Handle the case when JWT key file contains JWK set

diff --git a/src/econf.erl b/src/econf.erl
index fdb80758823ef3cc2aa41eeda0783f16fd02c803..994f7e96eb0272c5596e43e717d8a284b5059bf9 100644 (file)
--- a/src/econf.erl
+++ b/src/econf.erl
@@ -162,6 +162,8 @@ format_error({bad_cert, Why, Path}) ->
     format_error({bad_pem, Why, Path});
 format_error({bad_jwt_key, Path}) ->
     format("No valid JWT key found in file: ~ts", [Path]);
+format_error({bad_jwt_key_set, Path}) ->
+    format("JWT key contains JWK set in file: ~ts", [Path]);
 format_error({bad_jid, Bad}) ->
     format("Invalid XMPP address: ~ts", [Bad]);
 format_error({bad_user, Bad}) ->

diff --git a/src/ejabberd_options.erl b/src/ejabberd_options.erl
index eacde998d05af4f8a67ba3ba87d21aa81cdf8d91..4a327b17e033a996ac34c083d7fefe9f18b177cc 100644 (file)
--- a/src/ejabberd_options.erl
+++ b/src/ejabberd_options.erl
@@ -407,7 +407,15 @@ opt_type(jwt_key) ->
                   {ok, Data} ->
                      try jose_jwk:from_binary(Data) of
                          {error, _} -> econf:fail({bad_jwt_key, Path});
-                         Ret -> Ret
+                         JWK ->
+                              case jose_jwk:to_map(JWK) of
+                                  {_, #{<<"keys">> := [Key]}} ->
+                                      jose_jwk:from_map(Key);
+                                  {_, #{<<"keys">> := _}} ->
+                                      econf:fail({bad_jwt_key_set, Path});
+                                  _ ->
+                                      JWK
+                              end
                      catch _:_ ->
                              econf:fail({bad_jwt_key, Path})
                      end;