Merge master into release-5.x

simplesamlphp · May 5, 2024 · 5d6a239 · 5d6a239
1 parent 804c8e4
commit 5d6a239
Show file tree

Hide file tree

Showing 369 changed files with 3,544 additions and 4,944 deletions.
diff --git a/phpunit.xml b/phpunit.xml
@@ -1,9 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" backupGlobals="false" backupStaticAttributes="false" colors="true" convertErrorsToExceptions="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" processIsolation="true" stopOnFailure="false" bootstrap="./tests/autoload.php" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
-  <coverage processUncoveredFiles="true">
-    <include>
-      <directory>./src</directory>
-    </include>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" backupGlobals="false" colors="true" processIsolation="true" stopOnFailure="false" bootstrap="./tests/autoload.php" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/11.1/phpunit.xsd" cacheDirectory=".phpunit.cache" backupStaticProperties="false">
+  <coverage>
     <report>
       <clover outputFile="build/logs/clover.xml"/>
     </report>
@@ -13,8 +10,10 @@
       <directory>./tests</directory>
     </testsuite>
   </testsuites>
-  <listeners>
-    <listener class="\Mockery\Adapter\Phpunit\TestListener"/>
-  </listeners>
   <logging/>
+  <source>
+    <include>
+      <directory>./src</directory>
+    </include>
+  </source>
 </phpunit>
diff --git a/src/SAML2/Assertion/Decrypter.php b/src/SAML2/Assertion/Decrypter.php
@@ -8,15 +8,13 @@
 use Psr\Log\LoggerInterface;
 use SimpleSAML\SAML2\Assertion\Exception\NotDecryptedException;
 use SimpleSAML\SAML2\Certificate\PrivateKeyLoader;
-use SimpleSAML\SAML2\Compat\ContainerSingleton;
 use SimpleSAML\SAML2\Configuration\IdentityProvider;
 use SimpleSAML\SAML2\Configuration\ServiceProvider;
 use SimpleSAML\SAML2\XML\saml\Assertion;
 use SimpleSAML\SAML2\XML\saml\EncryptedAssertion;
 
 use function count;
 use function get_class;
-use function is_null;
 use function sprintf;
 
 class Decrypter

diff --git a/src/SAML2/Assertion/ProcessorBuilder.php b/src/SAML2/Assertion/ProcessorBuilder.php
@@ -129,12 +129,12 @@ private static function createSubjectConfirmationValidator(
      */
     private static function createAssertionTransformerChain(
         LoggerInterface $logger,
-        PrivateKeyLoader $keyloader,
+        PrivateKeyLoader $keyLoader,
         IdentityProvider $identityProvider,
         ServiceProvider $serviceProvider,
     ): TransformerChain {
         $chain = new TransformerChain($identityProvider, $serviceProvider);
-        $chain->addTransformerStep(new NameIdDecryptionTransformer($logger, $keyloader));
+        $chain->addTransformerStep(new NameIdDecryptionTransformer($logger, $keyLoader));
 
         return $chain;
     }

diff --git a/src/SAML2/Assertion/Transformer/NameIdDecryptionTransformer.php b/src/SAML2/Assertion/Transformer/NameIdDecryptionTransformer.php
@@ -9,7 +9,6 @@
 use SimpleSAML\Assert\Assert;
 use SimpleSAML\SAML2\Assertion\Exception\NotDecryptedException;
 use SimpleSAML\SAML2\Certificate\PrivateKeyLoader;
-use SimpleSAML\SAML2\Compat\ContainerSingleton;
 use SimpleSAML\SAML2\Configuration\IdentityProvider;
 use SimpleSAML\SAML2\Configuration\IdentityProviderAware;
 use SimpleSAML\SAML2\Configuration\ServiceProvider;
@@ -20,7 +19,6 @@
 use SimpleSAML\SAML2\XML\saml\Subject;
 
 use function get_class;
-use function is_null;
 use function sprintf;
 
 final class NameIdDecryptionTransformer implements

diff --git a/src/SAML2/Assertion/Transformer/TransformerChain.php b/src/SAML2/Assertion/Transformer/TransformerChain.php
@@ -4,11 +4,11 @@
 
 namespace SimpleSAML\SAML2\Assertion\Transformer;
 
-use SimpleSAML\SAML2\XML\saml\Assertion;
 use SimpleSAML\SAML2\Configuration\IdentityProvider;
 use SimpleSAML\SAML2\Configuration\IdentityProviderAware;
 use SimpleSAML\SAML2\Configuration\ServiceProvider;
 use SimpleSAML\SAML2\Configuration\ServiceProviderAware;
+use SimpleSAML\SAML2\XML\saml\Assertion;
 
 class TransformerChain implements TransformerInterface
 {

diff --git a/src/SAML2/Assertion/Validation/ConstraintValidator/NotBefore.php b/src/SAML2/Assertion/Validation/ConstraintValidator/NotBefore.php
@@ -5,10 +5,10 @@
 namespace SimpleSAML\SAML2\Assertion\Validation\ConstraintValidator;
 
 use DateInterval;
-use SimpleSAML\SAML2\XML\saml\Assertion;
 use SimpleSAML\SAML2\Assertion\Validation\AssertionConstraintValidator;
 use SimpleSAML\SAML2\Assertion\Validation\Result;
 use SimpleSAML\SAML2\Utils;
+use SimpleSAML\SAML2\XML\saml\Assertion;
 
 class NotBefore implements AssertionConstraintValidator
 {

diff --git a/src/SAML2/Assertion/Validation/ConstraintValidator/SessionNotOnOrAfter.php b/src/SAML2/Assertion/Validation/ConstraintValidator/SessionNotOnOrAfter.php
@@ -5,10 +5,10 @@
 namespace SimpleSAML\SAML2\Assertion\Validation\ConstraintValidator;
 
 use DateInterval;
-use SimpleSAML\SAML2\XML\saml\Assertion;
 use SimpleSAML\SAML2\Assertion\Validation\AssertionConstraintValidator;
 use SimpleSAML\SAML2\Assertion\Validation\Result;
 use SimpleSAML\SAML2\Utils;
+use SimpleSAML\SAML2\XML\saml\Assertion;
 
 class SessionNotOnOrAfter implements AssertionConstraintValidator
 {

diff --git a/src/SAML2/Assertion/Validation/ConstraintValidator/SpIsValidAudience.php b/src/SAML2/Assertion/Validation/ConstraintValidator/SpIsValidAudience.php
@@ -5,11 +5,11 @@
 namespace SimpleSAML\SAML2\Assertion\Validation\ConstraintValidator;
 
 use SimpleSAML\Assert\Assert;
-use SimpleSAML\SAML2\XML\saml\Assertion;
 use SimpleSAML\SAML2\Assertion\Validation\AssertionConstraintValidator;
 use SimpleSAML\SAML2\Assertion\Validation\Result;
 use SimpleSAML\SAML2\Configuration\ServiceProvider;
 use SimpleSAML\SAML2\Configuration\ServiceProviderAware;
+use SimpleSAML\SAML2\XML\saml\Assertion;
 
 use function implode;
 use function sprintf;

diff --git a/src/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationNotBefore.php b/src/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationNotBefore.php
@@ -4,7 +4,6 @@
 
 namespace SimpleSAML\SAML2\Assertion\Validation\ConstraintValidator;
 
-use Psr\Clock\ClockInterface;
 use DateInterval;
 use SimpleSAML\Assert\Assert;
 use SimpleSAML\SAML2\Assertion\Validation\Result;

diff --git a/src/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationNotOnOrAfter.php b/src/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationNotOnOrAfter.php
@@ -8,8 +8,8 @@
 use SimpleSAML\Assert\Assert;
 use SimpleSAML\SAML2\Assertion\Validation\Result;
 use SimpleSAML\SAML2\Assertion\Validation\SubjectConfirmationConstraintValidator;
-use SimpleSAML\SAML2\XML\saml\SubjectConfirmation;
 use SimpleSAML\SAML2\Utils;
+use SimpleSAML\SAML2\XML\saml\SubjectConfirmation;
 
 class SubjectConfirmationNotOnOrAfter implements SubjectConfirmationConstraintValidator
 {

diff --git a/src/SAML2/Assertion/Validation/Result.php b/src/SAML2/Assertion/Validation/Result.php
@@ -4,8 +4,6 @@
 
 namespace SimpleSAML\SAML2\Assertion\Validation;
 
-use SimpleSAML\SAML2\Exception\InvalidArgumentException;
-
 /**
  * Simple Result object
  */

diff --git a/src/SAML2/Binding.php b/src/SAML2/Binding.php
@@ -4,12 +4,11 @@
 
 namespace SimpleSAML\SAML2;
 
-use Exception;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use SimpleSAML\SAML2\Constants as C;
-use SimpleSAML\SAML2\XML\samlp\AbstractMessage;
 use SimpleSAML\SAML2\Exception\Protocol\UnsupportedBindingException;
+use SimpleSAML\SAML2\XML\samlp\AbstractMessage;
 
 use function array_key_exists;
 use function array_keys;

diff --git a/src/SAML2/Certificate/Exception/InvalidKeyUsageException.php b/src/SAML2/Certificate/Exception/InvalidKeyUsageException.php
@@ -5,28 +5,11 @@
 namespace SimpleSAML\SAML2\Certificate\Exception;
 
 use InvalidArgumentException;
-use SimpleSAML\SAML2\Certificate\Key;
 use Throwable;
 
-use function implode;
-use function sprintf;
-
 /**
  * Named exception for when a non-existent key-usage is given
  */
 class InvalidKeyUsageException extends InvalidArgumentException implements Throwable
 {
-    /**
-     * @param string $usage
-     */
-    public function __construct(string $usage)
-    {
-        $message = sprintf(
-            'Invalid key usage given: "%s", usages "%s" allowed',
-            $usage,
-            implode('", "', Key::getValidKeyUsages())
-        );
-
-        parent::__construct($message);
-    }
 }
diff --git a/src/SAML2/Certificate/Key.php b/src/SAML2/Certificate/Key.php
@@ -4,21 +4,23 @@
 
 namespace SimpleSAML\SAML2\Certificate;
 
+use ArrayAccess;
+use SimpleSAML\Assert\Assert;
 use SimpleSAML\SAML2\Certificate\Exception\InvalidKeyUsageException;
 use SimpleSAML\SAML2\Exception\InvalidArgumentException;
 
 use function array_key_exists;
-use function in_array;
 use function is_string;
 
 /**
  * Simple DTO wrapper for (X509) keys. Implements ArrayAccess
  * for easier backwards compatibility.
  */
-class Key implements \ArrayAccess
+class Key implements ArrayAccess
 {
     // Possible key usages
     public const USAGE_SIGNING = 'signing';
+
     public const USAGE_ENCRYPTION = 'encryption';
 
     /** @var array */
@@ -42,38 +44,27 @@ public function __construct(array $keyData)
      *
      * @param string $usage
      * @return bool
+     * @throws \SimpleSAML\SAML2\Exception\InvalidArgumentException
      */
     public function canBeUsedFor(string $usage): bool
     {
-        if (!in_array($usage, static::getValidKeyUsages(), true)) {
-            throw new InvalidKeyUsageException($usage);
-        }
+        Assert::oneOf(
+            $usage,
+            [self::USAGE_ENCRYPTION, self::USAGE_SIGNING],
+            'Invalid key usage given: "%s", usages "%2$s" allowed',
+            InvalidKeyUsageException::class,
+        );
 
         return isset($this->keyData[$usage]) && $this->keyData[$usage];
     }
 
 
-    /**
-     * Returns the list of valid key usage options
-     * @return array
-     */
-    public static function getValidKeyUsages(): array
-    {
-        return [
-            self::USAGE_ENCRYPTION,
-            self::USAGE_SIGNING
-        ];
-    }
-
-
     /**
      * @param mixed $offset
-     * @throws InvalidArgumentException
+     * @throws \SimpleSAML\SAML2\Exception\InvalidArgumentException
      * @return bool
-     *
-     * Type hint not possible due to upstream method signature
      */
-    public function offsetExists($offset): bool
+    public function offsetExists(mixed $offset): bool
     {
         if (!is_string($offset)) {
             throw InvalidArgumentException::invalidType('string', $offset);
@@ -84,13 +75,10 @@ public function offsetExists($offset): bool
 
     /**
      * @param mixed $offset
-     * @throws InvalidArgumentException
+     * @throws \SimpleSAML\SAML2\Exception\InvalidArgumentException
      * @return mixed
-     *
-     * Type hint not possible due to upstream method signature
      */
-    #[\ReturnTypeWillChange]
-    public function offsetGet($offset)
+    public function offsetGet($offset): mixed
     {
         if (!is_string($offset)) {
             throw InvalidArgumentException::invalidType('string', $offset);
@@ -102,10 +90,9 @@ public function offsetGet($offset)
     /**
      * @param mixed $offset
      * @param mixed $value
-     * @throws InvalidArgumentException
-     * @return void
+     * @throws \SimpleSAML\SAML2\Exception\InvalidArgumentException
      */
-    public function offsetSet($offset, $value): void
+    public function offsetSet(mixed $offset, mixed $value): void
     {
         if (!is_string($offset)) {
             throw InvalidArgumentException::invalidType('string', $offset);
@@ -116,12 +103,9 @@ public function offsetSet($offset, $value): void
 
     /**
      * @param mixed $offset
-     * @throws InvalidArgumentException
-     * @return void
-     *
-     * Type hint not possible due to upstream method signature
+     * @throws \SimpleSAML\SAML2\Exception\InvalidArgumentException
      */
-    public function offsetUnset($offset): void
+    public function offsetUnset(mixed $offset): void
     {
         if (!is_string($offset)) {
             throw InvalidArgumentException::invalidType('string', $offset);

diff --git a/src/SAML2/Certificate/KeyCollection.php b/src/SAML2/Certificate/KeyCollection.php
@@ -4,8 +4,8 @@
 
 namespace SimpleSAML\SAML2\Certificate;
 
-use SimpleSAML\SAML2\Utilities\ArrayCollection;
 use SimpleSAML\Assert\Assert;
+use SimpleSAML\SAML2\Utilities\ArrayCollection;
 
 /**
  * Simple collection object for transporting keys
@@ -15,16 +15,16 @@ class KeyCollection extends ArrayCollection
     /**
      * Add a key to the collection
      *
-     * @psalm-suppress MoreSpecificImplementedParamType
-     * @param \SimpleSAML\SAML2\Certificate\Key $key
-     * @return void
+     * @param \SimpleSAML\SAML2\Certificate\Key $element
+     * @throws \SimpleSAML\Assert\AssertionFailedException if assertions are false
      *
      * Type hint not possible due to upstream method signature
+     * @psalm-suppress MoreSpecificImplementedParamType
      */
-    public function add($key): void
+    public function add($element): void
     {
         /** @psalm-suppress RedundantConditionGivenDocblockType */
-        Assert::isInstanceOf($key, Key::class);
-        parent::add($key);
+        Assert::isInstanceOf($element, Key::class);
+        parent::add($element);
     }
 }