Typehints

.gitignore

@@ -1,3 +1,4 @@
+.phpunit.result.cache
 composer.lock
 tests/sign-c14-comments.xml
 tests/sign-empty-uri.xml

.php_cs.dist

@@ -0,0 +1,15 @@
+<?php
+
+$finder = PhpCsFixer\Finder::create()
+    ->in([
+        __DIR__ . '/src',
+        __DIR__ . '/tests',
+    ])
+;
+
+return PhpCsFixer\Config::create()
+    ->setRules([
+        '@PSR12' => true,
+    ])
+    ->setFinder($finder)
+;

.travis.yml

@@ -1,30 +1,134 @@
-sudo: false
+sudo: required
 
 language: php
 
-matrix:
+# Stage order
+stages:
+  - pre-conditions
+  - test
+  - quality
+
+
+################
+#  Test stage  #
+################
+
+php:
+  - 7.1
+  - 7.2
+  - 7.3
+  - 7.4
+
+#env:
+#  - COMMAND="composer install"
+#  - COMMAND="composer update"
+#
+#before_script:
+#  - ${COMMAND}
+#
+# This library has no secondary dependencies, thus testing with composer update is useless
+
+before_script:
+  - composer install
+
+script:
+  - php vendor/bin/phpunit tests --no-coverage
+
+jobs:
   fast_finish: true
-  include:
-    - php: 5.4
-      dist: trusty
-    - php: 5.5
-      dist: trusty
-    - php: 5.6
-    - php: 7.0.27
-      dist: trusty
-    - php: 7.1
-      dist: trusty
-    - php: 7.2
-    - php: 7.3
-    - php: 7.4
-      env:
-        - EXECUTE_COVERAGE=true
   allow_failures:
-    - php: hhvm
-
-script:
-  - if [[ $EXECUTE_COVERAGE == 'true' ]]; then phpunit --coverage-clover clover.xml tests; fi
-  - if [[ $EXECUTE_COVERAGE != 'true' ]]; then phpunit tests; fi
-
-after_success:
-  - if [[ $EXECUTE_COVERAGE == 'true' ]]; then bash <(curl -s https://codecov.io/bash); fi
+    - php: 7.3
+      env: Psalm
+    - php: 7.3
+      env: Security check (composer install)
+#
+# This library has no secondary dependencies, thus testing with composer update is useless
+#    - php: 7.3
+#      env: Security check (composer update)
+    - php: 7.3
+      env: PHP Codesniffer
+
+  include:
+
+    ##########################
+    #  Pre-conditions stage  #
+    ##########################
+
+    - stage: pre-conditions
+      php: 7.1
+      env: Syntax check PHP
+      before_script:
+        - composer install
+      script:
+        - bin/check-syntax-php.sh
+
+    - stage: pre-conditions
+      php: 7.2
+      env: Syntax check PHP
+      before_script:
+        - composer install
+      script:
+        - bin/check-syntax-php.sh
+
+    - stage: pre-conditions
+      php: 7.3
+      env: Syntax check PHP
+      before_script:
+        - composer install
+      script:
+        - bin/check-syntax-php.sh
+
+    - stage: pre-conditions
+      php: 7.4
+      env: Syntax check PHP
+      before_script:
+        - composer install
+      script:
+        - bin/check-syntax-php.sh
+
+
+    ###################
+    #  Quality stage  #
+    ###################
+
+    - stage: quality
+      php: 7.3
+      env: Security check (composer install)
+      before_script:
+        - composer install
+      script:
+        - vendor/bin/security-checker security:check
+
+    - stage: quality
+      php: 7.3
+      env: Security check (composer update)
+      before_script:
+        - composer update
+      script:
+        - vendor/bin/security-checker security:check
+
+    - stage: quality
+      php: 7.3
+      env: Codecov
+      before_script:
+        - composer update
+        - php vendor/bin/phpunit tests
+      script:
+        - bash <(curl -s https://codecov.io/bash)
+
+    - stage: quality
+      php: 7.3
+      env: Psalm
+      before_script:
+        - composer update
+      script:
+        - vendor/bin/psalm
+        - vendor/bin/psalter --issues=UnnecessaryVarAnnotation --dry-run
+
+    - stage: quality
+      php: 7.3
+      env: PHP Codesniffer
+      before_script:
+        - composer update
+      script:
+        - vendor/bin/phpcs

bin/check-syntax-php.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+shopt -s globstar
+
+PHP='/usr/bin/env php'
+RETURN=0
+
+for i in `find . -path ./vendor -prune -o -name '*.php' -print`
+do
+    if [ -f "$i" ]; then
+        FILE="${i%/*}/${i##*/}"
+        if ! $PHP -l "$FILE" > /dev/null 2>&1
+        then
+            echo "Syntax check failed for ${FILE}"
+            RETURN=$((RETURN + 1))
+        fi
+    fi
+done
+
+exit "$RETURN"

codecov.yml

@@ -0,0 +1,11 @@
+coverage:
+  status:
+    project: yes
+    patch: off
+comment:
+  layout: "diff"
+  behavior: once
+  require_changes: true
+  require_base: no
+  require_head: yes
+  branches: null

composer.json

@@ -1,21 +1,27 @@
 {
-  "name": "robrichards/xmlseclibs",
-  "description": "A PHP library for XML Security",
-  "license": "BSD-3-Clause",
-  "keywords": [
-    "xml",
-    "xmldsig",
-    "signature",
-    "security"
-  ],
-  "homepage": "https://github.com/robrichards/xmlseclibs",
-  "autoload": {
-    "psr-4": {
-      "RobRichards\\XMLSecLibs\\": "src"
+    "name": "robrichards/xmlseclibs",
+    "description": "A PHP library for XML Security",
+    "license": "BSD-3-Clause",
+    "keywords": [
+        "xml",
+        "xmldsig",
+        "signature",
+        "security"
+    ],
+    "homepage": "https://github.com/robrichards/xmlseclibs",
+    "autoload": {
+        "psr-4": {
+            "RobRichards\\XMLSecLibs\\": "src"
+        }
+    },
+    "require": {
+        "php": ">= 7.1",
+        "ext-openssl": "*"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^7.5|^8.5",
+        "vimeo/psalm": "^3.11",
+        "sensiolabs/security-checker": "^6.0",
+        "squizlabs/php_codesniffer": "^3.5"
     }
-  },
-  "require": {
-    "php": ">= 5.4",
-    "ext-openssl": "*"
-  }
 }

phpcs.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<ruleset name="XMLSecLibs ruleset">
+    <config name="ignore_warnings_on_exit" value="1"/>
+
+    <description>
+        By default it is less stringent about long lines than other coding standards
+    </description>
+
+    <file>bin</file>
+    <file>src</file>
+    <file>tests</file>
+
+    <!-- This is the rule we inherit from. If you want to exlude some specific rules, see the docs on how to do that -->
+    <rule ref="PSR12"/>
+
+    <!-- Lines can be a little bit longer before they break the build -->
+    <rule ref="Generic.Files.LineLength">
+        <properties>
+            <property name="lineLimit" value="120"/>
+            <property name="absoluteLineLimit" value="130"/>
+        </properties>
+    </rule>
+
+    <!-- Ignore files with side effects that we cannot fix -->
+    <rule ref="PSR1.Files.SideEffects">
+        <exclude-pattern>bin/*</exclude-pattern>
+    </rule>
+</ruleset>
+

phpunit.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="false"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         bootstrap="./tests/bootstrap.php">
+    <testsuites>
+        <testsuite name="Unit tests">
+            <directory>./tests</directory>
+        </testsuite>
+    </testsuites>
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">./src/</directory>
+            <directory suffix=".php">./tests/</directory>
+        </whitelist>
+    </filter>
+    <logging>
+        <log type="coverage-text" target="php://stdout" showUncoveredFiles="true"/>
+        <log type="coverage-html" target="build/coverage" lowUpperBound="35" highLowerBound="70"/>
+        <log type="coverage-clover" target="build/logs/clover.xml"/>
+    </logging>
+</phpunit>

psalm.xml

@@ -0,0 +1,57 @@
+<?xml version="1.0"?>
+<psalm
+    name="XMLSecLibs"
+    useDocblockTypes="true"
+    totallyTyped="false"
+    hideExternalErrors="true"
+    allowStringToStandInForClass="true"
+>
+    <projectFiles>
+        <directory name="src" />
+        <directory name="tests" />
+
+        <!-- Ignore certain directories -->
+        <ignoreFiles>
+            <directory name="vendor" />
+        </ignoreFiles>
+    </projectFiles>
+
+    <issueHandlers>
+        <LessSpecificReturnType errorLevel="info" />
+
+        <!-- level 3 issues - slightly lazy code writing, but probably low false-negatives -->
+        <DeprecatedClass errorLevel="info" />
+        <DeprecatedMethod errorLevel="info" />
+
+        <MissingClosureReturnType errorLevel="info" />
+        <MissingReturnType errorLevel="info" />
+        <MissingPropertyType errorLevel="info" />
+        <InvalidDocblock errorLevel="info" />
+        <MisplacedRequiredParam errorLevel="info" />
+
+        <PropertyNotSetInConstructor errorLevel="info" />
+        <MissingConstructor errorLevel="info" />
+        <MissingClosureParamType errorLevel="info" />
+        <MissingParamType errorLevel="info" />
+        <UnusedClass errorLevel="info" />
+        <PossiblyUnusedMethod errorLevel="info" />
+
+        <!-- Ignore these errors until we are fully typehinted -->
+        <DocblockTypeContradiction errorLevel="suppress" />
+        <RedundantConditionGivenDocblockType errorLevel="suppress" />
+
+        <!-- Ignore UnresolvableInclude on CLI-scripts -->
+        <UnresolvableInclude>
+            <errorLevel type="suppress">
+                <file name="tests/bootstrap.php" />
+            </errorLevel>
+        </UnresolvableInclude>
+
+        <!-- Suppress PHPunit-issue -->
+        <InternalMethod>
+            <errorLevel type="suppress">
+                <directory name="tests" />
+            </errorLevel>
+        </InternalMethod>
+    </issueHandlers>
+</psalm>