Migrate from psalm to phpstan

.github/workflows/php.yml

@@ -52,9 +52,8 @@ jobs:
         with:
           # Should be the higest supported version, so we can use the newest tools
           php-version: '8.3'
-          tools: composer, composer-require-checker, composer-unused, phpcs, psalm
-          # optional performance gain for psalm: opcache
-          extensions: ctype, date, dom, filter, hash, mbstring, opcache, openssl, pcre, soap, spl, xml
+          tools: composer, composer-require-checker, composer-unused, phpcs
+          extensions: ctype, date, dom, filter, hash, mbstring, openssl, pcre, soap, spl, xml
           coverage: none
 
       - name: Setup problem matchers for PHP
@@ -88,28 +87,13 @@ jobs:
       - name: PHP Code Sniffer
         run: phpcs
 
-      - name: Psalm
-        continue-on-error: true
+      - name: PHPStan
         run: |
-          psalm -c psalm.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          phpstan analyze -c phpstan.neon
 
       - name: Psalm (testsuite)
-        continue-on-error: true
-        run: |
-          psalm -c psalm-dev.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
-
-      - name: Psalter
         run: |
-          psalm --alter \
-          --issues=UnnecessaryVarAnnotation \
-          --dry-run \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+          phpstan analyze -c phpstan-dev.neon
 
   security:
     name: Security checks

phpstan-baseline.neon

@@ -0,0 +1,211 @@
+parameters:
+	ignoreErrors:
+		-
+			message: "#^Access to constant AES128_CBC on an unknown class SimpleSAML\\\\XMLSecurity\\\\XMLSecurityKey\\.$#"
+			count: 1
+			path: src/SAML2/Certificate/PrivateKeyLoader.php
+
+		-
+			message: "#^Access to constant RSA_1_5 on an unknown class SimpleSAML\\\\XMLSecurity\\\\XMLSecurityKey\\.$#"
+			count: 1
+			path: src/SAML2/Certificate/PrivateKeyLoader.php
+
+		-
+			message: "#^Instantiated class SimpleSAML\\\\XMLSecurity\\\\XMLSecurityKey not found\\.$#"
+			count: 2
+			path: src/SAML2/Certificate/PrivateKeyLoader.php
+
+		-
+			message: "#^Method SimpleSAML\\\\SAML2\\\\Certificate\\\\PrivateKeyLoader\\:\\:convertPrivateKeyToRsaKey\\(\\) has invalid return type SimpleSAML\\\\XMLSecurity\\\\XMLSecurityKey\\.$#"
+			count: 1
+			path: src/SAML2/Certificate/PrivateKeyLoader.php
+
+		-
+			message: "#^Parameter \\$configuration of method SimpleSAML\\\\SAML2\\\\Configuration\\\\SimpleSAMLConverter\\:\\:convertToIdentityProvider\\(\\) has invalid type SimpleSAML\\\\Configuration\\.$#"
+			count: 1
+			path: src/SAML2/Configuration/SimpleSAMLConverter.php
+
+		-
+			message: "#^Parameter \\$configuration of method SimpleSAML\\\\SAML2\\\\Configuration\\\\SimpleSAMLConverter\\:\\:convertToServiceProvider\\(\\) has invalid type SimpleSAML\\\\Configuration\\.$#"
+			count: 1
+			path: src/SAML2/Configuration/SimpleSAMLConverter.php
+
+		-
+			message: "#^Parameter \\$configuration of method SimpleSAML\\\\SAML2\\\\Configuration\\\\SimpleSAMLConverter\\:\\:enrichForDecryptionProvider\\(\\) has invalid type SimpleSAML\\\\Configuration\\.$#"
+			count: 1
+			path: src/SAML2/Configuration/SimpleSAMLConverter.php
+
+		-
+			message: "#^Parameter \\$configuration of method SimpleSAML\\\\SAML2\\\\Configuration\\\\SimpleSAMLConverter\\:\\:enrichForIdentityProvider\\(\\) has invalid type SimpleSAML\\\\Configuration\\.$#"
+			count: 1
+			path: src/SAML2/Configuration/SimpleSAMLConverter.php
+
+		-
+			message: "#^Parameter \\$configuration of method SimpleSAML\\\\SAML2\\\\Configuration\\\\SimpleSAMLConverter\\:\\:enrichForServiceProvider\\(\\) has invalid type SimpleSAML\\\\Configuration\\.$#"
+			count: 1
+			path: src/SAML2/Configuration/SimpleSAMLConverter.php
+
+		-
+			message: "#^Parameter \\$configuration of method SimpleSAML\\\\SAML2\\\\Configuration\\\\SimpleSAMLConverter\\:\\:pluckConfiguration\\(\\) has invalid type SimpleSAML\\\\Configuration\\.$#"
+			count: 1
+			path: src/SAML2/Configuration/SimpleSAMLConverter.php
+
+		-
+			message: "#^Call to static method addSign\\(\\) on an unknown class SimpleSAML\\\\Module\\\\saml\\\\Message\\.$#"
+			count: 1
+			path: src/SAML2/HTTPArtifact.php
+
+		-
+			message: "#^Call to static method getInstance\\(\\) on an unknown class SimpleSAML\\\\Configuration\\.$#"
+			count: 2
+			path: src/SAML2/HTTPArtifact.php
+
+		-
+			message: "#^Call to static method getInstance\\(\\) on an unknown class SimpleSAML\\\\Store\\\\StoreFactory\\.$#"
+			count: 1
+			path: src/SAML2/HTTPArtifact.php
+
+		-
+			message: "#^Call to static method getMetadataHandler\\(\\) on an unknown class SimpleSAML\\\\Metadata\\\\MetaDataStorageHandler\\.$#"
+			count: 1
+			path: src/SAML2/HTTPArtifact.php
+
+		-
+			message: "#^Instantiated class SimpleSAML\\\\Utils\\\\HTTP not found\\.$#"
+			count: 1
+			path: src/SAML2/HTTPArtifact.php
+
+		-
+			message: "#^Parameter \\$key of method SimpleSAML\\\\SAML2\\\\HTTPArtifact\\:\\:validateSignature\\(\\) has invalid type SimpleSAML\\\\XMLSecurity\\\\XMLSecurityKey\\.$#"
+			count: 1
+			path: src/SAML2/HTTPArtifact.php
+
+		-
+			message: "#^Parameter \\$sp of method SimpleSAML\\\\SAML2\\\\HTTPArtifact\\:\\:setSPMetadata\\(\\) has invalid type SimpleSAML\\\\Configuration\\.$#"
+			count: 1
+			path: src/SAML2/HTTPArtifact.php
+
+		-
+			message: "#^Property SimpleSAML\\\\SAML2\\\\HTTPArtifact\\:\\:\\$spMetadata has unknown class SimpleSAML\\\\Configuration as its type\\.$#"
+			count: 1
+			path: src/SAML2/HTTPArtifact.php
+
+		-
+			message: "#^Instantiated class SimpleSAML\\\\Utils\\\\Config not found\\.$#"
+			count: 1
+			path: src/SAML2/SOAPClient.php
+
+		-
+			message: "#^Instantiated class SimpleSAML\\\\Utils\\\\Crypto not found\\.$#"
+			count: 1
+			path: src/SAML2/SOAPClient.php
+
+		-
+			message: "#^Parameter \\$dstMetadata of method SimpleSAML\\\\SAML2\\\\SOAPClient\\:\\:send\\(\\) has invalid type SimpleSAML\\\\Configuration\\.$#"
+			count: 1
+			path: src/SAML2/SOAPClient.php
+
+		-
+			message: "#^Parameter \\$key of method SimpleSAML\\\\SAML2\\\\SOAPClient\\:\\:validateSSL\\(\\) has invalid type SimpleSAML\\\\XMLSecurity\\\\XMLSecurityKey\\.$#"
+			count: 1
+			path: src/SAML2/SOAPClient.php
+
+		-
+			message: "#^Parameter \\$srcMetadata of method SimpleSAML\\\\SAML2\\\\SOAPClient\\:\\:send\\(\\) has invalid type SimpleSAML\\\\Configuration\\.$#"
+			count: 1
+			path: src/SAML2/SOAPClient.php
+
+		-
+			message: "#^Unsafe usage of new static\\(\\)\\.$#"
+			count: 2
+			path: src/SAML2/XML/md/AbstractEndpointType.php
+
+		-
+			message: "#^Unsafe usage of new static\\(\\)\\.$#"
+			count: 2
+			path: src/SAML2/XML/md/AbstractIndexedEndpointType.php
+
+		-
+			message: "#^Access to undefined constant static\\(SimpleSAML\\\\SAML2\\\\XML\\\\md\\\\AbstractRoleDescriptor\\)\\:\\:XSI_TYPE_NAME\\.$#"
+			count: 2
+			path: src/SAML2/XML/md/AbstractRoleDescriptor.php
+
+		-
+			message: "#^Access to undefined constant static\\(SimpleSAML\\\\SAML2\\\\XML\\\\md\\\\AbstractRoleDescriptor\\)\\:\\:XSI_TYPE_NAMESPACE\\.$#"
+			count: 2
+			path: src/SAML2/XML/md/AbstractRoleDescriptor.php
+
+		-
+			message: "#^Access to undefined constant static\\(SimpleSAML\\\\SAML2\\\\XML\\\\md\\\\AbstractRoleDescriptor\\)\\:\\:XSI_TYPE_PREFIX\\.$#"
+			count: 2
+			path: src/SAML2/XML/md/AbstractRoleDescriptor.php
+
+		-
+			message: "#^Call to an undefined static method static\\(SimpleSAML\\\\SAML2\\\\XML\\\\md\\\\AbstractSignedMdElement\\)\\:\\:getXsiTypeNamespaceURI\\(\\)\\.$#"
+			count: 1
+			path: src/SAML2/XML/md/AbstractSignedMdElement.php
+
+		-
+			message: "#^Access to undefined constant static\\(SimpleSAML\\\\SAML2\\\\XML\\\\saml\\\\AbstractBaseID\\)\\:\\:XSI_TYPE_NAME\\.$#"
+			count: 2
+			path: src/SAML2/XML/saml/AbstractBaseID.php
+
+		-
+			message: "#^Access to undefined constant static\\(SimpleSAML\\\\SAML2\\\\XML\\\\saml\\\\AbstractBaseID\\)\\:\\:XSI_TYPE_NAMESPACE\\.$#"
+			count: 2
+			path: src/SAML2/XML/saml/AbstractBaseID.php
+
+		-
+			message: "#^Access to undefined constant static\\(SimpleSAML\\\\SAML2\\\\XML\\\\saml\\\\AbstractBaseID\\)\\:\\:XSI_TYPE_PREFIX\\.$#"
+			count: 2
+			path: src/SAML2/XML/saml/AbstractBaseID.php
+
+		-
+			message: "#^Access to undefined constant static\\(SimpleSAML\\\\SAML2\\\\XML\\\\saml\\\\AbstractCondition\\)\\:\\:XSI_TYPE_NAME\\.$#"
+			count: 2
+			path: src/SAML2/XML/saml/AbstractCondition.php
+
+		-
+			message: "#^Access to undefined constant static\\(SimpleSAML\\\\SAML2\\\\XML\\\\saml\\\\AbstractCondition\\)\\:\\:XSI_TYPE_NAMESPACE\\.$#"
+			count: 2
+			path: src/SAML2/XML/saml/AbstractCondition.php
+
+		-
+			message: "#^Access to undefined constant static\\(SimpleSAML\\\\SAML2\\\\XML\\\\saml\\\\AbstractCondition\\)\\:\\:XSI_TYPE_PREFIX\\.$#"
+			count: 2
+			path: src/SAML2/XML/saml/AbstractCondition.php
+
+		-
+			message: "#^Access to undefined constant static\\(SimpleSAML\\\\SAML2\\\\XML\\\\saml\\\\AbstractStatement\\)\\:\\:XSI_TYPE_NAME\\.$#"
+			count: 2
+			path: src/SAML2/XML/saml/AbstractStatement.php
+
+		-
+			message: "#^Access to undefined constant static\\(SimpleSAML\\\\SAML2\\\\XML\\\\saml\\\\AbstractStatement\\)\\:\\:XSI_TYPE_NAMESPACE\\.$#"
+			count: 2
+			path: src/SAML2/XML/saml/AbstractStatement.php
+
+		-
+			message: "#^Access to undefined constant static\\(SimpleSAML\\\\SAML2\\\\XML\\\\saml\\\\AbstractStatement\\)\\:\\:XSI_TYPE_PREFIX\\.$#"
+			count: 2
+			path: src/SAML2/XML/saml/AbstractStatement.php
+
+		-
+			message: "#^Unsafe usage of new static\\(\\)\\.$#"
+			count: 1
+			path: src/SAML2/XML/saml/Attribute.php
+
+		-
+			message: "#^Unsafe usage of new static\\(\\)\\.$#"
+			count: 1
+			path: src/SAML2/XML/saml/EncryptedAttribute.php
+
+		-
+			message: "#^Unsafe usage of new static\\(\\)\\.$#"
+			count: 1
+			path: src/SAML2/XML/saml/EncryptedID.php
+
+		-
+			message: "#^Unsafe usage of new static\\(\\)\\.$#"
+			count: 1
+			path: src/SAML2/XML/saml/NameIDType.php

