Verify public key format before usage

src/Cryptography/CryptographyService.php

@@ -65,6 +65,7 @@ public function getBkpCode(string $pkpCode): string
 
 	public function addWSESignature(string $request): string
 	{
+		$this->tryLoadPublicKey();
 		$securityKey = new \RobRichards\XMLSecLibs\XMLSecurityKey(\RobRichards\XMLSecLibs\XMLSecurityKey::RSA_SHA256, ['type' => 'private']);
 		$document = new \DOMDocument('1.0');
 		$document->loadXML($request);
@@ -79,4 +80,13 @@ public function addWSESignature(string $request): string
 		return $wse->saveXML();
 	}
 
+	private function tryLoadPublicKey()
+	{
+		$publicKeyResource = openssl_get_publickey(file_get_contents($this->publicKeyFile));
+		if ($publicKeyResource === false) {
+			throw new PublicKeyFileException($this->publicKeyFile);
+		}
+		openssl_free_key($publicKeyResource);
+	}
+
 }

tests/SlevomatEET/Cryptography/CryptographyServiceTest.php

@@ -111,6 +111,19 @@ public function testWSESignatureWithInvalidPrivateKeyPassword()
 		$crypto->addWSESignature($request);
 	}
 
+	public function testWSESignatureWithInvalidPublicKey()
+	{
+		$request = $this->getRequestData();
+		$crypto = $cryptoService = new CryptographyService(
+			self::PRIVATE_KEY_WITHOUT_PASSWORD_PATH,
+			self::INVALID_KEY_PATH
+		);
+
+		$this->expectException(PublicKeyFileException::class);
+		$this->expectExceptionMessage('Public key could not be loaded from file \'/var/www/eet-client/tests/SlevomatEET/Cryptography/invalid-certificate.pem');
+		$crypto->addWSESignature($request);
+	}
+
 	private function getReceiptData(): array
 	{
 		return [