Leverage Constructor property promotion & fix broken xenc:CipherRefer…

…ence

src/Alg/AbstractAlgorithmFactory.php

@@ -22,16 +22,19 @@
  */
 abstract class AbstractAlgorithmFactory
 {
+    /**
+     * A cache of algorithm implementations indexed by algorithm ID.
+     *
+     * @var string[]
+     */
     protected static array $cache = [];
-    protected static bool $initialized = false;
-
 
     /**
-     * An array of blacklisted algorithms.
+     * Whether the factory has been initialized or not.
      *
-     * @var string[]
+     * @var bool
      */
-    protected array $blacklist = [];
+    protected static bool $initialized = false;
 
 
     /**
@@ -40,12 +43,10 @@ abstract class AbstractAlgorithmFactory
      * @param string[]|null $blacklist A list of algorithms forbidden for their use.
      * @param string[]|null $defaults A list of known implementations.
      */
-    public function __construct(array $blacklist = null, array $defaults = null)
-    {
-        if ($blacklist !== null) {
-            $this->blacklist = $blacklist;
-        }
-
+    public function __construct(
+        protected ?array $blacklist = null,
+        ?array $defaults = null,
+    ) {
         // initialize the cache for supported algorithms per known implementation
         if (!static::$initialized && $defaults !== null) {
             foreach ($defaults as $algorithm) {
@@ -79,8 +80,8 @@ public function __construct(array $blacklist = null, array $defaults = null)
      */
     public function getAlgorithm(string $algId, KeyInterface $key): AlgorithmInterface
     {
-        Assert::true(
-            !in_array($algId, $this->blacklist, true),
+        Assert::false(
+            in_array($algId, $this->blacklist, true),
             sprintf('Blacklisted algorithm: \'%s\'.', $algId),
             BlacklistedAlgorithmException::class,
         );

src/Alg/Encryption/AES.php

@@ -4,7 +4,7 @@
 
 namespace SimpleSAML\XMLSecurity\Alg\Encryption;
 
-use SimpleSAML\XMLSecurity\Backend\OpenSSL;
+use SimpleSAML\XMLSecurity\Backend;
 use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Key\SymmetricKey;
 
@@ -16,7 +16,7 @@
 class AES extends AbstractEncryptor
 {
     /** @var string */
-    protected string $default_backend = OpenSSL::class;
+    protected const DEFAULT_BACKEND = Backend\OpenSSL::class;
 
 
     /**
@@ -30,6 +30,7 @@ public function __construct(SymmetricKey $key, string $algId = C::BLOCK_ENC_AES2
         parent::__construct($key, $algId);
     }
 
+
     /**
      * @inheritDoc
      */

src/Alg/Encryption/AbstractEncryptor.php

@@ -16,18 +16,9 @@
  */
 abstract class AbstractEncryptor implements EncryptionAlgorithmInterface
 {
-    /** @var \SimpleSAML\XMLSecurity\Key\KeyInterface */
-    private KeyInterface $key;
-
     /** @var \SimpleSAML\XMLSecurity\Backend\EncryptionBackend */
     protected EncryptionBackend $backend;
 
-    /** @var string */
-    protected string $default_backend;
-
-    /** @var string */
-    protected string $algId;
-
 
     /**
      * Build an encryption algorithm.
@@ -39,17 +30,17 @@ abstract class AbstractEncryptor implements EncryptionAlgorithmInterface
      * @param \SimpleSAML\XMLSecurity\Key\KeyInterface $key The signing key.
      * @param string $algId The identifier of this algorithm.
      */
-    public function __construct(KeyInterface $key, string $algId)
-    {
+    public function __construct(
+        private KeyInterface $key,
+        protected string $algId,
+    ) {
         Assert::oneOf(
             $algId,
             static::getSupportedAlgorithms(),
             'Unsupported algorithm for ' . static::class,
             UnsupportedAlgorithmException::class,
         );
-        $this->key = $key;
-        $this->algId = $algId;
-        $this->setBackend(new $this->default_backend());
+        $this->setBackend(new (static::DEFAULT_BACKEND)());
     }
 
