From 4c4ceafe90ecf69bf615230eb547e34bd5eb3465 Mon Sep 17 00:00:00 2001
From: Leonardo Medici <leonardo_medici@me.com>
Date: Mon, 5 Dec 2022 22:07:06 +0100
Subject: [PATCH 1/2] Add exception when signature generation fails

---
 .changes/nextrelease/cloudfront-signed-urls.json |  7 +++++++
 src/CloudFront/Signer.php                        | 11 ++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 .changes/nextrelease/cloudfront-signed-urls.json

diff --git a/.changes/nextrelease/cloudfront-signed-urls.json b/.changes/nextrelease/cloudfront-signed-urls.json
new file mode 100644
index 0000000000..f5abce2508
--- /dev/null
+++ b/.changes/nextrelease/cloudfront-signed-urls.json
@@ -0,0 +1,7 @@
+[
+    {
+        "type": "enhancement",
+        "category": "CloudFront",
+        "description": "Throw exception when an empty signature for signed url is generated."
+    }
+]
\ No newline at end of file
diff --git a/src/CloudFront/Signer.php b/src/CloudFront/Signer.php
index 22e55c2a44..d166eb2b77 100644
--- a/src/CloudFront/Signer.php
+++ b/src/CloudFront/Signer.php
@@ -72,6 +72,7 @@ public function __destruct()
      * @return array The values needed to construct a signed URL or cookie
      * @throws \InvalidArgumentException  when not provided either a policy or a
      *                                    resource and a expires
+     * @throws \RuntimeException when generated signature is empty
      *
      * @link http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html
      */
@@ -113,7 +114,15 @@ private function createCannedPolicy($resource, $expiration)
     private function sign($policy)
     {
         $signature = '';
-        openssl_sign($policy, $signature, $this->pkHandle);
+        
+        if(!openssl_sign($policy, $signature, $this->pkHandle)) {
+            $errorMessages = [];
+            while(($newMessage = openssl_error_string()) !== false) {
+                $errorMessages[] = $newMessage;
+            }
+            
+            throw new \RuntimeException(implode("\n",$errorMessages));
+        }
 
         return $signature;
     }

From 418954881ce3533b822e78fa9d982028d33ae8c9 Mon Sep 17 00:00:00 2001
From: Leonardo Medici <leonardo_medici@me.com>
Date: Wed, 10 Jan 2024 22:21:41 +0100
Subject: [PATCH 2/2] Add fallback error message when policy signing fail

---
 src/CloudFront/Signer.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/CloudFront/Signer.php b/src/CloudFront/Signer.php
index d166eb2b77..f6a7ed6e36 100644
--- a/src/CloudFront/Signer.php
+++ b/src/CloudFront/Signer.php
@@ -121,7 +121,12 @@ private function sign($policy)
                 $errorMessages[] = $newMessage;
             }
             
-            throw new \RuntimeException(implode("\n",$errorMessages));
+            $exceptionMessage = "An error has occurred when signing the policy";
+            if (count($errorMessages) > 0) {
+                $exceptionMessage = implode("\n", $errorMessages);
+            }
+
+            throw new \RuntimeException($exceptionMessage);
         }
 
         return $signature;