From c7470f510762b3ff49dde74a6c780a0cf0ebed8a Mon Sep 17 00:00:00 2001
From: Alexey Shchepin <alexey@process-one.net>
Date: Fri, 25 Oct 2019 16:33:11 +0300
Subject: [PATCH] Handle the case when JWT key file contains JWK set

---
 src/econf.erl            |  2 ++
 src/ejabberd_options.erl | 10 +++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/econf.erl b/src/econf.erl
index fdb807588..994f7e96e 100644
--- a/src/econf.erl
+++ b/src/econf.erl
@@ -162,6 +162,8 @@ format_error({bad_cert, Why, Path}) ->
     format_error({bad_pem, Why, Path});
 format_error({bad_jwt_key, Path}) ->
     format("No valid JWT key found in file: ~ts", [Path]);
+format_error({bad_jwt_key_set, Path}) ->
+    format("JWT key contains JWK set in file: ~ts", [Path]);
 format_error({bad_jid, Bad}) ->
     format("Invalid XMPP address: ~ts", [Bad]);
 format_error({bad_user, Bad}) ->
diff --git a/src/ejabberd_options.erl b/src/ejabberd_options.erl
index eacde998d..4a327b17e 100644
--- a/src/ejabberd_options.erl
+++ b/src/ejabberd_options.erl
@@ -407,7 +407,15 @@ opt_type(jwt_key) ->
                   {ok, Data} ->
 		      try jose_jwk:from_binary(Data) of
 			  {error, _} -> econf:fail({bad_jwt_key, Path});
-			  Ret -> Ret
+			  JWK ->
+                              case jose_jwk:to_map(JWK) of
+                                  {_, #{<<"keys">> := [Key]}} ->
+                                      jose_jwk:from_map(Key);
+                                  {_, #{<<"keys">> := _}} ->
+                                      econf:fail({bad_jwt_key_set, Path});
+                                  _ ->
+                                      JWK
+                              end
 		      catch _:_ ->
 			      econf:fail({bad_jwt_key, Path})
 		      end;