diff --git a/.github/workflows/tweet.yml b/.github/workflows/tweet.yml index 5958b57a9..53ea014f7 100644 --- a/.github/workflows/tweet.yml +++ b/.github/workflows/tweet.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Tweet - uses: snow-actions/tweet@v1 + uses: snow-actions/tweet@v1.4.0 with: status: | We are proud to announce that ${{ github.repository }} ยท ${{ github.event.release.name }} diff --git a/composer.json b/composer.json index 42d01391f..e1d817537 100644 --- a/composer.json +++ b/composer.json @@ -57,7 +57,7 @@ "ext-mbstring": "*", "ext-openssl": "*", "ext-sodium": "*", - "brick/math": "^0.9|^0.10", + "brick/math": "^0.9|^0.10|^0.11", "paragonie/constant_time_encoding": "^2.4", "psr/event-dispatcher": "^1.0", "psr/http-client": "^1.0", diff --git a/phpstan.neon b/phpstan.neon index 8f568b762..7058fc28b 100644 --- a/phpstan.neon +++ b/phpstan.neon @@ -6,7 +6,11 @@ parameters: checkGenericClassInNonGenericObjectType: false treatPhpDocTypesAsCertain: false checkUninitializedProperties: true + checkDynamicProperties: true ignoreErrors: + - "#Method [a-zA-Z0-9\\_\\\\:\\(\\)]+ has parameter \\$[a-zA-Z0-9_]+ with no value type specified in iterable type array#" + - "#Method [a-zA-Z0-9\\_\\\\:\\(\\)]+ return type has no value type specified in iterable type array#" + - "#Property [a-zA-Z0-9\\$\\_\\\\:\\(\\)]+ type has no value type specified in iterable type array#" - '#Variable static method call on Jose\\Component\\Core\\Util\\Hash\.#' - '#Call to an undefined method Symfony\\Component\\Config\\Definition\\Builder\\NodeDefinition::children\(\)#' - '#Invalid type object to throw\.#' diff --git a/src/Bundle/JoseFramework/DataCollector/AlgorithmCollector.php b/src/Bundle/JoseFramework/DataCollector/AlgorithmCollector.php index 8a27c1515..54aeafe13 100644 --- a/src/Bundle/JoseFramework/DataCollector/AlgorithmCollector.php +++ b/src/Bundle/JoseFramework/DataCollector/AlgorithmCollector.php @@ -22,6 +22,9 @@ public function __construct( ) { } + /** + * @param array $data + */ public function collect(array &$data, Request $request, Response $response, ?Throwable $exception = null): void { $algorithms = $this->algorithmManagerFactory->all(); @@ -90,6 +93,9 @@ private function getAlgorithmType( } } + /** + * @return array> + */ private function getAlgorithmMessages(): array { return [ diff --git a/src/Bundle/JoseFramework/DataCollector/CheckerCollector.php b/src/Bundle/JoseFramework/DataCollector/CheckerCollector.php index fdeacc018..09f778314 100644 --- a/src/Bundle/JoseFramework/DataCollector/CheckerCollector.php +++ b/src/Bundle/JoseFramework/DataCollector/CheckerCollector.php @@ -15,26 +15,39 @@ use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\VarDumper\Cloner\Data; use Symfony\Component\VarDumper\Cloner\VarCloner; use Throwable; class CheckerCollector implements Collector, EventSubscriberInterface { + /** + * @var array + */ private array $headerCheckedSuccesses = []; + /** + * @var array + */ private array $headerCheckedFailures = []; + /** + * @var array + */ private array $claimCheckedSuccesses = []; + /** + * @var array + */ private array $claimCheckedFailures = []; /** - * @var HeaderCheckerManager[] + * @var array */ private array $headerCheckerManagers = []; /** - * @var ClaimCheckerManager[] + * @var array */ private array $claimCheckerManagers = []; @@ -44,6 +57,9 @@ public function __construct( ) { } + /** + * @param array $data + */ public function collect(array &$data, Request $request, Response $response, ?Throwable $exception = null): void { $this->collectHeaderCheckerManagers($data); @@ -97,6 +113,9 @@ public function catchClaimCheckFailure(ClaimCheckedFailureEvent $event): void $this->claimCheckedFailures[] = $cloner->cloneVar($event); } + /** + * @param array> $data + */ private function collectHeaderCheckerManagers(array &$data): void { $data['checker']['header_checker_managers'] = []; @@ -111,6 +130,9 @@ private function collectHeaderCheckerManagers(array &$data): void } } + /** + * @param array> $data + */ private function collectSupportedHeaderCheckers(array &$data): void { $data['checker']['header_checkers'] = []; @@ -125,6 +147,9 @@ private function collectSupportedHeaderCheckers(array &$data): void } } + /** + * @param array> $data + */ private function collectClaimCheckerManagers(array &$data): void { $data['checker']['claim_checker_managers'] = []; @@ -138,6 +163,9 @@ private function collectClaimCheckerManagers(array &$data): void } } + /** + * @param array> $data + */ private function collectSupportedClaimCheckers(array &$data): void { $data['checker']['claim_checkers'] = []; @@ -151,6 +179,9 @@ private function collectSupportedClaimCheckers(array &$data): void } } + /** + * @param array> $data + */ private function collectEvents(array &$data): void { $data['checker']['events'] = [ diff --git a/src/Bundle/JoseFramework/DataCollector/Collector.php b/src/Bundle/JoseFramework/DataCollector/Collector.php index 65f6c9ef3..24eae7ac8 100644 --- a/src/Bundle/JoseFramework/DataCollector/Collector.php +++ b/src/Bundle/JoseFramework/DataCollector/Collector.php @@ -10,5 +10,8 @@ interface Collector { + /** + * @param array $data + */ public function collect(array &$data, Request $request, Response $response, ?Throwable $exception = null): void; } diff --git a/src/Bundle/JoseFramework/DataCollector/JWECollector.php b/src/Bundle/JoseFramework/DataCollector/JWECollector.php index 8cdfc8e8f..c7869d74e 100644 --- a/src/Bundle/JoseFramework/DataCollector/JWECollector.php +++ b/src/Bundle/JoseFramework/DataCollector/JWECollector.php @@ -16,31 +16,44 @@ use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\VarDumper\Cloner\Data; use Symfony\Component\VarDumper\Cloner\VarCloner; use Throwable; class JWECollector implements Collector, EventSubscriberInterface { + /** + * @var array + */ private array $jweDecryptionSuccesses = []; + /** + * @var array + */ private array $jweDecryptionFailures = []; + /** + * @var array + */ private array $jweBuiltSuccesses = []; + /** + * @var array + */ private array $jweBuiltFailures = []; /** - * @var JWEBuilder[] + * @var array */ private array $jweBuilders = []; /** - * @var JWEDecrypter[] + * @var array */ private array $jweDecrypters = []; /** - * @var JWELoader[] + * @var array */ private array $jweLoaders = []; @@ -50,6 +63,9 @@ public function __construct( ) { } + /** + * @param array $data + */ public function collect(array &$data, Request $request, Response $response, ?Throwable $exception = null): void { $this->collectSupportedCompressionMethods($data); @@ -109,6 +125,9 @@ public function catchJweBuiltFailure(JWEBuiltFailureEvent $event): void $this->jweBuiltFailures[] = $cloner->cloneVar($event); } + /** + * @param array> $data + */ private function collectSupportedCompressionMethods(array &$data): void { $data['jwe']['compression_methods'] = []; @@ -121,6 +140,9 @@ private function collectSupportedCompressionMethods(array &$data): void } } + /** + * @param array> $data + */ private function collectSupportedJWESerializations(array &$data): void { $data['jwe']['jwe_serialization'] = []; @@ -133,6 +155,9 @@ private function collectSupportedJWESerializations(array &$data): void } } + /** + * @param array> $data + */ private function collectSupportedJWEBuilders(array &$data): void { $data['jwe']['jwe_builders'] = []; @@ -148,6 +173,9 @@ private function collectSupportedJWEBuilders(array &$data): void } } + /** + * @param array> $data + */ private function collectSupportedJWEDecrypters(array &$data): void { $data['jwe']['jwe_decrypters'] = []; @@ -163,6 +191,9 @@ private function collectSupportedJWEDecrypters(array &$data): void } } + /** + * @param array> $data + */ private function collectSupportedJWELoaders(array &$data): void { $data['jwe']['jwe_loaders'] = []; @@ -183,6 +214,9 @@ private function collectSupportedJWELoaders(array &$data): void } } + /** + * @param array> $data + */ private function collectEvents(array &$data): void { $data['jwe']['events'] = [ diff --git a/src/Bundle/JoseFramework/DataCollector/JWSCollector.php b/src/Bundle/JoseFramework/DataCollector/JWSCollector.php index 2ac145933..e6e63b4bf 100644 --- a/src/Bundle/JoseFramework/DataCollector/JWSCollector.php +++ b/src/Bundle/JoseFramework/DataCollector/JWSCollector.php @@ -15,13 +15,14 @@ use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\VarDumper\Cloner\Data; use Symfony\Component\VarDumper\Cloner\VarCloner; use Throwable; class JWSCollector implements Collector, EventSubscriberInterface { /** - * @var JWSBuilder[] + * @var array */ private array $jwsBuilders = []; @@ -35,12 +36,24 @@ class JWSCollector implements Collector, EventSubscriberInterface */ private array $jwsLoaders = []; + /** + * @var array + */ private array $jwsVerificationSuccesses = []; + /** + * @var array + */ private array $jwsVerificationFailures = []; + /** + * @var array + */ private array $jwsBuiltSuccesses = []; + /** + * @var array + */ private array $jwsBuiltFailures = []; public function __construct( @@ -48,6 +61,9 @@ public function __construct( ) { } + /** + * @param array $data + */ public function collect(array &$data, Request $request, Response $response, ?Throwable $exception = null): void { $this->collectSupportedJWSSerializations($data); @@ -106,6 +122,9 @@ public function catchJwsBuiltFailure(JWSBuiltFailureEvent $event): void $this->jwsBuiltFailures[] = $cloner->cloneVar($event); } + /** + * @param array> $data + */ private function collectSupportedJWSSerializations(array &$data): void { $data['jws']['jws_serialization'] = []; @@ -118,6 +137,9 @@ private function collectSupportedJWSSerializations(array &$data): void } } + /** + * @param array> $data + */ private function collectSupportedJWSBuilders(array &$data): void { $data['jws']['jws_builders'] = []; @@ -129,6 +151,9 @@ private function collectSupportedJWSBuilders(array &$data): void } } + /** + * @param array> $data + */ private function collectSupportedJWSVerifiers(array &$data): void { $data['jws']['jws_verifiers'] = []; @@ -140,6 +165,9 @@ private function collectSupportedJWSVerifiers(array &$data): void } } + /** + * @param array> $data + */ private function collectSupportedJWSLoaders(array &$data): void { $data['jws']['jws_loaders'] = []; @@ -154,6 +182,9 @@ private function collectSupportedJWSLoaders(array &$data): void } } + /** + * @param array> $data + */ private function collectEvents(array &$data): void { $data['jws']['events'] = [ diff --git a/src/Bundle/JoseFramework/DataCollector/JoseCollector.php b/src/Bundle/JoseFramework/DataCollector/JoseCollector.php index 68ab18e19..64873d167 100644 --- a/src/Bundle/JoseFramework/DataCollector/JoseCollector.php +++ b/src/Bundle/JoseFramework/DataCollector/JoseCollector.php @@ -34,6 +34,9 @@ public function getName(): string return 'jose_collector'; } + /** + * @return array|Data + */ public function getData(): array|Data { return $this->data; diff --git a/src/Bundle/JoseFramework/DataCollector/KeyCollector.php b/src/Bundle/JoseFramework/DataCollector/KeyCollector.php index c772e356c..c27d1d85b 100644 --- a/src/Bundle/JoseFramework/DataCollector/KeyCollector.php +++ b/src/Bundle/JoseFramework/DataCollector/KeyCollector.php @@ -17,12 +17,12 @@ class KeyCollector implements Collector { /** - * @var JWK[] + * @var array */ private array $jwks = []; /** - * @var JWKSet[] + * @var array */ private array $jwksets = []; @@ -32,6 +32,9 @@ public function __construct( ) { } + /** + * @param array $data + */ public function collect(array &$data, Request $request, Response $response, ?Throwable $exception = null): void { $this->collectJWK($data); @@ -48,6 +51,9 @@ public function addJWKSet(string $id, JWKSet $jwkset): void $this->jwksets[$id] = $jwkset; } + /** + * @param array> $data + */ private function collectJWK(array &$data): void { $cloner = new VarCloner(); @@ -60,6 +66,9 @@ private function collectJWK(array &$data): void } } + /** + * @param array> $data + */ private function collectJWKSet(array &$data): void { $cloner = new VarCloner(); diff --git a/src/Bundle/JoseFramework/DependencyInjection/JoseFrameworkExtension.php b/src/Bundle/JoseFramework/DependencyInjection/JoseFrameworkExtension.php index 5fd2001d9..76ae713d9 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/JoseFrameworkExtension.php +++ b/src/Bundle/JoseFramework/DependencyInjection/JoseFrameworkExtension.php @@ -29,6 +29,7 @@ public function getAlias(): string /** * {@inheritdoc} + * @param array $configs */ public function load(array $configs, ContainerBuilder $container): void { diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/AbstractSource.php b/src/Bundle/JoseFramework/DependencyInjection/Source/AbstractSource.php index f434da23b..aaa3b7823 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/Source/AbstractSource.php +++ b/src/Bundle/JoseFramework/DependencyInjection/Source/AbstractSource.php @@ -10,6 +10,9 @@ abstract class AbstractSource { + /** + * @param array{is_public: bool, tags: array, string?: mixed} $config + */ public function create(ContainerBuilder $container, string $type, string $name, array $config): void { $service_id = sprintf('jose.%s.%s', $type, $name); @@ -41,5 +44,8 @@ public function addConfiguration(NodeDefinition $node): void ->end(); } + /** + * @param array $config + */ abstract protected function createDefinition(ContainerBuilder $container, array $config): Definition; } diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSetSource/JKU.php b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSetSource/JKU.php index 0b9b7614f..903eb9504 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSetSource/JKU.php +++ b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSetSource/JKU.php @@ -14,6 +14,9 @@ class JKU extends AbstractSource implements JWKSetSource { + /** + * @param array $config + */ public function createDefinition(ContainerBuilder $container, array $config): Definition { $definition = new Definition(JWKSet::class); diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSetSource/JWKSet.php b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSetSource/JWKSet.php index 8879333ca..70ed43dc7 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSetSource/JWKSet.php +++ b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSetSource/JWKSet.php @@ -14,6 +14,9 @@ class JWKSet extends AbstractSource implements JWKSetSource { + /** + * @param array $config + */ public function createDefinition(ContainerBuilder $container, array $config): Definition { $definition = new Definition(JWKSetAlias::class); diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSetSource/X5U.php b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSetSource/X5U.php index 829a32ddf..8d6cd2cba 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSetSource/X5U.php +++ b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSetSource/X5U.php @@ -14,6 +14,9 @@ class X5U extends AbstractSource implements JWKSetSource { + /** + * @param array $config + */ public function createDefinition(ContainerBuilder $container, array $config): Definition { $definition = new Definition(JWKSet::class); diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/CertificateFile.php b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/CertificateFile.php index 3bd22c237..2c55663b4 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/CertificateFile.php +++ b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/CertificateFile.php @@ -14,6 +14,9 @@ class CertificateFile extends AbstractSource implements JWKSource { + /** + * @param array $config + */ public function createDefinition(ContainerBuilder $container, array $config): Definition { $definition = new Definition(JWK::class); diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/JWK.php b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/JWK.php index 19e7046ad..bd71bd2d0 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/JWK.php +++ b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/JWK.php @@ -13,6 +13,9 @@ class JWK extends AbstractSource implements JWKSource { + /** + * @param array $config + */ public function createDefinition(ContainerBuilder $container, array $config): Definition { $definition = new Definition(\Jose\Component\Core\JWK::class); diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/JWKSet.php b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/JWKSet.php index 14e0c0290..c5abbc16a 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/JWKSet.php +++ b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/JWKSet.php @@ -14,6 +14,9 @@ class JWKSet extends AbstractSource implements JWKSource { + /** + * @param array $config + */ public function createDefinition(ContainerBuilder $container, array $config): Definition { $definition = new Definition(JWK::class); diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/KeyFile.php b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/KeyFile.php index 6bc0ebf41..1411f8645 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/KeyFile.php +++ b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/KeyFile.php @@ -14,6 +14,9 @@ class KeyFile extends AbstractSource implements JWKSource { + /** + * @param array $config + */ public function createDefinition(ContainerBuilder $container, array $config): Definition { $definition = new Definition(JWK::class); diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/P12.php b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/P12.php index 666e19bfb..a3caefdc2 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/P12.php +++ b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/P12.php @@ -14,6 +14,9 @@ class P12 extends AbstractSource implements JWKSource { + /** + * @param array $config + */ public function createDefinition(ContainerBuilder $container, array $config): Definition { $definition = new Definition(JWK::class); diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/Secret.php b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/Secret.php index 4dc56def4..a936405fa 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/Secret.php +++ b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/Secret.php @@ -14,6 +14,9 @@ class Secret extends AbstractSource implements JWKSource { + /** + * @param array $config + */ public function createDefinition(ContainerBuilder $container, array $config): Definition { $definition = new Definition(JWK::class); diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/Values.php b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/Values.php index 826d87624..5c756d4b9 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/Values.php +++ b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/Values.php @@ -14,6 +14,9 @@ class Values extends AbstractSource implements JWKSource { + /** + * @param array $config + */ public function createDefinition(ContainerBuilder $container, array $config): Definition { $definition = new Definition(JWK::class); diff --git a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/X5C.php b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/X5C.php index 48e884497..d2129d30c 100644 --- a/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/X5C.php +++ b/src/Bundle/JoseFramework/DependencyInjection/Source/KeyManagement/JWKSource/X5C.php @@ -14,6 +14,9 @@ class X5C extends AbstractSource implements JWKSource { + /** + * @param array $config + */ public function createDefinition(ContainerBuilder $container, array $config): Definition { $definition = new Definition(JWK::class); diff --git a/src/Component/Checker/TokenTypeSupport.php b/src/Component/Checker/TokenTypeSupport.php index bfa4f0b2e..96b179b97 100644 --- a/src/Component/Checker/TokenTypeSupport.php +++ b/src/Component/Checker/TokenTypeSupport.php @@ -13,6 +13,9 @@ interface TokenTypeSupport * useful when the token is serialized using the Json General Serialization mode. For example the JWE Json General * Serialization Mode allows several recipients to be set. The unprotected headers correspond to the share * unprotected header and the selected recipient header. + * + * @param array $protectedHeader + * @param array $unprotectedHeader */ public function retrieveTokenHeaders( JWT $jwt, diff --git a/src/Component/Core/Util/RSAKey.php b/src/Component/Core/Util/RSAKey.php index b287d117a..395c64811 100644 --- a/src/Component/Core/Util/RSAKey.php +++ b/src/Component/Core/Util/RSAKey.php @@ -4,14 +4,6 @@ namespace Jose\Component\Core\Util; -use SpomkyLabs\Pki\ASN1\Type\Constructed\Sequence; -use SpomkyLabs\Pki\ASN1\Type\Primitive\BitString; -use SpomkyLabs\Pki\ASN1\Type\Primitive\Integer; -use SpomkyLabs\Pki\ASN1\Type\Primitive\NullType; -use SpomkyLabs\Pki\ASN1\Type\Primitive\ObjectIdentifier; -use SpomkyLabs\Pki\ASN1\Type\Primitive\OctetString; -use SpomkyLabs\Pki\CryptoEncoding\PEM; -use SpomkyLabs\Pki\CryptoTypes\AlgorithmIdentifier\Asymmetric\RSAEncryptionAlgorithmIdentifier; use function array_key_exists; use function count; use InvalidArgumentException; @@ -19,6 +11,12 @@ use Jose\Component\Core\JWK; use ParagonIE\ConstantTime\Base64UrlSafe; use RuntimeException; +use SpomkyLabs\Pki\ASN1\Type\Constructed\Sequence; +use SpomkyLabs\Pki\ASN1\Type\Primitive\BitString; +use SpomkyLabs\Pki\ASN1\Type\Primitive\Integer; +use SpomkyLabs\Pki\ASN1\Type\Primitive\OctetString; +use SpomkyLabs\Pki\CryptoEncoding\PEM; +use SpomkyLabs\Pki\CryptoTypes\AlgorithmIdentifier\Asymmetric\RSAEncryptionAlgorithmIdentifier; use SpomkyLabs\Pki\CryptoTypes\Asymmetric\RSA\RSAPrivateKey; use SpomkyLabs\Pki\CryptoTypes\Asymmetric\RSA\RSAPublicKey; @@ -182,8 +180,8 @@ public static function exponentiate(self $key, BigInteger $c): BigInteger throw new RuntimeException(); } if ($key->isPublic() || $key->getCoefficient() === null || count($key->getPrimes()) === 0 || count( - $key->getExponents() - ) === 0) { + $key->getExponents() + ) === 0) { return $c->modPow($key->getExponent(), $key->getModulus()); } @@ -216,9 +214,9 @@ private function populateBigIntegers(): void $this->convertBase64StringToBigInteger($this->values['q']), ]; if (array_key_exists('dp', $this->values) && array_key_exists('dq', $this->values) && array_key_exists( - 'qi', - $this->values - )) { + 'qi', + $this->values + )) { $this->exponents = [ $this->convertBase64StringToBigInteger($this->values['dp']), $this->convertBase64StringToBigInteger($this->values['dq']), diff --git a/src/Component/Core/composer.json b/src/Component/Core/composer.json index 4911aaa0c..7e5cfa509 100644 --- a/src/Component/Core/composer.json +++ b/src/Component/Core/composer.json @@ -41,7 +41,7 @@ "php": ">=8.1", "ext-json": "*", "ext-mbstring": "*", - "brick/math": "^0.9|^0.10", + "brick/math": "^0.9|^0.10|^0.11", "paragonie/constant_time_encoding": "^2.4", "spomky-labs/pki-framework": "^1.0" }, diff --git a/src/Component/Encryption/JWETokenSupport.php b/src/Component/Encryption/JWETokenSupport.php index 9c872f9b4..2b5568aeb 100644 --- a/src/Component/Encryption/JWETokenSupport.php +++ b/src/Component/Encryption/JWETokenSupport.php @@ -14,6 +14,10 @@ public function supports(JWT $jwt): bool return $jwt instanceof JWE; } + /** + * @param array $protectedHeader + * @param array $unprotectedHeader + */ public function retrieveTokenHeaders(JWT $jwt, int $index, array &$protectedHeader, array &$unprotectedHeader): void { if (! $jwt instanceof JWE) { diff --git a/src/Component/KeyManagement/KeyConverter/KeyConverter.php b/src/Component/KeyManagement/KeyConverter/KeyConverter.php index 8da0e4717..2de389c3d 100644 --- a/src/Component/KeyManagement/KeyConverter/KeyConverter.php +++ b/src/Component/KeyManagement/KeyConverter/KeyConverter.php @@ -4,7 +4,6 @@ namespace Jose\Component\KeyManagement\KeyConverter; -use SpomkyLabs\Pki\CryptoTypes\Asymmetric\EC\ECPublicKey; use function array_key_exists; use function count; use function extension_loaded; @@ -134,10 +133,10 @@ public static function loadFromX5C(array $x5c): array } foreach ($x5c as $id => $cert) { $x5c[$id] = '-----BEGIN CERTIFICATE-----' . PHP_EOL . chunk_split( - (string) $cert, - 64, - PHP_EOL - ) . '-----END CERTIFICATE-----'; + (string) $cert, + 64, + PHP_EOL + ) . '-----END CERTIFICATE-----'; $x509 = openssl_x509_read($x5c[$id]); if ($x509 === false) { throw new InvalidArgumentException('Unable to load the certificate chain'); diff --git a/src/Component/NestedToken/NestedTokenBuilder.php b/src/Component/NestedToken/NestedTokenBuilder.php index c80a92958..e9cae4926 100644 --- a/src/Component/NestedToken/NestedTokenBuilder.php +++ b/src/Component/NestedToken/NestedTokenBuilder.php @@ -7,6 +7,7 @@ use function array_key_exists; use InvalidArgumentException; use function is_array; +use Jose\Component\Core\JWK; use Jose\Component\Encryption\JWEBuilder; use Jose\Component\Encryption\Serializer\JWESerializerManager; use Jose\Component\Signature\JWSBuilder; @@ -24,6 +25,11 @@ public function __construct( /** * Creates a nested token. + * + * @param array{key: JWK, protected_header?: array, header?: array} $signatures + * @param array{alg?: string, string?: mixed} $jweSharedProtectedHeader + * @param array{alg?: string, string?: mixed} $jweSharedHeader + * @param array{key: JWK, header?: array} $recipients */ public function create( string $payload, diff --git a/src/Component/NestedToken/NestedTokenBuilderFactory.php b/src/Component/NestedToken/NestedTokenBuilderFactory.php index 58b62ecd5..81269e829 100644 --- a/src/Component/NestedToken/NestedTokenBuilderFactory.php +++ b/src/Component/NestedToken/NestedTokenBuilderFactory.php @@ -22,6 +22,13 @@ public function __construct( /** * This method creates a Nested Token Builder with the given encryption/signature algorithms, serializers and * compression methods. + * + * @param array $jwe_serializers + * @param array $keyEncryptionAlgorithms + * @param array $contentEncryptionAlgorithms + * @param array $compressionMethods + * @param array $jws_serializers + * @param array $signatureAlgorithms */ public function create( array $jwe_serializers, diff --git a/src/Component/NestedToken/NestedTokenLoaderFactory.php b/src/Component/NestedToken/NestedTokenLoaderFactory.php index d3022a300..eb2d7bd59 100644 --- a/src/Component/NestedToken/NestedTokenLoaderFactory.php +++ b/src/Component/NestedToken/NestedTokenLoaderFactory.php @@ -18,6 +18,15 @@ public function __construct( /** * This method creates a Nested Token Loader with the given encryption/signature algorithms, serializers, * compression methods and header checkers. + * + * @param array $jweSerializers + * @param array $keyEncryptionAlgorithms + * @param array $contentEncryptionAlgorithms + * @param array $compressionMethods + * @param array $jweHeaderCheckers + * @param array $jwsSerializers + * @param array $signatureAlgorithms + * @param array $jwsHeaderCheckers */ public function create( array $jweSerializers, diff --git a/src/Component/Signature/JWS.php b/src/Component/Signature/JWS.php index 9a08a429c..2d5fd7eb9 100644 --- a/src/Component/Signature/JWS.php +++ b/src/Component/Signature/JWS.php @@ -76,6 +76,9 @@ public function getSignature(int $id): Signature * This method adds a signature to the JWS object. Its returns a new JWS object. * * @internal + * + * @param array{alg?: string, string?: mixed} $protectedHeader + * @param array{alg?: string, string?: mixed} $header */ public function addSignature( string $signature, diff --git a/src/Component/Signature/JWSBuilder.php b/src/Component/Signature/JWSBuilder.php index b7ea1bb36..226e2a52a 100644 --- a/src/Component/Signature/JWSBuilder.php +++ b/src/Component/Signature/JWSBuilder.php @@ -26,6 +26,14 @@ class JWSBuilder protected bool $isPayloadDetached = false; + /** + * @var array, + * protected_header: array, + * signature_key: JWK, + * signature_algorithm: Algorithm + * }> + */ protected array $signatures = []; protected ?bool $isPayloadEncoded = null; @@ -73,6 +81,9 @@ public function withPayload(string $payload, bool $isPayloadDetached = false): s /** * Adds the information needed to compute the signature. This method will return a new JWSBuilder object. + * + * @param array{alg?: string, string?: mixed} $protectedHeader + * @param array{alg?: string, string?: mixed} $header */ public function addSignature(JWK $signatureKey, array $protectedHeader, array $header = []): self { @@ -119,9 +130,9 @@ public function build(): JWS $algorithm = $signature['signature_algorithm']; /** @var JWK $signatureKey */ $signatureKey = $signature['signature_key']; - /** @var array $protectedHeader */ + /** @var array $protectedHeader */ $protectedHeader = $signature['protected_header']; - /** @var array $header */ + /** @var array $header */ $header = $signature['header']; $encodedProtectedHeader = count($protectedHeader) === 0 ? null : Base64UrlSafe::encodeUnpadded( JsonConverter::encode($protectedHeader) @@ -138,11 +149,17 @@ public function build(): JWS return $jws; } + /** + * @param array $protectedHeader + */ private function checkIfPayloadIsEncoded(array $protectedHeader): bool { return ! array_key_exists('b64', $protectedHeader) || $protectedHeader['b64'] === true; } + /** + * @param array $protectedHeader + */ private function checkB64AndCriticalHeader(array $protectedHeader): void { if (! array_key_exists('b64', $protectedHeader)) { @@ -164,6 +181,8 @@ private function checkB64AndCriticalHeader(array $protectedHeader): void } /** + * @param array{alg?: string, string?: mixed} $protectedHeader + * @param array{alg?: string, string?: mixed} $header * @return MacAlgorithm|SignatureAlgorithm */ private function findSignatureAlgorithm(JWK $key, array $protectedHeader, array $header): Algorithm @@ -187,6 +206,10 @@ private function findSignatureAlgorithm(JWK $key, array $protectedHeader, array return $algorithm; } + /** + * @param array $header1 + * @param array $header2 + */ private function checkDuplicatedHeaderParameters(array $header1, array $header2): void { $inter = array_intersect_key($header1, $header2); diff --git a/src/Component/Signature/JWSLoaderFactory.php b/src/Component/Signature/JWSLoaderFactory.php index 6337ec20d..2601c0582 100644 --- a/src/Component/Signature/JWSLoaderFactory.php +++ b/src/Component/Signature/JWSLoaderFactory.php @@ -20,6 +20,11 @@ public function __construct( * Creates a JWSLoader using the given serializer aliases, signature algorithm aliases and (optionally) the header * checker aliases. */ + /** + * @param