From e9690f56c0bf9cd670655add889b4e243e3ac576 Mon Sep 17 00:00:00 2001
From: Vishwaraj Anand <vishwaraj.anand00@gmail.com>
Date: Sat, 16 Mar 2024 02:03:57 +0530
Subject: [PATCH] chore: remove jwt incorrect key warning (#560)

---
 src/JWT.php       | 3 +++
 tests/JWTTest.php | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/src/JWT.php b/src/JWT.php
index 26349206..e9d75639 100644
--- a/src/JWT.php
+++ b/src/JWT.php
@@ -251,6 +251,9 @@ public static function sign(
                 return \hash_hmac($algorithm, $msg, $key, true);
             case 'openssl':
                 $signature = '';
+                if (!\is_resource($key) && !openssl_pkey_get_private($key)) {
+                    throw new DomainException('OpenSSL unable to validate key');
+                }
                 $success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line
                 if (!$success) {
                     throw new DomainException('OpenSSL unable to sign data');
diff --git a/tests/JWTTest.php b/tests/JWTTest.php
index b59c3c20..d09d43e3 100644
--- a/tests/JWTTest.php
+++ b/tests/JWTTest.php
@@ -26,6 +26,12 @@ public function testMalformedUtf8StringsFail()
         JWT::encode(['message' => pack('c', 128)], 'a', 'HS256');
     }
 
+    public function testInvalidKeyOpensslSignFail()
+    {
+        $this->expectException(DomainException::class);
+        JWT::sign('message', 'invalid key', 'openssl');
+    }
+
     public function testMalformedJsonThrowsException()
     {
         $this->expectException(DomainException::class);