symfony · Nyholm · Dec 1, 2020 · Jul 12, 2021 · Jul 12, 2021 · Jul 12, 2021
diff --git a/composer.json b/composer.json
@@ -65,6 +65,7 @@
        "symfony/doctrine-bridge": "self.version",
        "symfony/dom-crawler": "self.version",
        "symfony/dotenv": "self.version",
+        "symfony/encryption": "self.version",
        "symfony/error-handler": "self.version",
        "symfony/event-dispatcher": "self.version",
        "symfony/expression-language": "self.version",

diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@@ -24,6 +24,7 @@
 use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Exception\LogicException;
+use Symfony\Component\Encryption\EncryptionInterface;
 use Symfony\Component\Form\Form;
 use Symfony\Component\HttpClient\HttpClient;
 use Symfony\Component\HttpFoundation\Cookie;
@@ -149,6 +150,7 @@ public function getConfigTreeBuilder()
        $this->addNotifierSection($rootNode, $enableIfStandalone);
        $this->addRateLimiterSection($rootNode, $enableIfStandalone);
        $this->addUidSection($rootNode, $enableIfStandalone);
+        $this->addEncryptionSection($rootNode, $enableIfStandalone);

        return $treeBuilder;
    }
@@ -1975,4 +1977,16 @@ private function addUidSection(ArrayNodeDefinition $rootNode, callable $enableIf
            ->end()
        ;
    }
+
+    private function addEncryptionSection(ArrayNodeDefinition $rootNode, callable $enableIfStandalone)
+    {
+        $rootNode
+            ->children()
+                ->arrayNode('encryption')
+                    ->info('Encryption configuration')
+                    ->{$enableIfStandalone('symfony/encryption', EncryptionInterface::class)}()
+                ->end()
+            ->end()
+        ;
+    }
 }
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -420,6 +420,7 @@ public function load(array $configs, ContainerBuilder $container)
        $this->registerAnnotationsConfiguration($config['annotations'], $container, $loader);
        $this->registerPropertyAccessConfiguration($config['property_access'], $container, $loader);
        $this->registerSecretsConfiguration($config['secrets'], $container, $loader);
+        $this->registerEncryptionConfiguration($config['encryption'], $container, $loader);

        if ($this->isConfigEnabled($container, $config['serializer'])) {
            if (!class_exists(\Symfony\Component\Serializer\Serializer::class)) {
@@ -636,6 +637,15 @@ private function registerHttpCacheConfiguration(array $config, ContainerBuilder
        }
    }

+    private function registerEncryptionConfiguration(array $config, ContainerBuilder $container, PhpFileLoader $loader)
+    {
+        if (!$this->isConfigEnabled($container, $config)) {
+            return;
+        }
+
+        $loader->load('encryption.php');
+    }
+
    private function registerEsiConfiguration(array $config, ContainerBuilder $container, PhpFileLoader $loader)
    {
        if (!$this->isConfigEnabled($container, $config)) {

diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/encryption.php b/src/Symfony/Bundle/FrameworkBundle/Resources/config/encryption.php
@@ -0,0 +1,23 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\DependencyInjection\Loader\Configurator;
+
+use Symfony\Component\Encryption\EncryptionInterface;
+use Symfony\Component\Encryption\Sodium\SodiumEncryption;
+
+return static function (ContainerConfigurator $container) {
+    $container->services()
+        ->set('encryption.sodium', SodiumEncryption::class)
+        ->alias(EncryptionInterface::class, 'encryption.sodium')
+        ->alias('encryption', 'encryption.sodium')
+    ;
+};
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
@@ -18,6 +18,7 @@
 use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\Config\Definition\Processor;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\Encryption\EncryptionInterface;
 use Symfony\Component\HttpClient\HttpClient;
 use Symfony\Component\Lock\Store\SemaphoreStore;
 use Symfony\Component\Mailer\Mailer;
@@ -576,6 +577,9 @@ class_exists(SemaphoreStore::class) && SemaphoreStore::isSupported() ? 'semaphor
                'name_based_uuid_version' => 5,
                'time_based_uuid_version' => 6,
            ],
+            'encryption' => [
+                'enabled' => !class_exists(FullStack::class) && interface_exists(EncryptionInterface::class),
+            ],
        ];
    }
 }
diff --git a/src/Symfony/Component/Encryption/.gitattributes b/src/Symfony/Component/Encryption/.gitattributes
@@ -0,0 +1,4 @@
+/.gitattributes export-ignore
+/.gitignore export-ignore
+/phpunit.xml.dist export-ignore
+/Tests export-ignore
diff --git a/src/Symfony/Component/Encryption/.gitignore b/src/Symfony/Component/Encryption/.gitignore
@@ -0,0 +1,3 @@
+composer.lock
+phpunit.xml
+vendor/
diff --git a/src/Symfony/Component/Encryption/CHANGELOG.md b/src/Symfony/Component/Encryption/CHANGELOG.md
@@ -0,0 +1,7 @@
+CHANGELOG
+=========
+
+6.0
+---
+
+ * Introduced the component as experimental
diff --git a/src/Symfony/Component/Encryption/EncryptionInterface.php b/src/Symfony/Component/Encryption/EncryptionInterface.php
@@ -0,0 +1,110 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption;
+
+use Symfony\Component\Encryption\Exception\DecryptionException;
+use Symfony\Component\Encryption\Exception\EncryptionException;
+use Symfony\Component\Encryption\Exception\InvalidKeyException;
+
+/**
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 6.0
+ */
+interface EncryptionInterface
+{
+    /**
+     * Generates a new key to be used for encryption.
+     *
+     * Don't lose your private key and make sure to keep it a secret.
+     *
+     * @param string|null $secret A secret to be used in symmetric encryption. A
+     *                            new secret is generated if none is provided.
+     */
+    public function generateKey(string $secret = null): KeyInterface;
+
+    /**
+     * Gets an encrypted version of the message.
+     *
+     * Symmetric encryption uses the same key to encrypt and decrypt a message.
+     * The key should be kept safe and should not be exposed to the public. Symmetric
+     * encryption should be used when you are sending the encrypted message to
+     * yourself.
+     *
+     * Example: You store a value on disk or in a cookie and don't want anyone else
+     * to read it.
+     *
+     * Symmetric encryption is in theory weaker than asymmetric encryption.
+     *
+     * <code>
+     *     $key = $encryption->generateKey();
+     *     $ciphertext = $encryption->encrypt('input', $key);
+     *     $message = $encryption->decrypt($ciphertext, $key);
+     * </code>
+     *
+     * @param string       $message Plain text version of the message
+     * @param KeyInterface $key     A key that holds a string secret
+     *
+     * @return string formatted as a Symfony Encryption Token
+     *
+     * @throws EncryptionException
+     * @throws InvalidKeyException
+     */
+    public function encrypt(string $message, KeyInterface $key): string;
+
+    /**
+     * Gets an encrypted version of the message that only the recipient can read.
+     *
+     * Asymmetric encryption uses a "key pair" i.e. a public key and a private key.
+     * It is safe to share the public key, but the private key should always be
+     * kept a secret.
+     *
+     * When Alice and Bob want to communicate securely, they share their public keys with
+     * each other. Alice will encrypt a message with Bob's public key. When Bob
+     * receives the message, he will decrypt it with his private key.
+     *
+     *
+     * <code>
+     *     // Bob:
+     *     $bobKey = $encryption->generateKey();
+     *     $bobPublicOnly = $bobKey->extractPublicKey();
+     *     // Bob sends $bobPublicOnly to Alice
+     *
+     *     // Alice:
+     *     $ciphertext = $encryption->encryptFor('input', $bobPublicOnly);
+     *     // Alice sends $ciphertext to Bob
+     *
+     *     // Bob:
+     *     $message = $encryption->decrypt($ciphertext, $bobKey);
+     * </code>
+     *
+     * @param string       $message      Plain text version of the message
+     * @param KeyInterface $recipientKey Key with a public key of the recipient
+     *
+     * @return string formatted as a Symfony Encryption Token
+     *
+     * @throws EncryptionException
+     * @throws InvalidKeyException
+     */
+    public function encryptFor(string $message, KeyInterface $recipientKey): string;
+
+    /**
+     * Gets a plain text version of the encrypted message.
+     *
+     * @param string       $message formatted in the Symfony Encryption Token format
+     * @param KeyInterface $key     Key of the recipient, it should contain a private key
+     *
+     * @throws DecryptionException
+     * @throws InvalidKeyException
+     */
+    public function decrypt(string $message, KeyInterface $key): string;
+}
diff --git a/src/Symfony/Component/Encryption/Exception/DecryptionException.php b/src/Symfony/Component/Encryption/Exception/DecryptionException.php
@@ -0,0 +1,27 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption\Exception;
+
+/**
+ * Thrown when a message cannot be decrypted.
+ *
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 6.0
+ */
+class DecryptionException extends \RuntimeException implements ExceptionInterface
+{
+    public function __construct(string $message = null, \Throwable $previous = null)
+    {
+        parent::__construct($message ?? 'Could not decrypt the ciphertext.', 0, $previous);
+    }
+}
diff --git a/src/Symfony/Component/Encryption/Exception/EncryptionException.php b/src/Symfony/Component/Encryption/Exception/EncryptionException.php
@@ -0,0 +1,27 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption\Exception;
+
+/**
+ * Thrown when a message cannot be encrypted.
+ *
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 6.0
+ */
+class EncryptionException extends \RuntimeException implements ExceptionInterface
+{
+    public function __construct(string $message = null, \Throwable $previous = null)
+    {
+        parent::__construct($message ?? 'Could not encrypt the message.', 0, $previous);
+    }
+}
diff --git a/src/Symfony/Component/Encryption/Exception/ExceptionInterface.php b/src/Symfony/Component/Encryption/Exception/ExceptionInterface.php
@@ -0,0 +1,23 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption\Exception;
+
+/**
+ * Base ExceptionInterface for the Encryption Component.
+ *
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 6.0
+ */
+interface ExceptionInterface extends \Throwable
+{
+}
diff --git a/src/Symfony/Component/Encryption/Exception/InvalidKeyException.php b/src/Symfony/Component/Encryption/Exception/InvalidKeyException.php
@@ -0,0 +1,27 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption\Exception;
+
+/**
+ * Thrown when there is an issue with the Key.
+ *
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 6.0
+ */
+class InvalidKeyException extends \RuntimeException implements ExceptionInterface
+{
+    public function __construct(string $message = null, \Throwable $previous = null)
+    {
+        parent::__construct($message ?? 'This key is not valid.', 0, $previous);
+    }
+}
diff --git a/src/Symfony/Component/Encryption/Exception/MalformedCipherException.php b/src/Symfony/Component/Encryption/Exception/MalformedCipherException.php
@@ -0,0 +1,25 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption\Exception;
+
+/**
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 6.0
+ */
+class MalformedCipherException extends DecryptionException
+{
+    public function __construct(string $message = null, \Throwable $previous = null)
+    {
+        parent::__construct($message ?? 'The message you provided is not a valid ciphertext.', $previous);
+    }
+}
diff --git a/src/Symfony/Component/Encryption/Exception/UnsupportedAlgorithmException.php b/src/Symfony/Component/Encryption/Exception/UnsupportedAlgorithmException.php
@@ -0,0 +1,25 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Encryption\Exception;
+
+/**
+ * @author Tobias Nyholm <tobias.nyholm@gmail.com>
+ *
+ * @experimental in 6.0
+ */
+class UnsupportedAlgorithmException extends DecryptionException
+{
+    public function __construct(string $algorithm, \Throwable $previous = null)
+    {
+        parent::__construct(sprintf('The ciphertext is encrypted with "%s" algorithm. Decryption of that algorithm is not supported.', $algorithm), $previous);
+    }
+}
-Original file line number
+Diff line change
@@ -0,0 +1,4 @@
+    /.gitattributes export-ignore
+    /.gitignore export-ignore
+    /phpunit.xml.dist export-ignore
                   Nyholm marked this conversation as resolved.
              

          
            Show resolved
            Hide resolved
        

                
  
            
  

  
    
  
    
      

              Uh oh!

              
There was an error while loading. Please reload this page.
+    /Tests export-ignore