fix(validation): guard invalid signed file streams in CertificateChainService

Signed-off-by: Vitor Mattos <[email protected]>

Author: vitormattos

lib/Service/File/CertificateChainService.php

@@ -27,6 +27,10 @@ public function getCertificateChain($fileNode, File $libreSignFile, $options): a
 
 		try {
 			$resource = $fileNode->fopen('rb');
+			if (!is_resource($resource)) {
+				$this->logger->warning('Failed to load certificate chain: unable to open signed file stream');
+				return [];
+			}
 			$sha256 = $this->getSha256FromResource($resource);
 			rewind($resource);
 			if ($sha256 === $libreSignFile->getSignedHash()) {
@@ -42,9 +46,16 @@ public function getCertificateChain($fileNode, File $libreSignFile, $options): a
 	}
 
 	private function getSha256FromResource($resource): string {
+		if (!is_resource($resource)) {
+			return '';
+		}
+
 		$hashContext = hash_init('sha256');
 		while (!feof($resource)) {
 			$buffer = fread($resource, 8192);
+			if ($buffer === false) {
+				break;
+			}
 			hash_update($hashContext, $buffer);
 		}
 		return hash_final($hashContext);