feat: Drop unsupported PHP versions

.github/workflows/tests.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php: [ "7.1", "7.2", "7.3", "7.4", "8.0", "8.1"]
+        php: [ "7.4", "8.0", "8.1"]
     name: PHP ${{matrix.php }} Unit Test
     steps:
       - uses: actions/checkout@v2

composer.json

@@ -20,7 +20,7 @@
     ],
     "license": "BSD-3-Clause",
     "require": {
-        "php": "^7.1||^8.0"
+        "php": "^7.4||^8.0"
     },
     "suggest": {
         "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
@@ -31,9 +31,9 @@
         }
     },
     "require-dev": {
-        "guzzlehttp/guzzle": "^6.5||^7.4",
-        "phpspec/prophecy-phpunit": "^1.1",
-        "phpunit/phpunit": "^7.5||^9.5",
+        "guzzlehttp/guzzle": "^7.4",
+        "phpspec/prophecy-phpunit": "^2.0",
+        "phpunit/phpunit": "^9.5",
         "psr/cache": "^1.0||^2.0",
         "psr/http-client": "^1.0",
         "psr/http-factory": "^1.0"

src/CachedKeySet.php

@@ -16,62 +16,33 @@
  */
 class CachedKeySet implements ArrayAccess
 {
-    /**
-     * @var string
-     */
-    private $jwksUri;
-    /**
-     * @var ClientInterface
-     */
-    private $httpClient;
-    /**
-     * @var RequestFactoryInterface
-     */
-    private $httpFactory;
-    /**
-     * @var CacheItemPoolInterface
-     */
-    private $cache;
-    /**
-     * @var ?int
-     */
-    private $expiresAfter;
-    /**
-     * @var ?CacheItemInterface
-     */
-    private $cacheItem;
-    /**
-     * @var array<string, Key>
-     */
-    private $keySet;
-    /**
-     * @var string
-     */
-    private $cacheKey;
-    /**
-     * @var string
-     */
-    private $cacheKeyPrefix = 'jwks';
-    /**
-     * @var int
-     */
-    private $maxKeyLength = 64;
-    /**
-     * @var bool
-     */
-    private $rateLimit;
-    /**
-     * @var string
-     */
-    private $rateLimitCacheKey;
-    /**
-     * @var int
-     */
-    private $maxCallsPerMinute = 10;
-    /**
-     * @var string|null
-     */
-    private $defaultAlg;
+    private string $jwksUri;
+
+    private ClientInterface $httpClient;
+
+    private RequestFactoryInterface $httpFactory;
+
+    private CacheItemPoolInterface $cache;
+
+    private ?int $expiresAfter;
+
+    private ?CacheItemInterface $cacheItem = null;
+
+    private ?array $keySet = null;
+
+    private string $cacheKey;
+
+    private string $cacheKeyPrefix = 'jwks';
+
+    private int $maxKeyLength = 64;
+
+    private bool $rateLimit;
+
+    private string $rateLimitCacheKey;
+
+    private int $maxCallsPerMinute = 10;
+
+    private ?string $defaultAlg;
 
     public function __construct(
         string $jwksUri,

src/JWK.php

@@ -34,7 +34,7 @@ class JWK
      * Parse a set of JWK keys
      *
      * @param array<mixed> $jwks The JSON Web Key Set as an associative array
-     * @param string       $defaultAlg The algorithm for the Key object if "alg" is not set in the
+     * @param string|null  $defaultAlg The algorithm for the Key object if "alg" is not set in the
      *                                 JSON Web Key Set
      *
      * @return array<string, Key> An associative array of key IDs (kid) to Key objects
@@ -75,7 +75,7 @@ public static function parseKeySet(array $jwks, string $defaultAlg = null): arra
      * Parse a JWK key
      *
      * @param array<mixed> $jwk An individual JWK
-     * @param string       $defaultAlg The algorithm for the Key object if "alg" is not set in the
+     * @param string|null  $defaultAlg The algorithm for the Key object if "alg" is not set in the
      *                                 JSON Web Key Set
      *
      * @return Key The key object for the JWK

src/JWT.php

@@ -35,24 +35,20 @@ class JWT
      * When checking nbf, iat or expiration times,
      * we want to provide some extra leeway time to
      * account for clock skew.
-     *
-     * @var int
      */
-    public static $leeway = 0;
+    public static int $leeway = 0;
 
     /**
      * Allow the current timestamp to be specified.
      * Useful for fixing a value within unit testing.
      * Will default to PHP time() value if null.
-     *
-     * @var ?int
      */
-    public static $timestamp = null;
+    public static ?int $timestamp = null;
 
     /**
      * @var array<string, string[]>
      */
-    public static $supported_algs = [
+    public static array $supported_algs = [
         'ES384' => ['openssl', 'SHA384'],
         'ES256' => ['openssl', 'SHA256'],
         'HS256' => ['hash_hmac', 'SHA256'],
@@ -172,7 +168,7 @@ public static function decode(
      * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $key The secret key.
      * @param string                $alg     Supported algorithms are 'ES384','ES256', 'HS256', 'HS384',
      *                                       'HS512', 'RS256', 'RS384', and 'RS512'
-     * @param string                $keyId
+     * @param string|null           $keyId
      * @param array<string, string> $head    An array with header elements to attach
      *
      * @return string A signed JWT
@@ -480,9 +476,7 @@ private static function handleJsonError(int $errno): void
             JSON_ERROR_UTF8 => 'Malformed UTF-8 characters' //PHP >= 5.3.3
         ];
         throw new DomainException(
-            isset($messages[$errno])
-            ? $messages[$errno]
-            : 'Unknown JSON error: ' . $errno
+            $messages[$errno] ?? 'Unknown JSON error: ' . $errno
         );
     }
 

src/Key.php

@@ -12,7 +12,7 @@ class Key
     /** @var string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate */
     private $keyMaterial;
     /** @var string */
-    private $algorithm;
+    private string $algorithm;
 
     /**
      * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $keyMaterial

tests/CachedKeySetTest.php

@@ -6,6 +6,7 @@
 use OutOfBoundsException;
 use PHPUnit\Framework\TestCase;
 use Prophecy\Argument;
+use Prophecy\PhpUnit\ProphecyTrait;
 use Psr\Cache\CacheItemInterface;
 use Psr\Cache\CacheItemPoolInterface;
 use Psr\Http\Client\ClientInterface;
@@ -14,16 +15,18 @@
 
 class CachedKeySetTest extends TestCase
 {
-    private $testJwksUri = 'https://jwk.uri';
-    private $testJwksUriKey = 'jwkshttpsjwk.uri';
-    private $testJwks1 = '{"keys": [{"kid":"foo","kty":"RSA","alg":"foo","n":"","e":""}]}';
-    private $testJwks2 = '{"keys": [{"kid":"bar","kty":"RSA","alg":"bar","n":"","e":""}]}';
-    private $testJwks3 = '{"keys": [{"kid":"baz","kty":"RSA","n":"","e":""}]}';
+    use ProphecyTrait;
 
-    private $googleRsaUri = 'https://www.googleapis.com/oauth2/v3/certs';
+    private string $testJwksUri = 'https://jwk.uri';
+    private string $testJwksUriKey = 'jwkshttpsjwk.uri';
+    private string $testJwks1 = '{"keys": [{"kid":"foo","kty":"RSA","alg":"foo","n":"","e":""}]}';
+    private string $testJwks2 = '{"keys": [{"kid":"bar","kty":"RSA","alg":"bar","n":"","e":""}]}';
+    private string $testJwks3 = '{"keys": [{"kid":"baz","kty":"RSA","n":"","e":""}]}';
+
+    private string $googleRsaUri = 'https://www.googleapis.com/oauth2/v3/certs';
     // private $googleEcUri = 'https://www.gstatic.com/iap/verify/public_key-jwk';
 
-    public function testEmptyUriThrowsException()
+    public function testEmptyUriThrowsException(): void
     {
         $this->expectException(RuntimeException::class);
         $this->expectExceptionMessage('JWKS URI is empty');
@@ -38,7 +41,7 @@ public function testEmptyUriThrowsException()
         $cachedKeySet['foo'];
     }
 
-    public function testOffsetSetThrowsException()
+    public function testOffsetSetThrowsException(): void
     {
         $this->expectException(LogicException::class);
         $this->expectExceptionMessage('Method not implemented');
@@ -53,7 +56,7 @@ public function testOffsetSetThrowsException()
         $cachedKeySet['foo'] = 'bar';
     }
 
-    public function testOffsetUnsetThrowsException()
+    public function testOffsetUnsetThrowsException(): void
     {
         $this->expectException(LogicException::class);
         $this->expectExceptionMessage('Method not implemented');
@@ -68,7 +71,7 @@ public function testOffsetUnsetThrowsException()
         unset($cachedKeySet['foo']);
     }
 
