Wrong warnings when invalid key supplied in openssl_sign

Ref: https://github.com/firebase/php-jwt/blob/1b9e87184745595ef70540613c0cb9de09bebab3/src/JWT.php#L252-L257

when a `$key` is not properly formatted, warnings are generated: `PHP Warning:  openssl_sign(): Supplied key param cannot be coerced into a private key`. Instead, invalid keys should be validated and thrown gracefully. Like this:

```php
        case 'openssl':
            $signature = '';
            if (!openssl_pkey_get_private($key)) {
                throw new DomainException('OpenSSL unable to validate key');
            }
            $success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line
            if (!$success) {
                throw new DomainException('OpenSSL unable to sign data');
            }
```



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Wrong warnings when invalid key supplied in openssl_sign #559

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	case 'openssl':
	$signature = '';
	$success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line
	if (!$success) {
	throw new DomainException('OpenSSL unable to sign data');
	}

Wrong warnings when invalid key supplied in openssl_sign #559

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions