Skip to content

Commit 52a649c

Browse files
cicnavicicnavi
committed
Fix phpstan
1 parent 38774ef commit 52a649c

4 files changed

Lines changed: 106 additions & 58 deletions

File tree

src/Codebooks/MetadataPolicyOperatorsEnum.php

Lines changed: 34 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -137,25 +137,37 @@ public function getSupportedParameterContainedValueTypes(): array
137137

138138

139139
/**
140-
* @phpstan-ignore missingType.iterableValue (We can handle mixed type using array_diff)
140+
* @param mixed[] $superset
141141
*/
142142
public function isValueSubsetOf(mixed $value, array $superset): bool
143143
{
144144
$value = is_array($value) ? $value : [$value];
145145

146-
return array_diff($value, $superset) === [];
146+
foreach ($value as $item) {
147+
if (!in_array($item, $superset, true)) {
148+
return false;
149+
}
150+
}
151+
152+
return true;
147153
}
148154

149155

150156
/**
151-
* @phpstan-ignore missingType.iterableValue (We can handle mixed type using array_diff)
157+
* @param mixed[] $subset
152158
*/
153159
public function isValueSupersetOf(mixed $value, array $subset): bool
154160
{
155161
$value = is_array($value) ? $value : [$value];
156162

157-
// Like subset, but from different perspective.
158-
return array_diff($subset, $value) === [];
163+
// Like subset, but from a different perspective.
164+
foreach ($subset as $item) {
165+
if (!in_array($item, $value, true)) {
166+
return false;
167+
}
168+
}
169+
170+
return true;
159171
}
160172

161173

@@ -301,7 +313,7 @@ public static function validateGeneralParameterOperationRules(array $parameterOp
301313

302314
$operatorValue = $parameterOperations[$metadataPolicyOperatorsEnum->value];
303315
// Check common policy resolving rules for each supported operator.
304-
// If operator value type is not supported, throw.
316+
// If an operator value type is not supported, throw.
305317
if (!$metadataPolicyOperatorsEnum->isOperatorValueTypeSupported($operatorValue)) {
306318
throw new MetadataPolicyException(
307319
sprintf(
@@ -312,7 +324,7 @@ public static function validateGeneralParameterOperationRules(array $parameterOp
312324
);
313325
}
314326

315-
// If operator combination is not allowed, throw.
327+
// If an operator combination is not allowed, throw.
316328
if (!$metadataPolicyOperatorsEnum->isOperatorCombinationSupported($parameterOperatorKeys)) {
317329
throw new MetadataPolicyException(
318330
sprintf(
@@ -342,13 +354,14 @@ public static function validateSpecificParameterOperationRules(array $parameterO
342354

343355
$operatorValue = $parameterOperations[$metadataPolicyOperatorEnum->value];
344356

345-
// Start with operator 'value'.
357+
// Start with the operator 'value'.
346358
if ($metadataPolicyOperatorEnum === MetadataPolicyOperatorsEnum::Value) {
347-
// MAY be combined with add, in which case the values of add MUST be a subset of the values of value.
359+
// MAY be combined with 'add', in which case the values of 'add' MUST be a subset of the values
360+
// of value.
348361
if (
349362
in_array(MetadataPolicyOperatorsEnum::Add->value, $parameterOperatorKeys, true)
350363
) {
351-
/** @var array<mixed> $subset We ensured this is array. */
364+
/** @var array<mixed> $subset We ensured this is an array. */
352365
$subset = $parameterOperations[MetadataPolicyOperatorsEnum::Add->value];
353366
if (!MetadataPolicyOperatorsEnum::Value->isValueSupersetOf($operatorValue, $subset)) {
354367
throw new MetadataPolicyException(
@@ -362,7 +375,7 @@ public static function validateSpecificParameterOperationRules(array $parameterO
362375
}
363376
}
364377

