diff --git a/src/JWT.php b/src/JWT.php index 26349206..e9d75639 100644 --- a/src/JWT.php +++ b/src/JWT.php @@ -251,6 +251,9 @@ public static function sign( return \hash_hmac($algorithm, $msg, $key, true); case 'openssl': $signature = ''; + if (!\is_resource($key) && !openssl_pkey_get_private($key)) { + throw new DomainException('OpenSSL unable to validate key'); + } $success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line if (!$success) { throw new DomainException('OpenSSL unable to sign data'); diff --git a/tests/JWTTest.php b/tests/JWTTest.php index b59c3c20..d09d43e3 100644 --- a/tests/JWTTest.php +++ b/tests/JWTTest.php @@ -26,6 +26,12 @@ public function testMalformedUtf8StringsFail() JWT::encode(['message' => pack('c', 128)], 'a', 'HS256'); } + public function testInvalidKeyOpensslSignFail() + { + $this->expectException(DomainException::class); + JWT::sign('message', 'invalid key', 'openssl'); + } + public function testMalformedJsonThrowsException() { $this->expectException(DomainException::class);