WIP phpstan level 6

cicnavi · cicnavi · commit e45656d6d01e · 2025-01-15T17:28:18.000+01:00
diff --git a/phpstan.neon b/phpstan.neon
@@ -1,6 +1,6 @@
 
 parameters:
-	level: 4
+	level: 6
 	paths:
 		- src
 	tmpDir: build/phpstan
diff --git a/src/Codebooks/MetadataPolicyOperatorsEnum.php b/src/Codebooks/MetadataPolicyOperatorsEnum.php
@@ -20,11 +20,17 @@ enum MetadataPolicyOperatorsEnum: string
     case SupersetOf = 'superset_of';
     case Essential = 'essential';
 
+    /**
+     * @return string[]
+     */
     public static function values(): array
     {
         return array_column(self::cases(), 'value');
     }
 
+    /**
+     * @return string[]
+     */
     public function getSupportedOperatorValueTypes(): array
     {
         return match ($this) {
@@ -54,6 +60,9 @@ public function getSupportedOperatorValueTypes(): array
         };
     }
 
+    /**
+     * @return string[]
+     */
     public function getSupportedParameterValueTypes(): array
     {
         return match ($this) {
@@ -79,6 +88,7 @@ public function getSupportedParameterValueTypes(): array
     }
 
     /**
+     * @return string[]
      * @throws \SimpleSAML\OpenID\Exceptions\MetadataPolicyException
      */
     public function getSupportedOperatorContainedValueTypes(): array
@@ -96,6 +106,7 @@ public function getSupportedOperatorContainedValueTypes(): array
     }
 
     /**
+     * @return string[]
      * @throws \SimpleSAML\OpenID\Exceptions\MetadataPolicyException
      */
     public function getSupportedParameterContainedValueTypes(): array
@@ -113,13 +124,19 @@ public function getSupportedParameterContainedValueTypes(): array
         };
     }
 
+    /**
+     * @phpstan-ignore missingType.iterableValue (We can handle mixed type using array_diff)
+     */
     public function isValueSubsetOf(mixed $value, array $superset): bool
     {
         $value = is_array($value) ? $value : [$value];
 
         return array_diff($value, $superset) === [];
     }
 
+    /**
+     * @phpstan-ignore missingType.iterableValue (We can handle mixed type using array_diff)
+     */
     public function isValueSupersetOf(mixed $value, array $subset): bool
     {
         $value = is_array($value) ? $value : [$value];
@@ -178,6 +195,9 @@ public function isParameterValueTypeSupported(mixed $parameterValue): bool
         return true;
     }
 
+    /**
+     * @return string[]
+     */
     public function getSupportedOperatorCombinations(): array
     {
         return [
@@ -226,6 +246,9 @@ public function getSupportedOperatorCombinations(): array
         ];
     }
 
+    /**
+     * @param string[] $operatorKeys
+     */
     public function isOperatorCombinationSupported(array $operatorKeys): bool
     {
         return array_diff($operatorKeys, $this->getSupportedOperatorCombinations()) === [];
@@ -234,6 +257,8 @@ public function isOperatorCombinationSupported(array $operatorKeys): bool
     /**
      * Validate general parameter operation rules like operator combinations and operator value type.
      *
+     * @param array<string,mixed> $parameterOperations
+     *
      * @throws \SimpleSAML\OpenID\Exceptions\MetadataPolicyException
      */
     public static function validateGeneralParameterOperationRules(array $parameterOperations): void
diff --git a/src/Federation/EntityStatement.php b/src/Federation/EntityStatement.php
@@ -227,6 +227,7 @@ public function getTrustMarks(): ?TrustMarkClaimBag
 
         /** @psalm-suppress MixedAssignment */
         while (is_array($trustMarkClaimData = array_pop($trustMarksClaims))) {
+            $trustMarkClaimData = $this->helpers->arr()->ensureStringKeys($trustMarkClaimData);
             $trustMarkClaimBag->add($this->trustMarkClaimFactory->buildFrom($trustMarkClaimData));
         }
 
diff --git a/src/Federation/EntityStatement/Factories/TrustMarkClaimFactory.php b/src/Federation/EntityStatement/Factories/TrustMarkClaimFactory.php
@@ -18,6 +18,7 @@ public function __construct(
     }
 
     /**
+     * @param array<string,mixed> $otherClaims
      * @throws \SimpleSAML\OpenID\Exceptions\JwsException
      * @throws \SimpleSAML\OpenID\Exceptions\TrustMarkException
      * @throws \SimpleSAML\OpenID\Exceptions\TrustMarkClaimException
@@ -31,6 +32,7 @@ public function build(
     }
 
     /**
+     * @param array<string,mixed> $trustMarkClaimData
      * @throws \SimpleSAML\OpenID\Exceptions\TrustMarkClaimException
      * @throws \SimpleSAML\OpenID\Exceptions\JwsException
      */
diff --git a/src/Federation/EntityStatement/TrustMarkClaim.php b/src/Federation/EntityStatement/TrustMarkClaim.php
@@ -14,6 +14,7 @@
 class TrustMarkClaim
 {
     /**
+     * @param array<string,mixed> $otherClaims
      * @throws \SimpleSAML\OpenID\Exceptions\TrustMarkClaimException
      * @throws \SimpleSAML\OpenID\Exceptions\TrustMarkException
      * @throws \SimpleSAML\OpenID\Exceptions\JwsException
diff --git a/src/Federation/MetadataPolicyResolver.php b/src/Federation/MetadataPolicyResolver.php
@@ -17,7 +17,43 @@ public function __construct(
     }
 
     /**
-     * @param array[] $metadataPolicies
+     * @return array<string,array<string,array<string,mixed>>>
+     * @throws \SimpleSAML\OpenID\Exceptions\MetadataPolicyException
+     * @psalm-suppress MixedAssignment
+     */
+    public function ensureFormat(array $metadataPolicies): array
+    {
+        foreach ($metadataPolicies as $entityType => $metadataPolicyEntityType) {
+            if (!is_string($entityType)) {
+                throw new MetadataPolicyException('Invalid metadata policy format (entity type key).');
+            }
+            if (!is_array($metadataPolicyEntityType)) {
+                throw new MetadataPolicyException('Invalid metadata policy format (entity type value).');
+            }
+
+            foreach ($metadataPolicyEntityType as $parameter => $metadataPolicyParameter) {
+                if (!is_string($parameter)) {
+                    throw new MetadataPolicyException('Invalid metadata policy format (parameter key).');
+                }
+                if (!is_array($metadataPolicyParameter)) {
+                    throw new MetadataPolicyException('Invalid metadata policy format (parameter value).');
+                }
+
+                $operators = array_keys($metadataPolicyParameter);
+                foreach ($operators as $operator) {
+                    if (!is_string($operator)) {
+                        throw new MetadataPolicyException('Invalid metadata policy format (operator key).');
+                    }
+                }
+            }
+        }
+
+        /** @var array<string,array<string,array<string,mixed>>> $metadataPolicies */
+        return $metadataPolicies;
+    }
+
+    /**
+     * @param array<array<string,array<string,array<string,mixed>>>> $metadataPolicies
      * @param string[] $criticalMetadataPolicyOperators
      *
      * @throws \SimpleSAML\OpenID\Exceptions\MetadataPolicyException
@@ -28,6 +64,7 @@ public function for(
         array $metadataPolicies,
         array $criticalMetadataPolicyOperators = [],
     ): array {
+        /** @var array<string,array<string,mixed>> $currentPolicy */
         $currentPolicy = [];
         $supportedOperators = MetadataPolicyOperatorsEnum::values();
 
@@ -63,15 +100,6 @@ public function for(
             // Go over each metadata parameter and resolve the policy.
             /** @psalm-suppress MixedAssignment We'll check if $nextPolicyParameterOperations is array type. */
             foreach ($nextPolicy as $nextPolicyParameter => $nextPolicyParameterOperations) {
-                if (!is_array($nextPolicyParameterOperations)) {
-                    throw new MetadataPolicyException(
-                        sprintf(
-                            'Invalid format for metadata policy operations encountered: %s',
-                            var_export($nextPolicyParameterOperations, true),
-                        ),
-                    );
-                }
-
                 MetadataPolicyOperatorsEnum::validateGeneralParameterOperationRules($nextPolicyParameterOperations);
                 MetadataPolicyOperatorsEnum::validateSpecificParameterOperationRules($nextPolicyParameterOperations);
 