365-
// MAY be combined with default if the value of value is not null.
378+
// MAY be combined with default if the value of 'value' is not null.
366379
if (
367380
in_array(MetadataPolicyOperatorsEnum::Default->value, $parameterOperatorKeys, true) &&
368381
is_null($operatorValue)
@@ -379,7 +392,7 @@ public static function validateSpecificParameterOperationRules(array $parameterO
379392
if (
380393
in_array(MetadataPolicyOperatorsEnum::OneOf->value, $parameterOperatorKeys, true)
381394
) {
382-
/** @var array<mixed> $oneOf We ensured this is array. */
395+
/** @var array<mixed> $oneOf We ensured this is an array. */
383396
$oneOf = $parameterOperations[MetadataPolicyOperatorsEnum::OneOf->value];
384397
if (!in_array($operatorValue, $oneOf)) {
385398
throw new MetadataPolicyException(
@@ -398,7 +411,7 @@ public static function validateSpecificParameterOperationRules(array $parameterO
398411
if (
399412
in_array(MetadataPolicyOperatorsEnum::SubsetOf->value, $parameterOperatorKeys, true)
400413
) {
401-
/** @var array<mixed> $superset We ensured this is array. */
414+
/** @var array<mixed> $superset We ensured this is an array. */
402415
$superset = $parameterOperations[MetadataPolicyOperatorsEnum::SubsetOf->value];
403416
if (!MetadataPolicyOperatorsEnum::Value->isValueSubsetOf($operatorValue, $superset)) {
404417
throw new MetadataPolicyException(
@@ -417,7 +430,7 @@ public static function validateSpecificParameterOperationRules(array $parameterO
417430
if (
418431
in_array(MetadataPolicyOperatorsEnum::SupersetOf->value, $parameterOperatorKeys, true)
419432
) {
420-
/** @var array<mixed> $subset We ensured this is array. */
433+
/** @var array<mixed> $subset We ensured this is an array. */
421434
$subset = $parameterOperations[MetadataPolicyOperatorsEnum::SupersetOf->value];
422435
if (!MetadataPolicyOperatorsEnum::Value->isValueSupersetOf($operatorValue, $subset)) {
423436
throw new MetadataPolicyException(
@@ -447,15 +460,15 @@ public static function validateSpecificParameterOperationRules(array $parameterO
447460
}
448461
}
449462
} elseif ($metadataPolicyOperatorEnum === MetadataPolicyOperatorsEnum::Add) {
450-
// MAY be combined with value, in which case the values of add MUST be a subset of the values of value.
451-
// We handle this in value case.
463+
// MAY be combined with value, in which case the values of 'add' MUST be a subset of the values of
464+
// 'value'. We handle this in value case.
452465

453-
// MAY be combined with subset_of, in which case the values of add MUST be a subset of the values of
466+
// MAY be combined with subset_of, in which case the values of 'add' MUST be a subset of the values of
454467
// subset_of.
455468
if (
456469
in_array(MetadataPolicyOperatorsEnum::SubsetOf->value, $parameterOperatorKeys, true)
457470
) {
458-
/** @var array<mixed> $superset We ensured this is array. */
471+
/** @var array<mixed> $superset We ensured this is an array. */
459472
$superset = $parameterOperations[
460473
MetadataPolicyOperatorsEnum::SubsetOf->value
461474
];
@@ -481,8 +494,8 @@ public static function validateSpecificParameterOperationRules(array $parameterO
481494
// MAY be combined with value, in which case the values of value MUST be a subset of the values of
482495
// subset_of. -> handled in value case.
483496

484-
// MAY be combined with add, in which case the values of add MUST be a subset of the values of
485-
// subset_of. -> handled in add case.
497+
// MAY be combined with 'add', in which case the values of 'add' MUST be a subset of the values of
498+
// subset_of. -> handled in the 'add' case.
486499

487500
// MAY be combined with superset_of, in which case the values of subset_of MUST be a superset of the
488501
// values of superset_of.
@@ -493,7 +506,7 @@ public static function validateSpecificParameterOperationRules(array $parameterO
493506
true,
494507
)
495508
) {
496-
/** @var array<mixed> $subset We ensured this is array. */
509+
/** @var array<mixed> $subset We ensured this is an array. */
497510
$subset = $parameterOperations[
498511
MetadataPolicyOperatorsEnum::SupersetOf->value
499512
];

src/Federation/MetadataPolicyApplicator.php

Lines changed: 20 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -73,10 +73,14 @@ public function for(
7373

