fix(validation): guard invalid envelope signed file streams

Signed-off-by: Vitor Mattos <[email protected]>

Author: vitormattos

lib/Service/File/EnvelopeAssembler.php

@@ -143,6 +143,9 @@ public function buildEnvelopeChildData(File $childFile, \OCA\Libresign\Service\F
 						$certData = $this->certificateChainService->getCertificateChain($fileNode, $childFile, $options);
 					} else {
 						$resource = $fileNode->fopen('rb');
+						if (!is_resource($resource)) {
+							throw new \RuntimeException('unable to open signed file stream');
+						}
 						$sha256 = $this->getSha256FromResource($resource);
 						rewind($resource);
 						if ($sha256 === $childFile->getSignedHash()) {
@@ -164,9 +167,16 @@ public function buildEnvelopeChildData(File $childFile, \OCA\Libresign\Service\F
 	}
 
 	private function getSha256FromResource($resource): string {
+		if (!is_resource($resource)) {
+			return '';
+		}
+
 		$hashContext = hash_init('sha256');
 		while (!feof($resource)) {
 			$buffer = fread($resource, 8192);
+			if ($buffer === false) {
+				break;
+			}
 			hash_update($hashContext, $buffer);
 		}
 		return hash_final($hashContext);