array $serializers + * @param array $algorithms + * @param array $headerCheckers + */ public function create(array $serializers, array $algorithms, array $headerCheckers = []): JWSLoader { $serializerManager = $this->jwsSerializerManagerFactory->create($serializers); diff --git a/src/Component/Signature/JWSTokenSupport.php b/src/Component/Signature/JWSTokenSupport.php index 88c15ff51..607d66245 100644 --- a/src/Component/Signature/JWSTokenSupport.php +++ b/src/Component/Signature/JWSTokenSupport.php @@ -15,6 +15,10 @@ public function supports(JWT $jwt): bool return $jwt instanceof JWS; } + /** + * @param array $protectedHeader + * @param array $unprotectedHeader + */ public function retrieveTokenHeaders(JWT $jwt, int $index, array &$protectedHeader, array &$unprotectedHeader): void { if (! $jwt instanceof JWS) { diff --git a/src/Component/Signature/Serializer/JSONGeneralSerializer.php b/src/Component/Signature/Serializer/JSONGeneralSerializer.php index 0212bf4fc..db4d25cd8 100644 --- a/src/Component/Signature/Serializer/JSONGeneralSerializer.php +++ b/src/Component/Signature/Serializer/JSONGeneralSerializer.php @@ -119,7 +119,7 @@ private function processIsPayloadEncoded(?bool $isPayloadEncoded, array $protect } /** - * @param array $signature + * @param array{protected?: string, header?: array} $signature * @return array */ private function processHeaders(array $signature): array diff --git a/src/Component/Signature/Signature.php b/src/Component/Signature/Signature.php index a385d44c1..cebc1e2fe 100644 --- a/src/Component/Signature/Signature.php +++ b/src/Component/Signature/Signature.php @@ -20,8 +20,8 @@ class Signature private readonly array $protectedHeader; /** - * @param array $protectedHeader - * @param array $header + * @param array{alg?: string, string?: mixed} $protectedHeader + * @param array{alg?: string, string?: mixed} $header */ public function __construct( private readonly string $signature, @@ -96,7 +96,7 @@ public function hasProtectedHeaderParameter(string $key): bool */ public function getHeaderParameter(string $key) { - if ($this->hasHeaderParameter($key)) { + if (array_key_exists($key, $this->header)) { return $this->header[$key]; } diff --git a/src/Ecc/composer.json b/src/Ecc/composer.json index ff2a4c6fb..eca633810 100644 --- a/src/Ecc/composer.json +++ b/src/Ecc/composer.json @@ -39,7 +39,7 @@ }, "require": { "php": ">=8.1", - "brick/math": "^0.9|^0.10" + "brick/math": "^0.9|^0.10|^0.11" }, "suggest": { "ext-gmp": "GMP or BCMath is highly recommended to improve the library performance", diff --git a/src/EncryptionAlgorithm/Experimental/KeyEncryption/AESCTR.php b/src/EncryptionAlgorithm/Experimental/KeyEncryption/AESCTR.php index 3dab4849a..35d062cb3 100644 --- a/src/EncryptionAlgorithm/Experimental/KeyEncryption/AESCTR.php +++ b/src/EncryptionAlgorithm/Experimental/KeyEncryption/AESCTR.php @@ -45,8 +45,8 @@ public function encryptKey(JWK $key, string $cek, array $completeHeader, array & public function decryptKey(JWK $key, string $encrypted_cek, array $header): string { $k = $this->getKey($key); - isset($header['iv']) ||throw new InvalidArgumentException('The header parameter "iv" is missing.'); - is_string($header['iv']) ||throw new InvalidArgumentException('The header parameter "iv" is not valid.'); + isset($header['iv']) || throw new InvalidArgumentException('The header parameter "iv" is missing.'); + is_string($header['iv']) || throw new InvalidArgumentException('The header parameter "iv" is not valid.'); $iv = Base64UrlSafe::decode($header['iv']); $result = openssl_decrypt($encrypted_cek, $this->getMode(), $k, OPENSSL_RAW_DATA, $iv); diff --git a/src/EncryptionAlgorithm/Experimental/KeyEncryption/Chacha20Poly1305.php b/src/EncryptionAlgorithm/Experimental/KeyEncryption/Chacha20Poly1305.php index d4c9a80dd..f7d5e3db7 100644 --- a/src/EncryptionAlgorithm/Experimental/KeyEncryption/Chacha20Poly1305.php +++ b/src/EncryptionAlgorithm/Experimental/KeyEncryption/Chacha20Poly1305.php @@ -59,8 +59,8 @@ public function encryptKey(JWK $key, string $cek, array $completeHeader, array & public function decryptKey(JWK $key, string $encrypted_cek, array $header): string { $k = $this->getKey($key); - isset($header['nonce']) ||throw new InvalidArgumentException('The header parameter "nonce" is missing.'); - is_string($header['nonce']) ||throw new InvalidArgumentException('The header parameter "nonce" is not valid.'); + isset($header['nonce']) || throw new InvalidArgumentException('The header parameter "nonce" is missing.'); + is_string($header['nonce']) || throw new InvalidArgumentException('The header parameter "nonce" is not valid.'); $nonce = Base64UrlSafe::decode($header['nonce']); if (mb_strlen($nonce, '8bit') !