root
/
keypairs.js
mirror of https://github.com/therootcompany/keypairs.js
2
0
Fork 0
Code Issues Releases Wiki Activity

Bugfixed protected.{kid,jwk} logic. 

See root/greenlock-express.js#38
This commit is contained in:
AJ ONeal 2020-07-28 15:44:03 -06:00
parent b1df7af626
commit 016d87b839
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
keypairs.js
View File

@ -218,7 +218,7 @@ Keypairs.signJwt = function (opts) {
var claims = JSON.parse(JSON.stringify(opts.claims || {}));
header.typ = 'JWT';
if (!header.kid && false !== header.kid) {
if (!header.kid && !header.jwk && false !== header.kid) {
header.kid = thumb;
}
if (!header.alg && opts.alg) {
@ -294,11 +294,15 @@ Keypairs.signJws = function (opts) {
if (!protect.alg) {
protect.alg = alg();
}
// There's a particular request where ACME / Let's Encrypt explicitly doesn't use a kid
if (false === protect.kid) {
protect.kid = undefined;
} else if (!protect.kid) {
protect.kid = thumb;
// There should be a kid unless it's `false` or there's a `jwk` (a self-signed JWS)
if (!protect.kid) {
if (false === protect.kid) {
protect.kid = undefined;
} else if (!protect.jwk) {
protect.kid = thumb;
}
}
protectedHeader = JSON.stringify(protect);
}