Browse Source

Bugfixed protected.{kid,jwk} logic.

See https://git.rootprojects.org/root/greenlock-express.js/issues/38
tags/v0.9.1
AJ ONeal 1 month ago
parent
commit
016d87b839
1 changed files with 9 additions and 5 deletions
  1. +9
    -5
      keypairs.js

+ 9
- 5
keypairs.js View File

@@ -218,7 +218,7 @@ Keypairs.signJwt = function (opts) {
var claims = JSON.parse(JSON.stringify(opts.claims || {}));
header.typ = 'JWT';

if (!header.kid && false !== header.kid) {
if (!header.kid && !header.jwk && false !== header.kid) {
header.kid = thumb;
}
if (!header.alg && opts.alg) {
@@ -294,11 +294,15 @@ Keypairs.signJws = function (opts) {
if (!protect.alg) {
protect.alg = alg();
}

// There's a particular request where ACME / Let's Encrypt explicitly doesn't use a kid
if (false === protect.kid) {
protect.kid = undefined;
} else if (!protect.kid) {
protect.kid = thumb;
// There should be a kid unless it's `false` or there's a `jwk` (a self-signed JWS)
if (!protect.kid) {
if (false === protect.kid) {
protect.kid = undefined;
} else if (!protect.jwk) {
protect.kid = thumb;
}
}
protectedHeader = JSON.stringify(protect);
}


Loading…
Cancel
Save