From caec1d1bac6d852217ab43af345344b7473f7a88 Mon Sep 17 00:00:00 2001
From: Yang Luo <hsluoyz@qq.com>
Date: Wed, 12 Jul 2023 22:39:39 +0800
Subject: [PATCH] Only consider x509 certs in /.well-known/jwks API

---
 object/oidc_discovery.go | 4 ++++
 web/src/CertEditPage.js  | 1 +
 web/src/CertListPage.js  | 1 +
 3 files changed, 6 insertions(+)

diff --git a/object/oidc_discovery.go b/object/oidc_discovery.go
index 5dae9d43..3d10e293 100644
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@@ -123,6 +123,10 @@ func GetJsonWebKeySet() (jose.JSONWebKeySet, error) {
 	// link here: https://self-issued.info/docs/draft-ietf-jose-json-web-key.html
 	// or https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key
 	for _, cert := range certs {
+		if cert.Type != "x509" {
+			continue
+		}
+
 		certPemBlock := []byte(cert.Certificate)
 		certDerBlock, _ := pem.Decode(certPemBlock)
 		x509Cert, _ := x509.ParseCertificate(certDerBlock.Bytes)
diff --git a/web/src/CertEditPage.js b/web/src/CertEditPage.js
index 15f51755..f81d87b1 100644
--- a/web/src/CertEditPage.js
+++ b/web/src/CertEditPage.js
@@ -158,6 +158,7 @@ class CertEditPage extends React.Component {
               {
                 [
                   {id: "x509", name: "x509"},
+                  {id: "Payment", name: "Payment"},
                 ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
               }
             </Select>
diff --git a/web/src/CertListPage.js b/web/src/CertListPage.js
index cb6e04d2..dc202da8 100644
--- a/web/src/CertListPage.js
+++ b/web/src/CertListPage.js
@@ -151,6 +151,7 @@ class CertListPage extends BaseListPage {
         filterMultiple: false,
         filters: [
           {text: "x509", value: "x509"},
+          {text: "Payment", value: "Payment"},
         ],
         width: "110px",
         sorter: true,