diff --git a/.changes/nextrelease/cloudfront-signed-urls.json b/.changes/nextrelease/cloudfront-signed-urls.json new file mode 100644 index 0000000000..f5abce2508 --- /dev/null +++ b/.changes/nextrelease/cloudfront-signed-urls.json @@ -0,0 +1,7 @@ +[ + { + "type": "enhancement", + "category": "CloudFront", + "description": "Throw exception when an empty signature for signed url is generated." + } +] \ No newline at end of file diff --git a/src/CloudFront/Signer.php b/src/CloudFront/Signer.php index 22e55c2a44..f6a7ed6e36 100644 --- a/src/CloudFront/Signer.php +++ b/src/CloudFront/Signer.php @@ -72,6 +72,7 @@ public function __destruct() * @return array The values needed to construct a signed URL or cookie * @throws \InvalidArgumentException when not provided either a policy or a * resource and a expires + * @throws \RuntimeException when generated signature is empty * * @link http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html */ @@ -113,7 +114,20 @@ private function createCannedPolicy($resource, $expiration) private function sign($policy) { $signature = ''; - openssl_sign($policy, $signature, $this->pkHandle); + + if(!openssl_sign($policy, $signature, $this->pkHandle)) { + $errorMessages = []; + while(($newMessage = openssl_error_string()) !== false) { + $errorMessages[] = $newMessage; + } + + $exceptionMessage = "An error has occurred when signing the policy"; + if (count($errorMessages) > 0) { + $exceptionMessage = implode("\n", $errorMessages); + } + + throw new \RuntimeException($exceptionMessage); + } return $signature; }