CoseSign*Tag and structure (#14)

* Add CoseEncrypt0Tag and CoseEncryptTag implementations with tests
* Refactor protected header decoding in Cose tags and add tests for CoseSign1Tag
* Enhance getProtectedHeaderAsMap method to accept a custom decoder in COSE tags and add tests for its functionality
* Fix cache key generation in CI configuration to use composer.json instead of composer.lock

Author: Spomky

.ci-tools/phpstan-baseline.neon

@@ -264,6 +264,66 @@ parameters:
 			count: 1
 			path: ../src/BigInteger.php
 
+		-
+			rawMessage: Class "Cose\Encryption\CoseEncrypt0Tag" is not allowed to extend "CBOR\Tag".
+			identifier: ergebnis.noExtends
+			count: 1
+			path: ../src/Encryption/CoseEncrypt0Tag.php
+
+		-
+			rawMessage: 'Method Cose\Encryption\CoseEncrypt0Tag::__construct() has parameter $data with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Encryption/CoseEncrypt0Tag.php
+
+		-
+			rawMessage: 'Method Cose\Encryption\CoseEncrypt0Tag::createFromLoadedData() has parameter $data with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Encryption/CoseEncrypt0Tag.php
+
+		-
+			rawMessage: 'Method Cose\Encryption\CoseEncrypt0Tag::getProtectedHeaderAsMap() has parameter $decoder with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Encryption/CoseEncrypt0Tag.php
+
+		-
+			rawMessage: 'Method Cose\Encryption\CoseEncrypt0Tag::getProtectedHeaderAsMap() has parameter $decoder with null as default value.'
+			identifier: ergebnis.noParameterWithNullDefaultValue
+			count: 1
+			path: ../src/Encryption/CoseEncrypt0Tag.php
+
+		-
+			rawMessage: Class "Cose\Encryption\CoseEncryptTag" is not allowed to extend "CBOR\Tag".
+			identifier: ergebnis.noExtends
+			count: 1
+			path: ../src/Encryption/CoseEncryptTag.php
+
+		-
+			rawMessage: 'Method Cose\Encryption\CoseEncryptTag::__construct() has parameter $data with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Encryption/CoseEncryptTag.php
+
+		-
+			rawMessage: 'Method Cose\Encryption\CoseEncryptTag::createFromLoadedData() has parameter $data with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Encryption/CoseEncryptTag.php
+
+		-
+			rawMessage: 'Method Cose\Encryption\CoseEncryptTag::getProtectedHeaderAsMap() has parameter $decoder with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Encryption/CoseEncryptTag.php
+
+		-
+			rawMessage: 'Method Cose\Encryption\CoseEncryptTag::getProtectedHeaderAsMap() has parameter $decoder with null as default value.'
+			identifier: ergebnis.noParameterWithNullDefaultValue
+			count: 1
+			path: ../src/Encryption/CoseEncryptTag.php
+
 		-
 			rawMessage: Cannot cast mixed to string.
 			identifier: cast.string
@@ -509,3 +569,123 @@ parameters:
 			identifier: return.type
 			count: 1
 			path: ../src/Key/SymmetricKey.php
+
+		-
+			rawMessage: Class "Cose\Mac\CoseMac0Tag" is not allowed to extend "CBOR\Tag".
+			identifier: ergebnis.noExtends
+			count: 1
+			path: ../src/Mac/CoseMac0Tag.php
+
+		-
+			rawMessage: 'Method Cose\Mac\CoseMac0Tag::__construct() has parameter $data with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Mac/CoseMac0Tag.php
+
+		-
+			rawMessage: 'Method Cose\Mac\CoseMac0Tag::createFromLoadedData() has parameter $data with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Mac/CoseMac0Tag.php
+
+		-
+			rawMessage: 'Method Cose\Mac\CoseMac0Tag::getProtectedHeaderAsMap() has parameter $decoder with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Mac/CoseMac0Tag.php
+
+		-
+			rawMessage: 'Method Cose\Mac\CoseMac0Tag::getProtectedHeaderAsMap() has parameter $decoder with null as default value.'
+			identifier: ergebnis.noParameterWithNullDefaultValue
+			count: 1
+			path: ../src/Mac/CoseMac0Tag.php
+
+		-
+			rawMessage: Class "Cose\Mac\CoseMacTag" is not allowed to extend "CBOR\Tag".
+			identifier: ergebnis.noExtends
+			count: 1
+			path: ../src/Mac/CoseMacTag.php
+
+		-
+			rawMessage: 'Method Cose\Mac\CoseMacTag::__construct() has parameter $data with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Mac/CoseMacTag.php
+
+		-
+			rawMessage: 'Method Cose\Mac\CoseMacTag::createFromLoadedData() has parameter $data with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Mac/CoseMacTag.php
+
+		-
+			rawMessage: 'Method Cose\Mac\CoseMacTag::getProtectedHeaderAsMap() has parameter $decoder with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Mac/CoseMacTag.php
+
+		-
+			rawMessage: 'Method Cose\Mac\CoseMacTag::getProtectedHeaderAsMap() has parameter $decoder with null as default value.'
+			identifier: ergebnis.noParameterWithNullDefaultValue
+			count: 1
+			path: ../src/Mac/CoseMacTag.php
+
+		-
+			rawMessage: Class "Cose\Signature\CoseSign1Tag" is not allowed to extend "CBOR\Tag".
+			identifier: ergebnis.noExtends
+			count: 1
+			path: ../src/Signature/CoseSign1Tag.php
+
+		-
+			rawMessage: 'Method Cose\Signature\CoseSign1Tag::__construct() has parameter $data with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Signature/CoseSign1Tag.php
+
+		-
+			rawMessage: 'Method Cose\Signature\CoseSign1Tag::createFromLoadedData() has parameter $data with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Signature/CoseSign1Tag.php
+
+		-
+			rawMessage: 'Method Cose\Signature\CoseSign1Tag::getProtectedHeaderAsMap() has parameter $decoder with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Signature/CoseSign1Tag.php
+
+		-
+			rawMessage: 'Method Cose\Signature\CoseSign1Tag::getProtectedHeaderAsMap() has parameter $decoder with null as default value.'
+			identifier: ergebnis.noParameterWithNullDefaultValue
+			count: 1
+			path: ../src/Signature/CoseSign1Tag.php
+
+		-
+			rawMessage: Class "Cose\Signature\CoseSignTag" is not allowed to extend "CBOR\Tag".
+			identifier: ergebnis.noExtends
+			count: 1
+			path: ../src/Signature/CoseSignTag.php
+
+		-
+			rawMessage: 'Method Cose\Signature\CoseSignTag::__construct() has parameter $data with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Signature/CoseSignTag.php
+
+		-
+			rawMessage: 'Method Cose\Signature\CoseSignTag::createFromLoadedData() has parameter $data with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Signature/CoseSignTag.php
+
+		-
+			rawMessage: 'Method Cose\Signature\CoseSignTag::getProtectedHeaderAsMap() has parameter $decoder with a nullable type declaration.'
+			identifier: ergebnis.noParameterWithNullableTypeDeclaration
+			count: 1
+			path: ../src/Signature/CoseSignTag.php
+
+		-
+			rawMessage: 'Method Cose\Signature\CoseSignTag::getProtectedHeaderAsMap() has parameter $decoder with null as default value.'
+			identifier: ergebnis.noParameterWithNullDefaultValue
+			count: 1
+			path: ../src/Signature/CoseSignTag.php

.github/workflows/ci.yml

@@ -47,7 +47,7 @@ jobs:
       - uses: actions/[email protected]
 
       - id: cache-key-generator
-        run: echo "key=composer-${{ runner.os }}-${{ hashFiles('composer.lock') }}" >> $GITHUB_OUTPUT
+        run: echo "key=composer-${{ runner.os }}-${{ hashFiles('composer.json') }}" >> $GITHUB_OUTPUT
 
       - uses: actions/cache@v4
         with:

.github/workflows/dependency-review.yml

@@ -0,0 +1,14 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/[email protected]
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v4

.github/workflows/lock-closed-issues.yml

@@ -0,0 +1,23 @@
+name: 'Lock Issues'
+
+on:
+  schedule:
+    - cron: '12 6 * * *'
+
+jobs:
+  lock:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/lock-threads@v5
+        with:
+          github-token: ${{ github.token }}
+          issue-inactive-days: '31'
+          exclude-issue-created-before: ''
+          exclude-any-issue-labels: ''
+          add-issue-labels: ''
+          issue-comment: >
+            This thread has been automatically locked since there has not been
+            any recent activity after it was closed. Please open a new issue for
+            related bugs.
+          issue-lock-reason: 'resolved'
+          process-only: 'issues'

.github/workflows/release-on-milestone-closed.yml

@@ -1,5 +1,3 @@
-# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
-
 name: "Automatic Releases"
 
 on:
@@ -14,7 +12,7 @@ jobs:
 
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@v5"
+        uses: "actions/checkout@v5.0.0"
 
       - name: "Release"
         uses: "laminas/[email protected]"
@@ -35,7 +33,7 @@ jobs:
 
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@v5"
+        uses: "actions/checkout@v5.0.0"
 
       - name: "Create Merge-Up Pull Request"
         uses: "laminas/[email protected]"
@@ -56,7 +54,7 @@ jobs:
 
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@v5"
+        uses: "actions/checkout@v5.0.0"
 
       - name: "Create and/or Switch to new Release Branch"
         uses: "laminas/[email protected]"
@@ -77,7 +75,7 @@ jobs:
 
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@v5"
+        uses: "actions/checkout@v5.0.0"
         with:
           fetch-depth: 0
 
@@ -100,7 +98,7 @@ jobs:
 
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@v5"
+        uses: "actions/checkout@v5.0.0"
 
       - name: "Create new milestones"
         uses: "laminas/[email protected]"

.github/workflows/renovate.yml

@@ -0,0 +1,17 @@
+name: Renovate
+on:
+  schedule:
+    # The "*" (#42, asterisk) character has special semantics in YAML, so this
+    # string has to be quoted.
+    - cron: '40 6 3 * *'
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/[email protected]
+      - name: Renovate Bot GitHub Action
+        uses: renovatebot/[email protected]
+        with:
+          configurationFile: .github/renovate-global.json
+          token: ${{ secrets.RENOVATE_TOKEN }}

.github/workflows/scorecards.yml

@@ -1,12 +1,11 @@
 name: Scorecards supply-chain security
 
 on:
-  # Only the default branch is supported.
-  branch_protection_rule:
   schedule:
-    - cron: '19 5 * * 0'
+    - cron: '34 4 * * 6'
   push:
-    branches: [ "4.3.x" ]
+    branches:
+      - "*.*.x"
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -26,7 +25,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v5
+        uses: actions/checkout@v5.0.0
         with:
           persist-credentials: false
 
@@ -58,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v4.31.2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: results.sarif