empty kid check breaks in latest version during decode
shayaantx opened this issue · 1 comments
Hi,
Forgive me if I'm missing something obvious. I recently upgraded from 5.2 to latest and noticing an issue where I get an UnexpectedValueException thrown with message '"kid" empty, unable to lookup correct key'.
The kid in this case is '0' (a string) errors because of the empty check that is new to post 5.2.x. See below screenshot for proof of example data
The old code didn't have this issue because it checked the old header object for the 'kid' property and "correctly" returned the $key out of the $key array (otherwise it would run through the empty check)
if (\is_array($key) || $key instanceof \ArrayAccess) {
if (isset($header->kid)) {
if (!isset($key[$header->kid])) {
throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key');
}
$key = $key[$header->kid];
} else {
throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
}
}
Seems like the empty() check should only happen if the following condition is not true, since the $keyOrKeyArray does indeed have a key with the right 'kid' index.
isset($keyOrKeyArray[$kid])
Again I'm unsure if I'm missing something obvious here, but it seems valid to have a kid of '0' if the keyOrKeyArray is valid. One thing I don't know is if keyOrKeyArray should be some random object (see screenshot) or something that implements ArrayAccess, but it still wouldn't matter if the 'kid' is '0' as the same error would be thrown
thanks @ajupazhamayil and @bshaffer for fixing this