Skip to content

Commit d20b40e

Browse files
tvdijentvdijen
committed
Leverage Constructor property promotion & fix broken xenc:CipherReference
1 parent 8effdd7 commit d20b40e

55 files changed

Lines changed: 453 additions & 1605 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

src/Alg/AbstractAlgorithmFactory.php

Lines changed: 14 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -22,16 +22,19 @@
2222
*/
2323
abstract class AbstractAlgorithmFactory
2424
{
25+
/**
26+
* A cache of algorithm implementations indexed by algorithm ID.
27+
*
28+
* @var string[]
29+
*/
2530
protected static array $cache = [];
26-
protected static bool $initialized = false;
27-
2831

2932
/**
30-
* An array of blacklisted algorithms.
33+
* Whether the factory has been initialized or not.
3134
*
32-
* @var string[]
35+
* @var bool
3336
*/
34-
protected array $blacklist = [];
37+
protected static bool $initialized = false;
3538

3639

3740
/**
@@ -40,12 +43,10 @@ abstract class AbstractAlgorithmFactory
4043
* @param string[]|null $blacklist A list of algorithms forbidden for their use.
4144
* @param string[]|null $defaults A list of known implementations.
4245
*/
43-
public function __construct(array $blacklist = null, array $defaults = null)
44-
{
45-
if ($blacklist !== null) {
46-
$this->blacklist = $blacklist;
47-
}
48-
46+
public function __construct(
47+
protected ?array $blacklist = null,
48+
?array $defaults = null,
49+
) {
4950
// initialize the cache for supported algorithms per known implementation
5051
if (!static::$initialized && $defaults !== null) {
5152
foreach ($defaults as $algorithm) {
@@ -79,8 +80,8 @@ public function __construct(array $blacklist = null, array $defaults = null)
7980
*/
8081
public function getAlgorithm(string $algId, KeyInterface $key): AlgorithmInterface
8182
{
82-
Assert::true(
83-
!in_array($algId, $this->blacklist, true),
83+
Assert::false(
84+
in_array($algId, $this->blacklist, true),
8485
sprintf('Blacklisted algorithm: \'%s\'.', $algId),
8586
BlacklistedAlgorithmException::class,
8687
);

src/Alg/Encryption/AES.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
namespace SimpleSAML\XMLSecurity\Alg\Encryption;
66

7-
use SimpleSAML\XMLSecurity\Backend\OpenSSL;
7+
use SimpleSAML\XMLSecurity\Backend;
88
use SimpleSAML\XMLSecurity\Constants as C;
99
use SimpleSAML\XMLSecurity\Key\SymmetricKey;
1010

@@ -16,7 +16,7 @@
1616
class AES extends AbstractEncryptor
1717
{
1818
/** @var string */
19-
protected string $default_backend = OpenSSL::class;
19+
protected const DEFAULT_BACKEND = Backend\OpenSSL::class;
2020

2121

2222
/**
@@ -30,6 +30,7 @@ public function __construct(SymmetricKey $key, string $algId = C::BLOCK_ENC_AES2
3030
parent::__construct($key, $algId);
3131
}
3232

33+
3334
/**
3435
* @inheritDoc
3536
*/

src/Alg/Encryption/AbstractEncryptor.php

Lines changed: 5 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -16,18 +16,9 @@
1616
*/
1717
abstract class AbstractEncryptor implements EncryptionAlgorithmInterface
1818
{
19-
/** @var \SimpleSAML\XMLSecurity\Key\KeyInterface */
20-
private KeyInterface $key;
21-
2219
/** @var \SimpleSAML\XMLSecurity\Backend\EncryptionBackend */
2320
protected EncryptionBackend $backend;
2421

25-
/** @var string */
26-
protected string $default_backend;
27-
28-
/** @var string */
29-
protected string $algId;
30-
3122

3223
/**
3324
* Build an encryption algorithm.
@@ -39,17 +30,17 @@ abstract class AbstractEncryptor implements EncryptionAlgorithmInterface
3930
* @param \SimpleSAML\XMLSecurity\Key\KeyInterface $key The signing key.
4031
* @param string $algId The identifier of this algorithm.
4132
*/
42-
public function __construct(KeyInterface $key, string $algId)
43-
{
33+
public function __construct(
34+
private KeyInterface $key,
35+
protected string $algId,
36+
) {
4437
Assert::oneOf(
4538
$algId,
4639
static::getSupportedAlgorithms(),
4740
'Unsupported algorithm for ' . static::class,
4841
UnsupportedAlgorithmException::class,
4942
);
50-
$this->key = $key;
51-
$this->algId = $algId;
52-
$this->setBackend(new $this->default_backend());
43+
$this->setBackend(new (static::DEFAULT_BACKEND)());
5344
}
5445