7474
/** @var array<mixed> $metadataParameterValueBeforePolicy */
7575
/** @var array<mixed> $operatorValue */
76-
$metadataParameterValue = array_values(array_unique(array_merge(
77-
$metadataParameterValueBeforePolicy,
78-
$operatorValue,
79-
)));
76+
$uniqueValues = [];
77+
foreach (array_merge($metadataParameterValueBeforePolicy, $operatorValue) as $item) {
78+
if (!in_array($item, $uniqueValues, true)) {
79+
$uniqueValues[] = $item;
80+
}
81+
}
82+
83+
$metadataParameterValue = $uniqueValues;
8084

8185
$metadata[$policyParameterName] = $this->resolveParameterValueAfterPolicy(
8286
$metadataParameterValue,
@@ -127,10 +131,12 @@ public function for(
127131

128132
/** @var array<mixed> $metadataParameterValueBeforePolicy */
129133
/** @var array<mixed> $operatorValue */
130-
$intersection = array_values(array_intersect(
131-
$metadataParameterValueBeforePolicy,
132-
$operatorValue,
133-
));
134+
$intersection = [];
135+
foreach ($metadataParameterValueBeforePolicy as $item) {
136+
if (in_array($item, $operatorValue, true)) {
137+
$intersection[] = $item;
138+
}
139+
}
134140

135141
$metadata[$policyParameterName] = $this->resolveParameterValueAfterPolicy(
136142
$intersection,
@@ -198,7 +204,7 @@ protected function resolveParameterValueBeforePolicy(array $metadata, string $pa
198204
{
199205
$value = $metadata[$parameter] ?? null;
200206

201-
// Special case for 'scope' parameter, which needs to be converted to array before policy application.
207+
// Special case for the 'scope' parameter, which needs to be converted to array before policy application.
202208
if (($parameter === ClaimsEnum::Scope->value) && is_string($value)) {
203209
return explode(' ', $value);
204210
}
@@ -209,8 +215,12 @@ protected function resolveParameterValueBeforePolicy(array $metadata, string $pa
209215

210216
protected function resolveParameterValueAfterPolicy(mixed $value, string $parameter): mixed
211217
{
212-
// Special case for 'scope' parameter, which needs to be converted to string after policy application.
218+
// Special case for the 'scope' parameter, which needs to be converted to string after policy application.
213219
if (($parameter === ClaimsEnum::Scope->value) && is_array($value)) {
220+
$value = array_filter(
221+
$value,
222+
is_string(...),
223+
);
214224
return implode(' ', $value);
215225
}
216226

src/Federation/MetadataPolicyResolver.php

Lines changed: 48 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,9 @@ public function __construct(
1818

1919

2020
/**
21+
* @param array<mixed> $metadataPolicies
2122
* @return array<string,array<string,array<string,mixed>>>
2223
* @throws \SimpleSAML\OpenID\Exceptions\MetadataPolicyException
23-
* @phpstan-ignore missingType.iterableValue (We validate it here)
2424
*/
2525
public function ensureFormat(array $metadataPolicies): array
2626
{
@@ -90,12 +90,21 @@ public function for(
9090
);
9191

