Fix Psalm issues (#1)

* Fix psalm issues

Author: tvdijen

lib/IdP/ADFS.php

@@ -9,6 +9,11 @@
 
 class ADFS
 {
+    /**
+     * @param \SimpleSAML\IdP @idp
+     * @return void
+     * @throws \SimpleSAML\Error\Error
+     */
     public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
     {
         try {
@@ -41,6 +46,15 @@ public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
         $idp->handleAuthenticationRequest($state);
     }
 
+
+    /**
+     * @param string $issuer
+     * @param string $target
+     * @param string $nameid
+     * @param array $attributes
+     * @param int $assertionLifetime
+     * @return string
+     */
     private static function generateResponse($issuer, $target, $nameid, $attributes, $assertionLifetime)
     {
         $issueInstant = \SimpleSAML\Utils\Time::generateTimestamp();
@@ -108,13 +122,26 @@ private static function generateResponse($issuer, $target, $nameid, $attributes,
         return $result;
     }
 
+
+    /**
+     * @param string $response
+     * @param string $key
+     * @param string $cert
+     * @param string $algo
+     * @return string
+     */
     private static function signResponse($response, $key, $cert, $algo)
     {
         $objXMLSecDSig = new XMLSecurityDSig();
         $objXMLSecDSig->idKeys = ['AssertionID'];
         $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
         $responsedom = \SAML2\DOMDocumentFactory::fromString(str_replace("\r", "", $response));
         $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
+
+        if (is_null($firstassertionroot)) {
+            throw new \Exception("No assertion found in response.");
+        }
+
         $objXMLSecDSig->addReferenceList(
             [$firstassertionroot],
             XMLSecurityDSig::SHA256,
@@ -129,11 +156,20 @@ private static function signResponse($response, $key, $cert, $algo)
             $public_cert = file_get_contents($cert);
             $objXMLSecDSig->add509Cert($public_cert, true);
         }
+
+        /** @var \DOMElement $objXMLSecDSig->sigNode */
         $newSig = $responsedom->importNode($objXMLSecDSig->sigNode, true);
         $firstassertionroot->appendChild($newSig);
         return $responsedom->saveXML();
     }
 
+
+    /**
+     * @param string $url
+     * @param string $wresult
+     * @param string $wctx
+     * @return void
+     */
     private static function postResponse($url, $wresult, $wctx)
     {
         $config = \SimpleSAML\Configuration::getInstance();
@@ -193,6 +229,7 @@ public static function getHostedMetadata($entityid)
             $hasNewCert = true;
         }
 
+        /** @var array $certInfo */
         $certInfo = Crypto::loadPublicKey($config, true);
         $keys[] = [
             'type' => 'X509Certificate',
@@ -203,6 +240,7 @@ public static function getHostedMetadata($entityid)
         ];
 
         if ($config->hasValue('https.certificate')) {
+            /** @var array $httpsCert */
             $httpsCert = Crypto::loadPublicKey($config, true, 'https.');
             $keys[] = [
                 'type' => 'X509Certificate',
@@ -223,7 +261,7 @@ public static function getHostedMetadata($entityid)
             );
 
             if (!$config->hasValue('OrganizationURL')) {
-                throw new \SimpleSAMl\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
+                throw new \SimpleSAML\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
             }
             $metadata['OrganizationURL'] = $config->getLocalizedString('OrganizationURL');
         }
@@ -271,6 +309,11 @@ public static function getHostedMetadata($entityid)
     }
 
 
+    /**
+     * @param array $state
+     * @throws \Exception
+     * @return void
+     */
     public static function sendResponse(array $state)
     {
         $spMetadata = $state["SPMetadata"];
@@ -323,6 +366,12 @@ public static function sendResponse(array $state)
         ADFS::postResponse($wreply, $wresult, $wctx);
     }
 
+
+    /**
+     * @param \SimpleSAML\IdP $idp
+     * @param array $state
+     * @return void
+     */
     public static function sendLogoutResponse(\SimpleSAML\IdP $idp, array $state)
     {
         // NB:: we don't know from which SP the logout request came from
@@ -332,6 +381,12 @@ public static function sendLogoutResponse(\SimpleSAML\IdP $idp, array $state)
         );
     }
 
+
+    /**
+     * @param \SimpleSAML\IdP $idp
+     * @throws \Exception
+     * @return void
+     */
     public static function receiveLogoutMessage(\SimpleSAML\IdP $idp)
     {
         // if a redirect is to occur based on wreply, we will redirect to url as
@@ -351,7 +406,15 @@ public static function receiveLogoutMessage(\SimpleSAML\IdP $idp)
         $idp->handleLogoutRequest($state, $assocId);
     }
 
