Fix bug with certain PEM keys

OADA · Apr 2, 2022 · ad5ac9c · ad5ac9c
1 parent b4c24fc
commit ad5ac9c
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/package.json b/package.json
@@ -4,7 +4,7 @@
     "certs": "./dist/cli.mjs",
     "oada-certs": "./dist/cli.mjs"
   },
-  "version": "4.1.0",
+  "version": "4.1.1",
   "description": "Generate and verify JWT signatures (OAuth dynamic client registration certificates and Trellis document integrity signatures)  in the Open Ag Data Alliance (OADA) and Trellis ecosystems",
   "main": "dist/index.js",
   "files": [

diff --git a/src/jwks-utils.ts b/src/jwks-utils.ts
@@ -32,7 +32,7 @@ const warn = debug('oada-certs:jwks-utils:warn');
 /**
  * @todo Better discriminated union of JWK types?
  */
-export type JWK = BaseJWK | JWKpem | JWKrsa;
+export type JWK = JWKpem | JWKrsa;
 export interface BaseJWK extends Partial<jose_JWK.RawKey> {
   /**
    * Must have "kty" to be a JWK

diff --git a/src/sign.ts b/src/sign.ts
@@ -56,6 +56,8 @@ export async function sign(
   // AsKey needs the key to be just the pem string if it's a pem
   let privatejwk = await (typeof key === 'string'
     ? jose_JWK.asKey(key, 'pem')
+    : key.kty === 'PEM'
+    ? jose_JWK.asKey(key.pem, 'pem')
     : jose_JWK.asKey(key));
   // If (key.kid) privatejwk.kid = key.kid; // maintain kid from original if passed
   // options.header.kid can override the one in the private key: