diff --git a/src/Lib/Tools/HttpTool.php b/src/Lib/Tools/HttpTool.php
index e7920fba0..64313b1c0 100644
--- a/src/Lib/Tools/HttpTool.php
+++ b/src/Lib/Tools/HttpTool.php
@@ -1,8 +1,8 @@
 <?php
+declare(strict_types=1);
 
 namespace App\Lib\Tools;
 
-use App\Lib\Tools\CurlAdvanced;
 use Cake\Core\Configure;
 use Cake\Core\Exception\CakeException;
 use Cake\Http\Client as CakeClient;
@@ -11,7 +11,6 @@ use Cake\Http\Client\Response;
 use Cake\Http\Exception\NotImplementedException;
 use Cake\I18n\FrozenTime;
 
-
 class HttpTool extends CakeClient
 {
     /**
@@ -27,7 +26,8 @@ class HttpTool extends CakeClient
      *   - Proxy.host, port, user, pass, method
      *   - Security.min_tls_version
      *
-     * @param  mixed $server Server array with custom settings for a specific server, cerebrate, ...
+     * @param array $config configuration parameters of CakeClient
+     * @param array $server Server array with custom settings for a specific server, cerebrate, ...
      */
     public function __construct(array $config = [], array $server = [])
     {
@@ -38,10 +38,10 @@ class HttpTool extends CakeClient
         parent::__construct($config);
     }
 
-
     /**
      * buildDefaultConfigFromSettings
      *
+     * @return void
      */
     public function buildDefaultConfigFromSettings()
     {
@@ -74,7 +74,6 @@ class HttpTool extends CakeClient
         - skip_proxy -
         */
 
-
         // proxy settings
         $proxy = Configure::read('Proxy');
         // proxy array as CakeClient likes it
@@ -83,7 +82,7 @@ class HttpTool extends CakeClient
         //  'proxy' => '127.0.0.1:8080']
 
         if (isset($proxy['host'])) {
-            $this->_defaultConfig['proxy'] = ['proxy' => $proxy['host'] . ":" . (empty($proxy['port']) ? 3128 : $proxy['port'])];
+            $this->_defaultConfig['proxy'] = ['proxy' => $proxy['host'] . ':' . (empty($proxy['port']) ? 3128 : $proxy['port'])];
 
             if (isset($proxy['user']) && isset($proxy['password']) && !isset($proxy['method'])) {
                 $proxy['method'] = 'basic';
@@ -109,7 +108,8 @@ class HttpTool extends CakeClient
         }
 
         // min TLS version
-        if ($minTlsVersion = Configure::read('Security.min_tls_version')) {
+        $minTlsVersion = Configure::read('Security.min_tls_version');
+        if ($minTlsVersion) {
             $version = 0;
             switch ($minTlsVersion) {
                 case 'tlsv1_0':
@@ -124,8 +124,8 @@ class HttpTool extends CakeClient
                 case 'tlsv1_3':
                     if (defined('STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT')) {
                         $version |= STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT;
-                    } else if ($minTlsVersion === 'tlsv1_3') {
-                        throw new CakeException("TLSv1.3 is not supported by PHP.");
+                    } elseif ($minTlsVersion === 'tlsv1_3') {
+                        throw new CakeException('TLSv1.3 is not supported by PHP.');
                     }
                     break;
                 default:
@@ -135,7 +135,7 @@ class HttpTool extends CakeClient
         }
 
         // Add user-agent
-        $this->_defaultConfig['headers']['User-Agent'] = "MISP - Threat Intelligence & Sharing Platform";
+        $this->_defaultConfig['headers']['User-Agent'] = 'MISP - Threat Intelligence & Sharing Platform';
         // TODO add MISP version? or only do it for server to server communication? (see configFromServer())
     }
 
@@ -143,18 +143,19 @@ class HttpTool extends CakeClient
      * Set HttpTool configuration from Server data, such as Certificate Authority and other
      *
      * @param array $server Server array
+     * @return void
      */
     public function configFromServer(array $server)
     {
         if (!empty($server)) {
             if ($server['cert_file']) {
-                $this->_defaultConfig['ssl_cafile'] = APP . "files" . DS . "certs" . DS . $server['id'] . '.pem';
+                $this->_defaultConfig['ssl_cafile'] = APP . 'files' . DS . 'certs' . DS . $server['id'] . '.pem';
             }
             if ($server['client_cert_file']) {
                 if (!isset($this->_defaultConfig['curl'])) {
                     $this->_defaultConfig['curl'] = [];
                 }
-                $this->_defaultConfig['curl'][CURLOPT_SSLKEY] = APP . "files" . DS . "certs" . DS . $server['id'] . '_client.pem';
+                $this->_defaultConfig['curl'][CURLOPT_SSLKEY] = APP . 'files' . DS . 'certs' . DS . $server['id'] . '_client.pem';
             }
             if ($server['self_signed']) {
                 $this->_defaultConfig['ssl_verify_peer_name'] = false;
@@ -179,10 +180,14 @@ class HttpTool extends CakeClient
      * Set HttpTool configuration from Feed data
      *
      * @param array|null $feed Feed array
+     * @return void
      */
     public function configFromFeed(array $feed = null)
     {
         $this->_defaultConfig['compress'] = 'true';
+        if ($feed) {
+            throw new NotImplementedException('configFromFeed() is not implemented'); // FIXME chri write configFromFeed
+        }
     }
 
     /**
@@ -198,7 +203,6 @@ class HttpTool extends CakeClient
         $this->_defaultConfig['headers']['MISP-uuid'] = Configure::read('MISP.uuid');
     }
 
-
     /**
      * Helper method for doing requests. This method is there to provide us a wrapper implementing custom MISP options.
      *
@@ -215,31 +219,33 @@ class HttpTool extends CakeClient
                 $options,
                 [
                     'ssl_verify_peer' => false,
-                    'ssl_verify_host' => false
+                    'ssl_verify_host' => false,
                 ]
             );
         }
         if (isset($options['skip_proxy']) && $options['skip_proxy'] === true) {
             unset($options['proxy']);
         }
+
         return parent::_doRequest($method, $url, $data, $options);
     }
 
     /**
      * @deprecated createRequest - return an instance of HttpTool with automatic configuration
      * @deprecated do not use this function, but use the HttpTool directly instead
-     * @param  mixed $config
-     * @return HttpTool
+     * @param array $config HttpTool configuration
+     * @return self
      */
     public function createRequest(array $config = []): HttpTool
     {
         return new HttpTool($config);
     }
 
-
     /**
      * fetchCertificate - download the SSL certificate from the remote server
      *
+     * @param string $url the url where the certificate is hosted
+     * @param array $options HttpTool options
      * @return array the list of certificates including pem
      */
     public function fetchCertificates(string $url, array $options = []): array
@@ -259,14 +265,15 @@ class HttpTool extends CakeClient
         );
         $curl = new CurlAdvanced();
         $certificates = $curl->getCertificateChain($request, $options);
+
         return $certificates;
     }
 
     /**
      * getServerClientCertificateInfo - extract certificate info from a Client certificate from a $server.
-     * @param array $server
+     *
+     * @param array $server the Server array from MISP datamodel
      * @return array|void
-     * @throws Exception
      */
     public static function getServerClientCertificateInfo(array $server): mixed
     {
@@ -274,7 +281,7 @@ class HttpTool extends CakeClient
             return null;
         }
         $fileAccessTool = new FileAccessTool();
-        $path = APP . "files" . DS . "certs" . DS . $server['id'] . '_client.pem';
+        $path = APP . 'files' . DS . 'certs' . DS . $server['id'] . '_client.pem';
         $clientCertificate = $fileAccessTool->readFromFile($path); //readFromFile throws an exception if the file is not found or could not be read, along with the reason.
 
         return self::getClientCertificateInfo($clientCertificate);
@@ -282,9 +289,10 @@ class HttpTool extends CakeClient
 
     /**
      * getServerCaCertificateInfo - extract certificate info from a certificate from a $server.
-     * @param array $server
+     *
+     * @param array $server the Server array from MISP datamodel
      * @return array|void
-     * @throws Exception
+     * @throws \Cake\Core\Exception\CakeException
      */
     public static function getServerCaCertificateInfo(array $server): mixed
     {
@@ -293,7 +301,7 @@ class HttpTool extends CakeClient
         }
 
         $fileAccessTool = new FileAccessTool();
-        $path = APP . "files" . DS . "certs" . DS . $server['Server']['id'] . '.pem';
+        $path = APP . 'files' . DS . 'certs' . DS . $server['Server']['id'] . '.pem';
         $caCertificate = $fileAccessTool->readFromFile($path); //readFromFile throws an exception if the file is not found or could not be read, along with the reason.
         $certificate = openssl_x509_read($caCertificate);
         if (!$certificate) {
@@ -305,9 +313,10 @@ class HttpTool extends CakeClient
 
     /**
      * getClientCertificateInfo - extract client certificate info from a PEM encoded cert + key, only if the cert+key are valid
+     *
      * @param string $certificateContent PEM encoded certificate and private key.
      * @return array
-     * @throws Exception
+     * @throws \Cake\Core\Exception\CakeException
      */
     public static function getClientCertificateInfo(string $certificateContent): array
     {
@@ -323,14 +332,16 @@ class HttpTool extends CakeClient
         if (!$verify) {
             throw new CakeException('Public and private key do not match.');
         }
+
         return self::parseCertificate($certificate);
     }
 
     /**
      * parseCertificate - extract certificate info from a PEM encoded certificate
-     * @param mixed $certificate
+     *
+     * @param mixed $certificate the certificate as returned by `openssl_x509_read()`
      * @return array
-     * @throws Exception
+     * @throws \Cake\Core\Exception\CakeException
      */
     public static function parseCertificate(mixed $certificate): array
     {