-    public function testOutOfBoundsThrowsException()
+    public function testOutOfBoundsThrowsException(): void
     {
         $this->expectException(OutOfBoundsException::class);
         $this->expectExceptionMessage('Key ID not found');
@@ -84,7 +87,7 @@ public function testOutOfBoundsThrowsException()
         $cachedKeySet['bar'];
     }
 
-    public function testWithExistingKeyId()
+    public function testWithExistingKeyId(): void
     {
         $cachedKeySet = new CachedKeySet(
             $this->testJwksUri,
@@ -96,7 +99,7 @@ public function testWithExistingKeyId()
         $this->assertEquals('foo', $cachedKeySet['foo']->getAlgorithm());
     }
 
-    public function testWithDefaultAlg()
+    public function testWithDefaultAlg(): void
     {
         $cachedKeySet = new CachedKeySet(
             $this->testJwksUri,
@@ -111,7 +114,7 @@ public function testWithDefaultAlg()
         $this->assertEquals('baz256', $cachedKeySet['baz']->getAlgorithm());
     }
 
-    public function testKeyIdIsCached()
+    public function testKeyIdIsCached(): void
     {
         $cacheItem = $this->prophesize(CacheItemInterface::class);
         $cacheItem->isHit()
@@ -135,7 +138,7 @@ public function testKeyIdIsCached()
         $this->assertEquals('foo', $cachedKeySet['foo']->getAlgorithm());
     }
 
-    public function testCachedKeyIdRefresh()
+    public function testCachedKeyIdRefresh(): void
     {
         $cacheItem = $this->prophesize(CacheItemInterface::class);
         $cacheItem->isHit()
@@ -171,7 +174,7 @@ public function testCachedKeyIdRefresh()
         $this->assertEquals('bar', $cachedKeySet['bar']->getAlgorithm());
     }
 
-    public function testCacheItemWithExpiresAfter()
+    public function testCacheItemWithExpiresAfter(): void
     {
         $expiresAfter = 10;
         $cacheItem = $this->prophesize(CacheItemInterface::class);
@@ -207,7 +210,7 @@ public function testCacheItemWithExpiresAfter()
         $this->assertEquals('foo', $cachedKeySet['foo']->getAlgorithm());
     }
 
-    public function testJwtVerify()
+    public function testJwtVerify(): void
     {
         $privKey1 = file_get_contents(__DIR__ . '/data/rsa1-private.pem');
         $payload = ['sub' => 'foo', 'exp' => strtotime('+10 seconds')];
@@ -236,7 +239,7 @@ public function testJwtVerify()
         $this->assertEquals('foo', $result->sub);
     }
 
-    public function testRateLimit()
+    public function testRateLimit(): void
     {
         // We request the key 11 times, HTTP should only be called 10 times
         $shouldBeCalledTimes = 10;
@@ -293,15 +296,15 @@ public function testFullIntegration(string $jwkUri): void
         $this->assertEquals($keys['keys'][0]['alg'], $key->getAlgorithm());
     }
 
-    public function provideFullIntegration()
+    public function provideFullIntegration(): array
     {
         return [
             [$this->googleRsaUri],
             // [$this->googleEcUri, 'LYyP2g']
         ];
     }
 
-    private function getMockHttpClient($testJwks, int $timesCalled = 1)
+    private function getMockHttpClient($testJwks, int $timesCalled = 1): object
     {
         $body = $this->prophesize('Psr\Http\Message\StreamInterface');
         $body->__toString()
@@ -321,7 +324,7 @@ private function getMockHttpClient($testJwks, int $timesCalled = 1)
         return $http->reveal();
     }
 
-    private function getMockHttpFactory(int $timesCalled = 1)
+    private function getMockHttpFactory(int $timesCalled = 1): object
     {
         $request = $this->prophesize('Psr\Http\Message\RequestInterface');
         $factory = $this->prophesize(RequestFactoryInterface::class);
@@ -332,7 +335,7 @@ private function getMockHttpFactory(int $timesCalled = 1)
         return $factory->reveal();
     }
 
-    private function getMockEmptyCache()
+    private function getMockEmptyCache(): object
     {
         $cacheItem = $this->prophesize(CacheItemInterface::class);
         $cacheItem->isHit()