vapid: Handle ECPrivateKey extra element

Author: lanodan

lib/web_push_encryption/vapid.ex

@@ -19,8 +19,14 @@ defmodule WebPushEncryption.Vapid do
       }
       |> JOSE.JWT.from_map()
 
+    otp_version = :erlang.system_info(:otp_release) |> String.Chars.to_string() |> String.to_integer
+
     jwk =
-      {:ECPrivateKey, 1, private_key, {:namedCurve, {1, 2, 840, 10045, 3, 1, 7}}, public_key}
+      if otp_version < 24 do
+        {:ECPrivateKey, 1, private_key, {:namedCurve, {1, 2, 840, 10045, 3, 1, 7}}, public_key}
+      else
+        {:ECPrivateKey, 1, private_key, {:namedCurve, {1, 2, 840, 10045, 3, 1, 7}}, public_key, nil}
+      end
       |> JOSE.JWK.from_key()
 
     {_, jwt} = JOSE.JWS.compact(JOSE.JWT.sign(jwk, %{"alg" => "ES256"}, payload))

test/web_push_encryption/vapid_test.exs

@@ -7,9 +7,16 @@ defmodule WebPushEncryption.VapidTest do
     assert %{"Authorization" => "WebPush " <> jwt, "Crypto-Key" => "p256ecdsa=" <> public_key} =
              Vapid.get_headers("http://localhost/", "aesgcm")
 
+    otp_version = :erlang.system_info(:otp_release) |> String.Chars.to_string() |> String.to_integer
+
     jwk =
-      {:ECPrivateKey, 1, <<>>, {:namedCurve, {1, 2, 840, 10045, 3, 1, 7}},
-       Base.url_decode64!(public_key, padding: false)}
+      if otp_version < 24 do
+        {:ECPrivateKey, 1, <<>>, {:namedCurve, {1, 2, 840, 10045, 3, 1, 7}},
+         Base.url_decode64!(public_key, padding: false)}
+      else
+        {:ECPrivateKey, 1, <<>>, {:namedCurve, {1, 2, 840, 10045, 3, 1, 7}},
+         Base.url_decode64!(public_key, padding: false), nil}
+      end
       |> JOSE.JWK.from_key()
 
     assert {true, _, _} = JOSE.JWT.verify_strict(jwk, ["ES256"], jwt)