@@ -194,7 +222,7 @@ public function for(
                 }
 
                 // Check if the current policy is in valid state after merge.
-                /** @var array $currentPolicyParameterOperations We ensured this is array. */
+                /** @var array<string,array<string,mixed>> $currentPolicy */
                 foreach ($currentPolicy as $currentPolicyParameterOperations) {
                     MetadataPolicyOperatorsEnum::validateGeneralParameterOperationRules(
                         $currentPolicyParameterOperations,
diff --git a/src/Federation/TrustChain.php b/src/Federation/TrustChain.php
@@ -36,7 +36,7 @@ class TrustChain implements JsonSerializable
      * issued by the most Superior Entity and ends with the Subordinate Statement issued by the Immediate Superior
      * of the Trust Chain subject.
      *
-     * @var array[]
+     * @var array<array<string,array<string,array<string,mixed>>>>
      */
     protected array $metadataPolicies = [];
 
@@ -359,10 +359,13 @@ protected function gatherCriticalMetadataPolicyOperators(EntityStatement $entity
 
     /**
      * @throws \SimpleSAML\OpenID\Exceptions\JwsException
+     * @throws \SimpleSAML\OpenID\Exceptions\MetadataPolicyException
      */
     protected function gatherMetadataPolicies(EntityStatement $entityStatement): void
     {
-        $policy = $entityStatement->getMetadataPolicy() ?? [];
+        $policy = $this->metadataPolicyResolver->ensureFormat(
+            $entityStatement->getMetadataPolicy() ?? [],
+        );
 
         if ($policy !== []) {
             array_unshift($this->metadataPolicies, $policy);
diff --git a/src/Helpers/Arr.php b/src/Helpers/Arr.php
@@ -27,4 +27,15 @@ public function ensureArrayDepth(array &$array, int|string ...$keys): void
 
         $this->ensureArrayDepth($array[$key], ...$keys);
     }
+
+    /**
+     * @return array<string,mixed>
+     */
+    public function ensureStringKeys(array $array): array
+    {
+        return array_combine(
+            array_map('strval', array_keys($array)),
+            $array,
+        );
+    }
 }
diff --git a/src/Jwks/JwksFetcher.php b/src/Jwks/JwksFetcher.php
@@ -31,6 +31,7 @@ public function __construct(
     }
 
     /**
+     * @return array{keys:array <string,mixed>}
      * @throws \SimpleSAML\OpenID\Exceptions\JwksException
      */
     protected function decodeJwksJson(string $jwksJson): array
@@ -62,6 +63,8 @@ protected function decodeJwksJson(string $jwksJson): array
             throw new JwksException($message);
         }
 
+        $jwks[ClaimsEnum::Keys->value] = $this->helpers->arr()->ensureStringKeys($jwks[ClaimsEnum::Keys->value]);
+        /** @var array{keys:array<string,mixed>} $jwks */
         return $jwks;
     }
 
@@ -167,6 +170,7 @@ public function fromJwksUri(string $uri): ?JwksDecorator
 
     /**
      * @throws \SimpleSAML\OpenID\Exceptions\JwsException
+     * @phpstan-ignore missingType.iterableValue (JWKS array is validated later)
      */
     public function fromCacheOrSignedJwksUri(string $uri, array $federationJwks): ?JwksDecorator
     {
@@ -177,6 +181,7 @@ public function fromCacheOrSignedJwksUri(string $uri, array $federationJwks): ?J
      * @param string $uri URI from which to fetch SignedJwks statement.
      * @param array $federationJwks Federation JWKS which will be used to check signature on SignedJwks statement.
      * @throws \SimpleSAML\OpenID\Exceptions\JwsException
+     * @phpstan-ignore missingType.iterableValue (JWKS array is validated later)
      */
     public function fromSignedJwksUri(string $uri, array $federationJwks): ?JwksDecorator
     {
diff --git a/src/Jwks/SignedJwks.php b/src/Jwks/SignedJwks.php
@@ -13,6 +13,7 @@
 class SignedJwks extends ParsedJws implements JsonSerializable
 {
     /**
+     * @return array<array<string,mixed>>
      * @throws \SimpleSAML\OpenID\Exceptions\JwsException
      * @throws \SimpleSAML\OpenID\Exceptions\SignedJwksException
      */
@@ -28,7 +29,10 @@ public function getKeys(): array
             );
         }
 
-        return $keys;
+        return array_map(
+            $this->helpers->arr()->ensureStringKeys(...),
+            $keys,
+        );
     }
 
