chore: remove jwt incorrect key warning (#560)

vishwarajanand · web-flow · commit e9690f56c0bf · 2024-03-16T02:03:57.000+05:30
diff --git a/src/JWT.php b/src/JWT.php
@@ -251,6 +251,9 @@ public static function sign(
                 return \hash_hmac($algorithm, $msg, $key, true);
             case 'openssl':
                 $signature = '';
+                if (!\is_resource($key) && !openssl_pkey_get_private($key)) {
+                    throw new DomainException('OpenSSL unable to validate key');
+                }
                 $success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line
                 if (!$success) {
                     throw new DomainException('OpenSSL unable to sign data');
diff --git a/tests/JWTTest.php b/tests/JWTTest.php
@@ -26,6 +26,12 @@ public function testMalformedUtf8StringsFail()
         JWT::encode(['message' => pack('c', 128)], 'a', 'HS256');
     }
 
+    public function testInvalidKeyOpensslSignFail()
+    {
+        $this->expectException(DomainException::class);
+        JWT::sign('message', 'invalid key', 'openssl');
+    }
+
     public function testMalformedJsonThrowsException()
     {
         $this->expectException(DomainException::class);

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,12 @@ public function testMalformedUtf8StringsFail()`
`26`	`26`	`JWT::encode(['message' => pack('c', 128)], 'a', 'HS256');`
`27`	`27`	`}`
`28`	`28`
	`29`	`+ public function testInvalidKeyOpensslSignFail()`
	`30`	`+ {`
	`31`	`+ $this->expectException(DomainException::class);`
	`32`	`+ JWT::sign('message', 'invalid key', 'openssl');`
	`33`	`+ }`
	`34`	`+`
`29`	`35`	`public function testMalformedJsonThrowsException()`
`30`	`36`	`{`
`31`	`37`	`$this->expectException(DomainException::class);`