Bugfix jwk / kid mutually exclusive
See https://git.rootprojects.org/root/greenlock-express.js/issues/38
This commit is contained in:
parent
29a47e8fa4
commit
eb432571ca
|
@ -28,9 +28,9 @@
|
|||
"integrity": "sha512-OaEub02ufoU038gy6bsNHQOjIn8nUjGiLcaRmJ40IUykneJkIW5fxDqKxQx48cszuNflYldsJLPPXCrGfHs8yQ=="
|
||||
},
|
||||
"@root/keypairs": {
|
||||
"version": "0.9.0",
|
||||
"resolved": "https://registry.npmjs.org/@root/keypairs/-/keypairs-0.9.0.tgz",
|
||||
"integrity": "sha512-NXE2L9Gv7r3iC4kB/gTPZE1vO9Ox/p14zDzAJ5cGpTpytbWOlWF7QoHSJbtVX4H7mRG/Hp7HR3jWdWdb2xaaXg==",
|
||||
"version": "0.10.0",
|
||||
"resolved": "https://registry.npmjs.org/@root/keypairs/-/keypairs-0.10.0.tgz",
|
||||
"integrity": "sha512-t8VocY46Mtb0NTsxzyLLf5tsgfw0BXLYVADAyiRdEdqHcvPFGJdjkXNtHVQuSV/FMaC65iTOHVP4E6X8iT3Ikg==",
|
||||
"requires": {
|
||||
"@root/encoding": "^1.0.1",
|
||||
"@root/pem": "^1.0.4",
|
||||
|
@ -43,9 +43,9 @@
|
|||
"integrity": "sha512-rEUDiUsHtild8GfIjFE9wXtcVxeS+ehCJQBwbQQ3IVfORKHK93CFnRtkr69R75lZFjcmKYVc+AXDB+AeRFOULA=="
|
||||
},
|
||||
"@root/request": {
|
||||
"version": "1.3.11",
|
||||
"resolved": "https://registry.npmjs.org/@root/request/-/request-1.3.11.tgz",
|
||||
"integrity": "sha512-3a4Eeghcjsfe6zh7EJ+ni1l8OK9Fz2wL1OjP4UCa0YdvtH39kdXB9RGWuzyNv7dZi0+Ffkc83KfH0WbPMiuJFw=="
|
||||
"version": "1.6.1",
|
||||
"resolved": "https://registry.npmjs.org/@root/request/-/request-1.6.1.tgz",
|
||||
"integrity": "sha512-8wrWyeBLRp7T8J36GkT3RODJ6zYmL0/maWlAUD5LOXT28D3TDquUepyYDKYANNA3Gc8R5ZCgf+AXvSTYpJEWwQ=="
|
||||
},
|
||||
"@root/x509": {
|
||||
"version": "0.7.2",
|
||||
|
@ -152,9 +152,9 @@
|
|||
"dev": true
|
||||
},
|
||||
"glob": {
|
||||
"version": "7.1.5",
|
||||
"resolved": "https://registry.npmjs.org/glob/-/glob-7.1.5.tgz",
|
||||
"integrity": "sha512-J9dlskqUXK1OeTOYBEn5s8aMukWMwWfs+rPTn/jn50Ux4MNXVhubL1wu/j2t+H4NVI+cXEcCaYellqaPVGXNqQ==",
|
||||
"version": "7.1.6",
|
||||
"resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz",
|
||||
"integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"fs.realpath": "^1.0.0",
|
||||
|
|
|
@ -44,9 +44,9 @@
|
|||
"dependencies": {
|
||||
"@root/csr": "^0.8.1",
|
||||
"@root/encoding": "^1.0.1",
|
||||
"@root/keypairs": "^0.9.0",
|
||||
"@root/keypairs": "^0.10.0",
|
||||
"@root/pem": "^1.0.4",
|
||||
"@root/request": "^1.3.11",
|
||||
"@root/request": "^1.6.1",
|
||||
"@root/x509": "^0.7.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
|
|
9
utils.js
9
utils.js
|
@ -11,12 +11,13 @@ U._jwsRequest = function (me, bigopts) {
|
|||
bigopts.protected.nonce = nonce;
|
||||
bigopts.protected.url = bigopts.url;
|
||||
// protected.alg: added by Keypairs.signJws
|
||||
if (!bigopts.protected.jwk) {
|
||||
// protected.kid must be overwritten due to ACME's interpretation of the spec
|
||||
if (!('kid' in bigopts.protected)) {
|
||||
if (bigopts.protected.jwk) {
|
||||
bigopts.protected.kid = false;
|
||||
} else if (!('kid' in bigopts.protected)) {
|
||||
// protected.kid must be provided according to ACME's interpretation of the spec
|
||||
// (using the provided URL rather than the Key's Thumbprint as Key ID)
|
||||
bigopts.protected.kid = bigopts.kid;
|
||||
}
|
||||
}
|
||||
|
||||
// this will shasum the thumbprint the 2nd time
|
||||
return Keypairs.signJws({
|
||||
|
|
Loading…
Reference in New Issue