147
        $sourceConfig = $config['openid_connect'][$this->name()];
148
149
        ConfigurationHelper::addKeyset($container, 'oauth2_server.openid_connect.id_token', 'jwkset', ['value' => $sourceConfig['signature_keys']], false);
150
        ConfigurationHelper::addJWSBuilder($container, 'oauth2_server.openid_connect.id_token', $sourceConfig['signature_algorithms'], false);
151
        ConfigurationHelper::addJWSLoader($container, 'oauth2_server.openid_connect.id_token', ['jws_compact'], $sourceConfig['signature_algorithms'], [], false);
152
        if ($sourceConfig['encryption']['enabled']) {
153
            ConfigurationHelper::addJWEBuilder($container, 'oauth2_server.openid_connect.id_token', $sourceConfig['encryption']['key_encryption_algorithms'], $sourceConfig['encryption']['content_encryption_algorithms'], ['DEF'], false);
154
            ConfigurationHelper::addJWELoader($container, 'oauth2_server.openid_connect.id_token', ['jwe_compact'], $sourceConfig['encryption']['key_encryption_algorithms'], $sourceConfig['encryption']['content_encryption_algorithms'], ['DEF'], [], false);
155
        }
156
157
        return [];
158
    }
159
}
160