firebase / php-jwt

Ref:

Lines 252 to 257 in 1b9e871

    
           case 'openssl': 
        
               $signature = ''; 
        
               $success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line 
        
               if (!$success) { 
        
                   throw new DomainException('OpenSSL unable to sign data'); 
        
               }

when a $key is not properly formatted, warnings are generated: PHP Warning: openssl_sign(): Supplied key param cannot be coerced into a private key. Instead, invalid keys should be validated and thrown gracefully. Like this:

        case 'openssl':
            $signature = '';
            if (!openssl_pkey_get_private($key)) {
                throw new DomainException('OpenSSL unable to validate key');
            }
            $success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line
            if (!$success) {
                throw new DomainException('OpenSSL unable to sign data');
            }

	case 'openssl':
	$signature = '';
	$success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line
	if (!$success) {
	throw new DomainException('OpenSSL unable to sign data');
	}

Wrong warnings when invalid key supplied in openssl_sign