Remove X5C EOL

.gitattributes

@@ -1,10 +1,18 @@
 * text=auto
 
+/.github export-ignore
+/packs export-ignore
 /performance export-ignore
+/tests export-ignore
+/.editorconfig export-ignore
 /.gitattributes export-ignore
 /.gitignore export-ignore
-/.scrutinizer.yml export-ignore
-/.travis.yml export-ignore
+/.gitsplit.yml export-ignore
+/CODE_OF_CONDUCT.md export-ignore
+/ecs.php export-ignore
+/infection.json export-ignore
+/Makefile export-ignore
 /phpbench.json export-ignore
+/phpstan.neon export-ignore
 /phpunit.xml.dist export-ignore
-/README.md export-ignore
+/rector.php export-ignore

.gitignore

@@ -1,14 +1,12 @@
 .phpbench
 .phpunit.result.cache
-.travis/phar-private.pem
 jose.phar
 jose.phar.pubkey
 jose.phar.version
-.travis/build-key.pem
-.travis/secrets.tar
 report.md
 composer.lock
 .php_cs
 .php_cs.cache
 vendor/
 src/Bundle/JoseFramework/var/
+infection.txt

.gitsplit.yml

@@ -53,6 +53,4 @@ splits:
       target: "https://${GH_TOKEN}@github.com/web-token/signature-pack.git"
 
 origins:
-    - ^master$
-    - ^v\d+\.\d+$
-    - ^v\d+\.\d+\.\d+.*$
+    - ^\d+\.\d+\.\d+.*$

SECURITY.md

@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+|---------|--------------------|
+| 4.0.x   | :white_check_mark: |
+| 3.1.x   | :white_check_mark: |
+| 3.0.x   | :white_check_mark: |
+| < 3.0.0 | :x:                |
+
+## Reporting a Vulnerability
+
+If you think you have found a security issue, DO NOT open an issue. You MUST email your issue: security AT
+spomky-labs.com.

composer.json

@@ -88,7 +88,7 @@
         "phpstan/phpstan-deprecation-rules": "^1.0",
         "phpstan/phpstan-phpunit": "^1.0",
         "phpstan/phpstan-strict-rules": "^1.0",
-        "phpunit/phpunit": "^8.0|^9.0",
+        "phpunit/phpunit": "^9.5.5",
         "rector/rector": "^0.14",
         "roave/security-advisories": "dev-latest",
         "symfony/browser-kit": "^5.4|^6.0",

phpstan.neon

@@ -17,5 +17,5 @@ parameters:
         - '#Parameter \#2 \.\.\.\$values of function sprintf expects bool\|float\|int\|string\|null\, mixed given\.#'
         - '#Parameter \#1 \.\.\.\$arrays of function array_merge expects array\, mixed given\.#'
         - '#Cannot cast mixed to int\.#'
-includes:
-    - vendor/phpstan/phpstan/conf/bleedingEdge.neon
+        - '#Parameter .* of (static )?method .* expects Jose\\Component\\Core\\JWK, mixed given\.#'
+        - '#Cannot call method (get|has)\(\) on mixed\.#'

src/Component/KeyManagement/KeyConverter/KeyConverter.php

@@ -77,7 +77,7 @@ public static function loadKeyFromX509Resource(OpenSSLCertificate $res): array
             $values = self::loadKeyFromPEM($details['key']);
             openssl_x509_export($res, $out);
             $x5c = preg_replace('#-.*-#', '', $out);
-            $x5c = preg_replace('~\R~', PHP_EOL, $x5c);
+            $x5c = preg_replace('~\R~', '', $x5c);
             if (! is_string($x5c)) {
                 throw new InvalidArgumentException('Unable to load the certificate');
             }

src/Ecc/Curve.php

@@ -168,12 +168,13 @@ public function mul(Point $one, BigInteger $n): Point
 
     public function cmp(self $other): int
     {
-        $equal = $this->getA()
-            ->isEqualTo($other->getA())
-            && $this->getB()
-                ->isEqualTo($other->getB())
-            && $this->getPrime()
-                ->isEqualTo($other->getPrime());
+        $equalsA = $this->getA()
+            ->isEqualTo($other->getA());
+        $equalsB = $this->getB()
+            ->isEqualTo($other->getB());
+        $equalsPrime = $this->getPrime()
+            ->isEqualTo($other->getPrime());
+        $equal = $equalsA && $equalsB && $equalsPrime;
 
         return $equal ? 0 : 1;
     }

tests/Bundle/JoseFramework/config/config_test.yml

@@ -1,7 +1,9 @@
 framework:
   test: ~
   secret: 'test'
-  session: ~
+  session:
+    handler_id: null
+    storage_factory_id: 'session.storage.factory.mock_file'
   router:
     resource: "%kernel.project_dir%/tests/Bundle/JoseFramework/config/routing.yml"
     strict_requirements: ~

tests/Component/KeyManagement/JWKTest.php

@@ -10,7 +10,6 @@
 use Jose\Component\KeyManagement\JWKFactory;
 use const JSON_THROW_ON_ERROR;
 use ParagonIE\ConstantTime\Base64UrlSafe;
-use const PHP_EOL;
 use PHPUnit\Framework\TestCase;
 
 /**
@@ -234,7 +233,7 @@ public function loadCertificateChain(): void
                 'x5t#256' => 'pBJP2vnKx7ruHKsy4yJddGUAwJ888-uyU-8_uwiK_TQ',
                 'kid' => 'From www.google.com',
                 'x5c' => [
-                    'MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT' . PHP_EOL . 'MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i' . PHP_EOL . 'YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG' . PHP_EOL . 'EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy' . PHP_EOL . 'bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB' . PHP_EOL . 'AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP' . PHP_EOL . 'VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv' . PHP_EOL . 'h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE' . PHP_EOL . 'ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ' . PHP_EOL . 'EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC' . PHP_EOL . 'DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7' . PHP_EOL . 'qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD' . PHP_EOL . 'VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov' . PHP_EOL . 'L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig' . PHP_EOL . 'JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ' . PHP_EOL . 'MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+' . PHP_EOL . '3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI' . PHP_EOL . 'hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI' . PHP_EOL . 'Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X' . PHP_EOL . 'Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm' . PHP_EOL . 'X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40' . PHP_EOL . 'fsg12A==',
+                    'MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NPVaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtvh8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rEahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZEASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXCDTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYDVR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpIhNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnIOi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4XBupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPmX4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40fsg12A==',
                 ],
             ],
             $key->all()