5546

src/Alg/Encryption/EncryptionAlgorithmFactory.php

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,17 @@
1515
*/
1616
final class EncryptionAlgorithmFactory extends AbstractAlgorithmFactory
1717
{
18+
/**
19+
* An array of blacklisted algorithms.
20+
*
21+
* Defaults to 3DES.
22+
*
23+
* @var string[]
24+
*/
25+
private const DEFAULT_BLACKLIST = [
26+
C::BLOCK_ENC_3DES,
27+
];
28+
1829
/**
1930
* A cache of algorithm implementations indexed by algorithm ID.
2031
*
@@ -29,27 +40,16 @@ final class EncryptionAlgorithmFactory extends AbstractAlgorithmFactory
2940
*/
3041
protected static bool $initialized = false;
3142

32-
/**
33-
* An array of blacklisted algorithms.
34-
*
35-
* Defaults to 3DES.
36-
*
37-
* @var string[]
38-
*/
39-
protected array $blacklist = [
40-
C::BLOCK_ENC_3DES,
41-
];
42-
4343

4444
/**
4545
* Build a factory that creates encryption algorithms.
4646
*
4747
* @param array|null $blacklist A list of algorithms forbidden for their use.
4848
*/
49-
public function __construct(array $blacklist = null)
49+
public function __construct(?array $blacklist = null)
5050
{
5151
parent::__construct(
52-
$blacklist,
52+
$blacklist ?? self::DEFAULT_BLACKLIST,
5353
[
5454
TripleDES::class,
5555
AES::class,

src/Alg/Encryption/TripleDES.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
namespace SimpleSAML\XMLSecurity\Alg\Encryption;
66

7-
use SimpleSAML\XMLSecurity\Backend\OpenSSL;
7+
use SimpleSAML\XMLSecurity\Backend;
88
use SimpleSAML\XMLSecurity\Constants as C;
99
use SimpleSAML\XMLSecurity\Key\SymmetricKey;
1010

@@ -16,7 +16,7 @@
1616
class TripleDES extends AbstractEncryptor
1717
{
1818
/** @var string */
19-
protected string $default_backend = OpenSSL::class;
19+
protected const DEFAULT_BACKEND = Backend\OpenSSL::class;
2020

2121

2222
/**

src/Alg/KeyTransport/AbstractKeyTransporter.php

Lines changed: 5 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -17,18 +17,9 @@
1717
*/
1818
abstract class AbstractKeyTransporter implements EncryptionAlgorithmInterface
1919
{
20-
/** @var \SimpleSAML\XMLSecurity\Key\KeyInterface */
21-
private KeyInterface $key;
22-
2320
/** @var \SimpleSAML\XMLSecurity\Backend\EncryptionBackend */
2421
protected EncryptionBackend $backend;
2522

26-
/** @var string */
27-
protected string $default_backend;
28-
29-
/** @var string */
30-
protected string $algId;
31-
3223

3324
/**
3425
* Build a key transport algorithm.
@@ -40,17 +31,17 @@ abstract class AbstractKeyTransporter implements EncryptionAlgorithmInterface
4031
* @param \SimpleSAML\XMLSecurity\Key\KeyInterface $key The encryption key.
4132
* @param string $algId The identifier of this algorithm.
4233
*/
43-
public function __construct(KeyInterface $key, string $algId)
44-
{
34+
public function __construct(
35+
private KeyInterface $key,
36+
protected string $algId,
37+
) {
4538
Assert::oneOf(
4639
$algId,
4740
static::getSupportedAlgorithms(),
4841
'Unsupported algorithm for ' . static::class,
4942
UnsupportedAlgorithmException::class,
5043
);
51-
$this->key = $key;
52-
$this->algId = $algId;
53-
$this->setBackend(new $this->default_backend());
44+
$this->setBackend(new (static::DEFAULT_BACKEND)());
5445
}
5546