9292
// Disregard unsupported if not critical, otherwise throw.
93-
if (
94-
($unsupportedCriticalOperators = array_values(array_intersect(
95-
$criticalMetadataPolicyOperators,
96-
array_diff($allNextPolicyOperators, $supportedOperators), // Unsupported operators, but ignored
97-
))) !== []
98-
) {
93+
$unsupportedOperators = [];
94+
foreach ($allNextPolicyOperators as $operator) {
95+
if (!in_array($operator, $supportedOperators, true)) {
96+
$unsupportedOperators[] = $operator;
97+
}
98+
}
99+
100+
$unsupportedCriticalOperators = [];
101+
foreach ($criticalMetadataPolicyOperators as $operator) {
102+
if (in_array($operator, $unsupportedOperators, true)) {
103+
$unsupportedCriticalOperators[] = $operator;
104+
}
105+
}
106+
107+
if ($unsupportedCriticalOperators !== []) {
99108
throw new MetadataPolicyException(
100109
'Unsupported critical metadata policy operator(s) encountered: ' .
101110
implode(', ', $unsupportedCriticalOperators),
@@ -159,24 +168,33 @@ public function for(
159168
$metadataPolicyOperatorEnum === MetadataPolicyOperatorsEnum::SupersetOf
160169
) {
161170
// We merge with existing values.
162-
$currentPolicy[$nextPolicyParameter][$metadataPolicyOperatorEnum->value] =
163-
array_values(array_unique(array_merge(
164-
/** @phpstan-ignore argument.type (We ensured this is array.) */
165-
$operatorValue,
166-
/** @phpstan-ignore argument.type (We ensured this is array.) */
167-
$currentPolicy[$nextPolicyParameter][$metadataPolicyOperatorEnum->value],
168-
)));
171+
/** @var array<mixed> $operatorValue */
172+
/** @var array<mixed> $existingValue */
173+
$existingValue = $currentPolicy[$nextPolicyParameter][$metadataPolicyOperatorEnum->value];
174+
175+
$uniqueValues = [];
176+
foreach (array_merge($operatorValue, $existingValue) as $item) {
177+
if (!in_array($item, $uniqueValues, true)) {
178+
$uniqueValues[] = $item;
179+
}
180+
}
181+
182+
$currentPolicy[$nextPolicyParameter][$metadataPolicyOperatorEnum->value] = $uniqueValues;
169183
} elseif (
170184
$metadataPolicyOperatorEnum === MetadataPolicyOperatorsEnum::OneOf
171185
) {
172186
// The result of merging the values of two operators is the intersection of the
173187
// operator values.
174-
$intersection = array_values(array_intersect(
175-
/** @phpstan-ignore argument.type (We ensured this is array.) */
176-
$operatorValue,
177-
/** @phpstan-ignore argument.type (We ensured this is array.) */
178-
$currentPolicy[$nextPolicyParameter][$metadataPolicyOperatorEnum->value],
179-
));
188+
/** @var array<mixed> $operatorValue */
189+
/** @var array<mixed> $existingValue */
190+
$existingValue = $currentPolicy[$nextPolicyParameter][$metadataPolicyOperatorEnum->value];
191+
192+
$intersection = [];
193+
foreach ($operatorValue as $item) {
194+
if (in_array($item, $existingValue, true)) {
195+
$intersection[] = $item;
196+
}
197+
}
180198

181199
if ($intersection === []) {
182200
throw new MetadataPolicyException(
@@ -200,12 +218,16 @@ public function for(
200218
) {
201219
// The result of merging the values of two operators is the intersection of the
202220
// operator values.
203-
$intersection = array_values(array_intersect(
204-
/** @phpstan-ignore argument.type (We ensured this is array.) */
205-
$operatorValue,
206-
/** @phpstan-ignore argument.type (We ensured this is array.) */
207-
$currentPolicy[$nextPolicyParameter][$metadataPolicyOperatorEnum->value],
208-
));
221+
/** @var array<mixed> $operatorValue */
222+
/** @var array<mixed> $existingValue */
223+
$existingValue = $currentPolicy[$nextPolicyParameter][$metadataPolicyOperatorEnum->value];
224+
225+
$intersection = [];
226+
foreach ($operatorValue as $item) {
227+
if (in_array($item, $existingValue, true)) {
228+
$intersection[] = $item;
229+
}
230+
}
209231

210232
// Set it as new operator value, even if its empty.
211233
$currentPolicy[$nextPolicyParameter][$metadataPolicyOperatorEnum->value] =

src/Utils/KeyPairResolver.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,10 @@ public function resolveSignatureKeyPairByAlgorithm(
6868
}
6969

7070
// If both sides have designated algorithms, they MUST match.
71-
if (count($targetAlgorithms) === 2 && $targetAlgorithms['receiver'] !== $targetAlgorithms['sender']) {
71+
if (
72+
(isset($targetAlgorithms['receiver']) && isset($targetAlgorithms['sender']))
73+
&& $targetAlgorithms['receiver'] !== $targetAlgorithms['sender']
74+
) {
7275
$this->logger?->error(
7376
'Conflict in designated signature algorithms between receiver and sender.',
7477
$targetAlgorithms,

0 commit comments

Comments
 (0)