phpstan-dev.neon

@@ -0,0 +1,4 @@
+parameters:
+  level: 5
+  paths:
+    - tests

phpstan.neon

@@ -0,0 +1,4 @@
+parameters:
+  level: 1
+  paths:
+    - src

src/SAML2/Assertion/ProcessorBuilder.php

@@ -129,12 +129,12 @@ private static function createSubjectConfirmationValidator(
      */
     private static function createAssertionTransformerChain(
         LoggerInterface $logger,
-        PrivateKeyLoader $keyloader,
+        PrivateKeyLoader $keyLoader,
         IdentityProvider $identityProvider,
         ServiceProvider $serviceProvider,
     ): TransformerChain {
         $chain = new TransformerChain($identityProvider, $serviceProvider);
-        $chain->addTransformerStep(new NameIdDecryptionTransformer($logger, $keyloader));
+        $chain->addTransformerStep(new NameIdDecryptionTransformer($logger, $keyLoader));
 
         return $chain;
     }

src/SAML2/XML/EncryptedElementTrait.php

@@ -110,7 +110,6 @@ public static function fromXML(DOMElement $xml): static
      */
     public function toXML(DOMElement $parent = null): DOMElement
     {
-        /** @psalm-var \DOMDocument $e->ownerDocument */
         $e = $this->instantiateParentElement($parent);
         $this->encryptedData->toXML($e);
         foreach ($this->getDecryptionKeys() as $key) {

src/SAML2/XML/md/AttributeAuthorityDescriptor.php

@@ -28,7 +28,7 @@ final class AttributeAuthorityDescriptor extends AbstractRoleDescriptorType
      *
      * @param \SimpleSAML\SAML2\XML\md\AttributeService[] $attributeService
      * @param string[] $protocolSupportEnumeration
-     * @param \SimpleSAML\SAML2\XML\md\AssertionIDRequestService[] $asssertionIDRequestService
+     * @param \SimpleSAML\SAML2\XML\md\AssertionIDRequestService[] $assertionIDRequestService
      * @param \SimpleSAML\SAML2\XML\md\NameIDFormat[] $nameIDFormat
      * @param \SimpleSAML\SAML2\XML\md\AttributeProfile[] $attributeProfile
      * @param \SimpleSAML\SAML2\XML\saml\Attribute[] $attribute