Fix JWK payload key equality check

This commit is contained in:
Herman Slatman 2021-07-17 20:29:12 +02:00
parent 2eb69636ea
commit 2110c7722f
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F

View file

@ -1,7 +1,6 @@
package api
import (
"bytes"
"context"
"encoding/json"
"net/http"
@ -281,14 +280,27 @@ func (h *Handler) validateExternalAccountBinding(ctx context.Context, nar *NewAc
return nil, err
}
jwkJSONBytes, err := jwk.MarshalJSON()
var payloadJWK *squarejose.JSONWebKey
err = json.Unmarshal(payload, &payloadJWK)
if err != nil {
return nil, acme.WrapErrorISE(err, "error marshaling jwk")
return nil, acme.WrapError(acme.ErrorMalformedType, err, "error unmarshaling payload into jwk")
}
if bytes.Equal(payload, jwkJSONBytes) {
if !keysAreEqual(jwk, payloadJWK) {
return nil, acme.NewError(acme.ErrorMalformedType, "keys in jws and eab payload do not match") // TODO: decide ACME error type to use
}
return externalAccountKey, nil
}
func keysAreEqual(x, y *squarejose.JSONWebKey) bool {
if x == nil || y == nil {
return false
}
digestX, errX := acme.KeyToID(x)
digestY, errY := acme.KeyToID(y)
if errX != nil || errY != nil {
return false
}
return digestX == digestY
}