     /**
@@ -82,6 +86,11 @@ protected function validate(): void
         );
     }
 
+    /**
+     * @return array{keys: array<array<string, mixed>>}
+     * @throws \SimpleSAML\OpenID\Exceptions\JwsException
+     * @throws \SimpleSAML\OpenID\Exceptions\SignedJwksException
+     */
     public function jsonSerialize(): array
     {
         return [ClaimsEnum::Keys->value => $this->getKeys()];
diff --git a/src/Jws/ParsedJws.php b/src/Jws/ParsedJws.php
@@ -22,6 +22,9 @@ class ParsedJws
      * @var array<string,mixed>
      */
     protected ?array $header = null;
+    /**
+     * @var array<string,mixed>
+     */
     protected ?array $payload = null;
 
     protected ?string $token = null;
@@ -80,6 +83,7 @@ protected function ensureNonEmptyString(mixed $value, string $description): stri
 
     /**
      * @return non-empty-string[]
+     * @phpstan-ignore missingType.iterableValue (We cast everything to string)
      */
     protected function ensureNonEmptyStrings(array $values, string $description): array
     {
@@ -135,6 +139,7 @@ public function getToken(
 
     /**
      * @throws \SimpleSAML\OpenID\Exceptions\JwsException
+     * @return array<string,mixed>
      */
     public function getPayload(): array
     {
@@ -143,13 +148,12 @@ public function getPayload(): array
         }
 
         $payloadString = $this->jws->getPayload();
-        /** @psalm-suppress RiskyTruthyFalsyComparison */
         if ($payloadString === null || $payloadString === '' || $payloadString === '0') {
             return $this->payload = [];
         }
 
         try {
-            /** @var ?array $payload */
+            /** @var ?array<string,mixed> $payload */
             $payload = $this->helpers->json()->decode($payloadString);
             return $this->payload = is_array($payload) ? $payload : [];
         } catch (JsonException $exception) {
@@ -159,6 +163,7 @@ public function getPayload(): array
 
     /**
      * @throws \SimpleSAML\OpenID\Exceptions\JwsException
+     * @phpstan-ignore missingType.iterableValue (JWKS array is validated later)
      */
     public function verifyWithKeySet(array $jwks, int $signatureIndex = 0): void
     {
diff --git a/tests/src/Federation/MetadataPolicyResolverTest.php b/tests/src/Federation/MetadataPolicyResolverTest.php
diff --git a/tests/src/Federation/TrustChainTest.php b/tests/src/Federation/TrustChainTest.php
diff --git a/tests/src/Helpers/ArrTest.php b/tests/src/Helpers/ArrTest.php
diff --git a/tests/src/Jwks/JwksFetcherTest.php b/tests/src/Jwks/JwksFetcherTest.php
diff --git a/tests/src/Jws/ParsedJwsTest.php b/tests/src/Jws/ParsedJwsTest.php

Original file line number	Diff line number	Diff line change
`@@ -20,11 +20,17 @@ enum MetadataPolicyOperatorsEnum: string`
`20`	`20`	`case SupersetOf = 'superset_of';`
`21`	`21`	`case Essential = 'essential';`
`22`	`22`
	`23`	`+ /**`
	`24`	`+ * @return string[]`
	`25`	`+ */`
`23`	`26`	`public static function values(): array`
`24`	`27`	`{`
`25`	`28`	`return array_column(self::cases(), 'value');`
`26`	`29`	`}`
`27`	`30`
	`31`	`+ /**`
	`32`	`+ * @return string[]`
	`33`	`+ */`
`28`	`34`	`public function getSupportedOperatorValueTypes(): array`
`29`	`35`	`{`
`30`	`36`	`return match ($this) {`
`@@ -54,6 +60,9 @@ public function getSupportedOperatorValueTypes(): array`
`54`	`60`	`};`
`55`	`61`	`}`
`56`	`62`
	`63`	`+ /**`
	`64`	`+ * @return string[]`
	`65`	`+ */`
`57`	`66`	`public function getSupportedParameterValueTypes(): array`
`58`	`67`	`{`
`59`	`68`	`return match ($this) {`
`@@ -79,6 +88,7 @@ public function getSupportedParameterValueTypes(): array`
`79`	`88`	`}`
`80`	`89`
`81`	`90`	`/**`
	`91`	`+ * @return string[]`
`82`	`92`	`* @throws \SimpleSAML\OpenID\Exceptions\MetadataPolicyException`
`83`	`93`	`*/`
`84`	`94`	`public function getSupportedOperatorContainedValueTypes(): array`
`@@ -96,6 +106,7 @@ public function getSupportedOperatorContainedValueTypes(): array`
`96`	`106`	`}`
`97`	`107`
`98`	`108`	`/**`
	`109`	`+ * @return string[]`
`99`	`110`	`* @throws \SimpleSAML\OpenID\Exceptions\MetadataPolicyException`
`100`	`111`	`*/`
`101`	`112`	`public function getSupportedParameterContainedValueTypes(): array`
`@@ -113,13 +124,19 @@ public function getSupportedParameterContainedValueTypes(): array`
`113`	`124`	`};`
`114`	`125`	`}`
`115`	`126`
	`127`	`+ /**`
	`128`	`+ * @phpstan-ignore missingType.iterableValue (We can handle mixed type using array_diff)`
	`129`	`+ */`
`116`	`130`	`public function isValueSubsetOf(mixed $value, array $superset): bool`
`117`	`131`	`{`
`118`	`132`	`$value = is_array($value) ? $value : [$value];`
`119`	`133`
`120`	`134`	`return array_diff($value, $superset) === [];`
`121`	`135`	`}`
`122`	`136`
	`137`	`+ /**`
	`138`	`+ * @phpstan-ignore missingType.iterableValue (We can handle mixed type using array_diff)`
	`139`	`+ */`
`123`	`140`	`public function isValueSupersetOf(mixed $value, array $subset): bool`
`124`	`141`	`{`
`125`	`142`	`$value = is_array($value) ? $value : [$value];`
`@@ -178,6 +195,9 @@ public function isParameterValueTypeSupported(mixed $parameterValue): bool`
`178`	`195`	`return true;`
`179`	`196`	`}`
`180`	`197`
	`198`	`+ /**`
	`199`	`+ * @return string[]`
	`200`	`+ */`
`181`	`201`	`public function getSupportedOperatorCombinations(): array`
`182`	`202`	`{`
`183`	`203`	`return [`
`@@ -226,6 +246,9 @@ public function getSupportedOperatorCombinations(): array`
`226`	`246`	`];`
`227`	`247`	`}`
`228`	`248`
	`249`	`+ /**`
	`250`	`+ * @param string[] $operatorKeys`
	`251`	`+ */`
`229`	`252`	`public function isOperatorCombinationSupported(array $operatorKeys): bool`
`230`	`253`	`{`
`231`	`254`	`return array_diff($operatorKeys, $this->getSupportedOperatorCombinations()) === [];`
`@@ -234,6 +257,8 @@ public function isOperatorCombinationSupported(array $operatorKeys): bool`
`234`	`257`	`/**`
`235`	`258`	`* Validate general parameter operation rules like operator combinations and operator value type.`
`236`	`259`	`*`
	`260`	`+ * @param array<string,mixed> $parameterOperations`
	`261`	`+ *`
`237`	`262`	`* @throws \SimpleSAML\OpenID\Exceptions\MetadataPolicyException`
`238`	`263`	`*/`
`239`	`264`	`public static function validateGeneralParameterOperationRules(array $parameterOperations): void`
Original file line number	Diff line number	Diff line change
`@@ -227,6 +227,7 @@ public function getTrustMarks(): ?TrustMarkClaimBag`
`227`	`227`
`228`	`228`	`/** @psalm-suppress MixedAssignment */`
`229`	`229`	`while (is_array($trustMarkClaimData = array_pop($trustMarksClaims))) {`
	`230`	`+ $trustMarkClaimData = $this->helpers->arr()->ensureStringKeys($trustMarkClaimData);`
