Skip to content

Commit

Permalink
feat: Change the default signing algorithm to SHA-512 (#1156)
Browse files Browse the repository at this point in the history
Closes #1136.
  • Loading branch information
theofidry authored Nov 9, 2023
1 parent d944fb9 commit 39403a7
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 14 deletions.
2 changes: 1 addition & 1 deletion src/Configuration/Configuration.php
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ final class Configuration
'finder',
];
private const PHP_SCOPER_CONFIG = 'scoper.inc.php';
private const DEFAULT_SIGNING_ALGORITHM = SigningAlgorithm::SHA1;
private const DEFAULT_SIGNING_ALGORITHM = SigningAlgorithm::SHA512;
private const DEFAULT_ALIAS_PREFIX = 'box-auto-generated-alias-';

private const DEFAULT_IGNORED_ANNOTATIONS = [
Expand Down
18 changes: 9 additions & 9 deletions tests/Configuration/ConfigurationSigningTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,9 @@
*/
class ConfigurationSigningTest extends ConfigurationTestCase
{
public function test_the_default_signing_is_sha1(): void
public function test_the_default_signing_is_sha512(): void
{
self::assertSame(SigningAlgorithm::SHA1, $this->config->getSigningAlgorithm());
self::assertSame(SigningAlgorithm::SHA512, $this->config->getSigningAlgorithm());

self::assertNull($this->config->getPrivateKeyPath());
self::assertNull($this->config->getPrivateKeyPassphrase());
Expand All @@ -47,7 +47,7 @@ public function test_the_default_signing_is_sha1(): void
public function test_a_recommendation_is_given_if_the_configured_algorithm_is_the_default_value(): void
{
$this->setConfig([
'algorithm' => 'SHA1',
'algorithm' => 'SHA512',
]);

self::assertSame(
Expand Down Expand Up @@ -78,7 +78,7 @@ public function test_the_signing_algorithm_can_be_configured(string $algorithm,

self::assertSame($expected, $this->config->getSigningAlgorithm());

if (false === in_array($algorithm, ['SHA1', false], true)) {
if (false === in_array($algorithm, ['SHA512', false], true)) {
self::assertSame([], $this->config->getRecommendations());
}
self::assertSame([], $this->config->getWarnings());
Expand Down Expand Up @@ -126,7 +126,7 @@ public function test_it_generates_a_warning_when_a_key_pass_is_provided_but_the_
self::assertNull($this->config->getPrivateKeyPassphrase());
self::assertFalse($this->config->promptForPrivateKey());

if (false === in_array($algorithm, ['SHA1', false], true)) {
if (false === in_array($algorithm, ['SHA512', false], true)) {
self::assertSame([], $this->config->getRecommendations());
}
self::assertSame(
Expand Down Expand Up @@ -157,7 +157,7 @@ public function test_it_generates_a_warning_when_a_key_pass_is_provided_but_the_
);
}

if (in_array($algorithm, ['SHA1', false], true)) {
if (in_array($algorithm, ['SHA512', false], true)) {
array_unshift(
$expectedRecommendation,
'The "algorithm" setting can be omitted since is set to its default value',
Expand All @@ -176,7 +176,7 @@ public function test_it_generates_a_warning_when_a_key_pass_is_provided_but_the_
self::assertNull($this->config->getPrivateKeyPassphrase());
self::assertFalse($this->config->promptForPrivateKey());

if (false === in_array($algorithm, ['SHA1', false], true)) {
if (false === in_array($algorithm, ['SHA512', false], true)) {
self::assertSame([], $this->config->getRecommendations());
}
self::assertSame(
Expand All @@ -199,7 +199,7 @@ public function test_it_generates_a_warning_when_a_key_path_is_provided_but_the_

self::assertNull($this->config->getPrivateKeyPath());

if (false === in_array($algorithm, ['SHA1', false], true)) {
if (false === in_array($algorithm, ['SHA512', false], true)) {
self::assertSame([], $this->config->getRecommendations());
}
self::assertSame(
Expand All @@ -218,7 +218,7 @@ public function test_it_generates_a_warning_when_a_key_path_is_provided_but_the_
'The setting "key" has been set but is unnecessary since the signing algorithm is not "OPENSSL".',
];

if (in_array($algorithm, ['SHA1', false], true)) {
if (in_array($algorithm, ['SHA512', false], true)) {
array_unshift(
$expectedRecommendation,
'The "algorithm" setting can be omitted since is set to its default value',
Expand Down
4 changes: 2 additions & 2 deletions tests/Configuration/ConfigurationTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -2986,7 +2986,7 @@ public function test_it_can_be_created_with_only_default_values(): void
self::assertNull($this->config->getPrivateKeyPath());
self::assertSame([], $this->config->getReplacements());
self::assertSame('#!/usr/bin/env php', $this->config->getShebang());
self::assertSame(SigningAlgorithm::SHA1, $this->config->getSigningAlgorithm());
self::assertSame(SigningAlgorithm::SHA512, $this->config->getSigningAlgorithm());

$version = self::$version;

Expand Down Expand Up @@ -3096,7 +3096,7 @@ public function test_it_can_be_exported(): void
-promptForPrivateKey: false
-processedReplacements: []
-shebang: "#!/usr/bin/env php"
-signingAlgorithm: "SHA1"
-signingAlgorithm: "SHA512"
-stubBannerContents: "My banner"
-stubBannerPath: null
-stubPath: null
Expand Down
4 changes: 2 additions & 2 deletions tests/Console/Command/CompileTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -478,7 +478,7 @@ public function test_it_can_build_a_phar_without_any_configuration(): void

$phar = new Phar('index.phar');

self::assertSame('SHA-1', $phar->getSignature()['hash_type']);
self::assertSame('SHA-512', $phar->getSignature()['hash_type']);

// Check PHAR content
$actualStub = self::normalizeStub($phar->getStub());
Expand Down Expand Up @@ -1227,7 +1227,7 @@ public function test_it_can_build_a_phar_file_in_debug_mode(): void
-promptForPrivateKey: false
-processedReplacements: []
-shebang: "#!/usr/bin/env php"
-signingAlgorithm: "SHA1"
-signingAlgorithm: "SHA512"
-stubBannerContents: ""
-stubBannerPath: null
-stubPath: null
Expand Down

0 comments on commit 39403a7

Please sign in to comment.