diff --git a/src/Certainty.php b/src/Certainty.php index 54c05f5..0a9e89a 100644 --- a/src/Certainty.php +++ b/src/Certainty.php @@ -15,7 +15,9 @@ class Certainty /** * @param Fetch|null $fetch + * * @return Client + * @throws Exception\BundleException */ public static function getGuzzleClient(Fetch $fetch = null) { diff --git a/src/Fetch.php b/src/Fetch.php index 57a00c6..048047a 100644 --- a/src/Fetch.php +++ b/src/Fetch.php @@ -44,6 +44,10 @@ public function __construct($dataDir = '') * inside a Chronicle instance? * @return Bundle * @throws BundleException + * @throws EncodingException + * @throws Exception\RemoteException + * @throws FilesystemException + * @throws \SodiumException */ public function getLatestBundle($checkEd25519Signature = null, $checkChronicle = null) { @@ -88,6 +92,9 @@ public function getLatestBundle($checkEd25519Signature = null, $checkChronicle = * * @param string $customValidator Fully-qualified class name for Validator * @return array + * + * @throws EncodingException + * @throws FilesystemException */ public function getAllBundles($customValidator = '') { @@ -99,7 +106,9 @@ public function getAllBundles($customValidator = '') * * @param string $customValidator Fully-qualified class name for Validator * @return array - * @throws \Exception + * + * @throws EncodingException + * @throws FilesystemException */ protected function listBundles($customValidator = '') { diff --git a/src/LocalCACertBuilder.php b/src/LocalCACertBuilder.php index 0d3ab1d..7a54d80 100644 --- a/src/LocalCACertBuilder.php +++ b/src/LocalCACertBuilder.php @@ -130,7 +130,6 @@ protected function commitToChronicle($sha256sum, $signature) return ''; } - /** @var string $body */ $body = \json_encode( [ 'repository' => $this->chronicleRepoName, @@ -172,7 +171,6 @@ protected function commitToChronicle($sha256sum, $signature) throw new InvalidResponseException('No valid signature for Chronicle response.'); } - /** @var array $json */ $json = \json_decode($responseBody, true); if (!\is_array($json)) { return ''; @@ -282,11 +280,7 @@ public function save() public function setChronicle($url = '', $publicKey = '', $clientId = '', $repository = 'paragonie/certainty') { if (\ParagonIE_Sodium_Core_Util::strlen($publicKey) === 64) { - /** @var string $publicKey */ $publicKey = Hex::decode($publicKey); - if (!\is_string($publicKey)) { - throw new CryptoException('Signing secret keys must be SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES bytes long.'); - } } elseif (\ParagonIE_Sodium_Core_Util::strlen($publicKey) !== 32) { throw new CryptoException('Signing secret keys must be SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES bytes long.'); } @@ -354,11 +348,7 @@ public function setSigningKey($secretKey = '') { // Handle hex-encoded strings. if (\ParagonIE_Sodium_Core_Util::strlen($secretKey) === 128) { - /** @var string $secretKey */ $secretKey = Hex::decode($secretKey); - if (!\is_string($secretKey)) { - throw new CryptoException('Signing secret keys must be SODIUM_CRYPTO_SIGN_SECRETKEYBYTES bytes long.'); - } } elseif (\ParagonIE_Sodium_Core_Util::strlen($secretKey) !== 64) { throw new CryptoException('Signing secret keys must be SODIUM_CRYPTO_SIGN_SECRETKEYBYTES bytes long.'); } diff --git a/src/RemoteFetch.php b/src/RemoteFetch.php index 10f4c42..27d6a7b 100644 --- a/src/RemoteFetch.php +++ b/src/RemoteFetch.php @@ -3,6 +3,7 @@ use GuzzleHttp\Client; use ParagonIE\Certainty\Exception\EncodingException; +use ParagonIE\Certainty\Exception\FilesystemException; use ParagonIE\Certainty\Exception\NetworkException; /** @@ -40,7 +41,11 @@ class RemoteFetch extends Fetch * @param string $url * @param Client|null $http * @param \DateInterval|string|null $timeout + * + * @throws Exception\BundleException + * @throws \Exception * @throws \TypeError + * @psalm-suppress RedundantConditionGivenDocblockType */ public function __construct( $dataDir = '', @@ -85,7 +90,6 @@ public function cacheExpired() if (!\file_exists($this->dataDirectory . '/ca-certs.cache')) { return true; } - /** @var string $cacheTime */ $cacheTime = \file_get_contents($this->dataDirectory . '/ca-certs.cache'); if (!\is_string($cacheTime)) { return true; @@ -99,6 +103,8 @@ public function cacheExpired() * * @param string $customValidator * @return array + * @throws EncodingException + * @throws FilesystemException * @throws NetworkException */ protected function listBundles($customValidator = '') diff --git a/src/Validator.php b/src/Validator.php index f66324f..16d84a8 100644 --- a/src/Validator.php +++ b/src/Validator.php @@ -46,6 +46,7 @@ public static function checkSha256Sum(Bundle $bundle) * @param Bundle $bundle Which bundle to validate * @param bool $backupKey Use the backup key? (Only if the primary is compromised.) * @return bool + * @throws \SodiumException */ public static function checkEd25519Signature(Bundle $bundle, $backupKey = false) { @@ -116,11 +117,7 @@ public static function checkChronicleHash(Bundle $bundle) $sigValid = false; foreach ($response->getHeader(Certainty::ED25519_HEADER) as $header) { // Don't catch exceptions here: - /** @var string $signature */ $signature = Base64UrlSafe::decode($header); - if (!\is_string($signature)) { - throw new EncodingException('Signature invalid'); - } $sigValid = $sigValid || \ParagonIE_Sodium_Compat::crypto_sign_verify_detached( (string) $signature, (string) $body, @@ -166,6 +163,7 @@ public static function checkChronicleHash(Bundle $bundle) * @return bool * @throws CryptoException * @throws InvalidResponseException + * @throws \SodiumException */ protected static function validateChronicleContents(Bundle $bundle, array $result = []) {