Support Defuse encryption

trikoder · Jun 6, 2019 · d83fefe · d83fefe
1 parent fbde15b
commit d83fefe
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 4 deletions.
diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -45,10 +45,16 @@ private function createAuthorizationServerNode(): NodeDefinition
                     ->defaultValue(null)
                 ->end()
                 ->scalarNode('encryption_key')
-                    ->info("The string used as an encryption key.\nHow to generate an encryption key: https://oauth2.thephpleague.com/installation/#string-password")
+                    ->info("The plain string or the ascii safe string used to create a \Defuse\Crypto\Key to be used as an encryption key.\nHow to generate an encryption key: https://oauth2.thephpleague.com/installation/#string-password")
                     ->isRequired()
                     ->cannotBeEmpty()
                 ->end()
+                ->enumNode('encryption_key_type')
+                    ->info("The type of value of 'encryption_key'")
+                    ->values(['plain', 'defuse'])
+                    ->defaultValue('plain')
+                    ->isRequired()
+                ->end()
                 ->scalarNode('access_token_ttl')
                     ->info("How long the issued access token should be valid for.\nThe value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters")
                     ->cannotBeEmpty()

diff --git a/DependencyInjection/TrikoderOAuth2Extension.php b/DependencyInjection/TrikoderOAuth2Extension.php
@@ -5,6 +5,7 @@
 namespace Trikoder\Bundle\OAuth2Bundle\DependencyInjection;
 
 use DateInterval;
+use Defuse\Crypto\Key;
 use Doctrine\Bundle\DoctrineBundle\DoctrineBundle;
 use League\OAuth2\Server\CryptKey;
 use LogicException;
@@ -139,9 +140,22 @@ private function configureAuthorizationServer(ContainerBuilder $container, array
                 $config['private_key'],
                 $config['private_key_passphrase'],
                 false,
-            ]))
-            ->replaceArgument('$encryptionKey', $config['encryption_key'])
-        ;
+            ]));
+
+        if ($config['encryption_key_type'] === 'plain') {
+            $authorizationServer->replaceArgument('$encryptionKey', $config['encryption_key']);
+        } elseif ($config['encryption_key_type'] === 'defuse') {
+            if (!class_exists(Key::class)) {
+                throw new \RuntimeException('You must install the "defuse/php-encryption" package to use "encryption_key_type: defuse".');
+            }
+
+            $keyDefinition = (new Definition(Key::class))
+                ->setFactory([Key::class, 'loadFromAsciiSafeString'])
+                ->addArgument($config['encryption_key']);
+            $container->setDefinition('trikoder.oauth2.defuse_key', $keyDefinition);
+
+            $authorizationServer->replaceArgument('$encryptionKey', new Reference('trikoder.oauth2.defuse_key'));
+        }
 
         if ($config['enable_client_credentials_grant']) {
             $authorizationServer->addMethodCall('enableGrantType', [