feat: Change the default signing algorithm to SHA-512 (#1156)

Closes #1136.

src/Configuration/Configuration.php

@@ -109,7 +109,7 @@ final class Configuration
         'finder',
     ];
     private const PHP_SCOPER_CONFIG = 'scoper.inc.php';
-    private const DEFAULT_SIGNING_ALGORITHM = SigningAlgorithm::SHA1;
+    private const DEFAULT_SIGNING_ALGORITHM = SigningAlgorithm::SHA512;
     private const DEFAULT_ALIAS_PREFIX = 'box-auto-generated-alias-';
 
     private const DEFAULT_IGNORED_ANNOTATIONS = [

tests/Configuration/ConfigurationSigningTest.php

@@ -32,9 +32,9 @@
  */
 class ConfigurationSigningTest extends ConfigurationTestCase
 {
-    public function test_the_default_signing_is_sha1(): void
+    public function test_the_default_signing_is_sha512(): void
     {
-        self::assertSame(SigningAlgorithm::SHA1, $this->config->getSigningAlgorithm());
+        self::assertSame(SigningAlgorithm::SHA512, $this->config->getSigningAlgorithm());
 
         self::assertNull($this->config->getPrivateKeyPath());
         self::assertNull($this->config->getPrivateKeyPassphrase());
@@ -47,7 +47,7 @@ public function test_the_default_signing_is_sha1(): void
     public function test_a_recommendation_is_given_if_the_configured_algorithm_is_the_default_value(): void
     {
         $this->setConfig([
-            'algorithm' => 'SHA1',
+            'algorithm' => 'SHA512',
         ]);
 
         self::assertSame(
@@ -78,7 +78,7 @@ public function test_the_signing_algorithm_can_be_configured(string $algorithm,
 
         self::assertSame($expected, $this->config->getSigningAlgorithm());
 
-        if (false === in_array($algorithm, ['SHA1', false], true)) {
+        if (false === in_array($algorithm, ['SHA512', false], true)) {
             self::assertSame([], $this->config->getRecommendations());
         }
         self::assertSame([], $this->config->getWarnings());
@@ -126,7 +126,7 @@ public function test_it_generates_a_warning_when_a_key_pass_is_provided_but_the_
         self::assertNull($this->config->getPrivateKeyPassphrase());
         self::assertFalse($this->config->promptForPrivateKey());
 
-        if (false === in_array($algorithm, ['SHA1', false], true)) {
+        if (false === in_array($algorithm, ['SHA512', false], true)) {
             self::assertSame([], $this->config->getRecommendations());
         }
         self::assertSame(
@@ -157,7 +157,7 @@ public function test_it_generates_a_warning_when_a_key_pass_is_provided_but_the_
                 );
             }
 
-            if (in_array($algorithm, ['SHA1', false], true)) {
+            if (in_array($algorithm, ['SHA512', false], true)) {
                 array_unshift(
                     $expectedRecommendation,
                     'The "algorithm" setting can be omitted since is set to its default value',
@@ -176,7 +176,7 @@ public function test_it_generates_a_warning_when_a_key_pass_is_provided_but_the_
         self::assertNull($this->config->getPrivateKeyPassphrase());
         self::assertFalse($this->config->promptForPrivateKey());
 
-        if (false === in_array($algorithm, ['SHA1', false], true)) {
+        if (false === in_array($algorithm, ['SHA512', false], true)) {
             self::assertSame([], $this->config->getRecommendations());
         }
         self::assertSame(
@@ -199,7 +199,7 @@ public function test_it_generates_a_warning_when_a_key_path_is_provided_but_the_
 
         self::assertNull($this->config->getPrivateKeyPath());
 
-        if (false === in_array($algorithm, ['SHA1', false], true)) {
+        if (false === in_array($algorithm, ['SHA512', false], true)) {
             self::assertSame([], $this->config->getRecommendations());
         }
         self::assertSame(
@@ -218,7 +218,7 @@ public function test_it_generates_a_warning_when_a_key_path_is_provided_but_the_
             'The setting "key" has been set but is unnecessary since the signing algorithm is not "OPENSSL".',
         ];
 
-        if (in_array($algorithm, ['SHA1', false], true)) {
+        if (in_array($algorithm, ['SHA512', false], true)) {
             array_unshift(
                 $expectedRecommendation,
                 'The "algorithm" setting can be omitted since is set to its default value',

tests/Configuration/ConfigurationTest.php

@@ -2986,7 +2986,7 @@ public function test_it_can_be_created_with_only_default_values(): void
         self::assertNull($this->config->getPrivateKeyPath());
         self::assertSame([], $this->config->getReplacements());
         self::assertSame('#!/usr/bin/env php', $this->config->getShebang());
-        self::assertSame(SigningAlgorithm::SHA1, $this->config->getSigningAlgorithm());
+        self::assertSame(SigningAlgorithm::SHA512, $this->config->getSigningAlgorithm());
 
         $version = self::$version;
 
@@ -3096,7 +3096,7 @@ public function test_it_can_be_exported(): void
               -promptForPrivateKey: false
               -processedReplacements: []
               -shebang: "#!/usr/bin/env php"
-              -signingAlgorithm: "SHA1"
+              -signingAlgorithm: "SHA512"
               -stubBannerContents: "My banner"
               -stubBannerPath: null
               -stubPath: null

tests/Console/Command/CompileTest.php

@@ -478,7 +478,7 @@ public function test_it_can_build_a_phar_without_any_configuration(): void
 
         $phar = new Phar('index.phar');
 
-        self::assertSame('SHA-1', $phar->getSignature()['hash_type']);
+        self::assertSame('SHA-512', $phar->getSignature()['hash_type']);
 
         // Check PHAR content
         $actualStub = self::normalizeStub($phar->getStub());
@@ -1227,7 +1227,7 @@ public function test_it_can_build_a_phar_file_in_debug_mode(): void
               -promptForPrivateKey: false
               -processedReplacements: []
               -shebang: "#!/usr/bin/env php"
-              -signingAlgorithm: "SHA1"
+              -signingAlgorithm: "SHA512"
               -stubBannerContents: ""
               -stubBannerPath: null
               -stubPath: null