Skip to content

Commit

Permalink
chore: remove jwt incorrect key warning (#560)
Browse files Browse the repository at this point in the history
  • Loading branch information
vishwarajanand authored Mar 15, 2024
1 parent 1b9e871 commit e9690f5
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/JWT.php
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,9 @@ public static function sign(
return \hash_hmac($algorithm, $msg, $key, true);
case 'openssl':
$signature = '';
if (!\is_resource($key) && !openssl_pkey_get_private($key)) {
throw new DomainException('OpenSSL unable to validate key');
}
$success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line
if (!$success) {
throw new DomainException('OpenSSL unable to sign data');
Expand Down
6 changes: 6 additions & 0 deletions tests/JWTTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,12 @@ public function testMalformedUtf8StringsFail()
JWT::encode(['message' => pack('c', 128)], 'a', 'HS256');
}

public function testInvalidKeyOpensslSignFail()
{
$this->expectException(DomainException::class);
JWT::sign('message', 'invalid key', 'openssl');
}

public function testMalformedJsonThrowsException()
{
$this->expectException(DomainException::class);
Expand Down

0 comments on commit e9690f5

Please sign in to comment.