Start using PHP 8.1 features

simplesamlphp · Dec 14, 2023 · fdafd58 · fdafd58
1 parent dd2d9fc
commit fdafd58
Show file tree

Hide file tree

Showing 12 changed files with 74 additions and 70 deletions.
diff --git a/src/Alg/KeyTransport.php b/src/Alg/KeyTransport.php
@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\XMLSecurity\Alg;
+
+/**
+ * Key transport algorithms
+ */
+enum KeyTransport: string
+{
+    case RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5';
+    case OAEP = 'http://www.w3.org/2009/xmlenc11#rsa-oaep';
+    case OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p';
+}
diff --git a/src/Alg/KeyTransport/KeyTransportAlgorithmFactory.php b/src/Alg/KeyTransport/KeyTransportAlgorithmFactory.php
@@ -6,7 +6,7 @@
 
 use SimpleSAML\XMLSecurity\Alg\AbstractAlgorithmFactory;
 use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmInterface;
-use SimpleSAML\XMLSecurity\Constants as C;
+use SimpleSAML\XMLSecurity\Alg\KeyTransport;
 use SimpleSAML\XMLSecurity\Key\KeyInterface;
 
 /**
@@ -19,10 +19,10 @@ class KeyTransportAlgorithmFactory extends AbstractAlgorithmFactory
      *
      * Defaults to RSA 1.5.
      *
-     * @var string[]
+     * @var \SimpleSAML\XMLSecurity\Alg\KeyTransport[]
      */
     private const DEFAULT_BLACKLIST = [
-        C::KEY_TRANSPORT_RSA_1_5,
+        KeyTransport::RSA_1_5,
     ];
 
     /**

diff --git a/src/Alg/KeyTransport/RSA.php b/src/Alg/KeyTransport/RSA.php
@@ -4,7 +4,7 @@
 
 namespace SimpleSAML\XMLSecurity\Alg\KeyTransport;
 
-use SimpleSAML\XMLSecurity\Constants as C;
+use SimpleSAML\XMLSecurity\Alg\KeyTransport;
 use SimpleSAML\XMLSecurity\Key\AsymmetricKey;
 
 /**
@@ -18,19 +18,19 @@ final class RSA extends AbstractKeyTransporter
      * RSA constructor.
      *
      * @param \SimpleSAML\XMLSecurity\Key\AsymmetricKey $key The asymmetric key (either public or private) to use.
-     * @param string $algId The identifier of this algorithm.
+     * @param \SimpleSAML\XMLSecurity\Alg\KeyTransport $algId The identifier of this algorithm.
      */
-    public function __construct(AsymmetricKey $key, string $algId = C::KEY_TRANSPORT_OAEP_MGF1P)
+    public function __construct(AsymmetricKey $key, KeyTransport $algId = KeyTransport::OAEP_MGF1P)
     {
         parent::__construct($key, $algId);
     }
 
 
     /**
-     * @inheritDoc
+     * @return \SimpleSAML\XMLSecurity\Alg\KeyTransport[]
      */
     public static function getSupportedAlgorithms(): array
     {
-        return C::$KEY_TRANSPORT_ALGORITHMS;
+        return KeyTransport::cases();
     }
 }
diff --git a/src/Backend/OpenSSL.php b/src/Backend/OpenSSL.php
@@ -4,6 +4,7 @@
 
 namespace SimpleSAML\XMLSecurity\Backend;
 
+use SimpleSAML\XMLSecurity\Alg\KeyTransport;
 use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException;
 use SimpleSAML\XMLSecurity\Exception\RuntimeException;
@@ -215,25 +216,25 @@ public function verify(KeyInterface $key, string $plaintext, string $signature):
     /**
      * Set the cipher to be used by the backend.
      *
-     * @param string $cipher The identifier of the cipher.
+     * @param \SimpleSAML\XMLSecurity\Alg\KeyTransport|string $cipher The identifier of the cipher.
      *
      * @throws \SimpleSAML\XMLSecurity\Exception\InvalidArgumentException If the cipher is unknown or not supported.
      */
-    public function setCipher(string $cipher): void
+    public function setCipher(KeyTransport|string $cipher): void
     {
-        if (!isset(C::$BLOCK_CIPHER_ALGORITHMS[$cipher]) && !in_array($cipher, C::$KEY_TRANSPORT_ALGORITHMS)) {
+        if (is_string($cipher) && !isset(C::$BLOCK_CIPHER_ALGORITHMS[$cipher]) {
             throw new InvalidArgumentException('Invalid or unknown cipher');
         }
 
