From ee3765e5430ebf15d8b0c86cf5d52ef77010b374 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Richard=20K=C3=B6rber?= <github@shredzone.org>
Date: Thu, 27 Apr 2017 22:38:54 +0200
Subject: [PATCH] Pebble does not support kid header yet

---
 .../org/shredzone/acme4j/connector/DefaultConnection.java    | 5 ++++-
 .../shredzone/acme4j/connector/DefaultConnectionTest.java    | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java b/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java
index aa6c2985..35e50637 100644
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java
@@ -182,7 +182,10 @@ public class DefaultConnection implements Connection {
             jws.getHeaders().setObjectHeaderValue("nonce", Base64Url.encode(session.getNonce()));
             jws.getHeaders().setObjectHeaderValue("url", url);
             if (session.getKeyIdentifier() != null) {
-                jws.getHeaders().setObjectHeaderValue("kid", session.getKeyIdentifier());
+                // TODO PEBBLE: cannot process "kid" yet, send "jwk" instead
+                // https://github.com/letsencrypt/pebble/issues/23
+                // jws.getHeaders().setObjectHeaderValue("kid", session.getKeyIdentifier());
+                jws.getHeaders().setJwkHeaderValue("jwk", jwk);
             } else {
                 jws.getHeaders().setJwkHeaderValue("jwk", jwk);
             }
diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java b/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java
index 4e2bcf71..8dbe484c 100644
--- a/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java
+++ b/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java
@@ -615,7 +615,8 @@ public class DefaultConnectionTest {
         expectedHeader.append("\"kid\":\"").append(keyIdentifier).append('"');
         expectedHeader.append('}');
 
-        assertThat(header, sameJSONAs(expectedHeader.toString()));
+        // TODO PEBBLE: cannot process "kid" yet, send "jwk" instead
+        // assertThat(header, sameJSONAs(expectedHeader.toString()));
         assertThat(claims, sameJSONAs("{\"foo\":123,\"bar\":\"a-string\"}"));
         assertThat(signature, not(isEmptyOrNullString()));