From f981a2ef1700e01c622890503d644c18d8a4378e Mon Sep 17 00:00:00 2001
From: Evgeny Khramtsov <ekhramtsov@process-one.net>
Date: Fri, 25 Oct 2019 18:30:50 +0300
Subject: [PATCH] Improve jwt_key validator

---
 src/econf.erl            | 2 +-
 src/ejabberd_options.erl | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/econf.erl b/src/econf.erl
index 6b21b1113..42bc0f6cf 100644
--- a/src/econf.erl
+++ b/src/econf.erl
@@ -162,7 +162,7 @@ format_error({bad_cert, Why, Path}) ->
 format_error({bad_jwt_key, Path}) ->
     format("No valid JWT key found in file: ~ts", [Path]);
 format_error({bad_jwt_key_set, Path}) ->
-    format("JWT key contains JWK set in file: ~ts", [Path]);
+    format("JWK set contains multiple JWT keys in file: ~ts", [Path]);
 format_error({bad_jid, Bad}) ->
     format("Invalid XMPP address: ~ts", [Bad]);
 format_error({bad_user, Bad}) ->
diff --git a/src/ejabberd_options.erl b/src/ejabberd_options.erl
index 4a327b17e..285e38b3e 100644
--- a/src/ejabberd_options.erl
+++ b/src/ejabberd_options.erl
@@ -411,8 +411,10 @@ opt_type(jwt_key) ->
                               case jose_jwk:to_map(JWK) of
                                   {_, #{<<"keys">> := [Key]}} ->
                                       jose_jwk:from_map(Key);
-                                  {_, #{<<"keys">> := _}} ->
+                                  {_, #{<<"keys">> := [_|_]}} ->
                                       econf:fail({bad_jwt_key_set, Path});
+				  {_, #{<<"keys">> := _}} ->
+				      econf:fail({bad_jwt_key, Path});
                                   _ ->
                                       JWK
                               end