         // configure the backend depending on the actual algorithm to use
         $this->useAuthTag = false;
         $this->cipher = $cipher;
         switch ($cipher) {
-            case C::KEY_TRANSPORT_RSA_1_5:
+            case KeyTransport::RSA_1_5:
                 $this->padding = OPENSSL_PKCS1_PADDING;
                 break;
-            case C::KEY_TRANSPORT_OAEP:
-            case C::KEY_TRANSPORT_OAEP_MGF1P:
+            case KeyTransport::OAEP:
+            case KeyTransport::OAEP_MGF1P:
                 $this->padding = OPENSSL_PKCS1_OAEP_PADDING;
                 break;
             case C::BLOCK_ENC_AES128_GCM:

diff --git a/src/Constants.php b/src/Constants.php
@@ -77,19 +77,6 @@ class Constants extends \SimpleSAML\XML\Constants
         self::BLOCK_ENC_AES256_GCM => 32,
     ];
 
-    /**
-     * Key transport algorithms
-     */
-    public const KEY_TRANSPORT_RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5';
-    public const KEY_TRANSPORT_OAEP = 'http://www.w3.org/2009/xmlenc11#rsa-oaep';
-    public const KEY_TRANSPORT_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p';
-
-    public static array $KEY_TRANSPORT_ALGORITHMS = [
-        self::KEY_TRANSPORT_RSA_1_5,
-        self::KEY_TRANSPORT_OAEP,
-        self::KEY_TRANSPORT_OAEP_MGF1P,
-    ];
-
     /**
      * Signature algorithms
      */

diff --git a/src/XML/EncryptableElementTrait.php b/src/XML/EncryptableElementTrait.php
@@ -54,7 +54,7 @@ trait EncryptableElementTrait
     public function encrypt(EncryptionAlgorithmInterface $encryptor): EncryptedData
     {
         $keyInfo = null;
-        if (in_array($encryptor->getAlgorithmId(), C::$KEY_TRANSPORT_ALGORITHMS)) {
+        if (in_array($encryptor->getAlgorithmId(), KeyTransport::cases()) {
             // the encryptor uses a key transport algorithm, use that to generate a session key
             $sessionKey = SymmetricKey::generate($this->sessionKeyLen);
 

diff --git a/src/XML/EncryptedElementTrait.php b/src/XML/EncryptedElementTrait.php
@@ -12,7 +12,6 @@
 use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory;
 use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmInterface;
 use SimpleSAML\XMLSecurity\Backend\EncryptionBackend;
-use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException;
 use SimpleSAML\XMLSecurity\Exception\NoEncryptedDataException;
 use SimpleSAML\XMLSecurity\Exception\RuntimeException;
@@ -118,7 +117,7 @@ protected function decryptData(EncryptionAlgorithmInterface $decryptor): string
             $algId = $encMethod->getAlgorithm();
         }
 
-        if (in_array($decryptor->getAlgorithmId(), C::$KEY_TRANSPORT_ALGORITHMS)) {
+        if (in_array($decryptor->getAlgorithmId(), KeyTransport::cases())) {
             // the decryptor uses a key transport algorithm, check if we have a session key
             if ($this->hasDecryptionKey() === null) {
                 throw new RuntimeException('Cannot use a key transport algorithm to decrypt an object.');

diff --git a/tests/Alg/KeyTransport/KeyTransportAlgorithmFactoryTest.php b/tests/Alg/KeyTransport/KeyTransportAlgorithmFactoryTest.php
@@ -5,9 +5,9 @@
 namespace SimpleSAML\XMLSecurity\Test\Alg\KeyTransport;
 
 use PHPUnit\Framework\TestCase;
+use SimpleSAML\XMLSecurity\Alg\KeyTransport;
 use SimpleSAML\XMLSecurity\Alg\KeyTransport\KeyTransportAlgorithmFactory;
 use SimpleSAML\XMLSecurity\Alg\KeyTransport\RSA;
-use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Exception\BlacklistedAlgorithmException;
 use SimpleSAML\XMLSecurity\Exception\UnsupportedAlgorithmException;
 use SimpleSAML\XMLSecurity\Key\PublicKey;
@@ -47,16 +47,16 @@ public function testGetUnknownAlgorithm(): void
     public function testDefaultBlacklistedAlgorithm(): void
     {
         $factory = new KeyTransportAlgorithmFactory();
-        $algorithm = $factory->getAlgorithm(C::KEY_TRANSPORT_OAEP, self::$pkey);
+        $algorithm = $factory->getAlgorithm(KeyTransport::OAEP, self::$pkey);
         $this->assertInstanceOf(RSA::class, $algorithm);
-        $this->assertEquals(C::KEY_TRANSPORT_OAEP, $algorithm->getAlgorithmId());
+        $this->assertEquals(KeyTransport::OAEP, $algorithm->getAlgorithmId());
 
-        $algorithm = $factory->getAlgorithm(C::KEY_TRANSPORT_OAEP_MGF1P, self::$pkey);
+        $algorithm = $factory->getAlgorithm(KeyTransport::OAEP_MGF1P, self::$pkey);
         $this->assertInstanceOf(RSA::class, $algorithm);
-        $this->assertEquals(C::KEY_TRANSPORT_OAEP_MGF1P, $algorithm->getAlgorithmId());
+        $this->assertEquals(KeyTransport::OAEP_MGF1P, $algorithm->getAlgorithmId());
 
         $this->expectException(BlacklistedAlgorithmException::class);
-        $factory->getAlgorithm(C::KEY_TRANSPORT_RSA_1_5, self::$pkey);
+        $factory->getAlgorithm(KeyTransport::RSA_1_5, self::$pkey);
     }
 
 
@@ -65,17 +65,17 @@ public function testDefaultBlacklistedAlgorithm(): void
      */
     public function testBlacklistedAlgorithm(): void
     {
-        $factory = new KeyTransportAlgorithmFactory([C::KEY_TRANSPORT_OAEP_MGF1P]);
-        $algorithm = $factory->getAlgorithm(C::KEY_TRANSPORT_OAEP, self::$pkey);
+        $factory = new KeyTransportAlgorithmFactory([KeyTransport::OAEP_MGF1P]);
+        $algorithm = $factory->getAlgorithm(KeyTransport::OAEP, self::$pkey);
         $this->assertInstanceOf(RSA::class, $algorithm);
-        $this->assertEquals(C::KEY_TRANSPORT_OAEP, $algorithm->getAlgorithmId());
+        $this->assertEquals(KeyTransport::OAEP, $algorithm->getAlgorithmId());
         $this->assertEquals(self::$pkey, $algorithm->getKey());
 
-        $algorithm = $factory->getAlgorithm(C::KEY_TRANSPORT_RSA_1_5, self::$pkey);
+        $algorithm = $factory->getAlgorithm(KeyTransport::RSA_1_5, self::$pkey);
         $this->assertInstanceOf(RSA::class, $algorithm);
-        $this->assertEquals(C::KEY_TRANSPORT_RSA_1_5, $algorithm->getAlgorithmId());
+        $this->assertEquals(KeyTransport::RSA_1_5, $algorithm->getAlgorithmId());
 
         $this->expectException(BlacklistedAlgorithmException::class);
-        $factory->getAlgorithm(C::KEY_TRANSPORT_OAEP_MGF1P, self::$pkey);
+        $factory->getAlgorithm(KeyTransport::OAEP_MGF1P, self::$pkey);
     }
 }
diff --git a/tests/Alg/KeyTransport/RSAKeyTransportTest.php b/tests/Alg/KeyTransport/RSAKeyTransportTest.php
@@ -5,8 +5,8 @@
 namespace SimpleSAML\XMLSecurity\Test\Alg\KeyTransport;
 
 use PHPUnit\Framework\TestCase;
+use SimpleSAML\XMLSecurity\Alg\KeyTransport;
 use SimpleSAML\XMLSecurity\Alg\KeyTransport\KeyTransportAlgorithmFactory;
-use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Key\PrivateKey;
 use SimpleSAML\XMLSecurity\Key\PublicKey;
 use SimpleSAML\XMLSecurity\TestUtils\PEMCertificatesMock;
@@ -48,19 +48,19 @@ public static function setUpBeforeClass(): void
     public function testEncrypt(): void
     {
         // test RSA 1.5
-        $rsa = self::$factory->getAlgorithm(C::KEY_TRANSPORT_RSA_1_5, self::$publicKey);
+        $rsa = self::$factory->getAlgorithm(KeyTransport::RSA_1_5, self::$publicKey);
         $encrypted = $rsa->encrypt(self::PLAINTEXT);
         $this->assertNotEmpty($encrypted);
         $this->assertEquals(128, strlen($encrypted));
 
         // test RSA-OAEP
-        $rsa = self::$factory->getAlgorithm(C::KEY_TRANSPORT_OAEP, self::$publicKey);
+        $rsa = self::$factory->getAlgorithm(KeyTransport::OAEP, self::$publicKey);
         $encrypted = $rsa->encrypt(self::PLAINTEXT);
         $this->assertNotEmpty($encrypted);
         $this->assertEquals(128, strlen($encrypted));
 
         // test RSA-OAEP-MGF1P
-        $rsa = self::$factory->getAlgorithm(C::KEY_TRANSPORT_OAEP_MGF1P, self::$publicKey);
+        $rsa = self::$factory->getAlgorithm(KeyTransport::OAEP_MGF1P, self::$publicKey);
         $encrypted = $rsa->encrypt(self::PLAINTEXT);
         $this->assertNotEmpty($encrypted);
         $this->assertEquals(128, strlen($encrypted));
@@ -79,20 +79,20 @@ public function testDecrypt(): void
         $ciphertext = "0Ok/N3BV5LUxmr8IDXQQhtzQEJzD5uSN5kOVjzPkzesjlSVR9qv819MPBL8yfSMdUSQWVq1N/w" .
                       "A6fgclGb/keGZOtjSkHZnZEZvXEOQItFjS6MbQc+TzNmRd6FSkuPUmwQ1V+NwxTPCIwXSSd0Aj" .
                       "7oHb7xRdBhoFuDrSbYAvATQ=";
-        $rsa = self::$factory->getAlgorithm(C::KEY_TRANSPORT_OAEP_MGF1P, self::$privateKey);
+        $rsa = self::$factory->getAlgorithm(KeyTransport::OAEP_MGF1P, self::$privateKey);
         $plaintext = $rsa->decrypt(base64_decode($ciphertext));
         $this->assertEquals(self::PLAINTEXT, $plaintext);
 
         // test RSA-OAEP (should behave the same as MGF1P)
-        $rsa = self::$factory->getAlgorithm(C::KEY_TRANSPORT_OAEP, self::$privateKey);
+        $rsa = self::$factory->getAlgorithm(KeyTransport::OAEP, self::$privateKey);
         $plaintext = $rsa->decrypt(base64_decode($ciphertext));
         $this->assertEquals(self::PLAINTEXT, $plaintext);
 
         // test RSA-1.5
         $ciphertext = "ZAnYBqqM5T/kg+P8fb3UfDU1gyUIpndpqQN2qpmJso2z6His6WOkh5JFVN/wz+agvyR54kMmII" .
                       "afiDsy5izSk6+QZ5kMOgRLrmnh+RYZXjvCL6i1NXzaLw8yZLBvlP01SNMv/BBq640yzbG9U2ZN" .
                       "nxBLDvBmbJBxzt6XCowXQS8=";
-        $rsa = self::$factory->getAlgorithm(C::KEY_TRANSPORT_RSA_1_5, self::$privateKey);
+        $rsa = self::$factory->getAlgorithm(KeyTransport::RSA_1_5, self::$privateKey);
         $plaintext = $rsa->decrypt(base64_decode($ciphertext));
         $this->assertEquals(self::PLAINTEXT, $plaintext);
     }

diff --git a/tests/Backend/OpenSSLTest.php b/tests/Backend/OpenSSLTest.php
@@ -5,6 +5,7 @@
 namespace SimpleSAML\XMLSecurity\Test\Backend;
 
 use PHPUnit\Framework\TestCase;
+use SimpleSAML\XMLSecurity\Alg\KeyTransport;
 use SimpleSAML\XMLSecurity\Backend\OpenSSL;
 use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException;
@@ -104,7 +105,7 @@ public function testEncrypt(): void
         // test symmetric encryption
         self::$backend->setCipher(C::BLOCK_ENC_AES128);
         $this->assertNotEmpty(self::$backend->encrypt(self::$sharedKey, 'Plaintext'));
-        self::$backend->setCipher(C::KEY_TRANSPORT_RSA_1_5);
+        self::$backend->setCipher(KeyTransport::RSA_1_5);
 
         // test encryption with public key
         $this->assertNotEmpty(self::$backend->encrypt(self::$pubKey, 'Plaintext'));
@@ -130,7 +131,7 @@ public function testDecrypt(): void
         );
 