-    // accepts an association array, and returns a URL that can be accessed to terminate the association
+
+    /**
+     * accepts an association array, and returns a URL that can be accessed to terminate the association
+     *
+     * @param \SimpleSAML\IdP $idp
+     * @param array $association
+     * @param string $relayState
+     * @return string
+     */
     public static function getLogoutURL(\SimpleSAML\IdP $idp, array $association, $relayState)
     {
         $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();

lib/SAML2/XML/fed/Endpoint.php

@@ -2,7 +2,7 @@
 
 namespace SimpleSAML\Module\adfs\SAML2\XML\fed;
 
-use Webmozard\Assert\Assert;
+use Webmozart\Assert\Assert;
 
 /**
  * Class representing fed Endpoint.
@@ -17,6 +17,8 @@ class Endpoint
      *
      * @param \DOMElement $parent  The element we should append this endpoint to.
      * @param string $name  The name of the element we should create.
+     * @param string $address
+     * @return \DOMElement
      */
     public static function appendXML(\DOMElement $parent, $name, $address)
     {

lib/SAML2/XML/fed/SecurityTokenServiceType.php

@@ -15,16 +15,17 @@ class SecurityTokenServiceType extends \SAML2\XML\md\RoleDescriptor
     /**
      * List of supported protocols.
      *
-     * @var array
+     * @var array $protocolSupportEnumeration
      */
     public $protocolSupportEnumeration = [Constants::NS_FED];
 
     /**
      * The Location of Services.
      *
-     * @var string
+     * @var string|null $Location
      */
-    public $Location;
+    public $Location = null;
+
 
     /**
      * Initialize a SecurityTokenServiceType element.
@@ -49,6 +50,10 @@ public function toXML(\DOMElement $parent)
     {
         Assert::string($this->Location);
 
+        if (is_null($this->Location)) {
+            throw new \Exception('Location not set');
+        }
+
         $e = parent::toXML($parent);
         $e->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:fed', Constants::NS_FED);
         $e->setAttributeNS(\SAML2\Constants::NS_XSI, 'xsi:type', 'fed:SecurityTokenServiceType');
@@ -63,7 +68,7 @@ public function toXML(\DOMElement $parent)
     /**
      * Get the location of this service.
      *
-     * @return string The full URL where this service can be reached.
+     * @return string|null The full URL where this service can be reached.
      */
     public function getLocation()
     {
@@ -75,6 +80,7 @@ public function getLocation()
      * Set the location of this service.
      *
      * @param string $location The full URL where this service can be reached.
+     * @return void
      */
     public function setLocation($location)
     {

lib/SAML2/XML/fed/TokenTypesOffered.php

@@ -14,6 +14,7 @@ class TokenTypesOffered
      * Add tokentypesoffered to an XML element.
      *
      * @param \DOMElement $parent  The element we should append this endpoint to.
+     * @return \DOMElement
      */
     public static function appendXML(\DOMElement $parent)
     {

tests/bootstrap.php

@@ -1,6 +1,7 @@
 <?php
 
 $projectRoot = dirname(__DIR__);
+/** @psalm-suppress UnresolvableInclude */
 require_once($projectRoot.'/vendor/autoload.php');
 
 // Symlink module into ssp vendor lib so that templates and urls can resolve correctly

www/idp/metadata.php

@@ -37,6 +37,7 @@
         $hasNewCert = false;
     }
 
+    /** @var array $certInfo */
     $certInfo = \SimpleSAML\Utils\Crypto::loadPublicKey($idpmeta, true);
     $availableCerts['idp.crt'] = $certInfo;
     $keys[] = [
@@ -47,6 +48,7 @@
     ];
 
     if ($idpmeta->hasValue('https.certificate')) {
+        /** @var array $httpsCert */
         $httpsCert = \SimpleSAML\Utils\Crypto::loadPublicKey($idpmeta, true, 'https.');
         Assert::keyExists($httpsCert, 'certData');
         $availableCerts['https.crt'] = $httpsCert;
@@ -173,9 +175,11 @@
         header('Content-Type: application/xml');
 
         // make sure to export only the md:EntityDescriptor
-        $metaxml = substr($metaxml, strpos($metaxml, '<md:EntityDescriptor'));
+        $i = strpos($metaxml, '<md:EntityDescriptor');
+        $metaxml = substr($metaxml, $i ? $i : 0);
         // 22 = strlen('</md:EntityDescriptor>')
-        $metaxml = substr($metaxml, 0, strrpos($metaxml, '</md:EntityDescriptor>') + 22);
+        $i = strrpos($metaxml, '</md:EntityDescriptor>');
+        $metaxml = substr($metaxml, 0, $i ? $i + 22 : 0);
         echo $metaxml;
 
         exit(0);