Add NoDiscard-attribute to harden the code when it comes to signature validation

Author: tvdijen

src/XML/CanonicalizableElementTrait.php

@@ -39,6 +39,7 @@ abstract protected function getOriginalXML(): DOMElement;
      * filters).
      * @return string
      */
+    #[\NoDiscard]
     public function canonicalize(string $method, ?array $xpaths = null, ?array $prefixes = null): string
     {
         return XML::canonicalizeData($this->getOriginalXML(), $method, $xpaths, $prefixes);

src/XML/SignableElementTrait.php

@@ -104,6 +104,7 @@ public function sign(
      * @param string $digestAlg The digest algorithm to use.
      * @param \SimpleSAML\XMLSecurity\XML\ds\Transforms $transforms The transforms to apply to the object.
      */
+    #[\NoDiscard]
     private function getReference(
         string $digestAlg,
         Transforms $transforms,
@@ -167,6 +168,7 @@ private function getReference(
      * @param \DOMElement $xml The element to sign.
      * @return \DOMElement The signed element, without the signature attached to it just yet.
      */
+    #[\NoDiscard]
     protected function doSign(DOMElement $xml): DOMElement
     {
         Assert::notNull(

src/XML/SignedElementTrait.php

@@ -192,6 +192,7 @@ private function validateReference(SignedInfo $signedInfo): SignedElementInterfa
      *
      * @return \SimpleSAML\XMLSecurity\XML\SignedElementInterface The Signed element if it was verified.
      */
+    #[\NoDiscard]
     private function verifyInternal(SignatureAlgorithmInterface $verifier): SignedElementInterface
     {
         /** @var \SimpleSAML\XMLSecurity\XML\ds\Signature $this->signature */
@@ -260,6 +261,7 @@ public function isSigned(): bool
      * in the signature.
      * @throws \SimpleSAML\XMLSecurity\Exception\RuntimeException if the signature fails to verify.
      */
+    #[\NoDiscard]
     public function verify(?SignatureAlgorithmInterface $verifier = null): SignedElementInterface
     {
         if (!$this->isSigned()) {