         // test decryption with private key
-        self::$backend->setCipher(C::KEY_TRANSPORT_RSA_1_5);
+        self::$backend->setCipher(KeyTransport::RSA_1_5);
         $this->assertEquals(
             'Plaintext',
             self::$backend->decrypt(
@@ -169,11 +170,11 @@ public function testDecrypt(): void
      */
     public function testEquivalentOAEP(): void
     {
-        self::$backend->setCipher(C::KEY_TRANSPORT_OAEP_MGF1P);
+        self::$backend->setCipher(KeyTransport::OAEP_MGF1P);
         $ciphertext = self::$backend->encrypt(self::$pubKey, 'Plaintext');
-        self::$backend->setCipher(C::KEY_TRANSPORT_OAEP);
+        self::$backend->setCipher(KeyTransport::OAEP);
         $this->assertEquals('Plaintext', self::$backend->decrypt(self::$privKey, $ciphertext));
-        self::$backend->setCipher(C::KEY_TRANSPORT_OAEP_MGF1P);
+        self::$backend->setCipher(KeyTransport::OAEP_MGF1P);
         $this->assertEquals('Plaintext', self::$backend->decrypt(self::$privKey, $ciphertext));
     }
 
@@ -183,9 +184,9 @@ public function testEquivalentOAEP(): void
      */
     public function testEncryptRSA15DecryptOAEP(): void
     {
-        self::$backend->setCipher(C::KEY_TRANSPORT_RSA_1_5);
+        self::$backend->setCipher(KeyTransport::RSA_1_5);
         $ciphertext = self::$backend->encrypt(self::$pubKey, 'Plaintext');
-        self::$backend->setCipher(C::KEY_TRANSPORT_OAEP);
+        self::$backend->setCipher(KeyTransport::OAEP);
         $this->expectException(RuntimeException::class);
         $this->expectExceptionMessageMatches('/^Cannot decrypt data:/');
         self::$backend->decrypt(self::$privKey, $ciphertext);
@@ -197,9 +198,9 @@ public function testEncryptRSA15DecryptOAEP(): void
      */
     public function testEncryptOAEPDecryptRSA15(): void
     {
-        self::$backend->setCipher(C::KEY_TRANSPORT_OAEP);
+        self::$backend->setCipher(KeyTransport::OAEP);
         $ciphertext = self::$backend->encrypt(self::$pubKey, 'Plaintext');
-        self::$backend->setCipher(C::KEY_TRANSPORT_RSA_1_5);
+        self::$backend->setCipher(KeyTransport::RSA_1_5);
         $this->expectException(RuntimeException::class);
         $this->expectExceptionMessageMatches('/^Cannot decrypt data:/');
         self::$backend->decrypt(self::$privKey, $ciphertext);

diff --git a/tests/XML/EncryptedCustomTest.php b/tests/XML/EncryptedCustomTest.php
@@ -8,6 +8,7 @@
 use PHPUnit\Framework\TestCase;
 use SimpleSAML\XML\DOMDocumentFactory;
 use SimpleSAML\XMLSecurity\Alg\Encryption\EncryptionAlgorithmFactory;
+use SimpleSAML\XMLSecurity\Alg\KeyTransport;
 use SimpleSAML\XMLSecurity\Alg\KeyTransport\KeyTransportAlgorithmFactory;
 use SimpleSAML\XMLSecurity\Constants as C;
 use SimpleSAML\XMLSecurity\Key\PrivateKey;
@@ -82,11 +83,11 @@ public function testEncryptAndDecryptSessionKey(): void
 
         // encrypt
         $factory = new KeyTransportAlgorithmFactory();
-        $encryptor = $factory->getAlgorithm(C::KEY_TRANSPORT_OAEP_MGF1P, $this->pubKey);
+        $encryptor = $factory->getAlgorithm(KeyTransport::OAEP_MGF1P, $this->pubKey);
         $encryptedCustom = new EncryptedCustom($customSigned->encrypt($encryptor));
 
         // decrypt
-        $decryptor = $factory->getAlgorithm(C::KEY_TRANSPORT_OAEP_MGF1P, $this->privKey);
+        $decryptor = $factory->getAlgorithm(KeyTransport::OAEP_MGF1P, $this->privKey);
         $decryptedCustom = $encryptedCustom->decrypt($decryptor);
 
         $this->assertEquals($customSigned, $decryptedCustom);