diff options
| author | Brent Shaffer <betterbrent@google.com> | 2017-06-21 11:38:45 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-06-21 11:38:45 -0700 |
| commit | aa6419a5e92869c0c463361848788ec4f1e8728e (patch) | |
| tree | 3811da539c59f9068e1ee3c5e3f79b15c9313ccd /src | |
| parent | 0f8f85aa4396de6a18791a561e2a626fb782399a (diff) | |
| download | php-jwt-aa6419a5e92869c0c463361848788ec4f1e8728e.zip php-jwt-aa6419a5e92869c0c463361848788ec4f1e8728e.tar.gz php-jwt-aa6419a5e92869c0c463361848788ec4f1e8728e.tar.bz2 | |
Updates JWT::verify to handle openssl errors (#159)
Diffstat (limited to 'src')
| -rw-r--r-- | src/JWT.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/JWT.php b/src/JWT.php index 2e5758e..7729143 100644 --- a/src/JWT.php +++ b/src/JWT.php @@ -88,7 +88,7 @@ class JWT throw new UnexpectedValueException('Invalid claims encoding'); } $sig = static::urlsafeB64Decode($cryptob64); - + if (empty($header->alg)) { throw new UnexpectedValueException('Empty algorithm'); } @@ -230,11 +230,15 @@ class JWT switch($function) { case 'openssl': $success = openssl_verify($msg, $signature, $key, $algorithm); - if (!$success) { - throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string()); - } else { - return $signature; + if ($success === 1) { + return true; + } elseif ($success === 0) { + return false; } + // returns 1 on success, 0 on failure, -1 on error. + throw new DomainException( + 'OpenSSL error: ' . openssl_error_string() + ); case 'hash_hmac': default: $hash = hash_hmac($algorithm, $msg, $key, true); |