 

src/Alg/Encryption/EncryptionAlgorithmFactory.php

@@ -15,6 +15,17 @@
  */
 final class EncryptionAlgorithmFactory extends AbstractAlgorithmFactory
 {
+    /**
+     * An array of blacklisted algorithms.
+     *
+     * Defaults to 3DES.
+     *
+     * @var string[]
+     */
+    private const DEFAULT_BLACKLIST = [
+        C::BLOCK_ENC_3DES,
+    ];
+
     /**
      * A cache of algorithm implementations indexed by algorithm ID.
      *
@@ -29,27 +40,16 @@ final class EncryptionAlgorithmFactory extends AbstractAlgorithmFactory
      */
     protected static bool $initialized = false;
 
-    /**
-     * An array of blacklisted algorithms.
-     *
-     * Defaults to 3DES.
-     *
-     * @var string[]
-     */
-    protected array $blacklist = [
-        C::BLOCK_ENC_3DES,
-    ];
-
 
     /**
      * Build a factory that creates encryption algorithms.
      *
      * @param array|null $blacklist A list of algorithms forbidden for their use.
      */
-    public function __construct(array $blacklist = null)
+    public function __construct(?array $blacklist = null)
     {
         parent::__construct(
-            $blacklist,
+            $blacklist ?? self::DEFAULT_BLACKLIST,
             [
                 TripleDES::class,
                 AES::class,

src/Alg/Encryption/TripleDES.php

@@ -4,7 +4,7 @@
 
 namespace SimpleSAML\XMLSecurity\Alg\Encryption;
 
-use SimpleSAML\XMLSecurity\Backend\OpenSSL;
+use SimpleSAML\XMLSecurity\Backend;
 use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Key\SymmetricKey;
 
@@ -16,7 +16,7 @@
 class TripleDES extends AbstractEncryptor
 {
     /** @var string */
-    protected string $default_backend = OpenSSL::class;
+    protected const DEFAULT_BACKEND = Backend\OpenSSL::class;
 
 
     /**

src/Alg/KeyTransport/AbstractKeyTransporter.php

@@ -17,18 +17,9 @@
  */
 abstract class AbstractKeyTransporter implements EncryptionAlgorithmInterface
 {
-    /** @var \SimpleSAML\XMLSecurity\Key\KeyInterface */
-    private KeyInterface $key;
-
     /** @var \SimpleSAML\XMLSecurity\Backend\EncryptionBackend */
     protected EncryptionBackend $backend;
 
-    /** @var string */
-    protected string $default_backend;
-
-    /** @var string */
-    protected string $algId;
-
 
     /**
      * Build a key transport algorithm.
@@ -40,17 +31,17 @@ abstract class AbstractKeyTransporter implements EncryptionAlgorithmInterface
      * @param \SimpleSAML\XMLSecurity\Key\KeyInterface $key The encryption key.
      * @param string $algId The identifier of this algorithm.
      */
-    public function __construct(KeyInterface $key, string $algId)
-    {
+    public function __construct(
+        private KeyInterface $key,
+        protected string $algId,
+    ) {
         Assert::oneOf(
             $algId,
             static::getSupportedAlgorithms(),
             'Unsupported algorithm for ' . static::class,
             UnsupportedAlgorithmException::class,
         );
-        $this->key = $key;
-        $this->algId = $algId;
-        $this->setBackend(new $this->default_backend());
+        $this->setBackend(new (static::DEFAULT_BACKEND)());
     }
 
 

src/Alg/KeyTransport/KeyTransportAlgorithmFactory.php

@@ -14,6 +14,17 @@
  */
 class KeyTransportAlgorithmFactory extends AbstractAlgorithmFactory
 {
+    /**
+     * An array of blacklisted algorithms.
+     *
+     * Defaults to RSA 1.5.
+     *
+     * @var string[]
+     */
+    private const DEFAULT_BLACKLIST = [
+        C::KEY_TRANSPORT_RSA_1_5,
+    ];
+
     /**
      * A cache of algorithm implementations indexed by algorithm ID.
      *
@@ -28,17 +39,6 @@ class KeyTransportAlgorithmFactory extends AbstractAlgorithmFactory
      */
     protected static bool $initialized = false;
 
-    /**
-     * An array of blacklisted algorithms.
-     *
-     * Defaults to RSA 1.5.
-     *
-     * @var string[]
-     */
-    protected array $blacklist = [
-        C::KEY_TRANSPORT_RSA_1_5,
-    ];
-
 
     /**
      * Build a factory that creates key transport algorithms.
@@ -47,7 +47,7 @@ class KeyTransportAlgorithmFactory extends AbstractAlgorithmFactory
      */
     public function __construct(array $blacklist = null)
     {
-        parent::__construct($blacklist, [RSA::class]);
+        parent::__construct($blacklist ?? self::DEFAULT_BLACKLIST, [RSA::class]);
     }
 
     /**

src/Alg/KeyTransport/RSA.php

@@ -4,7 +4,7 @@
 
 namespace SimpleSAML\XMLSecurity\Alg\KeyTransport;
 
-use SimpleSAML\XMLSecurity\Backend\OpenSSL;
+use SimpleSAML\XMLSecurity\Backend;
 use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Key\AsymmetricKey;
 
@@ -16,7 +16,7 @@
 final class RSA extends AbstractKeyTransporter
 {
     /** @var string */
-    protected string $default_backend = OpenSSL::class;
+    protected const DEFAULT_BACKEND = Backend\OpenSSL::class;
 
 
     /**

src/Alg/Signature/AbstractSigner.php

@@ -16,21 +16,9 @@
  */
 abstract class AbstractSigner implements SignatureAlgorithmInterface
 {
-    /** @var \SimpleSAML\XMLSecurity\Key\KeyInterface */
-    private KeyInterface $key;
-
     /** @var \SimpleSAML\XMLSecurity\Backend\SignatureBackend */
     protected SignatureBackend $backend;
 
-    /** @var string */
-    protected string $default_backend;
-
-    /** @var string */
-    protected string $digest;
-
-    /** @var string */
-    protected string $algId;
-
 
     /**
      * Build a signature algorithm.
@@ -43,19 +31,19 @@ abstract class AbstractSigner implements SignatureAlgorithmInterface
      * @param string $algId The identifier of this algorithm.
      * @param string $digest The identifier of the digest algorithm to use.
      */
-    public function __construct(KeyInterface $key, string $algId, string $digest)
-    {
+    public function __construct(
+        private KeyInterface $key,
+        protected string $algId,
+        protected string $digest,
+    ) {
         Assert::oneOf(
             $algId,
             static::getSupportedAlgorithms(),
             sprintf('Unsupported algorithm for %s', static::class),
             UnsupportedAlgorithmException::class,
         );
 
-        $this->key = $key;
-        $this->algId = $algId;
-        $this->digest = $digest;
-        $this->backend = new $this->default_backend();
+        $this->backend = new (static::DEFAULT_BACKEND)();
         $this->backend->setDigestAlg($digest);
     }
 

src/Alg/Signature/HMAC.php

@@ -4,7 +4,7 @@
 
 namespace SimpleSAML\XMLSecurity\Alg\Signature;
 
-use SimpleSAML\XMLSecurity\Backend\HMAC as HMAC_Backend;
+use SimpleSAML\XMLSecurity\Backend;
 use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Key\SymmetricKey;
 
@@ -16,7 +16,7 @@
 final class HMAC extends AbstractSigner implements SignatureAlgorithmInterface
 {
     /** @var string */
-    protected string $default_backend = HMAC_Backend::class;
+    protected const DEFAULT_BACKEND = Backend\HMAC::class;
 
 
     /**

src/Alg/Signature/RSA.php

@@ -4,7 +4,7 @@
 
 namespace SimpleSAML\XMLSecurity\Alg\Signature;
 
-use SimpleSAML\XMLSecurity\Backend\OpenSSL;
+use SimpleSAML\XMLSecurity\Backend;
 use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Key\AsymmetricKey;
 
@@ -16,7 +16,7 @@
 final class RSA extends AbstractSigner implements SignatureAlgorithmInterface
 {
     /** @var string */
-    protected string $default_backend = OpenSSL::class;
+    protected const DEFAULT_BACKEND = Backend\OpenSSL::class;
 
 
     /**