diff options
Diffstat (limited to 'lacme-accountd')
| -rwxr-xr-x | lacme-accountd | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lacme-accountd b/lacme-accountd index d8c96b0..a842bce 100755 --- a/lacme-accountd +++ b/lacme-accountd @@ -125,7 +125,7 @@ do { open $LOG, ">>", $1 or die "Can't open $1: $!"; } error("Invalid section(s): ".join(', ', keys %$h)) if %$h; - my %h = map { $_ => delete $h2->{$_} } qw/privkey gpg socket logfile quiet/; + my %h = map { $_ => delete $h2->{$_} } qw/privkey gpg socket logfile keyid quiet/; error("Unknown option(s): ".join(', ', keys %$h2)) if %$h2; $h{quiet} = lc $h{quiet} eq 'yes' ? 1 : 0 if defined $h{quiet}; $OPTS{$_} //= $h{$_} foreach grep {defined $h{$_}} keys %h; @@ -183,6 +183,11 @@ if ($OPTS{privkey} =~ /\A(file|gpg):(\p{Print}+)\z/) { # use of SHA-256 digest in the thumbprint is hardcoded, see RFC 8555 sec. 8.1 $JWK_STR = JSON::->new->utf8->canonical->encode(\%jwk); $extra_greeting{"jwk-thumbprint"} = encode_base64url(sha256($JWK_STR)); + + if ((my $kid = $OPTS{keyid} // "") ne "") { + $extra_greeting{kid} = $kid; + $JWK_STR = "{}"; + } $EXTRA_GREETING_STR = JSON::->new->encode(\%extra_greeting); } else { |