5647

src/Alg/KeyTransport/KeyTransportAlgorithmFactory.php

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,17 @@
1414
*/
1515
class KeyTransportAlgorithmFactory extends AbstractAlgorithmFactory
1616
{
17+
/**
18+
* An array of blacklisted algorithms.
19+
*
20+
* Defaults to RSA 1.5.
21+
*
22+
* @var string[]
23+
*/
24+
private const DEFAULT_BLACKLIST = [
25+
C::KEY_TRANSPORT_RSA_1_5,
26+
];
27+
1728
/**
1829
* A cache of algorithm implementations indexed by algorithm ID.
1930
*
@@ -28,17 +39,6 @@ class KeyTransportAlgorithmFactory extends AbstractAlgorithmFactory
2839
*/
2940
protected static bool $initialized = false;
3041

31-
/**
32-
* An array of blacklisted algorithms.
33-
*
34-
* Defaults to RSA 1.5.
35-
*
36-
* @var string[]
37-
*/
38-
protected array $blacklist = [
39-
C::KEY_TRANSPORT_RSA_1_5,
40-
];
41-
4242

4343
/**
4444
* Build a factory that creates key transport algorithms.
@@ -47,7 +47,7 @@ class KeyTransportAlgorithmFactory extends AbstractAlgorithmFactory
4747
*/
4848
public function __construct(array $blacklist = null)
4949
{
50-
parent::__construct($blacklist, [RSA::class]);
50+
parent::__construct($blacklist ?? self::DEFAULT_BLACKLIST, [RSA::class]);
5151
}
5252

5353
/**

src/Alg/KeyTransport/RSA.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
namespace SimpleSAML\XMLSecurity\Alg\KeyTransport;
66

7-
use SimpleSAML\XMLSecurity\Backend\OpenSSL;
7+
use SimpleSAML\XMLSecurity\Backend;
88
use SimpleSAML\XMLSecurity\Constants as C;
99
use SimpleSAML\XMLSecurity\Key\AsymmetricKey;
1010

@@ -16,7 +16,7 @@
1616
final class RSA extends AbstractKeyTransporter
1717
{
1818
/** @var string */
19-
protected string $default_backend = OpenSSL::class;
19+
protected const DEFAULT_BACKEND = Backend\OpenSSL::class;
2020

2121

2222
/**

src/Alg/Signature/AbstractSigner.php

Lines changed: 6 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -16,21 +16,9 @@
1616
*/
1717
abstract class AbstractSigner implements SignatureAlgorithmInterface
1818
{
19-
/** @var \SimpleSAML\XMLSecurity\Key\KeyInterface */
20-
private KeyInterface $key;
21-
2219
/** @var \SimpleSAML\XMLSecurity\Backend\SignatureBackend */
2320
protected SignatureBackend $backend;
2421

25-
/** @var string */
26-
protected string $default_backend;
27-
28-
/** @var string */
29-
protected string $digest;
30-
31-
/** @var string */
32-
protected string $algId;
33-
3422

3523
/**
3624
* Build a signature algorithm.
@@ -43,19 +31,19 @@ abstract class AbstractSigner implements SignatureAlgorithmInterface
4331
* @param string $algId The identifier of this algorithm.
4432
* @param string $digest The identifier of the digest algorithm to use.
4533
*/
46-
public function __construct(KeyInterface $key, string $algId, string $digest)
47-
{
34+
public function __construct(
35+
private KeyInterface $key,
36+
protected string $algId,
37+
protected string $digest,
38+
) {
4839
Assert::oneOf(
4940
$algId,
5041
static::getSupportedAlgorithms(),
5142
sprintf('Unsupported algorithm for %s', static::class),
5243
UnsupportedAlgorithmException::class,
5344
);
5445

55-
$this->key = $key;
56-
$this->algId = $algId;
57-
$this->digest = $digest;
58-
$this->backend = new $this->default_backend();
46+
$this->backend = new (static::DEFAULT_BACKEND)();
5947
$this->backend->setDigestAlg($digest);
6048
}
6149

src/Alg/Signature/HMAC.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
namespace SimpleSAML\XMLSecurity\Alg\Signature;
66

7-
use SimpleSAML\XMLSecurity\Backend\HMAC as HMAC_Backend;
7+
use SimpleSAML\XMLSecurity\Backend;
88
use SimpleSAML\XMLSecurity\Constants as C;
99
use SimpleSAML\XMLSecurity\Key\SymmetricKey;
1010

@@ -16,7 +16,7 @@
1616
final class HMAC extends AbstractSigner implements SignatureAlgorithmInterface
1717
{
1818
/** @var string */
19-
protected string $default_backend = HMAC_Backend::class;
19+
protected const DEFAULT_BACKEND = Backend\HMAC::class;
2020

2121

2222
/**

0 commit comments

Comments
 (0)