The library silently fails when signing a token in case of openssl error

[magnetik]

In the file src/Signer/Rsa.php, in the method createHash, the output of the method openssl_sign is not used.

In case of error (mine was RSA_sign:digest too big for rsa key) the processing continues and it makes the debugging quite difficult.

[lcobucci]

@magnetik thanks, in order to be BC compatible I'll throw an InvalidArgumentException there with the openssl_error_string() as message.

[magnetik]

Awesome 👍

[lcobucci]

@magnetik do you have an example that fails so we could create a test for that?

[magnetik]

<?php

$key = "-----BEGIN RSA PRIVATE KEY-----
MGECAQACEQC4MRKSVsq5XnRBrJoX6+rnAgMBAAECECO8SZkgw6Yg66A6SUly/3kC
CQDtPXZtCQWJuwIJAMbBu17GDOrFAggopfhNlFcjkwIIVjb7G+U0/TECCEERyvxP
TWdN
-----END RSA PRIVATE KEY-----";

$opensslKey = openssl_pkey_get_private($key);

$signature = null;
$result = openssl_sign("foobar", $signature, $opensslKey);
var_dump($result);
var_dump(openssl_error_string());

[lcobucci]

Nice, thanks ;)

[lcobucci]

I've added the validation, tested "manually" and already release 3.2.1 with that patch.
#135 will apply the same thing for v4 that will be done after #129.

Thanks again @magnetik!