`230`	`231`	`$trustMarkClaimBag->add($this->trustMarkClaimFactory->buildFrom($trustMarkClaimData));`
`231`	`232`	`}`
`232`	`233`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ public function __construct(`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`/**`
	`21`	`+ * @param array<string,mixed> $otherClaims`
`21`	`22`	`* @throws \SimpleSAML\OpenID\Exceptions\JwsException`
`22`	`23`	`* @throws \SimpleSAML\OpenID\Exceptions\TrustMarkException`
`23`	`24`	`* @throws \SimpleSAML\OpenID\Exceptions\TrustMarkClaimException`
`@@ -31,6 +32,7 @@ public function build(`
`31`	`32`	`}`
`32`	`33`
`33`	`34`	`/**`
	`35`	`+ * @param array<string,mixed> $trustMarkClaimData`
`34`	`36`	`* @throws \SimpleSAML\OpenID\Exceptions\TrustMarkClaimException`
`35`	`37`	`* @throws \SimpleSAML\OpenID\Exceptions\JwsException`
`36`	`38`	`*/`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@`
`14`	`14`	`class TrustMarkClaim`
`15`	`15`	`{`
`16`	`16`	`/**`
	`17`	`+ * @param array<string,mixed> $otherClaims`
`17`	`18`	`* @throws \SimpleSAML\OpenID\Exceptions\TrustMarkClaimException`
`18`	`19`	`* @throws \SimpleSAML\OpenID\Exceptions\TrustMarkException`
`19`	`20`	`* @throws \SimpleSAML\OpenID\Exceptions\JwsException`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@ public function __construct(`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`/**`
	`34`	`+ * @return array{keys:array <string,mixed>}`
`34`	`35`	`* @throws \SimpleSAML\OpenID\Exceptions\JwksException`
`35`	`36`	`*/`
`36`	`37`	`protected function decodeJwksJson(string $jwksJson): array`
`@@ -62,6 +63,8 @@ protected function decodeJwksJson(string $jwksJson): array`
`62`	`63`	`throw new JwksException($message);`
`63`	`64`	`}`
`64`	`65`
	`66`	`+ $jwks[ClaimsEnum::Keys->value] = $this->helpers->arr()->ensureStringKeys($jwks[ClaimsEnum::Keys->value]);`
	`67`	`+ /** @var array{keys:array<string,mixed>} $jwks */`
`65`	`68`	`return $jwks;`
`66`	`69`	`}`
`67`	`70`
`@@ -167,6 +170,7 @@ public function fromJwksUri(string $uri): ?JwksDecorator`
`167`	`170`
`168`	`171`	`/**`
`169`	`172`	`* @throws \SimpleSAML\OpenID\Exceptions\JwsException`
	`173`	`+ * @phpstan-ignore missingType.iterableValue (JWKS array is validated later)`
`170`	`174`	`*/`
`171`	`175`	`public function fromCacheOrSignedJwksUri(string $uri, array $federationJwks): ?JwksDecorator`
`172`	`176`	`{`
`@@ -177,6 +181,7 @@ public function fromCacheOrSignedJwksUri(string $uri, array $federationJwks): ?J`
`177`	`181`	`* @param string $uri URI from which to fetch SignedJwks statement.`
`178`	`182`	`* @param array $federationJwks Federation JWKS which will be used to check signature on SignedJwks statement.`
`179`	`183`	`* @throws \SimpleSAML\OpenID\Exceptions\JwsException`
	`184`	`+ * @phpstan-ignore missingType.iterableValue (JWKS array is validated later)`
`180`	`185`	`*/`
`181`	`186`	`public function fromSignedJwksUri(string $uri, array $federationJwks): ?JwksDecorator`
`182`	`187`	`{`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@`
`13`	`13`	`class SignedJwks extends ParsedJws implements JsonSerializable`
`14`	`14`	`{`
`15`	`15`	`/**`
	`16`	`+ * @return array<array<string,mixed>>`
`16`	`17`	`* @throws \SimpleSAML\OpenID\Exceptions\JwsException`
`17`	`18`	`* @throws \SimpleSAML\OpenID\Exceptions\SignedJwksException`
`18`	`19`	`*/`
`@@ -28,7 +29,10 @@ public function getKeys(): array`
`28`	`29`	`);`
`29`	`30`	`}`
`30`	`31`
`31`		`- return $keys;`
	`32`	`+ return array_map(`
	`33`	`+ $this->helpers->arr()->ensureStringKeys(...),`
	`34`	`+ $keys,`
	`35`	`+ );`
`32`	`36`	`}`
`33`	`37`
`34`	`38`	`/**`
`@@ -82,6 +86,11 @@ protected function validate(): void`
`82`	`86`	`);`
`83`	`87`	`}`
`84`	`88`
	`89`	`+ /**`
	`90`	`+ * @return array{keys: array<array<string, mixed>>}`
	`91`	`+ * @throws \SimpleSAML\OpenID\Exceptions\JwsException`
	`92`	`+ * @throws \SimpleSAML\OpenID\Exceptions\SignedJwksException`
	`93`	`+ */`
`85`	`94`	`public function jsonSerialize(): array`
`86`	`95`	`{`
`87`	`96`	`return [ClaimsEnum::Keys->value => $this->getKeys()];`