Bugfix jwk / kid mutually exclusive

See https://git.rootprojects.org/root/greenlock-express.js/issues/38
This commit is contained in:
AJ ONeal 2020-07-28 16:02:42 -06:00
parent 29a47e8fa4
commit eb432571ca
3 changed files with 17 additions and 16 deletions

18
package-lock.json generated
View File

@ -28,9 +28,9 @@
"integrity": "sha512-OaEub02ufoU038gy6bsNHQOjIn8nUjGiLcaRmJ40IUykneJkIW5fxDqKxQx48cszuNflYldsJLPPXCrGfHs8yQ==" "integrity": "sha512-OaEub02ufoU038gy6bsNHQOjIn8nUjGiLcaRmJ40IUykneJkIW5fxDqKxQx48cszuNflYldsJLPPXCrGfHs8yQ=="
}, },
"@root/keypairs": { "@root/keypairs": {
"version": "0.9.0", "version": "0.10.0",
"resolved": "https://registry.npmjs.org/@root/keypairs/-/keypairs-0.9.0.tgz", "resolved": "https://registry.npmjs.org/@root/keypairs/-/keypairs-0.10.0.tgz",
"integrity": "sha512-NXE2L9Gv7r3iC4kB/gTPZE1vO9Ox/p14zDzAJ5cGpTpytbWOlWF7QoHSJbtVX4H7mRG/Hp7HR3jWdWdb2xaaXg==", "integrity": "sha512-t8VocY46Mtb0NTsxzyLLf5tsgfw0BXLYVADAyiRdEdqHcvPFGJdjkXNtHVQuSV/FMaC65iTOHVP4E6X8iT3Ikg==",
"requires": { "requires": {
"@root/encoding": "^1.0.1", "@root/encoding": "^1.0.1",
"@root/pem": "^1.0.4", "@root/pem": "^1.0.4",
@ -43,9 +43,9 @@
"integrity": "sha512-rEUDiUsHtild8GfIjFE9wXtcVxeS+ehCJQBwbQQ3IVfORKHK93CFnRtkr69R75lZFjcmKYVc+AXDB+AeRFOULA==" "integrity": "sha512-rEUDiUsHtild8GfIjFE9wXtcVxeS+ehCJQBwbQQ3IVfORKHK93CFnRtkr69R75lZFjcmKYVc+AXDB+AeRFOULA=="
}, },
"@root/request": { "@root/request": {
"version": "1.3.11", "version": "1.6.1",
"resolved": "https://registry.npmjs.org/@root/request/-/request-1.3.11.tgz", "resolved": "https://registry.npmjs.org/@root/request/-/request-1.6.1.tgz",
"integrity": "sha512-3a4Eeghcjsfe6zh7EJ+ni1l8OK9Fz2wL1OjP4UCa0YdvtH39kdXB9RGWuzyNv7dZi0+Ffkc83KfH0WbPMiuJFw==" "integrity": "sha512-8wrWyeBLRp7T8J36GkT3RODJ6zYmL0/maWlAUD5LOXT28D3TDquUepyYDKYANNA3Gc8R5ZCgf+AXvSTYpJEWwQ=="
}, },
"@root/x509": { "@root/x509": {
"version": "0.7.2", "version": "0.7.2",
@ -152,9 +152,9 @@
"dev": true "dev": true
}, },
"glob": { "glob": {
"version": "7.1.5", "version": "7.1.6",
"resolved": "https://registry.npmjs.org/glob/-/glob-7.1.5.tgz", "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz",
"integrity": "sha512-J9dlskqUXK1OeTOYBEn5s8aMukWMwWfs+rPTn/jn50Ux4MNXVhubL1wu/j2t+H4NVI+cXEcCaYellqaPVGXNqQ==", "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==",
"dev": true, "dev": true,
"requires": { "requires": {
"fs.realpath": "^1.0.0", "fs.realpath": "^1.0.0",

View File

@ -44,9 +44,9 @@
"dependencies": { "dependencies": {
"@root/csr": "^0.8.1", "@root/csr": "^0.8.1",
"@root/encoding": "^1.0.1", "@root/encoding": "^1.0.1",
"@root/keypairs": "^0.9.0", "@root/keypairs": "^0.10.0",
"@root/pem": "^1.0.4", "@root/pem": "^1.0.4",
"@root/request": "^1.3.11", "@root/request": "^1.6.1",
"@root/x509": "^0.7.2" "@root/x509": "^0.7.2"
}, },
"devDependencies": { "devDependencies": {

View File

@ -11,12 +11,13 @@ U._jwsRequest = function (me, bigopts) {
bigopts.protected.nonce = nonce; bigopts.protected.nonce = nonce;
bigopts.protected.url = bigopts.url; bigopts.protected.url = bigopts.url;
// protected.alg: added by Keypairs.signJws // protected.alg: added by Keypairs.signJws
if (!bigopts.protected.jwk) { if (bigopts.protected.jwk) {
// protected.kid must be overwritten due to ACME's interpretation of the spec bigopts.protected.kid = false;
if (!('kid' in bigopts.protected)) { } else if (!('kid' in bigopts.protected)) {
// protected.kid must be provided according to ACME's interpretation of the spec
// (using the provided URL rather than the Key's Thumbprint as Key ID)
bigopts.protected.kid = bigopts.kid; bigopts.protected.kid = bigopts.kid;
} }
}
// this will shasum the thumbprint the 2nd time // this will shasum the thumbprint the 2nd time
return Keypairs.signJws({ return Keypairs.signJws({