== 12) { throw new InvalidArgumentException('The header parameter "nonce" is not valid.'); diff --git a/src/EncryptionAlgorithm/KeyEncryption/AESGCMKW/AESGCMKW.php b/src/EncryptionAlgorithm/KeyEncryption/AESGCMKW/AESGCMKW.php index 92e0d688c..cf17be409 100644 --- a/src/EncryptionAlgorithm/KeyEncryption/AESGCMKW/AESGCMKW.php +++ b/src/EncryptionAlgorithm/KeyEncryption/AESGCMKW/AESGCMKW.php @@ -46,8 +46,12 @@ public function wrapKey(JWK $key, string $cek, array $completeHeader, array &$ad public function unwrapKey(JWK $key, string $encrypted_cek, array $completeHeader): string { $kek = $this->getKey($key); - (isset($completeHeader['iv']) && is_string($completeHeader['iv'])) || throw new InvalidArgumentException('Parameter "iv" is missing.'); - (isset($completeHeader['tag']) && is_string($completeHeader['tag'])) || throw new InvalidArgumentException('Parameter "tag" is missing.'); + (isset($completeHeader['iv']) && is_string($completeHeader['iv'])) || throw new InvalidArgumentException( + 'Parameter "iv" is missing.' + ); + (isset($completeHeader['tag']) && is_string($completeHeader['tag'])) || throw new InvalidArgumentException( + 'Parameter "tag" is missing.' + ); $tag = Base64UrlSafe::decode($completeHeader['tag']); $iv = Base64UrlSafe::decode($completeHeader['iv']); diff --git a/src/EncryptionAlgorithm/KeyEncryption/ECDHES/AbstractECDH.php b/src/EncryptionAlgorithm/KeyEncryption/ECDHES/AbstractECDH.php index 9fab2069e..124644c4a 100644 --- a/src/EncryptionAlgorithm/KeyEncryption/ECDHES/AbstractECDH.php +++ b/src/EncryptionAlgorithm/KeyEncryption/ECDHES/AbstractECDH.php @@ -140,8 +140,8 @@ protected function calculateAgreementKey(JWK $private_key, JWK $public_key): str } /** - * @return JWK[] * @param array $additional_header_values + * @return JWK[] */ protected function getKeysFromPublicKey( JWK $recipient_key, diff --git a/src/EncryptionAlgorithm/KeyEncryption/RSA/composer.json b/src/EncryptionAlgorithm/KeyEncryption/RSA/composer.json index c811ac50d..d070e4a54 100644 --- a/src/EncryptionAlgorithm/KeyEncryption/RSA/composer.json +++ b/src/EncryptionAlgorithm/KeyEncryption/RSA/composer.json @@ -39,7 +39,7 @@ }, "require": { "php": ">=8.1", - "brick/math": "^0.9|^0.10", + "brick/math": "^0.9|^0.10|^0.11", "ext-openssl": "*", "symfony/polyfill-mbstring": "^1.12", "web-token/jwt-encryption": "^3.0" diff --git a/src/SignatureAlgorithm/RSA/composer.json b/src/SignatureAlgorithm/RSA/composer.json index 3a039fdcc..9a4aef839 100644 --- a/src/SignatureAlgorithm/RSA/composer.json +++ b/src/SignatureAlgorithm/RSA/composer.json @@ -39,7 +39,7 @@ }, "require": { "php": ">=8.1", - "brick/math": "^0.9|^0.10", + "brick/math": "^0.9|^0.10|^0.11", "ext-openssl": "*", "web-token/jwt-signature": "^3.0" }, diff --git a/tests/Component/Checker/Stub/TokenSupport.php b/tests/Component/Checker/Stub/TokenSupport.php index d7534fdcd..ad0fd80e3 100644 --- a/tests/Component/Checker/Stub/TokenSupport.php +++ b/tests/Component/Checker/Stub/TokenSupport.php @@ -10,6 +10,10 @@ class TokenSupport implements TokenTypeSupport { + /** + * @param array $protectedHeader + * @param array $unprotectedHeader + */ public function retrieveTokenHeaders(JWT $jwt, int $index, array &$protectedHeader, array &$unprotectedHeader): void { if (! $jwt instanceof Token) { diff --git a/tests/Component/KeyManagement/JWKFactoryTest.php b/tests/Component/KeyManagement/JWKFactoryTest.php index 818a3353e..9858da61c 100644 --- a/tests/Component/KeyManagement/JWKFactoryTest.php +++ b/tests/Component/KeyManagement/JWKFactoryTest.php @@ -232,10 +232,7 @@ public function createFromPublicEC512KeyFile(string $filename, string $expectedJ $jwk = JWKFactory::createFromKeyFile($filename); // Then - static::assertSame( - $expectedJWK, - json_encode($jwk, JSON_THROW_ON_ERROR) - ); + static::assertSame($expectedJWK, json_encode($jwk, JSON_THROW_ON_ERROR)); static::assertSame($content, ECKey::convertPublicKeyToPEM($jwk)); } diff --git a/tests/Component/KeyManagement/Keys/ECKeysTest.php b/tests/Component/KeyManagement/Keys/ECKeysTest.php index ce5ca639b..caf719f70 100644 --- a/tests/Component/KeyManagement/Keys/ECKeysTest.php +++ b/tests/Component/KeyManagement/Keys/ECKeysTest.php @@ -4,10 +4,10 @@ namespace Jose\Tests\Component\KeyManagement\Keys; -use Jose\Component\Core\Util\ECKey; use const DIRECTORY_SEPARATOR; use InvalidArgumentException; use Jose\Component\Core\JWK; +use Jose\Component\Core\Util\ECKey; use Jose\Component\KeyManagement\JWKFactory; use Jose\Component\KeyManagement\KeyConverter\KeyConverter; use PHPUnit\Framework\TestCase; diff --git a/tests/Component/KeyManagement/Keys/RSAKeysTest.php b/tests/Component/KeyManagement/Keys/RSAKeysTest.php index 1cefdfbe3..b5da31cf2 100644 --- a/tests/Component/KeyManagement/Keys/RSAKeysTest.php +++ b/tests/Component/KeyManagement/Keys/RSAKeysTest.php @@ -4,9 +4,6 @@ namespace Jose\Tests\Component\KeyManagement\Keys; -use SpomkyLabs\Pki\ASN1\Type\Constructed\Sequence; -use SpomkyLabs\Pki\ASN1\Type\Primitive\RelativeOID; -use SpomkyLabs\Pki\CryptoEncoding\PEM; use const DIRECTORY_SEPARATOR; use InvalidArgumentException; use Jose\Component\Core\JWK; @@ -142,7 +139,7 @@ public function loadPrivateRSAKey(): void $content = trim(file_get_contents($file)); // When - $rsaKey = RSAKey::createFromPEM('file://'.$file); + $rsaKey = RSAKey::createFromPEM('file://' . $file); // Then static::assertEqualsCanonicalizing([