when a $key is not properly formatted, warnings are generated: PHP Warning: openssl_sign(): Supplied key param cannot be coerced into a private key. Instead, invalid keys should be validated and thrown gracefully. Like this:
case 'openssl':
$signature = '';
if (!openssl_pkey_get_private($key)) {
throw new DomainException('OpenSSL unable to validate key');
}
$success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line
if (!$success) {
throw new DomainException('OpenSSL unable to sign data');
}
Ref: https://github.com/firebase/php-jwt/blob/1b9e87184745595ef70540613c0cb9de09bebab3/src/JWT.php#L252-L257
when a
$key
is not properly formatted, warnings are generated:PHP Warning: openssl_sign(): Supplied key param cannot be coerced into a private key
. Instead, invalid keys should be validated and thrown gracefully. Like this: